Skip to Content
⚠️ Note: Some details in this documentation may not be fully accurate yet.
What is an Alien Session?

What is an Alien Session?

An Alien Session is a unique, cryptographically-verified session created once by a user for your application (provider).

Core Concept

When a user authenticates with your mini app, web app, or application through Alien SSO for the first time, a session is created once for that specific provider. Each session is created within the Alien Network’s Frame architecture, in MPC-based TEEs.

This session represents a permanent, verified connection between the user (their Alien ID) and your application (the provider). The same session is reused for all subsequent authentications by that user with your application.

You can read the advanced reasoning on why Sessions are important by Alien’s founder Kirill Avery: Proving You’re Human: How to Solve Privacy in the Era of AI 

Stored on Alien Network

All sessions are stored on the Alien Network as immutable, verifiable records. This ensures:

  • Transparency: anyone can verify a session’s authenticity on-chain.
  • Tamper-proof: once created, sessions cannot be modified or forged.
  • Decentralized: no central authority controls session data.
  • Privacy: a user’s personal data never leaves their device.
  • Permanent audit trail: full history of session creation and lifecycle.

Managed via Alien ID

Sessions are created and managed by users through their Alien ID:

  • Users control which sessions to create and for which applications.
  • Users can revoke sessions at any time through their Alien ID.
  • All session actions require user authorization via their Alien ID.
  • Private keys never leave the user’s device.

Unique for User and Provider

Each session is unique and tied to both the user’s Alien ID and your specific provider. This means:

  • The same user authenticating with your app will have a different session than when they authenticate with another app.
  • Each session is isolated and cannot be reused across different providers.
  • Sessions are tamper-proof and verified on-chain through cryptographic proofs.

One Session = One Person

This architecture provides strong protection against bots and fake accounts.

Bot Protection

  • Cryptographic verification: each session is created in an execution layer within Frame TEEs and signed with the user’s private key.
  • One identity per person: the Alien Network ensures each person has only one Alien ID.
  • Session uniqueness: bots cannot duplicate or forge sessions without access to the user’s private keys.

Sybil Attack Prevention

  • On-chain verification: all sessions are verifiable on the blockchain.
  • Provider isolation: sessions cannot be shared or transferred between different applications.
  • Proof of personhood: each session is backed by an Alien ID.

Session Lifecycle

1. Creation

When a user approves authentication in the Alien App:

  • A session is created in an execution layer within Frame TEEs.
  • A session address is generated.
  • The session is recorded on-chain (for Solana SSO) or verified via JWT (for standard SSO).

2. Active

While the session is valid:

  • Your app can verify the user.
  • The user’s approved claims (name, avatar) are available.
  • The session cannot be tampered with or forged.

3. Revocation

Sessions remain active on-chain until revoked:

  • Users can revoke sessions at any time through their Alien ID.
  • Only the session creator (user) can revoke their sessions.
  • Once revoked, a session cannot be restored.

Benefits for Your Application

Security

  • No password management: users don’t need passwords for your app.
  • Non-custodial: you never have access to users’ private keys.
  • Cryptographic proof: each session is cryptographically verifiable.

User Experience

  • Single sign-on: users authenticate once across all Alien-integrated apps.
  • Privacy control: users choose which claims to share with your app.
  • Mobile-friendly: QR code or deep link authentication.

Compliance

  • GDPR-friendly: users control their own data.
  • Audit trail: all sessions are verifiable on-chain.
  • Data minimization: only approved claims are shared.

Session vs User Identity

It’s important to understand the distinction:

AspectSessionUser Identity
UniquenessPer provider, per authenticationGlobal across Alien Network
ScopeYour application onlyAll Alien-integrated apps
LifetimeUntil revokedPermanent
PurposeAuthentication stateUser’s verified identity

A single user has one Alien ID but can have multiple sessions across different applications.

Next Steps

Last updated on
Getting StartedWhat is an Alien Provider?