Skip to main content

Capability Objects

Session signatures work by having scoped capabilities be granted to session keys by an inner AuthSig. The capability object is a SIWE ReCap object.

When session capability objects are omitted from the getSessionSigs() function call, the SDK will generate a session capability object with wildcard permissions against all of the resources in that category by default, i.e. ability to perform operations against all access control conditions. Below are some examples for creating custom session capability objects.

Grant Decryption Capability To Access Control Condition

import { LIT_ABILITY } from "@lit-protocol/constants";

// Create the session capability object
const sessionCapabilityObject = new newSessionCapabilityObject();

// Create the Lit Resource keyed by `someResource`
const litResource = new LitAccessControlConditionResource('someResource');

// Add the capability to decrypt from the access control condition referred to by the
// lit resource.
sessionCapabilityObject.addCapabilityForResource(
litResource,
LIT_ABILITY.AccessControlConditionDecryption
);

Grant All (Valid) Capabilities To Access Control Condition

Note that the Authentication Lit Ability is not valid against an Access Control Condition.

// Create the session capability object
const sessionCapabilityObject = new newSessionCapabilityObject();

// Create the Lit Resource keyed by `someResource`
const litResource = new LitAccessControlConditionResource('someResource');

// Add all capabilities that are valid and relevant to the specified lit resource.
sessionCapabilityObject.addAllCapabilitiesForResource(litResource);

Grant Decryption Capability To All Access Control Conditions

// Create the session capability object
const sessionCapabilityObject = new newSessionCapabilityObject();

// Create the Lit Resource keyed by `someResource`
const litResource = new LitAccessControlConditionResource('*');

// Add the capability to decrypt from the access control condition referred to by the
// lit resource.
sessionCapabilityObject.addCapabilityForResource(
litResource,
LIT_ABILITY.AccessControlConditionDecryption
);
info

Not finding the answer you're looking for? Share your feedback on these docs by creating an issue in our GitHub Issues and Reports repository or get support by visiting our Support page.