Hey @yurayavorski
Thanks for your question and sorry for the delay in responding to this thread.
With Web3Auth, you get 2 basic options, Web3Auth Plug and Play and Web3Auth Self Host. In terms of integration, Web3Auth Plug and Play is much easier and doesn't need much effort from the end user, as compared with Web3Auth Self Host, which is quite technical in terms of integration.
In Web3Auth Plug and Play, we've basically integrated the off-chain multi-sig part of Web3Auth into openlogin.com. This helps the user to generate their MFA setups, which is not possible without this part existing. This is enabled us to just directly call the app within the SDK and do the key reconstruction there. You can check out the articles about the User Flows and How Web3Auth Works to understand this better. In all, the redirect ensures that the keys are reconstructed on the frontend, ie. on openlogin.com and not on any other backend, ensuring the non-custodiality of the system.
In Web3Auth Self Host, your app can directly integrate the off-chain multi-sig aspect, enabling you login without any redirections and the key reconstruction happens in your app as well. You can even play around with the share storage and accordingly choose what suits your users the best. Ideally, this approach is the best way to integrate Web3Auth, however, this takes an considerable engineering effort as compared to Web3Auth Plug and Play.
All this being said, after looking into this question from multiple community members, we thought of a middle way around both these SDKs and give you an example which can, to an extent surpass the redirection for certain users using the one key flow.
As mentioned in our User Flows article, people can opt for MFA according to their needs of customising the Web3Auth flow. The MFA allows them to have a device share stored within their browser, or have a backup phrase on their email. If someone has enabled MFA, there's no other way of reconstructing the key, other than to redirect them to openlogin.com where the off chain multi sig will be enabled.
However, when the MFA is not active, the key reconstruction happens only using the social login shares, which we can directly get from the Web3Auth Auth Network nodes. Hence, in this case we can import the Torus Node libraries directly into your app and do the reconstruction, helping you avoid the redirect.
In this example we have explored this hack, where we check whether the user has enabled MFA or not, and accordingly reconstruct their key using the particular library. We also have added an option for someone to enable MFA later on after they have logged in.
https://github.com/Web3Auth/examples/tree/main/web-core-sdk/one-key-flow
We'll be adding a guide talking about each and every library, why it is imported and what it does and how the whole flow works very soon and update here as well.
Let me know for any questions.
Originally posted by:
yashovardhan
Archived Content from Web3Auth Community