Frictionless UX in Web3: The Magic of Session Keys
Pre-approval of transactions, made possible with account abstraction
Hello 0xPass fam -
Confirming transactions on the blockchain can be a cumbersome process, requiring users to review and authorize each individual transaction.
However, what if there was a way to streamline this process while still ensuring security and control? That's where session keys, powered by Account Abstraction, come in.
If you like the content we’re bringing you, consider sharing this post with others and checking out our product 0xPass!
If you want a shorter version, take a look at our threads on Twitter. We went over what session keys are, how they work, and why they can revolutionize UX in web3.
What are session keys?
Session keys are essentially pre-approved signatures that users can create based on specific policies and parameters. For example, a user could create a session key that is only valid for a certain function within a smart contract or for a specific time period.
Once the session key is created and authorized, a dapp can use it to sign transactions on behalf of the user without requiring their explicit confirmation for each transaction.
The key benefit of session keys is that they provide a seamless user experience, while still maintaining control and security. Permissions for session keys can be revoked at any time, which means users are always in control of their funds and can prevent unauthorized transactions from occurring. Additionally, since session keys can be set up to only allow certain types of transactions, users can have greater confidence that their assets won't be compromised by malicious actors.
Session keys offer a wide range of possibilities for use cases. For example, blockchain gaming platforms can use them to create a more fluid in-game experience, allowing players to make purchases and transactions without interrupting their gameplay. Similarly, DeFi dapps can use session keys to automate certain actions on behalf of their users, such as rebalancing portfolios or executing trades based on pre-defined parameters.
Several projects in the blockchain ecosystem have already adopted session keys, including Cartridge and Argent. The latter has pioneered "trusted sessions" on the consumer side, allowing end-users to take actions without their guardians' approvals.
How do session keys work?
It's a simple 3-part system: the user's smart wallet/account, the session request, and the dapp.
First, the dapp creates a "session request" that includes its own key, expiry timeline, and list of policies.
These policies contain a contract address and selectors, specifying the smart contracts and their accompanying functions that apply to the session key being created.
Once the session request is created, the dapp prompts the user to authorize and approve the request.
This leads to the creation of a session key that is valid for the specified time period and policies. This key can then be used to sign transactions in accordance with its policy rules, without requiring the user to approve every single transaction.
You can also dig into Argent’s implementation of session keys here.
Thanks for reading 0xPass’s Substack! Subscribe for free to receive new posts and support our work.