[Archive] When a user is logged in, are key shares or an assembled key stored in the session?

githubdiscussions · February 7, 2023, 1:41pm

Archived Content from Web3Auth Community

This topic was originally posted by githubdiscussions on 2/7/2023.
This content has been migrated from our previous community forum to preserve valuable discussions.

Let's say a user logs in using a 1/1 flow (say Google login via Auth Network).

Once the user is logged in, is the private key stored in the session?

If not, what allows signatures to be performed?

If so, what are the possible attack vectors and how best to protect users?

Originally posted by: RonanKMcGovern

Check the discussion at: https://github.com/orgs/Web3Auth/discussions/1295

Topic		Replies	Views
[Archive] Private key securities Embedded Wallets (Web3Auth)	1	1	July 25, 2024
[Archive] Persistent session: is it safe to store postboxKey from TorusServiceProvider in localStorage? Embedded Wallets (Web3Auth)	2	1	August 2, 2023
[Archive] Security & Recovery Questions Embedded Wallets (Web3Auth)	1	4	February 13, 2023
[Archive] Session Management In react native Embedded Wallets (Web3Auth)	10	1	August 13, 2023
[Archive] The user's key seems to be split into three shares. Among them, where is each key share stored particularly? Embedded Wallets (Web3Auth)	0	1	August 1, 2022

[Archive] When a user is logged in, are key shares or an assembled key stored in the session?

Related topics