You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
|`userId` / `email` / `authConnectionId`|**Yes**| These claims are set by verifier configuration, which an attacker controls via their own project |
147
+
|`wallets[].public_key` (app-scoped key) | No | App keys are derived per-project; a different project produces different keys|
148
+
|`wallets[].address` (onchain address) | No | Bound to the user's cryptographic keys, cannot be forged|
149
149
150
150
If your backend matches users by `userId`, `email`, or `authConnectionId` — the common pattern for Web2-style user management — always validate `audience`.
The granted permissions object includes a `context` property that represents the encoded delegations.
112
-
113
-
To create a redelegation, you must first decode these delegations to access the
114
-
underlying delegations. To decode the delegations, use the [`decodeDelegations`](../../reference/delegation/index.md#decodedelegations) utility function.
Create a [redelegation](../../concepts/delegation/overview.md#redelegation) from dapp to a Swap agent.
128
110
129
-
To create a redelegation, provide the signed delegation as the `parentDelegation` argument when calling [`createDelegation`](../../reference/delegation/index.md#createdelegation).
111
+
To create a redelegation, provide the granted permission context as the `permissionContext` argument when calling [`redelegatePermissionContext`](../../reference/erc7710/wallet-client.md#redelegatepermissioncontext).
112
+
In the previous step, `sessionAccount` was extended with `erc7710WalletActions`.
130
113
131
-
This example uses the [`erc20TransferAmount`](../delegation/use-delegation-scopes/spending-limit.md#erc-20-transfer-scope) <GlossaryTermterm="Delegation scope">scope</GlossaryTerm>, allowing
132
-
dapp to delegate to a Swap agent the ability to spend 5 USDC on user's behalf.
114
+
When you create a redelegation, apply the toolkit's [caveats](../../reference/delegation/caveats.md)
115
+
to narrow the Swap agent's authority. In this example, we'll use [`erc20TransferAmount`](../../reference/delegation/caveats.md#erc20transferamount)
116
+
enforcer, allowing your dapp to delegate the Swap agent only the ability to spend 5 USDC on the user's behalf.
133
117
134
118
:::note
135
119
When creating a redelegation, you can only narrow the scope of the original authority, not expand it.
@@ -139,25 +123,35 @@ When creating a redelegation, you can only narrow the scope of the original auth
When you create a redelegation, apply the toolkit's [caveats](../../reference/delegation/caveats.md) to narrow the Swap agent's authority. For example, you can limit the authority so Swap agent can use the delegation only once.
186
-
187
-
To apply caveats, create the `Delegation` object and use [`createCaveatBuilder`](../../reference/delegation/index.md#createcaveatbuilder).
188
-
Use [`hashDelegation`](../../reference/delegation/index.md#hashdelegation) to get the delegation hash, then provide it as the `authority` field.
189
-
190
-
This example uses the [`limitedCalls`](../../reference/delegation/caveats.md#limitedcalls) caveat with a limit of `1`.
0 commit comments