Rewrite Generating SessionSigs Guide
#295
Conversation
❌ Deploy Preview for lit-dev-docs failed.
|
|
This guide is so much more readable and well-documented, @spacesailor24! Per the contribution checklist (on the other ticket linked here), please confirm that someone else at the company runs the code and gets the desired result bug-free. Other than that, if everything @glitch003 mentioned on Slack is addressed, should be good to go. |
| import { LitAccessControlConditionResource } from "@lit-protocol/auth-helpers"; | ||
| ``` | ||
|
|
||
| This resource specifies a Lit Access Control Conditions (ACC) the `ability` is being granted for. Specifying `"*"` grants the `ability` to any ACC, regardless of what the conditions are. To grant the `ability` for a specific ACC, you can specify the hashed key value of the ACC in place of `"*"` like so: |
There was a problem hiding this comment.
@joshLong145 @Ansonhkg How do I get the hashed key value of the ACC to give to LitAccessControlConditionResource when setting resourceAbilityRequests for a Session Sig?
There was a problem hiding this comment.
in the LitAccessControlConditionResource class there's a public static method called generateResourceString which Composes a resource string by hashing access control conditions and appending a data hash.
So:
const accsResourceString =
await LitAccessControlConditionResource.generateResourceString(
accs,
encryptRes.dataToEncryptHash
);
const resourceAbilityRequests = [
{
resource: new LitAccessControlConditionResource(accsResourceString),
ability: LitAbility.AccessControlConditionDecryption,
}];
| <!-- TODO Is this correct? --> | ||
| - `AccessControlConditionSigning` This grants the ability to sign data using threshold signing by the Lit nodes in the network if the Access Control Conditions is satisfied. |
There was a problem hiding this comment.
@joshLong145 I'm not sure if this statement is correct
There was a problem hiding this comment.
@DashKash54 @hwrdtm can you confirm this?
There was a problem hiding this comment.
I think this was used for jwt features hence signing being referred to but we should get confirmation
| # Generating SessionSigs | ||
| # Generating Session Signatures | ||
|
|
||
| [Session signatures](./intro.md) can be obtained using the [getSessionSigs](https://v5.api-docs.getlit.dev/classes/lit_node_client_src.LitNodeClientNodeJs.html#getSessionSigs) method provided by the Lit SDK. This method will generate a _session keypair_ for you locally, and will use the `authNeededCallback` method you specify to sign the session keypair, authorizing it to use the specified [Lit Resources and Abilities](./resources-and-abilities.md) on the Lit network. |
There was a problem hiding this comment.
I think we need to refer to the V6 doc? also we need to think how do we update them automatically in the future. eg. we can use a url shortener/self-host service that can redirect & track all the ref links, and update them all at once.
eg.
bit.ly/v5-doc -> https://v5-foo.getlit.dev
later when we want to update:
bit.ly/v5-doc -> https://v5-bar.getlit.dev
| [Session signatures](./intro.md) can be obtained using the [getSessionSigs](https://v5.api-docs.getlit.dev/classes/lit_node_client_src.LitNodeClientNodeJs.html#getSessionSigs) method provided by the Lit SDK. This method will generate a _session keypair_ for you locally, and will use the `authNeededCallback` method you specify to sign the session keypair, authorizing it to use the specified [Lit Resources and Abilities](./resources-and-abilities.md) on the Lit network. | |
| [Session signatures](./intro.md) can be obtained using the [getSessionSigs](https://v6-api-doc-lit-js-sdk.vercel.app/classes/lit_node_client_src.LitNodeClientNodeJs.html#getSessionSigs) method provided by the Lit SDK. This method will generate a _session keypair_ for you locally, and will use the `authNeededCallback` method you specify to sign the session keypair, authorizing it to use the specified [Lit Resources and Abilities](./resources-and-abilities.md) on the Lit network. |
There was a problem hiding this comment.
yea we should do something like this. good idea @Ansonhkg
| import { LitAccessControlConditionResource } from "@lit-protocol/auth-helpers"; | ||
| ``` | ||
|
|
||
| This resource specifies a Lit Access Control Conditions (ACC) the `ability` is being granted for. Specifying `"*"` grants the `ability` to any ACC, regardless of what the conditions are. To grant the `ability` for a specific ACC, you can specify the hashed key value of the ACC in place of `"*"` like so: |
There was a problem hiding this comment.
in the LitAccessControlConditionResource class there's a public static method called generateResourceString which Composes a resource string by hashing access control conditions and appending a data hash.
So:
const accsResourceString =
await LitAccessControlConditionResource.generateResourceString(
accs,
encryptRes.dataToEncryptHash
);
const resourceAbilityRequests = [
{
resource: new LitAccessControlConditionResource(accsResourceString),
ability: LitAbility.AccessControlConditionDecryption,
}];| <!-- TODO Is this correct? --> | ||
| - `AccessControlConditionSigning` This grants the ability to sign data using threshold signing by the Lit nodes in the network if the Access Control Conditions is satisfied. |
There was a problem hiding this comment.
@DashKash54 @hwrdtm can you confirm this?
|
|
||
| ## Instantiating an Ethers.js Wallet | ||
|
|
||
| Next we'll use our `ETHEREUM_PRIVATE_KEY` constant to instantiate an instance of `ethers.Wallet`: |
There was a problem hiding this comment.
| Next we'll use our `ETHEREUM_PRIVATE_KEY` constant to instantiate an instance of `ethers.Wallet`: | |
| Next we'll use our `ETHEREUM_PRIVATE_KEY` constant to instantiate an instance of `ethers.Wallet`: | |
| > **Note:** When working with Ethereum, you can use various blockchain clients or libraries (such as ethers.js, viem, etc.) to manage your private key and sign messages. As long as the chosen class or library has a `signMessage` function, it can be used effectively. |
| - `"@lit-protocol/auth-helpers": "^6.0.0-beta.3"` | ||
| - `"@lit-protocol/constants": "^6.0.0-beta.3"` | ||
| - `"@lit-protocol/lit-node-client": "^6.0.0-beta.3"` |
There was a problem hiding this comment.
This is now beta.4 perhaps we use a script to update these package versions so we can run it once and update all docs pages to the latest package build.
| This resource specifies what Lit Programmable Key Pair (PKP) the `ability` is being granted for. Specifying `"*"` grants the `ability` for all PKPs. To grant the `ability` for a specific PKP, you can specify the token ID of the PKP in place of `"*"` like so: | ||
|
|
There was a problem hiding this comment.
Should we warn that * permissions are basically no permissions? Since we will allow any pkp to use it if configured like this?
|
@spacesailor24 |
This PR rewrites the existing Generating SessionSigs guide, updating and fixing the code. This is the corresponding PR for the full implementation of the guide