Skip to main content
Version: v3.x.x

Minting a PKP

This page will walk you through the process of creating PKPs using the V3 SDK, including adding permitted scopes, which are now required in order to create session signatures.

Mint via Contracts

You can mint a PKP NFT from the PKP contract on Chronicle - Lit's custom EVM rollup testnet - using the Lit explorer, the Lit relayer (sign up for an API key here) or the contracts directly using the contracts-sdk.

The NFT represents root ownership of the PKP. The NFT owner can grant other users (via a wallet address) or grant Lit Actions the ability to use the PKP to sign and decrypt data. They also have the ability to assign additional authentication methods, described at the bottom of the page.

You can also use the handy helper contract on Chronicle here to mint and assign auth methods, as well as view all of the deployed contract addresses here.

Installing the required packages

yarn add @lit-protocol/lit-auth-client@cayenne
yarn add @lit-protocol/contracts-sdk@cayenne

Initializing your LitContract instance

import { LitContracts } from '@lit-protocol/contracts-sdk';

// if no signer is provided, it will attempt to use window.etheruem
const contractClient = new LitContracts({ signer });
await contractClient.connect();

Minting a PKP and adding permitted scopes

import { AuthMethodScope } from '@lit-protocol/constants';

const authMethod = {
authMethodType: AuthMethodType.EthWallet,
accessToken: '...',

const mintInfo = await contractClient.mintWithAuth({
authMethod: authMethod,
scopes: [
// AuthMethodScope.NoPermissions,

// output:
pkp: {
tokenId: string;
publicKey: string;
ethAddress: string;
tx: ethers.ContractReceipt;

Minting PKPs using the Lit relayer

import { AuthMethodScope, AuthMethodType } from '@lit-protocol/constants';

const authProvider = litAuthClient.initProvider(ProviderType.EthWallet);

const authMethod = {
authMethodType: AuthMethodType.EthWallet,
accessToken: ...,

// -- setting scope for the auth method
// <>
const options = {
permittedAuthMethodScopes: [[AuthMethodScope.SignAnything]],

const mintTx = await authProvider.mintPKPThroughRelayer(


  1. Minting a PKP with an auth method and permitted scopes (Easy)

  2. Minting a PKP with an auth method and permitted scopes (Advanced)

  3. Minting a PKP with no permissions, then add permitted scopes

  4. Minting a PKP using the relayer, adding permitted scopes, and getting session sigs

Mint via Social or Email/SMS (OTP)


You can mint a PKP by presenting a valid OAuth token as an authentication method to the Lit Relay server. Currently, only Google OAuth tokens are supported, but we plan to support Discord in the near term.

Email / SMS (OTP)

You can mint a PKP by presenting a generated token from sucessful OTP code confirmation, which will be returned by the lit-auth-client in the AuthMethod return from successful code confirmation.

Read more about this process here.

Mint via WebAuthn

You can mint a PKP by presenting a valid WebAuthn credential generated by your browser to the Lit Relay server.

We have a frontend that helps with this process at

We currently support both username-based and username-less WebAuthn registration, and usernames are purely used for your convenience / reference on the client-side.

Technical Details

Contract Specifics

  • The authMethodId is derived from the credential's rawId parameter.
  • The authMethodPubkey is the COSE credential public key. We currently only support Elliptic Curve COSE Key Type IDs.

Relying Parties and Supported Origins

In order to allow for various frontends to integrate with our platform, we plan to support any domain to act as a Relying Party in the long run. However, we are in the process of slowly rolling out this authentication method currently maintain an allowlist of origins / domains that can integrate with the Lit network.

Challenge-Free Registration

We do not currently use challenges as part of our PKP minting / WebAuthn registration process and only use it for the PKP / WebAuthn authentication step.