feat(docs): add delegation auth signature functions and examples

Author: Ansonhkg

docs/docs.json

@@ -109,7 +109,11 @@
               {
                 "group": "@lit-protocol/auth",
                 "pages": [
-                  "sdk/sdk-reference/auth/functions/createAuthManager"
+                  "sdk/sdk-reference/auth/functions/createAuthManager",
+                  "sdk/sdk-reference/auth/functions/generatePkpDelegationAuthSig",
+                  "sdk/sdk-reference/auth/functions/generateEoaDelegationAuthSig",
+                  "sdk/sdk-reference/auth/functions/validateDelegationAuthSig",
+                  "sdk/sdk-reference/auth/functions/getPkpAuthContextFromPreGeneratedAdapter"
                 ]
               },
               {

docs/sdk/sdk-reference/auth/functions/generateEoaDelegationAuthSig.mdx

@@ -0,0 +1,49 @@
+---
+title: generateEoaDelegationAuthSig
+---
+
+# Function
+
+> **generateEoaDelegationAuthSig**(`params`)
+
+Creates a delegation signature for an EOA-based session. The EOA wallet signs the session delegation message directly, enabling pre-generated session materials for server-side reuse.
+
+## Parameters
+
+<ParamField path="params.account" type="Account | WalletClient | Signer" required>
+  EOA used to sign the delegation message.
+</ParamField>
+
+<ParamField path="params.sessionKeyPair" type="SessionKeyPair" required>
+  Session keypair generated with `generateSessionKeyPair`.
+</ParamField>
+
+<ParamField path="params.authConfig" type="AuthConfigV2" required>
+  Resources and expiration scoped to the delegated session.
+</ParamField>
+
+## Returns
+
+<ResponseField name="delegationAuthSig" type="AuthSig">
+  Delegation signature that can be paired with the session keypair.
+</ResponseField>
+
+## Example
+
+```ts
+import {
+  generateEoaDelegationAuthSig,
+  generateSessionKeyPair,
+} from '@lit-protocol/auth';
+
+const sessionKeyPair = generateSessionKeyPair();
+
+const delegationAuthSig = await generateEoaDelegationAuthSig({
+  account: myViemAccount,
+  sessionKeyPair,
+  authConfig: {
+    resources: [ ['lit-action-execution', '*'] ],
+    expiration: new Date(Date.now() + 10 * 60 * 1000).toISOString(),
+  },
+});
+```

docs/sdk/sdk-reference/auth/functions/generatePkpDelegationAuthSig.mdx

@@ -0,0 +1,56 @@
+---
+title: generatePkpDelegationAuthSig
+---
+
+# Function
+
+> **generatePkpDelegationAuthSig**(`params`)
+
+Creates a delegation signature that authorises a session key to act on behalf of a PKP. Use this in server or pre-generation flows where you want to prepare session materials ahead of time.
+
+## Parameters
+
+<ParamField path="params.pkpPublicKey" type="string" required>
+  Hex-encoded PKP public key.
+</ParamField>
+
+<ParamField path="params.authData" type="AuthData" required>
+  Authentication data for the PKP owner (e.g., from `ViemAccountAuthenticator.authenticate`).
+</ParamField>
+
+<ParamField path="params.sessionKeyPair" type="SessionKeyPair" required>
+  Session keypair generated with `generateSessionKeyPair`.
+</ParamField>
+
+<ParamField path="params.authConfig" type="AuthConfigV2" required>
+  Configures resources and expiration scoped to the delegation.
+</ParamField>
+
+<ParamField path="params.litClient" type="LitClient" required>
+  Lit client used to reach the network and request the delegation signature.
+</ParamField>
+
+## Returns
+
+<ResponseField name="delegationAuthSig" type="AuthSig">
+  Signed delegation that can be shipped alongside the session keypair.
+</ResponseField>
+
+## Example
+
+```ts
+import { generatePkpDelegationAuthSig, generateSessionKeyPair } from '@lit-protocol/auth';
+
+const sessionKeyPair = generateSessionKeyPair();
+
+const delegationAuthSig = await generatePkpDelegationAuthSig({
+  pkpPublicKey,
+  authData,
+  sessionKeyPair,
+  authConfig: {
+    resources: [ ['pkp-signing', '*'], ['lit-action-execution', '*'] ],
+    expiration: new Date(Date.now() + 15 * 60 * 1000).toISOString(),
+  },
+  litClient,
+});
+```

docs/sdk/sdk-reference/auth/functions/getPkpAuthContextFromPreGeneratedAdapter.mdx

@@ -0,0 +1,36 @@
+---
+title: getPkpAuthContextFromPreGeneratedAdapter
+---
+
+# Function
+
+> **getPkpAuthContextFromPreGeneratedAdapter**(`params`)
+
+Creates a PKP auth context from pre-generated session materials. This streamlined adapter is ideal for server flows where you ship `{ sessionKeyPair, delegationAuthSig }` and want to hydrate an auth context without re-specifying the auth config.
+
+## Parameters
+
+<ParamField path="params.pkpPublicKey" type="string" required />
+<ParamField path="params.sessionKeyPair" type="SessionKeyPair" required />
+<ParamField path="params.delegationAuthSig" type="AuthSig" required />
+<ParamField path="params.authData" type="AuthData">
+  Optional if embedded in the delegation. Provide when you need to override or enrich the auth context.
+</ParamField>
+
+## Returns
+
+<ResponseField name="authContext" type="AuthContext">
+  PKP auth context ready to use with `litClient` helpers or to derive session signatures.
+</ResponseField>
+
+## Example
+
+```ts
+import { getPkpAuthContextFromPreGeneratedAdapter } from '@lit-protocol/auth';
+
+const authContext = await getPkpAuthContextFromPreGeneratedAdapter({
+  pkpPublicKey,
+  sessionKeyPair,
+  delegationAuthSig,
+});
+```

docs/sdk/sdk-reference/auth/functions/validateDelegationAuthSig.mdx

@@ -0,0 +1,33 @@
+---
+title: validateDelegationAuthSig
+---
+
+# Function
+
+> **validateDelegationAuthSig**(`params`)
+
+Ensures a delegation signature is valid for the supplied session key. Run this on the server before trusting materials received over the wire.
+
+## Parameters
+
+<ParamField path="params.delegationAuthSig" type="AuthSig" required />
+<ParamField path="params.sessionKeyUri" type="string" required>
+  The public component (`sessionKeyPair.publicKey`).
+</ParamField>
+
+## Returns
+
+<ResponseField name="void" type="void">
+  Throws if validation fails.
+</ResponseField>
+
+## Example
+
+```ts
+import { validateDelegationAuthSig } from '@lit-protocol/auth';
+
+validateDelegationAuthSig({
+  delegationAuthSig,
+  sessionKeyUri: sessionKeyPair.publicKey,
+});
+```