Tomo Social Login


Tomo Wallet is a revolutionary social wallet that seamlessly integrates advanced security with the convenience of social logins. Leveraging Multi-Party Computation (MPC) technology, Tomo Wallet ensures your private keys are stored securely, providing top-notch protection for your digital assets.

Social Login Convenience

With Tomo Wallet, managing your assets has never been easier. Enjoy the simplicity and speed of social logins, such as Gmail, allowing you to access your wallet anytime, anywhere without the hassle of remembering complex passwords or recovery phrases. This feature not only enhances user experience but also makes onboarding new users effortless.

Advanced Security with MPC Technology

Security is at the core of Tomo Wallet. By utilizing Multi-Party Computation (MPC), we distribute the computation of private keys across multiple parties, ensuring that no single entity ever has full access to your keys. This method significantly reduces the risk of key compromise, providing you with peace of mind that your assets are safeguarded by state-of-the-art cryptographic techniques.

Social Login API

Currently Tomo wallet API support Gmail OAuth login. The typical flow is as follows:

  • Gmail login via third-party OAuth libraries.

  • Get Google request id after successful Gmail login. And use that id to request Tomo access token.

  • Use the above access token to interact with Tomo MPC API and recover user key pair at client side.

Configure Google Client ID

First configure the following Tomo's Google client id:

Initialize OAuth Provider

Then use recommended react-oauth/google to invoke Google OAuth 2.0 login:

<GoogleOAuthProvider clientId="">
     <Component {...pageProps} />

Gmail Login and MPC API

const login = useGoogleLogin({
 flow: 'auth-code',
 onSuccess: (codeResponse) => {
   loginByGmail(codeResponse?.code).then((data) => {
       const accessToken = data?.data?.result?.token
       return getSeedWords(accessToken)
     }).then((data) => {
       const seedWords = data?.data?.result
 onError: (err) => {

export const loginByGmail = async (code) => {
 const url = ''
 try {
   const resp = await, {
   return resp;
 } catch(e) {
   // error

export const getSeedWords = async (accessToken) => {
 const url = ''
 try {
   const headers = {
     Authorization: `Bearer ${accessToken}`
   const resp = await axios.get(url, {
   const {data: {result}} = resp
   const seed = combine([Buffer.from(result.shareA, 'hex'), Buffer.from(result.shareB, 'hex')]);
   const seedWords = seed.toString();
   return seedWords;
 } catch(e) {
   // error

Last updated