Skip to main content

Creating and Claiming

The Lit SDK provides a claimKeyId method which authenticates an Auth Method to derive the key id . If authentication is successful, a signature is generated by each of the nodes in the network. This signature, the key id, and derived public key are then provided to a ClaimProcessor which will register the generated key claim on chain and then routes the generated public key for use.

The ClaimProcessor can be provided which defines how the response from the claim operation will be registered on chain. It is recommended to use either the Lit relay server, or the contract-sdk . There are two types of ClaimProccessor

  • ClientClaimProcessor
    • Allows for specifying a signer for registering claims through the contract-sdks claimAndMint
  • RelayClaimProcessor
    • allows for specifying a RelayConfig which overrides default options for calling a custom relayer instance

If you wish to derive public keys before claiming the LitNodeClient offers two helper functions to allow you to compute derived public keys.

  • computeHdKeyId calculates the key id based on a user id and app id
  • computeHdPubkey calculates the public key based on the key id

Examples using the LitNodeClient

Below is an example of claiming a key with the LitNodeClient using the default implementation of the ClaimProcessor 

const client = new LitNodeClient({
    litNetwork: "datil-dev",
    debug: false
});
await client.connect();

let res = await client.claimKeyId({
      authMethod, // provide an auth method to claim a key Identifier mapped to the given auth method
});

console.log("mint tx hash: ", res.mintTx);
console.log("pkp public key: ", res.pubkey);

An example of claiming with a customized ClaimProcessor using the contracts-sdk In this example the ClaimProcessor is defined as the mintCallback in the request options.

import { LitContracts } from '@lit-protocol/contracts-sdk';
import { ClaimRequest, ClaimResult, ClientClaimProcessor } from "@lit-protocol/types"
import { LIT_RPC, LitNetwork } from "@lit-protocol/constants";

const client = new LitNodeClient({
    litNetwork: LitNetwork.DatilDev,
    debug: false
});
await client.connect();
let claimReq: ClaimRequest<ClientClaimProcessor> = {
      authMethod, // provide an auth method to claim a key Identifier mapped to the given auth method
      signer: new ethers.Wallet("<your private key>", new ethers.providers.JsonRpcProvider(LIT_RPC.CHRONICLE_YELLOWSTONE)),
      mintCallback: async (claimRes: ClaimResult<ClientClaimProcessor>) => {
          const litContracts = new LitContracts({ signer: claimRes.signer });
          await litContracts.connect();
          let tokenId = await litContracts.pkpNftContractUtils.write.claimAndMint(claimRes.derivedKeyId, claimRes.signatures);
          return tokenId.tokenId
      }
};
let res = await client.claimKeyId(claimReq);

console.log("mint tx hash: ", res.mintTx);
console.log("pkp public key: ", res.pubkey);

An example of deriving a key id to its public key, this operation does not persist the key for use on the Lit network. But it allows you to know what the key will be once registered on chain once claimed.

const client = new LitNodeClient({
    litNetwork: "datil-dev",
    debug: false
});

const keyId = client.computeHdKeyId("<your user id>", "<your project id>");
// the key id can now be given to the public key calculation method
const publicKey = client.computeHDPubKey(keyId);
console.log("user public key will be: ", publicKey);

An example of claiming with a customized ClaimProcessor making a call to the Lit relay server . In this example the ClaimProcessor is defined as the mintCallback in the request options.

const client = new LitNodeClient({
    litNetwork: "datil-dev",
    debug: false
});
await client.connect();

let res = await client.claimKeyId({
     authMethod, // provide an auth method to claim a key Identifier mapped to the given auth method
     mintCallback: (claimRes: ClaimResponse<RelayClaimProcessor>) => {
        const response = await fetch(relayUrl, {
          method: 'POST',
          body: JSON.stringify(claimRes),
          headers: {
            'api-key': params.relayApiKey, 
            'Content-Type': 'application/json',
      },
    });

    if (response.status < 200 || response.status >= 400) {
      let errResp = await response.json() ?? "";
      let errStmt = `An error occured requesting "/auth/claim" endpoint ${JSON.stringify(
        errResp
      )}`;
      console.warn(errStmt);
      throw new Error(errStmt);
    }

    let body: any = await response.json();
        // the transaction hash of registering the claim on chain
    return body.requestId;
        }
});

console.log("mint tx hash: ", res.mintTx);
console.log("pkp public key: ", res.pubkey);

Examples Using the LitAuthClient

Example of claiming a key with the LitAuthClient authenticating with Stytch email OTP

We will start by creating an instance of the Stytch client, with your project id and project secret. this should be loaded from a config and never put into source control.

const client = new stytch.Client({
  project_id: "<your project id>",
  secret: "<your project secret>",
});

Once the client is created we can send an OTP code through the otps namespace on the Stytch client. For this example we will choose otp as our auth type and loginOrCreate a user with a provided email address. it is intended for this value to be user provided. after creating or logging the user in, we shall authenticate with the returned email_id and otp code provided by the user. 

const email = ""; // email address of user

const stytchResponse = await client.otps.email.loginOrCreate({
  email: email,
  
})

const authResponse = await client.otps.authenticate({
  method_id: stytchResponse.email_id,
  code: // code from email,
  session_duration_minutes: 60, // session duration is required for session token creation
})

const sessionResp = await client.sessions.get({
  user_id: authResponse.user_id
});

const sessionStatus = await client.sessions.authenticate({
  session_token: authResponse.session_token,
})

Now we can create an instance of the LitAuthClient with a relay API key . Then an instance of the stytch otp provider and provide a user id and app id the user id can come from the loginOrCreate response. The app id can be found in your Stytch project dashboard. Finally, we can pass the session jwt from the authenticate response .


const authClient = new LitAuthClient({
  litRelayConfig: {
      relayApiKey: "<your relay apikey>",
  }
});

const session = authClient.initProvider(ProviderType.StytchOtp, {
  userId: sessionStatus.session.user_id,
  appId: "<your project id>"
})

const authMethod = await session.authenticate({ 
  accessToken: sessionStatus.session_jwt 
});

const claimResp = session.claimKeyId({
    authMethod
});

console.log("mint tx hash: ", res.mintTx);
console.log("pkp public key: ", res.pubkey);

Calculating the public key of a given auth method identifier

We will start by creating an instance of the Stytch client, with your project id and project secret. this should be loaded from a config and never put into source control.

const client = new stytch.Client({
  project_id: "<your project id>",
  secret: "<your project secret>",
});

Once the client is created we can send an OTP code through the otps namespace on the Stytch client. For this example we will choose otp as our auth type and loginOrCreate a user with a provided email address. it is intended for this value to be user provided. after creating or logging the user in, we shall authenticate with the returned email_id and otp code provided by the user. 

const email = ""; // email address of user

const stytchResponse = await client.otps.email.loginOrCreate({
  email: email,
  
})

const authResponse = await client.otps.authenticate({
  method_id: stytchResponse.email_id,
  code: // code from email,
  session_duration_minutes: 60, // session duration is required for session token creation
})

const sessionResp = await client.sessions.get({
  user_id: authResponse.user_id
});

const sessionStatus = await client.sessions.authenticate({
  session_token: authResponse.session_token,
})

Now we can create an instance of the LitAuthClient with a relay API key . Then an instance of the stytch otp provider and provide a user id and app id the user id can come from the loginOrCreate response. The app id can be found in your Stytch project dashboard. Finally, we can pass the session jwt from the authenticate response . Upon successful authentication of the token, an AuthMethod will be generated. With the Auth Method created we can parse it and get an AuthMethodId which can be used to calculate the public key. This is because the AuthMethodId is the key id

const authClient = new LitAuthClient({
  litRelayConfig: {
      relayApiKey: '<your relayer api key>',
  }
});

const session = authClient.initProvider(ProviderType.StytchOtp, {
  userId: sessionStatus.session.user_id,
  appId: "<your project id>"
})

const authMethod = await session.authenticate({ 
  accessToken: sessionStatus.session_jwt 
});

const keyId = session.getAuthMethodId({authMethod});
const pubkey = session.litNodeClient.computePubkey(keyId);

console.log("pkp public key: ", pubkey);
info

Not finding the answer you're looking for? Share your feedback on these docs by creating an issue in our GitHub Issues and Reports repository or get support by visiting our Support page.