Today, we’re excited to launch a new feature that lets apps securely authenticate their users with just a Solana address.
The current state of authentication is broken
If you connect your wallet to any major app today, chances are you’ll be met with a popup that looks something like this:
These kinds of signature requests can be jarring—they often pop up unexpectedly right after you connect your wallet. To make matters worse, it isn’t always clear what they’re asking you to sign. For new users, these requests can be scary. For returning users, they’re trained to sign messages that they don’t fully understand.
Why are these sign message requests even needed? The reason is authentication. When you connect your wallet to an app today, most wallets simply share your address without verifying that you control the corresponding private key. For consumer-grade applications like Magic Eden, Tensor, and Drip though, this isn’t enough. In order for these apps to build personalized features like user profiles, private messaging, and loyalty programs, they need to verify that their users are who they say they are.
By asking you to sign a message, apps can prove that you control the private key for the address you’re connecting with. But there’s a problem: there’s no standard way to go about asking for these signatures. Each app has to come up with its own authentication flow, which can result in opaque signature requests. This fragmentation, along with the added friction of triggering a second popup, results in a poor user experience.
Enter Sign In With Solana
Today, we’re launching a new feature that lets apps authenticate their users with just a Solana address. Sign In With Solana (SIWS) is a fast, easy, and secure solution to the problem of authenticating users with self-custody wallets. As part of our launch, we’re unveiling:
- A new one-click
- Support for the Wallet Standard’s SIWS feature
As of Phantom
23.11, Solana developers can make use of the new
signIn method on all extension platforms, with mobile support coming soon. This new method prompts users to connect and sign a standardized authentication message in a single click, greatly improving the experience for both users and developers.
For developers, this new
signIn method can be viewed as a drop-in replacement for the two-step
signMessage authentication flow. If a user is already connected to their app, developers can also use
signIn as a more streamlined alternative to
signIn shifts the responsibility of message construction from apps to the wallet, providing developers with a consistent API for creating standardized authentication messages. If specified, Phantom can scrutinize message data such as a site’s
domain or the time at which the message was
issuedAt to ensure its legitimacy or raise red flags for suspicious activity.
Support for the Solana Wallet Standard
As part of our launch, we worked with Solana Labs to create an open standard for the Solana ecosystem. We’re proud to announce that our
signIn method comes with full support for the Solana Wallet Standard’s SIWS feature. Inspired by EIP-4361, this feature is custom-tailored to Solana and can be integrated by other wallets in the ecosystem.
As a first-class feature of the Wallet Standard, SIWS also comes with full support in the Solana Wallet Adapter. Developers who rely on the Wallet Adapter can integrate
signIn natively, without worrying about losing wallet compatibility.
Integrate Sign In With Solana Today
Many thanks to Jordan Sexton for his review and feedback!