Skip to main content

Prerequisites

💰 Need Test Tokens? Visit the Chronicle Yellowstone Faucet to get test tokens for your EOA account.
1

Create an account

// 1. import the useWalletClient function from wagmi
import { useWalletClient } from 'wagmi';

// 2. Use your connected wallet as the account
const { data: myAccount } = useWalletClient();
2

Authenticate with EOA

Use the WalletClientAuthenticator or ViemAccountAuthenticator to authenticate your connected wallet and generate auth data.
import { WalletClientAuthenticator } from '@lit-protocol/auth';

const authData = await WalletClientAuthenticator.authenticate(walletClient);

// Override SIWE fields (e.g., when running on production domains)
const authDataForProd = await WalletClientAuthenticator.authenticate(
  walletClient,
  undefined,
  {
    domain: 'example.com',
    uri: 'https://example.com/login',
  }
);
3

Get or Mint a PKP

You can select an existing PKP associated with your account or mint a new one.
For EOA auth, PKP minting is an on-chain transaction via litClient.mintWithAuth by default. If you run an Auth Service, you can also do a sponsored mint via litClient.authService.mintWithAuth (POST /pkp/mint) so users don’t need gas.
const mintedPkpWithEoaAuth = await litClient.mintWithAuth({
  account: myAccount, // or walletClient depending on method
  authData: authData,
  scopes: ['sign-anything'],
});
4

Generate Auth Context

Use your PKP’s public key to create an AuthContext. This method will cache two things:
  1. session key pair - a temporary cryptographic key pair generated on the client side that acts as a temporary identity for the client application. It consists of:
    • A public key - shared with the Lit nodes
    • A secret key (private key) - kept securely on the client
  2. Delegation AuthSig (aka. the inner auth sig) - a cryptographic attestation from the Lit Protocol nodes that authorises your session key to act on behalf of your PKP.

const authContext = await authManager.createPkpAuthContext({
  authData: authData, // <-- Retrieved earlier
  pkpPublicKey: pkpInfo.pubkey,
  authConfig: {
    resources: [
      ["pkp-signing", "*"],
      ["lit-action-execution", "*"],
    ],
    expiration: new Date(Date.now() + 1000 * 60 * 60 * 24).toISOString(),
    statement: "",
    domain: window.location.origin,
  },
  litClient: litClient,
});

Using EOA Auth Context (without a PKP)

Some Lit SDK operations accept an authContext and can be performed directly with an EOA (without selecting a PKP). For that flow, use authManager.createEoaAuthContext and pass it to the relevant litClient call.