Management API Reference

Smart wallets

Use Social Recovery

Learn how to set up social recovery in your game.

One of the main hurdles in enhancing gaming experiences within Web3 environments is ensuring player account security. Unlike traditional gaming accounts, where password recovery is straightforward, Web3 accounts often require meticulous management of a seed phrase to prevent loss of access. This can be a daunting task for players, necessitating either a fail-safe method to secure the seed phrase or reliance on a centralized system to handle key management.

By default, Openfort is not a guardian. You need to pass the defaultGuardian as true parameter to register Openfort as a guardian when creating a new smart account when using create account.

To address this, gaming platforms can implement a "guardian" system. Guardians are trusted entities or mechanisms designated to facilitate the recovery of a player's account. If a player misplaces their access key, they can create a new one and request their guardians to authorize this new key as the account's official access method, effectively regaining control over their account.

This guardian system can be applied in two primary recovery scenarios:

  1. Self-Recovery: Players have the option to configure their account recovery using another authentication factor they control, such as a hardware passkey or an alternative Web3 wallet. This method empowers players with direct control over their account recovery process, enhancing security and convenience.
  2. Game-Assisted Recovery: a player might designate the game developer or platform as their guardian. In the event of losing access to their account, the player would reach out to the game's support team, who would then facilitate the account recovery on their behalf.

For a general overview of social recovery, see the Recoverable Accounts post.

Configure assisted recovery#

This guide will go through all the necessary steps to complete a recovery with Openfort as a guardian. The default implementation of the endpoint includes:

  • Threshold: 1:1
  • Guardian: Openfort
  • Time lock: 2 days

1. Set up Openfort - Server side#

Use our official libraries to access the Openfort API from your application:

Install Openfort:

command-line

_10
npm install @openfort/openfort-node --save

Initialize @openfort/openfort-node:

server.ts

_10
const Openfort = require('@openfort/openfort-node').default
_10
const openfort = new Openfort(YOUR_SECRET_KEY)

2. Start recovery process#

Openfort will perform a Start Recovery operation to recover the account from the current owner to the new owner.

The policy parameter is a policy that will be used to sponsor the transaction. You can find more information about policies in our documentation. Bear in mind that this policy needs to have a account_functions policy rule to allow the sponsorship of this operation.

server.ts

_10
const accountId = 'acc_...';
_10
const policy = 'pol_...';
_10
const newOwnerAddress = '0x416c...354D';
_10
const playerTransferOwnership = await openfort.accounts.startRecovery(
_10
{
_10
id: accountId,
_10
policy: policy,
_10
newOwnerAddress: newOwnerAddress,
_10
}
_10
)

3. Complete recovery#

After complying with the period of time lockPeriod, the guardian has a securityPeriod to confirm the proposal. In this case, Openfort will submit the needed signature to complete the recovery of the account.

server.ts

_10
const accountId = 'acc_...';
_10
const policy = 'pol_...';
_10
const newOwnerAddress = '0x416c...354D';
_10
const playerTransferOwnership = await openfort.accounts.completeRecovery(
_10
{
_10
id: accountId,
_10
policy: policy,
_10
newOwnerAddress: newOwnerAddress,
_10
}
_10
);