Passport Lambda
Automate your access control or even your complete flow using Lambda's.
Lambdas can be registered with account owners as a json with Passport protocol.
The JSON has a very specific format (refer to example at the last). In this section, we will dive deep into different components of the JSON . Here is a rough overview of different components:
Authorization - Specify who is allowed to allowed to run a lambda function using the "authorization" parameter. Options include "none" (anyone can trigger). More options will be available soon.
Triggers - Specify how/when your lambda function gets executed. Currently two triggers are available - hook (by calling executeLambda endpoint with lambda id) or account (attach to your own account so it gets executed every time sign functions are called). You can also use array of triggers.
Conditions - Define a list of conditions that must be met for the lambda function to generate a signature. Conditions can be of type "fetch" (external API calls) or "code" (arbitrary Deno-compatible code execution).
Max Executions - Set the maximum number of executions allowed for the lambda function using the "max_executions" parameter. A value of 0 allows infinite executions.
Envs - Pass arbitrary environment variables to the lambda, using the "envs" array. These variables are composable and can be accessed by using "substitution"
Verifications - Specify the number of independent verifiers required for the condition match using the "verifications" object. Currently, it defaults to 1.
Action - Define the signature generation process using the "actions" object. Supported types include "personal_sign" (signing hex data) and "eth_signTransaction" (signing a transaction, coming soon).
Post Hook - Specify a list of post-processing actions to be triggered after signature generation using the "postHook" array. These actions can include sending the signature to an API, triggering alerts, or submitting transactions.
Let's dive into each component in further detail, and walk through the process of building a Lambda JSON object.
Authorization
During the registration process for a lambda function, user can define who is allowed the trigger the lambda function. Please note that, "Triggering the function" != "Execution". Execution will be governed by conditions.
Authorization can be take many values such us:
None - Anybody can trigger lambda.
Self - Only owner can trigger the lambda.
Wallet - Only provided wallet can trigger the lambda.
Important Note
In current release, only Authorization = None is active. Other 2 variants are coming soon.
Triggers
What initiates the lambda execution. It can take the following values:
account - Attach to your account and execute any time sign functions are called on your account
hook - Executes when called through executeLambda function/endpoint with respective lambda id.
You can also use both triggers at the same time since trigger takes an array
Verification
This accounts for how many independent verifiers of your condition match must be present for action to be executed.
Currently, it is always defaulted to 1
Max Executions
This variable controls how many times at max you wanna allow successful execution of your lambda function.
If you wanna have infinite executions, mark it 0. It should be always >=0
Envs
This allows you to pass any arbitrary environment variables that you want to pass into your runtime.
You can use it via substitutions as <<envs.0>>. 0 refers to the index in the array
Conditions
Conditions govern criteria under which the lambda action is allowed to generate a signature. You can pass a combination of conditions as an array.
There are 2 important points to note:
You can use outputs of previous conditions in any of the following conditions.
Last condition must return a boolean telling the lambda whether to generate signature or not
Each condition can be one of the 2 types:
Fetch - Use this type of condition to do any external API call (on-chain or off-chain) and return its response as output.
Code - Use this type of condition to execute any arbritrary deno compatible code (without online connectivity) and return its response as output.
As you see above, you can also enable substitutions. Here is an example:
Actions
Actions are responsible for the signature generation process. This are the equivalent of ERC-1193 operations to be performed using your wallet. Currently, the following 2 operations are possible
personal_sign
eth_signTransaction (Coming Soon)
Post Hook
After you have generated the signature, you may want to trigger any post process via an API call. This may be sending over the signature to an API, triggering a slack alert or even submitting a transaction. You can pass a list of post hooks to be triggered post signature generation.
Example
Last updated