Over the past few months, the Auth0 Lab team has researched the Web3 space and its relation to identity, with a main focus on developer building blocks. From that research, we realized we could play a role in bridging the Web2 and Web3 worlds.
What do we mean by bridging? In short, making it easy for developers to create applications that take advantage of constructs from each world as necessary through the help of Web3 partners and their integrations. We think we are well positioned to do this, as "software identity" can serve as that bridge.
We took a step toward that goal with the introduction of the Web3 category in the Marketplace. This new category will help you seamlessly leverage Web3 constructs when building your applications. In this post, we’ll explore the tools we’ve made available and give you a brief overview of our analysis of Web3 and decentralized technologies at large.
Let’s start by defining what we mean by Web3. We don't mean cryptocurrencies and decentralized finance. Those are specific applications of Web3.
To us, Web3 includes the philosophies, concepts, and technologies that prioritize user choice and ownership and that one can use to build decentralized services. Blockchains, tokens (fungible or non-fungible), protocols, services, dApps, and users' keys are some (but not all) of the elements that make up Web3.
At its core, Web3 is about user choice. As Packy McCormick, founder of NotBoring, put it:
“Some people will want centralized services, some will want fully decentralized ones, and many will choose points on the spectrum in between that work for them at different times and for different things. And we're arguing that Web3 gives them that choice.”
From our research, we believe Web3 can help application builders provide personalized user experiences and satisfy privacy and compliance use cases. But for the space to really take off, it needs to deliver a strong user experience and protect customer data and assets.
Countless companies rely on the Okta Customer Identity Cloud to help them meet their UX and security goals. We are excited to bring our capabilities to developers and companies looking to leverage Web3 constructs in the identity space, and the Web3 Marketplace category is our first step toward that goal.
A New Set of Building Blocks for Identity
Web3 constructs introduce a set of new "decentralized identity" building blocks. With them, users can own their credentials and choose what data they share and what remains private.
Let's go over those building blocks in detail.
Private keys as credentials. Users’ private keys can act as credentials to authenticate with services, providing passwordless login user experiences.
For example, Sign-in with Ethereum (SIWE) provides sign-in functionality for Ethereum accounts. More generally, Decentralized Identifiers (DIDs), a recently approved w3c (World Wide Web Consortium) open web standard, propose identifiers based on asymmetric cryptography and owned by users. Methods like did:pkh or did:ethr implement DIDs using addresses/keys from decentralized networks like Bitcoin, Ethereum, Solana, etc. You can watch this video on how we used SIWE in a sample app.
Public, human-friendly usernames. These can be implemented by associating friendly names, like jane.eth or gary.wallet, to blockchain addresses via smart contracts. These usernames would act both as a user-friendly way to refer to blockchain addresses and as a single username across all applications that rely on the account's private key for authentication.
Public User Profiles. These can be implemented using the aforementioned smart contracts to map attributes (besides usernames) to a blockchain address. Some users might publicly share an avatar/profile picture, email address, or other personal details.
Applications can then use these profiles to provide personalized experiences to users without requiring the creation of application-specific profiles. Watch this video on how we used public user profiles and usernames in a sample app.
Public Attestations. These can be implemented using either non-fungible tokens (NFTs) for "ownership attestations" or "soulbound tokens" (SBTs) for non-transferable attestations.
Token gating, where access to specific features is allowed only if a user owns a token on a blockchain, is an example of how these could be used. Shopify is working on tokengated commerce. You can watch this video on how we used NFTs for token gating in a sample app.
Private User Data. This data is associated with a user's identifier (this works with and without DIDs), and Privacy-Preserving Attestations can be implemented using Verifiable Credentials (VCs) and Zero-Knowledge Proofs (ZKPs).
Verifiable Credentials, cryptographically verifiable digital credentials, can be obtained and stored on a user's phone app (called "wallet", adding to the confusion around the term).
Later, users can present them (the entire credential or some of its attributes) wherever they want. A benefit of these Verifiable Credentials is that issuers don't need to know where credentials are presented. You can watch this video on how we used Verifiable Credentials to help prove a user's age in a sample app.
Introducing the Web3 Category in Our Marketplace
The Marketplace allows developers to explore and install integrations for various use cases into their identity infrastructure. With a single click, you can add support for Identity Proofing, implement risk-based MFA, or send application activity to your logging infrastructure, among other things.
Web3 is built on open standards and composable building blocks, giving developers flexibility in how they design and architect their applications. We want to provide that same composability and extensibility. That's why we’ve partnered with leading Web3 organizations that are building developer tooling to launch the Web3 category on the Marketplace.
As we started working with Web3 organizations to build integrations for Okta, we discovered integrations typically fit into one of three use cases:
- Logging in with a Web3 account/private key: Authenticating to an application as the owner of a particular blockchain address or private key. This provides a passwordless login experience to users that allows them to own their identity without involving third parties like social login providers.
- Creating a Web3 wallet for a user: Allows creating and associating a wallet (custodial or non-custodial) to an Okta user that logged in with any Okta connection (social, enterprise, database, etc.). This is a model similar to that of centralized exchanges and some gaming platforms. They use it because it does not require users to have a wallet before signing up, so users don't drop out because of that requirement during the signup process.
- Use Web3 public constructs for app logic: Once a user's blockchain accounts are identified, developers can use it within their applications. Potential scenarios include: displaying profile information, listing a user's NFTs, and gating access to content based on NFT ownership.
We expect that as we learn more and Web3 constructs evolve, the previous three categories/use cases might change. For example, a new use case for reading and writing private data might be available in the future once we have integrations supporting those features in our Marketplace.
Use case: Logging in with a Web3 account/private key
Sign-in with Ethereum (by Spruce): Sign-in with Ethereum enables users to log in with their Ethereum account instead of relying on a traditional intermediary (e.g., social login).
Spruce builds decentralized identity developer tooling. They are also developing a self-sovereign user data storage solution for Web3 users and organizations. Self-sovereign user data storage means that it relies on open standards and the user’s keys for security, allowing users to control where they store their personal data and who they share it with.
Sign-in with Unstoppable Domains (by Unstoppable Domains): Unstoppable Domains allows Web3 users to access apps using their portable digital identity. This integration will allow your users to sign in by proving they own a specific domain from Unstoppable Domains.
That proof is performed by having the user sign a message with the private key that is associated with the address on which the domain is registered and verifying the message's signature. Your app will be able to access profile information associated with the user's domain, such as wallet address, email, profile picture, social profile, and more.
Dock Web3 ID (by Dock): Decentralized Identifiers are identifiers defined in a w3c recommendation. They allow a party (for example, a user) to prove control over them without requiring permission from any other party (for example, a company). For example, to authenticate using a specific DID, a user can sign a payload with a private key that the DID expresses should be used for authentication.
Then, another party can verify that the signature corresponds to the specific DID. This integration allows your users to sign in by proving ownership of the authentication key of a Decentralized Identifier (DIDs).
Use case: Creating a Web3 wallet for a user
Non-custodial Web3 Wallets (by Web3Auth): The Web3Auth integration allows you to create and associate a non-custodial wallet to any Okta user, regardless of how they logged in.
Use case: Use Web3 public constructs for app logic
ENS Profile (by Auth0 Lab): The Ethereum Name Service (ENS) integration lets you integrate ENS profile data into your application. You can leverage and display user-picked usernames, avatars, and other pieces of their public profile without requiring users to create them for your specific application.
NFT Retrieval (by Auth0 Lab): The NFT Retrieval integration allows you to retrieve NFTs from a set of contract addresses and add them to ID Tokens as claims. With this, you can use the user's NFTs in your application's logic.
Today, the NFT extensions assume you also use the Sign-in with Ethereum integration to get the user's Ethereum address. In the future, we hope to work with partners to standardize claim names. Standardization should allow integrations to read/write users' blockchain accounts from/to a single claim, improving interoperability between integrations.
Launching the Web3 category is our first step to making it easy for developers to build applications using constructs from the Web3 world.
If you are a developer or company exploring integrations with Web3 technologies, we encourage you to explore these integrations and take them for a spin. It should take minutes to enable Web3 capabilities for new or existing Web2 apps.
If you are a Web3 organization creating products for other developers, consider building an Okta Customer Identity Cloud integration. Countless developers and businesses use Okta Customer Identity Cloud to manage identity at scale. By building an integration, you can reach hundreds of potential new customers and users. We explain how the integration development process works at https://auth0.com/integrate.
Okta is excited about the prospect of a decentralized future and looks forward to working closely with the Web3 community. Join our Discord to share your thoughts and tell us about the integrations you want to see in the future. We look forward to working with you.
Let’s keep building!