Hi,
We are using web3auth to create wallets for users based on their socials. We would like to get the permission from the user to sign transactions even when the user is offline. The user should be able to revoke this permission and should be the only owner of the wallet. Is there a way to do so? We need this for Ethereum and Solana.
Hi there! Thank you for reaching out. It sounds like you’re exploring new integration possibilities with Web3Auth, specifically regarding offline transaction signing and user permissions.
Unfortunately, Web3Auth currently requires users to be online for authentication and transaction signing to maintain security and privacy. However, your idea of granting permission to sign transactions offline while allowing the user to revoke this permission is interesting.
While this functionality isn’t supported at the moment, you can always consider submitting a feature request to the Web3Auth team for future enhancements. They appreciate feedback from developers like you!
Is there anything else you would like assistance with?
Note: This response was generated by an AI bot and may require further verification. The Web3Auth support team has tracked this issue and will be responding as soon as possible.
Hey @mario, can you please share more details about the user case. Once, we have more idea about the use case we will be able to provide appropriate solution.
Hey @Ayush,
I’d be happy to provide more details but I’m not sure what else to say. Maybe an example can help: a platform could sell/buy for a user when certain market conditions are met. The user won’t be able to sign the tx because they may be offline and the platform performs the signing and submission automatically. Therefore the platform would have to be able to sign txs for the user. In order to do so, the user would have to give the permission to the platform to sign a transaction using their key. It’s like ERC-20 approve but more general and done at the key management level. The user owns the key but can give other users access to some usage of the key, such as signing.
Is this more clear?
Hey @mario for this case there are few ways you can achieve. I’ll go through them, and you can choose the right fit.
- The simplest way would be the custodial way, where you store the user’s private key, and perform the actions on their behalf. I would not recommend this because this defeats the purpose of making a dApp.
- You can use the ERC 4337 along with ERC 7579 to achieve this. You can use the Web3Auth EOA as a signer, and create a ERC 4337 account(ones which support ERC 7579) using Safe/Kernel/Biconomy Nexus. You can decide on this. Once you have created the 7579 compatible smart account, you can use the Smart Sessions Module to give the scoped permissions. You can read more here: How to use session keys using Smart Sessions – Rhinestone Docs