fix(auth): allow overriding siwe message fields

.changeset/cuddly-rats-yawn.md

@@ -0,0 +1,5 @@
+---
+'@lit-protocol/auth': patch
+---
+
+Allows `WalletClientAuthenticator.authenticate` to build SIWE messages with user-specified fields (`domain`, `uri`, `statement`, etc.) while still managing the nonce internally.

docs/sdk/auth/pkp-native-auth/pkp-eoa-auth.mdx

@@ -41,11 +41,21 @@ description: "Externally Owned Account (EOA) authentication uses your existing E
 Use the WalletClientAuthenticator/ViemAccountAuthenticator to authenticate your connected wallet and generate auth data.
 
   <CodeGroup>
-    ```ts wagmi
+```ts wagmi
 import { WalletClientAuthenticator } from '@lit-protocol/auth';
 
 const authData = await WalletClientAuthenticator.authenticate(walletClient);
-    ```
+
+// Override SIWE fields (e.g., when running on production domains)
+const authDataForProd = await WalletClientAuthenticator.authenticate(
+  walletClient,
+  undefined,
+  {
+    domain: 'example.com',
+    uri: 'https://example.com/login',
+  }
+);
+```
 
     ```ts viem/accounts
 import { ViemAccountAuthenticator } from '@lit-protocol/auth';
@@ -111,4 +121,4 @@ const authContext = await authManager.createPkpAuthContext({
 });
 ```
   </Step>
-</Steps>
+</Steps>

packages/auth/src/lib/authenticators/WalletClientAuthenticator.ts

@@ -9,7 +9,11 @@ import {
 } from '@lit-protocol/constants';
 import { getChildLogger } from '@lit-protocol/logger';
 import { AuthData } from '@lit-protocol/schemas';
-import { AuthMethod, AuthSig } from '@lit-protocol/types';
+import {
+  AuthMethod,
+  AuthSig,
+  BaseSiweMessage,
+} from '@lit-protocol/types';
 import { GetWalletClientReturnType } from '@wagmi/core';
 import { getAddress, Hex, keccak256, stringToBytes, WalletClient } from 'viem';
 import { fetchBlockchainData } from './helper/fetchBlockchainData';
@@ -18,6 +22,10 @@ const _logger = getChildLogger({
   module: 'WalletClientAuthenticator',
 });
 
+export type WalletClientAuthenticateOverrides = Partial<
+  Omit<BaseSiweMessage, 'walletAddress' | 'nonce'>
+>;
+
 export class WalletClientAuthenticator {
   public readonly type = 'walletClient';
 
@@ -42,16 +50,30 @@ export class WalletClientAuthenticator {
     });
   }
 
+  /**
+   * Generate an AuthSig for the connected wallet. Provide a full message to sign via `messageToSign`,
+   * or let the helper build one while overriding specific SIWE fields with `siweMessageOverrides`.
+   */
   static async authenticate(
     account: GetWalletClientReturnType | WalletClient,
-    messageToSign?: string
+    messageToSign?: string,
+    siweMessageOverrides?: WalletClientAuthenticateOverrides
   ): Promise<AuthData> {
     let _toSign = messageToSign;
 
     if (!_toSign) {
-      _toSign = await createSiweMessage({
+      const restOverrides = siweMessageOverrides ?? {};
+
+      const nonce = await fetchBlockchainData();
+
+      const siweParams: BaseSiweMessage = {
         walletAddress: account.account!.address,
-        nonce: await fetchBlockchainData(),
+        nonce,
+        ...restOverrides,
+      };
+
+      _toSign = await createSiweMessage({
+        ...siweParams,
       });
     }