AuthJS + external wallets + dashboard

## SOL-243 Use the existing Authjs payload structure which supports external wallets like metamask. Explore the problems. Central DB which tracks the metamask + external wallets Ponder on these things:- 1. AuthJS + Openlogin Backend works with Web3Auth => manual signing 2. Prompting the user for a metamask signing vs doing the signing ourselves using Openlogin Backend 3. Maintaining a central DB to track users 4. Integrate all of this into a dashboard # AuthJS + external wallets + dashboard Web3Auth has two types of users :- 1. Openlogin Users 2. External Wallet Users In any case, we have AuthJS that is used as an intermediary in authentication. ![](https://i.imgur.com/8HAg5dF.png) This makes AuthJS backend a good candidate for tracking user statistics. ### Flow ![](https://i.imgur.com/scat3Db.png) External Wallets flow : 1. Request to AuthJS server for getting the SIWW message 2. The AuthJS server returns the SIWW message 3. User is prompted to sign the SIWW message 4. Signature and the payload is passed to the AuthJS server which then verifies the signature and sends back a JWT token Openlogin flow : 1. The user initiates the login 2. The Openlogin backend verifies if the user is a torus user or not in the background. 3. The message signing happens using in the background using the user's key 4. The verification happens on the AuthJS server (internally implemented) which then sends back a JWT token (in the user info) PS: We can release an endpoint for just getting the JWT token **Alternatives** :- 1. Currently the Openlogin backend implements AuthJS internally so we could log the user info from there to the Centralized DB. 2. The metadata server could also evolve into creating this dashboard. 3. **Dashboard Server can take care of this. (Verification functionality can be implemented here.)** ### Challenges 1. Currently Openlogin implements AuthJS internally. i.e. AuthJS endpoint for openlogin is not https://auth-js-backend.tor.us/ 2. For external wallets flow, the user needs to get the SIWW message from https://auth-js-backend.tor.us/siww/get, then the user is prompted for signing the message and finally https://auth-js-backend.tor.us/siww/verify for verification **Alternative** :- Rely on window.connect for seamless experience ### Statistics Statistics that can be collected in a structure similar to the following : | ClientID | User PublicKey | Type | | -------- | ------------------------------------------ | --------- | | BKPxk... | 0xB22E9a1b8ee50C09a59a2fFACEeF561E9D69A493 | Metamask | | BKPxk... | 0xE298C7a2A0b7c4385A706669202834F83a739cb6 | Openlogin | | User PublicKey | Login Timestamp | Origin | | ------------------------------------------ | --------------- | ----------------- | | 0xB22E9a1b8ee50C09a59a2fFACEeF561E9D69A493 | 1659104262 | www.abc.com | | 0xB22E9a1b8ee50C09a59a2fFACEeF561E9D69A493 | 1659204262 | app.openlogin.com | #### Visualizations ![](https://i.imgur.com/G8ALxbo.png) ![](https://i.imgur.com/oPzUPzn.png) ![](https://i.imgur.com/81uAr7M.png) ### Database Choices Some considerations that determine the database choices are as follows :- 1. Strong read write consistency 2. Data Replication 3. Ideally a global database - aurora global db or similar We have fairly structured data and hence a SQL like database should be preferred. Using SQL like databases also allow for a tool like Metabase to be used for creating dashboards. More about Metabase here :- https://www.metabase.com/ ### Dashboard Choices 1. Using third party dashboards like PowerBI offer very high degree of customizations but it could be an overkill in our use-case. (Unless we also make this dashboard the billing dashboard). The advantages of using out of the box dashboards is that almost all of them support IAM, non-SQL (English like) queries, high degree of customizations in graphical visualizations. These tools could also be a bit expensive. Using these tools could also restrict extensibility of functionality. 2. Creating a custom dashboard using Angular / React / Vue. These dashboards would only allow for some specific queries such as :- Metamask users, Total Users, Openlogin users etc. Creating a custom dashboard would mean low flexibility in visualtizations as compared to a more mature tool such as PowerBI. 3. Using a tool like Metabase offers very low customization but it is very easy to setup. It is a wrapper on top of a SQL database like Postgres or MySQL. First stage :- => Public Key => MAU => External vs Internal wallets =>