Home

Embedded Signer

Automatic recovery

Automatic recovery optimizes for the simplest experience when using the wallet on a new device

Automatic recovery#

It is worth noting that Shield mode makes for smooth user UX (without needing to set up a recovery system upfront when logging in) but it comes with tradeoffs. Notably, the root of trust with Shield's automatic recovery is the user’s authentication token. This means access to the auth token grants access to the wallet. Accordingly, this token must be properly secured at all times.

When using automatic recovery, Shield generates a password that is used for the encryption of the recovery share. The encryption key can only be accessed if the decryption request includes the user's auth token.

We recommend enabling password-based recovery for users. This is especially important to enforce as the value of assets in a user's wallet grows.

Using Openfort Auth#


_10
async function authSetAutomaticRecoveryMethod(email:string, password:string) {
_10
const response = await openfort.signUpWithEmailPassword({email, password});
_10
const chainId = 80002;
_10
const shieldAuth: ShieldAuthentication = {
_10
auth: ShieldAuthType.OPENFORT,
_10
token: response.token
_10
};
_10
await openfort.configureEmbeddedSigner(chainId, shieldAuth);
_10
}

Using Third-party Auth#


_11
async function authSetAutomaticRecoveryMethod(idToken: string) {
_11
await openfort.authenticateWithThirdPartyProvider({provider: ThirdPartyOAuthProvider.FIREBASE, token: idToken, tokenType: TokenType.idToken});
_11
const chainId = 80002;
_11
const shieldAuth = {
_11
auth: ShieldAuthType.OPENFORT,
_11
token: idToken,
_11
authProvider: "firebase",
_11
tokenType: "idToken",
_11
};
_11
await openfort.configureEmbeddedSigner(chainId, shieldAuth);
_11
}

Resources#