From f723aeddc5d0adddc4c47dd8e0acec24bc820b07 Mon Sep 17 00:00:00 2001 From: Mohammad Shahbaz Alam Date: Mon, 9 Dec 2024 14:31:31 +0530 Subject: [PATCH 1/2] Updated privacy policy --- docs/legal/privacy-policy.mdx | 355 ++++++++++++++++++++++------------ 1 file changed, 226 insertions(+), 129 deletions(-) diff --git a/docs/legal/privacy-policy.mdx b/docs/legal/privacy-policy.mdx index 578c0a4ad..885d77f74 100644 --- a/docs/legal/privacy-policy.mdx +++ b/docs/legal/privacy-policy.mdx @@ -3,86 +3,133 @@ title: Privacy Policy description: "Privacy Policy | Documentation - Web3Auth" --- -Latest update: 2 June 2023 +Latest update: **9 December 2024** -This privacy policy is applicable to Web3Auth's Products (https://auth.web3auth.io), Torus wallet (https://app.tor.us). This privacy policy explicitly -excludes business and developer interactions including the website (https://dashboard.web3auth.io). The policy does extend to Web3Auth/Torus's -interactions with clients that integrate its SDK, but does not include what data our clients manage and collect themselves. +This privacy policy is applicable to Web3Auth's Products +([https://auth.web3auth.io](https://auth.web3auth.io/), +[https://wallet.web3auth.io](https://wallet.web3auth.io)), Torus wallet +([https://app.tor.us](https://app.tor.us/)). This privacy policy explicitly excludes business and +developer interactions including the website +([https://dashboard.web3auth.io](https://dashboard.web3auth.io/)). The policy does extend to +Web3Auth/Torus's interactions with clients that integrate its SDK, but does not include what data +our clients manage and collect themselves. ## Owner and Data Controller -Torus Labs Private Limited, 38 Lor Stangee, Singapore 425021 +Torus Labs Private Limited, 60 Paya Lebar Road, \#04-23, Paya Lebar Square, Singapore 409051 -**Contact email:** hello@tor.us +Contact email: hello@web3auth.io ## Types of Data Collected -Among the types of Data that Web3Auth collects, by itself or through third parties, there are: Anonymized Identifiers; Anonymized Usage Data. +We collect and process the following types of data: -The only data that Web3Auth requires is anonymised unique strings from third party authentication providers or clients, while user identifiable data -from third party sources may be used to personalise user accounts on the user's client side, no user personal data is collected or stored by Web3Auth. +**Account Identifying Information:** AccountIDs like FacebookID. -With regards to Anonymized Usage Data, details on each type of Anonymized Usage Data collected are provided in the dedicated sections of this privacy -policy or by specific explanation texts displayed prior to the Data collection. Anonymized Usage Data is collected automatically when using Web3Auth. +**Personal Identification Information:** Usernames, first names, last names, email addresses, and +phone numbers. + +**Anonymised Usage Data:** Session history + +With regards to Anonymized Usage Data, details on each type of Anonymized Usage Data collected are +provided in the dedicated sections of this privacy policy or by specific explanation texts displayed +prior to the Data collection. Anonymized Usage Data is collected automatically when using Web3Auth. Users who are uncertain about which Personal Data is mandatory are welcome to contact the Owner. -Web3Auth speficically does not use cookies to track users on its services. Cookies are explicitly used only on static sites defined in our Cookie -Policy. +Web3Auth specifically does not use cookies to track users on its services. Cookies are explicitly +used only on static sites defined in our Cookie Policy. ## Mode and Place of Processing the Data ### Methods of Processing -The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data whilst -on the users client-side. The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes -strictly related to the purposes indicated. In addition to the Owner, in some cases, the Data may be accessible to certain types of persons in charge, -involved with the operation of Owner's \(administration, sales, marketing, legal, system administration\) or external parties \(such as third-party -technical service providers, mail carriers, hosting providers, IT companies, communications agencies\) appointed, if necessary, as Data Processors by -the Owner. The updated list of these parties may be requested from the Owner at any time. +The Owner takes appropriate security measures to prevent unauthorized access, disclosure, +modification, or unauthorized destruction of the Data whilst on the users client-side. The Data +processing is carried out using computers and/or IT enabled tools, following organizational +procedures and modes strictly related to the purposes indicated. In addition to the Owner, in some +cases, the Data may be accessible to certain types of persons in charge, involved with the operation +of Owner's (administration, sales, marketing, legal, system administration) or external parties +(such as third-party technical service providers, mail carriers, hosting providers, IT companies, +communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list +of these parties may be requested from the Owner at any time. ### Legal Basis of Processing The Owner may process Personal Data relating to Users if one of the following applies: -- Users have given their consent for one or more specific purposes. Note: Under some legislations the Owner may be allowed to process Personal Data - until the User objects to such processing \(“opt-out”\), without having to rely on consent or any other of the following legal bases. This, however, - does not apply, whenever the processing of Personal Data is subject to European data protection law; -- provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof; +- Users have given their consent for one or more specific purposes. Note: Under some legislations + the Owner may be allowed to process Personal Data until the User objects to such processing + (“opt-out”), without having to rely on consent or any other of the following legal bases. This, + however, does not apply, whenever the processing of Personal Data is subject to European data + protection law; +- provision of Data is necessary for the performance of an agreement with the User and/or for any + pre-contractual obligations thereof; - processing is necessary for compliance with a legal obligation to which the Owner is subject; -- processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Owner; -- processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party. +- processing is related to a task that is carried out in the public interest or in the exercise of + official authority vested in the Owner; +- processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a + third party. -In any case, the Owner will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of -Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract. +In any case, the Owner will gladly help to clarify the specific legal basis that applies to the +processing, and in particular whether the provision of Personal Data is a statutory or contractual +requirement, or a requirement necessary to enter into a contract. ### Place -The Data is processed Owner's software on user devices. There is no user specific data that is processed on servers that can identify the user. +The Data is processed Owner's software on user devices. There is no user specific data that is +processed on servers that can identify the user. -The users' Anonymized Usage Data is processed on the Owner's offices and premises as well as cloud setups managed by the Owner. +The users' Anonymized Usage Data is processed on the Owner's offices and premises as well as cloud +setups managed by the Owner. -Users are also entitled to learn about the legal basis of Data transfers to a country outside the European Union or to any international organization -governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Owner to +Users are also entitled to learn about the legal basis of Data transfers to a country outside the +European Union or to any international organization governed by public international law or set up +by two or more countries, such as the UN, and about the security measures taken by the Owner to safeguard their Data. ### Retention Time -Anonymized Usage Data shall be processed and stored for as long as required by the purpose they have been collected for. +Anonymized Usage Data shall be processed and stored for as long as required by the purpose they have +been collected for. -Furthermore, the Owner may be obliged to retain Anonymized Usage Data for a longer period whenever required to do so for the performance of a legal -obligation or upon order of an authority. +Furthermore, the Owner may be obliged to retain Anonymized Usage Data for a longer period whenever +required to do so for the performance of a legal obligation or upon order of an authority. -Once the retention period expires, Anonymized Usage Data shall be deleted. Therefore, the right to access, the right to erasure, the right to -rectification and the right to data portability cannot be enforced after expiration of the retention period. +Once the retention period expires, Anonymized Usage Data shall be deleted. Therefore, the right to +access, the right to erasure, the right to rectification and the right to data portability cannot be +enforced after expiration of the retention period. ## The Purposes of Processing -The Data concerning the User is collected to allow the Owner to provide its Services, as well as for the following purposes: Analytics, Tag -Management, Registration and authentication, Displaying content from external platforms and Traffic optimization and distribution. +Your data is processed in the following ways: + +Collection + +Only Account Identifying Information is collected via account registrations with Web3Auth. + +Storage + +Account Identifying Information is then tokenised into anonymised strings and securely stored in +encrypted databases compliant with security standards. Personal Identification Information is only +used with the User’s session, and is not stored during the entire use of our service. + +Usage + +The Data concerning the User is collected to allow the Owner to provide its Services in Registration +and Authentication by associating Web3Auth wallets to User accounts, as well as for the following +purposes: Analytics, Tag Management, Displaying content from external platforms and Traffic +optimization and distribution. + +Personal Identification Information may be used to personalise and improve user experience. -Users can find further detailed information about such purposes of processing and about the specific Anonymized Usage Data used for each purpose in -the respective sections of this document. +Sharing + +Data may be shared with trusted service providers, affiliates, and legal authorities only as +necessary and in compliance with applicable laws. + +Users can find further detailed information about such purposes of processing and about the specific +Anonymized Usage Data used for each purpose in the respective sections of this document. ## Detailed Information on the Processing of Anonymized Usage Data @@ -90,54 +137,65 @@ Anonymized Usage Data is collected for the following purposes and using the foll ### Analytics -The services contained in this section enable the Owner to monitor and analyze web traffic and can be used to optimized Web3Auth software. +The services contained in this section enable the Owner to monitor and analyze web traffic and can +be used to optimized Web3Auth software. ### Displaying Content from External Platforms -This type of service allows you to view content hosted on external platforms directly from the pages of Web3Auth and interact with them. This type of -service might still collect web traffic data for the pages where the service is installed, even when Users do not use it. +This type of service allows you to view content hosted on external platforms directly from the pages +of Web3Auth and interact with them. This type of service might still collect web traffic data for +the pages where the service is installed, even when Users do not use it. ### Registration and Authentication -By registering or authenticating, Users allow Web3Auth to identify them and give them access to dedicated services. Depending on what is described -below, third parties may provide registration and authentication services. In this case, Web3Auth will be able to access some Data (that it will not +By registering or authenticating, Users allow Web3Auth to identify them and give them access to +dedicated services. Depending on what is described below, third parties may provide registration and +authentication services. In this case, Web3Auth will be able to access some Data (that it will not store), by these third-party services, for registration or identification purposes. -**Google OAuth \(Google LLC\)** +Google OAuth (Google LLC) -Google OAuth is a registration and authentication service provided by Google LLC and is connected to the Google network. +Google OAuth is a registration and authentication service provided by Google LLC and is connected to +the Google network. Personal Data collected: various types of Data as specified in the privacy policy of the service. -Place of processing: United States – [Privacy Policy](https://policies.google.com/privacy). Privacy Shield participant. +Place of processing: United States – [Privacy Policy](https://policies.google.com/privacy). Privacy +Shield participant. ### Tag Management -This type of service helps the Owner to manage the tags or scripts needed on Web3Auth in a centralized fashion. This results in the Users' Data -flowing through these services, potentially resulting in the retention of this Data. +This type of service helps the Owner to manage the tags or scripts needed on Web3Auth in a +centralized fashion. This results in the Users' Data flowing through these services, potentially +resulting in the retention of this Data. -**Google Tag Manager \(Google LLC\)** +Google Tag Manager (Google LLC) Google Tag Manager is a tag management service provided by Google LLC. Personal Data collected: Cookies; Anonymized Usage Data. -Place of processing: United States – [Privacy Policy](https://policies.google.com/privacy). Privacy Shield participant. +Place of processing: United States – [Privacy Policy](https://policies.google.com/privacy). Privacy +Shield participant. ### Traffic Optimization and Distribution -This type of service allows Web3Auth to distribute their content using servers located across different countries and to optimize their performance. -Which Personal Data are processed depends on the characteristics and the way these services are implemented. Their function is to filter -communications between Web3Auth and the User's browser. Considering the widespread distribution of this system, it is difficult to determine the -locations to which the contents that may contain Personal Information User are transferred. +This type of service allows Web3Auth to distribute their content using servers located across +different countries and to optimize their performance. Which Personal Data are processed depends on +the characteristics and the way these services are implemented. Their function is to filter +communications between Web3Auth and the User's browser. Considering the widespread distribution of +this system, it is difficult to determine the locations to which the contents that may contain +Personal Information User are transferred. -**Cloudflare \(Cloudflare Inc.\)** +Cloudflare (Cloudflare Inc.) -Cloudflare is a traffic optimization and distribution service provided by Cloudflare Inc. The way Cloudflare is integrated means that it filters all -the traffic through Web3Auth, i.e., communication between Web3Auth and the User's browser, while also allowing analytical data from Web3Auth to be +Cloudflare is a traffic optimization and distribution service provided by Cloudflare Inc. The way +Cloudflare is integrated means that it filters all the traffic through Web3Auth, i.e., communication +between Web3Auth and the User's browser, while also allowing analytical data from Web3Auth to be collected. -Personal Data collected: Cookies; various types of Data as specified in the privacy policy of the service. +Personal Data collected: Cookies; various types of Data as specified in the privacy policy of the +service. Place of processing: United States – [Privacy Policy](https://www.cloudflare.com/privacypolicy/). @@ -145,132 +203,171 @@ Place of processing: United States – [Privacy Policy](https://www.cloudflare.c Users may exercise certain rights regarding their Data processed by the Owner. -In particular, Users have the right to do the following, if they can identify their Anonymized Data. Much of this exists for the right of the user, -but may not be technically enforcable by Web3Auth as Personal Data is not stored: - -- **Withdraw their consent at any time.** Users have the right to withdraw consent where they have previously given their consent to the processing of - their Anonymized Data. -- **Object to processing of their Data.** Users have the right to object to the processing of their Personal Data if the processing is carried out on - a legal basis other than consent. Further details are provided in the dedicated section below. -- **Access their Data.** Users have the right to learn if any forms of Personal Data is being processed by the Owner, obtain disclosure regarding - certain aspects of the processing and obtain a copy of the Data undergoing processing. -- **Verify and seek rectification.** Users have the right to verify the accuracy of their Personal Data and ask for it to be updated or corrected. -- **Restrict the processing of their Data.** Users have the right, under certain circumstances, to restrict the processing of their Data. In this - case, the Owner will not process their Data for any purpose other than storing it. -- **Have their Personal Data deleted or otherwise removed.** Users have the right, under certain circumstances, to obtain the erasure of their Data - from the Owner. -- **Receive their Data and have it transferred to another controller.** Users have the right to receive their Data in a structured, commonly used and - machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is - applicable provided that the Data is processed by automated means and that the processing is based on the User's consent, on a contract which the - User is part of or on pre-contractual obligations thereof. -- **Lodge a complaint.** Users have the right to bring a claim before their competent data protection authority. +In particular, Users have the right to do the following: + +- Withdraw their consent at any time. Users have the right to withdraw consent where they have + previously given their consent to the processing of their Anonymized Data. +- Object to processing of their Data. Users have the right to object to the processing of their + Personal Data if the processing is carried out on a legal basis other than consent. Further + details are provided in the dedicated section below. +- Access their Data. Users have the right to learn if any forms of Personal Data is being processed + by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of + the Data undergoing processing. +- Verify and seek rectification. Users have the right to verify the accuracy of their Personal Data + and ask for it to be updated or corrected. +- Restrict the processing of their Data. Users have the right, under certain circumstances, to + restrict the processing of their Data. In this case, the Owner will not process their Data for any + purpose other than storing it. +- Have their Personal Data deleted or otherwise removed. Users have the right, under certain + circumstances, to obtain the erasure of their Data from the Owner. +- Receive their Data and have it transferred to another controller. Users have the right to receive + their Data in a structured, commonly used and machine readable format and, if technically + feasible, to have it transmitted to another controller without any hindrance. This provision is + applicable provided that the Data is processed by automated means and that the processing is based + on the User's consent, on a contract which the User is part of or on pre-contractual obligations + thereof. +- Lodge a complaint. Users have the right to bring a claim before their competent data protection + authority. ### How to Exercise these Rights -Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests can be -exercised free of charge and will be addressed by the Owner as early as possible and always within one month. +Any requests to exercise User rights can be directed to the Owner through the contact details +provided in this document. These requests can be exercised free of charge and will be addressed by +the Owner as early as possible and always within one month. + +### Requesting Deletion of your Personal Data: + +To request the deletion of your personal data: + +- Contact us at hello@web3auth.io with the subject line: “Data Deletion Request.” +- Include information necessary to verify your identity, such as \[e.g., account details or + identification documents\]. +- You may be contacted by our staff to verify your identity and ownership of the account. ## Cookie Policy -Web3Auth uses Cookies on some static sites. To learn more and for a detailed cookie notice, the User may consult the -[Cookie Policy](https://docs.web3auth.io/legal/cookie-policy). +Web3Auth uses Cookies on some static sites. To learn more and for a detailed cookie notice, the User +may consult the [Cookie Policy](https://docs.web3auth.io/legal/cookie-policy). + +## Acceptance of this Privacy Policy + +By using Web3Auth services, you are agreeing to accept the entirety of this Privacy Policy. If you +are not in agreement of this Privacy Policy, you may refrain from using Web3Auth services. ## Additional information about Data collection and processing ### Legal Action -The User's Anonymized Usage Data may be used for legal purposes by the Owner in Court or in the stages leading to possible legal action arising from -improper use of Web3Auth or the related Services. The User declares to be aware that the Owner may be required to reveal personal data upon request of -public authorities. +The User's Anonymized Usage Data may be used for legal purposes by the Owner in Court or in the +stages leading to possible legal action arising from improper use of Web3Auth or the related +Services. The User declares to be aware that the Owner may be required to reveal personal data upon +request of public authorities. ### Additional Information About User's Anonymized Usage Data -In addition to the information contained in this privacy policy, Web3Auth may provide the User with additional and contextual information concerning -particular Services or the collection and processing of it upon request. +In addition to the information contained in this privacy policy, Web3Auth may provide the User with +additional and contextual information concerning particular Services or the collection and +processing of it upon request. ### System Logs and Maintenance -For operation and maintenance purposes, Web3Auth and any third-party services may collect files that record interaction with Web3Auth \(System logs\) -use other Usage Data \(such as the IP Address\) for this purpose. +For operation and maintenance purposes, Web3Auth and any third-party services may collect files that +record interaction with Web3Auth (System logs) use other Usage Data (such as the IP Address) for +this purpose. ### Information not Contained in this Policy -More details concerning the collection or processing of Anonymized Usage Data may be requested from the Owner at any time. Please see the contact -information at the beginning of this document. +More details concerning the collection or processing of Anonymized Usage Data may be requested from +the Owner at any time. Please see the contact information at the beginning of this document. ### How “Do Not Track” Requests are Handled -Web3Auth automatically respects “Do Not Track” requests as we do not store any user Personal Data. To determine whether any of the third-party -services it uses honor the “Do Not Track” requests, please read their privacy policies. +Web3Auth automatically respects “Do Not Track” requests as we do not store any user Personal Data. +To determine whether any of the third-party services it uses honor the “Do Not Track” requests, +please read their privacy policies. ### Changes to this Privacy Policy -The Owner reserves the right to make changes to this privacy policy at any time by giving notice to its Users on this page and possibly within Torus -Labs and/or - as far as technically and legally feasible - sending a notice to Users via any contact information available to the Owner. It is -strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. +The Owner reserves the right to make changes to this privacy policy at any time by giving notice to +its Users on this page and possibly within Torus Labs and/or \- as far as technically and legally +feasible \- sending a notice to Users via any contact information available to the Owner. It is +strongly recommended to check this page often, referring to the date of the last modification listed +at the bottom. -Should the changes affect processing activities performed on the basis of the User’s consent, the Owner shall collect new consent from the User, where -required. +Should the changes affect processing activities performed on the basis of the User’s consent, the +Owner shall collect new consent from the User, where required. ## Definitions and Legal References -**Personal Data \(or Data\)** +Personal Data (or Data) + +Any information that directly, indirectly, or in connection with other information — including a +personal identification number — allows for the identification or identifiability of a natural +person. + +Account Identifying Information -Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the -identification or identifiability of a natural person. +Data used to identify unique accounts, which can include third party authentication token IDs and +randomized strings. -**Anonymized Identifier** +Personal Identification Information -Data used to identify unique accounts, which can include third party authentication token IDs and randomized strings. +Data used to personalize unique accounts, which can include usernames, first and last names, email +addresses, and phone numbers. -**Anonymized Usage Data** +Anonymized Usage Data -Information collected automatically through Web3Auth \(or third-party services employed in Web3Auth\), which can include: the IP addresses or device -type of the computers utilized by the Users who use Web3Auth, the time of the request, the method utilized to submit the request to the server, the -size of the file received in response, the numerical code indicating the status of the server's answer \(successful outcome, error, etc.\), the -features of the browser and the operating system utilized by the User, the various time details per visit \(e.g., the time spent on each page within -the Application\) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other -parameters about the device operating system and/or the User's IT environment. +Information collected automatically through Web3Auth (or third-party services employed in Web3Auth), +which can include: the IP addresses or device type of the computers utilized by the Users who use +Web3Auth, the time of the request, the method utilized to submit the request to the server, the size +of the file received in response, the numerical code indicating the status of the server's answer +(successful outcome, error, etc.), the features of the browser and the operating system utilized by +the User, the various time details per visit (e.g., the time spent on each page within the +Application) and the details about the path followed within the Application with special reference +to the sequence of pages visited, and other parameters about the device operating system and/or the +User's IT environment. -**User** +User The individual using Web3Auth who, unless otherwise specified, coincides with the Data Subject. -**Data Subject** +Data Subject The natural person to whom the Personal Data refers. -**Data Processor \(or Data Supervisor\)** +Data Processor (or Data Supervisor) -The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, as described in this -privacy policy. +The natural or legal person, public authority, agency or other body which processes Personal Data on +behalf of the Controller, as described in this privacy policy. -**Data Controller \(or Owner\)** +Data Controller (or Owner) -The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the -processing of Personal Data, including the security measures concerning the operation and use of Web3Auth. The Data Controller, unless otherwise +The natural or legal person, public authority, agency or other body which, alone or jointly with +others, determines the purposes and means of the processing of Personal Data, including the security +measures concerning the operation and use of Web3Auth. The Data Controller, unless otherwise specified, is the Owner of Web3Auth. -**Web3Auth \(or this Application\)** +Web3Auth (or this Application) The means by which the Data of the User is collected and processed. -**Service** +Service -The service provided by Web3Auth as described in the relative terms \(if available\) and on this site/application. +The service provided by Web3Auth as described in the relative terms (if available) and on this +site/application. -**European Union \(or EU\)** +European Union (or EU) -Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and -the European Economic Area. +Unless otherwise specified, all references made within this document to the European Union include +all current member states to the European Union and the European Economic Area. -**Cookies** +Cookies Small sets of data stored in the User's device. -**Legal information** +Legal information -This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation \(EU\) 2016/679 \(General -Data Protection Regulation\). +This privacy statement has been prepared based on provisions of multiple legislations, including +Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation). This privacy policy relates solely to Web3Auth, if not stated otherwise within this document. From c938f8d86af768cf081b6e7d57daf7c9138348b2 Mon Sep 17 00:00:00 2001 From: Mohammad Shahbaz Alam Date: Tue, 10 Dec 2024 23:08:03 +0530 Subject: [PATCH 2/2] Cleanup --- src/pages/guides/magic-migration.mdx | 443 -------------------------- src/pages/guides/privy-migration.mdx | 451 --------------------------- 2 files changed, 894 deletions(-) delete mode 100644 src/pages/guides/magic-migration.mdx delete mode 100644 src/pages/guides/privy-migration.mdx diff --git a/src/pages/guides/magic-migration.mdx b/src/pages/guides/magic-migration.mdx deleted file mode 100644 index dac8a206c..000000000 --- a/src/pages/guides/magic-migration.mdx +++ /dev/null @@ -1,443 +0,0 @@ ---- -title: Migrate from Magic to Web3Auth -image: "guides-banners/magic-migration.png" -description: Migration guide from Magic to Web3Auth. -type: guide -tags: [plug and play, web, mpc core kit, core kit] -date: June 25, 2024 -author: Web3Auth Team ---- - -import SEO from "@site/src/components/SEO"; -import TabItem from "@theme/TabItem"; -import Tabs from "@theme/Tabs"; - - - -In this guide, we'll compare Magic and Web3Auth and explain how to migrate your existing users from -Magic to Web3Auth. - -We'll start by comparing both services based on several key parameters: wallet management -architecture, authentication options, and multi-chain and multi-platform support. If you're ready to -jump straight to the migration process, -[you can find the instructions here](#how-to-migrate-to-web3auth). - -## Why choose Web3Auth? - -Both Web3Auth and Magic have made significant strides in addressing the Web3 onboarding challenge. -However, Web3Auth stands out by offering more customizable authentication options, along with -superior support for multi-chain and multi-platform integrations. - -| Parameter | Magic | Web3Auth | -| ---------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Wallet Management | Magic uses the HSM wallet to manage user's private key which doesn't make it fully non-custodial, and has single point of failure. | Web3Auth supports SSS and MPC TSS based wallet management, distributed across a network of nodes, with no single point of failure. | -| Multi-chain support | Magic as of now only supports 25+ blockchains as per their docs. | Web3Auth is chain agnostic. Moreover, Web3Auth MPC TSS also supports both curves to integrate all supported chains using secp256k1 and ed25519 curves | -| Multi-platform support | Magic supports multi-platform including Web, Android, Flutter, iOS, Unity, and React native. | Web3Auth supports multiple platforms, including Web, React Native, Unity, Unreal, Flutter, Swift, and Android. [Checkout documentation for more details](/docs/sdk?product=Plug%20and%20Play). | -| Additional Features | Magic provides additional features as NFT services for free minting and checkout. | Web3Auth also offers additional services such as NFT checkout, Fiat On Ramp, and Prebuilt Wallet UI. All of these services could be added in your project with few lines code. | -| Ease of Integration | Magic is easy to integrate where basic integration takes less than 15 minutes | Web3Auth is also easy to integrate where basic integration takes less than 15 minutes. | -| Whitelabel | Magic has limited white-labelling options. | Web3Auth also has end to end white-labelling options. | - -## How to migrate to Web3Auth - -Now that we've discussed the advantages of Web3Auth, let's explore the steps to migrate from Magic -to Web3Auth. We'll cover most scenarios, but if we miss any, please don't hesitate to reach out to -us in comments. - -### Embedded Wallet/ Dedicated Wallet - -If you are using Magic's embedded wallet/ dedicated wallet, there are couple of options which can be -preferred for the migration. - -#### Using Plug And Play SDK - -If you want to use the Plug and Play SDK, you can first check whether the user is an existing user -or if they have any wallet balance. For new users or those with empty wallets, you can simply -generate a new wallet for them to replace the old one. - -For existing users with non-empty wallets, you have two options: - -##### Migration tool - -You can create a migration tool to transfer funds to the newly generated Web3Auth embedded wallet. -To facilitate the fund transfer using the migration tool, you can utilize our -[Wallet Pregeneration feature](/docs/features/wallet-pregeneration) to determine the user's wallet -address without integrating our SDKs. By leveraging wallet pregeneration, you can handle the -migration in the backend seamlessly. Afterward, you can use the PnP/ SFA SDK to log users in through -Web3Auth. - -Let's see how you can use the Wallet Pregeneration API. - -```tsx -const apiUrl = "https://lookup.web3auth.io/lookup"; - -const params = new URLSearchParams({ - verifier: "YOUR_VERIFIER_NAME", - verifierId: "YOUR_VERIFIER_ID", - web3AuthNetwork: "sapphire_mainnet", - clientId: "YOUR_WEB3AUTH_CLIENT_ID", -}); - -const url = `${apiUrl}?${params.toString()}`; - -// Response -// { -// "data": { -// "evmAddress": "0x172b0Ca9405BcE41A0D6FB3B44f91098d3a4AB14", -// "X": "a3350640a380f772434a18952fa53c6a8c200e9e3d30e1097edbd92be6dd9fe0", -// "Y": "1ded08adccba8e394f9a9d7ee55658aab8f2aef17866983c0bdcd68d31b59341", -// "isMfaEnabled": false -// }, -// "success": true -// } -``` - -Please ensure that the useCoreKitKey parameter is set to true when using the Wallet Pregeneration -API and the PnP SDK. This will ensure that the same address is generated when user logs in for the -first time. - -```tsx -const chainConfig = YOUR_CUSTOM_CHAIN_CONFIG; - -const ethereumPrivateKeyProvider = EthereumPrivateKeyProvider({ - config: { chainConfig }, -}); - -const web3auth = new Web3Auth({ - clientId: "YOUR_WEB3AUTH_CLIENT_ID", - web3AuthNetwork: WEB3AUTH_NETWORK.SAPPHIRE_MAINNET, - privateKeyProvider: ethereumPrivateKeyProvider, - // focus-next-line - useCoreKitKey: true, -}); -``` - -##### Manual Migration - -The other option would be to show a prompt to users, asking them to migrate their funds from the old -wallet to the new Web3Auth embedded wallet. It's totally upto users how they want to migrate. - -You can also suggest your users to use tools like [Token Bulksender](https://bulksender.app/). -Again, DYOR. - -#### Using MPC Core Kit SDK - -If you have existing users with a Magic's embedded wallet, you can seamlessly transition them to -Web3Auth while retaining the same account. - -:::note - -Using the MPC Core Kit is the recommended approach for migrating users from Magic's embedded wallet -to Web3Auth. - -::: - -The first step is to export the Magic's embedded wallet private key. To do this, you can use the -`revealPrivateKey` method. This will open the modal for users to copy their private key. -[For more details on exporting accounts, learn more here](https://magic.link/docs/wallets/features/key-export). - -Please note that there is no internal method to export the private key in Magic. Only the user can -access their full private key. When you use the `revealPrivateKey` method, it will display the reval -private key modal for the user to copy their private key. Once the key is copied, you can prompt -them to import it using an input field. - -```tsx -import { Magic } from "magic-sdk"; - -const magic = new Magic("PUBLISHABLE_API_KEY"); - -try { - await magic.user.revealPrivateKey(); -} catch { - // Handle errors if required! -} -``` - -You can now show the prompt to enter the private key they copied. Once you have the private key, you -can simply import it into `Web3AuthMpCoreKit`. When you import the private key, it is split into -multiple partial keys, which are never stored together in one place. Furthermore, in the MPC -architecture, the private key is never reconstructed, enhancing security. The partial keys are -stored in different locations and the user's device. These partial keys are used to create partial -signatures for messages and transactions. These partial signatures are then combined using Threshold -Signature Scheme (TSS) to produce a final signature, which can be used for transactions on the -blockchain. MPC Core Kit supports both secp256k1 and ed25519 curves, so you can generate both ECDSA -and EdDSA signatures. - -[Learn more about MPC Core Kit](/docs/sdk/mpc-core-kit/mpc-core-kit-js). - -```tsx -import { tssLib } from "@toruslabs/tss-dkls-lib"; -// Your own logic to retrive google login id Token -const jwtLoginParams = { - verifier: "w3a-google-demo", - verifierId: parsedIdToken.email, - idToken: parsedIdToken, - // Use the exported private key from previous step - // focus-next-line - importTssKey: magicPrivateKey, -} as JWTLoginParams; - -const coreKitInstance = new Web3AuthMPCCoreKit({ - web3AuthClientId: "YOUR_WEB3AUTH_CLIENT_ID", - web3AuthNetwork: WEB3AUTH_NETWORK.DEVNET, - manualSync: true, - tssLib: tssLib, - storage: window.storage, -}); - -await coreKitInstance.init(); -await coreKitInstance.loginWithJWT(jwtLoginParams); -``` - -### AA Wallet - -Web3Auth is compatible with all major Account Abstraction (AA) SDKs, including Alchemy, Biconomy, -Pimlico, ZeroDev, and Safe. To learn more, -[please check out our AA Demo](https://w3a-aa-gasless-demo.vercel.app/). - -If you are using a Magic's embedded wallet/ dedicated wallet as a signer for an ERC 4337 (Account -Abstraction) wallet, you can easily add the Web3Auth embedded wallet as an additional signer. This -will enable existing users to seamlessly migrate to the Web3Auth embedded wallet. Alternatively, you -can prompt users to remove the Magic signer if preferred. - - - - -Considering you have already created the `ECDSAProvider` instance using Magic signer, you can simply use the `changeOwner` method to change the -Smart Account owner. - -Learn more about -[transfering ownership of Smart account in ZeroDev](https://docs-v4.zerodev.app/use-wallets/change-wallet-owner). - -```tsx -import { providerToSmartAccountSigner } from "permissionless"; -import { EIP1193Provider } from "viem"; - -const { hash } = await magicEcdsaProvider.changeOwner("WEB3AUTH_EMBEDDED_WALLET_ADDRESS"); - -// Considering you have setup the Web3Auth instance -const web3authProvider = web3auth.provider; - -if (!web3authProvider) { - throw new Error("No provider found"); -} - -// Create the smart account signer from the provider and signer address -const smartAccountSigner = await providerToSmartAccountSigner(web3authProvider as EIP1193Provider); - -// Generate the ZeroDev wallet for new signer. -const web3AuthEcdsaProvider = await signerToEcdsaValidator(publicClient, { - signer: smartAccountSigner, - entryPoint: ENTRYPOINT_ADDRESS_V07, -}); -``` - - - - -Considering you have already created the smart account instance using Magic signer, you can simply use the `transferOwnership` method to change the -Smart Account owner. - -Learn more about -[transfering ownership of Smart account in Biconomy](https://docs.biconomy.io/tutorials/utils/transferOwnership). - -```tsx -// Considering you have setup the Web3Auth instance -const provider = new ethers.providers.Web3Provider(web3Auth.provider); -const web3AuthSigner = await ethersProvider.getSigner(); -const newOwner = web3AuthSigner.getAddress(); - -const smartAccountAddress = await magicSmartAccount.getAccountAddress(); - -const response = await magicSmartAccount.transferOwnership( - newOwner, - DEFAULT_ECDSA_OWNERSHIP_MODULE, - { - paymasterServiceData: { mode: PaymasterMode.SPONSORED }, - }, -); - -const receipt = await response.wait(); - -// Recreate the smart account client with the new owner and specify the address of the smart account -let smartAccount = await createSmartAccountClient({ - signer: web3AuthSigner, - paymasterUrl, - bundlerUrl, - accountAddress: smartAccountAddress, -}); -``` - - - - -Considering you have already created the `LightAccount` instance using Magic signer, you can simply use the `transferOwnership` method to change the -Smart Account owner. - -Learn more about -[transfering ownership of Smart account in AccountKit(Alchemy)](https://accountkit.alchemy.com/using-smart-accounts/transfer-ownership/light-account#usage). - -```tsx -import { Web3AuthSigner } from "@alchemy/aa-signers/web3auth"; -import { CHAIN_NAMESPACES } from "@web3auth/base"; - -// Learn more about Web3AuthSigner: https://accountkit.alchemy.com/packages/aa-signers/web3auth/constructor -const web3AuthSigner = const web3AuthSigner = new Web3AuthSigner({ - clientId: "YOUR_WEB3AUTH_CLIENT_ID", - chainConfig: { - chainNamespace: CHAIN_NAMESPACES.EIP155, - }, -}); - -const newOwner = web3AuthSigner.getAddress(); - -const accountAddress = magicLightAccountClient.getAddress(); - -const hash = magicLightAccountClient.transferOwnership({ - newOwner, - waitForTxn: true, -}); - -// After transaction is mined on the network, -// create a new light account client for the transferred Light Account -const transferredClient = await createLightAccountClient({ - transport: custom(magicLightAccountClient), - chain: magicLightAccountClient.chain, - signer: web3AuthSigner, - // NOTE: You MUST specify the original smart account address to connect using the new owner/signer - accountAddress, - // NOTE: If the version of the light account is not v1.1.0, it must be specified here - version: "v2.0.0", -}); -``` - - - - -If we have missed any AA provider, please don't hesitate to reach out to us in comments. - -### External Wallets - -If you are using external wallet(Third Party Wallets) using Magic's Embedded Plug & Play Widget, and -are looking to integrate with Web3Auth, the migration process is quite straightforward. Web3Auth -offers external multiple adapters to connect with external wallets, along with social login options -for added convenience. Along with external wallets, Web3Auth also supports application wallets like -Torus wallet. - -If you are using EVM external wallets previously with Magic, you can simply configure the -`@web3auth/default-evm-adapter` for your Web3Auth instance. -[Read more about default-evm-adapter](/docs/sdk/pnp/web/adapters/default-evm-adapter). - -```tsx -import { getDefaultExternalAdapters } from "@web3auth/default-evm-adapter"; -import { EthereumPrivateKeyProvider } from "@web3auth/ethereum-provider"; - -// This can be your custom chain as well. -const chainConfig = { - chainId: "0x1", - rpcTarget: "https://rpc.ankr.com/eth", - displayName: "Ethereum Mainnet", - blockExplorerUrl: "https://etherscan.io/", - ticker: "ETH", - tickerName: "Ethereum", - logo: "https://images.toruswallet.io/eth.svg", -}; - -const privateKeyProvider = new EthereumPrivateKeyProvider({ config: { chainConfig } }); - -const web3AuthOptions: Web3AuthOptions = { - "YOUR_WEB3AUTH_CLIENT_ID", - chainConfig: { ...chainConfig, chainNamespace: CHAIN_NAMESPACES.EIP155 }, - web3AuthNetwork: WEB3AUTH_NETWORK.SAPPHIRE_MAINNET, - privateKeyProvider: privateKeyProvider, -}; - -const web3Auth = new Web3Auth(web3AuthOptions); - -// focus-start -const adapters = await getDefaultExternalAdapters({ options: web3AuthOptions }); - -adapters.forEach((adapter) => { - web3auth.configureAdapter(adapter); -}); -// focus-end -``` - -If you are a fan boy of wagmi-connector, we have got your covered. You can use our -web3auth-wagmi-connector to initialize a wagmi client that will seamlessly manage the interaction of -your dApp with -Web3Auth.[Read more about web3auth-wagmi-connector](/docs/sdk/pnp/web/wagmi-connector). - -```tsx -import { Web3AuthConnector } from "@web3auth/web3auth-wagmi-connector"; -import { Web3Auth } from "@web3auth/modal"; -import { EthereumPrivateKeyProvider } from "@web3auth/ethereum-provider"; -import { CHAIN_NAMESPACES, WEB3AUTH_NETWORK, WALLET_ADAPTERS } from "@web3auth/base"; -import { Chain } from "wagmi/chains"; -import { WalletServicesPlugin } from "@web3auth/wallet-services-plugin"; - -export default function Web3AuthConnectorInstance(chains: Chain[]) { - const chainConfig = { - chainNamespace: CHAIN_NAMESPACES.EIP155, - chainId: "0x" + chains[0].id.toString(16), - rpcTarget: chains[0].rpcUrls.default.http[0], - displayName: chains[0].name, - tickerName: chains[0].nativeCurrency?.name, - ticker: chains[0].nativeCurrency?.symbol, - blockExplorerUrl: chains[0].blockExplorers?.default.url[0] as string, - }; - - const privateKeyProvider = new EthereumPrivateKeyProvider({ config: { chainConfig } }); - - const web3AuthInstance = new Web3Auth({ - clientId: "YOUR_WEB3AUTH_CLIENT_ID", - chainConfig, - privateKeyProvider, - web3AuthNetwork: WEB3AUTH_NETWORK.SAPPHIRE_MAINNET, - enableLogging: true, - }); - - const modalConfig = { - [WALLET_ADAPTERS.AUTH]: { - label: "auth", - loginMethods: { - facebook: { - // It will hide the facebook option from the Web3Auth modal. - name: "facebook login", - showOnModal: false, - }, - }, - // Setting it to false will hide all social login methods from modal. - showOnModal: true, - }, - }; - - return Web3AuthConnector({ - web3AuthInstance, - modalConfig, - }); -} -``` - -The above code snippet is for [Web3Auth Modal SDK](https://web3auth.io/docs/sdk/pnp/web/modal), if -you are looking [No Modal SDK](https://web3auth.io/docs/sdk/pnp/web/no-modal/), you can -[checkout wagmi no modal sample](https://github.com/Web3Auth/web3auth-pnp-examples/blob/main/web-no-modal-sdk/wagmi/wagmi-no-modal-example/src/Web3AuthConnectorInstance.tsx). - -## Conclusion - -In conclusion, migrating from Magic to Web3Auth offers enhanced security through Multi-Party -Computation, broader multi-chain and multi-platform support, and additional features like NFT -services. For any specific migration scenarios not -covered,[ book a call with the Web3Auth team](https://calendly.com/web3auth/meeting-with-web3auth), -we are happy to assist you. diff --git a/src/pages/guides/privy-migration.mdx b/src/pages/guides/privy-migration.mdx deleted file mode 100644 index e64a7bebd..000000000 --- a/src/pages/guides/privy-migration.mdx +++ /dev/null @@ -1,451 +0,0 @@ ---- -title: Migrate from Privy to Web3Auth -image: "guides-banners/privy-migration.png" -description: Migration guide from Privy to Web3Auth. -type: guide -tags: [plug and play, web, mpc core kit, core kit] -date: June 18, 2024 -author: Web3Auth Team ---- - -import SEO from "@site/src/components/SEO"; -import TabItem from "@theme/TabItem"; -import Tabs from "@theme/Tabs"; - - - -In this guide, we'll compare Privy and Web3Auth and explain how to migrate your existing users from -Privy to Web3Auth. - -We'll start by comparing both services based on several key parameters: wallet management -architecture, authentication options, and multi-chain and multi-platform support. If you're ready to -jump straight to the migration process, -[you can find the instructions here](#how-to-migrate-to-web3auth). - -## Why choose Web3Auth? - -Both Web3Auth and Privy have made significant strides in addressing the Web3 onboarding challenge. -However, Web3Auth stands out by offering more customizable authentication options, along with -superior support for multi-chain and multi-platform integrations. - -| Parameter | Privy | Web3Auth | -| ---------------------- | ----------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Wallet Management | Privy only supports the SSS, and doesn't have MPC TSS support. | Web3Auth supports both SSS and MPC TSS to manage user's private key. | -| Multi-chain support | Privy as of now only supports secp256k1 curve. | Web3Auth is chain agnostic. Moreover, Web3Auth MPC TSS also supports both curves to integrate all supported chains using secp256k1 and ed25519 curves. | -| Multi-platform support | Privy only supports Web, React Native, and Swift. | Web3Auth supports multiple platforms, including Web, React Native, Unity, Unreal, Flutter, Swift, and Android. [Checkout documentation for more details](http://localhost:3000/docs/sdk?product=Plug%20and%20Play). | -| Additional Features | Privy doesn't have any additional features apart from embedded wallet. | Web3Auth also offers additional services such as NFT checkout, Fiat On Ramp, and Prebuilt Wallet UI. All of these services could be added in your project with few lines code. | -| Ease of Integration | Privy is easy to integrate where basic integration takes less than 15 minutes | Web3Auth is also easy to integrate where basic integration takes less than 15 minutes. | -| Whitelabel | Privy has limited white-labelling options. | Web3Auth has end to end white-labelling options. Web3Auth also has advanced integration options where it can be totally hidden which is not possible with Privy. | - -## How to migrate to Web3Auth - -Now that we've discussed the advantages of Web3Auth, let's explore the steps to migrate from Privy -to Web3Auth. We'll cover most scenarios, but if we miss any, please don't hesitate to reach out to -us in comments. - -### Embedded Wallet - -If you are using Privy embedded wallet, there are couple of options which can be preferred for the -migration. - -#### Using Plug And Play SDK - -If you want to use the Plug and Play SDK, you can first check whether the user is an existing user -or if they have any wallet balance. For new users or those with empty wallets, you can simply -generate a new wallet for them to replace the old one. - -For existing users with non-empty wallets, you have two options: - -##### Migration tool - -You can create a migration tool to transfer funds to the newly generated Web3Auth embedded wallet. -To facilitate the fund transfer using the migration tool, you can utilize our -[Wallet Pregeneration feature](/docs/features/wallet-pregeneration) to determine the user's wallet -address without integrating our SDKs. By leveraging wallet pregeneration, you can handle the -migration in the backend seamlessly. Afterward, you can use the PnP/ SFA SDK to log users in through -Web3Auth. - -Let's see how you can use the Wallet Pregeneration API. - -```tsx -const apiUrl = "https://lookup.web3auth.io/lookup"; - -const params = new URLSearchParams({ - verifier: "YOUR_VERIFIER_NAME", - verifierId: "YOUR_VERIFIER_ID", - web3AuthNetwork: "sapphire_mainnet", - clientId: "YOUR_WEB3AUTH_CLIENT_ID", -}); - -const url = `${apiUrl}?${params.toString()}`; - -// Response -// { -// "data": { -// "evmAddress": "0x172b0Ca9405BcE41A0D6FB3B44f91098d3a4AB14", -// "X": "a3350640a380f772434a18952fa53c6a8c200e9e3d30e1097edbd92be6dd9fe0", -// "Y": "1ded08adccba8e394f9a9d7ee55658aab8f2aef17866983c0bdcd68d31b59341", -// "isMfaEnabled": false -// }, -// "success": true -// } -``` - -Please ensure that the useCoreKitKey parameter is set to true when using the Wallet Pregeneration -API and the PnP SDK. This will ensure that the same address is generated when user logs in for the -first time. - -```tsx -const chainConfig = YOUR_CUSTOM_CHAIN_CONFIG; - -const ethereumPrivateKeyProvider = EthereumPrivateKeyProvider({ - config: { chainConfig }, -}); - -const web3auth = new Web3Auth({ - clientId: "YOUR_WEB3AUTH_CLIENT_ID", - web3AuthNetwork: WEB3AUTH_NETWORK.SAPPHIRE_MAINNET, - privateKeyProvider: ethereumPrivateKeyProvider, - // focus-next-line - useCoreKitKey: true, -}); -``` - -##### Manual Migration - -The other option would be to show a prompt to users, asking them to migrate their funds from the old -wallet to the new Web3Auth embedded wallet. It's totally upto users how they want to migrate. - -You can also suggest your users to use tools like [Token Bulksender](https://bulksender.app/). -Again, DYOR. - -#### Using MPC Core Kit SDK - -If you have existing users with a Privy embedded wallet, you can seamlessly transition them to -Web3Auth while retaining the same account. - -:::note - -Using the MPC Core Kit is the recommended approach for migrating users from Privy embedded wallet to -Web3Auth. - -::: - -The first step is to export the Privy embedded wallet private key. To do this, you can use the -exportWallet method, which requires the wallet address of the account. If no wallet address is -provided, it will default to the wallet at index 0. -[For more details on HD wallets and exporting accounts, learn more here](https://docs.privy.io/guide/react/wallets/embedded/hd-wallets#exporting-embedded-wallet-private-keys). - -Please note that there is no internal method to export the private key in Privy. Only the user can -access their full private key. When you use the exportWallet method, it will display an iframe for -the user to copy their private key. Once the key is copied, you can prompt them to import it using -an input field. - -```tsx -import { usePrivy } from "@privy-io/react-auth"; - -function ExportWalletButton() { - const { ready, authenticated, user, exportWallet } = usePrivy(); - // Check that your user is authenticated - const isAuthenticated = ready && authenticated; - // Check that your user has an embedded wallet - const hasEmbeddedWallet = !!user.linkedAccounts.find( - (account) => account.type === "wallet" && account.walletClient === "privy", - ); - - return ( - - ); -} -``` - -You can now show the prompt to enter the private key they copied. Once you have the private key, you -can simply import it into Web3AuthMpCoreKit. When you import the private key, it is split into -multiple partial keys, which are never stored together in one place. Furthermore, in the MPC -architecture, the private key is never reconstructed, enhancing security. The partial keys are -stored in different locations and the user's device. These partial keys are used to create partial -signatures for messages and transactions. These partial signatures are then combined using Threshold -Signature Scheme (TSS) to produce a final signature, which can be used for transactions on the -blockchain. MPC Core Kit supports both secp256k1 and ed25519 curves, so you can generate both ECDSA -and EdDSA signatures. - -[Learn more about MPC Core Kit](/docs/sdk/mpc-core-kit/mpc-core-kit-js). - -```tsx -import { tssLib } from "@toruslabs/tss-dkls-lib"; -// Your own logic to retrive google login id Token -const jwtLoginParams = { - verifier: "w3a-google-demo", - verifierId: parsedIdToken.email, - idToken: parsedIdToken, - // Use the exported private key from previous step - // focus-next-line - importTssKey: privyPrivateKey, -} as JWTLoginParams; - -const coreKitInstance = new Web3AuthMPCCoreKit({ - web3AuthClientId: "YOUR_WEB3AUTH_CLIENT_ID", - web3AuthNetwork: WEB3AUTH_NETWORK.DEVNET, - manualSync: true, - tssLib: tssLib, - storage: window.storage, -}); - -await coreKitInstance.init(); -await coreKitInstance.loginWithJWT(jwtLoginParams); -``` - -### AA Wallet - -Web3Auth is compatible with all major Account Abstraction (AA) SDKs, including Alchemy, Biconomy, -Pimlico, ZeroDev, and Safe. To learn more, -[please check out our AA Demo](https://w3a-aa-gasless-demo.vercel.app/). - -If you are using a Privy embedded wallet as a signer for an ERC 4337 (Account Abstraction) wallet, -you can easily add the Web3Auth embedded wallet as an additional signer. This will enable existing -users to seamlessly migrate to the Web3Auth embedded wallet. Alternatively, you can prompt users to -remove the Privy signer if preferred. - - - - -Considering you have already created the `ECDSAProvider` instance using Privy signer, you can simply use the `changeOwner` method to change the -Smart Account owner. - -Learn more about -[transfering ownership of Smart account in ZeroDev](https://docs-v4.zerodev.app/use-wallets/change-wallet-owner). - -```tsx -import { providerToSmartAccountSigner } from "permissionless"; -import { EIP1193Provider } from "viem"; - -const { hash } = await privyEcdsaProvider.changeOwner("WEB3AUTH_EMBEDDED_WALLET_ADDRESS"); - -// Considering you have setup the Web3Auth instance -const web3authProvider = web3auth.provider; - -if (!web3authProvider) { - throw new Error("No provider found"); -} - -// Create the smart account signer from the provider and signer address -const smartAccountSigner = await providerToSmartAccountSigner(web3authProvider as EIP1193Provider); - -// Generate the ZeroDev wallet for new signer. -const web3AuthEcdsaProvider = await signerToEcdsaValidator(publicClient, { - signer: smartAccountSigner, - entryPoint: ENTRYPOINT_ADDRESS_V07, -}); -``` - - - - -Considering you have already created the smart account instance using Privy signer, you can simply use the `transferOwnership` method to change the -Smart Account owner. - -Learn more about -[transfering ownership of Smart account in Biconomy](https://docs.biconomy.io/tutorials/utils/transferOwnership). - -```tsx -// Considering you have setup the Web3Auth instance -const provider = new ethers.providers.Web3Provider(web3Auth.provider); -const web3AuthSigner = await ethersProvider.getSigner(); -const newOwner = web3AuthSigner.getAddress(); - -const smartAccountAddress = await privySmartAccount.getAccountAddress(); - -const response = await privySmartAccount.transferOwnership( - newOwner, - DEFAULT_ECDSA_OWNERSHIP_MODULE, - { - paymasterServiceData: { mode: PaymasterMode.SPONSORED }, - }, -); - -const receipt = await response.wait(); - -// Recreate the smart account client with the new owner and specify the address of the smart account -let smartAccount = await createSmartAccountClient({ - signer: web3AuthSigner, - paymasterUrl, - bundlerUrl, - accountAddress: smartAccountAddress, -}); -``` - - - - -Considering you have already created the `LightAccount` instance using Privy signer, you can simply use the `transferOwnership` method to change the -Smart Account owner. - -Learn more about -[transfering ownership of Smart account in AccountKit(Alchemy)](https://accountkit.alchemy.com/using-smart-accounts/transfer-ownership/light-account#usage). - -```tsx -import { Web3AuthSigner } from "@alchemy/aa-signers/web3auth"; -import { CHAIN_NAMESPACES } from "@web3auth/base"; - -// Learn more about Web3AuthSigner: https://accountkit.alchemy.com/packages/aa-signers/web3auth/constructor -const web3AuthSigner = const web3AuthSigner = new Web3AuthSigner({ - clientId: "YOUR_WEB3AUTH_CLIENT_ID", - chainConfig: { - chainNamespace: CHAIN_NAMESPACES.EIP155, - }, -}); - -const newOwner = web3AuthSigner.getAddress(); - -const accountAddress = privyLightAccountClient.getAddress(); - -const hash = privyLightAccountClient.transferOwnership({ - newOwner, - waitForTxn: true, -}); - -// After transaction is mined on the network, -// create a new light account client for the transferred Light Account -const transferredClient = await createLightAccountClient({ - transport: custom(privyLightAccountClient), - chain: privyLightAccountClient.chain, - signer: web3AuthSigner, - // NOTE: You MUST specify the original smart account address to connect using the new owner/signer - accountAddress, - // NOTE: If the version of the light account is not v1.1.0, it must be specified here - version: "v2.0.0", -}); -``` - - - - -If we have missed any AA provider, please don't hesitate to reach out to us in comments. - -### External Wallets - -If you are using Privy with external wallets and are looking to integrate with Web3Auth, the -migration process is quite straightforward. Web3Auth offers external wallet adapters to connect with -external wallets, along with social login options for added convenience. Along with external -wallets, Web3Auth also supports application wallets like Torus wallet. - -If you are using EVM external wallets previously with Privy, you can simply configure the -`@web3auth/default-evm-adapter` for your Web3Auth instance. -[Read more about default-evm-adapter](/docs/sdk/pnp/web/adapters/default-evm-adapter). - -```tsx -import { getDefaultExternalAdapters } from "@web3auth/default-evm-adapter"; -import { EthereumPrivateKeyProvider } from "@web3auth/ethereum-provider"; - -// This can be your custom chain as well. -const chainConfig = { - chainId: "0x1", - rpcTarget: "https://rpc.ankr.com/eth", - displayName: "Ethereum Mainnet", - blockExplorerUrl: "https://etherscan.io/", - ticker: "ETH", - tickerName: "Ethereum", - logo: "https://images.toruswallet.io/eth.svg", -}; - -const privateKeyProvider = new EthereumPrivateKeyProvider({ config: { chainConfig } }); - -const web3AuthOptions: Web3AuthOptions = { - "YOUR_WEB3AUTH_CLIENT_ID", - chainConfig: { ...chainConfig, chainNamespace: CHAIN_NAMESPACES.EIP155 }, - web3AuthNetwork: WEB3AUTH_NETWORK.SAPPHIRE_MAINNET, - privateKeyProvider: privateKeyProvider, -}; - -const web3Auth = new Web3Auth(web3AuthOptions); - -// focus-start -const adapters = await getDefaultExternalAdapters({ options: web3AuthOptions }); - -adapters.forEach((adapter) => { - web3auth.configureAdapter(adapter); -}); -// focus-end -``` - -If you are a fan boy of wagmi-connector, we have got your covered. You can use our -web3auth-wagmi-connector to initialize a wagmi client that will seamlessly manage the interaction of -your dApp with -Web3Auth.[Read more about web3auth-wagmi-connector](/docs/sdk/pnp/web/wagmi-connector). - -```tsx -import { Web3AuthConnector } from "@web3auth/web3auth-wagmi-connector"; -import { Web3Auth } from "@web3auth/modal"; -import { EthereumPrivateKeyProvider } from "@web3auth/ethereum-provider"; -import { CHAIN_NAMESPACES, WEB3AUTH_NETWORK, WALLET_ADAPTERS } from "@web3auth/base"; -import { Chain } from "wagmi/chains"; -import { WalletServicesPlugin } from "@web3auth/wallet-services-plugin"; - -export default function Web3AuthConnectorInstance(chains: Chain[]) { - const chainConfig = { - chainNamespace: CHAIN_NAMESPACES.EIP155, - chainId: "0x" + chains[0].id.toString(16), - rpcTarget: chains[0].rpcUrls.default.http[0], - displayName: chains[0].name, - tickerName: chains[0].nativeCurrency?.name, - ticker: chains[0].nativeCurrency?.symbol, - blockExplorerUrl: chains[0].blockExplorers?.default.url[0] as string, - }; - - const privateKeyProvider = new EthereumPrivateKeyProvider({ config: { chainConfig } }); - - const web3AuthInstance = new Web3Auth({ - clientId: "YOUR_WEB3AUTH_CLIENT_ID", - chainConfig, - privateKeyProvider, - web3AuthNetwork: WEB3AUTH_NETWORK.SAPPHIRE_MAINNET, - enableLogging: true, - }); - - const modalConfig = { - [WALLET_ADAPTERS.AUTH]: { - label: "auth", - loginMethods: { - facebook: { - // It will hide the facebook option from the Web3Auth modal. - name: "facebook login", - showOnModal: false, - }, - }, - // Setting it to false will hide all social login methods from modal. - showOnModal: true, - }, - }; - - return Web3AuthConnector({ - web3AuthInstance, - modalConfig, - }); -} -``` - -The above code snippet is for [Web3Auth Modal SDK](https://web3auth.io/docs/sdk/pnp/web/modal), if -you are looking [No Modal SDK](https://web3auth.io/docs/sdk/pnp/web/no-modal/), you can -[checkout wagmi no modal sample](https://github.com/Web3Auth/web3auth-pnp-examples/blob/main/web-no-modal-sdk/wagmi/wagmi-no-modal-example/src/Web3AuthConnectorInstance.tsx). - -## Conclusion - -In conclusion, migrating from Privy to Web3Auth offers enhanced security through Multi-Party -Computation, broader multi-chain and multi-platform support, and additional features like NFT -services and wallet UI integrations. For any specific migration scenarios not -covered,[ book a call with the Web3Auth team](https://calendly.com/web3auth/meeting-with-web3auth), -we are happy to assist you.