Class FederatedKeylessAccount

Account implementation for the FederatedKeyless authentication scheme.

Used to represent a FederatedKeyless based account and sign transactions with it.

Use FederatedKeylessAccount.create() to instantiate a KeylessAccount with a JSON Web Token (JWT), proof, EphemeralKeyPair and the address the JSON Web Key Set (JWKS) are installed that will be used to verify the JWT.

When the proof expires or the JWT becomes invalid, the KeylessAccount must be instantiated again with a new JWT, EphemeralKeyPair, and corresponding proof.

Hierarchy (View Summary, Expand)

Implementation - Account (On-Chain Model)

accountAddress aud ephemeralKeyPair jwt pepper proof proofOrPromise publicKey signingScheme uidKey uidVal init isExpired sign signTransaction signTransactionWithAuthenticator signWithAuthenticator verifySignature verifySignatureAsync waitForProofFetch

Implementation - BCS

bcsToBytes bcsToHex

Constructors

constructor

Methods

checkKeylessAccountValidity getAnyPublicKey getSigningMessage serialize toString toStringWithoutPrefix create deserialize fetchJWK fromBytes partialDeserialize

Properties

audless verificationKeyHash? PEPPER_LENGTH

Implementation - Account (On-Chain Model)

ReadonlyaccountAddress

accountAddress: AccountAddress

Account address associated with the account

Readonlyaud

aud: string

The value of the 'aud' claim on the JWT, also known as client ID. This is the identifier for the dApp's OIDC registration with the identity provider.

ReadonlyephemeralKeyPair

ephemeralKeyPair: EphemeralKeyPair

The EphemeralKeyPair used to generate sign.

Readonlyjwt

jwt: string

The JWT token used to derive the account

Readonlypepper

pepper: Uint8Array

A value contains 31 bytes of entropy that preserves privacy of the account. Typically fetched from a pepper provider.

proof

proof: undefined | ZeroKnowledgeSig

The zero knowledge signature (if ready) which contains the proof used to validate the EphemeralKeyPair.

ReadonlyproofOrPromise

proofOrPromise: ZeroKnowledgeSig | Promise<ZeroKnowledgeSig>

The proof of the EphemeralKeyPair or a promise that provides the proof. This is used to allow for awaiting on fetching the proof.

ReadonlypublicKey

publicKey: FederatedKeylessPublicKey

The FederatedKeylessPublicKey associated with the account

ReadonlysigningScheme

signingScheme: SigningScheme = SigningScheme.SingleKey

Signing scheme used to sign transactions

ReadonlyuidKey

uidKey: string

The claim on the JWT to identify a user. This is typically 'sub' or 'email'.

ReadonlyuidVal

uidVal: string

The value of the uidKey claim on the JWT. This intended to be a stable user identifier.

init

isExpired

sign

signTransaction

signTransactionWithAuthenticator

signWithAuthenticator

verifySignature

verifySignatureAsync

  • verifySignatureAsync(
        args: {
            aptosConfig: AptosConfig;
            message: HexInput;
            options?: { throwErrorWithReason?: boolean };
            signature: KeylessSignature;
        },
    ): Promise<boolean>

    Verify the given message and signature with the public key. It fetches any on chain state if needed for verification.

    Parameters

    • args: {
          aptosConfig: AptosConfig;
          message: HexInput;
          options?: { throwErrorWithReason?: boolean };
          signature: KeylessSignature;
      }

      The arguments for verifying the signature.

      • aptosConfig: AptosConfig

        The configuration object for connecting to the Aptos network

      • message: HexInput

        Raw message data in HexInput format.

      • Optionaloptions?: { throwErrorWithReason?: boolean }
      • signature: KeylessSignature

        Signed message signature.

    Returns Promise<boolean>

    A boolean indicating whether the signature is valid.

waitForProofFetch

Implementation - BCS

bcsToBytes

  • bcsToBytes(): Uint8Array

    Serializes a Serializable value to its BCS representation. This function is the TypeScript SDK equivalent of bcs::to_bytes in Move.

    Returns Uint8Array

    the BCS representation of the Serializable instance as a byte buffer.

bcsToHex

  • bcsToHex(): Hex

    Converts the BCS-serialized bytes of a value into a Hex instance. This function provides a Hex representation of the BCS-serialized data for easier handling and manipulation.

    Returns Hex

    A Hex instance with the BCS-serialized bytes loaded into its underlying Uint8Array.

Constructors

constructor

  • new FederatedKeylessAccount(
        args: {
            address?: AccountAddress;
            aud: string;
            audless?: boolean;
            ephemeralKeyPair: EphemeralKeyPair;
            iss: string;
            jwkAddress: AccountAddress;
            jwt: string;
            pepper: HexInput;
            proof: ZeroKnowledgeSig | Promise<ZeroKnowledgeSig>;
            proofFetchCallback?: ProofFetchCallback;
            uidKey: string;
            uidVal: string;
            verificationKeyHash?: HexInput;
        },
    ): FederatedKeylessAccount

    Use the static generator FederatedKeylessAccount.create(...) instead. Creates a KeylessAccount instance using the provided parameters. This function allows you to set up a KeylessAccount with specific attributes such as address, proof, and JWT.

    Parameters

    • args: {
          address?: AccountAddress;
          aud: string;
          audless?: boolean;
          ephemeralKeyPair: EphemeralKeyPair;
          iss: string;
          jwkAddress: AccountAddress;
          jwt: string;
          pepper: HexInput;
          proof: ZeroKnowledgeSig | Promise<ZeroKnowledgeSig>;
          proofFetchCallback?: ProofFetchCallback;
          uidKey: string;
          uidVal: string;
          verificationKeyHash?: HexInput;
      }

      The parameters for creating a KeylessAccount.

      • Optionaladdress?: AccountAddress

        Optional account address associated with the KeylessAccount.

      • aud: string
      • Optionalaudless?: boolean
      • ephemeralKeyPair: EphemeralKeyPair

        The ephemeral key pair used in the account creation.

      • iss: string
      • jwkAddress: AccountAddress

        The address which stores the JSON Web Key Set (JWKS) used to verify the JWT.

      • jwt: string

        A JSON Web Token used for authentication.

      • pepper: HexInput
      • proof: ZeroKnowledgeSig | Promise<ZeroKnowledgeSig>

        A Zero Knowledge Signature or a promise that resolves to one.

      • OptionalproofFetchCallback?: ProofFetchCallback

        Optional callback function for fetching proof.

      • uidKey: string

        Optional key for user identification, defaults to "sub".

      • uidVal: string
      • OptionalverificationKeyHash?: HexInput

    Returns FederatedKeylessAccount

Methods

checkKeylessAccountValidity

getAnyPublicKey

getSigningMessage

serialize

toString

toStringWithoutPrefix

Staticcreate

Staticdeserialize

StaticfetchJWK

StaticfromBytes

StaticpartialDeserialize

Properties

Readonlyaudless

audless: boolean

Optional ReadonlyverificationKeyHash

verificationKeyHash?: Uint8Array<ArrayBufferLike>

The hash of the verification key used to verify the proof. This is optional and can be used to check verifying key rotations which may invalidate the proof.

Static ReadonlyPEPPER_LENGTH

PEPPER_LENGTH: number = 31

Settings

Member Visibility

On This Page

Implementation - Account (On-Chain Model)
Implementation - BCS
Constructors
Methods
Properties
MMNEPVFCICPMFPCPTTAAATR