Generating SessionSigs Using a Lit Action
This guide covers the getLitActionSessionSigs
function from the Lit SDK. For an overview of what Session Signatures are and how they are to be used, please go here.
Using the getLitActionSessionSigs
function, you can specify the capabilities of your current session on the Lit network.
This function is very similar to getPkpSessionSigs
. The getPkpSessionSigs
function requires you to own a PKP and some form of authentication to prove your identity (e.g. a custom Lit Action, AuthMethod, or AuthSig).
Alternatively, the getLitActionSessionSigs
function requires the form of authentication to be a Lit Action. Other authentication methods can be included as well, but a Lit Action is required.
Using this arragement, the function executes the Lit Action to determine authorization for the following step.
This function uses the signSessionKey
function to sign the session public key using the PKP, which will generate an AuthSig
.
Once the AuthSig
has been created, it is then signed by the session keypair. Signing the AuthSig
with the session keypair creates the Session Signatures.
The Lit Action is defined with the litActionCode
or litActionIpfsId
parameter, and jsParams
must be provided for executing the action.
Prerequisites
Before continuing this guide, you should have an understanding of:
Parameters and Return Values
To see the parameters and return values of getLitActionSessionSigs
, please visit our API Docs.
Example Implementation
The full code implementation can be found here.
Installing the Required Dependencies
- npm
- yarn
npm install \
@lit-protocol/auth-helpers \
@lit-protocol/constants \
@lit-protocol/lit-node-client \
@lit-protocol/contracts-sdk \
ipfs-only-hash \
ethers@v5
yarn add \
@lit-protocol/auth-helpers \
@lit-protocol/constants \
@lit-protocol/lit-node-client \
@lit-protocol/contracts-sdk \
ipfs-only-hash \
ethers@v5
The node-localstorage
dependency is only required when executing code outside a browser environment. The SDK will use the native browser storage when in a browser environment. You can learn more about this here.
Initializing an Ethers Signer
The ETHEREUM_PRIVATE_KEY
environment variable is required.
import { LIT_RPC } from "@lit-protocol/constants";
import * as ethers from "ethers";
const ethersSigner = new ethers.Wallet(
process.env.ETHEREUM_PRIVATE_KEY,
new ethers.providers.JsonRpcProvider(LIT_RPC.CHRONICLE_YELLOWSTONE)
);
Initializing a LitNodeClient
Here we are initializing an instance of LitNodeClient
and connecting it to the datil-test
Lit network.
import { LitNodeClient } from "@lit-protocol/lit-node-client";
import { LitNetwork } from "@lit-protocol/constants";
let litNodeClient: LitNodeClient;
litNodeClient = new LitNodeClient({
litNetwork: LitNetwork.DatilTest,
debug: false,
});
await litNodeClient.connect();
Instantiating a LitContracts
Instance
Here we are initializing an instance of LitContracts
. This allows us to interact with smart contracts on the Lit network.
import { LitContracts } from "@lit-protocol/contracts-sdk";
import { LitNetwork } from "@lit-protocol/constants";
const litContracts = new LitContracts({
signer: ethersSigner,
network: LitNetwork.DatilTest,
debug: false,
});
await litContracts.connect();
Generating Session Signatures
In this example, we're enabling our session to use a PKP for signing and to execute Lit Actions.
The current code uses the wildcard (*
) identifier for LitPKPResource
, which grants signing abilities to any PKP. This should only be used for example implementations or debugging. A more secure implementation would instead use the PKP tokenId
to grant a specific PKP signing abilities.
The wildcard identifier is also used for LitActionResource
. This allows the session to execute any Lit Action. A more secure implementation would instead have a specific IPFS CID.
To get the Lit resource identifier for other resources, you can use the other methods included in @lit-protocol/auth-helpers package.
If you would like to use this function on the datil
or datil-test
networks, a capacityDelegationAuthSig
is required. Please also keep in mind that implementing this requires owning or minting a PKP and defining a Lit Action. How this is done can be found in the full code example.
import {
LitAbility,
LitActionResource,
LitPKPResource,
} from "@lit-protocol/auth-helpers";
const sessionSignatures = await litNodeClient.getLitActionSessionSigs({
pkpPublicKey: pkp.publicKey,
capabilityAuthSigs: [capacityDelegationAuthSig],
chain: "ethereum",
resourceAbilityRequests: [
{
resource: new LitPKPResource("*"),
ability: LitAbility.PKPSigning,
},
{
resource: new LitActionResource("*"),
ability: LitAbility.LitActionExecution,
},
],
// With this setup you could use either the litActionIpfsId or the litActionCode property
//litActionIpfsId: litActionCodeIpfsCid,
litActionCode: Buffer.from(litActionCode).toString("base64"),
jsParams: {
magicNumber: 42,
},
});
Clearing Local Storage
If you want to clear the session key stored in the browser local storage, you can call the disconnectWeb3
method.
Summary
This example shows how to enable a session to use a PKP for signing and to execute Lit Actions.
The full code implementation can be found here.