Session keys are a big feature that are still experimental. In this PR I have a new SessionKeyAgentBase which can be used by an application like a zkApp to derive a new random private key credential for a session and also an experimental web-provider listener that can receive a experimental_requestSession request with data that includes the request of signing a merkle root of the session's parameters:
Because the user cannot sign the object itself the application can ask the wallet to sign the merkle root of the session data tree one time, enabling the the application to use an instance of SessionKeyAgentBase to sign operations like this but only pseudocode:
Describe changes
Session keys are a big feature that are still experimental. In this PR I have a new
SessionKeyAgentBase
which can be used by an application like a zkApp to derive a new random private key credential for a session and also an experimental web-provider listener that can receive aexperimental_requestSession
request with data that includes the request of signing a merkle root of the session's parameters:Because the user cannot sign the object itself the application can ask the wallet to sign the merkle root of the session data tree one time, enabling the the application to use an instance of
SessionKeyAgentBase
to sign operations like this but only pseudocode:I think it would be best for smart contract engineers to include the complexity of constraining the session key's spending in their methods.