The authorization context is an SDK abstraction that allows you to easily sign requests to the Privy API with authorization keys, users, and key quorums.

Building the AuthorizationContext

When making a request to the Privy API that requires an authorization signature, you can build your authorization context, depending on if the signer of the request is an authorization key, a user, or a key quorum, per the instructions below

Authorization key

If the signer of the request is an authorization key, get the private key(s) that you saved locally when creating your signer in the Privy API or Dashboard. See the guide on authorization keys for more details. The raw private key(s) can then be added to the authorization context, to sign requests to the Privy API.
AuthorizationContext authorizationContext = AuthorizationContext.builder()
    .addAuthorizationPrivateKey("authorization-key")
    .build();

User

If the signer of the request is a user, you can add the user’s JWT to the authorization context. See the guide on user owners and signers for more details.
AuthorizationContext authorizationContext = AuthorizationContext.builder()
    .addUserJwt("user-jwt")
    .build();

Computing signatures directly

This is an advanced use case. Whenever possible, you should opt to use one of the mechanisms above.
If you need to create authorization signatures while keeping the signing key outside of the SDK (e.g. in a separate KMS), you can pass in a sign function to the SDK’s authorization context, or even pass in the signature to use directly.

Sign functions

You can pass in a sign function to the SDK’s authorization context, which will be called with the payload to sign when the request is made. The sign functions should perform an ECDSA P-256 signature on the payload received, and return the base64-encoded signature.
// This feature is not yet supported in the Java SDK.
The binary payload received by the sign function is already formatted and ready to be signed. There is no need to canonicalize or serialize the payload before signing when using this method.

Adding a signature manually

If instead you want to encode and sign the request payload manually, you can do so by using the utilities provided by the SDK.
1

1. Get the encoded request payload to sign over

Use the formatRequestForAuthorizationSignature utility to get the encoded request payload to sign over.
// Build the request, in this case an ethereum personal_sign request
EthereumPersonalSignRpcInputParams params = EthereumPersonalSignRpcInputParams.builder()
    .message(message)
    .encoding(Encoding.of(EncodingUtf8.UTF8))
    .build();

EthereumPersonalSignRpcInput request = EthereumPersonalSignRpcInput.builder()
    .method(EthereumPersonalSignRpcInputMethod.PERSONAL_SIGN)
    .params(params)
    .build();

byte[] encodedRequestPayload = privyClient
    .utils()
    .requestFormatter()
    .formatRequestForAuthorizationSignature(
        new WalletApiRequestSignatureInput(
            1,
            request,
            HttpMethod.POST,
            "https://api.privy.io/wallets/wallet-id/rpc",
            null
        )
    );
2

2. Produce the signature

The logic for producing the signature is fully dependent on the details of your implementation. Simply make sure to sign over the byte array returned in the previous step.
3

3. Add the signature to the authorization context

AuthorizationContext authorizationContext = AuthorizationContext.builder()
    .addSignature("signature-you-produced")
    .build();

Key quorums

You may combine the different signing mechanisms in the authorization context to produce a fully customizable key quorum. For instance, you may want to keep a wallet under control of both a user and an authorization key, requiring both signatures to authorize an action. This would be a 2-of-2 key quorum, and can be built by combining both the “user jwt” and “authorization private key” properties, as shown below.
// Example: A 2-of-2 key quorum, of a user and an authorization private key
AuthorizationContext authorizationContext = AuthorizationContext.builder()
    .addUserJwt("user-jwt")
    .addAuthorizationPrivateKey("authorization-key")
    .build();
See our guide on key quorums for more details.