Hi team!
We utilized Web3Auth custom authentication to create user wallets for our platform and it worked great so far.
We are curious to know how Web3Auth manage the user’s private key? Does Web3Auth uses a MPC (TSS scheme) or a MFA (SSS scheme) especially with custom authentication?
Also, our system is responsible for generating an idToken through custom authentication, allowing us to access the user’s private key without their knowledge. Is it violate their data self-sovereignty?
Thanks!
@truong.nguyen Welcome Aboard!
Your request has been forwarded to our Dev team and we will get back with further updates.
Thanks for your patience.
On successful validation of the JWT token, Web3Auth SDK will generate a private key for the user, in a self custodial way, resulting in easy onboarding for your user to the application.
Custom Authentication can be used with both MPC or SSS, it’s a way to provide login mechanism to end user. The only difference between the SSS-based SDKs and MPC SDKs are that during usage/login MPC SDKs do not reconstruct user private keys.
Web3Auth will utilize both MPC or SSS to generate private key depending on the Web3Auth SDKs being used. You can take a rundown of our SDKs here
It’s important to note that the idToken returned by Web3Auth doesn’t contain any sensitive data, so it’s completely safe to use it for verification purposes on the backend.
You can find more information on how to do it at Social Login Users | Documentation | Web3Auth .
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.