url: github
session keys:
session keys are somewhat like account abstraction
it fulfils the dapp trilemma of
ux, interopability and security
ux - just connect wallet, and all other actions happen as long as it meets the session parameters interopability - because you’re using your wallet only ( where’s the wallet here? phantom etc ) security - self custody at the end of the day
two components of session keys
- an ephemeral keypair - used as a secondary signer in the target program
- session token - pda containinginformation about expiry and scope of the keypair
( i really need to go through soldev fr lol )
so this is how sessions keys work:
- you have your own account which creates a session key while connecting the wallet ( already bad ux )
- session key creates a keypair which is encrypted and stored in browser which is then used to sign txns etc
- this session token has to be validated by the smart contract ( bad dx )
nice experiment, but unlikely to work because of many factors
ways they could’ve continued
- not only create a protocol, but a product which is used by that protocol
- the session token needs to be verified in another way which doesn’t involve handling it in the smart contract code ( i cant back this statement yet )
- why are you assuming user has a wallet?
20 Dec 23 9:36 pm
maybe i understood it wrong? but key exchange is what session keys are - and it makes more sense
so gum.fun basically made key exchange possible on solana so that dapps dont have to continuously ask for your signature etc
makes so much more sense now