The authorization context is an SDK abstraction that allows you to easily sign requests to the Privy
API with authorization keys, users, and key quorums.
Building the AuthorizationContext
When making a request to the Privy API that requires an authorization signature, you can build your
authorization context, depending on if the signer of the request is an authorization key, a user, or
a key quorum, per the instructions below
Authorization key
If the signer of the request is an authorization key, get the private key(s) that you saved locally
when creating your signer in the Privy API or Dashboard.
See the guide on authorization keys for more details.
The raw private key(s) can then be added to the authorization context, to sign requests to the Privy
API.
AuthorizationContext authorizationContext = AuthorizationContext.builder()
.addAuthorizationPrivateKey("authorization-key")
.build();
User
If the signer of the request is a user, you can add the user’s JWT to the authorization context.
See the guide on user owners and signers
for more details.
AuthorizationContext authorizationContext = AuthorizationContext.builder()
.addUserJwt("user-jwt")
.build();
Computing signatures directly
This is an advanced use case. Whenever possible, you should opt to use one of the mechanisms above.
Sign functions
You can pass in a sign function to the SDK’s authorization context, which will be called with the
payload to sign when the request is made.
The sign functions should perform an ECDSA P-256 signature on the payload received, and return the
base64-encoded signature.
// This feature is not yet supported in the Java SDK.
The binary payload received by the sign function is already formatted and ready to be signed.
There is no need to canonicalize or serialize the payload before signing when using this method.
Adding a signature manually
If instead you want to encode and sign the request payload manually, you can do so by using the utilities provided by the SDK.
1. Get the encoded request payload to sign over
Use the formatRequestForAuthorizationSignature utility to get the encoded request payload to sign over.// Build the request, in this case an ethereum personal_sign request
EthereumPersonalSignRpcInputParams params = EthereumPersonalSignRpcInputParams.builder()
.message(message)
.encoding(Encoding.of(EncodingUtf8.UTF8))
.build();
EthereumPersonalSignRpcInput request = EthereumPersonalSignRpcInput.builder()
.method(EthereumPersonalSignRpcInputMethod.PERSONAL_SIGN)
.params(params)
.build();
byte[] encodedRequestPayload = privyClient
.utils()
.requestFormatter()
.formatRequestForAuthorizationSignature(
new WalletApiRequestSignatureInput(
1,
request,
HttpMethod.POST,
"https://api.privy.io/wallets/wallet-id/rpc",
null
)
);
2. Produce the signature
The logic for producing the signature is fully dependent on the details of your implementation.
Simply make sure to sign over the byte array returned in the previous step.
3. Add the signature to the authorization context
AuthorizationContext authorizationContext = AuthorizationContext.builder()
.addSignature("signature-you-produced")
.build();
Key quorums
You may combine the different signing mechanisms in the authorization context to produce a fully
customizable key quorum.
For instance, you may want to keep a wallet under control of both a user and an authorization key,
requiring both signatures to authorize an action. This would be a 2-of-2 key quorum, and can be
built by combining both the “user jwt” and “authorization private key” properties, as shown below.
// Example: A 2-of-2 key quorum, of a user and an authorization private key
AuthorizationContext authorizationContext = AuthorizationContext.builder()
.addUserJwt("user-jwt")
.addAuthorizationPrivateKey("authorization-key")
.build();
