docs: refactor SSO docs (#290)

matter-labs · Dec 16, 2024 · cce09e5 · cce09e5
1 parent 04b2883
commit cce09e5
Show file tree

Hide file tree

Showing 11 changed files with 307 additions and 189 deletions.
diff --git a/content/00.zksync-era/30.unique-features/30.zksync-sso/10.architecture.md b/content/00.zksync-era/30.unique-features/30.zksync-sso/10.architecture.md
@@ -44,11 +44,16 @@ on-chain for the full benefits of decentralization.
 A set of smart contracts deployed on the ZKsync chain manage accounts, passkeys, and sessions.
 These contracts form the on-chain backbone of the ZKsync SSO system.
 
-- **ERC7579Account.** Implements the ZKSync modular account standard, allowing for extensible smart account functionalities.
-- **AAFactory.** A factory contract used to deploy new user accounts on the chain efficiently.
-- **SessionKeyValidator.** Manages session keys with specific spend limits, enhancing security by restricting their scope and usage.
-- **WebAuthnModule.** Handles authentication using WebAuthn standards, enabling passkey-based authentication methods.
-- **Account Proxies.** Each user account is an upgradable proxy contract for the ZKsync smart-sign-on implemention.
+- [**SsoAccount.**](https://github.com/matter-labs/zksync-sso-clave-contracts/blob/main/src/SsoAccount.sol)
+Implements the ZKSync modular account standard, allowing for extensible smart account functionalities.
+- [**AAFactory.**](https://github.com/matter-labs/zksync-sso-clave-contracts/blob/main/src/AAFactory.sol)
+A factory contract used to deploy new user accounts on the chain efficiently.
+- [**SessionKeyValidator.**](https://github.com/matter-labs/zksync-sso-clave-contracts/blob/main/src/validators/SessionKeyValidator.sol)
+Manages session keys with specific spend limits, enhancing security by restricting their scope and usage.
+- [**WebAuthnModule.**](https://github.com/matter-labs/zksync-sso-clave-contracts/blob/main/src/validators/WebAuthValidator.sol)
+Handles authentication using WebAuthn standards, enabling passkey-based authentication methods.
+- [**Account Proxies.**](https://github.com/matter-labs/zksync-sso-clave-contracts/blob/main/src/AccountProxy.sol)
+Each user account is an upgradable proxy contract for the ZKsync smart-sign-on implemention.
 
 ## Diagram
 

diff --git a/content/00.zksync-era/30.unique-features/30.zksync-sso/100.faqs.md b/content/00.zksync-era/30.unique-features/30.zksync-sso/100.faqs.md
@@ -8,44 +8,6 @@ description: Frequently asked questions about ZKsync SSO.
 Currently, only login with passkeys is supported in ZKsync SSO.
 We are working on adding support for logging in with an Externally Owned Account (EOA) in the future.
 
-## What are passkeys?
-
-Passkeys are digital credentials that eliminate the need for traditional passwords by using asymmetric cryptography for authentication.
-They consist of a key pair:
-
-- **Private Key**: Stored securely on the user's device (e.g., in a secure enclave or Trusted Platform Module) and never leaves the device.
-- **Public Key**: Shared with the relying party (ZKsync SSO Auth Server and associated smart contracts) during registration.
-
-Passkeys are based on the [WebAuthn](https://www.w3.org/TR/webauthn-2/) API and the FIDO2 standards,
-which support various authenticators like built-in device biometrics (fingerprint sensors, facial recognition)
-or external hardware security keys (YubiKey, SoloKeys). This ensures a high level of security and a seamless user experience.
-
-## What recovery options are available if I lose my passkey?
-
-In case you lose your passkeys, ZKsync SSO provides several methods to recover your account:
-
-### Multiple Devices with Passkey Synchronization
-
-You can synchronize your passkeys across multiple devices using services like iCloud Keychain for Apple devices or similar services on other platforms.
-This means if one device is lost, your passkeys are still accessible on other synchronized devices.
-
-<!--
-
-### Adding Another Passkey (*coming soon*)
-
-You will be able to register a new device by adding a new passkey to your account. This typically involves verifying your identity on the new device,
-after which the new passkey is securely associated with your account.
-
-### Recovery via Externally Owned Account (EOA) (*coming soon*)
-
-You will soon be able to link an Externally Owned Account (EOA) to your ZKsync SSO account. If passkeys are lost,
-you can recover access by authenticating with your EOA, providing an additional layer of security and recovery options.
-
-### Recovery via OAuth (*coming soon*)
-
-The OAuth Recovery ERC-7579 module enables you to set up account recovery through OAuth tokens associated with your existing Web2 logins like
-Gmail, Facebook, or X (formerly Twitter). This allows you to regain access by logging in with your familiar social media or email accounts.
--->
 ## How secure is ZKsync SSO?
 
 ZKsync SSO uses passkey authentication method to ensure that your account remains secure.
@@ -55,6 +17,19 @@ Private keys never leave your device, and biometric authentication adds an extra
 
 Yes, developers can integrate it into their applications without any licensing fees.
 
+## Do users need to worry about transaction fees?
+
+There are three points at which a transaction fee may apply:
+
+**Account Creation and Recovery Setup:** Free for users.<br>
+The first 1 million users can create accounts and set up recovery options without paying transaction fees, as ZKsync sponsors these fees.
+
+**Session Creation:** When creating application sessions, users pay a transaction fee (roughly equivalent to an ERC-20 transfer fee on ZKsync Era).
+Apps can sponsor these fees using a paymaster.
+
+**Transaction Fees:** Users pay regular low transaction fees when using ZKsync Era. This is the case regardless of whether users use ZKsync SSO or not.
+Apps can sponsor these fees using a paymaster, allowing users to transact without incurring any costs.
+
 ## How do I integrate ZKsync SSO into my application?
 
 Developers can integrate ZKsync SSO by using the available SDKs for web applications. Mobile SDKs for iOS and Android are coming soon.

diff --git a/content/00.zksync-era/30.unique-features/30.zksync-sso/20.features.md b/content/00.zksync-era/30.unique-features/30.zksync-sso/20.features.md
diff --git a/content/00.zksync-era/30.unique-features/30.zksync-sso/21.auth-server.md b/content/00.zksync-era/30.unique-features/30.zksync-sso/21.auth-server.md
@@ -0,0 +1,71 @@
+---
+title: Auth Server
+description: Get familiar with the ZKsync SSO auth server.
+---
+
+The Auth Server is a static web page that acts as a central manager of the account creation and authentication process.
+
+Because passkeys are only valid for a specific HTTPS domain,
+they are registered to [auth server's domain](https://auth-test.zksync.dev).
+This allows users to reuse their SSO account on any other domain.
+
+You can think of this like logging into Google, and using your Google account to create an account on a 3rd party website.
+You are able to sign in and logout of both ZKsync SSO, as well as each individual app that is integrated with it.
+
+## `zksyncSsoConnector`
+
+To connect to the Auth Server through the SDK, you can use the `zksyncSsoConnector` method.
+
+```ts
+const ssoConnector = zksyncSsoConnector({
+// ...options
+});
+
+const wagmiConfig = defaultWagmiConfig({
+  connectors: [ssoConnector],
+  // ...configValues
+});
+```
+
+<!-- // cspell: disable -->
+### `ZksyncSsoConnectorOptions` Interface
+<!-- // cspell: enable -->
+
+The configurable options for `zksyncSsoConnector` include the session config, basic app information (name, icon), and Auth Server URL.
+The fully expanded type looks like:
+
+<!-- // cspell: disable -->
+
+```ts
+/**
+  * @member metadata - Defaults to page title and website favicon
+  * @member session - Session configuration preferences
+  * @member authServerUrl - URL of the Auth Server
+  */
+type ZksyncSsoConnectorOptions = {
+  metadata?: {
+    name: string,
+    icon?: string,
+  },
+  session?: SessionPreferences,
+  authServerUrl?: string;
+};
+```
+<!-- // cspell: enable -->
+
+This returns a [WAGMI connector](https://wagmi.sh/core/api/connectors) that can be used to perform wallet-like
+actions with the available account.
+All of the functionality is then exposed via WAGMI,
+making the ZKsync SSO account nearly indistinguishable from any other standard wallet provider.
+
+## User Dashboard
+
+ZKsync SSO provides a [dashboard](https://auth-test.zksync.dev/dashboard) where users can conveniently manage their accounts through a web interface.
+
+This dashboard offers several key features:
+
+- View their asset balances across all the ZK Chains.
+- Add or remove passkeys or devices.
+- Configure account recovery options.
+- View all active sessions connected to their account and terminate unwanted sessions.
+- View their transaction history.