@aptos-labs/ts-sdk 1.28.0 → 1.29.0

package/src/api/transaction.ts

@@ -21,10 +21,13 @@ import {
   WaitForTransactionOptions,
 } from "../types";
 import {
+  FeePayerOrFeePayerAuthenticatorOrNeither,
   getSigningMessage,
   publicPackageTransaction,
   rotateAuthKey,
+  signAndSubmitAsFeePayer,
   signAndSubmitTransaction,
+  signAsFeePayer,
   signTransaction,
 } from "../internal/transactionSubmission";
 import {
@@ -290,20 +293,8 @@ export class Transaction {
    */
   // eslint-disable-next-line class-methods-use-this
   signAsFeePayer(args: { signer: Account; transaction: AnyRawTransaction }): AccountAuthenticator {
-    const { signer, transaction } = args;
-
-    // if transaction doesnt hold a "feePayerAddress" prop it means
-    // this is not a fee payer transaction
-    if (!transaction.feePayerAddress) {
-      throw new Error(`Transaction ${transaction} is not a Fee Payer transaction`);
-    }
-
-    // Set the feePayerAddress to the signer account address
-    transaction.feePayerAddress = signer.accountAddress;
-
-    return signTransaction({
-      signer,
-      transaction,
+    return signAsFeePayer({
+      ...args,
     });
   }
 
@@ -355,15 +346,44 @@ export class Transaction {
    *
    * @return PendingTransactionResponse
    */
-  async signAndSubmitTransaction(args: {
-    signer: Account;
+  async signAndSubmitTransaction(
+    args: FeePayerOrFeePayerAuthenticatorOrNeither & {
+      signer: Account;
+      transaction: AnyRawTransaction;
+    },
+  ): Promise<PendingTransactionResponse> {
+    return signAndSubmitTransaction({
+      aptosConfig: this.config,
+      ...args,
+    });
+  }
+
+  /**
+   * Sign and submit a single signer transaction as the fee payer to chain given an authenticator by the sender of the transaction.
+   *
+   * @param args.feePayer The fee payer account to sign the transaction
+   * @param args.senderAuthenticator The AccountAuthenticator signed by the sender of the transaction
+   * @param args.transaction An instance of a RawTransaction, plus optional secondary/fee payer addresses
+   *
+   * @example
+   * const transaction = await aptos.transaction.build.simple({sender: alice.accountAddress, feePayer: true ...})
+   * const senderAuthenticator = alice.signTransactionWithAuthenticator(transaction)
+   * const pendingTransaction = await aptos.signAndSubmitAsFeePayer({
+   *  senderAuthenticator,
+   *  feePayer: bob,
+   *  transaction,
+   * })
+   *
+   * @return PendingTransactionResponse
+   */
+  async signAndSubmitAsFeePayer(args: {
+    feePayer: Account;
+    senderAuthenticator: AccountAuthenticator;
     transaction: AnyRawTransaction;
   }): Promise<PendingTransactionResponse> {
-    const { signer, transaction } = args;
-    return signAndSubmitTransaction({
+    return signAndSubmitAsFeePayer({
       aptosConfig: this.config,
-      signer,
-      transaction,
+      ...args,
     });
   }
 }

package/src/core/crypto/federatedKeyless.ts

@@ -0,0 +1,134 @@
+// Copyright © Aptos Foundation
+// SPDX-License-Identifier: Apache-2.0
+
+import { AccountPublicKey, PublicKey } from "./publicKey";
+import { Deserializer, Serializer } from "../../bcs";
+import { Hex } from "../hex";
+import { HexInput, AnyPublicKeyVariant, SigningScheme } from "../../types";
+import { AuthenticationKey } from "../authenticationKey";
+import { AccountAddress, AccountAddressInput } from "../accountAddress";
+import { KeylessPublicKey, KeylessSignature } from "./keyless";
+
+/**
+ * Represents the FederatedKeylessPublicKey public key
+ *
+ * These keys use an onchain address as a source of truth for the JWK used to verify signatures.
+ *
+ * FederatedKeylessPublicKey authentication key is represented in the SDK as `AnyPublicKey`.
+ */
+export class FederatedKeylessPublicKey extends AccountPublicKey {
+  /**
+   * The address that contains the JWK set to be used for verification.
+   */
+  readonly jwkAddress: AccountAddress;
+
+  /**
+   * The inner public key which contains the standard Keyless public key.
+   */
+  readonly keylessPublicKey: KeylessPublicKey;
+
+  constructor(jwkAddress: AccountAddressInput, keylessPublicKey: KeylessPublicKey) {
+    super();
+    this.jwkAddress = AccountAddress.from(jwkAddress);
+    this.keylessPublicKey = keylessPublicKey;
+  }
+
+  /**
+   * Get the authentication key for the federated keyless public key
+   *
+   * @returns AuthenticationKey
+   */
+  authKey(): AuthenticationKey {
+    const serializer = new Serializer();
+    serializer.serializeU32AsUleb128(AnyPublicKeyVariant.FederatedKeyless);
+    serializer.serializeFixedBytes(this.bcsToBytes());
+    return AuthenticationKey.fromSchemeAndBytes({
+      scheme: SigningScheme.SingleKey,
+      input: serializer.toUint8Array(),
+    });
+  }
+
+  /**
+   * Get the public key in bytes (Uint8Array).
+   *
+   * @returns Uint8Array representation of the public key
+   */
+  toUint8Array(): Uint8Array {
+    return this.bcsToBytes();
+  }
+
+  /**
+   * Get the public key as a hex string with the 0x prefix.
+   *
+   * @returns string representation of the public key
+   */
+  toString(): string {
+    return Hex.fromHexInput(this.toUint8Array()).toString();
+  }
+
+  /**
+   * Verifies a signed data with a public key
+   *
+   * @param args.message message
+   * @param args.signature The signature
+   * @returns true if the signature is valid
+   */
+  // eslint-disable-next-line @typescript-eslint/no-unused-vars, class-methods-use-this
+  verifySignature(args: { message: HexInput; signature: KeylessSignature }): boolean {
+    throw new Error("Not yet implemented");
+  }
+
+  serialize(serializer: Serializer): void {
+    this.jwkAddress.serialize(serializer);
+    this.keylessPublicKey.serialize(serializer);
+  }
+
+  static deserialize(deserializer: Deserializer): FederatedKeylessPublicKey {
+    const jwkAddress = AccountAddress.deserialize(deserializer);
+    const keylessPublicKey = KeylessPublicKey.deserialize(deserializer);
+    return new FederatedKeylessPublicKey(jwkAddress, keylessPublicKey);
+  }
+
+  static isPublicKey(publicKey: PublicKey): publicKey is FederatedKeylessPublicKey {
+    return publicKey instanceof FederatedKeylessPublicKey;
+  }
+
+  /**
+   * Creates a FederatedKeylessPublicKey from the JWT components plus pepper
+   *
+   * @param args.iss the iss of the identity
+   * @param args.uidKey the key to use to get the uidVal in the JWT token
+   * @param args.uidVal the value of the uidKey in the JWT token
+   * @param args.aud the client ID of the application
+   * @param args.pepper The pepper used to maintain privacy of the account
+   * @returns FederatedKeylessPublicKey
+   */
+  static create(args: {
+    iss: string;
+    uidKey: string;
+    uidVal: string;
+    aud: string;
+    pepper: HexInput;
+    jwkAddress: AccountAddressInput;
+  }): FederatedKeylessPublicKey {
+    return new FederatedKeylessPublicKey(args.jwkAddress, KeylessPublicKey.create(args));
+  }
+
+  static fromJwtAndPepper(args: {
+    jwt: string;
+    pepper: HexInput;
+    jwkAddress: AccountAddressInput;
+    uidKey?: string;
+  }): FederatedKeylessPublicKey {
+    return new FederatedKeylessPublicKey(args.jwkAddress, KeylessPublicKey.fromJwtAndPepper(args));
+  }
+
+  static isInstance(publicKey: PublicKey) {
+    return (
+      "jwkAddress" in publicKey &&
+      publicKey.jwkAddress instanceof AccountAddress &&
+      "keylessPublicKey" in publicKey &&
+      publicKey.keylessPublicKey instanceof KeylessPublicKey
+    );
+  }
+}

package/src/core/crypto/index.ts

@@ -6,7 +6,9 @@ export * from "./hdKey";
 export * from "./multiEd25519";
 export * from "./multiKey";
 export * from "./ephemeral";
+export * from "./federatedKeyless";
 export * from "./keyless";
+export * from "./poseidon";
 export * from "./privateKey";
 export * from "./publicKey";
 export * from "./secp256k1";

package/src/core/crypto/keyless.ts

@@ -158,13 +158,14 @@ export class KeylessPublicKey extends AccountPublicKey {
   static fromJwtAndPepper(args: { jwt: string; pepper: HexInput; uidKey?: string }): KeylessPublicKey {
     const { jwt, pepper, uidKey = "sub" } = args;
     const jwtPayload = jwtDecode<JwtPayload & { [key: string]: string }>(jwt);
-    const iss = jwtPayload.iss!;
+    if (typeof jwtPayload.iss !== "string") {
+      throw new Error("iss was not found");
+    }
     if (typeof jwtPayload.aud !== "string") {
       throw new Error("aud was not found or an array of values");
     }
-    const aud = jwtPayload.aud!;
     const uidVal = jwtPayload[uidKey];
-    return KeylessPublicKey.create({ iss, uidKey, uidVal, aud, pepper });
+    return KeylessPublicKey.create({ iss: jwtPayload.iss, uidKey, uidVal, aud: jwtPayload.aud, pepper });
   }
 
   static isInstance(publicKey: PublicKey) {

package/src/core/crypto/poseidon.ts

@@ -98,12 +98,12 @@ export function bytesToBigIntLE(bytes: Uint8Array): bigint {
   return result;
 }
 
-export function bigIntToBytesLE(value: bigint, length: number): Uint8Array {
+export function bigIntToBytesLE(value: bigint | number, length: number): Uint8Array {
+  let val = BigInt(value);
   const bytes = new Uint8Array(length);
   for (let i = 0; i < length; i += 1) {
-    bytes[i] = Number(value & BigInt(0xff));
-    // eslint-disable-next-line no-param-reassign
-    value >>= BigInt(8);
+    bytes[i] = Number(val & BigInt(0xff));
+    val >>= BigInt(8);
   }
   return bytes;
 }

package/src/core/crypto/singleKey.ts

@@ -6,6 +6,7 @@ import { AccountPublicKey, PublicKey, VerifySignatureArgs } from "./publicKey";
 import { Secp256k1PublicKey, Secp256k1Signature } from "./secp256k1";
 import { KeylessPublicKey, KeylessSignature } from "./keyless";
 import { Signature } from "./signature";
+import { FederatedKeylessPublicKey } from "./federatedKeyless";
 
 /**
  * Represents any public key supported by Aptos.
@@ -37,6 +38,8 @@ export class AnyPublicKey extends AccountPublicKey {
       this.variant = AnyPublicKeyVariant.Secp256k1;
     } else if (publicKey instanceof KeylessPublicKey) {
       this.variant = AnyPublicKeyVariant.Keyless;
+    } else if (publicKey instanceof FederatedKeylessPublicKey) {
+      this.variant = AnyPublicKeyVariant.FederatedKeyless;
     } else {
       throw new Error("Unsupported public key type");
     }
@@ -91,6 +94,9 @@ export class AnyPublicKey extends AccountPublicKey {
       case AnyPublicKeyVariant.Keyless:
         publicKey = KeylessPublicKey.deserialize(deserializer);
         break;
+      case AnyPublicKeyVariant.FederatedKeyless:
+        publicKey = FederatedKeylessPublicKey.deserialize(deserializer);
+        break;
       default:
         throw new Error(`Unknown variant index for AnyPublicKey: ${variantIndex}`);
     }

package/src/core/crypto/utils.ts

@@ -12,9 +12,9 @@ export const convertSigningMessage = (message: HexInput): HexInput => {
   // if message is of type string, verify it is a valid Hex string
   if (typeof message === "string") {
     const isValid = Hex.isValid(message);
-    // If message is not a valid Hex string, convert it into a Buffer
+    // If message is not a valid Hex string, convert it
     if (!isValid.valid) {
-      return Buffer.from(message, "utf8");
+      return new TextEncoder().encode(message);
     }
     // If message is a valid Hex string, return it
     return message;

package/src/internal/account.ts

@@ -52,10 +52,9 @@ import {
   GetAccountTransactionsCount,
 } from "../types/generated/queries";
 import { memoizeAsync } from "../utils/memoize";
-import { Secp256k1PrivateKey, AuthenticationKey, Ed25519PrivateKey, createObjectAddress } from "../core";
+import { Secp256k1PrivateKey, AuthenticationKey, Ed25519PrivateKey } from "../core";
 import { CurrentFungibleAssetBalancesBoolExp } from "../types/generated/types";
 import { getTableItem } from "./table";
-import { APTOS_COIN } from "../utils";
 
 export async function getInfo(args: {
   aptosConfig: AptosConfig;
@@ -402,58 +401,6 @@ export async function getAccountTransactionsCount(args: {
   return data.account_transactions_aggregate.aggregate ? data.account_transactions_aggregate.aggregate.count : 0;
 }
 
-export async function getAccountCoinAmount(args: {
-  aptosConfig: AptosConfig;
-  accountAddress: AccountAddressInput;
-  coinType?: MoveStructId;
-  faMetadataAddress?: AccountAddressInput;
-}): Promise<number> {
-  const { aptosConfig, accountAddress, coinType, faMetadataAddress } = args;
-
-  let coinAssetType: string | undefined = coinType;
-  let faAddress: string;
-
-  if (coinType !== undefined && faMetadataAddress !== undefined) {
-    faAddress = AccountAddress.from(faMetadataAddress).toStringLong();
-  } else if (coinType !== undefined && faMetadataAddress === undefined) {
-    // TODO Move to a separate function as defined in the AIP for coin migration
-    if (coinType === APTOS_COIN) {
-      faAddress = AccountAddress.A.toStringLong();
-    } else {
-      faAddress = createObjectAddress(AccountAddress.A, coinType).toStringLong();
-    }
-  } else if (coinType === undefined && faMetadataAddress !== undefined) {
-    const addr = AccountAddress.from(faMetadataAddress);
-    faAddress = addr.toStringLong();
-    if (addr === AccountAddress.A) {
-      coinAssetType = APTOS_COIN;
-    }
-    // The paired CoinType should be populated outside of this function in another
-    // async call. We cannot do this internally due to dependency cycles issue.
-  } else {
-    throw new Error("Either coinType, fungibleAssetAddress, or both must be provided");
-  }
-  const address = AccountAddress.from(accountAddress).toStringLong();
-
-  // Search by fungible asset address, unless it has a coin it migrated from
-  let where: any = { asset_type: { _eq: faAddress } };
-  if (coinAssetType !== undefined) {
-    where = { asset_type: { _in: [coinAssetType, faAddress] } };
-  }
-
-  const data = await getAccountCoinsData({
-    aptosConfig,
-    accountAddress: address,
-    options: {
-      where,
-    },
-  });
-
-  // commonjs (aka cjs) doesnt handle Nullish Coalescing for some reason
-  // might be because of how ts infer the graphql generated scheme type
-  return data[0] ? data[0].amount : 0;
-}
-
 export async function getAccountCoinsData(args: {
   aptosConfig: AptosConfig;
   accountAddress: AccountAddressInput;

package/src/internal/keyless.ts

@@ -7,9 +7,11 @@
  * other namespaces and processes can access these methods without depending on the entire
  * keyless namespace and without having a dependency cycle error.
  */
+import { jwtDecode, JwtPayload } from "jwt-decode";
 import { AptosConfig } from "../api/aptosConfig";
 import { postAptosPepperService, postAptosProvingService } from "../client";
 import {
+  AccountAddressInput,
   EphemeralSignature,
   Groth16Zkp,
   Hex,
@@ -19,10 +21,14 @@ import {
   getKeylessConfig,
 } from "../core";
 import { HexInput, ZkpVariant } from "../types";
-import { EphemeralKeyPair, KeylessAccount, ProofFetchCallback } from "../account";
+import { Account, EphemeralKeyPair, KeylessAccount, ProofFetchCallback } from "../account";
 import { PepperFetchRequest, PepperFetchResponse, ProverRequest, ProverResponse } from "../types/keyless";
-import { nowInSeconds } from "../utils/helpers";
 import { lookupOriginalAccountAddress } from "./account";
+import { FederatedKeylessPublicKey } from "../core/crypto/federatedKeyless";
+import { FederatedKeylessAccount } from "../account/FederatedKeylessAccount";
+import { MoveVector } from "../bcs";
+import { generateTransaction } from "./transactionSubmission";
+import { SimpleTransaction } from "../transactions";
 
 export async function getPepper(args: {
   aptosConfig: AptosConfig;
@@ -63,7 +69,11 @@ export async function getProof(args: {
     throw new Error(`Pepper needs to be ${KeylessAccount.PEPPER_LENGTH} bytes`);
   }
   const { maxExpHorizonSecs } = await getKeylessConfig({ aptosConfig });
-  if (maxExpHorizonSecs < ephemeralKeyPair.expiryDateSecs - nowInSeconds()) {
+  const decodedJwt = jwtDecode<JwtPayload>(jwt);
+  if (typeof decodedJwt.iat !== "number") {
+    throw new Error("iat was not found");
+  }
+  if (maxExpHorizonSecs < ephemeralKeyPair.expiryDateSecs - decodedJwt.iat) {
     throw Error(`The EphemeralKeyPair is too long lived.  It's lifespan must be less than ${maxExpHorizonSecs}`);
   }
   const json = {
@@ -106,8 +116,28 @@ export async function deriveKeylessAccount(args: {
   uidKey?: string;
   pepper?: HexInput;
   proofFetchCallback?: ProofFetchCallback;
-}): Promise<KeylessAccount> {
-  const { aptosConfig, jwt, uidKey, proofFetchCallback, pepper = await getPepper(args) } = args;
+}): Promise<KeylessAccount>;
+
+export async function deriveKeylessAccount(args: {
+  aptosConfig: AptosConfig;
+  jwt: string;
+  ephemeralKeyPair: EphemeralKeyPair;
+  jwkAddress: AccountAddressInput;
+  uidKey?: string;
+  pepper?: HexInput;
+  proofFetchCallback?: ProofFetchCallback;
+}): Promise<FederatedKeylessAccount>;
+
+export async function deriveKeylessAccount(args: {
+  aptosConfig: AptosConfig;
+  jwt: string;
+  ephemeralKeyPair: EphemeralKeyPair;
+  jwkAddress?: AccountAddressInput;
+  uidKey?: string;
+  pepper?: HexInput;
+  proofFetchCallback?: ProofFetchCallback;
+}): Promise<KeylessAccount | FederatedKeylessAccount> {
+  const { aptosConfig, jwt, jwkAddress, uidKey, proofFetchCallback, pepper = await getPepper(args) } = args;
   const proofPromise = getProof({ ...args, pepper });
   // If a callback is provided, pass in the proof as a promise to KeylessAccount.create.  This will make the proof be fetched in the
   // background and the callback will handle the outcome of the fetch.  This allows the developer to not have to block on the proof fetch
@@ -116,14 +146,62 @@ export async function deriveKeylessAccount(args: {
   // If no callback is provided, the just await the proof fetch and continue syncronously.
   const proof = proofFetchCallback ? proofPromise : await proofPromise;
 
-  // Look up the original address to handle key rotations
+  // Look up the original address to handle key rotations and then instantiate the account.
+  if (jwkAddress !== undefined) {
+    const publicKey = FederatedKeylessPublicKey.fromJwtAndPepper({ jwt, pepper, jwkAddress, uidKey });
+    const address = await lookupOriginalAccountAddress({
+      aptosConfig,
+      authenticationKey: publicKey.authKey().derivedAddress(),
+    });
+
+    return FederatedKeylessAccount.create({ ...args, address, proof, pepper, proofFetchCallback, jwkAddress });
+  }
+
   const publicKey = KeylessPublicKey.fromJwtAndPepper({ jwt, pepper, uidKey });
   const address = await lookupOriginalAccountAddress({
     aptosConfig,
     authenticationKey: publicKey.authKey().derivedAddress(),
   });
+  return KeylessAccount.create({ ...args, address, proof, pepper, proofFetchCallback });
+}
 
-  const keylessAccount = KeylessAccount.create({ ...args, address, proof, pepper, proofFetchCallback });
+interface JWK {
+  kty: string; // Key type
+  kid: string; // Key ID
+  alg: string; // Algorithm used with the key
+  n: string; // Modulus (for RSA keys)
+  e: string; // Exponent (for RSA keys)
+}
+
+interface JWKS {
+  keys: JWK[];
+}
 
-  return keylessAccount;
+export async function updateFederatedKeylessJwkSetTransaction(args: {
+  aptosConfig: AptosConfig;
+  sender: Account;
+  iss: string;
+  jwksUrl?: string;
+}): Promise<SimpleTransaction> {
+  const { aptosConfig, sender, iss } = args;
+  const jwksUrl = args.jwksUrl ?? (iss.endsWith("/") ? `${iss}.well-known/jwks.json` : `${iss}/.well-known/jwks.json`);
+  const response = await fetch(jwksUrl);
+  if (!response.ok) {
+    throw new Error(`Failed to fetch JWKS: ${response.status} ${response.statusText}`);
+  }
+  const jwks: JWKS = await response.json();
+  return generateTransaction({
+    aptosConfig,
+    sender: sender.accountAddress,
+    data: {
+      function: "0x1::jwks::update_federated_jwk_set",
+      functionArguments: [
+        iss,
+        MoveVector.MoveString(jwks.keys.map((key) => key.kid)),
+        MoveVector.MoveString(jwks.keys.map((key) => key.alg)),
+        MoveVector.MoveString(jwks.keys.map((key) => key.e)),
+        MoveVector.MoveString(jwks.keys.map((key) => key.n)),
+      ],
+    },
+  });
 }

package/src/internal/transactionSubmission.ts

@@ -8,7 +8,7 @@
 import { AptosConfig } from "../api/aptosConfig";
 import { MoveVector, U8 } from "../bcs";
 import { postAptosFullNode } from "../client";
-import { Account, KeylessAccount, MultiKeyAccount } from "../account";
+import { Account, AbstractKeylessAccount, MultiKeyAccount } from "../account";
 import { AccountAddress, AccountAddressInput } from "../core/accountAddress";
 import { PrivateKey } from "../core/crypto";
 import { AccountAuthenticator } from "../transactions/authenticator/account";
@@ -206,6 +206,24 @@ export function signTransaction(args: { signer: Account; transaction: AnyRawTran
   return signer.signTransactionWithAuthenticator(transaction);
 }
 
+export function signAsFeePayer(args: { signer: Account; transaction: AnyRawTransaction }): AccountAuthenticator {
+  const { signer, transaction } = args;
+
+  // if transaction doesnt hold a "feePayerAddress" prop it means
+  // this is not a fee payer transaction
+  if (!transaction.feePayerAddress) {
+    throw new Error(`Transaction ${transaction} is not a Fee Payer transaction`);
+  }
+
+  // Set the feePayerAddress to the signer account address
+  transaction.feePayerAddress = signer.accountAddress;
+
+  return signTransaction({
+    signer,
+    transaction,
+  });
+}
+
 /**
  * Simulates a transaction before singing it.
  *
@@ -268,23 +286,58 @@ export async function submitTransaction(
   });
   return data;
 }
+export type FeePayerOrFeePayerAuthenticatorOrNeither =
+  | { feePayer: Account; feePayerAuthenticator?: never }
+  | { feePayer?: never; feePayerAuthenticator: AccountAuthenticator }
+  | { feePayer?: never; feePayerAuthenticator?: never };
 
-export async function signAndSubmitTransaction(args: {
-  aptosConfig: AptosConfig;
-  signer: Account;
-  transaction: AnyRawTransaction;
-}): Promise<PendingTransactionResponse> {
-  const { aptosConfig, signer, transaction } = args;
+export async function signAndSubmitTransaction(
+  args: FeePayerOrFeePayerAuthenticatorOrNeither & {
+    aptosConfig: AptosConfig;
+    signer: Account;
+    transaction: AnyRawTransaction;
+  },
+): Promise<PendingTransactionResponse> {
+  const { aptosConfig, signer, feePayer, transaction } = args;
   // If the signer contains a KeylessAccount, await proof fetching in case the proof
   // was fetched asyncronously.
-  if (signer instanceof KeylessAccount || signer instanceof MultiKeyAccount) {
+  if (signer instanceof AbstractKeylessAccount || signer instanceof MultiKeyAccount) {
     await signer.waitForProofFetch();
   }
-  const authenticator = signTransaction({ signer, transaction });
+  if (feePayer instanceof AbstractKeylessAccount || feePayer instanceof MultiKeyAccount) {
+    await feePayer.waitForProofFetch();
+  }
+  const feePayerAuthenticator =
+    args.feePayerAuthenticator || (feePayer && signAsFeePayer({ signer: feePayer, transaction }));
+
+  const senderAuthenticator = signTransaction({ signer, transaction });
+  return submitTransaction({
+    aptosConfig,
+    transaction,
+    senderAuthenticator,
+    feePayerAuthenticator,
+  });
+}
+
+export async function signAndSubmitAsFeePayer(args: {
+  aptosConfig: AptosConfig;
+  feePayer: Account;
+  senderAuthenticator: AccountAuthenticator;
+  transaction: AnyRawTransaction;
+}): Promise<PendingTransactionResponse> {
+  const { aptosConfig, senderAuthenticator, feePayer, transaction } = args;
+
+  if (feePayer instanceof AbstractKeylessAccount || feePayer instanceof MultiKeyAccount) {
+    await feePayer.waitForProofFetch();
+  }
+
+  const feePayerAuthenticator = signAsFeePayer({ signer: feePayer, transaction });
+
   return submitTransaction({
     aptosConfig,
     transaction,
-    senderAuthenticator: authenticator,
+    senderAuthenticator,
+    feePayerAuthenticator,
   });
 }
 

package/src/transactions/transactionBuilder/transactionBuilder.ts

@@ -9,7 +9,14 @@
 import { sha3_256 as sha3Hash } from "@noble/hashes/sha3";
 import { AptosConfig } from "../../api/aptosConfig";
 import { AccountAddress, AccountAddressInput, Hex, PublicKey } from "../../core";
-import { AnyPublicKey, AnySignature, KeylessPublicKey, KeylessSignature, Secp256k1PublicKey } from "../../core/crypto";
+import {
+  AnyPublicKey,
+  AnySignature,
+  KeylessPublicKey,
+  KeylessSignature,
+  Secp256k1PublicKey,
+  FederatedKeylessPublicKey,
+} from "../../core/crypto";
 import { Ed25519PublicKey, Ed25519Signature } from "../../core/crypto/ed25519";
 import { getInfo } from "../../internal/account";
 import { getLedgerInfo } from "../../internal/general";
@@ -445,25 +452,29 @@ export function generateSignedTransactionForSimulation(args: InputSimulateTransa
 }
 
 export function getAuthenticatorForSimulation(publicKey: PublicKey) {
+  // Wrap the public key types below with AnyPublicKey as they are only support through single sender.
+  // Learn more about AnyPublicKey here - https://github.com/aptos-foundation/AIPs/blob/main/aips/aip-55.md
+  const convertToAnyPublicKey =
+    KeylessPublicKey.isInstance(publicKey) ||
+    FederatedKeylessPublicKey.isInstance(publicKey) ||
+    Secp256k1PublicKey.isInstance(publicKey);
+  const accountPublicKey = convertToAnyPublicKey ? new AnyPublicKey(publicKey) : publicKey;
+
   // No need to for the signature to be matching in scheme. All that matters for simulations is that it's not valid
   const invalidSignature = new Ed25519Signature(new Uint8Array(64));
 
-  if (Ed25519PublicKey.isInstance(publicKey)) {
-    return new AccountAuthenticatorEd25519(publicKey, invalidSignature);
+  if (Ed25519PublicKey.isInstance(accountPublicKey)) {
+    return new AccountAuthenticatorEd25519(accountPublicKey, invalidSignature);
   }
 
-  if (AnyPublicKey.isInstance(publicKey)) {
-    if (KeylessPublicKey.isInstance(publicKey.publicKey)) {
-      return new AccountAuthenticatorSingleKey(publicKey, new AnySignature(KeylessSignature.getSimulationSignature()));
+  if (AnyPublicKey.isInstance(accountPublicKey)) {
+    if (KeylessPublicKey.isInstance(accountPublicKey.publicKey)) {
+      return new AccountAuthenticatorSingleKey(
+        accountPublicKey,
+        new AnySignature(KeylessSignature.getSimulationSignature()),
+      );
     }
-    return new AccountAuthenticatorSingleKey(publicKey, new AnySignature(invalidSignature));
-  }
-
-  // TODO: remove this, non-account public keys should never make it here
-  if (KeylessPublicKey.isInstance(publicKey) || Secp256k1PublicKey.isInstance(publicKey)) {
-    // eslint-disable-next-line no-console
-    console.warn("Expected AccountPublicKey, but got PublicKey. Please wrap your public key with AnyPublicKey.");
-    return new AccountAuthenticatorSingleKey(new AnyPublicKey(publicKey), new AnySignature(invalidSignature));
+    return new AccountAuthenticatorSingleKey(accountPublicKey, new AnySignature(invalidSignature));
   }
 
   // TODO add support for AnyMultiKey