Ethereum

SIWE is free

https://x.com/nearcyan/status/1725277562941637118?s=46

SIWx*

https://github.com/LearnWeb3DAO/siwx

This is the alt account of Sister Hazel. Writings at https://powerlaw.systems. Curating https://protocol-particles.github.io.

Signature verification and address recovery happens on the backend. The library doesn’t prevent using it on the frontend for whatever use cases but ideally it’s not being verified on the client

Reading the code I was wondering how the authenticity of the signature is guaranteed. If it's only the client itself stating that the desired address could be recovered then the verification as a whole is not that reliable, because any client could pretend. Is there another component verifying the credential ownership?