rainbow-me · 2wheeh · Feb 11, 2026 · Feb 11, 2026 · Feb 11, 2026
@@ -0,0 +1,5 @@
+---
+'@rainbow-me/rainbowkit': minor
+---
+
+feat: support async createMessage in AuthenticationAdapter
@@ -20,7 +20,7 @@ export interface AuthenticationAdapter<Message> {
     nonce: string;
     address: Address;
     chainId: number;
-  }) => Message;
+  }) => Promise<Message> | Message;
   verify: (args: { message: Message; signature: string }) => Promise<boolean>;
   signOut: () => Promise<void>;
 }

@@ -72,7 +72,11 @@ export function SignIn({
         status: 'signing',
       }));
 
-      const message = authAdapter.createMessage({ address, chainId, nonce });
+      const message = await authAdapter.createMessage({
+        address,
+        chainId,
+        nonce,
+      });
       let signature: string;
 
       try {

@@ -53,6 +53,22 @@ const authenticationAdapter = createAuthenticationAdapter({
 });
 ```
 
+#### Server-side message creation
+
+For stricter security, `createMessage` also supports returning a `Promise`, allowing you to construct [EIP-4361](https://eips.ethereum.org/EIPS/eip-4361) messages on the server where security-critical fields like `domain`, `nonce`, and `issued-at` timestamps can't be manipulated by clients. See [SIWE documentation](https://docs.siwe.xyz/quickstart/creating-messages#server-side-message-creation) for more details.
+
+```tsx
+  createMessage: async ({ nonce, address, chainId }) => {
+    const response = await fetch('/api/siwe/message', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ nonce, address, chainId }),
+    });
+
+    return await response.text();
+  },
+```
+
 #### Providing the authentication state
 
 Assuming your application is already managing the authentication lifecycle in some way, you can pass the current authentication status along with your custom adapter to `RainbowKitAuthenticationProvider`, wrapping your existing `RainbowKitProvider`.