Imagine blockchain games that feel like AAA web2 games, where you can open loot boxes or colonize asteroids without repeatedly opening your wallet to sign transactions. That would feel magical, right? Welcome to a world with session keys.
In previous articles, we’ve discussed how we've utilized account abstraction at Argent to improve blockchain UX. Session keys take this to the next level! In this article, we’ll dive deeper into session keys, their importance, how they work, and how to implement them on Starknet.
What are Session Keys?
Session keys give dapps the ability to autonomously sign transactions on behalf of a user while being restricted to specific limits on duration and value. This means users can grant dapps permission to send pre-approved transactions without requiring user confirmation every time, opening up numerous use cases for dapps on Starknet. Let’s explore a few.
Potential use cases for Session Keys
Gaming: Session Keys enhance the user experience of games by allowing uninterrupted gameplay. Users can authorize dapps to sign required transactions on their behalf, creating a more immersive gaming experience. To experience session keys firsthand, play Influence.
Unlocking new payment possibilities: With session keys, dapps can unlock new payment models such as recurring payments, dollar-cost-averaging, subscriptions and more.
DeFi: With session keys, DeFi apps such as DEXs can achieve the ease and smoothness of CEXs without their many drawbacks. Potential uses include:
- Automatic claim of DeFi rewards
- Automatic rebalancing of liquidity pools
- User safety protections in lending applications, such as the automatic closing of positions approaching liquidation
Session key implementation
Our implementation of session keys relies on verifications both with Argent’s backend and directly on-chain. The use of Argent’s backend ensures flexibility and low costs for users, such as implementing a gas counter without writing to storage and setting session durations and timings. Users maintain full self-custody of their accounts, and if the Argent backend were unresponsive, the session would become inactive. You can experiment with this early version on Influence. Soon, this model will be open to all dapps and accessible on both Web Wallet and Argent X.
Initiating a session
- The dapp generates a session key and sends a session request to the user for signature. The session request includes the session key, the expiry date, a list of allowed methods and metadata such as token spending limits, max gas usage, NFT contracts etc.
- The user signs the session in his wallet and passes it to the backend.
- The session will only be activated if also signed by the account’s guardian (Argent’s backend). The backend signs the session request after running some checks and validating the session key is a whitelisted key before finally storing the session data (expiry date, allowed methods etc..)
The session is now signed by the user and Argent’s backend. It is initiated.
Using a session
- The dapp creates a session transaction and sends specific calls to Argent’s backend (incl. session calls)
- The backend verifies that these calls are allowed by an active session (within allowed methods, expiry date, token and gas limits etc..) and signs the transaction on behalf of the user
- The dapp signs the transaction and it is sent onchain for execution.
Once a session is active, the user is not needed anymore. The interactions only happens between the dapp, Argent’s backend and the account. Sessions can remain active even when the user’s wallet is locked (e.g. performing pre-defined in-game actions when the user is away from his computer).
FAQs
Why Web Wallet ?
The earlier version of session keys currently used by Influence only works with Web Wallet, but it will soon be available to all Argent smart-accounts with guardians enabled.
Why not take a fully on-chain approach?
Keeping the whole verification logic on-chain introduces more complexity and higher costs for users. Our approach grants us the best of both worlds: the security of verifying the main properties on-chain with the flexibility and efficiency of verifying some other properties off-chain.
What happens if Argent’s backend goes down ?
The back-end is then unable to co-sign the session so the dapp can't use it. No funds are at risk, the session is inactive.
Can I revoke the session ? The session can be revoked on chain, independently from Argent’s backend.
Are there security concerns ?
Our implementation uses what we call session policies. Policies specify what and what not, the dapp is authorized to do on behalf of the user, and the user is guaranteed that the dapp can only execute transactions that comply with these policies.
Can I try out Session keys already?
We are currently in partnership with Influence to bring the first implementation of session keys to you. If as a dapp developer, you are interested in trying out session keys, please reach out to our Ecosystem Lead, Antoine Sparenberg for whitelisting.
Why we built Session Keys
Session keys 10x the user experience on Starknet. We are excited to be the first wallet on Starknet to support it!
We're constantly iterating and innovating to give you the UX you deserve. If you have any questions regarding this, reach out to me, I’d love to help you build on Starknet with Argent.
For more developer resources, follow us across our socials:
Argent Twitter — @argentHq
Argent Engineering Twitter — @argentDeveloper
LinkedIn — @argentHq
Youtube — @argentHQ
