Introducing Web3 Authentication

Clerk is launching our first Web3 authentication factor - Sign in with Metamask!

This launch is the result of dozens of developer interviews, focused on understanding if and how Clerk can contribute to the Web3 ecosystem.

It didn't take long before we discovered three common challenges that we can help Web3 developers with immediately: securing sessions, multifactor authentication, and profile enrichment.

First and foremost - we found a near ubiquitous challenge around securing sessions. It's a two-part problem:

It's easy to insecurely determine the Web3 account address of a user visiting your website with Metamask connected, just run the following Javascript:

Verifying that the returned address is accurate, however, is significantly more challenging. Developers must ask users to sign a transaction, which is a process that undergone several protocol revisions and is hard to keep up with.

This is where Clerk steps in - all the work of signing a transaction and verifying the signature is abstracted away, and wrapped in a <SignInWithMetamask/> button.

Let's be honest - persisting a session isn't a Web3 challenge at all, but it is one that Web3 developers must endure by virtue of operating in Web2 browsers.

We know Web3 developers don't want to think about things like httpOnly cookies, XSS attacks, and session revocation. Web2 developers don't either, and that's why built-in session management is the foundation of every authentication product at Clerk. We use stateless JWTs that enable authentication in under 1 millisecond, and revocation in under 1 minute. We follow all the best practices so you can focus on building your application.

Sign in with Metamask uses the same abstraction as our other authentication factors like passwords or magic links.

Because of this, Clerk's multifactor authentication works with Metamask users out-of-the-box. Users simply need to navigate to their user profile and opt-in to multifactor authentication. There's no extra work for the developer beyond mounting a <UserProfile/> component, or redirecting to the Clerk-hosted component.

Off-chain profile enrichment is a topic of much debate in the Web3 community. Ideally, data like email addresses and phone numbers could be retrieved on-chain following the principles of self sovereign identity.

But as of today, there are no standard protocols for retrieving this data. As a result, top Web3 companies like OpenSea still collect and verify email addresses off-chain.

Clerk enables developers to easily do the same. We provide simple helpers for collecting and verifying phone numbers, email addresses, and even OAuth accounts. Beyond that, we accept structured data likes names and profile photos, as well as provide a generic metadata field for bespoke profile enrichment.

In the future, we look forward to enriching profiles in a more decentralized manner. Today, we hope this mechanism can help bridge the gap from Web2 to Web3.

Try out our guide for installing Web3 authentication. The guide will get you started with a new Next.js application with Metamask authentication.

This launch is the first of many upcoming Web3 launches. Our rough roadmap ahead includes:

Need something we didn't mention? Please reach out through any of our support channels - we're still defining this roadmap and very interested to hear how we can better meet your needs.