MetaMask Developer and SpruceID Collaborate to Implement EIP-4361

Learn how MetaMask Developer and SpruceID collaborated to implement EIP-4361, Sign-In with Ethereum into MetaMask.

by Kingsley OkonkwoMarch 28, 2024
MetaMask X SpruceID

SpruceID is a digital identity and personal data management company building the infrastructure and tools that will empower users to take control of their identity and data on the Internet. With over ​​3M downloads and more than 1k dapps using their open-source libraries for the Sign-In With Ethereum (SIWE) standard, SpruceID is solving the long-standing problem of user data ownership and interoperability.

MetaMask Developer refers to the developer arm of MetaMask, offering a comprehensive set of tools, APIs, and SDKs that are designed to facilitate user onboarding and enable developers to create unique and permissionless wallet connections and in-dapp experiences for MetaMask users. Built on the trusted and secure foundations of MetaMask and Infura, MetaMask Developer is also geared toward enhancing the MetaMask wallet experience for users and developers through active community engagement and collaboration.

This blog features an ecosystem partner, SpruceID, and their work to enable data interoperability through user-controlled authentication and how, through its collaboration with MetaMask Developer, EIP-4361, also referred to as Sign-In with Ethereum (SIWE), was implemented in MetaMask while simultaneously creating the MetaMask Improvement Proposal.

Enabling data interoperability through user-controlled authentication

Today's internet is centralized, and user data interoperability is non-existent. For example, a medical patient looking to move to a new provider would need help porting existing medical records due to how this data is stored - using centralized databases. This practice is not specific to healthcare providers, it is common in traditional finance, social media, and government.

SpruceID recognizes that this can easily be solved by moving to a Data Vault Architecture where, instead of users’ data being stored and managed by third-party services, it resides in a secure, encrypted personal vault that the user operates.

However, for this to work, an authentication standard that enables users to grant or revoke access to their data at any time is required. This standard would also need to be extensible enough to support consent-based sharing so that users have granular control over what data to share or not share on a case-by-case basis.

Another challenge is ensuring this authentication standard is recognized and adopted within the ecosystem among dapp developers. Additionally, specific security issues associated with this authentication method can only be solved at the wallet level. For example, if a website wants a user to sign a transaction, ensuring that the address in the user’s address bar is correct and that the request is being served over a secure network are complex security checks to implement at the dapp level. However, a wallet can easily enforce these.

MetaMask Developer implements EIP-4361 in collaboration with SpruceID

Through authoring the (SIWE) standard, the Spruce ID team created a user-controlled authentication method based on cryptography and users' public and private keys. With these keys, users can sign digital signatures that machines can’t spoof. Users can also sign permission slips for dapps to access their data vault. SIWE also offers granular control, allowing users to specify which resources in their data vault are involved in an interaction.

To facilitate wider ecosystem adoption, particularly among dapp developers, SpruceID collaborated with MetaMask Developer to integrate SIWE into the MetaMask wallet as a feature. This collaboration helped address multiple security issues at the wallet level, leveraging the expertise of MetaMask's in-house JavaScript security experts. As a result, developers no longer need to handle these issues at the dapp level.

"Reflecting on our experience collaborating with the MetaMask Developer team, the two words that come to mind are 'extremely responsive' and 'thorough'. There were many iterations as we went back and forth, seeking the best outcome for users. We're grateful that the MetaMask Developer team recognized the potential to keep users safe". - Wayne Chang, Founder, SpruceID.

Additionally, through this collaboration, MetaMask Developer established a process for projects like SpruceID to propose new features and suggest changes to MetaMask Wallet API. This process is called MetaMask Improvement Proposal (MIP), and more details can be found in this blog.

Get started with MetaMask Developer today

Are you a developer building consumer dapps?

MetaMask Developer suite, comprising the MetaMask Wallet API, SDK, Web3 service APIs, and Snaps, offers a comprehensive set of tools for onboarding millions of the web’s most engaged users.

Check out the developer portal to learn more about our offerings.

Receive our Newsletter