📓Smart Sign-On

Cronos zkEVM Smart Sign-On is an extension of ZKsync Smart Sign-On (SSO), a user and developer friendly system designed to simplify authentication, session management, and transaction processing.

Built on the Cronos zkEVM chain, it enables users to interact with decentralized applications using passkeys, secure credentials stored on their devices, eliminating the need for traditional seed phrases. When a user signs up, their device creates a passkey (like a secure login), which links to a smart account on-chain. This smart account holds their assets and lets them interact with dApps. Through the SSO SDK, dApps can create short-term sessions where users can approve transactions using simple methods like biometrics or a PIN, instead of signing each one manually. This helps make the experience faster, safer, and more user-friendly.

Key Features

Passkey based authentication
Modular smart accounts
Configurable sessions
No installs required
No seed phrase or private key exposure
Accounts can easily be recovered

Auth Sever

The Cronos zkEVM SSO system simplifies account creation and login by leveraging passkeys and smart accounts, all managed through a secure and privacy-preserving authentication layer.

The authentication server is hosted at https://sso.zkevm.cronos.org/. This static web page acts as the central hub for managing user passkeys and smart account sessions.

When signing in for the first time, users will:

Create a passkey, which is stored securely on their device (e.g., in iCloud Keychain or Google Password Manager).
Automatically deploy a smart account on Cronos zkEVM linked to the passkey. The deployment fee is sponsored by Cronos zkEVM via a paymaster.

Passkeys are bound to the SSO domain (i.e., sso.zkevm.cronos.org) due to WebAuthn security constraints. This means:

Your passkey works across any DApp that integrates with Cronos zkEVM SSO.
You can use the same account across multiple DApps without re-registering.

Multi-Device Access

If your device supports passkey sync (e.g., through iCloud or Google Password Manager), your passkey can be securely shared across your other devices, allowing you to sign in with the same SSO account on each device.

Alternatively, if you sign in on a new device without syncing, you'll be prompted to create a new passkey. This also creates a separate smart account, since each passkey is treated as a distinct identity. In other words, registering a new passkey on a different device (without syncing) means starting with a new account.

Cronos SSO Dashboard

This Cronos zkEVM SSO dashboard serves as a unified interface for managing authentication and account operations on the Cronos zkEVM ecosystem. Acting as both an SSO Auth Server and a user dashboard, it enables users to securely interact with the Cronos zkEVM through a simple single-page application.

As a non-custodial intermediary, the Auth Server supports:

Passkey Creation: Generate and manage passkeys for secure, password-less authentication.
Session Display: Displays session keys configured with specific access permissions and spending constraints.

The user dashboard extends functionality by allowing users to:

View asset balances in Cronos zkEVM
Monitor and terminate active sessions
Manage passkeys and registered devices (Coming soon)
Set up account recovery options (Coming soon)
Review full transaction history (Coming soon)
Explore the NFT marketplace (Coming soon)

Note: Cronos zkEVM SSO is under development, and will be released in future updates.

Quick Start

This quick start is based on the ZKsync SSO Quick Start, adapted to use Cronos zkEVM blockchain specifications. For more details, please refer to the ZKsync SSO Quick Start and Session Interface documentation.

1. Install the ZKsync SSO SDK package

npm i zksync-sso
# optional peer dependencies
npm i @simplewebauthn/browser @simplewebauthn/server @wagmi/core

Note on peer dependencies:

@wagmi/core is required when using the ZKsync SSO connector (zksyncSsoConnector) in your app.
@simplewebauthn/browser and @simplewebauthn/server are required when using SDK passkey functionality directly inside your app.

2. Config Cronos zkEVM networks

import { defineChain } from "viem/utils";
import { chainConfig } from "viem/zksync";

export const cronoszkEVMTestnet = defineChain({
 ...chainConfig,
 id: 240,
 name: "Cronos zkEVM Testnet",
 nativeCurrency: {
   decimals: 18,
   name: "Cronos zkEVM Test Coin",
   symbol: "zkTCRO",
 },
 rpcUrls: {
   default: { http: ["https://testnet.zkevm.cronos.org"] },
 },
 blockExplorers: {
   default: {
     name: "Cronos zkEVM Testnet Explorer",
     url: "https://explorer.zkevm.cronos.org/testnet",
   },
   native: {
     name: "Cronos zkEVM Testnet Explorer",
     url: "https://explorer.zkevm.cronos.org/testnet",
   },
 },
 testnet: true,
});

export const cronosZKEVMMainnet = defineChain({
 ...chainConfig,
 id: 388,
 name: "Cronos zkEVM",
 nativeCurrency: {
   decimals: 18,
   name: "Cronos zkEVM Coin",
   symbol: "zkCRO",
 },
 rpcUrls: {
   default: { http: ["https://seed.zkevm.cronos.org/"] },
 },
 blockExplorers: {
   default: {
     name: "Cronos zkEVM Explorer",
     url: "https://explorer.zkevm.cronos.org",
   },
   native: {
     name: "Cronos zkEVM Explorer",
     url: "https://explorer.zkevm.cronos.org",
   },
 },
 testnet: false,
});

3. Add ZKsync SSO connector to your app

import { zksyncSsoConnector, callPolicy } from "zksync-sso/connector";
import { createConfig, connect } from "@wagmi/core";

const ssoConnector = zksyncSsoConnector({
 metadata: {
   name: "YOUR_NAME",
   icon: "YOUR_ICON",
   configData: {
       // YOUR CONFIG DATA
   }
 },
 authServerUrl: "https://sso.zkevm.cronos.org/confirm",
 // Optional session configuration, if omitted user will have to sign every transaction via Auth Server
 session: {
   expiry: "EXPIRY_DURATION",
   feeLimit: GAS_FEE_LIMIT,
   contractCalls: [
     callPolicy({
       address: "YOUR_CONTRACT_ADDRESS",
       abi: ["YOUR_CONTRACT_ABI"],
       functionName: "YOUR_CONTRACT_FUNCTION_NAME",
       constraints: [
         {
           index: FUNCION_ARG_INDEX_START_FROM_0,
           value: ARG_VALUE,
           limit: {
               limit: LIFE_TIME_OR_ALLOWANCE,
               period: TIME_DURATION
           }
         },
         ...
       ],
     }),
   ],
   transfers: [
     {
       to: "RECIPIENT_ADDRESS",
       maxValuePerUse: MAX_VALUE,
       valueLimit: VALUE_LIMIT
     },
   ],
 },
});

const wagmiConfig = createConfig({
 connectors: [ssoConnector],
 chains: [cronosZKEVMMainnet, cronoszkEVMTestnet],
 ..., // your wagmi config https://wagmi.sh/core/api/createConfig
});

const connectWithSSO = () => {
 connect(wagmiConfig, {
   connector: ssoConnector,
   chainId: cronoszkEVMTestnet.id, // or cronosZKEVMMainnet.id for Mainnet
 });
};

1. Install the ZKsync SSO SDK package

npm i react-native-zksync-sso

2. Configure platform-specific settings

The React Native SDK currently supports iOS and Android only. Make sure your application is set up to create passkeys by following the platform-specific guidelines:

iOS: Refer to Apple's documentation for setting up passkey support in your iOS app.
Android: Refer to Google's documentation for implementing passkey support in your Android app.

3. Set up the SDK and register an account

Deployed Contract Information:

SessionKeyValidator

0x084035cb30507CB7bF9e908Bd1e4514BcE594801

WebAuthValidator

0x141D9c2b49FdE9E6Ce89eCbdCFFde196D5c06161

AAFactory

0xFC5620d827b262Eb2133A8b64FB7E85682f717AC

AuthServerPaymaster

0xDeA0694F76babC82dc2A04fEB60cdFD17DD389E9

import sdk from 'react-native-zksync-sso';

const config = {
 contracts: {
   accountFactory: "AAFactory_address",
   passkey: "WebAuthValidator_address",
   session: "SessionKeyValidator_address",
   accountPaymaster: "AuthServerPaymaster_address"
 },
 nodeUrl: "https://...",
 deployWallet: {
   privateKeyHex: "0x..."
 }
};

const accountInfo = {
 name: "Jane Doe",
 userID: "[email protected]"
};

const rpId = sdk.utils.createRpId(
 "example.com",
 "android:apk-key-hash:your-app-key-hash"
);

const challenge = sdk.utils.generateRandomChallenge();

const deployedAccount = await sdk.register.registerAccountWithUniqueId(
 {
   name: accountInfo.name,
   userID: accountInfo.userID,
   rp: {
     name: "example.com",
     id: rpId
   }
 },
 challenge,
 config
);

4. Send a transaction

import sdk from 'react-native-zksync-sso';
import { AccountClient } from 'react-native-zksync-sso';

const accountClient = new AccountClient(
  {
    address: deployedAccount.address,
    uniqueAccountId: deployedAccount.uniqueAccountId
  },
  rpId,
  config
);

const transaction = {
  to: "0x...", // Recipient address
  value: 1000, // Amount in wei
  from: deployedAccount.address,
  input: undefined // Optional: contract call data
};

const receipt = await accountClient.sendTransaction(tx);

More Examples

For more examples on how to build dApps with Cronos zkEVM SSO, please visit our GitHub repository:

https://github.com/cronos-labs/zksync-sso/tree/main/examples

PreviousAccount abstraction NextUsing zkCRO, vETH and vUSD

Last updated 3 months ago