P2P Connect any device to any device with a passkey — then talk directly, e2e encrypted, on Web, Mobile and Desktop.
Liquid Auth Cloud opens a direct, e2e encrypted WebRTC channel between two devices using a FIDO2 passkey bound to your decentralized identity (DID). Your identity is the account — no passwords, no central relay holding your data, zero cost when idle.
The web app asks Liquid Auth Cloud for a session — a QR code and deep link appear. No account, no password.
Liquid Auth Cloud is a cloud‑native fork of the Algorand Foundation's Liquid Auth — the same guarantees, rebuilt from the ground up for the edge.
The service issues a one‑time request id — shown as a QR code and deep link.
Your wallet authenticates with FIDO2/WebAuthn and co‑signs the same challenge with your identity key — both verified together, binding the passkey to you.
Both peers join the session's private room over WebSockets and exchange offer, answer and ICE.
An e2e encrypted DataChannel opens device‑to‑device — the relay steps out and never sees your messages or keys.
All on the cloud edge — 300+ locations · no servers to manage · nothing to pay when idle.
Same cryptography, same authentication flows — re‑imagined as a cloud‑native, identity‑first implementation. What changed:
Converging, not diverging — the Algorand Foundation dev team has agreed to add a WebSockets fallback to the Liquid Auth client and server. Once it lands, upstream Liquid Auth and Liquid Auth Cloud clients and servers interconnect directly.
Every piece runs at the edge and does exactly one job. Here's each one, in plain English.
The edge entry point. Handles every request at the nearest location — routing, CORS, session cookies, WebSocket upgrades.
Passwordless login with passkeys — Touch ID, Face ID, security keys — bound to your identity.
Globally-replicated, read-optimized storage for user records and credential→wallet lookups.
Keeps sessions in private, HMAC-signed storage with no dashboard, API, or CLI access.
The signaling relay — one private room per wallet. Relays the WebRTC handshake and broadcasts auth events.
After the handshake, devices talk directly — end-to-end encrypted.
All signing happens on your device. The Cloud only verifies signatures.
Firebase Cloud Messaging wakes a backgrounded wallet and delivers messages, approvals and signing requests even when the app is closed.
The Worker runs only on request; Durable Objects hibernate. Zero traffic, zero dollars.
Verification happens at the nearest of 300+ edge locations — close to every user.
No containers, no database, no Redis, no failover. Deploy is one command.
Sessions are HMAC-signed in opaque storage. Private keys never leave the device.
Signaling is ephemeral and maps perfectly to hibernating Durable Objects.
The open-source client SDK connects any web, mobile or desktop app to a Liquid Auth service: request a session, prove it with a passkey, and open a direct, end-to-end-encrypted WebRTC channel — in a few lines of JavaScript. TypeScript-first, no framework lock-in.
# install npm i @goplausible/liquid-client // connect and open a direct peer channel import { SignalClient } from "@goplausible/liquid-client/signal"; const client = new SignalClient(origin); await client.connect(requestId);
This is the working Liquid Auth Cloud flow. Start a connection, scan with a Liquid Auth wallet, and a direct encrypted channel opens — multi-session, with its own chat tab each time.
Liquid Auth uses FIDO2 passkeys to bind client wallets to devices, then establishes WebRTC data channels for encrypted peer-to-peer communication — no passwords, no central relay.
How it works:
Regent is a mobile wallet that lets your AI agent talk to your wallet without ever holding your keys. It runs on Liquid Auth Cloud: the same passwordless, end-to-end-encrypted peer-to-peer channel — WebRTC for the link, passkeys for identity, WebSockets for signaling, and push notifications for reach — connects the agent to the wallet, so every signature stays on your device and behind your biometric.