Email & SMS Authentication for Web3 Accounts with Lit
The team behind Lit has been working to lower the friction of Web3 onboarding with a variety of supported passwordless authentication methods, including:
We are happy to announce that we have added email and sms authentication to the list of supported authentication methods.
Authentication Methods
Authentication methods are ways of gating Programmable Key Pairs (PKP) to a specific account resource. This requires individuals to authenticate before performing operations requiring a PKP. This is a powerful feature of the Lit network as it means users can sign up for a wallet the same way they sign up for other types of digital resources. Thus lowering the barrier to accessing Web3 enabled applications.
Email, and SMS authentication lend themselves well to secondary authentication mechanisms, allowing for recovery in the event of a user’s primary authentication mechanism being unavailable. However, it may also be used as the primary authentication means.
What are authentication methods used for?
Authentication methods are used when signing session signatures which are used to authorize use of resources by a user. Session signatures can replace authentication signatures, which require a user to have a web 3 wallet. With session signatures no wallet is strictly required. Resources are delegated through signatures from a locally generated keypair. Which is then signed by the Lit network, once signed it is then able to be used to access specified resources based on the sessions capabilities, such as:
- Lit Actions
- Access Control Conditions
- Rate Limit increase (NFT)
- PKP NFT
For more information on session signatures, and their capabilities see here.
Getting Started with Authentication Methods
Auth method instance from a successful authentication
With the new authentication client (lit-auth-client) you are able to create an OTP (one time password) session for sending, and authenticating OTP codes from the end user. These codes are sent directly to the provided email address, or phone number from the userId.
When the authentication code is successfully validated, an authentication method instance will be created.
const authClient = new LitAuthClient();
let session = authClient.initProvider(ProviderType.Otp,{
userId: "user email or phone number"
});
// send code to user
let resp = await session.sendOtpCode();
// callback to retrieve the status of the user's otp code verification
console.log(resp.callback);
// check otp code
let authMethod = await otpSession.authenticate({code: "user sent otp code"});
// auth method structure
/**
{
"accessToken": "eyJhbGciOiJzZWNwMjU2azEiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJMSVQtUHJvdG9jb2wiLCJzdWIiOiJMSVQtT1RQIiwiaWF0IjoxNjg0ODc1NTE0NDkxLCJleHAiOjE2ODQ4NzczMTQ0OTEsIm9yZ0lkIjoiTElUIiwicm9sZSI6InVzZXIiLCJleHRyYURhdGEiOiIrMTIwMTQwNzIwNzN8MjAyMy0wNS0yM1QyMDo1ODozNC40OTE3ODU5NDUrMDA6MDAifQ.eyJyIjoiZTA0ZDAyNjhjN2ExMzhiNmZiNDJjYTk4NmIxY2I4MWM0N2QyMTc0MzZlOWNlYzc4NGUzNWEyOTZkZmY2YjA4NSIsInMiOiI0NTE5MTVkMDY5YTZhZGE5M2U0OGY3ODUwMGM0MWUzNmMwYzQ4Y2FlODYwMmYxYWM0Njc0MTQ1YTNiMmMyNDU4In0",
"authMethodType": 7
}
*/
With the returned authentication method from the `authenticate` call, you can
- Sign session signatures
- Mint new PKP’s with the given authentication method through the Lit Relayer.
- Query PKP instances with the given authentication method through the Lit Relayer.
Receive session signatures from SMS or email auth
With the returned authentication method instance from the code above, we can now use the generated authentication method to request signatures from the Lit network for sessions, these session signatures can be used to do things like execute lit actions, where the session signature replaces an authentication signature. With session signatures we can grant explicit permissions to resources with resource ability requests within requests to generate session signatures.
You can learn more about the capabilities here.
const litNodeClient = new LitNodeClient({
litNetwork: "serrano"
});
await litNodeClient.connnect();
// Wild card resource
const litResource = new LitAccessControlConditionResource('*');
const sessionSigs = session.getSessionSigs({
pkpPublicKey: pkpInfo.publicKey,
authMethod: authMethod,
sessionSigParams: {
chain: 'ethereum',
resourceAbilityRequests: [{
resource: litResource,
ability: LitAbility.PKPSigning
}],
},
litNodeClient
});
With the returned session signature you can now use it in place of auth signatures for executing Lit Actions with the specified PKP's public key.
Demo
You can find a demo of the new Email / SMS Authentication here, the source can be found in this repository.
Conclusion
Authentication methods are a powerful mechanism of the Lit Network, Giving a low barrier of entry for wallet adoption, as well as providing powerful delegation capabilities to access control mechanisms. With the added addition of email, and SMS authentication we are able to increase the number of user’s able to access Web3 wallets, and content control.
By expanding authentication options for web3 wallets, we unlock powerful delegation capabilities and access control mechanisms. You can now delegate certain actions or permissions to trusted individuals or entities, allowing for more efficient management of their decentralized assets and interactions with blockchain-based services. This feature empowers users to define fine-grained access controls and distribute responsibilities while maintaining control and ownership over their digital assets.
The inclusion of OTP authentication methods in web3 wallets expands access, enhances security, and enables powerful delegation capabilities. By reducing barriers to entry, leveraging existing social media accounts, and implementing OTPs, we can bring more individuals into the world of decentralized finance and blockchain applications. These advancements not only benefit individual users but also contribute to the overall growth and adoption of web3 technologies.