# Module sui::authenticator_state

*[Documentation index](/llms.txt) · [Full index](/llms-full.txt)*

```
use std::ascii;
use std::bcs;
use std::option;
use std::string;
use std::u64;
use std::vector;
use sui::address;
use sui::dynamic_field;
use sui::hex;
use sui::object;
use sui::party;
use sui::transfer;
use sui::tx_context;
use sui::vec_map;
```

## Struct AuthenticatorState

Singleton shared object which stores the global authenticator state.

The actual state is stored in a dynamic field of type AuthenticatorStateInner to support
future versions of the authenticator state.

```
public struct AuthenticatorState has key
```

**Fields**

**id: sui::object::UID**

**version: u64**

## Struct AuthenticatorStateInner

```
public struct AuthenticatorStateInner has store
```

**Fields**

**version: u64**

**active_jwks: vector&lt;sui::authenticator_state::ActiveJwk&gt;**

List of currently active JWKs.

## Struct JWK

Must match the JWK struct in fastcrypto-zkp

```
public struct JWK has copy, drop, store
```

**Fields**

**kty: std::string::String**

**e: std::string::String**

**n: std::string::String**

**alg: std::string::String**

## Struct JwkId

Must match the JwkId struct in fastcrypto-zkp

```
public struct JwkId has copy, drop, store
```

**Fields**

**iss: std::string::String**

**kid: std::string::String**

## Struct ActiveJwk

```
public struct ActiveJwk has copy, drop, store
```

**Fields**

**jwk_id: sui::authenticator_state::JwkId**

**jwk: sui::authenticator_state::JWK**

**epoch: u64**

## Constants

Sender is not @0x0 the system address.

```
const ENotSystemAddress: u64 = 0;
```

```
const EWrongInnerVersion: u64 = 1;
```

```
const EJwksNotSorted: u64 = 2;
```

```
const CurrentVersion: u64 = 1;
```

## Function active_jwk_equal

```
fun active_jwk_equal(a: &sui::authenticator_state::ActiveJwk, b: &sui::authenticator_state::ActiveJwk): bool
```

## Function jwk_equal

```
fun jwk_equal(a: &sui::authenticator_state::JWK, b: &sui::authenticator_state::JWK): bool
```

## Function jwk_id_equal

```
fun jwk_id_equal(a: &sui::authenticator_state::JwkId, b: &sui::authenticator_state::JwkId): bool
```

## Function string_bytes_lt

```
fun string_bytes_lt(a: &std::string::String, b: &std::string::String): bool
```

## Function jwk_lt

```
fun jwk_lt(a: &sui::authenticator_state::ActiveJwk, b: &sui::authenticator_state::ActiveJwk): bool
```

## Function create

Create and share the AuthenticatorState object. This function is call exactly once, when
the authenticator state object is first created.

Can only be called by genesis or change_epoch transactions.

```
fun create(ctx: &sui::tx_context::TxContext)
```

## Function load_inner_mut

```
fun load_inner_mut(self: &mut sui::authenticator_state::AuthenticatorState): &mut sui::authenticator_state::AuthenticatorStateInner
```

## Function load_inner

```
fun load_inner(self: &sui::authenticator_state::AuthenticatorState): &sui::authenticator_state::AuthenticatorStateInner
```

## Function check_sorted

```
fun check_sorted(new_active_jwks: &vector&lt;sui::authenticator_state::ActiveJwk&gt;)
```

## Function update_authenticator_state

Record a new set of active_jwks. Called when executing the AuthenticatorStateUpdate system
transaction. The new input vector must be sorted and must not contain duplicates.

If a new JWK is already present, but with a previous epoch, then the epoch is updated to
indicate that the JWK has been validated in the current epoch and should not be expired.

```
fun update_authenticator_state(self: &mut sui::authenticator_state::AuthenticatorState, new_active_jwks: vector&lt;sui::authenticator_state::ActiveJwk&gt;, ctx: &sui::tx_context::TxContext)
```

## Function deduplicate

```
fun deduplicate(jwks: vector&lt;sui::authenticator_state::ActiveJwk&gt;): vector&lt;sui::authenticator_state::ActiveJwk&gt;
```

## Function expire_jwks

```
fun expire_jwks(self: &mut sui::authenticator_state::AuthenticatorState, min_epoch: u64, ctx: &sui::tx_context::TxContext)
```

## Function get_active_jwks

Get the current active_jwks. Called when the node starts up in order to load the current.

JWK state from the chain.

```
fun get_active_jwks(self: &sui::authenticator_state::AuthenticatorState, ctx: &sui::tx_context::TxContext): vector&lt;sui::authenticator_state::ActiveJwk&gt;
```