A useSignIn() hook for accessing the Sign In With Solana feature

[steveluscher]

Summary

This hook returns essentially the raw sign in function from the solana:signIn feature. It upcasts the returned WalletAccount to a UiWalletAccount usable with the rest of the @solana/react API.

Callers are responsible for verifying the signed message and its signature.

Test plan

pnpm turbo test:unit:node test:unit:browser test:typecheck

[changeset-bot]

🦋 Changeset detected

Latest commit: 686539f

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 37 packages

Name	Type
@solana/react	Minor
@solana/accounts	Minor
@solana/addresses	Minor
@solana/assertions	Minor
@solana/codecs-core	Minor
@solana/codecs-data-structures	Minor
@solana/codecs-numbers	Minor
@solana/codecs-strings	Minor
@solana/codecs	Minor
@solana/compat	Minor
@solana/errors	Minor
@solana/fast-stable-stringify	Minor
@solana/functional	Minor
@solana/instructions	Minor
@solana/keys	Minor
@solana/web3.js-experimental	Minor
@solana/options	Minor
@solana/programs	Minor
@solana/rpc-api	Minor
@solana/rpc-graphql	Minor
@solana/rpc-parsed-types	Minor
@solana/rpc-spec-types	Minor
@solana/rpc-spec	Minor
@solana/rpc-subscriptions-api	Minor
@solana/rpc-subscriptions-spec	Minor
@solana/rpc-subscriptions-transport-websocket	Minor
@solana/rpc-subscriptions	Minor
@solana/rpc-transformers	Minor
@solana/rpc-transport-http	Minor
@solana/rpc-types	Minor
@solana/rpc	Minor
@solana/signers	Minor
@solana/sysvars	Minor
@solana/transaction-confirmation	Minor
@solana/transaction-messages	Minor
@solana/transactions	Minor
@solana/webcrypto-ed25519-polyfill	Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[steveluscher]

• Added Sign In With Solana to the example app #2929
• A useSignIn() hook for accessing the Sign In With Solana feature #2928 👈
• Reset errors when changing account/chain #2923
• master

This stack of pull requests is managed by Graphite. Learn more about stacking.

Join @steveluscher and the rest of your teammates on Graphite

[steveluscher]

Should we default the domain to window.location.host if not supplied?

[lorisleiva]

I think it makes sense yeah. I'm trying to think about security reasons not to do this but can't see any.

[jordaaash]

We can, but the wallet must set this anyway if it's not provided.

[steveluscher]

I'm going to leave it unsupplied.

[jordaaash]

I think we can do away with this plural API, seems very unlikely to be used and certainly doesn't work today.

[jordaaash]

Oh I see, this isn't exported anyway, this is just internally how it's implemented because the Wallet Standard is this way. Carry on!

[jordaaash]

Yeah, this was a misguided design. The idea was that we could support secp256r1 signatures potentially later, but that's better handled through a new feature/version.

[jordaaash]

Aside: It's extremely dumb that SIWE has request-id and nonce which are duplicative in almost all cases, and JWT-esque issued-at and expires-at timestamps when these are not intended to be and should not be used as JWTs directly. Apps should generate a random session ID from the server and use it as request-id, then verify and issue a proper JWT if needed from the server the correct way.

Ideally we can reflect the best way to do this in docs and examples and users should not touch most of the API.

[jordaaash]

nit: I do prefer requestId to nonce because it makes it more clear that it should come from a server, it's not using a cryptography term improperly, and it's not confused by Brits for... other meanings of the term.

[jordaaash]

domain probably not needed in the example since apps shouldn't provide it.

[steveluscher]

You're right about that! I noticed some wallets fail awkwardly when you don't supply it, but that's a bug with their implementation.

[steveluscher]

For posterity, one such error when you don't supply domain.

[jordaaash]

Nice 👍

[jordaaash]

LGTM, had some non-critical comments that apply mainly to examples/defaults

[steveluscher]

Merge activity

• Jul 12, 10:50 AM PDT: @steveluscher started a stack merge that includes this pull request via Graphite.
• Jul 12, 10:51 AM PDT: Graphite rebased this pull request as part of a merge.
• Jul 12, 10:52 AM PDT: Graphite rebased this pull request as part of a merge.
• Jul 12, 10:54 AM PDT: Graphite rebased this pull request as part of a merge.
• Jul 12, 10:55 AM PDT: @steveluscher merged this pull request with Graphite.

[github-actions]

🎉 This PR is included in version 1.95.1 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀

[github-actions]

Because there has been no activity on this PR for 14 days since it was merged, it has been automatically locked. Please open a new issue if it requires a follow up.