FAQs
What is an embedded wallet?#
An embedded wallet is a in-app wallet designed to onboard both web2 and web3 users simultaneously. Nexus includes several core components:
- Authentication: A single-sign on authentication experience with familiar social logins
- Signer: An embedded signer accessible across all devices and games
- Account: The asset layer, powering users onchain to manage their assets
How is an embedded wallet different to existing web3 wallets?#
Unlike browser extension wallets like MetaMask, which can be challenging for users to set up, or "embedded signers" that are limited to a single application, Openfort Identity offers a balance of user-friendliness and versatility. Openfort Identity allows users to use the same wallet across all their games and marketplaces, rather than having one wallet per game.
How does an embedded wallet's key management work?#
Openfort uses a smart contract wallet system on EVM chains. Transactions are processed only if they're signed by either the player (embedded signer) or the game (session key).
- Private key: Using an SSS approach to split the key in three shards only to be reconstructed on the player's client side.
- Session key: Temporary key used created by the player authorizing a third party to make transactions under a scooped permission set.
What platforms does embedded wallet support?#
Functionality | Web | Unity | Unreal | PlayStation | Xbox |
---|---|---|---|---|---|
Authentication | Yes | Yes | Yes | No | No |
Transactions | Yes | Yes | Yes | No | No |
What types of providers does authentication support?#
Openfort supports familiar social logins and passwordless email sign-in. You can also import a custom auth token or a OIDC compatible token.
Can users export their wallet private keys?#
Yes, you can use the endpoints provide to export the private key.
How does wallet recovery work with Openfort?#
With Openfort you can recover the account if you forget your email/social login as long as you have a majority of 2/3 key shards.
In the event of not having the majority of shards, we've implemented a social recovery where the private key can be reconstructed.
Can a user change their associated email address for a pre-generated wallet?#
No, a user cannot change their email address once they have created a pre-generated wallet. If they need to change their email address, they will need to create a new wallet.
How will embedded wallets integrate with existing authentication or account systems?#
Option 1: Full Authentication & Signer. If you're starting from scratch, a very common way to use Nexus is as your game's primary identity and wallet (as games like Rogue Nation do).
Option 2: Existing Authentication & Signer. However, many games will already have an account system that they will be reluctant to migrate away from. Easy solution, integrate your authentication with Nexus while using the signer solution.
Option 3: Existing Authentication & Existing Signer. You might be already using a wallet provider and want to upgrade to smart accounts.
What level of support and Service Level Agreements (SLAs) are provided?#
At Openfort, we understand the significance of maintaining a high standard of service. Our Service Level Agreements (SLAs) reflect our commitment to providing a reliable, efficient, and safe environment for your operations.
Security and Contingency Planning#
If Openfort were to shut down with a one-month notice, would there be scope to change the signer on the Smart Contract Wallet and use it in connection with a different provider that manages the private keys differently?#
TLDR: With enough time, transitioning is fairly simple. You’d need to invoke the transferOwnership
function for users to accept the new signer.
Detailed Answer: Yes, if Openfort shuts down with a one-month notice, it's possible to change the signer. Since Openfort wallets are non-custodial, users have control over their private keys. The key migration process would involve using the "recovery share" and "device share" from Shamir's Secret Sharing (SSS) to reconstruct the private key, allowing users to accept a new signer through the transferOwnership
function. The new provider would need to support compatible key management systems.
If Openfort were shut down with zero notice, would there be any scope to do a migration? Would that rely on a self-hosted Shield for the recovery share and the device share being intact?#
TLDR: If there is no self-hosted option, users should rely on on-chain social recovery.
Detailed Answer: Migration is still possible, but it depends on the self-hosted Shield for the recovery share and the availability of the device share. If a self-hosted Shield is not in place, users can utilize on-chain social recovery. As long as the device share and recovery share are intact, users can reconstruct their private key and migrate to a new provider. On-chain social recovery can also help recover the wallet if the device share is lost.
If Openfort's API were compromised, what is the risk there? Can that risk be mitigated? What’s the risk of the auth share on the private key being exposed?#
TLDR: Both Openfort's server and Shield are encrypted. Even if an attacker obtains the auth share, they would need a secret to decrypt it.
Detailed Answer: If Openfort's API were compromised, the risk is limited because both the auth share and Shield service are encrypted. Even if an attacker gains access to the auth share, they would still need to decrypt it using a secret. Furthermore, since the private key is split using Shamir's Secret Sharing, the auth share alone is insufficient to reconstruct the full key without the device or recovery share.