siwe_login

SIWE Login enables Ethereum wallet-based authentication for Drupal using the Sign-In with Ethereum (EIP-4361) standard. Instead of usernames and passwords, users authenticate by signing a cryptographic message with their Web3 wallet
(MetaMask, WalletConnect, etc.). This provides a seamless, passwordless login experience for Web3 users while maintaining Drupal's robust user management system.

Features

• EIP-4361 Compliant: Full implementation of the Sign-In with Ethereum standard
• Multiple Wallet Support: Works with MetaMask, WalletConnect, and other Web3 wallets
• Replay Attack Prevention: Nonce-based security with configurable TTL
• Domain Validation: Prevents cross-domain authentication attacks
• Optional Email Verification: Require email verification for new users
• Optional Username Creation: Custom username flow for users without ENS names
• ENS Name Support: Validate and display Ethereum Name Service names
• Extensible Hook System: hook_siwe_login_response_alter() for other modules to customize authentication responses
• Login Block: Provides a configurable block for placing SIWE login anywhere on your site
• User Field Management: Automatically creates and manages field_ethereum_address and field_ens_name on user accounts

Use Cases:

• Web3 dApps requiring Drupal backend authentication
• DAO membership portals
• NFT-gated content sites
• Decentralized identity integration
• Sites wanting passwordless wallet-based login

Post-Installation

1. Navigate to Configuration → People → SIWE Login (/admin/config/people/siwe)
2. Configure the Expected Domain to match your site's domain (auto-detected during install)
3. Optionally enable:
   • Require Email Verification for new users
   • Require ENS or Username to force username creation
   • Ethereum Provider URL for ENS validation (Alchemy/Infura endpoint)
4. Place the SIWE Login Block in your theme's regions via Structure → Block layout
5. Users can now authenticate by connecting their wallet and signing the SIWE message

The module creates API endpoints at /siwe/nonce and /siwe/verify that handle the authentication flow.

Additional Requirements

PHP Requirements:

• PHP 8.1 or higher
• GMP extension (php-gmp) - Required for cryptographic operations

Composer Dependencies (installed automatically):

• kornrunner/keccak - Keccak-256 hashing for Ethereum address derivation
• simplito/elliptic-php - secp256k1 elliptic curve for signature verification
• web3p/web3.php - Ethereum RPC communication for ENS resolution

Frontend Requirements:

• ethers.js v6+ (for wallet interaction)
• A Web3 wallet browser extension (MetaMask, etc.)

For DDEV users, add to .ddev/config.yaml:

  webimage_extra_packages: [php8.3-gmp]
  

Recommended modules/libraries

• Safe Smart Accounts: Integrates with SIWE Login to provide multi-signature wallet management for authenticated users
• An Ethereum RPC provider account (Alchemy, Infura, or similar) if you want to enable ENS name validation

Similar projects

• web3_auth: Another Web3 authentication module - SIWE Login differentiates by strictly following the EIP-4361 standard, providing optional email verification flows, ENS validation, and a hook system for
  extensibility.

Supporting this Module

This module is actively maintained. If you find it useful, consider:

• Contributing code or documentation via the issue queue
• Sponsoring development through GitHub Sponsors

Community Documentation

• Sign-In with Ethereum Specification (EIP-4361)
• SIWE Documentation