The Auth0 Lab team has released a pair of Marketplace integrations bringing more Web3 capabilities to the Okta Customer Identity Cloud ecosystem. As the Web3 ecosystem matures, we’re finding that on-chain data, like NFTs (non-fungible tokens), can be used in the identity ecosystem.
Our integration is a simple NFT fetch Action that retrieves a list of NFTs the user owns. With them, you can make all sorts of IAM-based decisions. If you’re interested in the Auth0 Lab team’s continued Web3 research, come join the conversation on Twitter and Discord.
NFTs in Identity and Access Management (IAM)
By now, you’ve probably heard of NFTs. If not, here is a helpful explainer. At their core, NFTs are digitally transferable tokens. Tokens have a long history in identity and access management. They are the keystone of authorization in many apps, primarily through the issuance of JSON web tokens.
NFTs could be a big extension to token-based IAM. NFTs are flexible, secure, and easily transferable by their nature of using blockchain consensus algorithms to establish ownership and transference. Like with cryptocurrencies, only a specific private key in a wallet can prove ownership. They can help organizations manage capacity problems because you can limit the number of NFTs you mint. This scarcity helps manage supply while still allowing for a robust secondary market. This makes them ideal for ticketed events and venues, like stadiums, trains, and other physically limited spaces.
One of the biggest barriers to mainstream NFT adoption is the usability hurdle of working with blockchains. With our latest integrations, Auth0 Lab seeks to make it easy. Developers can query a user’s NFTs and incorporate them as identity data in their applications, even controlling access based on a user’s ownership of an NFT. We’re excited to see how developers use these new tools when implementing web3 functionality into their applications.
Token Gating
Token Gating is the practice of managing access to resources based on a user’s Web3 NFTs. Notable examples include ‘members only’ communities of NFT collectors. This exclusivity extends to video games like Alien Worlds, the largest web3 game at the end of 2022. NFTs are central to the game and unlock certain content, or game locations are only accessible with specific NFTs. TravelX is working on another use case around airline tickets.
Token gating is interesting because of the openness of the attestation. Instead of IAM data being stored on a proprietary server, it’s on a public blockchain for anyone to use and see. We’re just witnessing the first experiments in how that data is used.
EVM Compatible, Open Source Coming Soon
The current integration works on all Ethereum virtual machine (EVM) compatible blockchains. This means you’ll have access to NFTs available on some of the largest NFT marketplaces like OpenSea. You’ll be able to pull from Ethereum, Polygon, Avalanche, Binance Smart Chain, and others. EVM blockchains are the oldest programmable blockchains, and the ecosystem is well supported.
The Auth0 Lab team is working on open-source the code so it can be modified and moved to other blockchain platforms. That process takes some time, so keep an eye out by following us on Twitter or heading to our GitHub organization and give it a follow.
Unlocking NFTs for Your Application
How it Works
The Auth0 Lab fetch-nfts integration works by relying on a few other pieces of infrastructure.
- It utilizes the Sign in with Ethereum integration that SpruceID released in the Auth0 Marketplace in 2022. This allows the integration to grab a public blockchain address for the user, which is critical to querying an NFT smart contract to know if they own an NFT. If a user logs in with a method other than Sign in with Ethereum, NFTs won’t be fetched.
- During setup and configuration, specify a list of NFT contracts that you’d like the Auth0 Actions code to query. You’ll also need to specify an API key for The Graph, a service that queries blockchain data.
- With a public key in hand, and a list of NFT contracts to search, the Actions code calls out to The Graph’s APIs to query the necessary NFT contracts. It returns a list of caip-22 asset references that your Action adds to the ID token as claims.
- From there, you can utilize the data in your application to make any decision, like token gating access, that you feel necessary!
Installation
Check out our installation guide to get started!
What’s Next?
The Auth0 Lab team is actively exploring the best ways to enable developers to build applications that rely on Web3 identity constructs and help bridge the Web2 and Web3 worlds. You can follow our progress on Twitter. If you’re interested in speaking with the team, join our Discord and start a thread.
The Auth0 Marketplace is looking for Web3 partners to build new extensions onto Auth0. Visit https://auth0.com/integrate to learn more.
About the author
Samuel Frank
Senior Product Manager