# Identity & Authentication ZDrive does not use accounts, passwords, or usernames. Your wallet is your identity. To start a session, you sign a message containing your address and a session UUID. The worker verifies the signature and grants access scoped to that session. ## Auth message format ``` ZDriveX Auth Address: 0x{your_address_lowercase} Session: {uuid_v4} This signature verifies wallet ownership and does not authorize any transactions. ``` The session UUID binds the signature to the current browser session only. If an attacker intercepts your signature, they can only replay it within that specific session — not across sessions. The UUID is discarded when you close the app. ## Verification flow ```mermaid sequenceDiagram participant B as Browser participant W as CF Worker participant BC as Base Chain B->>B: Generate session UUID B->>B: Build auth message (address + UUID) B->>B: wallet.signMessage(authMessage) B->>W: Request with {x_wallet, x_wallet_sig, x_session} W->>W: Rebuild expected message alt EOA wallet W->>W: ECDSA recover → compare address else Smart contract wallet (ERC-1271) W->>BC: isValidSignature(hash, sig) BC-->>W: 0x1626ba7e (valid) or revert end alt Signature valid W->>W: verifiedWallet = address W->>W: Proceed with tier check else Invalid W->>W: Treat as anonymous (session-based) end ``` ## ERC-1271 support ZDrive uses viem's `verifyMessage()` which handles both standard EOA wallets (ECDSA signature recovery) and smart contract wallets (ERC-1271 `isValidSignature` on-chain call). This means Coinbase Smart Wallet, Safe, and other account abstraction wallets work out of the box — no separate code path needed. > **Why not just ECDSA recovery?** Smart contract wallets like Coinbase Smart Wallet do not have a private key that produces a recoverable ECDSA signature. They use ERC-1271 instead. Calling `recoverMessageAddress` on a smart wallet signature silently returns a wrong address, which would block all smart wallet users without ever surfacing an error. ## Session lifecycle ```mermaid stateDiagram-v2 [*] --> Anonymous: No wallet connected Anonymous --> Connected: Connect wallet + sign auth message Connected --> Paid: Purchase credits (on-chain) Paid --> Connected: Credits depleted Connected --> Anonymous: Disconnect wallet Anonymous --> [*]: Session expires (1h / 10 queries) ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.zdrive.io/architecture/identity.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.