Argent
  • Build with Argent
  • Argent Wallets
    • Argent X
      • Adding Custom RPCs
      • Network Switcher for Dapps
      • Verify signature of undeployed account
      • WalletAccount
    • Argent Mobile
      • Argent Mobile for your web app
      • Argent Mobile for your react native app
    • Web Wallet
      • Set up guide
      • Web Wallet UX
      • API reference
      • Key Management
    • Argent Multisig
      • How multisig works
      • Create a multisig
        • With Argent signer
        • With Ledger signer
      • Join a multisig
        • With Argent signer
        • With Ledger signer
      • Replace a multisig signer
      • Airgap
    • Telegram wallet (DEPRECATED)
  • TOOLS
    • 🎨STARKNETKIT
    • ✨Invisible SDK
      • Implementation
      • Other useful endpoints
      • Types and interfaces
      • Gas abstraction
  • Example Dapps
    • StarknetKit + Session keys Demo dapp
  • AA Use Cases
    • Session Keys
      • Implement session keys
      • Session keys with outside execution
      • Demo App
      • FAQ
      • Types
    • Paymasters
    • Verifying signatures and cosigners
      • Identifying a smart account onchain
    • Multicalls
    • Outside Execution
    • Deploy accounts on behalf of users
  • Optimize your Dapp
    • Dappland
    • Known dapps
    • Transaction reviews
    • Brand your token
  • Other Products
    • Argent Card
    • Spoks
    • Perkz
    • Argent Vault on Ethereum L1
  • SUPPORT & RESSOURCES
    • Contracts and audits
    • Get in touch
Powered by GitBook
On this page

Was this helpful?

  1. AA Use Cases
  2. Session Keys

Implement session keys

It is strongly advised to only implement session keys in a project using starknetkit.

1. Installation

npm install @argent/x-sessions

2. Import packages

import {
  SignSessionError,
  CreateSessionParams,
  createSession,
  buildSessionAccount,
  bytesToHexString
} from "@argent/x-sessions"
import { ec } from "starknet"

3. Session Configuration

The dapp will need to create a sessionKey . This is simply a private/public key pair.

const privateKey = ec.starkCurve.utils.randomPrivateKey();
const sessionKey: SessionKey = {
  privateKey, //string
  publicKey: ec.starkCurve.getStarkKey(privateKey), //string
};

Define your session parameters:

const sessionParams: CreateSessionParams = {
  allowedMethods: [{
    "Contract Address": "0x00000...000",
    selector: "do_something"
  }],
  expiry: Math.floor((Date.now() + 1000 * 60 * 60 * 24) / 1000) as any, // 1 day
  sessionKey: sessionKey,
  metaData: {
    projectID: "your-dapp",
    txFees: [{
      tokenAddress: ETHTokenAddress,
      maxAmount: parseUnits("0.1", 18).value.toString()
    }]
  }
}

The allowedMethods params represents which contracts calls the user will authorize the dapp to send on his behalf.

Expiry is a security measure. After the expiry date, the session becomes invalid.

3. Creating a Session

// Compute the typed data to be signed
const sessionRequest = createSessionRequest({
  sessionParams,
  chainId
})

// wallet is a StarknetWindowObject. There are others ways to sign typed data.
// You could use the starknet-react hook useSignTypedData
const authorisationSignature = await wallet.request({
  type: "wallet_signTypedData",
  params: sessionRequest.sessionTypedData
})

// Build session request
const session = await createSession({
  sessionRequest, // SessionRequest
  address, // Account address
  chainId, // StarknetChainId
  authorisationSignature // Signature
})

// Create session account. This is the account that will be used to execute transactions. 
const sessionAccount = await buildSessionAccount({
  useCacheAuthorisation: false, // optional and defaulted to false, will be added in future developments
  session,
  sessionKey,
  provider: new RpcProvider({
    nodeUrl: "<https://starknet-sepolia.public.blastapi.io/rpc/v0_7>",
    chainId: constants.StarknetChainId.SN_SEPOLIA
  }),
  argentSessionServiceBaseUrl: ARGENT_SESSION_SERVICE_BASE_URL // Optional: defaulted to mainnet url. This is basically the backend api. 
})

4. Executing Transactions

try {
  const tx = await sessionAccount.execute({
    contractAddress: "0x...",
    selector: "transfer",
    calldata: ["0x..."]
  })
} catch (e) {
  console.error((e as SignSessionError).cause, e.message)
}

Best Practices

  1. Set appropriate expiry times based on your use case

  2. Limit allowed methods to only necessary functions

  3. Set reasonable token spending limits

  4. Implement proper error handling for session operations

  5. Consider implementing session refresh mechanisms for long-running applications

PreviousSession KeysNextSession keys with outside execution

Last updated 4 months ago

Was this helpful?