Class LitNodeClient

config

connectedNodes

OptionaldefaultAuthCallback

hdRootPubkeys

lastBlockHashRetrieved

latestBlockhash

networkPubKey

networkPubKeySet

ready

serverKeys

subnetPubKey

currentEpochNumber

• get currentEpochNumber(): number

• Returns number

_stopListeningForNewEpoch

• _stopListeningForNewEpoch(): void

• Returns void

_throwNodeError

• _throwNodeError(res, requestId): never

• Throw node error

  Parameters

  • res: RejectedNodePromises
  • requestId: string

  Returns never

checkNeedToResignSessionKey

• checkNeedToResignSessionKey(__namedParameters): Promise<boolean>

• Check if a session key needs to be resigned. These are the scenarios where a session key needs to be resigned:

  1. The authSig.sig does not verify successfully against the authSig.signedMessage
  2. The authSig.signedMessage.uri does not match the sessionKeyUri
  3. The authSig.signedMessage does not contain at least one session capability object

  Parameters

  • __namedParameters: {
        authSig: AuthSig;
        resourceAbilityRequests: LitResourceAbilityRequest[];
        sessionKeyUri: any;
    }

    • authSig: AuthSig

    • resourceAbilityRequests: LitResourceAbilityRequest[]

    • sessionKeyUri: any

  Returns Promise<boolean>

claimKeyId

• claimKeyId(params): Promise<ClaimKeyResponse>

• Authenticates an Auth Method for claiming a Programmable Key Pair (PKP). A MintCallback can be defined for custom on chain interactions by default the callback will forward to a relay server for minting on chain.

  Parameters

  • params: ClaimRequest<ClaimProcessor>

    an Auth Method and MintCallback

  Returns Promise<ClaimKeyResponse>

combineSharesAndGetJWT

• combineSharesAndGetJWT(signatureShares, requestId?): Promise<string>

• Combine Shares from network public key set and signature shares

  Parameters

  • signatureShares: NodeBlsSigningShare[]
  • requestId: string = ''

  Returns Promise<string>

  final JWT (convert the sig to base64 and append to the jwt)

computeHDKeyId

• computeHDKeyId(userId, appId, isForActionContext?): string

• Calculates a Key Id for claiming a pkp based on a user identifier and an app identifier. The key Identifier is an Auth Method Id which scopes the key uniquely to a specific application context. These identifiers are specific to each auth method and will derive the public key portion of a pkp which will be persisted when a key is claimed.

  Auth Method	User ID	App ID
  Google OAuth	token sub	token aud
  Discord OAuth	user id	client app identifier
  Stytch OTP	token sub	token aud
  Lit Actions	user defined	ipfs cid
  Note Lit Action claiming uses a different schema than other auth methods

  Parameters

  • userId: string

    user identifier for the Key Identifier
  • appId: string

    app identifier for the Key Identifier
  • isForActionContext: boolean = false

    should be set for true if using claiming through actions

  Returns string

  public key of pkp when claimed

computeHDPubKey

• computeHDPubKey(keyId, sigType?): Promise<string>

• Calculates an HD public key from a given keyId The curve type or signature type is assumed to be k256 unless provided

  Parameters

  • keyId: string
  • sigType: LIT_CURVE_VALUES = LIT_CURVE.EcdsaCaitSith

  Returns Promise<string>

  public key

connect

• connect(): Promise<void>

• Connect to the LIT nodes

  Returns Promise<void>

  A promise that resolves when the nodes are connected.

createCapacityDelegationAuthSig

• createCapacityDelegationAuthSig(params): Promise<CapacityCreditsRes>

• Parameters

  • params: CapacityCreditsReq

  Returns Promise<CapacityCreditsRes>

decrypt

• decrypt(params): Promise<DecryptResponse>

• Decrypt ciphertext with the LIT network.

  Parameters

  • params: DecryptRequest

  Returns Promise<DecryptResponse>

disconnect

• disconnect(): Promise<void>

• Stops internal listeners/polling that refresh network state and watch for epoch changes. Removes global objects created internally

  Returns Promise<void>

encrypt

• encrypt(params): Promise<EncryptResponse>

• Encrypt data using the LIT network public key.

  Parameters

  • params: EncryptSdkParams

  Returns Promise<EncryptResponse>

  The encrypted ciphertext and the hash of the data

  Throws

  if the LIT node client is not ready

  Throws

  if the subnetPubKey is null

executeJs

• executeJs(params): Promise<ExecuteJsResponse>

• Execute JS on the nodes and combine and return any resulting signatures

  Parameters

  • params: JsonExecutionSdkParams

  Returns Promise<ExecuteJsResponse>

generatePromise

• generatePromise(url, params, requestId): Promise<NodeCommandResponse>

• Generates a promise by sending a command to the Lit node

  Parameters

  • url: string

    The URL to send the command to.
  • params: any

    The parameters to include in the command.
  • requestId: string

    The ID of the request.

  Returns Promise<NodeCommandResponse>

  A promise that resolves with the response from the server.

generateSessionCapabilityObjectWithWildcards

• generateSessionCapabilityObjectWithWildcards(litResources): Promise<ISessionCapabilityObject>

• Generates a session capability object

  Parameters

  • litResources: ILitResource[]

    An array of ILitResource to be processed.

  Returns Promise<ISessionCapabilityObject>

  A Promise resolving to an ISessionCapabilityObject.

getExpiration

• getExpiration(): string

• Returns string

getFormattedAccessControlConditions

• getFormattedAccessControlConditions(params): FormattedMultipleAccs

• Get different formats of access control conditions, eg. evm, sol, unified etc.

  Parameters

  • params: SupportedJsonRequests

  Returns FormattedMultipleAccs

getHashedAccessControlConditions

• getHashedAccessControlConditions(params): Promise<ArrayBuffer>

• Get hash of access control conditions

  Parameters

  • params: MultipleAccessControlConditions

  Returns Promise<ArrayBuffer>

getIpfsId

• getIpfsId(__namedParameters): Promise<any>

• Parameters

  • __namedParameters: {
        dataToHash: string;
        debug?: boolean;
        sessionSigs: SessionSigsMap;
    }

    • dataToHash: string

    • Optionaldebug?: boolean

    • sessionSigs: SessionSigsMap

  Returns Promise<any>

getJWTParams

• getJWTParams(): {
      exp: number;
      iat: number;
  }

• we need to send jwt params iat (issued at) and exp (expiration) because the nodes may have different wall clock times, the nodes will verify that these params are withing a grace period

  Returns {
      exp: number;
      iat: number;
  }

  • exp: number

  • iat: number

getLatestBlockhash

• getLatestBlockhash(): Promise<string>

• Return the latest blockhash from the nodes

  Returns Promise<string>

  latest blockhash

getLitActionSessionSigs

• getLitActionSessionSigs(params): Promise<SessionSigsMap>

• Retrieves session signatures specifically for Lit Actions. Unlike getPkpSessionSigs, this function requires either litActionCode or litActionIpfsId, and jsParams must be provided.

  Parameters

  • params: GetLitActionSessionSigs

    The parameters required for retrieving the session signatures.

  Returns Promise<SessionSigsMap>

  A promise that resolves with the session signatures.

getLitResourceForEncryption

• getLitResourceForEncryption(params): Promise<LitAccessControlConditionResource>

• Parameters

  • params: EncryptRequest

  Returns Promise<LitAccessControlConditionResource>

getLogsForRequestId

• getLogsForRequestId(id): string[]

• Parameters

  • id: string

  Returns string[]

getNodePromises

• getNodePromises(callback): Promise<any>[]

• Get and gather node promises

  Parameters

  • callback: ((url: string) => Promise<any>)
    • • (url): Promise<any>

      • Parameters

        • url: string

        Returns Promise<any>

  Returns Promise<any>[]

getPkpSessionSigs

• getPkpSessionSigs(params): Promise<SessionSigsMap>

• Retrieves the PKP sessionSigs.

  Parameters

  • params: GetPkpSessionSigs

    The parameters for retrieving the PKP sessionSigs.

  Returns Promise<SessionSigsMap>

  A promise that resolves to the PKP sessionSigs.

  Throws

  An error if any of the required parameters are missing or if litActionCode and ipfsId exist at the same time.

getRandomHexString

• getRandomHexString(size): string

• Get a random hex string for use as an attestation challenge

  Parameters

  • size: number

  Returns string

getRandomNodePromise

• getRandomNodePromise(callback): Promise<any>[]

• Parameters

  • callback: ((url: string) => Promise<any>)
    • • (url): Promise<any>

      • Parameters

        • url: string

        Returns Promise<any>

  Returns Promise<any>[]

getRequestIds

• getRequestIds(): Set<string>

• Returns Set<string>

getSessionKey

• getSessionKey(): SessionKeyPair

• Try to get the session key in the local storage, if not, generates one.

  Returns SessionKeyPair

  session key pair

getSessionKeyUri

• getSessionKeyUri(publicKey): string

• Get Session Key URI eg. lit:session:0x1234

  Parameters

  • publicKey: string

    is the public key of the session key

  Returns string

  the session key uri

getSessionSigByUrl

• getSessionSigByUrl(__namedParameters): AuthSig

• Retrieves the session signature for a given URL from the sessionSigs map. Throws an error if sessionSigs is not provided or if the session signature for the URL is not found.

  Parameters

  • __namedParameters: {
        sessionSigs: SessionSigsMap;
        url: string;
    }

    • sessionSigs: SessionSigsMap

    • url: string

  Returns AuthSig

  The session signature for the given URL.

  Throws

  An error if sessionSigs is not provided or if the session signature for the URL is not found.

getSessionSigs

• getSessionSigs(params): Promise<SessionSigsMap>

• Retrieves or generates sessionSigs (think access token) for accessing Lit Network resources.

  How this function works on a high level:

  1. Generate or retrieve session keys (a public and private key pair)
  2. Generate or retrieve the AuthSig that specifies the session abilities
  3. Sign the specific resources with the session key

  The process follows these steps:

  1. Retrieves or generates a session key pair (Ed25519) for the user's device. The session key is either fetched from local storage or newly created if not found. The key does not expire.
  2. Generates an authentication signature (authSig) by signing an ERC-5573 “Sign-in with Ethereum” message, which includes resource ability requests, capabilities, expiration, the user's device session public key, and a nonce. The authSig is retrieved from local storage, and if it has expired, the user will be prompted to re-sign.
  3. Uses the session private key to sign the session public key along with the resource ability requests, capabilities, issuedAt, and expiration details. This creates a device-generated signature.
  4. Constructs the session signatures (sessionSigs) by including the device-generated signature and the original message. The sessionSigs provide access to Lit Network features such as executeJs and pkpSign.

  See Sequence Diagram: https://www.plantuml.com/plantuml/uml/VPH1RnCn48Nl_XLFlT1Av00eGkm15QKLWY8K9K9SO-rEar4sjcLFalBl6NjJAuaMRl5utfjlPjQvJsAZx7UziQtuY5-9eWaQufQ3TOAR77cJy407Rka6zlNdHTRouUbIzSEtjiTIBUswg5v_NwMnuAVlA9KKFPN3I0x9qSSj7bqNF3iPykl9c4o9oUSJMuElv2XQ8IHAYRt3bluWM8wuVUpUJwVlFjsP8JUh5B_1DyV2AYdD6DjhLsTQTaYd3W3ad28SGWqM997fG5ZrB9DJqOaALuRwH1TMpik8tIYze-E8OrPKU5I6cMqtem2kCqOhr4vdaRAvtSjcoMkTo68scKu_Vi1EPMfrP_xVtj7sFMaHNg-6GVqk0MW0z18uKdVULTvDWtdqko28b7KktvUB2hKOBd1asU2QgDfTzrj7T4bLPdv6TR0zLwPQKkkZpIRTY4CTMbrBpg_VKuXyi49beUAHqIlirOUrL2zq9JPPdpRR5OMLVQGoGlLcjyRyQNv6MHz4W_fG42W--xWhUfNyOxiLL1USS6lRLeyAkYLNjrkVJuClm_qp5I8Lq0krUw7lwIt2DgY9oiozrjA_Yhy0

  Note: When generating session signatures for different PKPs or auth methods, be sure to call disconnectWeb3 to clear auth signatures stored in local storage

  Parameters

  • params: GetSessionSigsProps

    An example of how this function is used can be found in the Lit developer-guides-code repository here.

  Returns Promise<SessionSigsMap>

getSignSessionKeyShares

• getSignSessionKeyShares(url, params, requestId): Promise<any>

• Parameters

  • url: string
  • params: GetSignSessionKeySharesProp
  • requestId: string

  Returns Promise<any>

getWalletSig

• getWalletSig(__namedParameters): Promise<AuthSig>

• Get the signature from local storage, if not, generates one

  Parameters

  • __namedParameters: GetWalletSigProps

  Returns Promise<AuthSig>

handleNodePromises

• handleNodePromises<T>(nodePromises, requestId, minNodeCount): Promise<RejectedNodePromises | SuccessNodePromises<T>>

• Handle node promises

  Type Parameters

  • T

  Parameters

  • nodePromises: Promise<T>[]
  • requestId: string

    requestId to be logged in case of error
  • minNodeCount: number

    number of nodes we need valid results from in order to resolve

  Returns Promise<RejectedNodePromises | SuccessNodePromises<T>>

handshakeWithNode

• handshakeWithNode(params, requestId): Promise<NodeCommandServerKeysResponse>

• Handshake with Node

  Parameters

  • params: HandshakeWithNode
  • requestId: string

  Returns Promise<NodeCommandServerKeysResponse>

isSessionKeyPair

• isSessionKeyPair(obj): obj is SessionKeyPair

• Check if a given object is of type SessionKeyPair.

  Parameters

  • obj: any

    The object to check.

  Returns obj is SessionKeyPair

  True if the object is of type SessionKeyPair.

pkpSign

• pkpSign(params): Promise<SigResponse>

• Use PKP to sign

  Parameters

  • params: JsonPkpSignSdkParams

  Returns Promise<SigResponse>

runOnTargetedNodes

• runOnTargetedNodes(params): Promise<RejectedNodePromises | SuccessNodePromises<NodeCommandResponse>>

• Run lit action on a single deterministicly selected node. It's important that the nodes use the same deterministic selection algorithm.

  Lit Action: dataToHash -> IPFS CID QmUjX8MW6StQ7NKNdaS6g4RMkvN5hcgtKmEi8Mca6oX4t3

  Parameters

  • params: JsonExecutionSdkParamsTargetNode

  Returns Promise<RejectedNodePromises | SuccessNodePromises<NodeCommandResponse>>

sendCommandToNode

• sendCommandToNode(__namedParameters): Promise<any>

• Send a command to nodes

  Parameters

  • __namedParameters: SendNodeCommand

  Returns Promise<any>

setCustomBootstrapUrls

• setCustomBootstrapUrls(): void

• Set bootstrapUrls to match the network litNetwork unless it's set to custom

  Returns void

signSessionKey

• signSessionKey(params): Promise<SignSessionKeyResponse>

• Sign a session public key using a PKP, which generates an authSig.

  Parameters

  • params: SignSessionKeyProp

  Returns Promise<SignSessionKeyResponse>

  An object containing the resulting signature.

validateAccessControlConditionsSchema

• validateAccessControlConditionsSchema(params): Promise<boolean>

• Parameters

  • params: MultipleAccessControlConditions

  Returns Promise<boolean>

StaticgenerateSessionCapabilityObjectWithWildcards

• generateSessionCapabilityObjectWithWildcards(litResources, addAllCapabilities?): Promise<ISessionCapabilityObject>

• Generates wildcard capability for each of the LIT resources specified.

  Parameters

  • litResources: ILitResource[]

    is an array of LIT resources
  • OptionaladdAllCapabilities: boolean

    is a boolean that specifies whether to add all capabilities for each resource

  Returns Promise<ISessionCapabilityObject>

StaticgetExpiration

• getExpiration(): string

• Get expiration for session default time is 1 day / 24 hours

  Returns string