# KeyAuthorization Types

## `KeyAuthorization.Input`

Input type for a Key Authorization.

**Source:** [src/tempo/KeyAuthorization.ts](https://github.com/wevm/ox/blob/main/src/tempo/KeyAuthorization.ts#L1190)

## `KeyAuthorization.KeyAuthorization`

Key authorization for provisioning access keys.

Access keys allow a root key (e.g., a passkey) to delegate transaction signing to secondary keys with customizable permissions including expiry timestamps and per-TIP-20 token spending limits. This enables a user to sign transactions without repeated passkey prompts.

The root key signs a `KeyAuthorization` to grant an access key permission to sign transactions on its behalf. The authorization is attached to a transaction (which can be signed by the access key itself), and the protocol validates the authorization before storing the key in the AccountKeychain precompile.

Key authorization fields: - `address`: Address derived from the access key's public key (the "key ID") - `chainId`: Chain ID for replay protection (0 = valid on any chain) - `expiry`: Unix timestamp when the key expires (undefined = never expires) - `limits`: Per-TIP-20 token spending limits (only applies to `transfer()` and `approve()` calls) - `type`: Key type (`secp256k1`, `p256`, or `webAuthn`)

[Access Keys Specification](https://docs.tempo.xyz/protocol/transactions/spec-tempo-transaction#access-keys)

**Source:** [src/tempo/KeyAuthorization.ts](https://github.com/wevm/ox/blob/main/src/tempo/KeyAuthorization.ts#L32)

## `KeyAuthorization.Rpc`

RPC representation matching the node's wire format.

**Source:** [src/tempo/KeyAuthorization.ts](https://github.com/wevm/ox/blob/main/src/tempo/KeyAuthorization.ts#L1190)

## `KeyAuthorization.RpcCallScope`

RPC representation of a call scope (matches node's `CallScope` serde).

**Source:** [src/tempo/KeyAuthorization.ts](https://github.com/wevm/ox/blob/main/src/tempo/KeyAuthorization.ts#L1190)

## `KeyAuthorization.RpcSelectorRule`

RPC representation of a selector rule (matches node's `SelectorRule` serde).

**Source:** [src/tempo/KeyAuthorization.ts](https://github.com/wevm/ox/blob/main/src/tempo/KeyAuthorization.ts#L1190)

## `KeyAuthorization.RpcTokenLimit`

RPC representation of a token limit (matches node's `TokenLimit` serde).

**Source:** [src/tempo/KeyAuthorization.ts](https://github.com/wevm/ox/blob/main/src/tempo/KeyAuthorization.ts#L1190)

## `KeyAuthorization.Scope`

Call scope entry restricting which contract, selector, and recipients an access key can use.

Multiple entries with the same `address` are grouped by target on the wire.

* `{ address }` = any selector on this contract - `{ address, selector }` = specific selector - `{ address, selector, recipients }` = selector + recipient constraint

[TIP-1011 Specification](https://docs.tempo.xyz/protocol/transactions/tip-1011)

**Source:** [src/tempo/KeyAuthorization.ts](https://github.com/wevm/ox/blob/main/src/tempo/KeyAuthorization.ts#L1190)

## `KeyAuthorization.Signed`

Signed representation of a Key Authorization.

**Source:** [src/tempo/KeyAuthorization.ts](https://github.com/wevm/ox/blob/main/src/tempo/KeyAuthorization.ts#L1190)

## `KeyAuthorization.TokenLimit`

Token spending limit for access keys.

Defines a per-TIP-20 token spending limit for an access key. Limits deplete as tokens are spent and can be updated by the root key via `updateSpendingLimit()`.

[Access Keys Specification](https://docs.tempo.xyz/protocol/transactions/spec-tempo-transaction#access-keys)

**Source:** [src/tempo/KeyAuthorization.ts](https://github.com/wevm/ox/blob/main/src/tempo/KeyAuthorization.ts#L1190)

## `KeyAuthorization.Tuple`

Tuple representation of a Key Authorization.

**Source:** [src/tempo/KeyAuthorization.ts](https://github.com/wevm/ox/blob/main/src/tempo/KeyAuthorization.ts#L1190)
