As we move towards a decentralized Streamr platform, featuring a close symbiotic relationship with the Ethereum blockchain, we needed to provide a way to sign up and login with an Ethereum address. This approach has several advantages over the traditional username/password-based login. First, it does not require users to remember or type anything, but most importantly, it removes the need to trust the backend with a shared secret.

Effectively, every Ethereum address is also now a Streamr account!

So how can you sign in with Ethereum?

The feature is already supported by the API and implemented in the JavaScript client library. On the Streamr web UI, support for Ethereum login will be included in the upcoming frontend rewrite/redesign which is due for release in late-March early April.

Assuming you have Metamask or another Web3 wallet installed, when you click the “Sign in with Ethereum” link in the upper left corner, a request to sign a randomly generated challenge will pop up.

Signing in using Metamask

Once you click ‘SIGN’, you’re logged in! Two clicks. No need to type anything on your keyboard, remember a password or provide any personal information like an email address.

What about sign up?

There is absolutely no difference. During the login protocol, if the provided Ethereum address does not exist on the backend database, it is registered there. Once you have an Ethereum-linked Streamr account, whether you’re a new or old Streamr user, the login procedure remains the same.

Note that if you want to bind an Ethereum address to your existing Streamr account instead of creating a new one, you can do so on the user profile page. Afterwards you can use the Ethereum login for that account.

Authenticating to the API with Ethereum

Authenticating to the API is easiest with one of the provided client libraries. The examples below use the JavaScript library, which is the first to receive support for this new feature.

Instead of the usual API key, you can pass an Ethereum private key to the StreamrClient constructor. Under the hood, the client library will automatically authenticate by signing a similar challenge as described above for the interactive UI login. Note that your private key never leaves the computer you run your script on.

const client = new StreamrClient({

auth: {

privateKey: 'YOUR-PRIVATE-KEY',

}

})

For interactive applications in the browser, you can pass a Web3 provider to authenticate with private keys held inside a Web3 wallet. In this case, the user will be prompted with a signature request exactly as if you were logging into the Streamr web UI.

const client = new StreamrClient({

auth: {

provider: web3.currentProvider,

}

})

Next, we’ll dive into the details of what actually happens during the authentication procedure.

A challenge-response protocol to prove Ethereum account ownership

In the following, every communication between the the user and the backend server is secured with TLS. The goal is to authenticate users with their Ethereum private keys without asking them to reveal that private key. To that end, the user sends his/her public Ethereum address to the backend. A random text called a challenge is generated and sent back to the user. The user signs the challenge with his/her private key to produce a signature which constitutes the “response” to the challenge. The backend receives and verifies the signature with the provided public Ethereum address, thus obtaining proof that the user owns the corresponding private key.