How to use web3Auth react-native with backend apis

githubdiscussions · September 22, 2022, 2:32pm

Hi, We are creating and app, want to use web3Auth social logins. We want to store some user information like name, email and account public key in mongodb. I am concerned about how we can use authentication on apis if we use web3Auth. Like user want to get some list of things on app his information is stored on web3auth, so how I restrict api to show his objects only.

Originally posted by: hussammustafa

Check the discussion at: https://github.com/orgs/Web3Auth/discussions/629

githubdiscussions · September 24, 2022, 6:28pm

Hi, You can refer the server side verification mechanism described in link below, basically we return a idToken along with user info on frontend and you can validate that idToken on your backend to verify user's identity for api access and also decode that token to read user's profile information.

https://web3auth.io/docs/server-side-verification/social-login-users

Originally posted by: himanshuchawla009

ricardo.moguel · March 4, 2023, 9:14am

Hi, I don’t think this is accurate at all. This is not possible on react-native with the current guides as they are.

This guide may work for Web but not for React Native. As it supposes that RN has access to provier, however it doesn’t. Also it’s impossible to use web3auth.provider?.request as well as getPubliccompressed due to crypto library not being present on RN (and importing it doesn’t help).

Is there any other tutorial for React Native that we are missing?

brien · April 19, 2023, 2:04am

Hey @ricardo.moguel did you manage to find a solution? I’m having the same issue.

brien · April 20, 2023, 12:53am

If anyone else has a similar issue. I implemented an Android native module on react native using Bouncy Castle to get the public key from the private key. I’m not working on iOS right now but I assume there are similar crypto libs there too

@ReactMethod
    fun getPublicCompressed(privateKeyHex: String, promise: Promise) {
        val privateKey = BigInteger(privateKeyHex, 16)
        // Get the secp256k1 curve parameters
        val params = CustomNamedCurves.getByName("secp256k1")
        val curve = ECDomainParameters(params.curve, params.g, params.n, params.h)
        // Derive the public key from the private key
        val publicKeyPoint = curve.g.multiply(privateKey)
        val publicKeyParams = ECPublicKeyParameters(publicKeyPoint, curve)
        // Compress the public key
        val uncompressedPoint = publicKeyParams.q
        val compressedKeyBytes = uncompressedPoint.getEncoded(true)
        val compressedKeyHex: String = Hex.toHexString(compressedKeyBytes)
        promise.resolve(compressedKeyHex)
    }

ricardo.moguel · April 23, 2023, 2:25am

to be honest, this and a couple other concerns I had made me look for a different provider. My solution was moving away from w3a

brien · April 24, 2023, 5:53pm

Ah okay, fair enough. Can I ask what provider did you end up going with? It seems hard to find a good mobile web3 auth module for react native at the minute

ricardo.moguel · April 26, 2023, 1:47am

magic.link, has worked pretty well so far. A bit slow on the login (1-2 seconds), but no complains so far. And security seems more what I was looking for.