LIT-Protocol · Ansonhkg · Nov 10, 2023 · Nov 10, 2023 · Nov 10, 2023 · Nov 10, 2023
diff --git a/apps/demo-pkp-social-auth-next-ts/package.json b/apps/demo-pkp-social-auth-next-ts/package.json
@@ -9,11 +9,12 @@
     "lint": "next lint"
   },
   "dependencies": {
-    "@lit-protocol/auth-helpers": "^3.0.6",
-    "@lit-protocol/constants": "^3.0.6",
-    "@lit-protocol/lit-auth-client": "^3.0.6",
-    "@lit-protocol/pkp-ethers": "^3.0.6",
-    "@lit-protocol/types": "^3.0.6",
+    "@lit-protocol/auth-helpers": "3.0.21",
+    "@lit-protocol/constants": "3.0.21",
+    "@lit-protocol/contracts-sdk": "^3.0.21",
+    "@lit-protocol/lit-auth-client": "3.0.21",
+    "@lit-protocol/pkp-ethers": "3.0.21",
+    "@lit-protocol/types": "3.0.21",
     "@radix-ui/react-radio-group": "^1.1.3",
     "@stytch/nextjs": "^11.0.0",
     "@stytch/vanilla-js": "^2.2.0",

diff --git a/apps/demo-pkp-social-auth-next-ts/src/hooks/useSession.ts b/apps/demo-pkp-social-auth-next-ts/src/hooks/useSession.ts
@@ -4,6 +4,8 @@ import { getSessionSigs } from '../utils/lit';
 import { LitAbility, LitActionResource } from '@lit-protocol/auth-helpers';
 import { IRelayPKP } from '@lit-protocol/types';
 import { SessionSigs } from '@lit-protocol/types';
+import { LitContracts } from '@lit-protocol/contracts-sdk';
+import { LitAuthClient } from '@lit-protocol/lit-auth-client';
 
 export default function useSession() {
   const [sessionSigs, setSessionSigs] = useState<SessionSigs>();
@@ -30,6 +32,26 @@ export default function useSession() {
           Date.now() + 1000 * 60 * 60 * 24 * 7
         ).toISOString(); // 1 week
 
+        // -- check permissions
+        const contractClient = new LitContracts();
+        await contractClient.connect();
+
+        const authId = await LitAuthClient.getAuthIdByAuthMethod(authMethod);
+
+        const scopes = await contractClient.pkpPermissionsContract.read.getPermittedAuthMethodScopes(
+          pkp.tokenId,
+          authMethod.authMethodType,
+          authId,
+          3
+        );
+
+        if (!scopes[1] && !scopes[2]) {
+          const msg = `Your PKP does not have the required permissions! Please use the 'addPermittedAuthMethodScope' method from the PKPPermissions contract to add the required permissions.\nRead more at https://developer.litprotocol.com/v3/sdk/wallets/auth-methods/#auth-method-scopes`;
+          console.error(msg);
+          alert(msg);
+          return;
+        }
+
         // Generate session sigs
         const sessionSigs = await getSessionSigs({
           pkpPublicKey: pkp.publicKey,

diff --git a/apps/demo-pkp-social-auth-next-ts/src/utils/lit.ts b/apps/demo-pkp-social-auth-next-ts/src/utils/lit.ts
@@ -12,6 +12,7 @@ import {
   AuthMethod,
   GetSessionSigsProps,
   IRelayPKP,
+  MintRequestBody,
   SessionSigs,
 } from '@lit-protocol/types';
 
@@ -180,6 +181,7 @@ export async function getSessionSigs({
   authMethod: AuthMethod;
   sessionSigsParams: GetSessionSigsProps;
 }): Promise<SessionSigs> {
+
   // const provider = getProviderByAuthMethod(authMethod);
   // if (provider) {
   //   const sessionSigs = await provider.getSessionSigs({
@@ -236,6 +238,10 @@ export async function getPKPs(authMethod: AuthMethod): Promise<IRelayPKP[]> {
 export async function mintPKP(authMethod: AuthMethod): Promise<IRelayPKP> {
   const provider = getProviderByAuthMethod(authMethod);
 
+  const authMethodScopePrompt = prompt('Enter the auth method scope.\n0 - no permissions\n1 - to sign anything\n2 - to only sign messages. \n\nRead more at https://developer.litprotocol.com/v3/sdk/wallets/auth-methods/#auth-method-scopes');
+  const authMethodScope = parseInt(authMethodScopePrompt);
+  console.log("authMethodScope:", authMethodScope);
+
   let txHash: string;
 
   if (authMethod.authMethodType === AuthMethodType.WebAuthn) {
@@ -245,10 +251,14 @@ export async function mintPKP(authMethod: AuthMethod): Promise<IRelayPKP> {
     // Verify registration and mint PKP through relay server
     txHash = await (
       provider as WebAuthnProvider
-    ).verifyAndMintPKPThroughRelayer(options);
+    ).verifyAndMintPKPThroughRelayer(options, {
+      permittedAuthMethodScopes: [[authMethodScope]],
+    });
   } else {
     // Mint PKP through relay server
-    txHash = await provider.mintPKPThroughRelayer(authMethod);
+    txHash = await provider.mintPKPThroughRelayer(authMethod, {
+      permittedAuthMethodScopes: [[authMethodScope]],
+    });
   }
 
   const response = await provider.relay.pollRequestUntilTerminalState(txHash);

diff --git a/packages/lit-auth-client/src/lib/providers/BaseProvider.ts b/packages/lit-auth-client/src/lib/providers/BaseProvider.ts
@@ -71,6 +71,7 @@ export abstract class BaseProvider {
    * Mint a new PKP for the given auth method through the relay server
    *
    * @param {AuthMethod} authMethod - Auth method object
+   * @param {MintRequestBody} [customArgs] - Extra data to overwrite default params
    *
    * @returns {Promise<string>} - Mint transaction hash
    */

diff --git a/packages/lit-auth-client/src/lib/providers/WebAuthnProvider.ts b/packages/lit-auth-client/src/lib/providers/WebAuthnProvider.ts
@@ -43,7 +43,8 @@ export default class WebAuthnProvider extends BaseProvider {
    * Mint PKP with verified registration data
    *
    * @param {PublicKeyCredentialCreationOptionsJSON} options - Registration options to pass to the authenticator
-   *
+   * @param {MintRequestBody} [customArgs] - Extra data to overwrite default params
+   * 
    * @returns {Promise<string>} - Mint transaction hash
    */
   public async verifyAndMintPKPThroughRelayer(
@@ -74,6 +75,7 @@ export default class WebAuthnProvider extends BaseProvider {
       sendPkpToItself: true,
     };
 
+
     const args = {
       ...defaultArgs,
       ...customArgs