Skip to content

KeyAuthorization Types

KeyAuthorization.Input

Input type for a Key Authorization.

Source: src/tempo/KeyAuthorization.ts

KeyAuthorization.KeyAuthorization

Key authorization for provisioning access keys.

Access keys allow a root key (e.g., a passkey) to delegate transaction signing to secondary keys with customizable permissions including expiry timestamps and per-TIP-20 token spending limits. This enables a user to sign transactions without repeated passkey prompts.

The root key signs a KeyAuthorization to grant an access key permission to sign transactions on its behalf. The authorization is attached to a transaction (which can be signed by the access key itself), and the protocol validates the authorization before storing the key in the AccountKeychain precompile.

Key authorization fields: - address: Address derived from the access key's public key (the "key ID") - chainId: Chain ID for replay protection (0 = valid on any chain) - expiry: Unix timestamp when the key expires (undefined = never expires) - limits: Per-TIP-20 token spending limits (only applies to transfer() and approve() calls) - type: Key type (secp256k1, p256, or webAuthn)

Access Keys Specification

Source: src/tempo/KeyAuthorization.ts

KeyAuthorization.Rpc

RPC representation matching the node's wire format.

Source: src/tempo/KeyAuthorization.ts

KeyAuthorization.RpcCallScope

RPC representation of a call scope (matches node's CallScope serde).

Source: src/tempo/KeyAuthorization.ts

KeyAuthorization.RpcSelectorRule

RPC representation of a selector rule (matches node's SelectorRule serde).

Source: src/tempo/KeyAuthorization.ts

KeyAuthorization.RpcTokenLimit

RPC representation of a token limit (matches node's TokenLimit serde).

Source: src/tempo/KeyAuthorization.ts

KeyAuthorization.Scope

Call scope entry restricting which contract, selector, and recipients an access key can use.

Multiple entries with the same address are grouped by target on the wire.

  • { address } = any selector on this contract - { address, selector } = specific selector - { address, selector, recipients } = selector + recipient constraint

TIP-1011 Specification

Source: src/tempo/KeyAuthorization.ts

KeyAuthorization.Signed

Signed representation of a Key Authorization.

Source: src/tempo/KeyAuthorization.ts

KeyAuthorization.TokenLimit

Token spending limit for access keys.

Defines a per-TIP-20 token spending limit for an access key. Limits deplete as tokens are spent and can be updated by the root key via updateSpendingLimit().

Access Keys Specification

Source: src/tempo/KeyAuthorization.ts

KeyAuthorization.Tuple

Tuple representation of a Key Authorization.

Source: src/tempo/KeyAuthorization.ts