OZExternal
Manager for external (non-passkey) signers for multi-signature smart account operations.
OZExternalSignerManager provides a unified interface for managing Stellar account signers that originate from Ed25519 secret keys or external wallet connections (e.g., Freighter, LOBSTR). It supports two methods of adding signers:
Keypair signers (via addFromSecret): Created from a raw Ed25519 secret key. These are held in memory only and are never persisted to storage. The secret key material is accessible only through the in-memory KeyPair instance.
Wallet signers: Connected through an ExternalWalletAdapter. The adapter owns the connection lifecycle (e.g., WalletConnect sessions) and surfaces live connections via ExternalWalletAdapter.getConnectedWallets; the manager delegates signing to it.
Thread Safety: The in-memory signer registries are protected by a non-suspending platform lock so they can also be cleared from non-suspend teardown paths (OZSmartAccountKit.close). Public methods can be safely called from any coroutine context.
Example usage:
val manager = OZExternalSignerManager(
networkPassphrase = "Test SDF Network ; September 2015",
walletAdapter = myWalletAdapter
)
// Add from secret key (memory-only)
val address = manager.addFromSecret("SCZANGBA5YHT...")
println("Added keypair signer: $address")
// Check signing capability
if (manager.canSignFor("GABC...")) {
val result = manager.signAuthEntry("GABC...", preimageXdr)
println("Signed by: ${result.signerAddress}")
}
// List all signers
val signers = manager.getAll()Parameters
The Stellar network passphrase used when delegating to wallet adapters.
Optional wallet adapter backing the wallet (G-address) custody model. The SDK never sees the wallet's private key — signing is delegated out of process.
Optional adapter backing the Ed25519 adapter custody model. When set, it is consulted via OZExternalEd25519SignerAdapter.canSignFor before the in-memory Ed25519 keypair registry (adapter-first precedence rule). Set a concrete OZExternalEd25519SignerAdapter to route Ed25519 signing through a hardware wallet, HSM, or remote signing service; leave null to use only in-memory keypairs registered via addEd25519FromRawKey.
Constructors
Functions
Registers an Ed25519 signing keypair derived from raw 32-byte secret key material and stores it in memory under the composite (verifierAddress, publicKey) key. The keypair is never persisted to storage and is lost when the application terminates.
Adds an Ed25519 keypair signer from a raw secret key.
Returns whether a signing source is available for the given Ed25519 signer.
Checks if any managed signer can sign for the given address.
Gets information about a specific signer by address.
Lists all managed external signers (both keypair and wallet).
Checks if any external signers are registered (keypair or wallet).
Removes a registered Ed25519 signer from the in-memory registry.
Signs an authorization entry preimage with the appropriate signer for the given address.
Produces a 64-byte Ed25519 signature over authDigest.