DeroAuth Overview
Sign in with your DERO wallet. No email. No password. Just cryptographic proof of wallet ownership.
dero-auth is a TypeScript library that provides wallet-based authentication for DERO. It works like "Sign in with Ethereum" (SIWE), but for DERO's privacy chain.
🔒
Privacy advantage: Unlike Ethereum auth (which exposes your full transaction history), authenticating with DERO reveals nothing about your on-chain activity. All transactions are encrypted.
Features
- Pure TypeScript signature verification (Schnorr on BN256) — no wallet needed server-side
- React components — drop-in
<SignInWithDero />button anduseDeroAuth()hook - Next.js integration — ready-made API route handlers and auth middleware
- XSWD client — connects to DERO wallets (Engram, CLI) via WebSocket
- SIWE-style message format — human-readable, domain-bound, replay-protected
- JWT sessions — standard token-based session management
- Zero personal data — just a cryptographic address
How It Works
- Server generates a challenge (human-readable message with domain, nonce, expiry)
- User's wallet signs the challenge via XSWD (WebSocket to local wallet)
- Server verifies the Schnorr signature purely in TypeScript — no RPC call to a node
- JWT session is issued
The entire verification is mathematical — no blockchain query needed.
Why Not Just Use Ethereum Auth?
| Ethereum (SIWE) | DERO Auth | |
|---|---|---|
| Transaction privacy | All transactions visible on-chain | Transactions encrypted, invisible to verifier |
| Wallet extension | MetaMask required | Connects to local wallet via WebSocket |
| Personal data exposed | Address links to full history | Address reveals nothing about activity |
| Verification | Pure JS (ecrecover) | Pure JS (Schnorr on BN256) |
Wallet Compatibility
| Wallet | Connection | Status |
|---|---|---|
| Engram (desktop) | XSWD (ws://localhost:44326) | Supported |
| DERO CLI wallet | XSWD (ws://localhost:10103) | Supported |
Package Exports
| Import | Purpose |
|---|---|
dero-auth | Core types and message format |
dero-auth/crypto | Pure crypto: Schnorr verify, BN256, address parsing |
dero-auth/server | Challenge generation, verification, JWT sessions |
dero-auth/client | Browser SDK: XSWD wallet connection, signing flow |
dero-auth/react | <SignInWithDero /> button, provider, hooks |
dero-auth/next | Next.js API route handlers, auth middleware |
Next Steps
- Quick Start — Add wallet login to your app
- Authentication Flow — Detailed flow walkthrough
- Cryptography — Schnorr, BN256, and DERO's unique curve