Expand description
Lighter REST/WebSocket auth-token builder.
The Lighter venue authenticates long-running clients against a Schnorr
signature over an ASCII message describing (deadline, account_index, api_key_index). The signed string is sent verbatim in the Authorization
header and on the WebSocket subscribe handshake.
Pipeline (matching the Go reference ConstructAuthToken):
- Render
message = "{deadline}:{account_index}:{api_key_index}". - Split the ASCII bytes into 8-byte little-endian chunks, zero-padding the
final chunk if needed, and decode each chunk as a canonical Goldilocks
Fpelement. - Run
hash_to_quintic_extensionover the resulting[Fp]to derive a singleFp5digest. - Sign with the supplied
(sk, k)using the standard Schnorr binding. - Concatenate
"{message}:{hex(sig)}"wheresigis the canonical 80-bytes_le || e_leSchnorr layout encoded as lowercase hex.
The hash path here is not the body-element pipeline tx::compute_tx_hash
uses; the auth token treats the message as opaque ASCII and packs it into
limbs by raw little-endian bytes, while transactions encode each field as
an Fp-domain integer.
Enums§
- Auth
Token Error - Errors raised by
build_auth_token.
Constants§
- DEFAULT_
AUTH_ TOKEN_ TTL_ SECS - Default deadline applied by
build_auth_token_forwhen the caller does not supply one: 7 hours from the current wall clock. Sits inside the venue’sLIGHTER_AUTH_TOKEN_MAX_TTL(8 hours) with an hour of head room so a long-running session can pre-fetch and rotate before expiry.
Functions§
- auth_
token_ message - ASCII auth-token message:
"{deadline}:{account}:{api_key}". - build_
auth_ token - Build a Lighter auth token using the system clock as the
nowreference. - build_
auth_ token_ at - Variant of
build_auth_tokenaccepting an explicitnow_unix_secs. - build_
auth_ token_ for - Mint an auth token from a
crate::common::credential::Credentialusing the default 7-hour TTL and a fresh CSPRNG nonce. - build_
auth_ token_ unchecked - Sign the auth-token message without TTL validation.
- fresh_k
- Draws a fresh canonical
Scalarfrom the thread-local CSPRNG suitable for the per-signatureknonce. - hash_
auth_ message - Hash the auth-token ASCII message to its 40-byte
Fp5digest.