SSO: Is it possible to offer user to store private key or seed somewhere else?

[tempe-techie]

If a web3 app integrates SSO and a user logs in with it, is it possible to then show the mnemonic seed to the user and ask them to write it down? Can app access the seed or private key?

The reason why I'm asking is because I noticed that if I use SSO on a different device (another phone that I have, for example), it will generate a different address when I log in with SSO. So if I lose a phone, I may lose access to my funds. I've tried many ways to get to the same address on both phones, and nothing worked.

Which means that web apps using SSO will need a way to ask user to store private key or seed somewhere else (either write it down or something else).

[JackHamer09]

Hey! Let me help you understand how SSO works and what's possible:

• No Seed Phrase or Private Key:
  SSO accounts don’t use a seed phrase or traditional private key. Instead, they are created and managed using Passkeys. The private key for passkeys is securely stored in your device’s secure enclave, and there’s no way to extract it.

• Passkey Synchronization:
  Passkeys are usually synchronized between devices depending on the provider. For example:

  • On Apple devices, passkeys (using FaceID or TouchID) are synchronized via iCloud.
  • This allows you to access the same account on multiple devices where the passkey is available, ensuring account recovery if you lose one device.
    We’re also working on additional ways to help you recover your account, so stay tuned!

• Sign Up vs. Sign In:

  • When you create an account via an SSO Auth Server, you use the “Sign Up” button.
  • To log in to an existing account, you should use the “Sign In” button instead. After clicking it, you’ll see a passkey confirmation screen. Once confirmed, you’ll access your previously created account.

• More Details:
  You can find additional information in the ZKsync SSO Documentation.

---

Regarding your last point:

"Which means that web apps using SSO will need a way to ask users to store the private key or seed somewhere else."

This isn’t applicable because SSO accounts do not expose private keys or seed phrases to the app or the user. Instead, the passkey system handles account security and recovery through trusted device synchronization.

If you could elaborate further on your concerns, I’d be happy to clarify!

[tempe-techie]

Hey @JackHamer09, thanks for the reply!

EDIT: I managed to resolve the issue below. It was the "sign in" vs "sign up" thing 😅 When I used Sign In, it worked and there was no error. Although I imagine people having a problem with that, so if it's possible to have just one button, that would be the best.

--

(RESOLVED)

The issue that I have is the following:

• I have two Android phones.
• On both phones I'm connected with the same Google account.
• I can successfully sign up with a passkey on Phone A (I signed into the official demo app on https://nft.zksync.dev/).
• When I open the demo app on Phone B, it finds the passkey from Phone A, but it fails to sign in. I get the "Passkey validation failed" error (see the image below)

Any idea what could be wrong?

I imagine this may happen to users often in the future, that's why I asked if there's another way to store the key, but I guess that's out of question for SSO...

[JackHamer09]

Are you sure you're using same SSO account on both devices? You can figure that out by looking at the address at the top of the popup screen. It might be that you're still logged in to the previous account which is registered with a different passkey.

[JackHamer09]

Also can you try logging out by clicking the small logout icon in that popup on both devices and then see if you can log back in using same passkey