controller-signers
Controller Signers & Authentication
Controller supports multiple authentication methods (signers) for flexibility and security.
Supported Signer Types
| Type | Description | Best For |
|---|---|---|
webauthn |
Passkey (biometric/hardware key) | Primary auth, most secure |
google |
Google OAuth | Easy onboarding |
discord |
Discord OAuth | Gaming communities |
twitter |
Twitter/X OAuth | Social integration |
argent |
Argent wallet (Starknet) | Starknet native users |
braavos |
Braavos wallet (Starknet) | Starknet native users |
metamask |
MetaMask (desktop only) | EVM users |
phantom-evm |
Phantom EVM mode (desktop only) | Multi-chain users |
rabby |
Rabby wallet (desktop only) | Security-focused users |
walletconnect |
WalletConnect (desktop only) | Cross-device |
password |
Email/password | Testing only |
Warning: Password authentication is non-recoverable. If users lose their password, they permanently lose account access. Do not use in production.
Configuring Auth Options
const controller = new Controller({
signupOptions: [
"webauthn", // Passkeys
"google", // Google OAuth
"discord", // Discord OAuth
"twitter", // Twitter/X OAuth
"argent", // Argent wallet
"braavos", // Braavos wallet
"metamask", // MetaMask (desktop)
"phantom-evm", // Phantom (desktop)
"rabby", // Rabby (desktop)
"walletconnect",// WalletConnect (desktop)
],
});
Order reflects UI order. With one option, branded buttons appear.
Dynamic Authentication
Override auth options per connection:
// Default options
const controller = new Controller({
signupOptions: ["webauthn", "google", "discord"],
});
// Branded Phantom flow
await controller.connect(["phantom-evm"]);
// Branded Google flow
await controller.connect(["google"]);
Branded Buttons
Single signer config shows branded styling:
// Shows "sign up with Phantom" button with Phantom branding
const controller = new Controller({
signupOptions: ["phantom-evm"],
});
Passkey Authentication
Platform support: iOS (Face ID/Touch ID), Android, Windows Hello, password managers (Bitwarden, 1Password).
Passkeys are backed up via:
- Apple: iCloud Keychain
- Android: Google account
- Windows: Windows account
Social Login
Uses Auth0 + Turnkey wallet infrastructure:
- Popup OAuth flow (fallback to redirect if blocked)
- OIDC token validation with nonce
- Turnkey wallet creation linked to social account
Native app limitation: OAuth may not work in webviews. Use passkeys for native apps.
External Wallets
Starknet Wallets
- Argent: Advanced security features, account management
- Braavos: Built-in security features
EVM Wallets (Desktop Only)
- MetaMask: Popular browser extension
- Rabby: Security-focused multi-chain
- Phantom: Multi-chain with EVM support
Cross-Platform
- WalletConnect: QR code or deep link connection
Note: EVM wallets are automatically hidden on mobile browsers.
Chain Switching
const success = await controller.externalSwitchChain(
"metamask", // wallet type
chainId // target chain (hex)
);
Braavos does not support chain switching.
Transaction Confirmation
const response = await controller.externalWaitForTransaction(
"metamask",
txHash,
30000 // timeout ms
);
if (response.success) {
console.log("Receipt:", response.result);
} else {
console.error("Error:", response.error);
}
Multi-Signer Management
Add backup signers via Settings > Signer(s) > Add Signer (Mainnet only).
To remove a signer:
- Navigate to Settings > Signer(s)
- Find the signer to remove
- Click Remove option
Best practices:
- Add 2-3 different signer types for recovery
- Test each auth method periodically
- Remove compromised signers promptly
Account Synchronization
Argent and Braavos wallets auto-sync when user switches accounts in wallet.
Controller registers accountsChanged listener and updates state automatically.
Note: Account synchronization is currently only available for Starknet wallets (Argent and Braavos). Other external wallets maintain existing connection behavior.
Platform-Specific Configuration
const isMobile = /iPhone|iPad|iPod|Android/i.test(navigator.userAgent);
const authOptions = isMobile
? ["webauthn", "google", "discord", "argent", "braavos"]
: ["webauthn", "google", "discord", "argent", "braavos", "metamask", "walletconnect"];
await controller.connect(authOptions);
More from cartridge-gg/docs
controller-setup
Integrate Cartridge Controller wallet into Starknet applications. Use when setting up Controller for the first time, installing packages, configuring chains/RPC endpoints, or troubleshooting basic integration issues. Covers installation, Controller instantiation, ControllerConnector vs SessionConnector choice, chain configuration, and package compatibility.
69controller-sessions
Configure session keys and policies for Cartridge Controller to enable gasless, pre-approved transactions. Use when defining contract interaction policies, setting spending limits, configuring signed message policies, or implementing error handling for session-based transactions. Covers SessionPolicies type, policy definitions, verified sessions, and error display modes.
68controller-react
Integrate Cartridge Controller into React applications using starknet-react. Use when building React/Next.js web apps with Controller, setting up StarknetConfig provider, using hooks like useConnect/useAccount, or implementing wallet connection components. Covers ControllerConnector setup, provider configuration, and transaction execution patterns.
67controller-backend
Integrate Cartridge Controller into backend services using Node.js, Rust, or headless mode. Use when building server-side applications, game backends, automated bots, or any non-browser environment that needs to execute Starknet transactions. Covers SessionProvider for Node.js, Rust SDK setup, and headless Controller with custom signing keys.
61slot-vrng
Integrate Cartridge's verifiable random number generator (vRNG) into onchain games.
59slot-rpc
Configure Cartridge RPC endpoints with API token authentication and CORS whitelisting.
58