Implementing SIWE with Unlock Protocol

Handling for users who do not have their own crypto wallet installed through the Unlock Protocol accounts we can provide an easy way to let all users authenticate against our application.

Sign-in With Ethereum

Unlock Accounts Flow

  1. The user authenticates with an email and a password. These accounts also come with their own Ethereum wallets, but users don't have to know about them
  2. When the account is created, the front-end application generates a new unique private key for them
  3. Encrypted private key is then sent by email to the user has a mechanism to recover their private key should they have forgotten their password
  4. User wants to sign in and is prompted for their email and passwords
  5. Forgot password - user can easily use the recovery link that was sent to them by email upon sign-up

<aside> 💡 These accounts, and the associated wallets should only be considered as "identities" and not as ways to hold currencies.

</aside>

<aside> 💡 If a user's email inbox gets compromised, they should consider their Unlock to be potentially compromised and immediately change their password.

</aside>

SIWE

Sign-in with Ethereum Integration with Auth0

SIWE let us (Unlock protocol) token gate certain parts of our dApp, meaning we can make use of Account Levels based on the tokens balance held by the user.