Overview
Authorization keys enable users to fully control self-custodial wallets within a trusted execution environment (TEE). They are not applicable for on-device wallets.
Interacting directly with user authorization keys is an advanced setting.
If you are using Privy via a client-side SDK, user authorization keys are entirely invisible—you do not have to manually interact with authorization keys in order to create or transact with wallets.
Self-custodial Privy wallets are those owned by an authorization key that the user controls. For example, you can configure fully user self-custodial wallets by:
- Authenticating a user with the User authorization key API to issue an authorization key
- Directly adding the user’s passkey as the authorization key
User authorization keys are authorization keys that users control directly via an authentication method. Privy infrastructure manages issuing session-based authorization keys to users via the User authorization key API. This configuration results in cryptographically-enforced user custody of wallets.
Learn more about the User authorization key API architecture here.
Authentication methods
Privy integrates directly with any OIDC or JWT-based authentication system and also offers dozens of login methods natively, including email, SMS, social login, passkeys, and more. The User authorization key API ensures that if a user is logged in, they always have access to their wallet.
Was this page helpful?