Developer Update: Minting PKPs with the Lit SDK V3
Learn how to mint PKPs and assign authorized scopes with the the Lit SDK V3
In the latest version of the Lit SDK, additional permission scoping requirements must be addressed when working with Programmable Key Pairs (PKPs). These scopes allow developers to fine-grain the kinds of data that individual PKPs are allowed to sign and are now required when creating session signatures.
The following guide will walk through the process of assigning permitted scopes to new PKPs (either by minting using the relayer or contracts-sdk), as well as how to assign these scopes to existing PKPs.
You can read more about supported auth methods and minting PKPs in the Lit developer docs.
Prerequisite
The following examples are running on SDK version 3.0.21
Installing the required packages from the Lit SDK
yarn add @lit-protocol/lit-auth-client@cayenne
yarn add @lit-protocol/contracts-sdk@cayenne
Initializing the LitContract instance
import { LitContracts } from '@lit-protocol/contracts-sdk';
// if no signer is provided, it will attempt to use window.etheruem
const contractClient = new LitContracts({ signer });
await contractClient.connect();
1. Creating new PKPs and adding permitted scopes
Generating PKPs with the contracts-sdk
import { AuthMethodScope } from '@lit-protocol/constants';
const authMethod = {
authMethodType: AuthMethodType.EthWallet,
accessToken: '...',
};
const mintInfo = await contractClient.mintWithAuth({
authMethod: authMethod,
scopes: [
// AuthMethodScope.NoPermissions,
AuthMethodScope.SignAnything,
AuthMethodScope.OnlySignMessages
],
});
// output:
{
pkp: {
tokenId: string;
publicKey: string;
ethAddress: string;
};
tx: ethers.ContractReceipt;
}
Generating PKPs using the relayer
*Note: You'll need an API key to use the Lit Relayer. To get an API key, please fill out this form. The Lit Relayer is ran centrally by the Lit development team. It is recommended that you mint PKPs using the contract] directly, using the example above.
import { AuthMethodScope, AuthMethodType } from '@lit-protocol/constants';
const authProvider = litAuthClient.initProvider(ProviderType.EthWallet);
const authMethod = {
authMethodType: AuthMethodType.EthWallet,
accessToken: ...,
};
// -- setting scope for the auth method
// <https://developer.litprotocol.com/v3/sdk/wallets/auth-methods/#auth-method-scopes>
const options = {
permittedAuthMethodScopes: [[AuthMethodScope.SignAnything]],
};
const mintTx = await authProvider.mintPKPThroughRelayer(
authMethod,
options
);
2. Adding permitted scopes to existing PKPs
Start by verifying the scopes:
import { LitAuthClient } from '@lit-protocol/lit-auth-client';
import { LitContracts } from '@lit-protocol/contracts-sdk';
import { AuthMethodScope, AuthMethodType } from '@lit-protocol/constants';
const authMethod = {
authMethodType: AuthMethodType.EthWallet,
accessToken: ...,
};
const authId = LitAuthClient.getAuthIdByAuthMethod(authMethod);
const scopes = await contractClient.pkpPermissionsContract.read.getPermittedAuthMethodScopes(
tokenId,
AuthMethodType.EthWallet,
authId,
3 // there are only 2 scope numbers atm. and index 0 doesn't count
);
// -- validate both scopes should be false
if (scopes[1] !== false) {
return fail('scope 1 (sign anything) should be false');
}
if (scopes[2] !== false) {
return fail('scope 2 (only sign messages) should be false');
}
Next, set the scopes:
import { LitAuthClient } from '@lit-protocol/lit-auth-client';
import { LitContracts } from '@lit-protocol/contracts-sdk';
import { AuthMethodScope, AuthMethodType } from '@lit-protocol/constants';
const authMethod = {
authMethodType: xx,
accessToken: xxx,
};
const authId = LitAuthClient.getAuthIdByAuthMethod(authMethod);
const setScopeTx =
await contractClient.pkpPermissionsContract.write.addPermittedAuthMethodScope(
tokenId,
AuthMethodType.EthWallet,
authId,
AuthMethodScope.SignAnything
);
await setScopeTx.wait();
Demos:
To learn more, check out the following demos:
- Minting a PKP with an auth method and permitted scopes (Easy)
- Minting a PKP with an auth method and permitted scopes (Advanced)
- Minting a PKP with no permissions, then add permitted scopes
- Minting a PKP using the relayer, adding permitted scopes, and getting session sigs
Developer Resources:
- To interact with the Lit smart contracts, you'll need some testnet tokens. These tokens hold no monetary value and should only be used for testing purposes. They should only be claimed from the verified faucet.
- If you are unsure about whether or not your PKPs have permitted scopes, you can use this tool to check.
- You can check PKP permissions from your terminal using the
getlit clitool.
Helpful Links:
- Lit Developer Docs
- Join the Lit Developer Ecosystem on Discord
- Stay up to date with the latest updates on X.