Skip to main content

Passkeys or Google Login MPC Wallet Example

Combine MPC and Passkeys (or Google Login) to provide a seamless onboarding experience for your self-custodial wallet.

The example project demonstrates how to create a self-custodial web-based wallet application utilizing MPC and Passkeys (or Google Login). The project uses the Sodot MPC SDK and Vertex as its key management infrastructure. The application allows users to generate keys, sign Ethereum transactions, and manage their wallet securely. It leverages Next.js and integrates with the Vertex and SDK products for key management and transaction signing.

The aim of this project is to provide a reference implementation for users of Sodot MPC Infrastructure that wish to implement their own "Sign-in with Google" or "Sign-in with Passkeys" onboarding experience for their self-custodial wallets.

The code and full technical details can be found in the Github repo.

note

A live version of this demo is hosted at: wallet-demo.sodot.dev

Project Architecture

The project is structured as follows:

  1. Frontend

    • Built with Next.js, a React framework for server-side rendering and static site generation.
    • Utilizes Mantine for UI components and styling.
    • Implements authentication using Google OAuth and Passkeys.
  2. Backend

    • Uses Next.js API routes for server-side logic.
    • Integrates with Prisma for database management.
    • Handles key generation and management using the Sodot Vertex (an MPC signer server).
  3. Database

    • Managed with Prisma and SQLite.
    • Stores user information and metadata.
  4. Key Management and Signing

    • Sodot MPC SDK is used for key generation and MPC signing on the client side.

    • Sodot MPC Vertex is used for secure key share storage and MPC signing on the server side.

    • 2 out of 2 Signing - 1 share with the SDK on the client side and 1 share with the Vertex on the server side.

Client Key Share Backup and Authentication

The project shows how to use either Google or Passkeys for user authorization and client key share backup.

  1. Google: This method uses Google Drive to store the backup of the client's shares. The shares are uploaded to the user's Google Drive account, ensuring that they can be recovered if needed. Additionally, the Google login session is used to authenticate the user.

  2. Passkeys: This method uses Passkeys to encrypt and store the backup of the client share. The encrypted share is stored on the server, and the Passkey is used to decrypt them in-memory on the client side when needed. The encryption prevents the server from accessing the client share. The Passkeys are also used as the authentication method.