Passwordless Single Sign-On

Tonomy enables users to access any affiliated Web2 or Web3 applications seamlessly. The sign-in process, analogous to Google Sign-In but employing QR codes, bridges desktop websites with mobile devices, establishing the mobile device as the primary authentication authority.

The passwordless single sign-on mechanism eliminates the need for users to input their passphrases for each website login. Instead, it utilises QR codes and URL redirections for swift and user-friendly authentication.

A distinctive aspect of the single sign-on process is the generation and authorisation of an application-specific private key. During the login procedure, a private key is randomly generated on the user’s device within the currently used application. For instance, a unique key is created in the local storage of the user's browser tab on Upon consenting to the login, this key is authorised to sign data on behalf of the user, with its scope limited to the application being accessed [Ref #3]. This key is subsequently employed for authorisation purposes from the application to Tonomy ID and in digital signature functionalities.

Google SSO comparison

This feature resembles Google Sign-In, yet operates independently of Google's involvement, allowing users to authenticate directly from their phone to the application without intermediary involvement.

MetaMask comparison

This method parallels the Web3 login experience via Metamask, focusing on user-friendliness by avoiding exposure to complex cryptographic details. It also facilitates in-app digital signatures, significantly enhancing user engagement and retention. Using scoped application keys within the multi-key account system elevates the usability of Tonomy ID, distinguishing it markedly from Metamask's single-account, single-key framework.

Last updated