jwtToAddress function
Derives the Sui zkLogin address for the given jwt and userSalt.
The jwt must be a standard three-segment OAuth/OIDC token containing
sub, iss, and aud claims, and its aud claim must be a single string
(array audiences are not supported by zkLogin). Throws a FormatException
if the token is malformed or missing/invalid required claims.
Implementation
String jwtToAddress(String jwt, BigInt userSalt) {
lengthChecks(jwt);
final decodedJWT = decodeJwt(jwt);
if (decodedJWT['sub'] == null ||
decodedJWT['iss'] == null ||
decodedJWT['aud'] == null) {
throw const FormatException('Missing jwt data');
}
if (decodedJWT['aud'] is List) {
throw const FormatException(
'Not supported aud. Aud is an array, string was expected.',
);
}
if (decodedJWT['sub'] is! String ||
decodedJWT['iss'] is! String ||
decodedJWT['aud'] is! String) {
throw const FormatException(
'Invalid jwt claims: sub, iss and aud must be strings',
);
}
return computeZkLoginAddress(
userSalt: userSalt,
claimName: 'sub',
claimValue: decodedJWT['sub'] as String,
aud: decodedJWT['aud'] as String,
iss: decodedJWT['iss'] as String,
);
}