Class FederatedKeylessAccount

Account implementation for the FederatedKeyless authentication scheme.

Used to represent a FederatedKeyless based account and sign transactions with it.

Use FederatedKeylessAccount.create() to instantiate a KeylessAccount with a JSON Web Token (JWT), proof, EphemeralKeyPair and the address the JSON Web Key Set (JWKS) are installed that will be used to verify the JWT.

When the proof expires or the JWT becomes invalid, the KeylessAccount must be instantiated again with a new JWT, EphemeralKeyPair, and corresponding proof.

Hierarchy (view full)

AbstractKeylessAccount
- FederatedKeylessAccount

Index

Implementation - Account (On-Chain Model)

`Readonly`accountAddress

accountAddress: AccountAddress

Account address associated with the account

`Readonly`aud

aud: string

The value of the 'aud' claim on the JWT, also known as client ID. This is the identifier for the dApp's OIDC registration with the identity provider.

`Readonly`ephemeralKeyPair

ephemeralKeyPair: EphemeralKeyPair

The EphemeralKeyPair used to generate sign.

`Readonly`jwt

jwt: string

The JWT token used to derive the account

`Readonly`pepper

pepper: Uint8Array

A value contains 31 bytes of entropy that preserves privacy of the account. Typically fetched from a pepper provider.

proof

proof: undefined | ZeroKnowledgeSig

The zero knowledge signature (if ready) which contains the proof used to validate the EphemeralKeyPair.

`Readonly`proofOrPromise

proofOrPromise: ZeroKnowledgeSig | Promise<ZeroKnowledgeSig>

The proof of the EphemeralKeyPair or a promise that provides the proof. This is used to allow for awaiting on fetching the proof.

`Readonly`publicKey

publicKey: FederatedKeylessPublicKey

The FederatedKeylessPublicKey associated with the account

`Readonly`signingScheme

signingScheme: SigningScheme = SigningScheme.SingleKey

Signing scheme used to sign transactions

`Readonly`uidKey

uidKey: string

The claim on the JWT to identify a user. This is typically 'sub' or 'email'.

`Readonly`uidVal

uidVal: string

The value of the uidKey claim on the JWT. This intended to be a stable user identifier.

init

init(promise): Promise<void>
This initializes the asynchronous proof fetch
Parameters
- promise: Promise<ZeroKnowledgeSig>
Returns Promise<void>
Emits whether the proof succeeds or fails, but has no return.
Inherited from AbstractKeylessAccount.init
- Defined in src/account/AbstractKeylessAccount.ts:238

isExpired

isExpired(): boolean
Checks if the proof is expired. If so the account must be re-derived with a new EphemeralKeyPair and JWT token.

Returns boolean
boolean
Inherited from AbstractKeylessAccount.isExpired
- Defined in src/account/AbstractKeylessAccount.ts:297

sign

sign(message): KeylessSignature
Sign the given message using Keyless.
Parameters
- message: HexInput
  in HexInput format
Returns KeylessSignature
Signature
Inherited from AbstractKeylessAccount.sign
- Defined in src/account/AbstractKeylessAccount.ts:385

signTransaction

signTransaction(transaction): KeylessSignature
Sign the given transaction with Keyless. Signs the transaction and proof to guard against proof malleability.
Parameters
- transaction: AnyRawTransaction
  the transaction to be signed
Returns KeylessSignature
KeylessSignature
Inherited from AbstractKeylessAccount.signTransaction
- Defined in src/account/AbstractKeylessAccount.ts:418

signTransactionWithAuthenticator

signTransactionWithAuthenticator(transaction): AccountAuthenticatorSingleKey
Sign a transaction using Keyless.
Parameters
- transaction: AnyRawTransaction
  the raw transaction
Returns AccountAuthenticatorSingleKey
the AccountAuthenticator containing the signature of the transaction, together with the account's public key
Inherited from AbstractKeylessAccount.signTransactionWithAuthenticator
- Defined in src/account/AbstractKeylessAccount.ts:321

signWithAuthenticator

signWithAuthenticator(message): AccountAuthenticatorSingleKey
Sign a message using Keyless.
Parameters
- message: HexInput
  the message to sign, as binary input
Returns AccountAuthenticatorSingleKey
the AccountAuthenticator containing the signature, together with the account's public key
Inherited from AbstractKeylessAccount.signWithAuthenticator
- Defined in src/account/AbstractKeylessAccount.ts:308

verifySignature

verifySignature(args): boolean
Note - This function is currently incomplete and should only be used to verify ownership of the KeylessAccount

Verifies a signature given the message.

TODO: Groth16 proof verification
Parameters
- args: {
  message: HexInput;
  signature: KeylessSignature;
  }
  - message: HexInput
    the message that was signed.
  - signature: KeylessSignature
    the KeylessSignature to verify
Returns boolean
boolean
Inherited from AbstractKeylessAccount.verifySignature
- Defined in src/account/AbstractKeylessAccount.ts:444

waitForProofFetch

waitForProofFetch(): Promise<void>
Waits for asynchronous proof fetching to finish.

Returns Promise<void>
Inherited from AbstractKeylessAccount.waitForProofFetch
- Defined in src/account/AbstractKeylessAccount.ts:333

Implementation - BCS

bcsToBytes

bcsToBytes(): Uint8Array
Serializes a Serializable value to its BCS representation. This function is the TypeScript SDK equivalent of bcs::to_bytes in Move.

Returns Uint8Array
the BCS representation of the Serializable instance as a byte buffer.
Inherited from AbstractKeylessAccount.bcsToBytes
- Defined in src/bcs/serializer.ts:33

bcsToHex

bcsToHex(): Hex
Converts the BCS-serialized bytes of a value into a Hex instance. This function provides a Hex representation of the BCS-serialized data for easier handling and manipulation.

Returns Hex
A Hex instance with the BCS-serialized bytes loaded into its underlying Uint8Array.
Inherited from AbstractKeylessAccount.bcsToHex
- Defined in src/bcs/serializer.ts:46

Constructors

constructor

new FederatedKeylessAccount(args): FederatedKeylessAccount
Use the static generator FederatedKeylessAccount.create(...) instead. Creates a KeylessAccount instance using the provided parameters. This function allows you to set up a KeylessAccount with specific attributes such as address, proof, and JWT.
Parameters
- args: {
      address?: AccountAddress;
      aud: string;
      audless?: boolean;
      ephemeralKeyPair: EphemeralKeyPair;
      iss: string;
      jwkAddress: AccountAddress;
      jwt: string;
      pepper: HexInput;
      proof: ZeroKnowledgeSig | Promise<ZeroKnowledgeSig>;
      proofFetchCallback?: ProofFetchCallback;
      uidKey: string;
      uidVal: string;
      verificationKeyHash?: HexInput;
  }
  The parameters for creating a KeylessAccount.
  - Optionaladdress?: AccountAddress
    Optional account address associated with the KeylessAccount.
  - aud: string
  - Optionalaudless?: boolean
  - ephemeralKeyPair: EphemeralKeyPair
    The ephemeral key pair used in the account creation.
  - iss: string
  - jwkAddress: AccountAddress
    The address which stores the JSON Web Key Set (JWKS) used to verify the JWT.
  - jwt: string
    A JSON Web Token used for authentication.
  - pepper: HexInput
  - proof: ZeroKnowledgeSig | Promise<ZeroKnowledgeSig>
    A Zero Knowledge Signature or a promise that resolves to one.
  - OptionalproofFetchCallback?: ProofFetchCallback
    Optional callback function for fetching proof.
  - uidKey: string
    Optional key for user identification, defaults to "sub".
  - uidVal: string
  - OptionalverificationKeyHash?: HexInput
Returns FederatedKeylessAccount
Overrides AbstractKeylessAccount.constructor
- Defined in src/account/FederatedKeylessAccount.ts:50

Methods

checkKeylessAccountValidity

checkKeylessAccountValidity(aptosConfig): Promise<void>
Validates that the Keyless Account can be used to sign transactions.
Parameters
- aptosConfig: AptosConfig
Returns Promise<void>
Inherited from AbstractKeylessAccount.checkKeylessAccountValidity
- Defined in src/account/AbstractKeylessAccount.ts:343

getAnyPublicKey

getAnyPublicKey(): AnyPublicKey
Returns AnyPublicKey
Inherited from AbstractKeylessAccount.getAnyPublicKey
- Defined in src/account/AbstractKeylessAccount.ts:228

serialize

serialize(serializer): void
Serializes the transaction data into a format suitable for transmission or storage. This function ensures that both the transaction bytes and the proof are properly serialized.
Parameters
- serializer: Serializer
  The serializer instance used to convert the transaction data into bytes.
Returns void
Overrides AbstractKeylessAccount.serialize
- Defined in src/account/FederatedKeylessAccount.ts:77

toString

toString(): string
Returns the hex string representation of the Serializable value with the 0x prefix.

Returns string
the hex formatas a string prefixed by 0x.
Inherited from AbstractKeylessAccount.toString
- Defined in src/bcs/serializer.ts:63

toStringWithoutPrefix

toStringWithoutPrefix(): string
Returns the hex string representation of the Serializable value without the 0x prefix.

Returns string
the hex format as a string without 0x prefix.
Inherited from AbstractKeylessAccount.toStringWithoutPrefix
- Defined in src/bcs/serializer.ts:55

`Static`create

create(args): FederatedKeylessAccount
Creates a KeylessAccount instance using the provided parameters. This function allows you to set up a KeylessAccount with specific attributes such as address, proof, and JWT. This is used instead of the KeylessAccount constructor.
Parameters
- args: {
      address?: AccountAddress;
      ephemeralKeyPair: EphemeralKeyPair;
      jwkAddress: AccountAddressInput;
      jwt: string;
      pepper: HexInput;
      proof: ZeroKnowledgeSig | Promise<ZeroKnowledgeSig>;
      proofFetchCallback?: ProofFetchCallback;
      uidKey?: string;
      verificationKey?: Groth16VerificationKey;
  }
  The parameters for creating a KeylessAccount.
  - Optionaladdress?: AccountAddress
    Optional account address associated with the KeylessAccount.
  - ephemeralKeyPair: EphemeralKeyPair
    The ephemeral key pair used in the account creation.
  - jwkAddress: AccountAddressInput
    The address which stores the JSON Web Key Set (JWKS) used to verify the JWT.
  - jwt: string
    A JSON Web Token used for authentication.
  - pepper: HexInput
  - proof: ZeroKnowledgeSig | Promise<ZeroKnowledgeSig>
    A Zero Knowledge Signature or a promise that resolves to one.
  - OptionalproofFetchCallback?: ProofFetchCallback
    Optional callback function for fetching proof.
  - OptionaluidKey?: string
    Optional key for user identification, defaults to "sub".
  - OptionalverificationKey?: Groth16VerificationKey
Returns FederatedKeylessAccount
- Defined in src/account/FederatedKeylessAccount.ts:133

`Static`deserialize

deserialize(deserializer): FederatedKeylessAccount
Deserializes the provided deserializer to create a KeylessAccount instance. This function extracts necessary components such as the JWT, UID key, pepper, ephemeral key pair, and proof from the deserializer.
Parameters
- deserializer: Deserializer
  The deserializer instance used to retrieve the serialized data.
Returns FederatedKeylessAccount
A KeylessAccount instance created from the deserialized data.
- Defined in src/account/FederatedKeylessAccount.ts:89

`Static`fetchJWK

fetchJWK(args): Promise<MoveJWK>
Fetches the JWK from the issuer's well-known JWKS endpoint.
Parameters
- args: {
      aptosConfig: AptosConfig;
      kid: string;
      publicKey: KeylessPublicKey | FederatedKeylessPublicKey;
  }
  - aptosConfig: AptosConfig
  - kid: string
    The kid of the JWK to fetch
  - publicKey: KeylessPublicKey | FederatedKeylessPublicKey
    The keyless public key to query
Returns Promise<MoveJWK>
A JWK matching the kid in the JWT header.

Throws
If the JWK cannot be fetched
Inherited from AbstractKeylessAccount.fetchJWK
- Defined in src/account/AbstractKeylessAccount.ts:463

`Static`fromBytes

fromBytes(bytes): FederatedKeylessAccount
Deserialize bytes using this account's information.
Parameters
- bytes: HexInput
  The bytes being interpreted.
Returns FederatedKeylessAccount
- Defined in src/account/FederatedKeylessAccount.ts:115

`Static`partialDeserialize

partialDeserialize(deserializer): {
    address: AccountAddress;
    ephemeralKeyPair: EphemeralKeyPair;
    jwt: string;
    pepper: Uint8Array;
    proof: ZeroKnowledgeSig;
    uidKey: string;
    verificationKeyHash?: Uint8Array;
}
Parameters
- deserializer: Deserializer
Returns {
    address: AccountAddress;
    ephemeralKeyPair: EphemeralKeyPair;
    jwt: string;
    pepper: Uint8Array;
    proof: ZeroKnowledgeSig;
    uidKey: string;
    verificationKeyHash?: Uint8Array;
}
- address: AccountAddress
- ephemeralKeyPair: EphemeralKeyPair
- jwt: string
- pepper: Uint8Array
- proof: ZeroKnowledgeSig
- uidKey: string
- OptionalverificationKeyHash?: Uint8Array
Inherited from AbstractKeylessAccount.partialDeserialize
- Defined in src/account/AbstractKeylessAccount.ts:270

Properties

`Readonly`audless

audless: boolean

`Optional` `Readonly`verificationKeyHash

verificationKeyHash?: Uint8Array

The hash of the verification key used to verify the proof. This is optional and can be used to check verifying key rotations which may invalidate the proof.

`Static` `Readonly`PEPPER_LENGTH

PEPPER_LENGTH: number = 31

Class FederatedKeylessAccount

Hierarchy (view full)

Index

Implementation - Account (On-Chain Model)

Implementation - BCS

Constructors

Methods

Properties

Implementation - Account (On-Chain Model)

ReadonlyaccountAddress

Readonlyaud

ReadonlyephemeralKeyPair

Readonlyjwt

Readonlypepper

proof

ReadonlyproofOrPromise

ReadonlypublicKey

ReadonlysigningScheme

ReadonlyuidKey

ReadonlyuidVal

init

Parameters

Returns Promise<void>

isExpired

Returns boolean

sign

Parameters

Returns KeylessSignature

signTransaction

Parameters

Returns KeylessSignature

signTransactionWithAuthenticator

Parameters

Returns AccountAuthenticatorSingleKey

signWithAuthenticator

Parameters

Returns AccountAuthenticatorSingleKey

verifySignature

Parameters

message: HexInput

signature: KeylessSignature

Returns boolean

waitForProofFetch

Returns Promise<void>

Implementation - BCS

bcsToBytes

Returns Uint8Array

bcsToHex

Returns Hex

Constructors

constructor

Parameters

Optionaladdress?: AccountAddress

aud: string

Optionalaudless?: boolean

ephemeralKeyPair: EphemeralKeyPair

iss: string

jwkAddress: AccountAddress

jwt: string

pepper: HexInput

proof: ZeroKnowledgeSig | Promise<ZeroKnowledgeSig>

OptionalproofFetchCallback?: ProofFetchCallback

uidKey: string

uidVal: string

OptionalverificationKeyHash?: HexInput

Returns FederatedKeylessAccount

Methods

checkKeylessAccountValidity

Parameters

Returns Promise<void>

getAnyPublicKey

Returns AnyPublicKey

serialize

Parameters

Returns void

toString

Returns string

toStringWithoutPrefix

Returns string

Staticcreate

`Readonly`accountAddress

`Readonly`aud

`Readonly`ephemeralKeyPair

`Readonly`jwt

`Readonly`pepper

`Readonly`proofOrPromise

`Readonly`publicKey

`Readonly`signingScheme

`Readonly`uidKey

`Readonly`uidVal

`Optional`address?: AccountAddress

`Optional`audless?: boolean

`Optional`proofFetchCallback?: ProofFetchCallback

`Optional`verificationKeyHash?: HexInput

`Static`create

`Optional`address?: AccountAddress

`Optional`proofFetchCallback?: ProofFetchCallback

`Optional`uidKey?: string

`Optional`verificationKey?: Groth16VerificationKey

`Static`deserialize

`Static`fetchJWK

`Static`fromBytes

`Static`partialDeserialize

Returns {
address: AccountAddress;
ephemeralKeyPair: EphemeralKeyPair;
jwt: string;
pepper: Uint8Array;
proof: ZeroKnowledgeSig;
uidKey: string;
verificationKeyHash?: Uint8Array;
}

`Optional`verificationKeyHash?: Uint8Array

`Readonly`audless

`Optional` `Readonly`verificationKeyHash

`Static` `Readonly`PEPPER_LENGTH