Transaction Flow

Understand transaction flows when using ZKsync SSO.

This section outlines user authentication and session management the flows within an application using ZKsync SSO.

Create new Smart Sign-On

zksync sso transaction flow

1. User Initiates Sign-In

The user navigates to an app and clicks "Connect" button.

2. Passkey Creation

User is prompted to create a new passkey (e.g., Face ID, Fingerprint). User uses biometrics or PIN to create a passkey. Private key for this passkey is stored on the physical device.

3. Passkey Public data is sent to Auth Server

Passkey Public Key and Credential ID is sent to Auth Server. Credential ID is a globally unique value that identifies a specific passkey. We use it to tie user passkey to their address on chain.

4. Passkeys are recorded on chain

A new smart contract account is deployed by ZKsync SSO Auth Server using deployAccount(public-key, credential-id). Passkey public data is deployed on ZKsync Era chain for a user's new 0x account address.

5. Return account address to Auth Server

A smart contract returns a new 0x account address on ZKsync Era back to the Auth Server, for which the user's passkey will serve as a signer.

6. Account address is shared with App

Auth Server returns the new 0x account address back to the application

Create SSO Session

zksync sso transaction flow

1. App requests a new session

Application creates a transaction to request a new session using SSO SDK. Application needs to create Session Public Key, Session Private Key, Session Config.

2. Session request is sent to Auth Server

Application calls createSession(SessionPublicKey, SessionConfig) on Auth Server.

3. Transaction approval

Auth Server validates the session, displays it to the user and requests a Passkey from user's local device to sign the session creation transaction. User uses a passkey either by entering a PIN or scanning their biometics to authorize the transaction.

4. Auth Server creates a session

Auth Server calls createSession(SessionPublicKey, SessionConfig) on the smart account, which in turn adds a session entry on chain.

5. Smart contract returns tx receipt

Upon successful session creation on chain, a smart account returns transaction confirmation back to the Auth Server. Auth Server stores the session information in their local storage.

6. Session confirmation sent to the app

Auth Server sends transaction confirmation of session creation back to the application. From here on, application is authorized to sign transactions on user's behalf using Session Private Key created in step 1. Session Private Key is valid as long as session is not expired and transactions are within approved policies defined in Session Config.

Interfaces

Get familiar with ZKsync SSO interfaces

Transaction Fees

Learn which transaction fees apply to ZKsync SSO.

Made with ❤️ by the ZKsync Community