Learn how ZKAuth uses zero-knowledge proofs to provide tenant-bound zero-knowledge authentication.
Understanding the core concepts behind zero-knowledge authentication
Mathematical proofs that verify knowledge without revealing the knowledge itself
ZK proofs allow users to prove they know a password without ever sending the password to the server.
Modern cryptographic controls with Groth16 verification, Argon2id, and replay protection
All authentication data is encrypted using state-of-the-art cryptographic algorithms.
User data is never stored or transmitted in plain text
Server compromise does not reveal plaintext passwords from stored commitments, but operational secrets still require normal protection.
Support for WebAuthn passkey ceremonies when RP ID and origin are configured
Use WebAuthn as a step-up or passkey path alongside ZK proof verification.
Step-by-step process of how ZKAuth authenticates users securely
Registration and authentication with ZK proof generation and verification
// 1. User Registration with ZK Proof (SDK handles proof generation)
const registerResult = await zkauth.register({
email: 'user@example.com',
password: 'secure-password',
deviceInfo: { deviceName: 'Chrome on Mac', deviceType: 'desktop' }
});
// 2. Authentication with ZK Verification
const session = await zkauth.login({
email: 'user@example.com',
password: 'secure-password',
deviceInfo: { deviceName: 'Chrome on Mac', deviceType: 'desktop' }
});
// 3. Session Management
if (session.success) {
console.log('ZK Proof verified successfully');
console.log('Session token:', session.data?.session?.token);
}Enterprise-grade authentication features for production applications
Multi-factor authentication, device trust, and custom proof types
// Advanced Authentication with Custom Proofs
const customAuth = await zkauth.authenticate({
email: 'user@example.com',
password: 'secure-password',
options: {
proofType: 'groth16',
proofComplexity: 'high',
passkeyCredential: credentialResponse,
deviceTrust: true,
locationVerification: true
}
});
// Multi-factor Authentication
const mfaResult = await zkauth.verifyMFA({
sessionId: session.id,
mfaCode: '123456',
mfaType: 'totp'
});
// Session Validation
const isValid = await zkauth.validateSession({
token: session.token,
proofHash: session.proofHash,
deviceId: deviceId
});Built-in security measures to protect your applications
Rate limiting and progressive delays prevent automated attacks
// Automatic rate limiting
const auth = await zkauth.signIn(email, password);
// If failed attempts detected, progressive delays are appliedTrack and verify trusted devices for enhanced security
// Device verification
const device = await zkauth.registerDevice({
deviceId: generateDeviceId(),
deviceInfo: getDeviceInfo(),
userAgent: navigator.userAgent
});Secure session tokens with automatic expiration and rotation
// Session configuration
const session = await zkauth.createSession({
userId: user.id,
expiresIn: '24h',
maxDevices: 5,
requireReauth: true
});Comprehensive audit trails for compliance and security monitoring
// Audit log entry
const auditLog = await zkauth.logEvent({
event: 'user_login',
userId: user.id,
ipAddress: clientIP,
userAgent: userAgent,
success: true
});Continue learning about ZKAuth security and implementation