📓Smart Sign-On

​Cronos zkEVM Smart Sign-On is an extension of ZKsync Smart Sign-On (SSO), a user and developer friendly system designed to simplify authentication, session management, and transaction processing.

Built on the Cronos zkEVM chain, it enables users to interact with decentralized applications using passkeys, secure credentials stored on their devices, eliminating the need for traditional seed phrases. When a user signs up, their device creates a passkey (like a secure login), which links to a smart account on-chain. This smart account holds their assets and lets them interact with dApps. Through the SSO SDK, dApps can create short-term sessions where users can approve transactions using simple methods like biometrics or a PIN, instead of signing each one manually. This helps make the experience faster, safer, and more user-friendly.

Key Features

• Passkey based authentication

• Modular smart accounts

• Configurable sessions

• No installs required

• No seed phrase or private key exposure

• Accounts can easily be recovered

Auth Sever

The Cronos zkEVM SSO system simplifies account creation and login by leveraging passkeys and smart accounts, all managed through a secure and privacy-preserving authentication layer.

The authentication server is hosted at https://sso.zkevm.cronos.org/. This static web page acts as the central hub for managing user passkeys and smart account sessions.

When signing in for the first time, users will:

• Create a passkey, which is stored securely on their device (e.g., in iCloud Keychain or Google Password Manager).

• Automatically deploy a smart account on Cronos zkEVM linked to the passkey. The deployment fee is sponsored by Cronos zkEVM via a paymaster.

Passkeys are bound to the SSO domain (i.e., sso.zkevm.cronos.org) due to WebAuthn security constraints. This means:

• Your passkey works across any DApp that integrates with Cronos zkEVM SSO.

• You can use the same account across multiple DApps without re-registering.

Multi-Device Access

If your device supports passkey sync (e.g., through iCloud or Google Password Manager), your passkey can be securely shared across your other devices, allowing you to sign in with the same SSO account on each device.

Alternatively, if you sign in on a new device without syncing, you'll be prompted to create a new passkey. This also creates a separate smart account, since each passkey is treated as a distinct identity. In other words, registering a new passkey on a different device (without syncing) means starting with a new account.

Cronos SSO Dashboard

This Cronos zkEVM SSO dashboard serves as a unified interface for managing authentication and account operations on the Cronos zkEVM ecosystem. Acting as both an SSO Auth Server and a user dashboard, it enables users to securely interact with the Cronos zkEVM through a simple single-page application.

As a non-custodial intermediary, the Auth Server supports:

• Passkey Creation: Generate and manage passkeys for secure, password-less authentication.

• Session Display: Displays session keys configured with specific access permissions and spending constraints.

The user dashboard extends functionality by allowing users to:

• View asset balances in Cronos zkEVM

• Monitor and terminate active sessions

• Manage passkeys and registered devices (Coming soon)

• Set up account recovery options (Coming soon)

• Review full transaction history (Coming soon)

• Explore the NFT marketplace (Coming soon)

Quick Start

This quick start is based on the ZKsync SSO Quick Start, adapted to use Cronos zkEVM blockchain specifications. For more details, please refer to the ZKsync SSO Quick Start and Session Interface documentation.

npm i zksync-sso
# optional peer dependencies
npm i @simplewebauthn/browser @simplewebauthn/server @wagmi/core

import { defineChain } from "viem/utils";
import { chainConfig } from "viem/zksync";

export const cronoszkEVMTestnet = defineChain({
 ...chainConfig,
 id: 240,
 name: "Cronos zkEVM Testnet",
 nativeCurrency: {
   decimals: 18,
   name: "Cronos zkEVM Test Coin",
   symbol: "zkTCRO",
 },
 rpcUrls: {
   default: { http: ["https://testnet.zkevm.cronos.org"] },
 },
 blockExplorers: {
   default: {
     name: "Cronos zkEVM Testnet Explorer",
     url: "https://explorer.zkevm.cronos.org/testnet",
   },
   native: {
     name: "Cronos zkEVM Testnet Explorer",
     url: "https://explorer.zkevm.cronos.org/testnet",
   },
 },
 testnet: true,
});

export const cronosZKEVMMainnet = defineChain({
 ...chainConfig,
 id: 388,
 name: "Cronos zkEVM",
 nativeCurrency: {
   decimals: 18,
   name: "Cronos zkEVM Coin",
   symbol: "zkCRO",
 },
 rpcUrls: {
   default: { http: ["https://seed.zkevm.cronos.org/"] },
 },
 blockExplorers: {
   default: {
     name: "Cronos zkEVM Explorer",
     url: "https://explorer.zkevm.cronos.org",
   },
   native: {
     name: "Cronos zkEVM Explorer",
     url: "https://explorer.zkevm.cronos.org",
   },
 },
 testnet: false,
});

import { zksyncSsoConnector, callPolicy } from "zksync-sso/connector";
import { createConfig, connect } from "@wagmi/core";

const ssoConnector = zksyncSsoConnector({
 metadata: {
   name: "YOUR_NAME",
   icon: "YOUR_ICON",
   configData: {
       // YOUR CONFIG DATA
   }
 },
 authServerUrl: "https://sso.zkevm.cronos.org/confirm",
 // Optional session configuration, if omitted user will have to sign every transaction via Auth Server
 session: {
   expiry: "EXPIRY_DURATION",
   feeLimit: GAS_FEE_LIMIT,
   contractCalls: [
     callPolicy({
       address: "YOUR_CONTRACT_ADDRESS",
       abi: ["YOUR_CONTRACT_ABI"],
       functionName: "YOUR_CONTRACT_FUNCTION_NAME",
       constraints: [
         {
           index: FUNCION_ARG_INDEX_START_FROM_0,
           value: ARG_VALUE,
           limit: {
               limit: LIFE_TIME_OR_ALLOWANCE,
               period: TIME_DURATION
           }
         },
         ...
       ],
     }),
   ],
   transfers: [
     {
       to: "RECIPIENT_ADDRESS",
       maxValuePerUse: MAX_VALUE,
       valueLimit: VALUE_LIMIT
     },
   ],
 },
});

const wagmiConfig = createConfig({
 connectors: [ssoConnector],
 chains: [cronosZKEVMMainnet, cronoszkEVMTestnet],
 ..., // your wagmi config https://wagmi.sh/core/api/createConfig
});

const connectWithSSO = () => {
 connect(wagmiConfig, {
   connector: ssoConnector,
   chainId: cronoszkEVMTestnet.id, // or cronosZKEVMMainnet.id for Mainnet
 });
};

npm i react-native-zksync-sso

import sdk from 'react-native-zksync-sso';

const config = {
 contracts: {
   accountFactory: "AAFactory_address",
   passkey: "WebAuthValidator_address",
   session: "SessionKeyValidator_address",
   accountPaymaster: "AuthServerPaymaster_address"
 },
 nodeUrl: "https://...",
 deployWallet: {
   privateKeyHex: "0x..."
 }
};

const accountInfo = {
 name: "Jane Doe",
 userID: "[email protected]"
};

const rpId = sdk.utils.createRpId(
 "example.com",
 "android:apk-key-hash:your-app-key-hash"
);

const challenge = sdk.utils.generateRandomChallenge();

const deployedAccount = await sdk.register.registerAccountWithUniqueId(
 {
   name: accountInfo.name,
   userID: accountInfo.userID,
   rp: {
     name: "example.com",
     id: rpId
   }
 },
 challenge,
 config
);

import sdk from 'react-native-zksync-sso';
import { AccountClient } from 'react-native-zksync-sso';

const accountClient = new AccountClient(
  {
    address: deployedAccount.address,
    uniqueAccountId: deployedAccount.uniqueAccountId
  },
  rpId,
  config
);

const transaction = {
  to: "0x...", // Recipient address
  value: 1000, // Amount in wei
  from: deployedAccount.address,
  input: undefined // Optional: contract call data
};

const receipt = await accountClient.sendTransaction(tx);

More Examples

For more examples on how to build dApps with Cronos zkEVM SSO, please visit our GitHub repository:

https://github.com/cronos-labs/zksync-sso/tree/main/examples