Architecture
Understanding how 1auth components work together to provide secure, gasless authentication and transactions.
Overview
1auth is built on top of the Rhinestone SDK, adding a passkey-based authentication layer to Rhinestone's chain abstraction and smart account infrastructure. The result: fully chain-abstracted accounts secured by passkeys.
- Security through passkeys - WebAuthn provides hardware-backed, biometric authentication
- Full chain abstraction - One account, one balance, works across all supported chains
- Simplicity through abstraction - Complex blockchain operations are hidden from users
- Flexibility through standards - Built on ERC-7579 modular accounts with EIP-1193 compatibility for wide tooling support
System Components
1auth Service
The 1auth service runs at passkey.1auth.box and consists of two main parts:
Passkey Provider (iframe)
The passkey provider runs in a secure iframe embedded in your application and handles all WebAuthn operations:
- Passkey registration and authentication
- EIP-712 typed data signing
- Intent preparation and user approval
- Session persistence across origins
The iframe architecture ensures that passkey credentials are never exposed to the parent application, providing an additional layer of security.
Cross-App Session Persistence
Because the passkey provider runs on a dedicated domain (passkey.1auth.box), users stay logged in across all apps that integrate 1auth. Session state is stored in the provider's localStorage and cookies, separate from each app's origin.
This means:
- One login, many apps - Users authenticate once and are recognized across all 1auth-powered apps
- No unnecessary repeated passkey prompts - Returning users get a seamless experience
- App isolation - Individual apps never access session data directly; they communicate through the secure iframe
1auth Backend
The backend integrates the Rhinestone Orchestrator SDK to handle onchain execution:
- Receives signed intents from the passkey provider
- Uses Rhinestone SDK to convert intents into executable transactions
- Submits transactions across multiple chains
- Handles gas sponsorship and transaction monitoring
Chain Abstraction
1auth accounts are fully chain abstracted, powered by the Rhinestone SDK. Users interact with a single account that works seamlessly across all supported chains:
| Feature | Description |
|---|---|
| Cross-chain execution | Execute transactions on any supported chain from a single signature |
| Unified balances | Users see aggregated balances across chains |
| Automatic bridging | Assets are bridged as needed to fulfill transactions |
| Gas sponsorship | Users never need native tokens for gas |
| MEV protection | Transactions are protected from front-running and sandwich attacks |
Smart Account
Each user gets a fully self-custodial smart contract account that supports modular functionality via ERC-7579. The account is controlled by a passkey validator module that verifies WebAuthn signatures onchain—only the user can authorize transactions.
Key features:
- Counterfactual deployment (account exists before first transaction)
- Modular architecture for extensibility
- Same address on EVM chains
Request Flow
- User Action - User clicks PayButton or initiates transaction in your app
- SDK Request - 1auth SDK sends the transaction request to the passkey provider iframe
- Passkey Signing - User reviews and authenticates with Face ID/Touch ID
- Backend Processing - Signed intent is sent to 1auth backend
- Rhinestone Execution - Backend uses Rhinestone SDK to execute onchain
- Confirmation - SDK receives confirmation, updates UI
Learn More
- Rhinestone Documentation - Deep dive into the underlying infrastructure
- Passkeys - How passkeys provide secure, non-custodial authentication