The landscape of Web3 technology is witnessing a significant transformation with the advent of account abstraction. This concept is reshaping how we interact with the blockchain, by providing more control, security, and ease of use. In this post, we’ll explore this concept and we will show how easy it is to get started.
Understanding Account Abstraction and Its Key Aspects
Account abstraction, a blockchain technology that allows users to use smart contracts as their accounts, brings a huge paradigm shift relative to traditional blockchain interactions. This transition enhances flexibility, security, and accessibility, offering a more intuitive experience for users. Here are some of the key aspects of account abstraction that contribute to this transformative approach:
- Enhanced Flexibility: Account abstraction eases the creation of smart contract wallets. These wallets provide users with flexible security rules, the ability to perform batch transactions, and the option to recover accounts without a seed phrase.
- Advanced Security Features: Through account abstraction, several security improvements are introduced. These include multi-signature transactions, the ability to freeze and recover accounts, setting spending limits, and creating whitelists for safe interactions with smart contracts. These features collectively enhance the overall security of blockchain interactions.
- Automated Transactions and Shared Accounts: Account abstraction also enables automated transactions and the possibility of shared account access. This not only offers greater convenience to users but also opens up collaborative opportunities, making blockchain technology more versatile and practical for various applications.
Seedless Login: A Highlight of Account Abstraction
Seedless login, being a way to access decentralized applications without managing cryptographic seeds or private keys, emerges as an important feature within the broader scope of account abstraction.Seedless login brings with it a lot of advantages, including the following:
- Security: One of the primary advantages of seedless login is its security. Removing the need for private keys or seed phrases significantly reduces key loss or theft risks. This shift ensures that users’ accounts and assets are more secure, providing peace of mind in their blockchain interactions.
- Accessibility: Simplifying the login process lowers the entry barrier to blockchain technology, inviting a broader audience to participate in the blockchain ecosystem.
- User Experience: A more intuitive and user-friendly approach. This allows to more easily increase adoption and user satisfaction, making blockchain services more appealing and easy for a wide range of users.
Implementing a Seedless Login in a React Native Application
In order to demonstrate how easy it is to get started with this technology we aim to implement a seedless login in a React Native app. This approach will use a backend built with Ruby on Rails that handles user profile management, allowing for a smooth and secure user experience. We will also leverage Magic Link to more quickly create our web3 onboarding experience.
Here’s what we’re planning:
- The React Native framework will provide the scaffolding for our application, enabling cross-platform functionality and a high-quality user experience.
- For authentication, we will use Magic Link, a SDK that integrates with our applications to enable passwordless Web3 onboarding
- Our Rails backend will manage the user’s profiles also leveraging Magic Link
To start the seedless login flows on the React native app we have to use Magical SDK’s. It is as simple as using the following code:
import { magic } from '@/lib/magic';
import { magicToken } from '@/lib/magic-token';
// starts the flow for seedless login with just an email
let loginResult = await magic.auth.loginWithEmailOTP({ email });
// starts the flow for seedless login with an OAuth provider like google
let loginResult = await magic.oauth.loginWithPopup({ provider, redirectURI, scope });
//verifies if the use is authenticated or not
let isAuthenticated = await magic.user.isLoggedIn()
//gets the DID token
let didToken = loginResult?.magic?.idToken
With this, we can very easily authenticate using the flow we want ( email/OAuth) without the need to manage seed phrases.
Now, for the backend, that will allow us to manage the user profiles, we just need to add a layer that manages the authentication and can authorize the requests sent to the backend by the React Native App.It is as simple as modifying the ApplicationController with the following code:
class ApplicationController < ActionController::API
before_action :set_magic_client, :validate_did_token, :set_did_metadata
attr_accessor :magic_client
private
def set_magic_client
@magic_client = Magic.new(api_secret_key: ENV['MAGIC_API_SECRET_KEY'])
end
# extracts metadata associated with the user
def set_did_metadata
@user_issuer_id = @magic_client.token.get_issuer(did_token)
@magic_metadata = @magic_client.user.get_metadata_by_issuer(@user_issuer_id).data
end
# validates that the DID token is valid and the request can proceed
def validate_did_token
magic_client.token.validate(did_token)
rescue MagicAdmin::DIDTokenError
render json: { error: 'Invalid DID token' }, status: :unauthorized
end
def did_token
return if request.headers['Authorization'].nil?
request.headers['Authorization'].split(' ').last
end
end
Conclusion
Account abstraction, especially with features like seedless login, introduces a significant advancement in blockchain technology, improving accessibility, security, and user experience. This innovation is crucial in bridging the gap between complex blockchain functionalities and everyday users, enabling a broader adoption of blockchain technology.
The Non-Technical Founders survival guide
How to spot, avoid & recover from 7 start-up scuppering traps.
The Non-Technical Founders survival guide: How to spot, avoid & recover from 7 start-up scuppering traps.
