Class FederatedKeylessAccount

Account implementation for the FederatedKeyless authentication scheme.

Used to represent a FederatedKeyless based account and sign transactions with it.

Use FederatedKeylessAccount.create() to instantiate a KeylessAccount with a JSON Web Token (JWT), proof, EphemeralKeyPair and the address the JSON Web Key Set (JWKS) are installed that will be used to verify the JWT.

When the proof expires or the JWT becomes invalid, the KeylessAccount must be instantiated again with a new JWT, EphemeralKeyPair, and corresponding proof.

Hierarchy (view full)

AbstractKeylessAccount
- FederatedKeylessAccount

Methods

bcsToBytes

bcsToBytes(): Uint8Array
Serializes a Serializable value to its BCS representation. This function is the TypeScript SDK equivalent of bcs::to_bytes in Move.

Returns Uint8Array
the BCS representation of the Serializable instance as a byte buffer.
Inherited from AbstractKeylessAccount.bcsToBytes
- Defined in src/bcs/serializer.ts:29

bcsToHex

bcsToHex(): Hex
Converts the BCS-serialized bytes of a value into a Hex instance. This function provides a Hex representation of the BCS-serialized data for easier handling and manipulation.

Returns Hex
A Hex instance with the BCS-serialized bytes loaded into its underlying Uint8Array.
Inherited from AbstractKeylessAccount.bcsToHex
- Defined in src/bcs/serializer.ts:40

checkKeylessAccountValidity

checkKeylessAccountValidity(aptosConfig): Promise<void>
Validates that the Keyless Account can be used to sign transactions.
Parameters
- aptosConfig: AptosConfig
Returns Promise<void>
Inherited from AbstractKeylessAccount.checkKeylessAccountValidity
- Defined in src/account/AbstractKeylessAccount.ts:303

init

init(promise): Promise<void>
This initializes the asynchronous proof fetch.
Parameters
- promise: Promise<ZeroKnowledgeSig>
Returns Promise<void>
Emits whether the proof succeeds or fails, but has no return.
Inherited from AbstractKeylessAccount.init
- Defined in src/account/AbstractKeylessAccount.ts:206

isExpired

isExpired(): boolean
Checks if the proof is expired. If so the account must be re-derived with a new EphemeralKeyPair and JWT token.

Returns boolean
boolean
Inherited from AbstractKeylessAccount.isExpired
- Defined in src/account/AbstractKeylessAccount.ts:263

serialize

serialize(serializer): void
Serializes the transaction data into a format suitable for transmission or storage. This function ensures that both the transaction bytes and the proof are properly serialized.
Parameters
- serializer: Serializer
  The serializer instance used to convert the transaction data into bytes.
Returns void
Overrides AbstractKeylessAccount.serialize
- Defined in src/account/FederatedKeylessAccount.ts:70

sign

sign(message): KeylessSignature
Sign the given message using Keyless.
Parameters
- message: HexInput
  in HexInput format
Returns KeylessSignature
Signature
Inherited from AbstractKeylessAccount.sign
- Defined in src/account/AbstractKeylessAccount.ts:343

signTransaction

signTransaction(transaction): KeylessSignature
Sign the given transaction with Keyless. Signs the transaction and proof to guard against proof malleability.
Parameters
- transaction: AnyRawTransaction
  the transaction to be signed
Returns KeylessSignature
KeylessSignature
Inherited from AbstractKeylessAccount.signTransaction
- Defined in src/account/AbstractKeylessAccount.ts:374

signTransactionWithAuthenticator

signTransactionWithAuthenticator(transaction): AccountAuthenticatorSingleKey
Sign a transaction using Keyless.
Parameters
- transaction: AnyRawTransaction
  the raw transaction
Returns AccountAuthenticatorSingleKey
the AccountAuthenticator containing the signature of the transaction, together with the account's public key
Inherited from AbstractKeylessAccount.signTransactionWithAuthenticator
- Defined in src/account/AbstractKeylessAccount.ts:283

signWithAuthenticator

signWithAuthenticator(message): AccountAuthenticatorSingleKey
Sign a message using Keyless.
Parameters
- message: HexInput
  the message to sign, as binary input
Returns AccountAuthenticatorSingleKey
the AccountAuthenticator containing the signature, together with the account's public key
Inherited from AbstractKeylessAccount.signWithAuthenticator
- Defined in src/account/AbstractKeylessAccount.ts:272

toString

toString(): string
Returns the hex string representation of the Serializable value with the 0x prefix.

Returns string
the hex formatas a string prefixed by 0x.
Inherited from AbstractKeylessAccount.toString
- Defined in src/bcs/serializer.ts:57

toStringWithoutPrefix

toStringWithoutPrefix(): string
Returns the hex string representation of the Serializable value without the 0x prefix.

Returns string
the hex format as a string without 0x prefix.
Inherited from AbstractKeylessAccount.toStringWithoutPrefix
- Defined in src/bcs/serializer.ts:49

verifySignature

verifySignature(args): boolean
Note - This function is currently incomplete and should only be used to verify ownership of the KeylessAccount

Verifies a signature given the message.

TODO: Groth16 proof verification
Parameters
- args: {
  message: HexInput;
  signature: KeylessSignature;
  }
  - message: HexInput
    the message that was signed.
  - signature: KeylessSignature
    the KeylessSignature to verify
Returns boolean
boolean
Inherited from AbstractKeylessAccount.verifySignature
- Defined in src/account/AbstractKeylessAccount.ts:398

waitForProofFetch

waitForProofFetch(): Promise<void>
Waits for asynchronous proof fetching to finish.

Returns Promise<void>
Inherited from AbstractKeylessAccount.waitForProofFetch
- Defined in src/account/AbstractKeylessAccount.ts:293

`Static`create

create(args): FederatedKeylessAccount
Creates a KeylessAccount instance using the provided parameters. This function allows you to set up a KeylessAccount with specific attributes such as address, proof, and JWT. This is used instead of the KeylessAccount constructor.
Parameters
- args: {
      address?: AccountAddress;
      ephemeralKeyPair: EphemeralKeyPair;
      jwkAddress: AccountAddressInput;
      jwt: string;
      pepper: HexInput;
      proof: ZeroKnowledgeSig | Promise<ZeroKnowledgeSig>;
      proofFetchCallback?: ProofFetchCallback;
      uidKey?: string;
      verificationKey?: Groth16VerificationKey;
  }
  The parameters for creating a KeylessAccount.
  - Optionaladdress?: AccountAddress
    Optional account address associated with the KeylessAccount.
  - ephemeralKeyPair: EphemeralKeyPair
    The ephemeral key pair used in the account creation.
  - jwkAddress: AccountAddressInput
    The address which stores the JSON Web Key Set (JWKS) used to verify the JWT.
  - jwt: string
    A JSON Web Token used for authentication.
  - pepper: HexInput
  - proof: ZeroKnowledgeSig | Promise<ZeroKnowledgeSig>
    A Zero Knowledge Signature or a promise that resolves to one.
  - OptionalproofFetchCallback?: ProofFetchCallback
    Optional callback function for fetching proof.
  - OptionaluidKey?: string
    Optional key for user identification, defaults to "sub".
  - OptionalverificationKey?: Groth16VerificationKey
Returns FederatedKeylessAccount
- Defined in src/account/FederatedKeylessAccount.ts:126

`Static`deserialize

deserialize(deserializer): FederatedKeylessAccount
Deserializes the provided deserializer to create a KeylessAccount instance. This function extracts necessary components such as the JWT, UID key, pepper, ephemeral key pair, and proof from the deserializer.
Parameters
- deserializer: Deserializer
  The deserializer instance used to retrieve the serialized data.
Returns FederatedKeylessAccount
A KeylessAccount instance created from the deserialized data.
- Defined in src/account/FederatedKeylessAccount.ts:82

`Static`fetchJWK

fetchJWK(args): Promise<MoveJWK>
Fetches the JWK from the issuer's well-known JWKS endpoint.
Parameters
- args: {
      aptosConfig: AptosConfig;
      kid: string;
      publicKey: KeylessPublicKey | FederatedKeylessPublicKey;
  }
  - aptosConfig: AptosConfig
  - kid: string
    The kid of the JWK to fetch
  - publicKey: KeylessPublicKey | FederatedKeylessPublicKey
    The keyless public key to query
Returns Promise<MoveJWK>
A JWK matching the kid in the JWT header.

Throws
If the JWK cannot be fetched
Inherited from AbstractKeylessAccount.fetchJWK
- Defined in src/account/AbstractKeylessAccount.ts:417

`Static`fromBytes

fromBytes(bytes): FederatedKeylessAccount
Deserialize bytes using this account's information.
Parameters
- bytes: HexInput
  The bytes being interpreted.
Returns FederatedKeylessAccount
- Defined in src/account/FederatedKeylessAccount.ts:108

`Static`partialDeserialize

partialDeserialize(deserializer): {
    address: AccountAddress;
    ephemeralKeyPair: EphemeralKeyPair;
    jwt: string;
    pepper: Uint8Array;
    proof: ZeroKnowledgeSig;
    uidKey: string;
    verificationKeyHash?: Uint8Array;
}
Parameters
- deserializer: Deserializer
Returns {
    address: AccountAddress;
    ephemeralKeyPair: EphemeralKeyPair;
    jwt: string;
    pepper: Uint8Array;
    proof: ZeroKnowledgeSig;
    uidKey: string;
    verificationKeyHash?: Uint8Array;
}
- address: AccountAddress
- ephemeralKeyPair: EphemeralKeyPair
- jwt: string
- pepper: Uint8Array
- proof: ZeroKnowledgeSig
- uidKey: string
- OptionalverificationKeyHash?: Uint8Array
Inherited from AbstractKeylessAccount.partialDeserialize
- Defined in src/account/AbstractKeylessAccount.ts:238

Properties

`Readonly`accountAddress

accountAddress: AccountAddress

Account address associated with the account

`Readonly`aud

aud: string

The value of the 'aud' claim on the JWT, also known as client ID. This is the identifier for the dApp's OIDC registration with the identity provider.

`Readonly`ephemeralKeyPair

ephemeralKeyPair: EphemeralKeyPair

The EphemeralKeyPair used to generate sign.

`Readonly`jwt

jwt: string

The JWT token used to derive the account

`Readonly`pepper

pepper: Uint8Array

A value contains 31 bytes of entropy that preserves privacy of the account. Typically fetched from a pepper provider.

proof

proof: undefined | ZeroKnowledgeSig

The zero knowledge signature (if ready) which contains the proof used to validate the EphemeralKeyPair.

`Readonly`proofOrPromise

proofOrPromise: ZeroKnowledgeSig | Promise<ZeroKnowledgeSig>

The proof of the EphemeralKeyPair or a promise that provides the proof. This is used to allow for awaiting on fetching the proof.

`Readonly`publicKey

publicKey: FederatedKeylessPublicKey

The FederatedKeylessPublicKey associated with the account

`Readonly`signingScheme

signingScheme: SigningScheme

Signing scheme used to sign transactions

`Readonly`uidKey

uidKey: string

The claim on the JWT to identify a user. This is typically 'sub' or 'email'.

`Readonly`uidVal

uidVal: string

The value of the uidKey claim on the JWT. This intended to be a stable user identifier.

`Optional` `Readonly`verificationKeyHash

verificationKeyHash?: Uint8Array

The hash of the verification key used to verify the proof. This is optional and can be used to check verifying key rotations which may invalidate the proof.

`Static` `Readonly`PEPPER_LENGTH

PEPPER_LENGTH: number = 31

Class FederatedKeylessAccount

Hierarchy (view full)

Index

Methods

Properties

Methods

bcsToBytes

Returns Uint8Array

bcsToHex

Returns Hex

checkKeylessAccountValidity

Parameters

Returns Promise<void>

init

Parameters

Returns Promise<void>

isExpired

Returns boolean

serialize

Parameters

Returns void

sign

Parameters

Returns KeylessSignature

signTransaction

Parameters

Returns KeylessSignature

signTransactionWithAuthenticator

Parameters

Returns AccountAuthenticatorSingleKey

signWithAuthenticator

Parameters

Returns AccountAuthenticatorSingleKey

toString

Returns string

toStringWithoutPrefix

Returns string

verifySignature

Parameters

message: HexInput

signature: KeylessSignature

Returns boolean

waitForProofFetch

Returns Promise<void>

Staticcreate

Parameters

Optionaladdress?: AccountAddress

ephemeralKeyPair: EphemeralKeyPair

jwkAddress: AccountAddressInput

jwt: string

pepper: HexInput

proof: ZeroKnowledgeSig | Promise<ZeroKnowledgeSig>

OptionalproofFetchCallback?: ProofFetchCallback

OptionaluidKey?: string

OptionalverificationKey?: Groth16VerificationKey

Returns FederatedKeylessAccount

Staticdeserialize

Parameters

Returns FederatedKeylessAccount

StaticfetchJWK

Parameters

aptosConfig: AptosConfig

kid: string

publicKey: KeylessPublicKey | FederatedKeylessPublicKey

Returns Promise<MoveJWK>

Throws

StaticfromBytes

Parameters

Returns FederatedKeylessAccount

StaticpartialDeserialize

Parameters

Returns { address: AccountAddress; ephemeralKeyPair: EphemeralKeyPair; jwt: string; pepper: Uint8Array; proof: ZeroKnowledgeSig; uidKey: string; verificationKeyHash?: Uint8Array; }

address: AccountAddress

ephemeralKeyPair: EphemeralKeyPair

jwt: string

pepper: Uint8Array

proof: ZeroKnowledgeSig

uidKey: string

OptionalverificationKeyHash?: Uint8Array

Properties

`Static`create

`Optional`address?: AccountAddress

`Optional`proofFetchCallback?: ProofFetchCallback

`Optional`uidKey?: string

`Optional`verificationKey?: Groth16VerificationKey

`Static`deserialize

`Static`fetchJWK

`Static`fromBytes

`Static`partialDeserialize

Returns {
address: AccountAddress;
ephemeralKeyPair: EphemeralKeyPair;
jwt: string;
pepper: Uint8Array;
proof: ZeroKnowledgeSig;
uidKey: string;
verificationKeyHash?: Uint8Array;
}

`Optional`verificationKeyHash?: Uint8Array

`Readonly`accountAddress

`Readonly`aud

`Readonly`ephemeralKeyPair

`Readonly`jwt

`Readonly`pepper

`Readonly`proofOrPromise

`Readonly`publicKey

`Readonly`signingScheme

`Readonly`uidKey

`Readonly`uidVal

`Optional` `Readonly`verificationKeyHash

`Static` `Readonly`PEPPER_LENGTH