-
Notifications
You must be signed in to change notification settings - Fork 143
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implementation not according to spec #30
Comments
Thank you for the issue, we should review the regex for any discrepancies. It does seem that requiring the I would also like to note that the in-production implementations use the ABNF grammar from the spec directly implemented here, so this shouldn't affect any applications relying on this library to create/validate SIWE messages for anyone following this issue. The regex is provided as an alternative for implementation that can be leveraged when no ABNF parsers are available or for performance. |
Also, this implementation does not allow for the schema to be present with the domain:
localhost:3000 wants you to sign in with your Ethereum account: ... ✅ According to the spec, that should be parsed but it fails. |
This should have been fixed with #195 which was released as part of |
I found a couple of things about the spec to be a bit ambiguous fellowship post, and checked out how this reference implementation handles it. Turns out, not according to spec.
Statement regex, https://github.com/spruceid/siwe/blob/main/lib/regex.ts#L4:
As opposed to
Resources
as opposed to
So siwe does not allow empty-but-present statement, nor empty-but-present resources. Which I think is fine, but it's not according to spec.
I hope that rather than fixing this issue by making it adhere to the spec, we can update the spec, to change
into
and
into
The text was updated successfully, but these errors were encountered: