This write up is a review of several methods for validating ownership to a smart contract account using oAuth 2.0. Given the rise of account abstraction and EIP-4337, there is also an increase demand for more convenient verification methods like social login.

In summary, such a system would need to solve the following problems:

• End users only has to authenticate through social login to their account of choice (e.g. google).
• End users don't have to deal with private keys directly.
• The mechanism is non-custodial.
• The mechanism does not have a single point of failure (censorship resistant).

Providing a secure method for linking a user’s web2 identity to their on-chain account would significantly reduce the barrier to entry for newcomers to the Ethereum ecosystem.

Current methods

There are generally 3 methods to link a users web2 identity to their on-chain account.

1. MPC
2. Muti-sig
3. JWT ID Tokens

Multi-party computation (MPC)

Most current solutions rely on MPC techniques through Lit Protocol and Web3Auth. These solutions use a network of N nodes. On a high level each node verifies the IdP assertion before co-signing with a threshold signature scheme that requires M out of N approvals.

Although viable, these approaches introduce a lot of complexity. The details can be read in the above links, but given the context of account abstraction we’ll focus on other solutions that can leverage more of the EVM.

EVM multi-sig

Essentially, MPC enables off-chain multi-sig. But we can also achieve multi-sig using just the EVM. Given the context of 4337, this might make sense since we are already moving accounts to smart contracts.