Updates to Minting Programmable Key Pairs (PKPs) with Lit’s Relay Server

We would like to draw your attention to a change in how developers mint PKPs with Lit’s relay server.

If you've been interacting with the relay server using the mintPKPThroughRelayer and fetchPKPsThroughRelayer methods from our @lit-protocol/lit-auth-client package, simply upgrade your packages to version 2.2.49 or higher.

For those using the mintPKP and fetchPKP methods directly via an instance of an IRelay, be aware that the parameters have now changed to body: string. Make sure to format the request body as demonstrated above before invoking these methods.

Check out this example web app that shows how you can mint and use programmable key pairs (PKPs) with social accounts, one-time passwords, and authenticators using the updated @lit-protocol/lit-auth-client library.

Background

There is a new endpoint (/mint-next-and-add-auth-methods) that acts as a thin wrapper around the PKPHelper.mintNextAndAddAuthMethod method. It is important to note that this endpoint does not contain any verification logic. It moves the validation logic from the previous mint and query endpoints to the client side.

Previously, to mint a PKP we recommended using the **/auth/*** endpoints on the relay server. For example, to use a Google ID token to mint a PKP, you send the following request payload to the POST /auth/google endpoint:

{
	"idToken": "<GOOGLE_ID_TOKEN>"
}

Moving forward, developers should perform all necessary parsing and formatting on the client side in order to send the following request payload to the POST /mint-next-and-add-auth-methods endpoint:

{
    "keyType": "<KEY_TYPE>",
    "permittedAuthMethodTypes": ["<PERMITTED_AUTH_METHOD_TYPE>"],
    "permittedAuthMethodIds": ["<PERMITTED_AUTH_METHOD_ID>"],
    "permittedAuthMethodPubkeys": ["<PERMITTED_AUTH_METHOD_PUBKEY>"],
    "permittedAuthMethodScopes": [[0]],
    "addPkpEthAddressAsPermittedAddress": true,
    "sendPkpToItself": false
}

Example payload:

{
    "keyType": "2",
    "permittedAuthMethodTypes": ["6"],
    "permittedAuthMethodIds": ["0xf8b187ef830fd0d8511177bd550f158b975cc2b82e55e2e568de3fd9c6532682"],
    "permittedAuthMethodPubkeys": ["0x"],
    "permittedAuthMethodScopes": [[0]],
    "addPkpEthAddressAsPermittedAddress": true,
    "sendPkpToItself": false
}

For the easiest way to use Lit’s relay server use the mintPKPThroughRelayer and fetchPKPsThroughRelayer methods from @lit-protocol/lit-auth-client version is 2.2.49 or higher.

What’s next

We're not immediately eliminating the previous /auth/* endpoints. We understand that many of you may need time to adjust to the new configuration, and we're committed to ensuring a smooth transition. Therefore, these endpoints will remain operational for the time to support backwards compatibility.

However, if you are using the relay server hosted centrally by Lit, we highly encourage you to begin the process of integrating the new endpoint into your systems as soon as possible.

Once the adoption of the new endpoint has sufficiently increased and stabilized, we plan to remove the old /auth/* endpoints. While we will give ample notice before the old endpoints are taken down, we strongly recommend that you start migrating your systems to the new endpoint as soon as you can to avoid any disruptions.

An alternative if you do not want to update your code, you can host your own relay server should you wish to continue using the /auth/ endpoints. Code to pull to support the deprecated way is in the Wallet Abstraction: Google OAuth x Lit PKP post.

If you have any questions or need assistance with this transition, please do not hesitate to reach out to the team on Discord, Twitter or on GitHub.