interface GetPkpSessionSigs {
    authMethods?: AuthMethod[];
    capabilityAuthSigs?: AuthSig[];
    capacityDelegationAuthSig?: AuthSig;
    chain?: string;
    expiration?: any;
    ipfsOptions?: IpfsOptions;
    jsParams?: any;
    litActionCode?: string;
    litActionIpfsId?: string;
    pkpPublicKey: string;
    resourceAbilityRequests: LitResourceAbilityRequest[];
    sessionCapabilityObject?: ISessionCapabilityObject;
    sessionKey?: SessionKeyPair;
    switchChain?: boolean;
}

Hierarchy (view full)

Properties

authMethods?: AuthMethod[]

Lit Protocol supported auth methods: https://developer.litprotocol.com/v3/sdk/wallets/auth-methods This CANNOT be used for custom auth methods. For custom auth methods, please pass the customAuth object to jsParams, and handle the custom auth method in your Lit Action.

Notes for internal dev: for the SDK, this value can be omitted, but it needs to be an empty array [] set in the SDK before sending it to the node

capabilityAuthSigs?: AuthSig[]

Not limited to capacityDelegationAuthSig. Other AuthSigs with other purposes can also be in this array.

capacityDelegationAuthSig?: AuthSig
  • use capabilityAuthSigs instead Used for delegation of Capacity Credit. This signature will be checked for proof of capacity credit. Capacity credits are required on the paid Lit networks (mainnets and certain testnets), and are not required on the unpaid Lit networks (certain testnets). See more here.
chain?: string

The chain to use for the session signature and sign the session key. This value is almost always ethereum. If you're using EVM, this parameter isn't very important.

expiration?: any

When this session signature will expire. After this time is up you will need to reauthenticate, generating a new session signature. The default time until expiration is 24 hours. The formatting is an RFC3339 timestamp.

ipfsOptions?: IpfsOptions
jsParams?: any

An object that contains params to expose to the Lit Action. These will be injected to the JS runtime before your code runs, so you can use any of these as normal variables in your Lit Action.

litActionCode?: string

The litActionCode is the JavaScript code that will run on the nodes. You will need to convert the string content to base64.

Buffer.from(litActionCodeString).toString('base64');
litActionIpfsId?: string

You can obtain the Lit Action IPFS CID by converting your JavaScript code using this tool: https://explorer.litprotocol.com/create-action

Note: You do not need to pin your code to IPFS necessarily. You can convert a code string to an IPFS hash using the "ipfs-hash-only" or 'ipfs-unixfs-importer' library.

async function stringToIpfsHash(input: string): Promise<string> {
// Convert the input string to a Buffer
const content = Buffer.from(input);

// Import the content to create an IPFS file
const files = importer([{ content }], {} as any, { onlyHash: true });

// Get the first (and only) file result
const result = (await files.next()).value;

const ipfsHash = (result as any).cid.toString();
if (!ipfsHash.startsWith('Qm')) {
throw new Error('Generated hash does not start with Qm');
}

return ipfsHash;
}
pkpPublicKey: string

Session signature properties shared across all functions that generate session signatures.

resourceAbilityRequests: LitResourceAbilityRequest[]

An array of resource abilities that you want to request for this session. These will be signed with the session key. For example, an ability is added to grant a session permission to decrypt content associated with a particular Access Control Conditions (ACC) hash. When trying to decrypt, this ability is checked in the resourceAbilityRequests to verify if the session has the required decryption capability.

[{ resource: new LitAccessControlConditionResource('someAccHash`), ability: LitAbility.AccessControlConditionDecryption }]
sessionCapabilityObject?: ISessionCapabilityObject

The session capability object that you want to request for this session. It is likely you will not need this, as the object will be automatically derived from the resourceAbilityRequests. If you pass nothing, then this will default to a wildcard for each type of resource you're accessing. The wildcard means that the session will be granted the ability to to perform operations with any access control condition.

sessionKey?: SessionKeyPair

The serialized session key pair to sign. If not provided, a session key pair will be fetched from localStorage or generated.

switchChain?: boolean

If you want to ask MetaMask to try and switch the user's chain, you may pass true here. This will only work if the user is using MetaMask, otherwise this will be ignored.