Note: We are no longer hosting the Bonsai Pay demo application - if you'd still like try out Bonsai Pay, check out Bonsai Pay: Getting Started to run a local version!

‍

Today marks the launch of Bonsai Pay, a cutting-edge open-source web application designed to streamline the entry of newcomers into the Ethereum network by leveraging their existing Google accounts. Developed utilizing the robust capabilities of RISC Zero's zkVM and Bonsai proving service, Bonsai Pay embodies the seamless integration of onchain applications with prominent identity providers like Google, Apple, Facebook, Twitch, LinkedIn, GitLab, and more, facilitated through the OpenID Connect protocol. This innovative approach not only simplifies user experience but also fosters broader adoption by connecting familiar online identities with the expansive possibilities of the Ethereum ecosystem.

To build on top of the open source Bonsai Pay repo or the RISC Zero zkVM, apply for a Bonsai API key here.

‍

Introduction

For users and developers alike, online identity and account management is complex and burdensome.

• Users want to have rich online experiences spanning multiple applications and services without worrying about privacy and security - and without the need to manage dozens or hundreds of separate accounts.
• Developers want the ability to launch new applications and services without worrying about the friction of requiring new users to sign up, let alone having to implement and manage their own authentication and security.

In web and mobile applications, the common solution is to allow users to sign up and log in using accounts they already have by integrating with popular identity providers such as Google and Apple.

This approach is popular because of the many benefits it provides:

• Users don’t need to manage separate accounts and passwords for every application.
• Critical security features, such as account recovery, multi-factor authentication, and secure credential storage, can be delegated to established identity providers with the resources to tackle these complex tasks.
• Many identity providers offer more than authentication: they also provide access to the user’s profile data, which can accelerate user onboarding and generally provide richer experiences.

Unfortunately, technical barriers and trust assumptions have historically prevented onchain applications from adopting this pattern and leveraging its benefits. As a result, users face the burden of becoming expert custodians of sensitive cryptographic data — a burden that most Internet users are unprepared to bear.

To facilitate widespread adoption, applications must cater to the general public. This often means enabling users to access services with existing online accounts. With excitement, we introduce Bonsai Pay, an open-source web application that demonstrates the seamless integration of onchain applications with the OAuth 2.0, utilized by major identity providers and facilitated through OpenID Connect, in conjunction with the powerful zkVM and Bonsai from RISC Zero. This article will dive into the workings of Bonsai Pay and explore the substantial advantages and potential that OAuth 2.0 integration holds for onchain ecosystems.

‍

Bonsai Pay

To showcase the power of OpenID integration for onchain apps, we built Bonsai Pay, a service that allows users to send or login and withdraw ETH and tokens on Ethereum using their existing Google account.

The flow is simple: if Alice (alice@gmail.com) wants to send some tokens to Bob (bob@gmail.com), all Alice needs to do is visit the website, specify the recipient as bob@gmail.com, and deposit some funds in the contract. Later, Bob can visit the website, Sign in with Google, and collect their account’s deposited balance.

Under the hood, Bonsai Pay is powered by an escrow contract on Ethereum. When Alice sends tokens to Bob, she sends them to the escrow contract. Her transaction includes metadata that identifies Bob as the desired recipient. The escrow contract receives the funds and updates its onchain state to reflect Bob’s new balance.

Up to this point, everything that’s happened is fairly standard. The magic happens when Bob goes to withdraw his tokens. To make a withdrawal, Bob must prove he’s the owner of his Google account. This is where OAuth2.0 and RISC Zero enter the picture.

Bob navigates to the Bonsai Pay website to perform a withdrawal, signs in with Google, and provides his wallet address. Behind the scenes, Bonsai Pay uses the Bonsai proving service to generate a zero-knowledge proof that binds his Google account to his address. This proof is then sent to the escrow contract, which verifies the proof and withdraws the tokens.

The full source code for Bonsai Pay is available here. We’ve also deployed Bonsai Pay on the Ethereum Sepolia testnet so you can try it yourself! Learn more and apply for a Bonsai API key here.

‍

OpenID integration made easy

OpenID Connect (OIDC) is an Internet standard that allows users to reuse existing accounts and profiles across various applications and surfaces. All popular identity providers, including Google, Apple, Facebook, Twitch, LinkedIn, GitLab, and others, support it.

OpenID Connect (OIDC) builds upon the OAuth 2.0 authorization framework, enabling users to authenticate with their existing accounts from services like Google, Apple, and others. Bonsai Pay incorporates this robust protocol to authenticate user identities efficiently while simultaneously leveraging OAuth 2.0's secure authorization capabilities to provide access to the Ethereum network. This dual integration ensures that users experience a frictionless transition between trusted identity providers and the decentralized web, paving the way for a future where logging into and using blockchain applications is as straightforward as any traditional web service. With ERC-4773 account abstraction and paymasters, it will soon be common for users to onboard into the Ethereum ecosystem with a single click.

‍

An easy project, thanks to good foundations

Developing onchain applications like Bonsai Pay is made remarkably straightforward thanks to the robust infrastructure offered by RISC Zero. By harnessing the power of the zkVM and Bonsai proving service, developers can easily integrate zero-knowledge proofs and build secure and efficient decentralized applications.

The frontend of Bonsai Pay is a typical React web3 application that interfaces with a Rust websocket relay service. This backend service is built using RISC Zero’s bonsai-sdk, simplifying communication between the web application and Bonsai. This clear-cut integration accelerates the development process, allowing developers to focus on creating a responsive and intuitive user experience while harnessing the power of zero-knowledge proofs.

Authentication and validation are a breeze with the integration of identity JSON Web Tokens (JWT) obtained from identity providers. These tokens are validated within the zkVM using the jwt_compact Rust crate, a process that ensures the security and validity of the signed-in user through standard protocols and public key cryptography. This means that users can trust that their credentials are managed correctly without compromising security.

The culmination of this process is the generation of a zk-proof, which is essential for verifying transactions on the blockchain. The RISC Zero verifier contract takes this proof and validates it onchain, providing a secure link between the user's identity and their blockchain address.

This seamless development framework is a testament to RISC Zero's commitment to creating accessible blockchain solutions. It paves the way for developers to introduce a new era of decentralized applications that are secure, private, and user-friendly. By reducing the complexity associated with zero-knowledge proofs, RISC Zero sets the stage for wider development, adoption, and a richer ecosystem of onchain applications with realistic and pragmatic user experience.