When a user signs up on Authereum, a new contract-based account is deployed. Each account contract requires keys to manage it, so when you signed up a new key pair was also generated on your browser client-side. This key is encrypted with a password derived key (PBKDF2). Keys are stored in browser local storage and the encrypted keystore is stored on Authereum so that you can login in different devices.
Yes! Authereum is offered as a web3 provider so the user on the dapp can generate a signature given a challenge string provided by the dapp and then verify the signatures on the backend using EIP1271. A number of dapps that have integrated Authereum are doing signature based authentication. Read the Verifying Signatures section for examples on using EIP1271 for verifying contract-based account signatures and check out the section on signing message using the web3 provider.
The Authereum provider is meant to be used on the browser because it relies on iframe communication to access sandboxed local storage. If running with node directly then it won't work but we are working on a provider that would work with node for backends.
Only you, the owner of the account, has access to the contract-based account (CBA). The relayer, or anyone else for that matter, does not have access to your CBA. The relayer takes your signed transaction and attaches the gas fee. The CBA meta-transaction method is responsible for refunding the relayer after the user's transaction has been processed.
We recommend using the Authereum web3 provider whereever possible. The Authereum web3 provider is essentially a wrapper aound the Authereum SDK. Most dapps are built using a web3 provider so using the Authereum web3 provider should work as a drop-in replacment for MetaMask.
Not yet, but we are working on adding support for this.
Yes! Reach out to us on Telegram or email.
No, this doesn't happen because each testnet is a separate chain and account creating involves deployment a smart contract to that testnet.
It's not possible at the moment but we are currently working on ways to use local RPCs. It's more challenging than anticipated because of different moving parts so we can't give a definite time when we'll have something ready but it's in the works.
A white-label solution is something we're discussing about offering in the long-term. No short-term plans on a white-label solution. We'd love to hear what features you're looking for; message us on telegram.
In order to be non-custodial, your wallet keys are decrypted and loaded into your browsers local storage under a sandboxed domain. When using a dapp, the Authereum SDK must communicate to the sandboxed domain to send requests for the private key to sign. This communication between domains is called 3rd-party communication and access to the local storage is called 3rd-party storage access, although different browsers might use different terminology such as 3rd-party cookies or 3rd-party session data. When using a browser in private mode or with shields enabled, the browser blocks 3rd-party access to the local storage which means the Authereum SDK can no longer store the private key under the sandboxed domain so in order for it to work 3rd-party access to storage must be enabled. To learn how to enable these settings, please visit the browser compatibilty page.
Not yet but we'll be working on one soon.
Not yet but it will be open source once it's more stable since we're tightening things down.
Not yet but we are working on one.
Due to the high gas market it became uneconomical to sponsor new account deployments. As of August 2020, new accounts will require users to pay the on-chain transaction fee for the contract-based account deployment.
- Safari only. Other browsers require image upload.
- All browsers.
- All browsers, as long the computer has a webcam.
There's an open source simple react app (https://github.com/authereum/direct) that anyone can download and run to interact directly with their contract-based account. This doesn't require any Authereum services and communicates directly with the chain. Please make sure to export your admin key first from the settings page or add an additional admin key such as your MetaMask address since transactions made to your contract-based account need to come from an admin key account.