oauth login example

[amiller]

Would be neat to show how to use an ordinary oauth (like login with Twitter) to create an on chain attestation that can be used to claim a reward. This can be used for example to send crypto as a tip to a social media account, where the owner of the social media account can later log in to claim it.

I can think of two main ways to do this. One is using the key manager. An address associated with the application would be created, the secret key for this address would only be shared with TEE instances running the given program (subject to update policies imposed by the key manager itself).
The other way could work with just remote attestation, which would have to be checked on chain (or to be more efficient, zkp of the remote Attestation).

[h4x3rotab]

Another idea: Map each social identity to a unique wallet derived from TEE key manager. Then the account owner can always retrieve the raw private key of their corresponding wallet from the TEE.

Pros:

• No smart contract needed. Attack surface reduced.
• Support almost any blockchain.
• Apply to not only ERC20, but also any onchain ownership (like contract ownership and multisig membership)
• Similar to Privy, the owner can always "evacuate" the private key and use it in any wallets / clients.

Even better, we can make the wallet address derivation non-interactive by using BIP-32 (hd wallet). In this case, the app generates a master key pair in the TEE, and use it to derive the wallet key for individual twitter accounts deterministically. The most interesting part is that, xPub can be made public so that anyone can derive the wallet address by themselves locally, even without the need to talk to the TEE. Only the account owners need to talk to the TEE to retrieve the private key of their derived wallet.