SPC Wallet Service

SPC allows users to create a passkey wallet on any dapp, use it on any other dapp & still have it managed by their wallet provider of choice. No extensions, no app switches, everything takes place on dapp website.

SPC is a browser native API that is designed to streamline payments on the web. It's purpose is to improve the UX for authenticating users across merchants (in web3 think dApps) whilst verifying cryptographically that the user can pay for a transaction with their payment provider (for web2 think bank & web3 think wallet).

The protocol is built on-top of webauthn in order to provide the cryptographic proof that the user indeed is the one that initiated the transaction.

In a normal SPC flow, a user wants to buy some goods from a merchant, they enter their card number & the merchant then initiates a passkey/webauthn ceremony with the users bank. SPC allows the merchant to leverage the banks passkey infra to validate the user is asking to (& is able to) pay for the goods.

The main advantage of SPC over normal passkey accounts is that the credentials can be created cross-origin, meaning that although the passkey is scoped to your wallet provider it is available to use on ANY other site.

By enabling dapps to make requests to wallet providers directly, we remove the need for a user to install a wallet - instead any dapp can request a signature from any wallet provider, directly on the dapp site (via an iframe, or embed)

This means dapps can create new users a passkey wallet when they first interact with crypto, without ever having to download a wallet.

For dapps this means they can request a passkey signature in an iframe, rather than relying on some other wallet.

Our demo:

• We have created a demo which involves a dapp and a wallet backend
• The user lands on the dapp and is prompted to create an account by creating a passkey signature with biometrics.
• We create them a credential with credentialId which is stored in a backend - this Id then allows any dapp to request a signature from this user.
• The user then mints a coupon for $10
• Now another dapp, knowing only the credentialId can creates a call to any wallet service to let the user sign a transaction in an iframe

Safe ERC4337 Module: We have adapted the demo Safe 4337 module to allow us to deploy an account controlled directly by a passkey created on a dapp. We use Pimlico for formatting the userop, bundling transactions, and gas estimations. Some notible changes to other safe 4337 modules include:

• Replacing the EOA owner with a P256 public key of a passkey
• Incorporating the WebAuthn-Sol library for validating a webauthn signed data
• Updating the demo from v0.6.0 of the entry point to v0.7.0