Multi Factor Authentication in PnP Android SDK
At Web3Auth, we prioritize your security by offering Multi-Factor Authentication (MFA). MFA is an extra layer of protection that verifies your identity when accessing your account. To ensure ownership, you must provide two or more different backup factors. You have the option to choose from the device, social, backup factor (seed phrase), and password factors to guarantee access to your Web3 account. Once you create a recovery factor, MFA is enabled, and your keys are divided into three shares for off-chain multi-sig, making the key self-custodial. With backup factors, you can easily recover your account if you lose access to your original device or helps login into a new device.
mfaSettings
is a paid feature and the minimum pricing plan to
use this SDK in a production environment is the SCALE Plan. You can use this feature in
sapphire_devnet
for free.
Enable using the MFA Level
For a dApp, we provide various options to set up Multi-Factor Authentication. You can customize the
MFA screen by passing the mfaLevel
parameter in login
method. You can enable or disable a backup
factor and change their order. Currently, there are four values for MFA level.
If you are using default verifiers, your users may have set up MFA on other dApps that also use default Web3Auth verifiers. In this case, the MFA screen will continue to appear if the user has enabled MFA on other dApps. This is because MFA cannot be turned off once it is enabled.
MFA Level Options
MFA Level | Description |
---|---|
DEFAULT | Shows the MFA screen every third login. |
OPTIONAL | Shows the MFA screen on every login, but user can skip it. |
MANDATORY | Makes it mandatory to set up MFA after first login. |
NONE | Skips the MFA setup screen |
Usage
val loginResponse = web3Auth.login(
LoginParams(
Proider.GOOGLE,
mfaLevel = MFALevel.MANDATORY
)
)
Explicitly Enable MFA
The enableMFA
method is used to trigger MFA setup flow for users. The method takes LoginParams
which will used during custom verifiers. If you are using default login providers, you don't need to
pass LoginParams
. If you are using custom jwt verifiers, you need to pass the JWT token in
loginParams
as well.
- Default Verifier
- Custom JWT Verifier
import android.widget.Button
import com.web3auth.core.Web3Auth
import android.os.Bundle
class MainActivity : AppCompatActivity() {
private lateinit var web3Auth: Web3Auth
private fun enableMFA() {
val completableFuture = web3Auth.enableMFA()
completableFuture.whenComplete{_, error ->
if (error == null) {
Log.d("MainActivity_Web3Auth", "Launched successfully")
// Add your logic
} else {
// Add your logic on error
Log.d("MainActivity_Web3Auth", error.message ?: "Something went wrong")
}
}
}
override fun onCreate(savedInstanceState: Bundle?) {
...
// Setup UI and event handlers
val enableMFAButton = findViewById<Button>(R.id.enableMFAButton)
enableMFAButton.setOnClickListener { enableMFA() }
...
}
...
}
import android.widget.Button
import com.web3auth.core.Web3Auth
import android.os.Bundle
class MainActivity : AppCompatActivity() { private lateinit var web3Auth: Web3Auth
private fun enableMFA() {
val loginParams = LoginParams(
Provider.JWT,
extraLoginOptions = ExtraLoginOptions(id_token = "your_jwt_token")
)
val completableFuture = web3Auth.enableMFA(loginParams)
completableFuture.whenComplete{_, error ->
if (error == null) {
Log.d("MainActivity_Web3Auth", "Launched successfully")
// Add your logic
} else {
// Add your logic on error
Log.d("MainActivity_Web3Auth", error.message ?: "Something went wrong")
}
}
}
override fun onCreate(savedInstanceState: Bundle?) {
...
// Setup UI and event handlers
val enableMFAButton = findViewById<Button>(R.id.enableMFAButton)
enableMFAButton.setOnClickListener { enableMFA() }
...
}
...
}
Configure MFA Settings
You can configure the order of MFA or enable/disable MFA type by passing the mfaSettings
parameter
in Web3AuthOptions
.
- At least two factors are mandatory when setting up the mfaSettings.
- If you set
mandatory: true
for all factors, the user must set up all four factors. - If you set
mandatory: false
for all factors, the user can skip setting up MFA. But at least two factors are mandatory. - If you set
mandatory: true
for some factors andmandatory: false
for others, the user must set up the mandatory factors and can skip the optional factors. But, the user must set up at least two factors. - The
priority
field is used to set the order of the factors. The factor with the lowest priority will be the first factor to be set up. The factor with the highest priority will be the last factor to be set up.
Parameters - MfaSettings
MfaSettings
allows you to set the type of the MFA.
- Table
- Class
Parameter | Description |
---|---|
deviceShareFactor? | MFA setting for deviceShareFactor. It accepts MfaSetting as a value. |
backUpShareFactor? | MFA setting for backUpShareFactor. It accepts MfaSetting as a value. |
socialBackupFactor? | MFA setting for socialBackupFactor. It accepts MfaSetting as a value. |
passwordFactor? | MFA setting for passwordFactor. It accepts MfaSetting as a value. |
data class MfaSettings(
private var deviceShareFactor: MfaSetting? = null,
private var backUpShareFactor: MfaSetting? = null,
private var socialBackupFactor: MfaSetting? = null,
private var passwordFactor: MfaSetting? = null,
)
Parameters - MfaSetting
MfaSetting
allows you to setup MFA setting for a particular MFA type.
- Table
- Class
Parameter | Description |
---|---|
enable | Enable/Disable MFA. It accepts Boolean as a value. |
priority? | Priority of MFA. It accepts Int as a value, where valid range is from 1 to 4. |
mandatory? | Mandatory/Optional MFA. It acccepts Boolean as a value. |
data class MfaSetting(
var enable: Boolean,
var priority: Int?,
var mandatory: Boolean?
)
Usage
import com.web3auth.core.Web3Auth
import com.web3auth.core.types.Web3AuthOptions
val web3Auth = Web3Auth(
Web3AuthOptions(
context = this,
clientId = "YOUR_WEB3AUTH_CLIENT_ID", // Pass over your Web3Auth Client ID from Developer Dashboard
network = Network.MAINNET,
redirectUrl = Uri.parse("{YOUR_APP_PACKAGE_NAME}://auth"),
mfaSettings = MfaSettings(
deviceShareFactor = MfaSetting(true, 1, true),
socialBackupFactor = MfaSetting(true, 2, true),
passwordFactor = MfaSetting(true, 3, false),
backUpShareFactor = MfaSetting(true, 4, false),
)
)
)
val loginResponse = web3Auth.login(
LoginParams(
Proider.GOOGLE,
mfaLevel = MFALevel.MANDATORY
)
)