ERC-8019: Minimal Wallet-Managed Auto-Login for SIWE

Ivshti · September 4, 2025, 6:00pm

Users repeatedly sign identical SIWE messages for trusted apps. A small, explicit match policy enables zero-prompt login without involving apps.

Users already get prompted by their wallets if they trust a certain app when they initially connect to it - this flow can also authorize auto-login if applicable.

This ERC defines a wallet-local allowlist for automatic signing of EIP-4361 messages when simple, deterministic match rules succeed. Policies are created and managed only by the wallet/user, but we include reasonable defaults.

The end goal is to ensure that dapps like Fileverse and Lens don’t bother you to re-sign the same message on a regular basis.

kdenhartog · September 7, 2025, 10:16pm

How do you plan to address the privacy issue where the wallet address gets used as a cross-origin identifier to track users? This would allow a site or RPC service to automatically track the user based on their wallet address across sites they visit.

Ivshti · September 8, 2025, 11:13am

In two ways addressed in the ERC itself:

the wallet should not apply the policy before a single user signature
the policies are only applied for the specific origin they were approved for

If a website/dapp/origin has already done this once for you and you’ve allowed it, you can argue that you’ve allowed this dapp to know your address.

kdenhartog · September 10, 2025, 10:24am

Oh very nice, I didn’t catch that when reading through it.

Might I suggest adding in a permissions policy similar to what browsers do for this too within the wallet.

E.g. Save for 24 hours, 7 days, forever type thing