Session Keys

Implementing Session Keys

Session keys are a powerful sub-technology of account abstraction allowing users to delegate signing permission under specific conditions to an external keypair, thus allowing applications to be used without requiring a signature popup or compromising security. In addition to this, session keys can be used for advanced use cases such as transaction automation (due to authentication delegation).

Particle Network has natively implemented session keys through both the Account Abstraction RPC and the AA SDKs (Introduction to Smart Wallet-as-a-Service), allowing developers to begin using session keys directly within the Particle Network tech stack.


Creating a session key

Creating a session key within Particle Network's Account Abstraction RPC or AA SDK requires the usage of createSessions and validateSession (through the RPC endpoint you can access these through createSessions and validateSession). This functionality is only currently compatible with BICONOMY version 2.0.0, other smart account implementations won't work and will throw an error.

The underlying flow for implementing and leveraging a session key can be best described through these key steps:

  1. The session is authorized.
    1. The session is created containing:
      1. sessionKeyData, the metadata for the validation contract, including a temporary public address (representing the key), the associated user address, and other parameters (see this repository for an example).
      2. sessionValidationModule, a custom validation contract to determine the validity of a UserOperation, replacing the standard validateUserOp call make within typical operations.
    2. The session is registered on the blockchain.
  2. UserOperations can now be signed on behalf of the user with the session key.

Session keys flow diagram.

Session keys flow diagram.

Example of a custom validation contract

A custom validation contract, or the sessionValidationModule, should look similar to the example provided below, implementing the validateSessionUserOp method:

// SPDX-License-Identifier: MIT
pragma solidity 0.8.19;

import {UserOperation} from "@account-abstraction/contracts/interfaces/UserOperation.sol";

abstract contract ISessionValidationModule {
    // execute(address,uint256,bytes)
    bytes4 public constant EXECUTE_SELECTOR = 0xb61d27f6;
    // execute_ncC(address,uint256,bytes)
    bytes4 public constant EXECUTE_OPTIMIZED_SELECTOR = 0x0000189a;

     * @dev validates if the _op (UserOperation) matches the SessionKey permissions
     * and that _op has been signed by this SessionKey
     * @param _op User Operation to be validated.
     * @param _userOpHash Hash of the User Operation to be validated.
     * @param _sessionKeyData SessionKey data, that describes sessionKey permissions
     * @param _sessionKeySignature Signature over the the _userOpHash.
     * @return true if the _op is valid, false otherwise.
    function validateSessionUserOp(
        UserOperation calldata _op,
        bytes32 _userOpHash,
        bytes calldata _sessionKeyData,
        bytes calldata _sessionKeySignature
    ) external virtual returns (bool);



Watch the full walkthrough tutorial for leveraging session keys with Particle's AA SDK.