LIT-Protocol · Ansonhkg · Sep 23, 2025 · Aug 20, 2025 · Aug 21, 2025 · Aug 21, 2025
@@ -20,7 +20,7 @@
     "@elysiajs/cors": "^1.2.0",
     "@elysiajs/static": "^1.3.0",
     "@elysiajs/swagger": "^1.2.0",
-    "@lit-protocol/contracts": "^0.4.0",
+    "@lit-protocol/contracts": "^0.5.0",
     "@simplewebauthn/server": "6.2.1",
     "@simplewebauthn/typescript-types": "^8.3.4",
     "@t3-oss/env-core": "^0.12.0",

@@ -28,7 +28,7 @@ export type AuthServiceMintRequestTransformed = z.infer<
 export const tAuthServiceMintRequestSchema = t.Object({
   authMethodType: t.String(),
   authMethodId: t.String(),
-  pubkey: t.Optional(t.String({ default: '0x' })),
+  pubkey: t.Optional(t.String()),
   scopes: t.Optional(
     t.Array(
       t.Union([

@@ -14,7 +14,18 @@ export async function handlePkpMintTask(jobData: {
     pubkey: Hex;
     scopes?: ('sign-anything' | 'personal-sign' | 'no-permissions')[];
   };
+  reqId?: string;
 }): Promise<any> {
+  if (
+    // AUTH_METHOD_TYPE.WebAuthn = 3 (without importing the constants package)
+    Number(jobData.requestBody.authMethodType) === 3 &&
+    (!jobData.requestBody.pubkey || jobData.requestBody.pubkey === '0x')
+  ) {
+    throw new Error(
+      `[PKP Mint][HANDLER] WebAuthn requires a non-empty COSE pubkey; got '${jobData.requestBody.pubkey}'. reqId=${jobData.reqId}`
+    );
+  }
+
   const userAuthData: Optional<AuthData, 'accessToken'> = {
     authMethodId: jobData.requestBody.authMethodId,
     authMethodType: Number(jobData.requestBody.authMethodType),

@@ -149,6 +149,7 @@ export class WebAuthnAuthenticator {
   public static async registerAndMintPKP(params: {
     username?: string;
     authServiceBaseUrl: string;
+    scopes?: ('sign-anything' | 'personal-sign' | 'no-permissions')[];
   }): Promise<{
     pkpInfo: PKPData;
 
@@ -183,6 +184,7 @@ export class WebAuthnAuthenticator {
       authMethodType: AUTH_METHOD_TYPE.WebAuthn,
       authMethodId: authMethodId,
       pubkey: authMethodPubkey,
+      scopes: params.scopes,
     };
 
     // Immediate mint a new PKP to associate with the auth method

@@ -350,7 +350,8 @@ export const _createNagaLitClient = async (
     return await networkModule.api.signCustomSessionKey.handleResponse(
       result as any,
       params.requestBody.pkpPublicKey,
-      jitContext
+      jitContext,
+      requestId
     );
   }
 

@@ -18,7 +18,7 @@
     "directory": "../../dist/packages/networks"
   },
   "dependencies": {
-    "@lit-protocol/contracts": "^0.4.0",
+    "@lit-protocol/contracts": "^0.5.0",
     "@lit-protocol/nacl": "7.1.1",
     "@noble/curves": "^1.8.1",
     "@wagmi/core": "^2.17.1",

@@ -898,7 +898,8 @@ export function createBaseModule<T, M>(config: BaseModuleConfig<T, M>) {
         handleResponse: async (
           result: z.infer<typeof GenericEncryptedPayloadSchema>,
           pkpPublicKey: Hex | string,
-          jitContext: NagaJitContext
+          jitContext: NagaJitContext,
+          requestId?: string
         ) => {
           if (!result.success) {
             E2EERequestManager.handleEncryptedError(

@@ -17,8 +17,10 @@ export const MintPKPSchema = z
 
     // Determine pubkey based on the (potentially derived) authMethodType
     if (data.authMethodType === AUTH_METHOD_TYPE.WebAuthn) {
-      if (!data.pubkey) {
-        throw new Error('pubkey is required for WebAuthn');
+      if (!data.pubkey || data.pubkey === '0x') {
+        throw new Error(
+          `pubkey is required for WebAuthn and cannot be 0x. Received pubkey: "${data.pubkey}" and authMethodType: ${data.authMethodType}`
+        );
       }
       derivedPubkey = data.pubkey as Hex;
     } else {

@@ -45,6 +45,7 @@ export const mintPKP = async (
   const tx = await mintNextAndAddAuthMethods(
     {
       keyType: 2,
+      keySetId: 'naga-keyset1',
       permittedAuthMethodTypes: [validatedRequest.authMethodType],
       permittedAuthMethodIds: [validatedRequest.authMethodId],
       permittedAuthMethodPubkeys: [validatedRequest.pubkey],

@@ -115,6 +115,7 @@ export const mintWithMultiAuths = async (
   const tx = await mintNextAndAddAuthMethods(
     {
       keyType: 2,
+      keySetId: 'naga-keyset1',
       permittedAuthMethodTypes: validatedRequest.authMethodTypes,
       permittedAuthMethodIds: validatedRequest.authMethodIds,
       permittedAuthMethodPubkeys: validatedRequest.pubkeys,

@@ -22,7 +22,7 @@ export async function mintNext(
   const hash = await callWithAdjustedOverrides(
     pkpNftContract,
     'mintNext',
-    [2],
+    [2,'naga-keyset1'],
     {
       value: mintCost,
     }

@@ -69,6 +69,7 @@ export async function mintNextAndAddAuthMethods(
     'mintNextAndAddAuthMethods',
     [
       validatedRequest.keyType,
+      validatedRequest.keySetId,
       validatedRequest.permittedAuthMethodTypes,
       validatedRequest.permittedAuthMethodIds,
       validatedRequest.permittedAuthMethodPubkeys,

@@ -10,6 +10,7 @@ import {
 
 export const MintRequestSchema = z.object({
   keyType: toBigInt,
+  keySetId: z.literal('naga-keyset1'),
   permittedAuthMethodTypes: toBigIntArray,
   permittedAuthMethodIds: toHexStringArray,
   permittedAuthMethodPubkeys: toHexStringArray,