Multi Factor Authentication in PnP Android SDK

At Web3Auth, we prioritize your security by offering Multi-Factor Authentication (MFA). MFA is an extra layer of protection that verifies your identity when accessing your account. To ensure ownership, you must provide two or more different backup factors. You have the option to choose from the device, social, backup factor (seed phrase), and password factors to guarantee access to your Web3 account. Once you create a recovery factor, MFA is enabled, and your keys are divided into three shares for off-chain multi-sig, making the key self-custodial. With backup factors, you can easily recover your account if you lose access to your original device or helps login into a new device.

You can set the mfaLevel within the loginParams to customize when mfa screen should be shown to user. It currently accepts 4 values:

• default - Setting the mfaLevel to default will present the MFA screen to user on every third login. mfaLevel = MFALevel.DEFAULT
• optional - Setting mfaLevel to optional will present the MFA screen to user on every login but user will have the option to skip it. mfaLevel = MFALevel.OPTIONAL
• mandatory - Setting mfaLevel to mandatory will make it mandatory for user to setup MFA after login. mfaLevel = MFALevel.MANDATORY
• none - Setting mfaLevel to none will skip the mfa setup screen totally. mfaLevel = MFALevel.NONE

To trigger the MFA flow after authentication, you can use enableMFA method.

Note

If you are using default verifiers, your users may have set up MFA on other dApps that also use default Web3Auth verifiers. In this case, the MFA screen will continue to appear if the user has enabled MFA on other dApps. This is because MFA cannot be turned off once it is enabled.

Minimum Growth plan required

This is a paid feature and the minimum pricing plan to use this SDK in a production environment is the Growth Plan. You can use this feature in the development environment for free.

web3Auth.login(LoginParams(selectedLoginProvider, mfaLevel = MFALevel.MANDATORY))

Usage

import android.widget.Button
import com.web3auth.core.Web3Auth
import android.os.Bundle

class MainActivity : AppCompatActivity() {
	private lateinit var web3Auth: Web3Auth

	private fun signIn() {
		val selectedLoginProvider = Provider.GOOGLE
		// Can be GOOGLE, FACEBOOK, TWITCH etc.

		// MFA Level is set Mandatory here.
		// `mfaLevel = MFALevel.MANDATORY`
		val loginCompletableFuture: CompletableFuture<Web3AuthResponse> =
				web3Auth.login(LoginParams(selectedLoginProvider,
						mfaLevel = MFALevel.MANDATORY))

		loginCompletableFuture.whenComplete { loginResponse, error ->
			if (error == null) {
				// render logged in UI
			} else {
				// render error UI
			}

		}
	}

	override fun onCreate(savedInstanceState: Bundle?) {
		// ...
	    // Setup UI and event handlers
		val signInButton = findViewById<Button>(R.id.signInButton)
		signInButton.setOnClickListener { signIn() }
		// ...
	}
	// ...
}

Using the mfaSettings to configure MFA Order

Minimum SCALE plan required

This is a paid feature and the minimum pricing plan to use this SDK in a production environment is the SCALE Plan. You can use this feature in the development environment for free.

You can configure the order of MFA or enable/disable MFA type by passing the mfaSettings object in Web3AuthOptions.

MfaSettings

Table

Parameter	Description
deviceShareFactor?	MFA setting for deviceShareFactor. It accepts MfaSetting as a value.
backUpShareFactor?	MFA setting for backUpShareFactor. It accepts MfaSetting as a value.
socialBackupFactor?	MFA setting for socialBackupFactor. It accepts MfaSetting as a value.
passwordFactor?	MFA setting for passwordFactor. It accepts MfaSetting as a value.

Class

	data class MfaSettings(
		private var deviceShareFactor: MfaSetting? = null,
		private var backUpShareFactor: MfaSetting? = null,
		private var socialBackupFactor: MfaSetting? = null,
		private var passwordFactor: MfaSetting? = null,
	)

MfaSetting

Table

Parameter	Description
enable	Enable/Disable MFA. It accepts Boolean as a value.
priority?	Priority of MFA. It accepts Int as a value, where valid range is from 1 to 4.
mandatory?	Mandatory/Optional MFA. It acccepts Boolean as a value.

Class

	data class MfaSetting(
		var enable: Boolean,
		var priority: Int?,
		var mandatory: Boolean?
	)

	web3Auth = Web3Auth(
           Web3AuthOptions(
               context = this,
               clientId = getString(R.string.web3auth_project_id), // pass over your Web3Auth Client ID from Developer Dashboard
               network = Network.SAPPHIRE_MAINNET, // pass over the network you want to use (MAINNET or TESTNET or CYAN, AQUA, SAPPHIRE_MAINNET or SAPPHIRE_TESTNET)
               buildEnv = BuildEnv.PRODUCTION,
               redirectUrl = Uri.parse("com.w3a.web3authdemoapp://auth"), // your app's redirect URL
               // Optional parameters
               whiteLabel = WhiteLabelData(
                   "Web3Auth Android FireBase Example",
                   null,
                   null,
                   null,
                   Language.EN,
                   ThemeModes.LIGHT,
                   true,
                   hashMapOf(
                       "primary" to "#eb5424"
                   )
               ),
               mfaSettings = MfaSettings(
                   deviceShareFactor = MfaSetting(true, 1, true),
                   socialBackupFactor = MfaSetting(true, 2, false),
                   passwordFactor = MfaSetting(true, 3, false),
                   backUpShareFactor = MfaSetting(true, 4, false),
               )
				... // add your loginconfig
           )
       )