# ZkLogin

> Zero-knowledge authentication with OAuth providers on Sui

Utilities for working with zkLogin. Currently contains functionality to create and parse zkLogin
signatures and compute zkLogin addresses.

To parse a serialized zkLogin signature

```typescript
const parsedSignature = await parseZkLoginSignature('BQNNMTY4NjAxMzAyO....');
```

Use `getZkLoginSignature` to serialize a zkLogin signature.

```typescript
const serializedSignature = await getZkLoginSignature({ inputs, maxEpoch, userSignature });
```

To compute the address for a given address seed and iss you can use `computeZkLoginAddressFromSeed`

```typescript
const address = computeZkLoginAddressFromSeed(0n, 'https://accounts.google.com');
```

To compute an address from jwt:

```typescript
const address = jwtToAddress(jwtAsString, salt);
```

To compute an address from a parsed jwt:

```typescript
const address = computeZkLoginAddress({
	claimName,
	claimValue,
	iss,
	aud,
	userSalt: BigInt(salt),
});
```

To use zkLogin inside a multisig, see the [Multisig Guide](../sui/cryptography/multisig) for more
details.

## Legacy addresses

When zklogin was first introduced, there was an inconsistency in how the address seed was computed.
For backwards compatibility reasons there are 2 valid addresses for a given set of inputs. Methods
that produce zklogin addresses all accept a `legacyAddress` boolean flag, either as their last
parameter, or in their options argument.

```typescript

	computeZkLoginAddress,
	computeZkLoginAddressFromSeed,
	jwtToAddress,
	toZkLoginPublicIdentifier,
	genAddressSeed,
} from '@mysten/sui/zklogin';

const address = jwtToAddress(jwtAsString, salt, true);
const address = computeZkLoginAddressFromSeed(0n, 'https://accounts.google.com', true);
const address = computeZkLoginAddress({
	claimName,
	claimValue,
	iss,
	aud,
	userSalt: BigInt(salt),
	legacyAddress: true,
});
const address = toZkLoginPublicIdentifier(
	genAddressSeed(userSalt, claimName, claimValue, aud),
	iss,
	{ legacyAddress: true },
).toSuiAddress();
```