Argus eye

[A]RGUS

Trustless JWKS Registry on Starknet.
Permissionless RSA key registration via zkTLS.

View RegistryDocs
scroll

Trustless · Permissionless · On-chain

How It Works

01

JWKS Endpoint

Google, Apple, and Firebase publish their RSA public keys at standard HTTPS endpoints. These rotate regularly.

02

zkTLS Proof via Reclaim

Reclaim Protocol generates a cryptographic proof that the HTTP response is authentic — without trusting any intermediary server.

03

On-chain RSA Verification

Argus verifies the Reclaim proof on-chain, checks the RSA modulus and kid against the proof context, then writes the key to the JWKS Registry. Anyone can submit.

Supported Providers

GoogleACTIVE

OAuth 2.0 / OIDC identity

https://www.googleapis.com/oauth2/v3/certs
AppleACTIVE

Sign in with Apple

https://appleid.apple.com/auth/keys
FirebaseACTIVE

Cavos Firebase auth

https://cavos.xyz/.well-known/jwks.json

Contract Addresses

NetworkContractAddress
SepoliaArgus0x00fad0b6…48d62c1e
SepoliaJWKSRegistry0x059e9f82…d6cfd021
MainnetArgus0x00cef99b…f7d109c0
MainnetJWKSRegistry0x0012117d…c71e89b4
Full addresses and ABIs →