ENS and IndieAuth

[fretchen]

SIWE + IndieAuth Bridge: Implementation Roadmap

Overview

Build a bridge that allows Sign-In With Ethereum (SIWE) to work as an authentication provider within the IndieAuth ecosystem, enabling Web3 users to authenticate with IndieWeb services using their Ethereum wallets and ENS names.

Goals

• Make SIWE an optional authentication method alongside existing IndieAuth providers (GitHub, email, etc.)
• Support ENS names as valid identifiers within rel-me verification
• Maintain compatibility with existing IndieAuth specifications
• Keep the barrier to entry low (non-crypto users aren't affected)

Architecture Components

1. SIWE IndieAuth Provider Service

A standalone service that acts as an IndieAuth authorization endpoint supporting SIWE.

Responsibilities:

• Accept IndieAuth authorization requests
• Present SIWE challenge to users
• Verify Ethereum signatures
• Issue authorization codes
• Provide token endpoint for access tokens

2. ENS Profile Resolution

Handle ENS names as profile identifiers.

Responsibilities:

• Resolve ENS names to Ethereum addresses
• Fetch ENS text records (avatar, description, url, etc.)
• Verify ownership via signature
• Map ENS profiles to rel-me links

3. rel-me Verification Extension

Extend rel-me verification to support Ethereum addresses and ENS names.

Responsibilities:

• Recognize Ethereum addresses and ENS names in rel="me" links
• Verify bidirectional links between websites and ENS profiles
• Support format: ethereum:0x... or https://app.ens.domains/name/yourname.eth

Implementation Phases

Phase 1: Research & Specification (2-3 weeks)

• Review IndieAuth specification (https://indieauth.spec.indieweb.org/)
• Review SIWE specification (EIP-4361)
• Document authentication flow combining both protocols
• Define how ENS names map to IndieAuth "me" URLs
• Specify rel-me verification rules for Ethereum addresses
• Design security model and threat analysis
• Get feedback from IndieWeb and Web3 communities

Phase 2: Core SIWE Provider (4-6 weeks)

• Set up basic web service (Node.js/Python recommended)
• Implement SIWE message generation and verification
  • Use siwe library for message handling
  • Generate nonce and validate signatures
• Build IndieAuth authorization endpoint (/auth)
  • Accept client_id, redirect_uri, state, code_challenge
  • Present SIWE challenge UI with wallet connection
  • Handle wallet signature verification
• Build IndieAuth token endpoint (/token)
  • Exchange authorization codes for access tokens
  • Support PKCE for security
• Implement basic session management
• Add CORS and security headers

Phase 3: ENS Integration (3-4 weeks)

• Implement ENS name resolution
  • Use ethers.js or viem for blockchain interaction
  • Support mainnet initially, consider L2s later
• Fetch ENS profile data
  • Read text records: avatar, description, url, twitter, github
  • Cache results appropriately
• Build ENS profile page endpoint (/profile/yourname.eth)
  • Display ENS profile information
  • Show verification status
  • Include rel="me" links to connected profiles
• Implement reverse resolution (address → ENS name)

Phase 4: rel-me Verification (3-4 weeks)

• Create verification service
  • Check for ethereum:0x... or ENS links with rel="me"
  • Verify ENS text records point back to website
  • Support format: set url text record to website
• Build verification UI
  • Show bidirectional link status
  • Provide setup instructions for users
  • Display verification badge/indicator
• Implement verification caching
  • Cache verification results
  • Re-verify periodically
  • Handle expiration and updates

Phase 5: User Experience (2-3 weeks)

• Build clean authentication UI
  • Wallet connection flow (WalletConnect, MetaMask, etc.)
  • Clear messaging about what's being signed
  • Error handling and user feedback
• Create documentation site
  • How to set up ENS for IndieAuth
  • How to add rel="me" verification
  • Integration guide for app developers
• Add example implementations
  • Sample client application
  • Sample static site setup
  • Code snippets and templates

Phase 6: Integration & Testing (3-4 weeks)

• Test with existing IndieAuth clients
  • Verify compatibility with indielogin.com
  • Test with webmention.io
  • Test with Micropub clients
• Security audit
  • Review SIWE implementation
  • Test for replay attacks
  • Verify PKCE implementation
  • Check session security
• Load testing and optimization
• Cross-browser/wallet testing
• Mobile wallet support verification

Phase 7: Community & Adoption (Ongoing)

• Submit proposal to IndieWeb community
  • Present at IndieWeb events/meetups
  • Get feedback on wiki
  • Iterate based on feedback
• Write blog posts and tutorials
• Create video walkthroughs
• Engage with Web3 community
  • Present at Ethereum events
  • Discuss in ENS community
• Monitor adoption and iterate

Technical Stack Recommendations

Backend Service

• Language: Node.js (TypeScript) or Python
• Framework: Express.js, Fastify, or Flask
• SIWE: siwe npm package or siwe Python package
• Ethereum: ethers.js v6 or viem (Node.js), web3.py (Python)
• Storage: Redis for sessions, PostgreSQL for persistence

Frontend

• Framework: React or Vue.js (for auth UI)
• Wallet: WalletConnect v2, wagmi, or ConnectKit
• Styling: Tailwind CSS for clean, responsive design

Infrastructure

• Hosting: Vercel, Railway, or DigitalOcean
• RPC Provider: Alchemy, Infura, or public endpoints
• Domain: Own domain for the service (e.g., siwe.indieauth.com)

Key Technical Challenges

1. Mapping ENS to "me" URLs: IndieAuth expects a canonical URL. ENS names need to be represented consistently.

   • Option A: Use ENS app URLs (https://app.ens.domains/name/yourname.eth)
   • Option B: Use a custom scheme (ens://yourname.eth)
   • Option C: Use the ENS-linked website as canonical identity

2. Bidirectional verification: ENS text records vs traditional rel-me links

   • Propose standard: website has <link rel="me" href="ethereum:0x..." /> or ENS link
   • ENS has text record url pointing to website

3. Session management: SIWE signatures expire, need refresh mechanism

   • Implement refresh tokens
   • Re-prompt for signature when needed

4. Multi-chain support: Should it support L2s and other EVM chains?

   • Start with Ethereum mainnet
   • Add L2s based on demand

Success Metrics

• Service successfully authenticates users via SIWE
• Compatible with at least 2 existing IndieAuth clients
• Positive feedback from both IndieWeb and Web3 communities
• At least 10 users with verified ENS + website rel-me links
• Documentation complete and accessible
• Open source and accepting contributions

Open Questions for Community Feedback

1. Should ENS names be primary identifiers, or should the linked website be canonical?
2. How to handle users with multiple ENS names?
3. Should we support .eth subdomains differently?
4. What about other Web3 identity systems (Lens, Farcaster)?
5. How to handle chain transitions or ENS transfers?
6. Should this be a hosted service or a library for self-hosting?

Resources & References

• IndieAuth Spec: https://indieauth.spec.indieweb.org/
• SIWE Spec (EIP-4361): https://eips.ethereum.org/EIPS/eip-4361
• RelMeAuth: https://microformats.org/wiki/RelMeAuth
• ENS Documentation: https://docs.ens.domains/
• SIWE Library: https://docs.login.xyz/

Contributing

This is a community-driven effort. Contributions welcome in:

• Protocol design and specification
• Implementation (backend, frontend, libraries)
• Documentation and tutorials
• Testing and security review
• Community outreach and adoption

---

Estimated Total Timeline: 4-6 months for MVP
Recommended Team Size: 2-3 developers + community feedback