How to use signAuthMessage for eip3074 without having to pass private key of the authority?

[swetshaw]

I want the authority to come to my platform (website), authorise my invoker contract (sign the digest using metamask) to invoke the txs on their behalf. The invoker contract at any later time could execute the tx.

Major issue that I am facing here is - I am unable to find a way for the authority to sign the commit without having to pass the private key. Do you know if there is a way to do it?

[jxom]

There isn't a first-class abstraction to do this yet, as users shouldn't sign raw digests via their wallets (very dangerous) – unless a wallet were to eventually expose a wallet_signAuthMessage method (akin to eth_signTransaction).

However, if you want to turn on eth_sign in MetaMask, I can export the toAuthMessage utility so you can perform a raw request to sign the auth message:

import { toAuthMessage } from 'viem/experimental'
import { client } from './config'

const signature = await client.request({ 
  method: 'eth_sign',
  parameters: [keccak256(toAuthMessage({ chainId, commit, nonce, invokerAddress }))]
})

Would that work?

If you already have the digest, you can also do:

import { toAuthMessage } from 'viem/experimental'
import { client } from './config'

const digest = '0x...'

const signature = await client.request({ 
  method: 'eth_sign',
  parameters: [digest]
})

[swetshaw]

I see and that absolutely makes sense. This makes me wonder how is it supposed to behave in an ideal world, assuming authority shouldn't provide their private key for the auth. Do you know what's the ideal flow for this?

[swetshaw]

Exporting toAuthMessage utility will be helpful, I can utilise it for a quick demo that I am working on