Hello, we are looking into integrating Web3Auth and had a few questions, primarily regarding the centralization of Web3Auth.
1- What is the benefit of using Web3Auth as verifier vs custom verifier authentication?
2- If Web3Auth shut down, then what would be the exact process of the user recovering their wallet? As currently the only way to get your seed phrase is via the highly centralized Web3Auth API?
3- Also if Web3Auth shut down their centralized verifier how would users be able to access their wallet, since the login depends on the specific project id assigned to Web3Auth by Google and the other auth providers?
4- It is mentioned that Web3Auth uses nodes from multiple companies, however how can everyone interact with the nodes without needing to use the centralized API?
5- Most wallets seem to be integrating the CoreKit is there a specific benefit or reason to do so over the Plug and play kit?
Default Verifiers: These are the verifiers associated with OAuth providers(Google, Facebook, Apple etc.) which are owned and managed by Web3Auth’s account and migration from default verifiers to custom verifiers is not possible.
Custom Verifiers: For users to be able to log in using a custom authentication flow, you will need to use a Custom Verifier. The wallet generated for each user is specific to a verifier.
The benefits of using Custom Authentication are:
It provides a comprehensive user experience from beginning to end.
You can customize the data required from the authentication service and onboard users according to your specific needs.
You can seamlessly migrate your existing users to the new authentication flow with Web3Auth, without requiring them to create new accounts.
2 & 3 - Whilst we hope that a w3a shutdown never happens, we take the matter very seriously. There are several tiers of fallbacks here.
First off w3a’s infrastructure is and can be operated by other entities, our mainnet is run by large ecosystem stakeholders like Binance, Ethereum Name Service, Etherscan, Polygon (MATIC), alongside ourselves. Next, there’s a contingency plan to operate or allow migration in the case w3a does go down which allows app developers to run this themselves. Lastly and most importantly users can always export their key pairs into different wallets and we can easily push them to doing so.
Our hosted web3auth app.openlogin.com for plug and play is where people can check their key factors and reconstruct their keys on different devices.