Using session keys

Enhancing Play and Automating Actions with Customized Access Permissions

In-game keys are specialized access tools assigned with specific in-game permissions, tailored for enhancing gaming experiences. Examples include:

A key that grants access only to specific game levels or areas.
A key that allows the use of up to 1000 in-game currency units.
A key that remains valid for 3 days before expiring.

Moreover, these permissions can be combined to create more tailored experiences, such as a key that grants access to certain game levels, allows the spending of up to 1000 in-game currency units, and expires after 3 days. Session keys serve two primary purposes in gaming contexts:

Seamless Gameplay: To eliminate the need for players to confirm every in-game action or transaction, developers can issue an in-game key with permissions tailored to specific actions or resources. This key can be stored locally, allowing players to engage with the game more fluidly, often referred to as "seamless play." This approach can significantly enhance the user experience by reducing interruptions.
Automated In-game Actions: For actions that players wish to automate within the game, such as recurring purchases or the execution of specific strategies, they can create an in-game key with the necessary permissions and provide it to the game server. This enables the automated execution of these actions without the need for direct player intervention each time. Players retain control through the bounded nature of the key's permissions, ensuring a balance between convenience and security.

The potential applications for automated in-game actions are vast, including:

Automatic renewal of subscriptions or in-game passes.
Execution of predefined strategies or actions when certain in-game conditions are met.
Automatic management of in-game assets or resources, such as restocking supplies or managing in-game property.

Check out our sample registering a session key with an account with a self-custodial signer: GitHub source.

Quickstart with Session Key#

This section will guide you through the process of registering a session key and using it to mint an asset with a player's smart account.

1. Create a session key - Client side#

Using EIP-7715.

The request method of the EIP-1193 provider can be used to request signatures. First, get the provider:

client.tsx

openfortConfig.ts

import openfort from "./openfortConfig"
// This example assumes you have already checked that Openfort 'embeddedState' is 
// `ready` and the user is `authenticated`
const provider = openfort.getEthereumProvider();

smart wallets support sending a batch of transactions in a single, atomic submission to the network.

To register a session key with a smart wallet, call the wallet_grantPermissions method.

As an example, you might batch together a transaction to approve a USDC spender and to transfer USDC like so:

import { generatePrivateKey, privateKeyToAccount } from 'viem/accounts';
const sessionKey = generatePrivateKey();
const accountSession = privateKeyToAccount(sessionKey).address;
await provider.request({
  method: 'wallet_grantPermissions',
  params: [
    {
      signer:{
        type: "account",
        data:{
          id: accountSession
        }
      },
      expiry: 60 * 60 * 24,
      permissions: [
        {
          type: 'contract-call',
          data: {
            address: '0x2522f4fc9af2e1954a3d13f7a5b2683a00a4543a',
            calls: []
          },
          policies: []
        }
      ],
    },
  ],
});

Popular web3 libraries provide convenient methods for registering session keys:

Library	Method
Viem	Use the `wallet_grantPermissions` action