Depending on your security requirements and needs, Paper offers various options to fit your needs.
Web3 currently lies on a spectrum. Some are obsessed with security, putting as much control as possible in the user's hands. While others want the benefits of interoperability without compromising the user experience. Here at Paper, you can satisfy both use cases.
Best User & Developer Experience
The best UX is one where the user never has to think about recovery keys. In order to achieve that, we utilize Amazon Web Services (AWS) Key Management Service (KMS) to securely encrypt and store the user's recovery share. Through clever use of IAM permissions, the KMS is only accessible to the specific user after they authenticate.
This is also the easiest way to get started and is what we recommend. You will be able to switch to the other flow at any time if you so choose.
In order to use this flow, all you need to do is to instantiate the Paper SDK with the additional following argument:
const paperSdk = new PaperEmbeddedWalletSdk({
clientId: "YOUR_CLIENT_ID",
chain: "Goerli",
advanceOptions: {
recoveryShareManagement: RecoveryShareManagement.AWS_MANAGED
},
});
Full user-controlled custody
If you never want to have Paper touch the encrypted recovery share, and have it completely user-managed, you can simply instantiate the Paper SDK like so:
const paperSdk = new PaperEmbeddedWalletSdk({
clientId: "YOUR_CLIENT_ID",
chain: "Goerli",
advanceOptions: {
recoveryShareManagement: RecoveryShareManagement.USER_MANAGED
},
});
After which, during the managed authentication flows, we will automatically prompt the user for their recovery key if needed.
If you're managing the flows yourself (Prompting OTP with your own UX). You'll have to prompt the user for a recovery code when needed. See Authenticate a User for more.