Not sure how to move forward with NextAuth and Web3
Hi all,
I have to admit that I still have to experiment with the implementation but while documenting, I started to have some doubts that I would like to ask you first.
I already have a T3 app running with the authentication handled by NextAuth and the Discord provider.
Now I would like to allow people to also use their web3 wallet to sign in, but as far as I understood, this is pretty much a client authentication. Since I store the user session in the database, I wonder which would be the best approach to handle this situation.
Many of the documentation and tutorials I saw they just ignore the database relying on JWT, but doing so does not get me away from how the app is set up?
I have the following ideas on how to move forward, let me know which one is the best approach and please share your reasons behind that choice, so I can learn something new 😅
1. forget about NextAuth oAuth providers and only implement Web3 authentication
2. try to "merge" the two auth system even though I see this the more complicated one and don't know how to move forward
3. let NextAuth handle authentication via oAuth and then allow user to connect it's wallet afterwards
I am thinking of going with the 3 option, so oAuth authentication and Web3 authentication does not fight and after user signed the access I can add the wallet to the "watchlist".
PS: if you need to know what I am planning to do once user authenticates via Web3 I just want to list the token he holds and build his portfolio.
7 Replies
I found easy to authenticate a user using signatures
yup and with that one I am aligned on moving on the third option because otherwise we do not have a way to store user informations in the database.
On top of that, I do have few beta users that are using the platform and I have no clue on how to merge the information on their session with the web3 auth
Can't you simply attach an address into the user database and retrieve the session id?
This is what I did, not 100% sure if It's security safe but
users:
address: string
token: JWT
and I had a get request which would return your access token and the requirements were
address, signature, message
that's my idea tbh. handle the standard login with NextAuth and allow user to authenticate later in their "profile page" with the wallet.
as soon as I have the wallet address I'll store it in their profile table
Yeah it should work
at the end of the day, I will not use the web3 auth to allow/disallow access to the platform.
I want them able to sign with a wallet because:
- they need to proof that their are the owners of the wallet
- I would like them to mint an NFT via the Unlock Protocol
once I have their wallet on DB, I can check NFT presence even if they are not web3 authenticated
gl