OTP implementation to verify an existing account in a new device

I want to implement an OTP through email with Core kit’s tKey so that a pre-registered user can log in from other devices with the same email/social/account.
Also using his social (Google or Apple).

How can this be implemented? More specific questions come to mind:

  • How can the OTP be regenerated/changed?
  • How can the recovery share be set up beforehand if the OTP doesn’t exist yet?

Any examples of implementations of similar systems would be appreciated.

Hey Eduardo,

Sorry for the delay in response. I was OOO for a couple of days which caused the delay.

Talking about the solution for this, as I suggested you in the previous call, using the security questions module can help in this case. Basically in the backend, you can generate some string which is encrypted by the user sub/identifier of the id token generated by auth0/ any other provider for OTP authentication. This string can be used as a recovery password for the share creation.

Another approach can be to use the Single Factor Auth SDK, which takes in a verifier from Web3Auth and generates a private key, this private key can be used to generate a share as well. Make sure you create a new verifier for this share creation. Checkout the documentation here: Web3Auth Core Kit Single Factor Auth Web SDK | Documentation

Hey!

We have implemented our own JWT server for user authentication and are currently integrating it with the w3a tkey library. We are having an issue when calling ‘getTorusKey’ where it is returning ‘Error: getTorusKey’.

We have created the verifier correctly in the w3a dashboard as ‘Custom’, selected ‘email’ as the verify id, included the fields ‘iss’ and ‘aud’ with their respective expected values, and passed the exposed jwks’ endpoint. For this last part, we have validated that the exposed keys are good for validating the signature of the JWTs in case that could have been the source of the issue, but we can confirm that the tokens are correctly validated.

Also, you can see in the attached image that the function is being called with the right parameters, all of which have been validated to contain the expected values at the moment of executing the function.
Please help us debug this as we are not able to generate the private key of the user with this error.

IMG_0938

Hey Eduardo,

As I see you’re passing the accessToken from your backend here. Please note that web3auth needs a JWK IdToken of the user. The accessToken will not work here.

Also from the error you’re mentioning, I cannot get a lot of information about what’s wrong. Please try console logging the error and send us that. If not, you can also try one of our PNP SDKs and manually pass the id token there for verification that the verifier is properly set up according to the JWK token from your side.

Try any of the custom authentication examples and manually pass the id token and test if everything is working fine or not.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.