Class KeylessAccount

Account implementation for the Keyless authentication scheme.

Used to represent a Keyless based account and sign transactions with it.

Use KeylessAccount.create() to instantiate a KeylessAccount with a JWT, proof and EphemeralKeyPair.

When the proof expires or the JWT becomes invalid, the KeylessAccount must be instantiated again with a new JWT, EphemeralKeyPair, and corresponding proof.

Hierarchy (View Summary, Expand)

Implementation - Account (On-Chain Model)

constructor accountAddress aud ephemeralKeyPair jwt pepper proof proofOrPromise publicKey signingScheme uidKey uidVal init isExpired serialize sign signTransaction signTransactionWithAuthenticator signWithAuthenticator verifySignature verifySignatureAsync waitForProofFetch create deserialize

Implementation - BCS

bcsToBytes bcsToHex

Methods

checkKeylessAccountValidity getAnyPublicKey getSigningMessage toString toStringWithoutPrefix fetchJWK fromBytes partialDeserialize

Properties

verificationKeyHash? PEPPER_LENGTH

Implementation - Account (On-Chain Model)

constructor

  • new KeylessAccount(
        args: {
            address?: AccountAddress;
            aud: string;
            ephemeralKeyPair: EphemeralKeyPair;
            iss: string;
            jwt: string;
            pepper: HexInput;
            proof: ZeroKnowledgeSig | Promise<ZeroKnowledgeSig>;
            proofFetchCallback?: ProofFetchCallback;
            uidKey: string;
            uidVal: string;
            verificationKeyHash?: HexInput;
        },
    ): KeylessAccount

    Use the static generator create(...) instead. Creates an instance of the KeylessAccount with an optional proof.

    Parameters

    • args: {
          address?: AccountAddress;
          aud: string;
          ephemeralKeyPair: EphemeralKeyPair;
          iss: string;
          jwt: string;
          pepper: HexInput;
          proof: ZeroKnowledgeSig | Promise<ZeroKnowledgeSig>;
          proofFetchCallback?: ProofFetchCallback;
          uidKey: string;
          uidVal: string;
          verificationKeyHash?: HexInput;
      }

      The parameters for creating a KeylessAccount.

      • Optionaladdress?: AccountAddress

        Optional account address associated with the KeylessAccount.

      • aud: string

        The value of the 'aud' claim on the JWT, also known as client ID. This is the identifier for the dApp's OIDC registration with the identity provider.

      • ephemeralKeyPair: EphemeralKeyPair

        The ephemeral key pair used in the account creation.

      • iss: string

        A JWT issuer.

      • jwt: string

        A JSON Web Token used for authentication.

      • pepper: HexInput

        A hexadecimal input used for additional security.

      • proof: ZeroKnowledgeSig | Promise<ZeroKnowledgeSig>

        A Zero Knowledge Signature or a promise that resolves to one.

      • OptionalproofFetchCallback?: ProofFetchCallback

        Optional callback function for fetching proof.

      • uidKey: string

        The claim on the JWT to identify a user. This is typically 'sub' or 'email'.

      • uidVal: string

        The unique id for this user, intended to be a stable user identifier.

      • OptionalverificationKeyHash?: HexInput

    Returns KeylessAccount

ReadonlyaccountAddress

accountAddress: AccountAddress

Account address associated with the account

Readonlyaud

aud: string

The value of the 'aud' claim on the JWT, also known as client ID. This is the identifier for the dApp's OIDC registration with the identity provider.

ReadonlyephemeralKeyPair

ephemeralKeyPair: EphemeralKeyPair

The EphemeralKeyPair used to generate sign.

Readonlyjwt

jwt: string

The JWT token used to derive the account

Readonlypepper

pepper: Uint8Array

A value contains 31 bytes of entropy that preserves privacy of the account. Typically fetched from a pepper provider.

proof

proof: undefined | ZeroKnowledgeSig

The zero knowledge signature (if ready) which contains the proof used to validate the EphemeralKeyPair.

ReadonlyproofOrPromise

proofOrPromise: ZeroKnowledgeSig | Promise<ZeroKnowledgeSig>

The proof of the EphemeralKeyPair or a promise that provides the proof. This is used to allow for awaiting on fetching the proof.

ReadonlypublicKey

publicKey: KeylessPublicKey

The KeylessPublicKey associated with the account

ReadonlysigningScheme

signingScheme: SigningScheme = SigningScheme.SingleKey

Signing scheme used to sign transactions

ReadonlyuidKey

uidKey: string

The claim on the JWT to identify a user. This is typically 'sub' or 'email'.

ReadonlyuidVal

uidVal: string

The value of the uidKey claim on the JWT. This intended to be a stable user identifier.

init

isExpired

serialize

  • serialize(serializer: Serializer): void

    Serializes the transaction data into a format suitable for transmission or storage. This function ensures that both the transaction bytes and the proof are properly serialized.

    Parameters

    • serializer: Serializer

      The serializer instance used to convert the transaction data into bytes.

    Returns void

sign

signTransaction

signTransactionWithAuthenticator

signWithAuthenticator

verifySignature

verifySignatureAsync

  • verifySignatureAsync(
        args: {
            aptosConfig: AptosConfig;
            message: HexInput;
            options?: { throwErrorWithReason?: boolean };
            signature: KeylessSignature;
        },
    ): Promise<boolean>

    Verify the given message and signature with the public key. It fetches any on chain state if needed for verification.

    Parameters

    • args: {
          aptosConfig: AptosConfig;
          message: HexInput;
          options?: { throwErrorWithReason?: boolean };
          signature: KeylessSignature;
      }

      The arguments for verifying the signature.

      • aptosConfig: AptosConfig

        The configuration object for connecting to the Aptos network

      • message: HexInput

        Raw message data in HexInput format.

      • Optionaloptions?: { throwErrorWithReason?: boolean }
      • signature: KeylessSignature

        Signed message signature.

    Returns Promise<boolean>

    A boolean indicating whether the signature is valid.

waitForProofFetch

Staticcreate

Staticdeserialize

  • deserialize(deserializer: Deserializer): KeylessAccount

    Deserializes the provided deserializer to create a KeylessAccount instance. This function extracts necessary components such as the JWT, UID key, pepper, ephemeral key pair, and proof from the deserializer.

    Parameters

    • deserializer: Deserializer

      The deserializer instance used to retrieve the serialized data.

    Returns KeylessAccount

    A KeylessAccount instance created from the deserialized data.

Implementation - BCS

bcsToBytes

  • bcsToBytes(): Uint8Array

    Serializes a Serializable value to its BCS representation. This function is the TypeScript SDK equivalent of bcs::to_bytes in Move.

    Returns Uint8Array

    the BCS representation of the Serializable instance as a byte buffer.

bcsToHex

  • bcsToHex(): Hex

    Converts the BCS-serialized bytes of a value into a Hex instance. This function provides a Hex representation of the BCS-serialized data for easier handling and manipulation.

    Returns Hex

    A Hex instance with the BCS-serialized bytes loaded into its underlying Uint8Array.

Methods

checkKeylessAccountValidity

getAnyPublicKey

getSigningMessage

toString

toStringWithoutPrefix

StaticfetchJWK

StaticfromBytes

StaticpartialDeserialize

Properties

Optional ReadonlyverificationKeyHash

verificationKeyHash?: Uint8Array<ArrayBufferLike>

The hash of the verification key used to verify the proof. This is optional and can be used to check verifying key rotations which may invalidate the proof.

Static ReadonlyPEPPER_LENGTH

PEPPER_LENGTH: number = 31

Settings

Member Visibility

On This Page

Implementation - Account (On-Chain Model)
Implementation - BCS
Methods
Properties
MMNEPVFCICPMFPCPTTAAATR