build
Builds the authorization payload hash for signing.
Computes the hash that must be signed to authorize a Soroban operation. This hash is used as the WebAuthn challenge when collecting biometric signatures.
The payload is constructed as:
HashIdPreimage::SorobanAuthorization {
networkId: SHA256(networkPassphrase as UTF-8),
nonce: credentials.nonce,
signatureExpirationLedger: expirationLedger,
invocation: entry.rootInvocation
}
hash = SHA256(XDR_encode(payload))The preimage type is selected by the credential arm. Legacy ADDRESS credentials use the ENVELOPE_TYPE_SOROBAN_AUTHORIZATION preimage; ADDRESS_V2 and ADDRESS_WITH_DELEGATES use the address-bound ENVELOPE_TYPE_SOROBAN_AUTHORIZATION_WITH_ADDRESS preimage. The host reconstructs the preimage from the submitted credential arm, so a mismatched arm yields a hash the host rejects. Selection is delegated to Auth.buildHashIDPreimage.
The expiration ledger is applied to the credentials before the preimage is built; the host reconstructs the preimage from the submitted credentials, so the expiration must be present at hash time.
Return
The 32-byte SHA-256 hash of the authorization payload
Parameters
The authorization entry to build the payload hash for. Must carry address-bearing credentials (Address, AddressV2, or AddressWithDelegates).
The ledger number at which the signature expires
The network passphrase (e.g., "Test SDF Network ; September 2015")
Throws
if the credentials are source-account (Void) or if XDR encoding fails
Example:
val hash = SmartAccountAuth.buildAuthPayloadHash(
entry = authEntry,
expirationLedger = 12345678u,
networkPassphrase = Network.TESTNET.networkPassphrase
)
// Use hash as WebAuthn challenge
val webAuthnResponse = navigator.credentials.get(challenge = hash)