# Smart Sign-On ​Cronos zkEVM Smart Sign-On is an extension of [ZKsync Smart Sign-On (SSO)](https://docs.zksync.io/zksync-era/unique-features/zksync-sso), a user and developer friendly system designed to simplify authentication, session management, and transaction processing. Built on the Cronos zkEVM chain, it enables users to interact with decentralized applications using passkeys, secure credentials stored on their devices, eliminating the need for traditional seed phrases. When a user signs up, their device creates a passkey (like a secure login), which links to a smart account on-chain. This smart account holds their assets and lets them interact with dApps. Through the SSO SDK, dApps can create short-term sessions where users can approve transactions using simple methods like biometrics or a PIN, instead of signing each one manually. This helps make the experience faster, safer, and more user-friendly. ### Key Features * Passkey based authentication * Modular smart accounts * Configurable sessions * No installs required * No seed phrase or private key exposure * Accounts can easily be recovered ### Auth Sever The Cronos zkEVM SSO system simplifies account creation and login by leveraging passkeys and smart accounts, all managed through a secure and privacy-preserving authentication layer. The authentication server is hosted at .\ This static web page acts as the central hub for managing user passkeys and smart account sessions. When signing in for the first time, users will: * Create a passkey, which is stored securely on their device (e.g., in iCloud Keychain or Google Password Manager). * Automatically deploy a smart account on Cronos zkEVM linked to the passkey. The deployment fee is sponsored by Cronos zkEVM via a paymaster. Passkeys are bound to the SSO domain (i.e., `sso.zkevm.cronos.org`) due to WebAuthn security constraints. This means: * Your passkey works across any DApp that integrates with Cronos zkEVM SSO. * You can use the same account across multiple DApps without re-registering. ### Multi-Device Access If your device supports passkey sync (e.g., through iCloud or Google Password Manager), your passkey can be securely shared across your other devices, allowing you to sign in with the same SSO account on each device. Alternatively, if you sign in on a new device without syncing, you'll be prompted to create a new passkey. This also creates a separate smart account, since each passkey is treated as a distinct identity. In other words, registering a new passkey on a different device (without syncing) means starting with a new account. ### Cronos SSO Dashboard This Cronos zkEVM SSO [dashboard](https://sso.zkevm.cronos.org/dashboard) serves as a unified interface for managing authentication and account operations on the Cronos zkEVM ecosystem. Acting as both an SSO Auth Server and a user dashboard, it enables users to securely interact with the Cronos zkEVM through a simple single-page application. As a non-custodial intermediary, the Auth Server supports: * Passkey Creation: Generate and manage passkeys for secure, password-less authentication. * Session Display: Displays session keys configured with specific access permissions and spending constraints. The user dashboard extends functionality by allowing users to: * View asset balances in Cronos zkEVM * Monitor and terminate active sessions * Manage passkeys and registered devices (Coming soon) * Set up account recovery options (Coming soon) * Review full transaction history (Coming soon) * Explore the NFT marketplace (Coming soon) {% hint style="info" %} **Note:** Cronos zkEVM SSO is under development, and will be released in future updates. {% endhint %} ### Quick Start This quick start is based on the [ZKsync SSO Quick Start](https://docs.zksync.io/zksync-era/unique-features/zksync-sso/getting-started), adapted to use Cronos zkEVM blockchain specifications. For more details, please refer to the [ZKsync SSO Quick Start](https://docs.zksync.io/zksync-era/unique-features/zksync-sso/getting-started) and [Session Interface](https://docs.zksync.io/zksync-era/unique-features/zksync-sso/sessions) documentation. {% tabs %} {% tab title="Web" %} #### 1. Install the ZKsync SSO SDK package ```typescript npm i zksync-sso # optional peer dependencies npm i @simplewebauthn/browser @simplewebauthn/server @wagmi/core ``` {% hint style="info" %} **Note on peer dependencies:** * @wagmi/core is required when using the ZKsync SSO connector (zksyncSsoConnector) in your app. * @simplewebauthn/browser and @simplewebauthn/server are required when using SDK passkey functionality directly inside your app. {% endhint %} #### 2. Config Cronos zkEVM networks ```typescript import { defineChain } from "viem/utils"; import { chainConfig } from "viem/zksync"; export const cronoszkEVMTestnet = defineChain({ ...chainConfig, id: 240, name: "Cronos zkEVM Testnet", nativeCurrency: { decimals: 18, name: "Cronos zkEVM Test Coin", symbol: "zkTCRO", }, rpcUrls: { default: { http: ["https://testnet.zkevm.cronos.org"] }, }, blockExplorers: { default: { name: "Cronos zkEVM Testnet Explorer", url: "https://explorer.zkevm.cronos.org/testnet", }, native: { name: "Cronos zkEVM Testnet Explorer", url: "https://explorer.zkevm.cronos.org/testnet", }, }, testnet: true, }); export const cronosZKEVMMainnet = defineChain({ ...chainConfig, id: 388, name: "Cronos zkEVM", nativeCurrency: { decimals: 18, name: "Cronos zkEVM Coin", symbol: "zkCRO", }, rpcUrls: { default: { http: ["https://seed.zkevm.cronos.org/"] }, }, blockExplorers: { default: { name: "Cronos zkEVM Explorer", url: "https://explorer.zkevm.cronos.org", }, native: { name: "Cronos zkEVM Explorer", url: "https://explorer.zkevm.cronos.org", }, }, testnet: false, }); ``` #### 3. Add ZKsync SSO connector to your app ```typescript import { zksyncSsoConnector, callPolicy } from "zksync-sso/connector"; import { createConfig, connect } from "@wagmi/core"; const ssoConnector = zksyncSsoConnector({ metadata: { name: "YOUR_NAME", icon: "YOUR_ICON", configData: { // YOUR CONFIG DATA } }, authServerUrl: "https://sso.zkevm.cronos.org/confirm", // Optional session configuration, if omitted user will have to sign every transaction via Auth Server session: { expiry: "EXPIRY_DURATION", feeLimit: GAS_FEE_LIMIT, contractCalls: [ callPolicy({ address: "YOUR_CONTRACT_ADDRESS", abi: ["YOUR_CONTRACT_ABI"], functionName: "YOUR_CONTRACT_FUNCTION_NAME", constraints: [ { index: FUNCION_ARG_INDEX_START_FROM_0, value: ARG_VALUE, limit: { limit: LIFE_TIME_OR_ALLOWANCE, period: TIME_DURATION } }, ... ], }), ], transfers: [ { to: "RECIPIENT_ADDRESS", maxValuePerUse: MAX_VALUE, valueLimit: VALUE_LIMIT }, ], }, }); const wagmiConfig = createConfig({ connectors: [ssoConnector], chains: [cronosZKEVMMainnet, cronoszkEVMTestnet], ..., // your wagmi config https://wagmi.sh/core/api/createConfig }); const connectWithSSO = () => { connect(wagmiConfig, { connector: ssoConnector, chainId: cronoszkEVMTestnet.id, // or cronosZKEVMMainnet.id for Mainnet }); }; ``` {% endtab %} {% tab title="React Native" %} #### 1. Install the ZKsync SSO SDK package ```typescript npm i react-native-zksync-sso ``` #### 2. Configure platform-specific settings The React Native SDK currently supports iOS and Android only. Make sure your application is set up to create passkeys by following the platform-specific guidelines: * iOS: Refer to [Apple's documentation ](https://developer.apple.com/documentation/authenticationservices/supporting-passkeys)for setting up passkey support in your iOS app. * Android: Refer to [Google's documentation](https://developer.android.com/identity/sign-in/credential-manager) for implementing passkey support in your Android app. #### 3. Set up the SDK and register an account Deployed Contract Information: {% tabs %} {% tab title="Mainnet" %}
SessionKeyValidator0x084035cb30507CB7bF9e908Bd1e4514BcE594801
WebAuthValidator0x141D9c2b49FdE9E6Ce89eCbdCFFde196D5c06161
AAFactory0xFC5620d827b262Eb2133A8b64FB7E85682f717AC
AuthServerPaymaster0xDeA0694F76babC82dc2A04fEB60cdFD17DD389E9
{% endtab %} {% tab title="Testnet" %}
SessionKeyValidator0xfebC82bBFC6FB8666AC45fa8a601DfA34Ce30710
WebAuthValidator0x0A019BD60E42b9d18413C710992B96E69dFFC5A0
AAFactory0x381539B4FC39eAe0Eb848f52cCA93F168a0e955D
AuthServerPaymaster0xA7B450E91Bc126aa93C656750f9c940bfdc2f1e9
{% endtab %} {% endtabs %} ```typescript import sdk from 'react-native-zksync-sso'; const config = { contracts: { accountFactory: "AAFactory_address", passkey: "WebAuthValidator_address", session: "SessionKeyValidator_address", accountPaymaster: "AuthServerPaymaster_address" }, nodeUrl: "https://...", deployWallet: { privateKeyHex: "0x..." } }; const accountInfo = { name: "Jane Doe", userID: "jdoe@example.com" }; const rpId = sdk.utils.createRpId( "example.com", "android:apk-key-hash:your-app-key-hash" ); const challenge = sdk.utils.generateRandomChallenge(); const deployedAccount = await sdk.register.registerAccountWithUniqueId( { name: accountInfo.name, userID: accountInfo.userID, rp: { name: "example.com", id: rpId } }, challenge, config ); ``` #### 4. Send a transaction ```typescript import sdk from 'react-native-zksync-sso'; import { AccountClient } from 'react-native-zksync-sso'; const accountClient = new AccountClient( { address: deployedAccount.address, uniqueAccountId: deployedAccount.uniqueAccountId }, rpId, config ); const transaction = { to: "0x...", // Recipient address value: 1000, // Amount in wei from: deployedAccount.address, input: undefined // Optional: contract call data }; const receipt = await accountClient.sendTransaction(tx); ``` {% endtab %} {% endtabs %} ### More Examples For more examples on how to build dApps with Cronos zkEVM SSO, please visit our GitHub repository: