Skip to main content

Use different signers

You can configure a delegator smart contract account to support multiple different signing mechanisms. For example, the Hybrid delegator account can have an EOA "owner" and any number of P256 (passkey) signers – all of which can sign messages, user operations, and delegations. To configure the DeleGatorClient, you must provide a signer which signs on behalf of the delegator account – the "signatory."

Hybrid DeleGator

The Hybrid delegator account supports both an EOA owner and any number of P256 (passkey) signers. Provide these as deployParams when creating the DeleGatorClient (unless the smart contract account has already been deployed):

createDeleGatorClient({
  transport,
  chain,
  account: {
    implementation: Implementation.Hybrid,
    isAccountDeployed: false,
    deployParams: [ owner, p256KeyIds, p256XValues, p256YValues ],
    signatory
  }
});

In this snippet, the following values are expected:

  • owner: The owner's account address as a hex string. The owner can be the zero address, indicating that there is no owner configured.
  • p256KeyIds: An array of key identifiers as strings.
  • p256XValues: An array of public key x-values as bigints.
  • p256YValues: An array of public key y-values as bigints.
    note

    All p256 parameters can be specified as empty arrays, indicating that there are no P256 signers configured. We recommend configuring at least one signer, otherwise the account is not recoverable.

  • signatory: A signer that will sign on behalf of the delegator account. The signatory must be a Viem Account or a Viem Wallet Client.

If the signatory is the owner, it must return an ECDSA signature as a hexadecimal string. This can be implemented in any way required, but there are a several methods detailed in the following sections.

Private key signatory

The signatory can be generated from a private key, using Viem's privateKeyToAccount function:

const signatory = privateKeyToAccount(privateKeyHex);

Wallet Client signatory

The signatory can be a Wallet Client provided by a third-party SDK. See the Viem documentation for more details.

JSON-RPC provider signatory

If the signatory is available as an EIP-1193 provider, this can be wrapped in a Wallet Client. See the Viem documentation for more details.

The following example uses the injected provider (for example, the MetaMask extension), but you can use any EIP-1193 provider:

const [ owner ] = await window.ethereum.request({ 
  method: "eth_requestAccounts"
});

const signatory = createWalletClient({
  chain,
  transport: custom(window.ethereum!),
  account: owner,
});
note

In some cases, it might be necessary to execute additional steps, such as switching to the desired chain.

P256 passkey signatory

Although this is partially supported by the MetaMask Delegation Toolkit, there is no signer currently implemented to encode the P256 signature in the format expected by the contract. If you would like to see this implemented, please contact the MetaMask Delegation Toolkit team.

Multisig delegator account

Currently, the MetaMask Delegation Toolkit does not support multi-signature delegator accounts. If you would like to see this implemented, please contact the MetaMask Delegation Toolkit team.

Last updated on by jeffsmale90