TL;DR
Web3 authentication (web3 auth) lets users sign in with a wallet—no passwords.
Use Openfort to add embedded, non-custodial wallets with recovery, right inside your app (no pop-ups, no seed phrases).
Keep Supabase/Firebase/Better Auth; just add wallets. Other paths exist (Supabase Web3, Firebase+Moralis, Magic.link, Web3Auth), but Openfort ties the flow together.
Why web3 authentication
- Passwordless: users sign a nonce; you verify the signature.
- Portable identity: any EIP-1193 wallet works, including embedded wallets.
- Less PII: wallet address can be the primary identifier.
Goal for 2025: conversion. Fewer pop-ups, fewer seed phrases, faster first tx.
The pragmatic pick: Openfort
Adds embedded, non-custodial wallets directly inside your UI. It works with your current auth and supports recovery (automatic, passkey, password). It also exposes a standard EIP-1193 provider so wagmi/viem “just works.”
Minimal demo (React) TSX
// Providers.tsx
import { OpenfortProvider } from "@openfort/react";
import { WagmiProvider, createConfig } from "wagmi";
import { getDefaultConfig } from "@openfort/react"; // or from your setup
import { polygonAmoy } from "viem/chains";
import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
const config = createConfig(getDefaultConfig({
appName: "openfort-demo",
chains: [polygonAmoy],
ssr: true,
}));
const qc = new QueryClient();
export default function Providers({ children }: { children: React.ReactNode }) {
return (
<WagmiProvider config={config}>
<QueryClientProvider client={qc}>
<OpenfortProvider
publishableKey={process.env.NEXT_PUBLIC_OPENFORT_PUBLISHABLE_KEY!}
walletConfig={{
shieldPublishableKey: process.env.NEXT_PUBLIC_OPENFORT_SHIELD_PUBLISHABLE_KEY!,
createEncryptedSessionEndpoint: "/api/shield-session",
}}
>
{children}
</OpenfortProvider>
</QueryClientProvider>
</WagmiProvider>
);
}
TS
// /api/shield-session (server)
import Openfort from "@openfort/openfort-node";
const openfort = new Openfort(process.env.OPENFORT_SECRET_KEY!);
export default async function handler(_req, res) {
try {
const session = await openfort.registerRecoverySession(
process.env.OPENFORT_SHIELD_PUBLISHABLE_KEY!,
process.env.OPENFORT_SHIELD_SECRET_KEY!,
process.env.OPENFORT_SHIELD_ENCRYPTION_SHARE!
);
res.status(200).json({ session });
} catch (e) {
res.status(500).json({ error: "internal_error" });
}
}
Check docs for exact imports, key names, and one-click deploy options.
Web3 auth options (quick comparison)
| Option | What it is | Wallet UX | Recovery | Works with | Best for |
|---|---|---|---|---|---|
| Openfort | Embedded, non-custodial wallets | In-app, no pop-ups (EIP-1193) | Auto / Passkey / Password (no seed phrase) | Supabase, Firebase, Better Auth (recipes) | Keep your auth; add wallets + tx UX fast |
| Supabase Web3 Auth | Off-chain wallet sign-in (SIWE / Solana) | You build the wallet UX | N/A (auth only) | Supabase stack | Already on Supabase; need wallet login |
| Firebase + Moralis | Wallet sign-in for Firebase apps | You build the wallet UX | N/A (auth only) | Firebase stack | Already on Firebase; need wallet login |
| Magic.link | Passwordless + embedded wallets | Embedded via vendor | Vendor recovery | Their auth or yours | One vendor for auth + wallet |
| Web3Auth | Social logins + MPC/AA wallets | Embedded/MPC via vendor | MPC recovery | Many auth providers | Social/MPC wallet infra |
Implementation patterns
If you use Supabase Auth now
- Enable Sign in with Web3 (EIP-4361).
- Add Openfort for embedded wallets + recovery and keep wagmi/viem via EIP-1193.
If you use Firebase Auth now
- Add wallet sign-in with Moralis.
- Add Openfort to embed non-custodial wallets and remove seed-phrase UX.
Greenfield
- Start with Openfort React → pick recovery → drop .
-
Plug in Supabase/Firebase/Better Auth later via the Openfort recipes.
Security checklist (short)
Use SIWE / EIP-4361 with unique nonces + domain binding.
Keep secret and Shield keys server-side only.
Interact via EIP-1193 provider for broad wallet compatibility.
Links you’ll need
- Openfort Recipes (Supabase / Firebase / Better Auth)
- Openfort Overview & Quickstarts
- EIP-4361 (SIWE) and EIP-1193 (provider) — include in your README for teammates.
What's blocking your project then?
What’s blocking your web3 authentication rollout today—seed phrases, pop-ups, or team bandwidth?
Top comments (0)