diff --git a/apps/demo-pkp-social-auth-next-ts/package.json b/apps/demo-pkp-social-auth-next-ts/package.json index bac4aea922..608be6940c 100644 --- a/apps/demo-pkp-social-auth-next-ts/package.json +++ b/apps/demo-pkp-social-auth-next-ts/package.json @@ -9,11 +9,12 @@ "lint": "next lint" }, "dependencies": { - "@lit-protocol/auth-helpers": "^3.0.6", - "@lit-protocol/constants": "^3.0.6", - "@lit-protocol/lit-auth-client": "^3.0.6", - "@lit-protocol/pkp-ethers": "^3.0.6", - "@lit-protocol/types": "^3.0.6", + "@lit-protocol/auth-helpers": "3.0.21", + "@lit-protocol/constants": "3.0.21", + "@lit-protocol/contracts-sdk": "^3.0.21", + "@lit-protocol/lit-auth-client": "3.0.21", + "@lit-protocol/pkp-ethers": "3.0.21", + "@lit-protocol/types": "3.0.21", "@radix-ui/react-radio-group": "^1.1.3", "@stytch/nextjs": "^11.0.0", "@stytch/vanilla-js": "^2.2.0", diff --git a/apps/demo-pkp-social-auth-next-ts/src/hooks/useSession.ts b/apps/demo-pkp-social-auth-next-ts/src/hooks/useSession.ts index eb36b159b6..854116a438 100644 --- a/apps/demo-pkp-social-auth-next-ts/src/hooks/useSession.ts +++ b/apps/demo-pkp-social-auth-next-ts/src/hooks/useSession.ts @@ -4,6 +4,8 @@ import { getSessionSigs } from '../utils/lit'; import { LitAbility, LitActionResource } from '@lit-protocol/auth-helpers'; import { IRelayPKP } from '@lit-protocol/types'; import { SessionSigs } from '@lit-protocol/types'; +import { LitContracts } from '@lit-protocol/contracts-sdk'; +import { LitAuthClient } from '@lit-protocol/lit-auth-client'; export default function useSession() { const [sessionSigs, setSessionSigs] = useState(); @@ -30,6 +32,26 @@ export default function useSession() { Date.now() + 1000 * 60 * 60 * 24 * 7 ).toISOString(); // 1 week + // -- check permissions + const contractClient = new LitContracts(); + await contractClient.connect(); + + const authId = await LitAuthClient.getAuthIdByAuthMethod(authMethod); + + const scopes = await contractClient.pkpPermissionsContract.read.getPermittedAuthMethodScopes( + pkp.tokenId, + authMethod.authMethodType, + authId, + 3 + ); + + if (!scopes[1] && !scopes[2]) { + const msg = `Your PKP does not have the required permissions! Please use the 'addPermittedAuthMethodScope' method from the PKPPermissions contract to add the required permissions.\nRead more at https://developer.litprotocol.com/v3/sdk/wallets/auth-methods/#auth-method-scopes`; + console.error(msg); + alert(msg); + return; + } + // Generate session sigs const sessionSigs = await getSessionSigs({ pkpPublicKey: pkp.publicKey, diff --git a/apps/demo-pkp-social-auth-next-ts/src/utils/lit.ts b/apps/demo-pkp-social-auth-next-ts/src/utils/lit.ts index d97c64cb4a..16c2671f3a 100644 --- a/apps/demo-pkp-social-auth-next-ts/src/utils/lit.ts +++ b/apps/demo-pkp-social-auth-next-ts/src/utils/lit.ts @@ -12,6 +12,7 @@ import { AuthMethod, GetSessionSigsProps, IRelayPKP, + MintRequestBody, SessionSigs, } from '@lit-protocol/types'; @@ -180,6 +181,7 @@ export async function getSessionSigs({ authMethod: AuthMethod; sessionSigsParams: GetSessionSigsProps; }): Promise { + // const provider = getProviderByAuthMethod(authMethod); // if (provider) { // const sessionSigs = await provider.getSessionSigs({ @@ -236,6 +238,10 @@ export async function getPKPs(authMethod: AuthMethod): Promise { export async function mintPKP(authMethod: AuthMethod): Promise { const provider = getProviderByAuthMethod(authMethod); + const authMethodScopePrompt = prompt('Enter the auth method scope.\n0 - no permissions\n1 - to sign anything\n2 - to only sign messages. \n\nRead more at https://developer.litprotocol.com/v3/sdk/wallets/auth-methods/#auth-method-scopes'); + const authMethodScope = parseInt(authMethodScopePrompt); + console.log("authMethodScope:", authMethodScope); + let txHash: string; if (authMethod.authMethodType === AuthMethodType.WebAuthn) { @@ -245,10 +251,14 @@ export async function mintPKP(authMethod: AuthMethod): Promise { // Verify registration and mint PKP through relay server txHash = await ( provider as WebAuthnProvider - ).verifyAndMintPKPThroughRelayer(options); + ).verifyAndMintPKPThroughRelayer(options, { + permittedAuthMethodScopes: [[authMethodScope]], + }); } else { // Mint PKP through relay server - txHash = await provider.mintPKPThroughRelayer(authMethod); + txHash = await provider.mintPKPThroughRelayer(authMethod, { + permittedAuthMethodScopes: [[authMethodScope]], + }); } const response = await provider.relay.pollRequestUntilTerminalState(txHash); diff --git a/packages/lit-auth-client/src/lib/providers/BaseProvider.ts b/packages/lit-auth-client/src/lib/providers/BaseProvider.ts index 84ba1a702c..92f2587e44 100644 --- a/packages/lit-auth-client/src/lib/providers/BaseProvider.ts +++ b/packages/lit-auth-client/src/lib/providers/BaseProvider.ts @@ -71,6 +71,7 @@ export abstract class BaseProvider { * Mint a new PKP for the given auth method through the relay server * * @param {AuthMethod} authMethod - Auth method object + * @param {MintRequestBody} [customArgs] - Extra data to overwrite default params * * @returns {Promise} - Mint transaction hash */ diff --git a/packages/lit-auth-client/src/lib/providers/WebAuthnProvider.ts b/packages/lit-auth-client/src/lib/providers/WebAuthnProvider.ts index f6e712ed4e..d1710cf85c 100644 --- a/packages/lit-auth-client/src/lib/providers/WebAuthnProvider.ts +++ b/packages/lit-auth-client/src/lib/providers/WebAuthnProvider.ts @@ -43,7 +43,8 @@ export default class WebAuthnProvider extends BaseProvider { * Mint PKP with verified registration data * * @param {PublicKeyCredentialCreationOptionsJSON} options - Registration options to pass to the authenticator - * + * @param {MintRequestBody} [customArgs] - Extra data to overwrite default params + * * @returns {Promise} - Mint transaction hash */ public async verifyAndMintPKPThroughRelayer( @@ -74,6 +75,7 @@ export default class WebAuthnProvider extends BaseProvider { sendPkpToItself: true, }; + const args = { ...defaultArgs, ...customArgs