Sign-in with Flow (SIWF)

This documentation section will dive deep into implementing the Sign-in with Flow(SIWF). For more details about the concept Sign in With X (SIWx), CAIP-122.

Sign-In with Flow Blockchain describes how flow accounts authenticate with off-chain services by signing a message parameterized by scope, nonce, etc. It is an alternative to centralized identity providers. It is based on the self-custody of your identity. It leverages the on-chain authentication model to off-chain services.

The reason behind implementing the concept Sign-In with Flow is that it is a critical step in the Login with NFTs concept. Before granting access to some services based on the ownership of some NFTs, we need to check two main aspects:

• You own an account via Sign with Flow.

• Verify that the account has an NFT in a specified collection.

An account in Flow is linked to the ownership of a private key which is then mapped to his public key. The hash of the public key outputs an address.

The IDP Kit implements SIWF based on seven main steps:

1. Nonce generation.

2. Redirection to the IDK Kit wallet user interface.

3. Connect to your flow wallet.

4. A popup appears for signing the message. It is based on multiple factors like the nonce generated by the IDP Kit, account address, etc.

5. Click the “Sign” button.

6. Redirection to the IDK Kit verification service.

7. The IDP Kit verifies the message signature based on the account address.

The message will be in the form of:

{domain} wants you to sign in with your Flow account: {address}. Public Key: {publicKey}.Date: {ISO8601formatedTimestamp}. {description} URI: {origin}. Version: {versionNumber}. Nonce: {nonce}

• domain: is the RFC 3986 authority that is requesting the signing.

• Permissions.address: account address.

• Public Key : account public key.

• Date: is the ISO 8601 datetime string of the current time.

• Nonce: security parameter generated by the IDP Kit.