FT4 Library/lib.ft4.external.auth

Module-level declarations

Types

Link copied to clipboard
struct _auth_handler_client

Represents the information in a core.auth._auth_handler that can be returned to the client.

Queries

Link copied to clipboard
@mount("ft4.get_all_auth_handlers") query get_all_auth_handlers(): list<_auth_handler_client>

Retrieves all registered auth handlers.

Link copied to clipboard
@mount("ft4.get_auth_flags") query get_auth_flags(op_name: text): list<text>

Retrieves the flags field of the auth handler used to authorize the operation specified.

Throws if op_name is not valid or no auth handler can be found for it.

Link copied to clipboard
@mount("ft4.get_auth_handler_for_operation") query get_auth_handler_for_operation(op_name: text): _auth_handler_client

Retrieves the auth handler that must be used to authorize a certain operation.

Throws if op_name is not valid or no auth handler can be found for it.

Link copied to clipboard
@mount("ft4.get_auth_message_template") query get_auth_message_template(op_name: text, op_args: gtv?): text

Retrieves the message template that must be signed by EVM signers.

Throws if op_name is not valid or no auth handler can be found for it.

Link copied to clipboard
@mount("ft4.get_first_allowed_auth_descriptor") query get_first_allowed_auth_descriptor(op_name: text, args: gtv, account_id: byte_array, ad_ids: list<byte_array>): byte_array?

Same as core.auth.get_first_allowed_auth_descriptor.

Throws if the auth handler for this operation is not found or its resolver is a function that throws.

@mount("ft4.get_first_allowed_auth_descriptor_by_signers") query get_first_allowed_auth_descriptor_by_signers(op_name: text, args: gtv, account_id: byte_array, signers: list<byte_array>): byte_array?

Same as core.auth.get_first_allowed_auth_descriptor_by_signers.

Throws if the auth handler for this operation is not found or its resolver is a function that throws.

Link copied to clipboard
@mount("ft4.get_login_config") query get_login_config(name: text?): _login_config

Retrieves the login configuration specified.

Throws "UNKNOWN LOGIN CONFIG" if name is specified but no matching config exists.

Operations

Link copied to clipboard
@mount("ft4.evm_auth") operation evm_auth(account_id: byte_array, auth_descriptor_id: byte_array, signatures: list<signature?>)

For an operation to be authorized by an EVM signer, a specific message must be retrieved using get_auth_message_template. That template will contain some of the following placeholders:

  • core.auth.ACCOUNT_ID_PLACEHOLDER

  • core.auth.AUTH_DESCRIPTOR_ID_PLACEHOLDER

  • core.auth.NONCE_PLACEHOLDER

  • core.auth.BLOCKCHAIN_RID_PLACEHOLDER

Those must be replaced with the corresponding value:

  • the ID of the account and auth descriptor that are currently being used to sign the operation auth message for the first two;

  • a valid nonce, as would be created by utils.derive_nonce with the current counter value of the auth descriptor being used; if multiple operations are authenticated with evm_auth using the same auth descriptor, the counter must increase by one on every subsequent operation;

  • the rid of the blockchain.

The message must be signed following a standard EIP-191 implementation by all signers defined in the auth descriptor used to authenticate, and the signatures must be passed to the signatures parameter in the same order as they can be found in the auth descriptor's signer field (inside args). If any signer did not need to sign (e.g. the auth descriptor is a multi-sig, and only some signatures are required), that signature must be left null.

The transaction will then contain

  • evm_auth

  • the operation that is being authorized

with nothing else inbetween them. Other operations may be added before and after these two.

Throws if the next operation is blacklisted or this is the last operation in the transaction

Link copied to clipboard
@mount("ft4.evm_signatures") operation evm_signatures(signers: list<byte_array>, signatures: list<signature?>)

When it is required that an EVM signer signs an operation, but the signer is not part of an account auth descriptor yet, this operation must be used.

The operation must contain:

  • evm_signers

  • if required, an auth operation or a strategy operation

  • the operation that is being authorized

with nothing else inbetween them. Other operations may be added before and after these two.

Throws if:

  • the operation that is being authorized is not whitelisted,

  • there's no operation after this one, or

  • there is only one operation after this one, and it's an auth or strategy operation

Link copied to clipboard
@mount("ft4.ft_auth") operation ft_auth(account_id: byte_array, auth_descriptor_id: byte_array)

For an operation to be authorized by an FT signer, this operation must be called beforehand.

The transaction must then contain

  • ft_auth

  • the operation that is being authorized

with nothing else inbetween them. Other operations may be added before and after these two. The whole transaction must be signed by all the signers that are required by the auth descriptor.

Throws if the next operation is blacklisted or this is the last operation in the transaction