LIT-Protocol
diff --git a/‎packages/auth/src/lib/AuthManager/auth-manager.ts‎
Lines changed: 2 additions & 0 deletions b/‎packages/auth/src/lib/AuthManager/auth-manager.ts‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎packages/auth/src/lib/AuthManager/authAdapters/generateEoaDelegationAuthSig.ts‎
Lines changed: 4 additions & 4 deletions b/‎packages/auth/src/lib/AuthManager/authAdapters/generateEoaDelegationAuthSig.ts‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎packages/auth/src/lib/AuthManager/authAdapters/generatePkpDelegationAuthSig.ts‎
Lines changed: 4 additions & 4 deletions b/‎packages/auth/src/lib/AuthManager/authAdapters/generatePkpDelegationAuthSig.ts‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎packages/auth/src/lib/AuthManager/authAdapters/getPkpAuthContextAdapter.ts‎
Lines changed: 9 additions & 60 deletions b/‎packages/auth/src/lib/AuthManager/authAdapters/getPkpAuthContextAdapter.ts‎
Lines changed: 9 additions & 60 deletions
diff --git a/‎packages/auth/src/lib/AuthManager/authAdapters/getPkpAuthContextFromPreGeneratedAdapter.ts‎
Lines changed: 8 additions & 55 deletions b/‎packages/auth/src/lib/AuthManager/authAdapters/getPkpAuthContextFromPreGeneratedAdapter.ts‎
Lines changed: 8 additions & 55 deletions
@@ -79,6 +79,8 @@ export const createAuthManager = (authManagerParams: AuthManagerParams) => {
       cache?: {
         delegationAuthSig?: boolean;
       };
+      sessionKeyPair?: SessionKeyPair;
+      delegationAuthSig?: AuthSig;
     }) => {
       return getPkpAuthContextAdapter(authManagerParams, params);
     },
 
@@ -40,11 +40,11 @@ export async function generateEoaDelegationAuthSig(
   }
 ): Promise<AuthSig> {
   _logger.info(
-    'generateEoaDelegationAuthSig: Starting EOA delegation signature generation',
     {
       hasAccount: !!params.account,
       hasSessionKeyPair: !!params.sessionKeyPair,
-    }
+    },
+    'generateEoaDelegationAuthSig: Starting EOA delegation signature generation'
   );
 
   const _resources = processResources(params.authConfig.resources);
@@ -99,10 +99,10 @@ export async function generateEoaDelegationAuthSig(
   const delegationAuthSig = await authContext.authNeededCallback();
 
   _logger.info(
-    'generateEoaDelegationAuthSig: EOA delegation signature generated successfully',
     {
       hasSignature: !!delegationAuthSig,
-    }
+    },
+    'generateEoaDelegationAuthSig: EOA delegation signature generated successfully'
   );
 
   return delegationAuthSig as AuthSig;
 
@@ -41,11 +41,11 @@ export async function generatePkpDelegationAuthSig(
   }
 ): Promise<AuthSig> {
   _logger.info(
-    'generatePkpDelegationAuthSig: Starting PKP delegation signature generation',
     {
       pkpPublicKey: params.pkpPublicKey,
       hasSessionKeyPair: !!params.sessionKeyPair,
-    }
+    },
+    'generatePkpDelegationAuthSig: Starting PKP delegation signature generation'
   );
 
   const _resources = processResources(params.authConfig.resources);
@@ -112,11 +112,11 @@ export async function generatePkpDelegationAuthSig(
   const delegationAuthSig = await authContext.authNeededCallback();
 
   _logger.info(
-    'generatePkpDelegationAuthSig: PKP delegation signature generated successfully',
     {
       pkpAddress,
       hasSignature: !!delegationAuthSig,
-    }
+    },
+    'generatePkpDelegationAuthSig: PKP delegation signature generated successfully'
   );
 
   return delegationAuthSig;
 
@@ -6,17 +6,14 @@ import {
   NodeUrlsSchema,
   SessionKeyUriSchema,
 } from '@lit-protocol/schemas';
-import {
-  AuthSig,
-  LitResourceAbilityRequest,
-  SessionKeyPair,
-} from '@lit-protocol/types';
+import { AuthSig, SessionKeyPair } from '@lit-protocol/types';
 import { ethers } from 'ethers';
 import { z } from 'zod';
 import { AuthConfigV2 } from '../../authenticators/types';
 import { AuthManagerParams } from '../auth-manager';
 import { getPkpAuthContext } from '../authContexts/getPkpAuthContext';
 import { processResources } from '../utils/processResources';
+import { validateDelegationAuthSig } from '../utils/validateDelegationAuthSig';
 import { tryGetCachedAuthData } from '../try-getters/tryGetCachedAuthData';
 
 const _logger = getChildLogger({
@@ -30,54 +27,6 @@ export const PkpAuthDepsSchema = z.object({
   nodeUrls: NodeUrlsSchema,
 });
 
-/**
- * Validates that the provided delegation auth sig hasn't expired and contains required resources
- */
-function validateDelegationAuthSig(
-  delegationAuthSig: AuthSig,
-  requiredResources: LitResourceAbilityRequest[],
-  sessionKeyUri: string
-): void {
-  try {
-    // Parse the signed message to extract expiration and validate session key match
-    const siweMessage = delegationAuthSig.signedMessage;
-
-    // Check expiration
-    const expirationMatch = siweMessage.match(/^Expiration Time: (.*)$/m);
-    if (expirationMatch && expirationMatch[1]) {
-      const expiration = new Date(expirationMatch[1].trim());
-      if (expiration.getTime() <= Date.now()) {
-        throw new Error(
-          `Delegation signature has expired at ${expiration.toISOString()}`
-        );
-      }
-    }
-
-    // Validate session key URI matches
-    if (!siweMessage.includes(sessionKeyUri)) {
-      throw new Error(
-        'Session key URI in delegation signature does not match provided session key pair'
-      );
-    }
-
-    // TODO: Add resource validation - check if delegationAuthSig has required resources
-    // This would involve parsing the RECAP URN and checking against requiredResources
-    _logger.debug(
-      'validateDelegationAuthSig: Delegation signature validated successfully',
-      {
-        sessionKeyUri,
-        hasResources: requiredResources.length > 0,
-      }
-    );
-  } catch (error) {
-    throw new Error(
-      `Invalid delegation signature: ${
-        error instanceof Error ? error.message : 'Unknown error'
-      }`
-    );
-  }
-}
-
 export async function getPkpAuthContextAdapter(
   upstreamParams: AuthManagerParams,
   params: {
@@ -110,11 +59,11 @@ export async function getPkpAuthContextAdapter(
   // If pre-generated auth materials are provided, validate and use them
   if (params.sessionKeyPair && params.delegationAuthSig) {
     _logger.info(
-      'getPkpAuthContextAdapter: Using pre-generated session materials',
       {
         hasSessionKeyPair: true,
         hasDelegationAuthSig: true,
-      }
+      },
+      'getPkpAuthContextAdapter: Using pre-generated session materials'
     );
 
     // Generate sessionKeyUri from the public key
@@ -123,11 +72,11 @@ export async function getPkpAuthContextAdapter(
     );
 
     // Validate the delegation signature
-    validateDelegationAuthSig(
-      params.delegationAuthSig,
-      _resources,
-      sessionKeyUri
-    );
+    validateDelegationAuthSig({
+      delegationAuthSig: params.delegationAuthSig,
+      requiredResources: _resources,
+      sessionKeyUri,
+    });
 
     // Return auth context using provided materials
     return {
 
@@ -9,6 +9,7 @@ import { z } from 'zod';
 import { AuthData } from '@lit-protocol/schemas';
 import { AuthManagerParams } from '../auth-manager';
 import { processResources } from '../utils/processResources';
+import { validateDelegationAuthSig } from '../utils/validateDelegationAuthSig';
 
 const _logger = getChildLogger({
   module: 'getPkpAuthContextFromPreGeneratedAdapter',
@@ -46,54 +47,6 @@ function extractAuthConfigFromDelegationAuthSig(delegationAuthSig: AuthSig): {
   return { domain, statement, expiration, resources };
 }
 
-/**
- * Validates that the provided delegation auth sig hasn't expired and contains required resources
- */
-function validateDelegationAuthSig(
-  delegationAuthSig: AuthSig,
-  requiredResources: LitResourceAbilityRequest[],
-  sessionKeyUri: string
-): void {
-  try {
-    // Parse the signed message to extract expiration and validate session key match
-    const siweMessage = delegationAuthSig.signedMessage;
-
-    // Check expiration
-    const expirationMatch = siweMessage.match(/^Expiration Time: (.*)$/m);
-    if (expirationMatch && expirationMatch[1]) {
-      const expiration = new Date(expirationMatch[1].trim());
-      if (expiration.getTime() <= Date.now()) {
-        throw new Error(
-          `Delegation signature has expired at ${expiration.toISOString()}`
-        );
-      }
-    }
-
-    // Validate session key URI matches
-    if (!siweMessage.includes(sessionKeyUri)) {
-      throw new Error(
-        'Session key URI in delegation signature does not match provided session key pair'
-      );
-    }
-
-    // TODO: Add resource validation - check if delegationAuthSig has required resources
-    // This would involve parsing the RECAP URN and checking against requiredResources
-    _logger.debug(
-      'validateDelegationAuthSig: Delegation signature validated successfully',
-      {
-        sessionKeyUri,
-        hasResources: requiredResources.length > 0,
-      }
-    );
-  } catch (error) {
-    throw new Error(
-      `Invalid delegation signature: ${
-        error instanceof Error ? error.message : 'Unknown error'
-      }`
-    );
-  }
-}
-
 /**
  * Creates a PKP auth context from pre-generated session materials.
  * This is a streamlined API for server-side scenarios where session materials
@@ -109,13 +62,13 @@ export async function getPkpAuthContextFromPreGeneratedAdapter(
   }
 ) {
   _logger.info(
-    'getPkpAuthContextFromPreGeneratedAdapter: Creating PKP auth context from pre-generated materials',
     {
       pkpPublicKey: params.pkpPublicKey,
       hasSessionKeyPair: !!params.sessionKeyPair,
       hasDelegationAuthSig: !!params.delegationAuthSig,
       hasAuthData: !!params.authData,
-    }
+    },
+    'getPkpAuthContextFromPreGeneratedAdapter: Creating PKP auth context from pre-generated materials'
   );
 
   // Extract auth config from delegation signature
@@ -141,11 +94,11 @@ export async function getPkpAuthContextFromPreGeneratedAdapter(
   );
 
   // Validate the delegation signature
-  validateDelegationAuthSig(
-    params.delegationAuthSig,
-    authConfig.resources,
-    sessionKeyUri
-  );
+  validateDelegationAuthSig({
+    delegationAuthSig: params.delegationAuthSig,
+    requiredResources: authConfig.resources,
+    sessionKeyUri,
+  });
 
   // Return auth context using pre-generated materials
   return {