# Near Wallet After reseaching Ledger implementation. 2 architectures I think web3auth can implemented. We could fork near wallet and add in the SDK as ref code for other wallet to integrate. ## Key exist in wallet, sdk provide signing capability (without privatekey export api) Once user login, key exists in sdk on near wallet site. ![](https://i.imgur.com/8vIWSMv.png) Pros - Simple, easy integrate, frictionless - no popup required for confirmation (although extra popup can be added) Cons - Key exists in near wallet (or any wallet user login to). Risk is on the wallet - no popup required for confirmation (although extra popup can be added) If near protocol is confidence with their wallet security we could go with this. <br/> ## Iframe Private Key stay in *Ledger*. Transaction is sent to ledger for signing. All action such as named account creation is done thru wallet ux We are replacing *Ledger* with Iframe Wallet <br/> ![](https://i.imgur.com/WsE1PtF.png) Pros - Web3Auth key is secured. Cons - need to host a small wallet that perform signing and inject iframe to near wallet (like how torus wallet does) - Extra confirmation needed - (one more server dependency)if Iframe wallet site is down, user wont able to login - not applicable for native app as app do not allow pop up and it is capable to exceute js code on the site it render (which might able to retrive sensitive data for redirectflow) <br/> #### Extra Options: - We could allow each wallet (NearWallet, MyNearWallet, HeroWallet) to have their own client id ( which generate different wallet on same login credential ) - We could also allow wallet to choose which client id they want to support ( provided the wallet is whitelisted by respective client id ) <br/> For both architecture the following flow is proposed <!-- ![](https://i.imgur.com/FTaxCWG.png) --> <!-- ![](https://i.imgur.com/0Hq1DJc.png) --> <!-- ![](https://i.imgur.com/5JnHj1E.png) --> <!-- ![](https://i.imgur.com/nJitplX.png) --> ![](https://i.imgur.com/WtLueJv.png) ![](https://i.imgur.com/hVYnxrO.png) <!-- ![](https://i.imgur.com/naCMJrY.png) --> ![](https://i.imgur.com/fXLjYaW.png) ![](https://i.imgur.com/hULnVPH.png) <br/> ### Current Ledger flow #### Mainnet ##### First time login 1) connect to ledger 2) approve from ledger 3) show public key account(implicit) on near wallet 4) fund the public key account(implicit) 5) create explicit accout - create named account with ledger public key as full access key - fund named account - generate private key - add generated public key as Function Access Key to named account - sign transaction using ledger approval this flow is not clear ?? 6) generated private key saved in local storage and use for wallet signing <br/> ##### Relogin with other wallet or browser 1) connect to ledger 2) approve from ledger 3) find named account which ledger public key is added - sign transaction using ledger approval <br /> This flow is not clear 4) generate private key 5) add generated private key as funtional Access Key to named account, signed by named account 6) generated private key saved in local storage and use for wallet signing