View on GitHub
Install in Dash
OZSignerManager
public final class OZSignerManager : OZManagerHelpers, @unchecked SendableManager for signer operations on OpenZeppelin Smart Accounts.
Manages the signer set bound to a context rule. Supported signer kinds:
- WebAuthn passkeys (secp256r1, verified through a verifier contract)
- Delegated signers (
G…accounts orC…contracts viarequire_auth) - Ed25519 signers (32-byte keys verified by a verifier contract)
All state-changing methods accept an optional selectedSigners list. An
empty list routes through the single-signer path (connected passkey);
a non-empty list routes through the multi-signer ceremony coordinator.
The manager itself performs no on-chain state mutation; effects flow through the kit’s transaction operations or the multi-signer submitter.
Example:
let result = try await kit.signerManager.addDelegated(
contextRuleId: 0,
address: "GA7QYNF7SOWQ..."
)
-
Registers a new WebAuthn passkey and adds it as a signer to a context rule.
Performs the full end-to-end flow of creating a new passkey via the platform’s WebAuthn API, persisting the credential locally as
pending, emitting ancredentialCreated(credential:)event, and adding the resulting public key as a signer on the smart-account contract. UseaddPasskey(contextRuleId:publicKey:credentialId:selectedSigners:forceMethod:)directly when the credential identifier and public key are already in hand.Flow:
- Validates that a wallet is connected and a
WebAuthnProvideris configured (either through the kit or the manager override). - Generates cryptographically secure random challenge and user-id
buffers (32 bytes each) using
OZWalletOperations/secureRandomData(count:). - Triggers the platform WebAuthn registration ceremony (biometric
prompt). Failures from the provider are wrapped in
RegistrationFailed. - Base64URL-encodes the credential id for local storage.
- Persists the new credential through
OZCredentialManagerProtocol/createPendingCredential(credentialId:publicKey:contractId:nickname:transports:deviceType:backedUp:). - Emits
credentialCreated(credential:). - Adds the passkey signer on-chain by delegating to
addPasskey(contextRuleId:publicKey:credentialId:selectedSigners:forceMethod:).
The on-chain addition step requires authorization from an existing signer on the supplied context rule. The user is therefore prompted for biometric authentication twice in single-signer mode: once for the new passkey registration and once for the existing signer to authorize the signer-addition transaction.
Throws
NotConnectedwhen no wallet is connected;NotSupportedwhen no WebAuthn provider is configured;WebAuthnExceptionwhen the registration ceremony fails or the user cancels;SmartAccountCredentialExceptionwhen credential storage fails;SmartAccountTransactionExceptionwhen the on-chain signer addition fails.Declaration
Swift
public func addNewPasskeySigner( contextRuleId: UInt32, userName: String, selectedSigners: [OZSelectedSigner] = [], forceMethod: OZSubmissionMethod? = nil ) async throws -> OZAddPasskeySignerResultParameters
contextRuleIdContext-rule identifier the new signer is being added to (zero is the default rule).
userNameUser-friendly name for the new passkey (displayed by the authenticator).
selectedSignersOptional list of signers participating in the on-chain authorization ceremony. Empty (default) routes through single-signer submission with the connected passkey credential.
forceMethodOptional submission-method override.
Return Value
An
OZAddPasskeySignerResultcarrying the credential id, the public key, and the on-chain transaction outcome. - Validates that a wallet is connected and a
-
Adds a WebAuthn passkey signer to a context rule.
Creates a WebAuthn external signer via
webAuthn(verifierAddress:publicKey:credentialId:)and submits anadd_signerinvocation against the connected smart-account contract. The verifier address is sourced fromwebauthnVerifierAddress.The on-chain transaction requires authorization from an existing signer on the specified context rule.
Contract call:
smart_account.add_signer(context_rule_id, signer) -> u32. The assigned numeric id surfaces onsignerIdsonce the rule is refetched.Throws
SmartAccountValidationExceptionfor invalid input;SmartAccountWalletExceptionfor missing connection;SmartAccountTransactionExceptionfor submission failures.Declaration
Swift
public func addPasskey( contextRuleId: UInt32, publicKey: Data, credentialId: Data, selectedSigners: [OZSelectedSigner] = [], forceMethod: OZSubmissionMethod? = nil ) async throws -> OZTransactionResultParameters
contextRuleIdContext-rule identifier the new signer is being added to.
publicKeyUncompressed secp256r1 public key (
secp256r1PublicKeySizebytes starting withuncompressedPubkeyPrefix).credentialIdWebAuthn credential identifier bytes; must not be empty.
selectedSignersOptional multi-signer participants list.
forceMethodOptional submission-method override.
Return Value
An
OZTransactionResultdescribing the on-chain outcome. -
Adds a delegated signer (Stellar account or contract) to a context rule.
Creates an
OZDelegatedSignerthat authorises through the host’s built-inrequire_authmechanism and submits anadd_signerinvocation against the connected smart-account contract. The suppliedaddressmay be either aG…Stellar account or aC…contract strkey.The on-chain transaction requires authorization from an existing signer on the specified context rule.
Throws
InvalidAddresswhen the address strkey is malformed;NotConnectedwhen no wallet is connected;SmartAccountTransactionExceptionfor submission failures.Declaration
Swift
public func addDelegated( contextRuleId: UInt32, address: String, selectedSigners: [OZSelectedSigner] = [], forceMethod: OZSubmissionMethod? = nil ) async throws -> OZTransactionResultParameters
contextRuleIdContext-rule identifier the new signer is being added to.
addressStellar account (
G…) or contract (C…) strkey.selectedSignersOptional multi-signer participants list.
forceMethodOptional submission-method override.
Return Value
An
OZTransactionResultdescribing the on-chain outcome. -
Adds an Ed25519 signer to a context rule.
Creates an
OZExternalSignerconfigured for Ed25519 verification via the supplied verifier-contract address and submits anadd_signerinvocation against the connected smart-account contract. The public key must be the canonical 32-byte Ed25519 encoding.The on-chain transaction requires authorization from an existing signer on the specified context rule.
Throws
SmartAccountValidationExceptionfor invalid input;NotConnectedwhen no wallet is connected;SmartAccountTransactionExceptionfor submission failures.Declaration
Swift
public func addEd25519( contextRuleId: UInt32, verifierAddress: String, publicKey: Data, selectedSigners: [OZSelectedSigner] = [], forceMethod: OZSubmissionMethod? = nil ) async throws -> OZTransactionResultParameters
contextRuleIdContext-rule identifier the new signer is being added to.
verifierAddressVerifier contract address (
C…strkey).publicKeyEd25519 public key (
ed25519PublicKeySizebytes).selectedSignersOptional multi-signer participants list.
forceMethodOptional submission-method override.
Return Value
An
OZTransactionResultdescribing the on-chain outcome.
-
Removes a signer from a context rule by its on-chain numeric id.
The id is assigned by the smart-account contract when the signer is added and surfaces on
signerIdsafter the rule is fetched. UseremoveSignerBySigner(contextRuleId:signer:selectedSigners:forceMethod:)when only the signer value is known — that overload performs one extra RPC round trip to resolve the id internally.Important
A context rule cannot have its last signer removed unless the rule has policies that supply authorization. The smart-account contract rejects the removal (contract error NoSignersAndPolicies, code 3004) if the last signer is removed with no policies configured.Contract call:
smart_account.remove_signer(context_rule_id, signer_id).Throws
NotConnectedwhen no wallet is connected;SmartAccountTransactionExceptionfor submission failures.Declaration
Swift
public func removeSigner( contextRuleId: UInt32, signerId: UInt32, selectedSigners: [OZSelectedSigner] = [], forceMethod: OZSubmissionMethod? = nil ) async throws -> OZTransactionResultParameters
contextRuleIdContext-rule identifier the signer is being removed from.
signerIdNumeric signer identifier assigned at addition time.
selectedSignersOptional multi-signer participants list.
forceMethodOptional submission-method override.
Return Value
An
OZTransactionResultdescribing the on-chain outcome. -
Removes a signer from a context rule by matching the signer value.
Convenience overload that resolves the on-chain numeric signer id internally before delegating to
removeSigner(contextRuleId:signerId:selectedSigners:forceMethod:). Fetches the target context rule (single RPC call), parses it through the kit’s context-rule parser, locates the signer by equality, and uses the positionally-aligned identifier.Throws
NotConnectedwhen no wallet is connected;SmartAccountValidationExceptionwhen the signer is not found on the supplied rule or the rule’ssignersandsignerIdsarrays are misaligned;SmartAccountConfigurationExceptionwhen the manager was constructed without a context-rule parser;SmartAccountTransactionExceptionfor simulation, signing, or submission failures.Note
The Swift name differs from the underlying contract method to distinguish this overload at the call site from the id-based
removeSigner(contextRuleId:signerId:selectedSigners:forceMethod:). TheBySignersuffix keeps the call site self-documenting.Declaration
Swift
public func removeSignerBySigner( contextRuleId: UInt32, signer: any OZSmartAccountSigner, selectedSigners: [OZSelectedSigner] = [], forceMethod: OZSubmissionMethod? = nil ) async throws -> OZTransactionResultParameters
contextRuleIdContext-rule identifier the signer is being removed from.
signerThe signer value to match against the rule’s signer list.
selectedSignersOptional multi-signer participants list.
forceMethodOptional submission-method override.
Return Value
An
OZTransactionResultdescribing the on-chain outcome.