I have reported a number of bugs involving unauthorised access and the disclosure of personal information via API. In one of the projects, I reported a bug that exposes data on API calls when an address is passed to the API request (personal details including mobile number). Developers prioritise speed over security in their efforts to build quickly. Everything related to wallet-based authentication and authorization is coded and given by w3auth. Therefore, integrating with a new or existing system is a rather simple process.
Another problem I've seen is that the authentication token is maintained in local storage, which is yet another bad practice. This is not recommended since, if the website contains an XSS problem, it can result in a token leak.
The refresh token is handled by w3auth by setting a cookie, and the token is securely saved on the app state.
What it does
In a secure manner, w3auth handles wallet-based authentication and authorization. W3auth will make sure the token is generated and sent back to the app once the user signs a message on the wallet and is authenticated. Additional options for authentication are available to users, including NFT Gating, Token Gating, Blocklist addresses, and Allowlist addresses. The supported blockchains are Flow, Solana, Polkadot, Near, and Ethereum. These chains' supporting wallets can be used for authentication.
Challenges you ran into
There aren't many difficulties, but I have noticed that several blockchains verify signature techniques return booleans but the signature on Ether can be used to retrieve the public key.
Another tricky cors problem. I've also discovered that hovering over the cors request would reveal further details concerning the error. Screenshot
For the first time, I'm pushing code to Gitopia. When I push, a write access permission refused message appears. By adding a second wallet with write access to the repository, I was able to fix the issue.
Anything else?
The video was created on July 29. Then, a number of new features are added. Both the code and the live demo are the latest.
Team Name
Dz
Project Name
w3auth
Contact Details
pjijin1@gmail.com
Project Track
All Things Devs
Sponsor Bounties
Alchemy, Gitopia
Link to project GitHub public repo
https://github.com/Devzstudio/w3auth
Link to project website
https://w3authdemo.devzstudio.com/
Link to demo video
https://www.youtube.com/watch?v=9FvleLcpnR4
Inspiration
I have reported a number of bugs involving unauthorised access and the disclosure of personal information via API. In one of the projects, I reported a bug that exposes data on API calls when an address is passed to the API request (personal details including mobile number). Developers prioritise speed over security in their efforts to build quickly. Everything related to wallet-based authentication and authorization is coded and given by w3auth. Therefore, integrating with a new or existing system is a rather simple process.
Another problem I've seen is that the authentication token is maintained in local storage, which is yet another bad practice. This is not recommended since, if the website contains an XSS problem, it can result in a token leak.
The refresh token is handled by w3auth by setting a cookie, and the token is securely saved on the app state.
What it does
In a secure manner, w3auth handles wallet-based authentication and authorization. W3auth will make sure the token is generated and sent back to the app once the user signs a message on the wallet and is authenticated. Additional options for authentication are available to users, including NFT Gating, Token Gating, Blocklist addresses, and Allowlist addresses. The supported blockchains are Flow, Solana, Polkadot, Near, and Ethereum. These chains' supporting wallets can be used for authentication.
Challenges you ran into
There aren't many difficulties, but I have noticed that several blockchains verify signature techniques return booleans but the signature on Ether can be used to retrieve the public key.
Another tricky cors problem. I've also discovered that hovering over the cors request would reveal further details concerning the error. Screenshot
For the first time, I'm pushing code to Gitopia. When I push, a write access permission refused message appears. By adding a second wallet with write access to the repository, I was able to fix the issue.
Anything else?
The video was created on July 29. Then, a number of new features are added. Both the code and the live demo are the latest.
Documentation: https://w3auth.devzstudio.com/
w3auth Integrated live demo: https://w3authuser.devzstudio.com/
Github Demo Integration: https://github.com/Devzstudio/w3auth_demo
w3auth React Hook Package for Integration: https://github.com/Devzstudio/w3auth-hook
Alchemy: Alchemy SDK is used in w3auth for NFT Gating, and Token Gating Features.
Gitopia: https://gitopia.com/gitopia1v7z35hhx7r4u6fvyuahzd5nlv7tjwg9mpk8pes/w3auth w3auth hook: https://gitopia.com/gitopia1v7z35hhx7r4u6fvyuahzd5nlv7tjwg9mpk8pes/w3auth-hook w3auth demo: https://gitopia.com/gitopia1v7z35hhx7r4u6fvyuahzd5nlv7tjwg9mpk8pes/w3auth_demo