Minting a PKP
Mint via Contracts
You can mint an NFT from our PKP contract on Chronicle - Lit's custom EVM rollup testnet - here. This NFT represents the root ownership of the PKP. The NFT owner can grant other users (via a wallet address) or grant Lit Actions the ability to use the PKP to sign and decrypt data. They also have the ability to assign additional authentication methods, described at the bottom of the page.
You can also use our handy auth helper contract on Polygon Mumbai here and you can find the contract addresses here
Mint via Social
You can mint a PKP by presenting a valid OAuth token as an authentication method to the Lit Relay server. Currently, only Google OAuth tokens are supported, but we plan to support Discord in the near term.
Read more about this process here.
Mint via Email / SMS (OTP)
You can mint a PKP by presenting a generated token from sucessful OTP code confirmation, which will be returned by the
lit-auth-client in the
AuthMethod return from successful code confirmation.
Read more here.
See example here.
Mint via WebAuthn
You can mint a PKP by presenting a valid WebAuthn credential generated by your browser to the Lit Relay server.
We have a frontend that helps with this process at https://pkp-walletconnect.vercel.app/.
We currently support both username-based and username-less WebAuthn registration, and usernames are purely used for your convenience / reference on the client-side.
authMethodIdis derived from the credential's rawId parameter.
authMethodPubkeyis the COSE credential public key. We currently only support Elliptic Curve COSE Key Type IDs.
Relying Parties and Supported Origins
In order to allow for various frontends to integrate with our platform, we plan to support any domain to act as a Relying Party in the long run. However, we are in the process of slowly rolling out this authentication method currently maintain an allowlist of origins / domains that can integrate with the Lit network.
We do not currently use challenges as part of our PKP minting / WebAuthn registration process and only use it for the PKP / WebAuthn authentication step.