Skip to main content

KeylessAccount

aptos_sdk::account

Struct KeylessAccount 

Source 
pub struct KeylessAccount { /* private fields */ }
Available on crate feature keyless only.
Expand description

Account authenticated via OIDC.

Implementations§

Source§

impl KeylessAccount

Source

pub async fn from_jwt( jwt: &str, ephemeral_key: EphemeralKeyPair, pepper_service: &dyn PepperService, prover_service: &dyn ProverService, ) -> AptosResult<Self>

Creates a keyless account from an OIDC JWT token.

This method verifies the JWT signature using the OIDC provider’s JWKS endpoint before extracting claims and creating the account.

§Network Requests

This method makes HTTP requests to:

  • The OIDC provider’s JWKS endpoint to fetch signing keys
  • The pepper service to obtain the pepper
  • The prover service to generate a ZK proof

For more control over network calls and caching, use Self::from_jwt_with_jwks with pre-fetched JWKS.

§Errors

This function will return an error if:

  • The JWT signature verification fails
  • The JWT cannot be decoded or is missing required claims (iss, aud, sub, nonce)
  • The JWT nonce doesn’t match the ephemeral key’s nonce
  • The JWT is expired
  • The JWKS cannot be fetched from the provider (network timeout, DNS failure, connection errors, HTTP errors, or invalid JWKS response)
  • The pepper service fails to return a pepper
  • The prover service fails to generate a proof
Source

pub async fn from_jwt_with_jwks( jwt: &str, jwks: &JwkSet, ephemeral_key: EphemeralKeyPair, pepper_service: &dyn PepperService, prover_service: &dyn ProverService, ) -> AptosResult<Self>

Creates a keyless account from a JWT with pre-fetched JWKS.

This method is useful when you want to:

  • Cache the JWKS to avoid repeated network requests
  • Have more control over HTTP client configuration
  • Implement custom caching strategies based on HTTP cache headers
§Errors

This function will return an error if:

  • The JWT signature verification fails
  • The JWT cannot be decoded or is missing required claims (iss, aud, sub, nonce)
  • The JWT nonce doesn’t match the ephemeral key’s nonce
  • The JWT is expired
  • The pepper service fails to return a pepper
  • The prover service fails to generate a proof
Source

pub fn provider(&self) -> &OidcProvider

Returns the OIDC provider.

Source

pub fn issuer(&self) -> &str

Returns the issuer.

Source

pub fn audience(&self) -> &str

Returns the audience.

Source

pub fn user_id(&self) -> &str

Returns the user identifier (sub claim).

Source

pub fn proof(&self) -> &ZkProof

Returns the proof.

Source

pub fn is_valid(&self) -> bool

Returns true if the account is still valid.

Source

pub async fn refresh_proof( &mut self, jwt: &str, prover_service: &dyn ProverService, ) -> AptosResult<()>

Refreshes the proof using a new JWT.

This method verifies the JWT signature using the OIDC provider’s JWKS endpoint.

§Network Requests

This method makes HTTP requests to fetch the JWKS from the OIDC provider. For more control over network calls and caching, use Self::refresh_proof_with_jwks.

§Errors

Returns an error if:

  • The JWKS cannot be fetched (network timeout, DNS failure, connection errors)
  • The JWT signature verification fails
  • The JWT cannot be decoded
  • The JWT nonce does not match the ephemeral key
  • The JWT identity does not match the account
  • The prover service fails to generate a new proof
Source

pub async fn refresh_proof_with_jwks( &mut self, jwt: &str, jwks: &JwkSet, prover_service: &dyn ProverService, ) -> AptosResult<()>

Refreshes the proof using a new JWT with pre-fetched JWKS.

This method is useful for caching the JWKS or using a custom HTTP client.

§Errors

Returns an error if:

  • The JWT signature verification fails
  • The JWT cannot be decoded
  • The JWT nonce does not match the ephemeral key
  • The JWT identity does not match the account
  • The prover service fails to generate a new proof
Source

pub fn sign_keyless(&self, message: &[u8]) -> KeylessSignature

Signs a message and returns the structured keyless signature.

Trait Implementations§

Source§

impl Account for KeylessAccount

Source§

fn address(&self) -> AccountAddress

Returns the account address.
Source§

fn authentication_key(&self) -> AuthenticationKey

Returns the authentication key.
Source§

fn sign(&self, message: &[u8]) -> AptosResult<Vec<u8>>

Signs a message and returns the signature bytes. Read more
Source§

fn public_key_bytes(&self) -> Vec<u8>

Returns the public key bytes.
Source§

fn signature_scheme(&self) -> u8

Returns the scheme identifier for this account type.
Source§

impl Debug for KeylessAccount

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl From<KeylessAccount> for AnyAccount

Source§

fn from(account: KeylessAccount) -> Self

Converts to this type from the input type.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<A> Sponsor for A
where A: Account,

Source§

fn sponsor<S: Account>( &self, sender: &S, sender_sequence_number: u64, payload: TransactionPayload, chain_id: ChainId, ) -> AptosResult<SignedTransaction>

Sponsors a transaction for another account. Read more
Source§

fn sponsor_with_gas<S: Account>( &self, sender: &S, sender_sequence_number: u64, payload: TransactionPayload, chain_id: ChainId, max_gas_amount: u64, gas_unit_price: u64, ) -> AptosResult<SignedTransaction>

Sponsors a transaction with custom gas settings. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more