Skip to main content
Cavos provides verifiable, MPC-free OAuth wallet infrastructure for Starknet applications. It turns your identity into your wallet using on-chain RSA-2048 verification.

Key Features

OAuth Wallets

Your OAuth account IS your wallet. Same login = same wallet across all devices. No seed phrases.

JWT Verification

On-chain RSA signature verification of JWT tokens. Ephemeral keys registered via cryptographic proof.

Gasless Transactions

Users can transact without holding ETH. All gas fees are sponsored via AVNU Paymaster.

Cross-Platform

SDKs for both web (React) and mobile (React Native) with unified APIs.

How OAuth Wallets Work

Cavos creates self-custodial wallets tied to your OAuth identity:
  1. User authenticates with Google, Apple, or Firebase email/password
  2. Provider issues JWT token with user identity (sub claim)
  3. Wallet address derived deterministically from OAuth user ID
  4. Ephemeral key generated for transaction signing (~24 hour lifetime)
  5. First transaction deploys account + registers session key via JWT verification
  6. All transactions signed automatically with session key - no prompts needed
[!NOTE] Your wallet address is computed from your OAuth identity. There are no private keys to manage - your Google/Apple/Firebase account IS your wallet.

Choose Your Platform

Web SDK

For React web applications. Uses WebAuthn for passkey authentication.

React Native SDK

For iOS and Android apps. Uses native passkeys with platform authenticators.

Authentication Methods

Cavos supports multiple ways to authenticate:
  • Google OAuth: Login with Google account
  • Apple OAuth: Login with Apple ID
  • Email/Password: Traditional auth with Firebase (email verification required)
  • Passkey-Only: Anonymous wallets for privacy-focused apps

Quick Example

import { CavosProvider, useCavos } from '@cavos/react';

function App() {
  return (
    <CavosProvider 
      config={{ 
        appId: 'your-app-id',
        session: {
          defaultPolicy: {
            allowedContracts: ['0x049d...'],
            spendingLimits: [{ token: '0x049d...', limit: 10n * 10n**18n }],
            maxCallsPerTx: 10
          }
        }
      }}
    >
      <WalletDemo />
    </CavosProvider>
  );
}

function WalletDemo() {
  const { login, register, address, execute, isAuthenticated } = useCavos();

  // Social Login
  const handleSocialLogin = async () => {
    await login('google');  // or 'apple'
    // Wallet is ready! Ephemeral key generated automatically
  };

  // Email/Password Registration
  const handleRegister = async () => {
    await register('firebase', {
      email: 'user@example.com',
      password: 'secure123'
    });
    // User receives verification email
  };

  // Email/Password Login
  const handleEmailLogin = async () => {
    await login('firebase', {
      email: 'user@example.com',
      password: 'secure123'
    });
    // Must verify email before login succeeds
  };

  if (!isAuthenticated || !address) {
    return (
      <div>
        <button onClick={handleSocialLogin}>Login with Google</button>
        <button onClick={handleRegister}>Register with Email</button>
      </div>
    );
  }

  // Transactions are signed automatically with session key
  const handleTransfer = async () => {
    const txHash = await execute({
      contractAddress: '0x049d36570d4e46f48e99674bd3fcc84644ddd6b96f7c741b1562b82f9e004dc7',
      entrypoint: 'transfer',
      calldata: ['0x...recipient', '1000000000000000000', '0'],
    });
    console.log('Transaction hash:', txHash);
  };

  return (
    <div>
      <p>Connected: {address}</p>
      <button onClick={handleTransfer}>Send Transfer (Gasless)</button>
    </div>
  );
}

How It Works Under the Hood

First Transaction:
  1. SDK signs transaction with session key
  2. Includes full JWT + RSA signature in calldata
  3. Account contract deploys itself via paymaster
  4. Contract verifies JWT RSA signature on-chain
  5. Ephemeral key is registered
  6. Transaction executes
Subsequent Transactions:
  1. SDK signs with session key (lightweight signature)
  2. No JWT needed - key already registered
  3. Much cheaper gas cost
  4. Ephemeral keys auto-renew when they expire

Key Benefits

FeatureBenefit
No Seed PhrasesYour OAuth account IS your wallet
Cross-DeviceSame login = same wallet everywhere
Self-CustodialYou control your wallet, not Cavos
GaslessNever need to buy crypto to transact
On-Chain SecurityJWT verified on-chain, not by backend
Auto-RenewalEphemeral keys renew automatically