using Metamask (or other wallet app) as authentication?


possibly related more to web3 in general, but

when connecting your wallet extension to a website, how secure is this connection and is it something that could potentially be spoofed?
i.e. does the connection require signing something with your private keys, or can anyone with a public key claim to be a wallets owner when ‘connecting’?

I’m thinking of using wallet extensions as a form of login for a (hypothetical) project of mine.

Right now I’m leaning towards generating a private/public key and having the user send the public key to a contract, after which the private key (& sender address) could be used to login.
This’d mean there’d be some gas fees for the user and the whole wallet connection would be out of the equation, too :stuck_out_tongue:

There possibly are some examples out there already, my apologies if this is a duplicate issue.