🔑 Authentication
ERC-4337 accounts can use any arbitrary authentication logic. Here are some options and resources.
Traditional Signers
ERC-4337 accounts can use any authentication logic they want in the signature
field of a user operation. However, most of the time a traditional scheme is used.
Authentication on blockchains is traditionally done with private keys. In the Ethereum ecosystem, EIP-1193 signers are used as the common interface. EIP-1193 signers can be injected with a browser wallet (like MetaMask) or with an embedded wallet plugin.
Tool | Key Management Method | Authentication Methods | Plug-n-play front end? |
---|---|---|---|
Privy | MPC | Social, device | Yes |
Dynamic | MPC | Social, device | Yes |
Web3Auth | MPC, key sharding | Social, device, password | Yes |
Particle Network | MPC, threshold signature scheme | Email, Social, SMS | Yes |
Ethers, viem, web3 | Private key | None, often used with MetaMask | No |
Magic.link | AWS KMS | Email, Social, SMS | Yes |
Lit Protocol | MPC, threshold secret sharing | Custom, provides private-key-pair and Lit Actions framework | No |
Fireblocks | Custodial | Custom | No |
Turnkey | Custodial | Custom | No |
Passkeys & WebAuthn
WebAuthn is a popular authentication framework that leverages authenticators built directly into devices like computers and phones. There are a number of projects developing Passkeys that use WebAuthn for ERC-4337 smart accounts.
- Passkeys-4337
- Kernel Passkey module (under development)
- Barz secp256r1 vaidator in userop.js
- Gnosis Safe Example
Session Keys
Session keys can also be used. Typically this requires writing custom code for your smart account or using a smart account library that includes it natively.
Experimental Methods
ERC-4337 allows more than a single private key to validate user operations for an account. This allows you to mix methods for secrets and set security levels for each type of key. We have written about using oAuth and device keys in our blog.
Updated 11 months ago