Authentication

When writing to the DB, Ethereum-based addresses are authenticated with EIP-712 (opens in a new tab) signatures. However, this requires dapp users to sign with Metamask for every action, and it's a very poor UX. To solve this, WeaveDB allows internal address linking, so dapp users can use disposal addresses for auto-signing.

There are 5 wallet integrations at the moment, which includes:

Metamask (opens in a new tab) (EVM (opens in a new tab)) - secp256k1
Internet Identity (opens in a new tab) (Dfinity (opens in a new tab)) - ed25519
ArConnect (opens in a new tab) (Arweave (opens in a new tab)) - rsa256
IntmaxWallet (opens in a new tab) (Intmax zkRollup (opens in a new tab)) - secp256k1-2 | poseidon
Lens Profile (opens in a new tab) (Lens Protocol (opens in a new tab)) - secp256k1-2

Auth Flow for Dapps

Users will generate a disposal address by signing with Metamask when logging in to the dapp.

The disposal address will be verified and linked to the original metamask address within the WeaveDB contract.

The private key of the disposal address can be stored in a secure space on the client side such as IndexedDB (opens in a new tab).

The dapp can auto-sign write transactions with the disposal private key instead of asking users to sign with Metamask for every action.

The transactions signed by the disposal private key will act as the original metamask address within the WeaveDB.

You can revoke the address link anytime and forget about the disposal address.

This will create a great UX for dapps where users only sign once for address linking (this is also instant) and dapp transactions are free, instant and automatic all thanks to Bundlr (opens in a new tab) used underneath.

Temporary Address for Auto-signing

By generating a disposal address, dapp users won't be asked for a signature with a wallet popup every time they are to send a transaction. The disposal key stored in browser storage will auto-sign transactions.

MetaMask (EVM)

Create a temporary address. Dapps would do this only once when users sign in.

const expiry = 60 * 60 * 24 * 7 // set expiry to a week
 
// the first argument is to manually set a wallet.
// null will automatically use the browser-connected Metamask
const { identity } = await db.createTempAddress(null, expiry)
 
// or set no expiry
const { identity } = await db.createTempAddress()

Dapps can store the identity in the IndexedDB and auto-sign when the user creates transactions.

Query DB with the temporary address

await db.add({ name: "Bob", age: 20 }, "people", identity)

Internet Identity (DFINITY)

Internet Identity (opens in a new tab) enables biometric authentication on any device.

import { AuthClient } from "@dfinity/auth-client"
 
const iiUrl = `https://identity.ic0.app`
const authClient = await AuthClient.create()
  await new Promise((resolve, reject) => {
  authClient.login({
    identityProvider: iiUrl,
	onSuccess: resolve,
	onError: reject
  })
})
 
const ii = authClient.getIdentity()
if (isNil(ii._inner)) return
const addr = ii._inner.toJSON()[0]
const expiry = 60 * 60 * 24 * 7 // set expiry to a week
 
const { identity } = await db.createTempAddressWithII(ii, expiry)
 
// or set no expiry
const { identity } = await db.createTempAddressWithII(ii)

ArConnect (Arweave)

ArConnect (opens in a new tab) is a simple browser wallet for Arweave.

const expiry = 60 * 60 * 24 * 7 // set expiry to a week
 
const { identity } = await db.createTempAddressWithAR(null, expiry)
 
// or set no expiry
const { identity } = await db.createTempAddressWithAR()

IntmaxWallet (Intmax)

Intmax (opens in a new tab) is the most scalable Ethereum L2 zkRollup with privacy for the web.

import { IntmaxWalletSigner } from "webmax"
 
const signer = new IntmaxWalletSigner()
let addr = null
try {
  await signer.connectToAccount()
  addr.signer._account
} catch (e) {
  console.log(e)
}
const expiry = 60 * 60 * 24 * 7 // set expiry to a week
 
const { identity } = db.createTempAddressWithIntmax(signer, expiry)
 
// or set no expiry
const { identity } = db.createTempAddressWithIntmax(signer)

Lens Profile (Lens Protocol)

Lens Protocol (opens in a new tab) is a Polygon-based NFT social protocol. WeaveDB utilizes Lit Protocol (opens in a new tab) to securely authenticate Lens Profile NFT.

const expiry = 60 * 60 * 24 * 7 // set expiry to a week
 
const { identity } = db.createTempAddressWithLens(expiry)
 
// or set no expiry
const { identity } = db.createTempAddressWithLens()

PolygonID (DID/VC/ZKP)

ℹ️

Feature added in contract version 0.39.0

PolygonID (opens in a new tab) is a SSI (Self Soverign Identity) management tool, which creates DIDs, issues VCs (Verifiable Credential), and generates ZK Proof. WeaveDB can authenticate DID using Zero Knowledge Proof, and also verify VCs with zkp associated with DIDs. Users are able to verify their offchain information without revealing the actual values.

const identity = EthCrypto.createIdentity()
await db.createTempAddressWithPolygonID(identity, {
  proof,
  pub_signals,
  did,
})

Get Address Link

Get a linked address

await db.getAddressLink(address)

Remove Address Link

Remove an address link

await db.removeAddressLink({ address: identity.address })

Without Temporary Address

You can also write to the DB without a temporary address, which requires a manual signature every time you write.

MetaMask (EVM)

await db.add({ name: "Bob", age: 20 }, "ppl")

Internet Identity (DFINITY)

await db.add({ name: "Bob", age: 20 }, "ppl", { ii: ii })

ArConnect (Arweave)

await db.add({ name: "Bob", age: 20 }, "ppl", { ar: wallet })

IntmaxWallet (Intmax)

await db.add({ name: "Bob", age: 20 }, "ppl", { intmax: signer })

Setting Authentication Algorithms

WeaveDB defaults to use all algorithms, but you can specify authentication algorithms to enable for your instance.

Algorithms

secp256k1 : for EVM-based accounts ( Metamask )
ed25519 : for DFINITY ( Internet Identity )
rsa256 : for Arweave ( ArConnect )
poseidon : for IntmaxWallet with Zero Knowledge Proof ( temporaliry disabled )
secp256k1-2 : for Lens Profile, and IntmaxWallet with EVM-based accounts

You can enable/disable authentication by setting required algorithms listed above.

secp256k1 is for EIP712 (opens in a new tab) typed structured data signatures and secp256k1-2 is for regular EIP191 (opens in a new tab) signatures used in Lit Action.

Set Algorithms

For example, to enable Arweave, and disable the others.

await db.setAlgorithms([ "rsa256" ])

For example, to enable only EVM, Arweave and Lens.

await db.setAlgorithms(["secp256k1","rsa256","secp256k1-2"])

setDefaultWallet

You can set a default wallet and it will be used if no wallet is specified with queries.

MetaMask (EVM)

db.setDefaultWallet(wallet, "evm")

Internet Identity (DFINITY)

db.setDefaultWallet(wallet, "ii")

ArConnect (Arweave)

db.setDefaultWallet(wallet, "ar")

IntmaxWallet (Intmax)

db.setDefaultWallet(wallet, "intmax")

Set up SDK Ownership