{"id":23746352,"url":"https://github.com/spruceid/siwe-oidc","last_synced_at":"2025-07-21T04:06:34.677Z","repository":{"id":38311650,"uuid":"433144539","full_name":"spruceid/siwe-oidc","owner":"spruceid","description":"OpenID Connect Identity Provider for Sign-In with Ethereum.","archived":false,"fork":false,"pushed_at":"2024-11-19T05:23:46.000Z","size":4614,"stargazers_count":85,"open_issues_count":18,"forks_count":34,"subscribers_count":20,"default_branch":"main","last_synced_at":"2025-05-18T16:05:40.402Z","etag":null,"topics":["idp","oidc","siwe"],"latest_commit_sha":null,"homepage":"https://oidc.login.xyz","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/spruceid.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE-APACHE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-11-29T17:55:59.000Z","updated_at":"2025-04-26T15:41:51.000Z","dependencies_parsed_at":"2023-10-03T15:23:06.013Z","dependency_job_id":"7819fff8-2d54-4282-bd9b-3cc610279fdd","html_url":"https://github.com/spruceid/siwe-oidc","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/spruceid/siwe-oidc","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spruceid%2Fsiwe-oidc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spruceid%2Fsiwe-oidc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spruceid%2Fsiwe-oidc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spruceid%2Fsiwe-oidc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/spruceid","download_url":"https://codeload.github.com/spruceid/siwe-oidc/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spruceid%2Fsiwe-oidc/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266236689,"owners_count":23897229,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["idp","oidc","siwe"],"created_at":"2024-12-31T13:35:24.993Z","updated_at":"2025-07-21T04:06:34.657Z","avatar_url":"https://github.com/spruceid.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# OpenID Connect Identity Provider for Sign-In with Ethereum\n\n## Getting Started\n\nTwo versions are available, a stand-alone binary (using Axum and Redis) and a\nCloudflare Worker. They use the same code base and are selected at compile time\n(compiling for `wasm32` will make the Worker version).\n\n\u003e The front-end depends on WalletConnect, meaning you will need to create a\n\u003e project with them and have the environment variable `PROJECT_ID` set when you\n\u003e build the front-end.\n\n### Cloudflare Worker\n\nYou will need [`wrangler`](https://github.com/cloudflare/wrangler).\n\nFirst, copy the configuration file template:\n```bash\ncp wrangler_example.toml wrangler.toml\n```\n\nThen replace the following fields:\n- `account_id`: your Cloudflare account ID;\n- `zone_id`: (Optional) DNS zone ID;\n- `kv_namespaces`: a KV namespace ID (created with `wrangler kv:namespace create SIWE_OIDC`); and\n- the environment variables under `vars`.\n\nYou will also need to add a secret RSA key in PEM format:\n```\nwrangler secret put RSA_PEM\n```\n\nAt this point, you should be able to create/publish the worker:\n```\nwrangler publish\n```\n\nThe IdP currently only supports having the **frontend under the same subdomain as\nthe API**. Here is the configuration for Cloudflare Pages:\n- `Build command`: `cd js/ui \u0026\u0026 npm install \u0026\u0026 npm run build`;\n- `Build output directory`: `/static`; and\n- `Root directory`: `/`.\nAnd you will need to add some rules to do the routing between the Page and the\nWorker. Here are the rules for the Worker (the Page being used as the fallback\non the subdomain):\n```\nsiweoidc.example.com/s*\nsiweoidc.example.com/u*\nsiweoidc.example.com/r*\nsiweoidc.example.com/a*\nsiweoidc.example.com/t*\nsiweoidc.example.com/j*\nsiweoidc.example.com/c*\nsiweoidc.example.com/.w*\n```\n\n### Stand-Alone Binary\n\n\u003e **WARNING - ** Due to the reliance on WalletConnect, and the project ID being\n\u003e loaded at compile-time, the current version of the Docker image won't have a\n\u003e working web app.\n\n#### Dependencies\n\nRedis, or a Redis compatible database (e.g. MemoryDB in AWS), is required.\n\n#### Starting the IdP\n\nThe Docker image is available at `ghcr.io/spruceid/siwe_oidc:0.1.0`. Here is an\nexample usage:\n```bash\ndocker run -p 8000:8000 -e SIWEOIDC_REDIS_URL=\"redis://redis\" ghcr.io/spruceid/siwe_oidc:latest\n```\n\nIt can be configured either with the `siwe-oidc.toml` configuration file, or\nthrough environment variables:\n* `SIWEOIDC_ADDRESS` is the IP address to bind to.\n* `SIWEOIDC_REDIS_URL` is the URL to the Redis instance.\n* `SIWEOIDC_BASE_URL` is the URL you want to advertise in the OIDC configuration\n  (e.g. `https://oidc.example.com`).\n* `SIWEOIDC_RSA_PEM` is the signing key, in PEM format. One will be generated if\n  none is provided.\n\n### OIDC Functionalities\n\nThe current flow is very basic -- after the user is authenticated you will\nreceive:\n- an Ethereum address as the subject (`sub` field); and\n- an ENS domain as the `preferred_username` (with a fallback to the address).\n\nFor the core OIDC information, it is available under\n`/.well-known/openid-configuration`.\n\nOIDC Conformance Suite:\n- 🟨 (25/29, and 10 skipped) [basic](https://www.certification.openid.net/plan-detail.html?plan=gXe7Ju1O1afZa\u0026public=true) (`email` scope skipped,  `profile` scope partially supported, ACR, `prompt=none` and request URIs yet to be supported);\n- 🟩 [config](https://www.certification.openid.net/plan-detail.html?plan=SAmBjvtyfTDVn\u0026public=true);\n- 🟧 [dynamic code](https://www.certification.openid.net/plan-detail.html?plan=7rexGcCd4SWJa\u0026public=true).\n\n### TODO Items\n\n* Additional information, from native projects (e.g. ENS domains profile\n  pictures), to more traditional ones (e.g. email).\n\n## Development\n\n### Cloudflare Worker\n\n```bash\nwrangler dev\n```\nYou can now use http://127.0.0.1:8787/.well-known/openid-configuration.\n\n\u003e At the moment it's not possible to use it end-to-end with the frontend as they\n\u003e need to share the same host (i.e. port), unless using a local load-balancer.\n\n### Stand Alone Binary\n\nA Docker Compose is available to test the IdP locally with Keycloak.\n\n1. You will first need to run:\n```bash\ndocker-compose -f test/docker-compose.yml up -d\n```\n\n2. And then edit your `/etc/hosts` to have `siwe-oidc` point to `127.0.0.1`.\n   This is so both your browser, and Keycloak, can access the IdP.\n\n3. In Keycloak, you will need to create a new IdP. You can use\n   `http://siwe-oidc:8000/.well-known/openid-configuration` to fill the settings\n   automatically. As for the client ID/secret, you can use `sdf`/`sdf`.\n\n## Disclaimer\n\nOur identity provider for Sign-In with Ethereum has not yet undergone a formal\nsecurity audit. We welcome continued feedback on the usability, architecture,\nand security of this implementation.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fspruceid%2Fsiwe-oidc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fspruceid%2Fsiwe-oidc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fspruceid%2Fsiwe-oidc/lists"}