Client implementation

​

Client Implementation

• Attestation: Verify the RPC is running on secure hardware by sending a challenge and validating the returned TDX quote.
• Client Challenges: Prove ownership of a public key to obtain an authorization token for permissioned state.
• Access: Provide the token as a query parameter when constructing a connection to query state.

​

Attestation

• Generate a random 32-byte challenge and encode it as base64
• Send the challenge to the TEE RPC server to receive a TDX quote
• Fetch collateral (certificates) via PCCS for the quote
• Verify the quote using the DCAP QVL WASM module against the collateral and current time

import { verifyTeeRpcIntegrity } from '@magicblock-labs/ephemeral-rollups-sdk';

const isIntegrityVerified = await verifyTeeRpcIntegrity(PRIVATE_ER_URL);

​

Client Challenge Flow

• Request a challenge from the RPC, parameterized by the wallet public key
• Sign the received challenge using the corresponding keypair
• Submit the signed challenge and receive an authorization token on success

import { getAuthToken } from '@magicblock-labs/ephemeral-rollups-sdk';

const { publicKey, signMessage } = useWallet();
const token = await getAuthToken(PRIVATE_ER_URL, publicKey, signMessage);

​

Access

function useEphemeralConnection() {
  const { authToken } = usePrivateRollupAuth();
  const ephemeralConnection = useMemo(() => {
    if (authToken) {
      return new Connection(`${EPHEMERAL_RPC_URL}?token=${authToken}`, 'confirmed');
    }
    return null;
  }, [authToken]);

  return { ephemeralConnection };
}