@1001-digital/adonis-siwe

Lazy Sign-In with Ethereum sessions for AdonisJS.

The package handles SIWE message creation, nonce storage, signature verification, and a short-lived wallet session stored in the Adonis session. EIP-4361 parsing and verification are delegated to @signinwithethereum/siwe. It deliberately does not create users or issue app tokens. Applications can use hooks when they want to link wallets to users or return custom data after verification.

Install

Requires Node.js 24 or newer, matching AdonisJS 7.

npm install @1001-digital/adonis-siwe
node ace configure @1001-digital/adonis-siwe

The configure hook creates config/siwe.ts, registers the provider, and adds basic environment variables.

Routes

By default the provider registers:

POST /auth/siwe/message
POST /auth/siwe/verify
GET  /auth/siwe/session
POST /auth/siwe/logout

The package expects @adonisjs/session middleware to be enabled.

Lazy auth

Do not call SIWE during normal wallet connect. Call it only when a user starts an action that needs server-trusted wallet ownership.

const { message } = await api.post('/auth/siwe/message', {
  address,
  chainId: 1,
})

const signature = await signMessage({ message })
await api.post('/auth/siwe/verify', { message, signature })

After verification, protected controllers can read the wallet session through the service:

import siwe from '@1001-digital/adonis-siwe/services/main'

const wallet = await siwe.requireSession(ctx)

Config

import env from '#start/env'
import { defineConfig } from '@1001-digital/adonis-siwe'

export default defineConfig({
  routes: {
    enabled: true,
    prefix: '/auth/siwe',
  },
  message: {
    domain: env.get('SIWE_DOMAIN'),
    uri: env.get('SIWE_URI'),
    statement: 'Sign in to EVM.NOW',
    chainId: 1,
  },
  verification: {
    allowedChainIds: [1],
    rpcUrls: {
      1: env.get('SIWE_RPC_URL'),
    },
  },
})

When an RPC URL is configured and contract wallets are enabled, verification uses @signinwithethereum/siwe's createConfig(rpcUrl) path, which supports EOA, ERC-1271 smart contract wallets, and EIP-6492 pre-deployed wallets through viem or ethers. Without an RPC URL, the package uses the same SIWE verifier with a local viem adapter for EOA signatures.

Hooks

export default defineConfig({
  hooks: {
    async onVerified(ctx, wallet) {
      // Link wallet to a user, issue an app token, refresh profile data, etc.
      return { linked: true }
    },
    async serializeSession(ctx, wallet) {
      return {
        address: wallet.address,
        chainId: wallet.chainId,
        authenticatedAt: wallet.authenticatedAt,
        expiresAt: wallet.expiresAt,
      }
    },
  },
})

onVerified data is returned from POST /auth/siwe/verify as data.