Skip to main content

Social Logins in Account Abstraction

Social logins enable users to sign in using their existing Web2 identities—such as Google, Facebook, GitHub, or X (Twitter)—eliminating the need to create and manage separate wallet credentials. This familiar authentication mechanism enhances user onboarding while preserving security.

Why Social Logins?

Traditional wallets require users to securely store a seed phrase or private key—an intimidating concept for new users. Social login providers abstract away this friction by:

  • Letting users authenticate with OAuth or OpenID Connect (OIDC)
  • Generating cryptographic keypairs under the hood
  • Restoring access across devices without a seed phrase
  • Supporting passwordless flows

This dramatically improves UX and makes it easier to onboard users from Web2 environments into Web3 dApps.

Role in Account Abstraction (ERC-4337)

In ERC-4337-based smart accounts, social login providers act as authentication layers that manage:

  • Keypair generation and recovery
  • Session persistence across devices
  • Seamless UserOperation signing and submission

This means users can interact with smart contracts without:

  • Installing browser extensions
  • Handling private keys manually
  • Being aware of gas fees (when using sponsored transactions)

How It Works

  1. User signs in via social login (e.g., Google).
  2. Auth provider derives a keypair securely using techniques like:
    • WebAuthn hardware-backed keys
    • Shamir Secret Sharing (with MPC fallback)
    • Biometric factors + session storage
  3. Public key maps to smart account using a deterministic counterfactual address (via CREATE2).
  4. UserOperations are signed using the derived key and sent to the bundler.

Supported Providers

Our SDK integrates with the following providers:

Dynamic

  • Plug-and-play Web3 authentication
  • Supports multiple social platforms
  • MPC and WebAuthn backed key custody
  • Offers embedded wallets and gasless transactions

Privy

  • Lightweight, embeddable login SDK
  • Fully client-side key generation and management
  • Biometric login, secure storage
  • Integrates well with ERC-4337 smart accounts

Security Considerations

While social logins improve onboarding, it’s crucial to consider:

  • Session hijacking prevention with secure cookies and expiration windows
  • Device recovery mechanisms (e.g., backup codes, 2FA, MPC shards)
  • Rate limiting + CAPTCHA to defend against automated login abuse
  • Session Key Constraints using ERC-7579 modules for time-scoped or app-scoped access

Bridging Web2 → Web3

With social logins and account abstraction, users can:

  • Create an account without touching seed phrases
  • Use apps across mobile, desktop, and browsers
  • Recover access via social identity
  • Interact with dApps that "feel" like traditional apps

This represents a critical step toward mass adoption.