@account-kit/signer 4.0.0-beta.6 → 4.0.0-beta.7

package/dist/esm/client/index.d.ts

@@ -1,3 +1,4 @@
+import { BaseError } from "@aa-sdk/core";
 import { z } from "zod";
 import { BaseSignerClient } from "./base.js";
 import type { AlchemySignerClientEvents, CreateAccountParams, CredentialCreationOptionOverrides, EmailAuthParams, ExportWalletParams, OauthConfig, User } from "./types.js";
@@ -379,3 +380,21 @@ export declare class AlchemySignerWebClient extends BaseSignerClient<ExportWalle
     protected getOauthConfig: () => Promise<OauthConfig>;
     private getOauthConfigForMode;
 }
+/**
+ * This error is thrown when the OAuth flow is cancelled because the auth popup
+ * window was closed.
+ */
+export declare class OauthCancelledError extends BaseError {
+    name: string;
+    /**
+     * Constructor for initializing an error indicating that the OAuth flow was
+     * cancelled.
+     */
+    constructor();
+}
+/**
+ * This error is thrown when an error occurs during the OAuth login flow.
+ */
+export declare class OauthFailedError extends BaseError {
+    name: string;
+}

package/dist/esm/client/index.js

@@ -1,4 +1,4 @@
-import { ConnectionConfigSchema } from "@aa-sdk/core";
+import { BaseError, ConnectionConfigSchema } from "@aa-sdk/core";
 import { getWebAuthnAttestation } from "@turnkey/http";
 import { IframeStamper } from "@turnkey/iframe-stamper";
 import { WebauthnStamper } from "@turnkey/webauthn-stamper";
@@ -417,21 +417,27 @@ export class AlchemySignerWebClient extends BaseSignerClient {
                         if (!event.data) {
                             return;
                         }
-                        const { alchemyBundle: bundle, alchemyOrgId: orgId } = event.data;
+                        const { alchemyBundle: bundle, alchemyOrgId: orgId, alchemyError, } = event.data;
                         if (bundle && orgId) {
                             cleanup();
+                            popup?.close();
                             this.completeAuthWithBundle({
                                 bundle,
                                 orgId,
                                 connectedEventName: "connectedOauth",
                             }).then(resolve, reject);
                         }
+                        else if (alchemyError) {
+                            cleanup();
+                            popup?.close();
+                            reject(new OauthFailedError(alchemyError));
+                        }
                     };
                     window.addEventListener("message", handleMessage);
                     const checkCloseIntervalId = setInterval(() => {
                         if (popup?.closed) {
                             cleanup();
-                            reject(new Error("OAuth cancelled"));
+                            reject(new OauthCancelledError());
                         }
                     }, CHECK_CLOSE_INTERVAL);
                     const cleanup = () => {
@@ -446,7 +452,7 @@ export class AlchemySignerWebClient extends BaseSignerClient {
             configurable: true,
             writable: true,
             value: async (args) => {
-                const { authProviderId, isCustomProvider, scope: providedScope, claims: providedClaims, mode, redirectUrl, expirationSeconds, } = args;
+                const { authProviderId, isCustomProvider, auth0Connection, scope: providedScope, claims: providedClaims, mode, redirectUrl, expirationSeconds, } = args;
                 const { codeChallenge, requestKey, authProviders } = await this.getOauthConfigForMode(mode);
                 const authProvider = authProviders.find((provider) => provider.id === authProviderId &&
                     !!provider.isCustomProvider === !!isCustomProvider);
@@ -497,6 +503,9 @@ export class AlchemySignerWebClient extends BaseSignerClient {
                 if (claims) {
                     params.claims = claims;
                 }
+                if (auth0Connection) {
+                    params.connection = auth0Connection;
+                }
                 authUrl.search = new URLSearchParams(params).toString();
                 return authUrl.toString();
             }
@@ -624,4 +633,37 @@ function resolveRelativeUrl(url) {
     a.href = url;
     return a.href;
 }
+/**
+ * This error is thrown when the OAuth flow is cancelled because the auth popup
+ * window was closed.
+ */
+export class OauthCancelledError extends BaseError {
+    /**
+     * Constructor for initializing an error indicating that the OAuth flow was
+     * cancelled.
+     */
+    constructor() {
+        super("OAuth cancelled");
+        Object.defineProperty(this, "name", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: "OauthCancelledError"
+        });
+    }
+}
+/**
+ * This error is thrown when an error occurs during the OAuth login flow.
+ */
+export class OauthFailedError extends BaseError {
+    constructor() {
+        super(...arguments);
+        Object.defineProperty(this, "name", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: "OauthFailedError"
+        });
+    }
+}
 //# sourceMappingURL=index.js.map

package/dist/esm/client/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/client/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AACtD,OAAO,EAAE,sBAAsB,EAAE,MAAM,eAAe,CAAC;AACvD,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAC5D,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,kCAAkC,CAAC;AACxE,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAW7C,OAAO,EAAE,wBAAwB,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAGtE,MAAM,oBAAoB,GAAG,GAAG,CAAC;AAEjC,MAAM,CAAC,MAAM,+BAA+B,GAAG,CAAC,CAAC,MAAM,CAAC;IACtD,UAAU,EAAE,sBAAsB;IAClC,YAAY,EAAE,CAAC,CAAC,MAAM,CAAC;QACrB,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,gBAAgB,CAAC;QACrD,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE;KAC9B,CAAC;IACF,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,SAAS,EAAE,CAAC;SACT,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,OAAO,CAAC,sCAAsC,CAAC;IAClD,gBAAgB,EAAE,CAAC;SAChB,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,OAAO,CAAC,qCAAqC,CAAC;IACjD,gBAAgB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;CACxD,CAAC,CAAC;AAgBH;;;GAGG;AACH,MAAM,OAAO,sBAAuB,SAAQ,gBAAoC;IAM9E;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACH,YAAY,MAAiC;QAC3C,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,IAAI,EAAE,SAAS,EAAE,gBAAgB,EAAE,GACnE,+BAA+B,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAEhD,MAAM,aAAa,GAAG,IAAI,aAAa,CAAC;YACtC,eAAe,EAAE,YAAY,CAAC,eAAe;YAC7C,SAAS,EAAE,0BAA0B;YACrC,eAAe,EAAE,QAAQ,CAAC,cAAc,CAAC,YAAY,CAAC,iBAAiB,CAAC;SACzE,CAAC,CAAC;QAEH,KAAK,CAAC;YACJ,UAAU;YACV,SAAS;YACT,OAAO,EAAE,aAAa;SACvB,CAAC,CAAC;QA1CG;;;;;WAA6B;QAC7B;;;;;WAAiC;QACzC;;;;;WAAyB;QACzB;;;;;WAA0B;QAmD1B;;;;;;;;;;;;;;;;;;;;;WAqBG;QACa;;;;mBAAgB,KAAK,EAAE,MAA2B,EAAE,EAAE;gBACpE,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;gBACzC,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;oBAC5B,MAAM,EAAE,KAAK,EAAE,iBAAiB,EAAE,GAAG,MAAM,CAAC;oBAC5C,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;oBAEjD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE;wBAChD,KAAK;wBACL,eAAe,EAAE,SAAS;wBAC1B,iBAAiB;wBACjB,cAAc,EAAE,MAAM,CAAC,cAAc,EAAE,QAAQ,EAAE;qBAClD,CAAC,CAAC;oBAEH,OAAO,QAAQ,CAAC;gBAClB,CAAC;gBAED,gCAAgC;gBAChC,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAClE,MAAM,CAAC,YAAY,EACnB,EAAE,QAAQ,EAAE,OAAO,IAAI,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,EAAE,CACjE,CAAC;gBAEF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE;oBAC9C,OAAO,EAAE;wBACP,SAAS,EAAE,eAAe,CAAC,SAAS,CAAC;wBACrC,WAAW;qBACZ;oBACD,KAAK,EAAE,OAAO,IAAI,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;iBACpD,CAAC,CAAC;gBAEH,IAAI,CAAC,IAAI,GAAG;oBACV,KAAK,EAAE,MAAM,CAAC,KAAK;oBACnB,OAAO,EAAE,MAAM,CAAC,OAAQ;oBACxB,MAAM,EAAE,MAAM,CAAC,MAAO;oBACtB,YAAY,EAAE,WAAW,CAAC,YAAY;iBACvC,CAAC;gBACF,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACpC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,kBAAkB,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;gBAEtD,OAAO,MAAM,CAAC;YAChB,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;;WAsBG;QACa;;;;mBAAgB,KAAK,EACnC,MAAgD,EAChD,EAAE;gBACF,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;gBACzC,MAAM,EAAE,KAAK,EAAE,iBAAiB,EAAE,GAAG,MAAM,CAAC;gBAC5C,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBAEjD,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE;oBAC9B,KAAK;oBACL,eAAe,EAAE,SAAS;oBAC1B,iBAAiB;oBACjB,cAAc,EAAE,MAAM,CAAC,cAAc,EAAE,QAAQ,EAAE;iBAClD,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;WAqBG;QACa;;;;mBAAyB,KAAK,EAAE,EAC9C,MAAM,EACN,KAAK,EACL,kBAAkB,GAKnB,EAAiB,EAAE;gBAClB,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;gBACzC,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBAE/B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC;gBAEvE,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;gBACxD,CAAC;gBAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBACtC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,kBAAkB,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;gBAEzD,OAAO,IAAI,CAAC;YACd,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;WAqBG;QACa;;;;mBAAwB,KAAK,EAC3C,OAAyB,SAAS,EAClC,EAAE;gBACF,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;gBACzC,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;gBACrC,IAAI,IAAI,EAAE,CAAC;oBACT,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;oBACjB,OAAO,IAAI,CAAC;gBACd,CAAC;gBAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAC/C,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;gBACvC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,kBAAkB,EAAE,MAAM,CAAC,CAAC;gBAEnD,OAAO,MAAM,CAAC;YAChB,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;;;;;;WA0BG;QACa;;;;mBAAe,KAAK,EAAE,EACpC,iBAAiB,EACjB,eAAe,GAAG,uBAAuB,GACtB,EAAE,EAAE;gBACvB,MAAM,yBAAyB,GAAG,IAAI,aAAa,CAAC;oBAClD,eAAe,EAAE,QAAQ,CAAC,cAAc,CAAC,iBAAiB,CAAC;oBAC3D,eAAe,EAAE,eAAe;oBAChC,SAAS,EAAE,4BAA4B;iBACxC,CAAC,CAAC;gBACH,MAAM,yBAAyB,CAAC,IAAI,EAAE,CAAC;gBAEvC,IAAI,IAAI,CAAC,aAAa,CAAC,OAAO,KAAK,IAAI,CAAC,aAAa,EAAE,CAAC;oBACtD,OAAO,IAAI,CAAC,iBAAiB,CAAC;wBAC5B,aAAa,EAAE,yBAAyB;wBACxC,QAAQ,EAAE,aAAa;qBACxB,CAAC,CAAC;gBACL,CAAC;gBAED,OAAO,IAAI,CAAC,iBAAiB,CAAC;oBAC5B,aAAa,EAAE,yBAAyB;oBACxC,QAAQ,EAAE,aAAa;iBACxB,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;WAkBG;QACa;;;;mBAAa,KAAK,IAAI,EAAE;gBACtC,IAAI,CAAC,IAAI,GAAG,SAAS,CAAC;gBACtB,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,CAAC;YAC7B,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;;;;;;WA0BG;QACa;;;;mBAAoB,KAAK,EACvC,IAA8D,EAC9C,EAAE;gBAClB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;gBACzD,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,WAAW,CAAC;gBACnC,OAAO,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,CAC/B,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,sCAAsC,CAAC,EAAE,IAAI,CAAC,CACvE,CAAC;YACJ,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;;;;;WAyBG;QACa;;;;mBAAiB,KAAK,EACpC,IAA2D,EAC5C,EAAE;gBACjB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;gBACzD,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CACvB,WAAW,EACX,QAAQ,EACR,4BAA4B,CAC7B,CAAC;gBACF,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;oBACrC,MAAM,aAAa,GAAG,CAAC,KAAmB,EAAE,EAAE;wBAC5C,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;4BAChB,OAAO;wBACT,CAAC;wBACD,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,YAAY,EAAE,KAAK,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC;wBAClE,IAAI,MAAM,IAAI,KAAK,EAAE,CAAC;4BACpB,OAAO,EAAE,CAAC;4BACV,IAAI,CAAC,sBAAsB,CAAC;gCAC1B,MAAM;gCACN,KAAK;gCACL,kBAAkB,EAAE,gBAAgB;6BACrC,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;wBAC3B,CAAC;oBACH,CAAC,CAAC;oBAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;oBAElD,MAAM,oBAAoB,GAAG,WAAW,CAAC,GAAG,EAAE;wBAC5C,IAAI,KAAK,EAAE,MAAM,EAAE,CAAC;4BAClB,OAAO,EAAE,CAAC;4BACV,MAAM,CAAC,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC;wBACvC,CAAC;oBACH,CAAC,EAAE,oBAAoB,CAAC,CAAC;oBAEzB,MAAM,OAAO,GAAG,GAAG,EAAE;wBACnB,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;wBACrD,aAAa,CAAC,oBAAoB,CAAC,CAAC;oBACtC,CAAC,CAAC;gBACJ,CAAC,CAAC,CAAC;YACL,CAAC;WAAC;QAEM;;;;mBAAsB,KAAK,EAAE,IAAiB,EAAmB,EAAE;gBACzE,MAAM,EACJ,cAAc,EACd,gBAAgB,EAChB,KAAK,EAAE,aAAa,EACpB,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,WAAW,EACX,iBAAiB,GAClB,GAAG,IAAI,CAAC;gBACT,MAAM,EAAE,aAAa,EAAE,UAAU,EAAE,aAAa,EAAE,GAChD,MAAM,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC;gBACzC,MAAM,YAAY,GAAG,aAAa,CAAC,IAAI,CACrC,CAAC,QAAQ,EAAE,EAAE,CACX,QAAQ,CAAC,EAAE,KAAK,cAAc;oBAC9B,CAAC,CAAC,QAAQ,CAAC,gBAAgB,KAAK,CAAC,CAAC,gBAAgB,CACrD,CAAC;gBACF,IAAI,CAAC,YAAY,EAAE,CAAC;oBAClB,MAAM,IAAI,KAAK,CAAC,kCAAkC,cAAc,EAAE,CAAC,CAAC;gBACtE,CAAC;gBACD,IAAI,KAAa,CAAC;gBAClB,IAAI,MAA0B,CAAC;gBAC/B,IAAI,aAAa,EAAE,CAAC;oBAClB,KAAK,GAAG,aAAa,CAAC;oBACtB,MAAM,GAAG,cAAc,CAAC;gBAC1B,CAAC;qBAAM,CAAC;oBACN,IAAI,gBAAgB,EAAE,CAAC;wBACrB,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;oBAClE,CAAC;oBACD,MAAM,cAAc,GAAG,wBAAwB,CAAC,cAAc,CAAC,CAAC;oBAChE,IAAI,CAAC,cAAc,EAAE,CAAC;wBACpB,MAAM,IAAI,KAAK,CACb,wCAAwC,cAAc,EAAE,CACzD,CAAC;oBACJ,CAAC;oBACD,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,cAAc,CAAC,CAAC;gBACvC,CAAC;gBACD,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,YAAY,CAAC;gBAChD,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBACxD,MAAM,KAAK,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAC;gBAC9C,MAAM,WAAW,GAAe;oBAC9B,cAAc;oBACd,gBAAgB;oBAChB,UAAU;oBACV,gBAAgB;oBAChB,iBAAiB;oBACjB,WAAW,EACT,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,SAAS;oBACnE,YAAY,EAAE,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;iBACpE,CAAC;gBACF,MAAM,KAAK,GAAG,eAAe,CAC3B,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,CACtD,CAAC;gBACF,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC;gBACtC,MAAM,MAAM,GAA2B;oBACrC,YAAY,EAAE,IAAI,CAAC,gBAAgB;oBACnC,aAAa,EAAE,MAAM;oBACrB,KAAK;oBACL,KAAK;oBACL,cAAc,EAAE,aAAa;oBAC7B,qBAAqB,EAAE,MAAM;oBAC7B,MAAM,EAAE,gBAAgB;oBACxB,SAAS,EAAE,QAAQ;oBACnB,KAAK;iBACN,CAAC;gBACF,IAAI,MAAM,EAAE,CAAC;oBACX,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC;gBACzB,CAAC;gBACD,OAAO,CAAC,MAAM,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;gBACxD,OAAO,OAAO,CAAC,QAAQ,EAAE,CAAC;YAC5B,CAAC;WAAC;QAEM;;;;mBAAoB,KAAK,IAAI,EAAE;gBACrC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,EAAE,CAAC;oBACpC,MAAM,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;gBAClC,CAAC;gBAED,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;gBAEpC,OAAO,IAAI,CAAC,aAAa,CAAC,SAAS,EAAG,CAAC;YACzC,CAAC;WAAC;QAEM;;;;mBAAsB,KAAK,EAAE,OAAyB,IAAI,CAAC,IAAI,EAAE,EAAE;gBACzE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;gBACtC,IAAI,IAAI,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;oBAC9B,+GAA+G;oBAC/G,IAAI,CAAC,eAAe,CAAC,gBAAgB,GAAG;wBACtC;4BACE,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC;4BAC5C,IAAI,EAAE,YAAY;4BAClB,UAAU,EAAE,CAAC,UAAU,EAAE,QAAQ,CAAC;yBACnC;qBACF,CAAC;gBACJ,CAAC;YACH,CAAC;WAAC;QAEiB;;;;mBAAyB,KAAK,EAC/C,OAA2C,EAC3C,cAAoC;gBAClC,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,KAAK,IAAI,WAAW;aAC1C,EACD,EAAE;gBACF,MAAM,SAAS,GAAG,oBAAoB,EAAE,CAAC;gBACzC,MAAM,mBAAmB,GAAG,oBAAoB,EAAE,CAAC;gBAEnD,MAAM,WAAW,GAAG,MAAM,sBAAsB,CAAC;oBAC/C,SAAS,EAAE;wBACT,GAAG,OAAO,EAAE,SAAS;wBACrB,sBAAsB,EAAE;4BACtB,WAAW,EAAE,WAAW;4BACxB,kBAAkB,EAAE,KAAK;4BACzB,gBAAgB,EAAE,WAAW;4BAC7B,GAAG,OAAO,EAAE,SAAS,EAAE,sBAAsB;yBAC9C;wBACD,SAAS;wBACT,EAAE,EAAE;4BACF,EAAE,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ;4BAC5B,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ;4BAC9B,GAAG,OAAO,EAAE,SAAS,EAAE,EAAE;yBAC1B;wBACD,gBAAgB,EAAE;4BAChB;gCACE,IAAI,EAAE,YAAY;gCAClB,GAAG,EAAE,CAAC,CAAC;6BACR;4BACD;gCACE,IAAI,EAAE,YAAY;gCAClB,GAAG,EAAE,CAAC,GAAG;6BACV;yBACF;wBACD,IAAI,EAAE;4BACJ,EAAE,EAAE,mBAAmB;4BACvB,IAAI,EAAE,WAAW,CAAC,QAAQ;4BAC1B,WAAW,EAAE,WAAW,CAAC,QAAQ;4BACjC,GAAG,OAAO,EAAE,SAAS,EAAE,IAAI;yBAC5B;qBACF;oBACD,MAAM,EAAE,OAAO,EAAE,MAAM;iBACxB,CAAC,CAAC;gBAEH,4EAA4E;gBAC5E,IAAI,WAAW,CAAC,UAAU,IAAI,IAAI,IAAI,WAAW,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAC1E,WAAW,CAAC,UAAU,GAAG;wBACvB,kCAAkC;wBAClC,gCAAgC;qBACjC,CAAC;gBACJ,CAAC;gBAED,OAAO,EAAE,SAAS,EAAE,mBAAmB,EAAE,WAAW,EAAE,CAAC;YACzD,CAAC;WAAC;QAEiB;;;;mBAAiB,KAAK,IAA0B,EAAE;gBACnE,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBACjD,MAAM,KAAK,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC;gBACvC,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YACtD,CAAC;WAAC;QAEM;;;;mBAAwB,KAAK,EACnC,IAAe,EACO,EAAE;gBACxB,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;oBACrB,OAAO,IAAI,CAAC,WAAW,CAAC;gBAC1B,CAAC;qBAAM,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;oBAC/B,OAAO,IAAI,CAAC,SAAS,EAAE,CAAC;gBAC1B,CAAC;qBAAM,CAAC;oBACN,MAAM,IAAI,KAAK,CACb,+HAA+H,CAChI,CAAC;gBACJ,CAAC;YACH,CAAC;WAAC;QAjiBA,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QACnC,IAAI,CAAC,iBAAiB,GAAG,YAAY,CAAC,iBAAiB,CAAC;QAExD,IAAI,CAAC,eAAe,GAAG,IAAI,eAAe,CAAC;YACzC,IAAI,EAAE,IAAI,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ;SACvC,CAAC,CAAC;QAEH,IAAI,CAAC,gBAAgB,GAAG,gBAAgB,CAAC;IAC3C,CAAC;CA0hBF;AAED,SAAS,kBAAkB,CAAC,GAAW;IACrC,eAAe;IACf,MAAM,CAAC,GAAG,QAAQ,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;IACtC,CAAC,CAAC,IAAI,GAAG,GAAG,CAAC;IACb,OAAO,CAAC,CAAC,IAAI,CAAC;AAChB,CAAC","sourcesContent":["import { ConnectionConfigSchema } from \"@aa-sdk/core\";\nimport { getWebAuthnAttestation } from \"@turnkey/http\";\nimport { IframeStamper } from \"@turnkey/iframe-stamper\";\nimport { WebauthnStamper } from \"@turnkey/webauthn-stamper\";\nimport { z } from \"zod\";\nimport { base64UrlEncode } from \"../utils/base64UrlEncode.js\";\nimport { generateRandomBuffer } from \"../utils/generateRandomBuffer.js\";\nimport { BaseSignerClient } from \"./base.js\";\nimport type {\n  AlchemySignerClientEvents,\n  CreateAccountParams,\n  CredentialCreationOptionOverrides,\n  EmailAuthParams,\n  ExportWalletParams,\n  OauthConfig,\n  OauthParams,\n  User,\n} from \"./types.js\";\nimport { getDefaultScopeAndClaims, getOauthNonce } from \"../oauth.js\";\nimport type { AuthParams, OauthMode } from \"../signer.js\";\n\nconst CHECK_CLOSE_INTERVAL = 500;\n\nexport const AlchemySignerClientParamsSchema = z.object({\n  connection: ConnectionConfigSchema,\n  iframeConfig: z.object({\n    iframeElementId: z.string().default(\"turnkey-iframe\"),\n    iframeContainerId: z.string(),\n  }),\n  rpId: z.string().optional(),\n  rootOrgId: z\n    .string()\n    .optional()\n    .default(\"24c1acf5-810f-41e0-a503-d5d13fa8e830\"),\n  oauthCallbackUrl: z\n    .string()\n    .optional()\n    .default(\"https://signer.alchemy.com/callback\"),\n  enablePopupOauth: z.boolean().optional().default(false),\n});\n\nexport type AlchemySignerClientParams = z.input<\n  typeof AlchemySignerClientParamsSchema\n>;\n\ntype OauthState = {\n  authProviderId: string;\n  isCustomProvider?: boolean;\n  requestKey: string;\n  turnkeyPublicKey: string;\n  expirationSeconds?: number;\n  redirectUrl?: string;\n  openerOrigin?: string;\n};\n\n/**\n * A lower level client used by the AlchemySigner used to communicate with\n * Alchemy's signer service.\n */\nexport class AlchemySignerWebClient extends BaseSignerClient<ExportWalletParams> {\n  private iframeStamper: IframeStamper;\n  private webauthnStamper: WebauthnStamper;\n  oauthCallbackUrl: string;\n  iframeContainerId: string;\n\n  /**\n   * Initializes a new instance with the given parameters, setting up the connection, iframe configuration, and WebAuthn stamper.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   * ```\n   *\n   * @param {AlchemySignerClientParams} params the parameters required to initialize the client\n   * @param {ConnectionConfig} params.connection The connection details needed to connect to the service\n   * @param {{ iframeElementId?: string; iframeContainerId: string }} params.iframeConfig The configuration details for setting up the iframe stamper\n   * @param {string} params.rpId The relying party ID, defaulting to the current hostname if not provided\n   * @param {string} params.rootOrgId The root organization ID\n   */\n  constructor(params: AlchemySignerClientParams) {\n    const { connection, iframeConfig, rpId, rootOrgId, oauthCallbackUrl } =\n      AlchemySignerClientParamsSchema.parse(params);\n\n    const iframeStamper = new IframeStamper({\n      iframeElementId: iframeConfig.iframeElementId,\n      iframeUrl: \"https://auth.turnkey.com\",\n      iframeContainer: document.getElementById(iframeConfig.iframeContainerId),\n    });\n\n    super({\n      connection,\n      rootOrgId,\n      stamper: iframeStamper,\n    });\n\n    this.iframeStamper = iframeStamper;\n    this.iframeContainerId = iframeConfig.iframeContainerId;\n\n    this.webauthnStamper = new WebauthnStamper({\n      rpId: rpId ?? window.location.hostname,\n    });\n\n    this.oauthCallbackUrl = oauthCallbackUrl;\n  }\n\n  /**\n   * Authenticates the user by either email or passkey account creation flow. Emits events during the process.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * const account = await client.createAccount({ type: \"email\", email: \"you@mail.com\" });\n   * ```\n   *\n   * @param {CreateAccountParams} params The parameters for creating an account, including the type (email or passkey) and additional details.\n   * @returns {Promise<SignupResponse>} A promise that resolves with the response object containing the account creation result.\n   */\n  public override createAccount = async (params: CreateAccountParams) => {\n    this.eventEmitter.emit(\"authenticating\");\n    if (params.type === \"email\") {\n      const { email, expirationSeconds } = params;\n      const publicKey = await this.initIframeStamper();\n\n      const response = await this.request(\"/v1/signup\", {\n        email,\n        targetPublicKey: publicKey,\n        expirationSeconds,\n        redirectParams: params.redirectParams?.toString(),\n      });\n\n      return response;\n    }\n\n    // Passkey account creation flow\n    const { attestation, challenge } = await this.getWebAuthnAttestation(\n      params.creationOpts,\n      { username: \"email\" in params ? params.email : params.username }\n    );\n\n    const result = await this.request(\"/v1/signup\", {\n      passkey: {\n        challenge: base64UrlEncode(challenge),\n        attestation,\n      },\n      email: \"email\" in params ? params.email : undefined,\n    });\n\n    this.user = {\n      orgId: result.orgId,\n      address: result.address!,\n      userId: result.userId!,\n      credentialId: attestation.credentialId,\n    };\n    this.initWebauthnStamper(this.user);\n    this.eventEmitter.emit(\"connectedPasskey\", this.user);\n\n    return result;\n  };\n\n  /**\n   * Begin authenticating a user with their email and an expiration time for the authentication request. Initializes the iframe stamper to get the target public key.\n   * This method sends an email to the user to complete their login\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * const account = await client.initEmailAuth({ email: \"you@mail.com\" });\n   * ```\n   *\n   * @param {Omit<EmailAuthParams, \"targetPublicKey\">} params The parameters for email authentication, excluding the target public key\n   * @returns {Promise<any>} The response from the authentication request\n   */\n  public override initEmailAuth = async (\n    params: Omit<EmailAuthParams, \"targetPublicKey\">\n  ) => {\n    this.eventEmitter.emit(\"authenticating\");\n    const { email, expirationSeconds } = params;\n    const publicKey = await this.initIframeStamper();\n\n    return this.request(\"/v1/auth\", {\n      email,\n      targetPublicKey: publicKey,\n      expirationSeconds,\n      redirectParams: params.redirectParams?.toString(),\n    });\n  };\n\n  /**\n   * Completes auth for the user by injecting a credential bundle and retrieving the user information based on the provided organization ID. Emits events during the process.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * const account = await client.completeAuthWithBundle({ orgId: \"user-org-id\", bundle: \"bundle-from-email\", connectedEventName: \"connectedEmail\" });\n   * ```\n   *\n   * @param {{ bundle: string; orgId: string }} config The configuration object for the authentication function containing the credential bundle to inject and the organization id associated with the user\n   * @returns {Promise<User>} A promise that resolves to the authenticated user information\n   */\n  public override completeAuthWithBundle = async ({\n    bundle,\n    orgId,\n    connectedEventName,\n  }: {\n    bundle: string;\n    orgId: string;\n    connectedEventName: keyof AlchemySignerClientEvents;\n  }): Promise<User> => {\n    this.eventEmitter.emit(\"authenticating\");\n    await this.initIframeStamper();\n\n    const result = await this.iframeStamper.injectCredentialBundle(bundle);\n\n    if (!result) {\n      throw new Error(\"Failed to inject credential bundle\");\n    }\n\n    const user = await this.whoami(orgId);\n    this.eventEmitter.emit(connectedEventName, user, bundle);\n\n    return user;\n  };\n\n  /**\n   * Asynchronously handles the authentication process using WebAuthn Stamper. If a user is provided, sets the user and returns it. Otherwise, retrieves the current user and initializes the WebAuthn stamper.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * const account = await client.lookupUserWithPasskey();\n   * ```\n   *\n   * @param {User} [user] An optional user object to authenticate\n   * @returns {Promise<User>} A promise that resolves to the authenticated user object\n   */\n  public override lookupUserWithPasskey = async (\n    user: User | undefined = undefined\n  ) => {\n    this.eventEmitter.emit(\"authenticating\");\n    await this.initWebauthnStamper(user);\n    if (user) {\n      this.user = user;\n      return user;\n    }\n\n    const result = await this.whoami(this.rootOrg);\n    await this.initWebauthnStamper(result);\n    this.eventEmitter.emit(\"connectedPasskey\", result);\n\n    return result;\n  };\n\n  /**\n   * Initiates the export of a wallet by creating an iframe stamper and calling the appropriate export function.\n   * The export can be based on a seed phrase or a private key.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * const account = await client.exportWallet({\n   *  iframeContainerId: \"export-iframe-container\",\n   * });\n   * ```\n   *\n   * @param {ExportWalletParams} config The parameters for exporting the wallet\n   * @param {string} config.iframeContainerId The ID of the container element that will hold the iframe stamper\n   * @param {string} [config.iframeElementId] Optional ID for the iframe element\n   * @returns {Promise<void>} A promise that resolves when the export process is complete\n   */\n  public override exportWallet = async ({\n    iframeContainerId,\n    iframeElementId = \"turnkey-export-iframe\",\n  }: ExportWalletParams) => {\n    const exportWalletIframeStamper = new IframeStamper({\n      iframeContainer: document.getElementById(iframeContainerId),\n      iframeElementId: iframeElementId,\n      iframeUrl: \"https://export.turnkey.com\",\n    });\n    await exportWalletIframeStamper.init();\n\n    if (this.turnkeyClient.stamper === this.iframeStamper) {\n      return this.exportWalletInner({\n        exportStamper: exportWalletIframeStamper,\n        exportAs: \"SEED_PHRASE\",\n      });\n    }\n\n    return this.exportWalletInner({\n      exportStamper: exportWalletIframeStamper,\n      exportAs: \"PRIVATE_KEY\",\n    });\n  };\n\n  /**\n   * Asynchronous function that clears the user and resets the iframe stamper.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * const account = await client.disconnect();\n   * ```\n   */\n  public override disconnect = async () => {\n    this.user = undefined;\n    this.iframeStamper.clear();\n  };\n\n  /**\n   * Redirects the user to the OAuth provider URL based on the provided arguments. This function will always reject after 1 second if the redirection does not occur.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * await client.oauthWithRedirect({\n   *   type: \"oauth\",\n   *   authProviderId: \"google\",\n   *   mode: \"redirect\",\n   *   redirectUrl: \"/\",\n   * });\n   * ```\n   *\n   * @param {Extract<AuthParams, { type: \"oauth\"; mode: \"redirect\" }>} args The arguments required to obtain the OAuth provider URL\n   * @returns {Promise<never>} A promise that will never resolve, only reject if the redirection fails\n   */\n  public override oauthWithRedirect = async (\n    args: Extract<AuthParams, { type: \"oauth\"; mode: \"redirect\" }>\n  ): Promise<never> => {\n    const providerUrl = await this.getOauthProviderUrl(args);\n    window.location.href = providerUrl;\n    return new Promise((_, reject) =>\n      setTimeout(() => reject(\"Failed to redirect to OAuth provider\"), 1000)\n    );\n  };\n\n  /**\n   * Initiates an OAuth authentication flow in a popup window and returns the authenticated user.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * const user = await client.oauthWithPopup({\n   *  type: \"oauth\",\n   *  authProviderId: \"google\",\n   *  mode: \"popup\"\n   * });\n   * ```\n   *\n   * @param {Extract<AuthParams, { type: \"oauth\"; mode: \"popup\" }>} args The authentication parameters specifying OAuth type and popup mode\n   * @returns {Promise<User>} A promise that resolves to a `User` object containing the authenticated user information\n   */\n  public override oauthWithPopup = async (\n    args: Extract<AuthParams, { type: \"oauth\"; mode: \"popup\" }>\n  ): Promise<User> => {\n    const providerUrl = await this.getOauthProviderUrl(args);\n    const popup = window.open(\n      providerUrl,\n      \"_blank\",\n      \"popup,width=500,height=600\"\n    );\n    return new Promise((resolve, reject) => {\n      const handleMessage = (event: MessageEvent) => {\n        if (!event.data) {\n          return;\n        }\n        const { alchemyBundle: bundle, alchemyOrgId: orgId } = event.data;\n        if (bundle && orgId) {\n          cleanup();\n          this.completeAuthWithBundle({\n            bundle,\n            orgId,\n            connectedEventName: \"connectedOauth\",\n          }).then(resolve, reject);\n        }\n      };\n\n      window.addEventListener(\"message\", handleMessage);\n\n      const checkCloseIntervalId = setInterval(() => {\n        if (popup?.closed) {\n          cleanup();\n          reject(new Error(\"OAuth cancelled\"));\n        }\n      }, CHECK_CLOSE_INTERVAL);\n\n      const cleanup = () => {\n        window.removeEventListener(\"message\", handleMessage);\n        clearInterval(checkCloseIntervalId);\n      };\n    });\n  };\n\n  private getOauthProviderUrl = async (args: OauthParams): Promise<string> => {\n    const {\n      authProviderId,\n      isCustomProvider,\n      scope: providedScope,\n      claims: providedClaims,\n      mode,\n      redirectUrl,\n      expirationSeconds,\n    } = args;\n    const { codeChallenge, requestKey, authProviders } =\n      await this.getOauthConfigForMode(mode);\n    const authProvider = authProviders.find(\n      (provider) =>\n        provider.id === authProviderId &&\n        !!provider.isCustomProvider === !!isCustomProvider\n    );\n    if (!authProvider) {\n      throw new Error(`No auth provider found with id ${authProviderId}`);\n    }\n    let scope: string;\n    let claims: string | undefined;\n    if (providedScope) {\n      scope = providedScope;\n      claims = providedClaims;\n    } else {\n      if (isCustomProvider) {\n        throw new Error(\"scope must be provided for a custom provider\");\n      }\n      const scopeAndClaims = getDefaultScopeAndClaims(authProviderId);\n      if (!scopeAndClaims) {\n        throw new Error(\n          `Default scope not known for provider ${authProviderId}`\n        );\n      }\n      ({ scope, claims } = scopeAndClaims);\n    }\n    const { authEndpoint, clientId } = authProvider;\n    const turnkeyPublicKey = await this.initIframeStamper();\n    const nonce = getOauthNonce(turnkeyPublicKey);\n    const stateObject: OauthState = {\n      authProviderId,\n      isCustomProvider,\n      requestKey,\n      turnkeyPublicKey,\n      expirationSeconds,\n      redirectUrl:\n        mode === \"redirect\" ? resolveRelativeUrl(redirectUrl) : undefined,\n      openerOrigin: mode === \"popup\" ? window.location.origin : undefined,\n    };\n    const state = base64UrlEncode(\n      new TextEncoder().encode(JSON.stringify(stateObject))\n    );\n    const authUrl = new URL(authEndpoint);\n    const params: Record<string, string> = {\n      redirect_uri: this.oauthCallbackUrl,\n      response_type: \"code\",\n      scope,\n      state,\n      code_challenge: codeChallenge,\n      code_challenge_method: \"S256\",\n      prompt: \"select_account\",\n      client_id: clientId,\n      nonce,\n    };\n    if (claims) {\n      params.claims = claims;\n    }\n    authUrl.search = new URLSearchParams(params).toString();\n    return authUrl.toString();\n  };\n\n  private initIframeStamper = async () => {\n    if (!this.iframeStamper.publicKey()) {\n      await this.iframeStamper.init();\n    }\n\n    this.setStamper(this.iframeStamper);\n\n    return this.iframeStamper.publicKey()!;\n  };\n\n  private initWebauthnStamper = async (user: User | undefined = this.user) => {\n    this.setStamper(this.webauthnStamper);\n    if (user && user.credentialId) {\n      // The goal here is to allow us to cache the allowed credential, but this doesn't work with hybrid transport :(\n      this.webauthnStamper.allowCredentials = [\n        {\n          id: Buffer.from(user.credentialId, \"base64\"),\n          type: \"public-key\",\n          transports: [\"internal\", \"hybrid\"],\n        },\n      ];\n    }\n  };\n\n  protected override getWebAuthnAttestation = async (\n    options?: CredentialCreationOptionOverrides,\n    userDetails: { username: string } = {\n      username: this.user?.email ?? \"anonymous\",\n    }\n  ) => {\n    const challenge = generateRandomBuffer();\n    const authenticatorUserId = generateRandomBuffer();\n\n    const attestation = await getWebAuthnAttestation({\n      publicKey: {\n        ...options?.publicKey,\n        authenticatorSelection: {\n          residentKey: \"preferred\",\n          requireResidentKey: false,\n          userVerification: \"preferred\",\n          ...options?.publicKey?.authenticatorSelection,\n        },\n        challenge,\n        rp: {\n          id: window.location.hostname,\n          name: window.location.hostname,\n          ...options?.publicKey?.rp,\n        },\n        pubKeyCredParams: [\n          {\n            type: \"public-key\",\n            alg: -7,\n          },\n          {\n            type: \"public-key\",\n            alg: -257,\n          },\n        ],\n        user: {\n          id: authenticatorUserId,\n          name: userDetails.username,\n          displayName: userDetails.username,\n          ...options?.publicKey?.user,\n        },\n      },\n      signal: options?.signal,\n    });\n\n    // on iOS sometimes this is returned as empty or null, so handling that here\n    if (attestation.transports == null || attestation.transports.length === 0) {\n      attestation.transports = [\n        \"AUTHENTICATOR_TRANSPORT_INTERNAL\",\n        \"AUTHENTICATOR_TRANSPORT_HYBRID\",\n      ];\n    }\n\n    return { challenge, authenticatorUserId, attestation };\n  };\n\n  protected override getOauthConfig = async (): Promise<OauthConfig> => {\n    const publicKey = await this.initIframeStamper();\n    const nonce = getOauthNonce(publicKey);\n    return this.request(\"/v1/prepare-oauth\", { nonce });\n  };\n\n  private getOauthConfigForMode = async (\n    mode: OauthMode\n  ): Promise<OauthConfig> => {\n    if (this.oauthConfig) {\n      return this.oauthConfig;\n    } else if (mode === \"redirect\") {\n      return this.initOauth();\n    } else {\n      throw new Error(\n        \"enablePopupOauth must be set in configuration or signer.preparePopupOauth must be called before using popup-based OAuth login\"\n      );\n    }\n  };\n}\n\nfunction resolveRelativeUrl(url: string): string {\n  // Funny trick.\n  const a = document.createElement(\"a\");\n  a.href = url;\n  return a.href;\n}\n"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/client/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AACjE,OAAO,EAAE,sBAAsB,EAAE,MAAM,eAAe,CAAC;AACvD,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAC5D,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,kCAAkC,CAAC;AACxE,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAW7C,OAAO,EAAE,wBAAwB,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAGtE,MAAM,oBAAoB,GAAG,GAAG,CAAC;AAEjC,MAAM,CAAC,MAAM,+BAA+B,GAAG,CAAC,CAAC,MAAM,CAAC;IACtD,UAAU,EAAE,sBAAsB;IAClC,YAAY,EAAE,CAAC,CAAC,MAAM,CAAC;QACrB,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,gBAAgB,CAAC;QACrD,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE;KAC9B,CAAC;IACF,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,SAAS,EAAE,CAAC;SACT,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,OAAO,CAAC,sCAAsC,CAAC;IAClD,gBAAgB,EAAE,CAAC;SAChB,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,OAAO,CAAC,qCAAqC,CAAC;IACjD,gBAAgB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;CACxD,CAAC,CAAC;AAgBH;;;GAGG;AACH,MAAM,OAAO,sBAAuB,SAAQ,gBAAoC;IAM9E;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACH,YAAY,MAAiC;QAC3C,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,IAAI,EAAE,SAAS,EAAE,gBAAgB,EAAE,GACnE,+BAA+B,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAEhD,MAAM,aAAa,GAAG,IAAI,aAAa,CAAC;YACtC,eAAe,EAAE,YAAY,CAAC,eAAe;YAC7C,SAAS,EAAE,0BAA0B;YACrC,eAAe,EAAE,QAAQ,CAAC,cAAc,CAAC,YAAY,CAAC,iBAAiB,CAAC;SACzE,CAAC,CAAC;QAEH,KAAK,CAAC;YACJ,UAAU;YACV,SAAS;YACT,OAAO,EAAE,aAAa;SACvB,CAAC,CAAC;QA1CG;;;;;WAA6B;QAC7B;;;;;WAAiC;QACzC;;;;;WAAyB;QACzB;;;;;WAA0B;QAmD1B;;;;;;;;;;;;;;;;;;;;;WAqBG;QACa;;;;mBAAgB,KAAK,EAAE,MAA2B,EAAE,EAAE;gBACpE,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;gBACzC,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;oBAC5B,MAAM,EAAE,KAAK,EAAE,iBAAiB,EAAE,GAAG,MAAM,CAAC;oBAC5C,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;oBAEjD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE;wBAChD,KAAK;wBACL,eAAe,EAAE,SAAS;wBAC1B,iBAAiB;wBACjB,cAAc,EAAE,MAAM,CAAC,cAAc,EAAE,QAAQ,EAAE;qBAClD,CAAC,CAAC;oBAEH,OAAO,QAAQ,CAAC;gBAClB,CAAC;gBAED,gCAAgC;gBAChC,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAClE,MAAM,CAAC,YAAY,EACnB,EAAE,QAAQ,EAAE,OAAO,IAAI,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,EAAE,CACjE,CAAC;gBAEF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE;oBAC9C,OAAO,EAAE;wBACP,SAAS,EAAE,eAAe,CAAC,SAAS,CAAC;wBACrC,WAAW;qBACZ;oBACD,KAAK,EAAE,OAAO,IAAI,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;iBACpD,CAAC,CAAC;gBAEH,IAAI,CAAC,IAAI,GAAG;oBACV,KAAK,EAAE,MAAM,CAAC,KAAK;oBACnB,OAAO,EAAE,MAAM,CAAC,OAAQ;oBACxB,MAAM,EAAE,MAAM,CAAC,MAAO;oBACtB,YAAY,EAAE,WAAW,CAAC,YAAY;iBACvC,CAAC;gBACF,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACpC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,kBAAkB,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;gBAEtD,OAAO,MAAM,CAAC;YAChB,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;;WAsBG;QACa;;;;mBAAgB,KAAK,EACnC,MAAgD,EAChD,EAAE;gBACF,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;gBACzC,MAAM,EAAE,KAAK,EAAE,iBAAiB,EAAE,GAAG,MAAM,CAAC;gBAC5C,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBAEjD,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE;oBAC9B,KAAK;oBACL,eAAe,EAAE,SAAS;oBAC1B,iBAAiB;oBACjB,cAAc,EAAE,MAAM,CAAC,cAAc,EAAE,QAAQ,EAAE;iBAClD,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;WAqBG;QACa;;;;mBAAyB,KAAK,EAAE,EAC9C,MAAM,EACN,KAAK,EACL,kBAAkB,GAKnB,EAAiB,EAAE;gBAClB,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;gBACzC,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBAE/B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC;gBAEvE,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;gBACxD,CAAC;gBAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBACtC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,kBAAkB,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;gBAEzD,OAAO,IAAI,CAAC;YACd,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;WAqBG;QACa;;;;mBAAwB,KAAK,EAC3C,OAAyB,SAAS,EAClC,EAAE;gBACF,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;gBACzC,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;gBACrC,IAAI,IAAI,EAAE,CAAC;oBACT,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;oBACjB,OAAO,IAAI,CAAC;gBACd,CAAC;gBAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAC/C,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;gBACvC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,kBAAkB,EAAE,MAAM,CAAC,CAAC;gBAEnD,OAAO,MAAM,CAAC;YAChB,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;;;;;;WA0BG;QACa;;;;mBAAe,KAAK,EAAE,EACpC,iBAAiB,EACjB,eAAe,GAAG,uBAAuB,GACtB,EAAE,EAAE;gBACvB,MAAM,yBAAyB,GAAG,IAAI,aAAa,CAAC;oBAClD,eAAe,EAAE,QAAQ,CAAC,cAAc,CAAC,iBAAiB,CAAC;oBAC3D,eAAe,EAAE,eAAe;oBAChC,SAAS,EAAE,4BAA4B;iBACxC,CAAC,CAAC;gBACH,MAAM,yBAAyB,CAAC,IAAI,EAAE,CAAC;gBAEvC,IAAI,IAAI,CAAC,aAAa,CAAC,OAAO,KAAK,IAAI,CAAC,aAAa,EAAE,CAAC;oBACtD,OAAO,IAAI,CAAC,iBAAiB,CAAC;wBAC5B,aAAa,EAAE,yBAAyB;wBACxC,QAAQ,EAAE,aAAa;qBACxB,CAAC,CAAC;gBACL,CAAC;gBAED,OAAO,IAAI,CAAC,iBAAiB,CAAC;oBAC5B,aAAa,EAAE,yBAAyB;oBACxC,QAAQ,EAAE,aAAa;iBACxB,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;WAkBG;QACa;;;;mBAAa,KAAK,IAAI,EAAE;gBACtC,IAAI,CAAC,IAAI,GAAG,SAAS,CAAC;gBACtB,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,CAAC;YAC7B,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;;;;;;WA0BG;QACa;;;;mBAAoB,KAAK,EACvC,IAA8D,EAC9C,EAAE;gBAClB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;gBACzD,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,WAAW,CAAC;gBACnC,OAAO,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,CAC/B,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,sCAAsC,CAAC,EAAE,IAAI,CAAC,CACvE,CAAC;YACJ,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;;;;;WAyBG;QACa;;;;mBAAiB,KAAK,EACpC,IAA2D,EAC5C,EAAE;gBACjB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;gBACzD,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CACvB,WAAW,EACX,QAAQ,EACR,4BAA4B,CAC7B,CAAC;gBACF,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;oBACrC,MAAM,aAAa,GAAG,CAAC,KAAmB,EAAE,EAAE;wBAC5C,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;4BAChB,OAAO;wBACT,CAAC;wBACD,MAAM,EACJ,aAAa,EAAE,MAAM,EACrB,YAAY,EAAE,KAAK,EACnB,YAAY,GACb,GAAG,KAAK,CAAC,IAAI,CAAC;wBACf,IAAI,MAAM,IAAI,KAAK,EAAE,CAAC;4BACpB,OAAO,EAAE,CAAC;4BACV,KAAK,EAAE,KAAK,EAAE,CAAC;4BACf,IAAI,CAAC,sBAAsB,CAAC;gCAC1B,MAAM;gCACN,KAAK;gCACL,kBAAkB,EAAE,gBAAgB;6BACrC,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;wBAC3B,CAAC;6BAAM,IAAI,YAAY,EAAE,CAAC;4BACxB,OAAO,EAAE,CAAC;4BACV,KAAK,EAAE,KAAK,EAAE,CAAC;4BACf,MAAM,CAAC,IAAI,gBAAgB,CAAC,YAAY,CAAC,CAAC,CAAC;wBAC7C,CAAC;oBACH,CAAC,CAAC;oBAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;oBAElD,MAAM,oBAAoB,GAAG,WAAW,CAAC,GAAG,EAAE;wBAC5C,IAAI,KAAK,EAAE,MAAM,EAAE,CAAC;4BAClB,OAAO,EAAE,CAAC;4BACV,MAAM,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;wBACpC,CAAC;oBACH,CAAC,EAAE,oBAAoB,CAAC,CAAC;oBAEzB,MAAM,OAAO,GAAG,GAAG,EAAE;wBACnB,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;wBACrD,aAAa,CAAC,oBAAoB,CAAC,CAAC;oBACtC,CAAC,CAAC;gBACJ,CAAC,CAAC,CAAC;YACL,CAAC;WAAC;QAEM;;;;mBAAsB,KAAK,EAAE,IAAiB,EAAmB,EAAE;gBACzE,MAAM,EACJ,cAAc,EACd,gBAAgB,EAChB,eAAe,EACf,KAAK,EAAE,aAAa,EACpB,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,WAAW,EACX,iBAAiB,GAClB,GAAG,IAAI,CAAC;gBACT,MAAM,EAAE,aAAa,EAAE,UAAU,EAAE,aAAa,EAAE,GAChD,MAAM,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC;gBACzC,MAAM,YAAY,GAAG,aAAa,CAAC,IAAI,CACrC,CAAC,QAAQ,EAAE,EAAE,CACX,QAAQ,CAAC,EAAE,KAAK,cAAc;oBAC9B,CAAC,CAAC,QAAQ,CAAC,gBAAgB,KAAK,CAAC,CAAC,gBAAgB,CACrD,CAAC;gBACF,IAAI,CAAC,YAAY,EAAE,CAAC;oBAClB,MAAM,IAAI,KAAK,CAAC,kCAAkC,cAAc,EAAE,CAAC,CAAC;gBACtE,CAAC;gBACD,IAAI,KAAa,CAAC;gBAClB,IAAI,MAA0B,CAAC;gBAC/B,IAAI,aAAa,EAAE,CAAC;oBAClB,KAAK,GAAG,aAAa,CAAC;oBACtB,MAAM,GAAG,cAAc,CAAC;gBAC1B,CAAC;qBAAM,CAAC;oBACN,IAAI,gBAAgB,EAAE,CAAC;wBACrB,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;oBAClE,CAAC;oBACD,MAAM,cAAc,GAAG,wBAAwB,CAAC,cAAc,CAAC,CAAC;oBAChE,IAAI,CAAC,cAAc,EAAE,CAAC;wBACpB,MAAM,IAAI,KAAK,CACb,wCAAwC,cAAc,EAAE,CACzD,CAAC;oBACJ,CAAC;oBACD,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,cAAc,CAAC,CAAC;gBACvC,CAAC;gBACD,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,YAAY,CAAC;gBAChD,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBACxD,MAAM,KAAK,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAC;gBAC9C,MAAM,WAAW,GAAe;oBAC9B,cAAc;oBACd,gBAAgB;oBAChB,UAAU;oBACV,gBAAgB;oBAChB,iBAAiB;oBACjB,WAAW,EACT,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,SAAS;oBACnE,YAAY,EAAE,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;iBACpE,CAAC;gBACF,MAAM,KAAK,GAAG,eAAe,CAC3B,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,CACtD,CAAC;gBACF,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC;gBACtC,MAAM,MAAM,GAA2B;oBACrC,YAAY,EAAE,IAAI,CAAC,gBAAgB;oBACnC,aAAa,EAAE,MAAM;oBACrB,KAAK;oBACL,KAAK;oBACL,cAAc,EAAE,aAAa;oBAC7B,qBAAqB,EAAE,MAAM;oBAC7B,MAAM,EAAE,gBAAgB;oBACxB,SAAS,EAAE,QAAQ;oBACnB,KAAK;iBACN,CAAC;gBACF,IAAI,MAAM,EAAE,CAAC;oBACX,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC;gBACzB,CAAC;gBACD,IAAI,eAAe,EAAE,CAAC;oBACpB,MAAM,CAAC,UAAU,GAAG,eAAe,CAAC;gBACtC,CAAC;gBACD,OAAO,CAAC,MAAM,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;gBACxD,OAAO,OAAO,CAAC,QAAQ,EAAE,CAAC;YAC5B,CAAC;WAAC;QAEM;;;;mBAAoB,KAAK,IAAI,EAAE;gBACrC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,EAAE,CAAC;oBACpC,MAAM,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;gBAClC,CAAC;gBAED,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;gBAEpC,OAAO,IAAI,CAAC,aAAa,CAAC,SAAS,EAAG,CAAC;YACzC,CAAC;WAAC;QAEM;;;;mBAAsB,KAAK,EAAE,OAAyB,IAAI,CAAC,IAAI,EAAE,EAAE;gBACzE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;gBACtC,IAAI,IAAI,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;oBAC9B,+GAA+G;oBAC/G,IAAI,CAAC,eAAe,CAAC,gBAAgB,GAAG;wBACtC;4BACE,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC;4BAC5C,IAAI,EAAE,YAAY;4BAClB,UAAU,EAAE,CAAC,UAAU,EAAE,QAAQ,CAAC;yBACnC;qBACF,CAAC;gBACJ,CAAC;YACH,CAAC;WAAC;QAEiB;;;;mBAAyB,KAAK,EAC/C,OAA2C,EAC3C,cAAoC;gBAClC,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,KAAK,IAAI,WAAW;aAC1C,EACD,EAAE;gBACF,MAAM,SAAS,GAAG,oBAAoB,EAAE,CAAC;gBACzC,MAAM,mBAAmB,GAAG,oBAAoB,EAAE,CAAC;gBAEnD,MAAM,WAAW,GAAG,MAAM,sBAAsB,CAAC;oBAC/C,SAAS,EAAE;wBACT,GAAG,OAAO,EAAE,SAAS;wBACrB,sBAAsB,EAAE;4BACtB,WAAW,EAAE,WAAW;4BACxB,kBAAkB,EAAE,KAAK;4BACzB,gBAAgB,EAAE,WAAW;4BAC7B,GAAG,OAAO,EAAE,SAAS,EAAE,sBAAsB;yBAC9C;wBACD,SAAS;wBACT,EAAE,EAAE;4BACF,EAAE,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ;4BAC5B,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ;4BAC9B,GAAG,OAAO,EAAE,SAAS,EAAE,EAAE;yBAC1B;wBACD,gBAAgB,EAAE;4BAChB;gCACE,IAAI,EAAE,YAAY;gCAClB,GAAG,EAAE,CAAC,CAAC;6BACR;4BACD;gCACE,IAAI,EAAE,YAAY;gCAClB,GAAG,EAAE,CAAC,GAAG;6BACV;yBACF;wBACD,IAAI,EAAE;4BACJ,EAAE,EAAE,mBAAmB;4BACvB,IAAI,EAAE,WAAW,CAAC,QAAQ;4BAC1B,WAAW,EAAE,WAAW,CAAC,QAAQ;4BACjC,GAAG,OAAO,EAAE,SAAS,EAAE,IAAI;yBAC5B;qBACF;oBACD,MAAM,EAAE,OAAO,EAAE,MAAM;iBACxB,CAAC,CAAC;gBAEH,4EAA4E;gBAC5E,IAAI,WAAW,CAAC,UAAU,IAAI,IAAI,IAAI,WAAW,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAC1E,WAAW,CAAC,UAAU,GAAG;wBACvB,kCAAkC;wBAClC,gCAAgC;qBACjC,CAAC;gBACJ,CAAC;gBAED,OAAO,EAAE,SAAS,EAAE,mBAAmB,EAAE,WAAW,EAAE,CAAC;YACzD,CAAC;WAAC;QAEiB;;;;mBAAiB,KAAK,IAA0B,EAAE;gBACnE,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBACjD,MAAM,KAAK,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC;gBACvC,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YACtD,CAAC;WAAC;QAEM;;;;mBAAwB,KAAK,EACnC,IAAe,EACO,EAAE;gBACxB,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;oBACrB,OAAO,IAAI,CAAC,WAAW,CAAC;gBAC1B,CAAC;qBAAM,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;oBAC/B,OAAO,IAAI,CAAC,SAAS,EAAE,CAAC;gBAC1B,CAAC;qBAAM,CAAC;oBACN,MAAM,IAAI,KAAK,CACb,+HAA+H,CAChI,CAAC;gBACJ,CAAC;YACH,CAAC;WAAC;QA9iBA,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QACnC,IAAI,CAAC,iBAAiB,GAAG,YAAY,CAAC,iBAAiB,CAAC;QAExD,IAAI,CAAC,eAAe,GAAG,IAAI,eAAe,CAAC;YACzC,IAAI,EAAE,IAAI,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ;SACvC,CAAC,CAAC;QAEH,IAAI,CAAC,gBAAgB,GAAG,gBAAgB,CAAC;IAC3C,CAAC;CAuiBF;AAED,SAAS,kBAAkB,CAAC,GAAW;IACrC,eAAe;IACf,MAAM,CAAC,GAAG,QAAQ,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;IACtC,CAAC,CAAC,IAAI,GAAG,GAAG,CAAC;IACb,OAAO,CAAC,CAAC,IAAI,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,MAAM,OAAO,mBAAoB,SAAQ,SAAS;IAGhD;;;OAGG;IACH;QACE,KAAK,CAAC,iBAAiB,CAAC,CAAC;QAPlB;;;;mBAAO,qBAAqB;WAAC;IAQtC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,gBAAiB,SAAQ,SAAS;IAA/C;;QACW;;;;mBAAO,kBAAkB;WAAC;IACrC,CAAC;CAAA","sourcesContent":["import { BaseError, ConnectionConfigSchema } from \"@aa-sdk/core\";\nimport { getWebAuthnAttestation } from \"@turnkey/http\";\nimport { IframeStamper } from \"@turnkey/iframe-stamper\";\nimport { WebauthnStamper } from \"@turnkey/webauthn-stamper\";\nimport { z } from \"zod\";\nimport { base64UrlEncode } from \"../utils/base64UrlEncode.js\";\nimport { generateRandomBuffer } from \"../utils/generateRandomBuffer.js\";\nimport { BaseSignerClient } from \"./base.js\";\nimport type {\n  AlchemySignerClientEvents,\n  CreateAccountParams,\n  CredentialCreationOptionOverrides,\n  EmailAuthParams,\n  ExportWalletParams,\n  OauthConfig,\n  OauthParams,\n  User,\n} from \"./types.js\";\nimport { getDefaultScopeAndClaims, getOauthNonce } from \"../oauth.js\";\nimport type { AuthParams, OauthMode } from \"../signer.js\";\n\nconst CHECK_CLOSE_INTERVAL = 500;\n\nexport const AlchemySignerClientParamsSchema = z.object({\n  connection: ConnectionConfigSchema,\n  iframeConfig: z.object({\n    iframeElementId: z.string().default(\"turnkey-iframe\"),\n    iframeContainerId: z.string(),\n  }),\n  rpId: z.string().optional(),\n  rootOrgId: z\n    .string()\n    .optional()\n    .default(\"24c1acf5-810f-41e0-a503-d5d13fa8e830\"),\n  oauthCallbackUrl: z\n    .string()\n    .optional()\n    .default(\"https://signer.alchemy.com/callback\"),\n  enablePopupOauth: z.boolean().optional().default(false),\n});\n\nexport type AlchemySignerClientParams = z.input<\n  typeof AlchemySignerClientParamsSchema\n>;\n\ntype OauthState = {\n  authProviderId: string;\n  isCustomProvider?: boolean;\n  requestKey: string;\n  turnkeyPublicKey: string;\n  expirationSeconds?: number;\n  redirectUrl?: string;\n  openerOrigin?: string;\n};\n\n/**\n * A lower level client used by the AlchemySigner used to communicate with\n * Alchemy's signer service.\n */\nexport class AlchemySignerWebClient extends BaseSignerClient<ExportWalletParams> {\n  private iframeStamper: IframeStamper;\n  private webauthnStamper: WebauthnStamper;\n  oauthCallbackUrl: string;\n  iframeContainerId: string;\n\n  /**\n   * Initializes a new instance with the given parameters, setting up the connection, iframe configuration, and WebAuthn stamper.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   * ```\n   *\n   * @param {AlchemySignerClientParams} params the parameters required to initialize the client\n   * @param {ConnectionConfig} params.connection The connection details needed to connect to the service\n   * @param {{ iframeElementId?: string; iframeContainerId: string }} params.iframeConfig The configuration details for setting up the iframe stamper\n   * @param {string} params.rpId The relying party ID, defaulting to the current hostname if not provided\n   * @param {string} params.rootOrgId The root organization ID\n   */\n  constructor(params: AlchemySignerClientParams) {\n    const { connection, iframeConfig, rpId, rootOrgId, oauthCallbackUrl } =\n      AlchemySignerClientParamsSchema.parse(params);\n\n    const iframeStamper = new IframeStamper({\n      iframeElementId: iframeConfig.iframeElementId,\n      iframeUrl: \"https://auth.turnkey.com\",\n      iframeContainer: document.getElementById(iframeConfig.iframeContainerId),\n    });\n\n    super({\n      connection,\n      rootOrgId,\n      stamper: iframeStamper,\n    });\n\n    this.iframeStamper = iframeStamper;\n    this.iframeContainerId = iframeConfig.iframeContainerId;\n\n    this.webauthnStamper = new WebauthnStamper({\n      rpId: rpId ?? window.location.hostname,\n    });\n\n    this.oauthCallbackUrl = oauthCallbackUrl;\n  }\n\n  /**\n   * Authenticates the user by either email or passkey account creation flow. Emits events during the process.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * const account = await client.createAccount({ type: \"email\", email: \"you@mail.com\" });\n   * ```\n   *\n   * @param {CreateAccountParams} params The parameters for creating an account, including the type (email or passkey) and additional details.\n   * @returns {Promise<SignupResponse>} A promise that resolves with the response object containing the account creation result.\n   */\n  public override createAccount = async (params: CreateAccountParams) => {\n    this.eventEmitter.emit(\"authenticating\");\n    if (params.type === \"email\") {\n      const { email, expirationSeconds } = params;\n      const publicKey = await this.initIframeStamper();\n\n      const response = await this.request(\"/v1/signup\", {\n        email,\n        targetPublicKey: publicKey,\n        expirationSeconds,\n        redirectParams: params.redirectParams?.toString(),\n      });\n\n      return response;\n    }\n\n    // Passkey account creation flow\n    const { attestation, challenge } = await this.getWebAuthnAttestation(\n      params.creationOpts,\n      { username: \"email\" in params ? params.email : params.username }\n    );\n\n    const result = await this.request(\"/v1/signup\", {\n      passkey: {\n        challenge: base64UrlEncode(challenge),\n        attestation,\n      },\n      email: \"email\" in params ? params.email : undefined,\n    });\n\n    this.user = {\n      orgId: result.orgId,\n      address: result.address!,\n      userId: result.userId!,\n      credentialId: attestation.credentialId,\n    };\n    this.initWebauthnStamper(this.user);\n    this.eventEmitter.emit(\"connectedPasskey\", this.user);\n\n    return result;\n  };\n\n  /**\n   * Begin authenticating a user with their email and an expiration time for the authentication request. Initializes the iframe stamper to get the target public key.\n   * This method sends an email to the user to complete their login\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * const account = await client.initEmailAuth({ email: \"you@mail.com\" });\n   * ```\n   *\n   * @param {Omit<EmailAuthParams, \"targetPublicKey\">} params The parameters for email authentication, excluding the target public key\n   * @returns {Promise<any>} The response from the authentication request\n   */\n  public override initEmailAuth = async (\n    params: Omit<EmailAuthParams, \"targetPublicKey\">\n  ) => {\n    this.eventEmitter.emit(\"authenticating\");\n    const { email, expirationSeconds } = params;\n    const publicKey = await this.initIframeStamper();\n\n    return this.request(\"/v1/auth\", {\n      email,\n      targetPublicKey: publicKey,\n      expirationSeconds,\n      redirectParams: params.redirectParams?.toString(),\n    });\n  };\n\n  /**\n   * Completes auth for the user by injecting a credential bundle and retrieving the user information based on the provided organization ID. Emits events during the process.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * const account = await client.completeAuthWithBundle({ orgId: \"user-org-id\", bundle: \"bundle-from-email\", connectedEventName: \"connectedEmail\" });\n   * ```\n   *\n   * @param {{ bundle: string; orgId: string }} config The configuration object for the authentication function containing the credential bundle to inject and the organization id associated with the user\n   * @returns {Promise<User>} A promise that resolves to the authenticated user information\n   */\n  public override completeAuthWithBundle = async ({\n    bundle,\n    orgId,\n    connectedEventName,\n  }: {\n    bundle: string;\n    orgId: string;\n    connectedEventName: keyof AlchemySignerClientEvents;\n  }): Promise<User> => {\n    this.eventEmitter.emit(\"authenticating\");\n    await this.initIframeStamper();\n\n    const result = await this.iframeStamper.injectCredentialBundle(bundle);\n\n    if (!result) {\n      throw new Error(\"Failed to inject credential bundle\");\n    }\n\n    const user = await this.whoami(orgId);\n    this.eventEmitter.emit(connectedEventName, user, bundle);\n\n    return user;\n  };\n\n  /**\n   * Asynchronously handles the authentication process using WebAuthn Stamper. If a user is provided, sets the user and returns it. Otherwise, retrieves the current user and initializes the WebAuthn stamper.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * const account = await client.lookupUserWithPasskey();\n   * ```\n   *\n   * @param {User} [user] An optional user object to authenticate\n   * @returns {Promise<User>} A promise that resolves to the authenticated user object\n   */\n  public override lookupUserWithPasskey = async (\n    user: User | undefined = undefined\n  ) => {\n    this.eventEmitter.emit(\"authenticating\");\n    await this.initWebauthnStamper(user);\n    if (user) {\n      this.user = user;\n      return user;\n    }\n\n    const result = await this.whoami(this.rootOrg);\n    await this.initWebauthnStamper(result);\n    this.eventEmitter.emit(\"connectedPasskey\", result);\n\n    return result;\n  };\n\n  /**\n   * Initiates the export of a wallet by creating an iframe stamper and calling the appropriate export function.\n   * The export can be based on a seed phrase or a private key.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * const account = await client.exportWallet({\n   *  iframeContainerId: \"export-iframe-container\",\n   * });\n   * ```\n   *\n   * @param {ExportWalletParams} config The parameters for exporting the wallet\n   * @param {string} config.iframeContainerId The ID of the container element that will hold the iframe stamper\n   * @param {string} [config.iframeElementId] Optional ID for the iframe element\n   * @returns {Promise<void>} A promise that resolves when the export process is complete\n   */\n  public override exportWallet = async ({\n    iframeContainerId,\n    iframeElementId = \"turnkey-export-iframe\",\n  }: ExportWalletParams) => {\n    const exportWalletIframeStamper = new IframeStamper({\n      iframeContainer: document.getElementById(iframeContainerId),\n      iframeElementId: iframeElementId,\n      iframeUrl: \"https://export.turnkey.com\",\n    });\n    await exportWalletIframeStamper.init();\n\n    if (this.turnkeyClient.stamper === this.iframeStamper) {\n      return this.exportWalletInner({\n        exportStamper: exportWalletIframeStamper,\n        exportAs: \"SEED_PHRASE\",\n      });\n    }\n\n    return this.exportWalletInner({\n      exportStamper: exportWalletIframeStamper,\n      exportAs: \"PRIVATE_KEY\",\n    });\n  };\n\n  /**\n   * Asynchronous function that clears the user and resets the iframe stamper.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * const account = await client.disconnect();\n   * ```\n   */\n  public override disconnect = async () => {\n    this.user = undefined;\n    this.iframeStamper.clear();\n  };\n\n  /**\n   * Redirects the user to the OAuth provider URL based on the provided arguments. This function will always reject after 1 second if the redirection does not occur.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * await client.oauthWithRedirect({\n   *   type: \"oauth\",\n   *   authProviderId: \"google\",\n   *   mode: \"redirect\",\n   *   redirectUrl: \"/\",\n   * });\n   * ```\n   *\n   * @param {Extract<AuthParams, { type: \"oauth\"; mode: \"redirect\" }>} args The arguments required to obtain the OAuth provider URL\n   * @returns {Promise<never>} A promise that will never resolve, only reject if the redirection fails\n   */\n  public override oauthWithRedirect = async (\n    args: Extract<AuthParams, { type: \"oauth\"; mode: \"redirect\" }>\n  ): Promise<never> => {\n    const providerUrl = await this.getOauthProviderUrl(args);\n    window.location.href = providerUrl;\n    return new Promise((_, reject) =>\n      setTimeout(() => reject(\"Failed to redirect to OAuth provider\"), 1000)\n    );\n  };\n\n  /**\n   * Initiates an OAuth authentication flow in a popup window and returns the authenticated user.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * const user = await client.oauthWithPopup({\n   *  type: \"oauth\",\n   *  authProviderId: \"google\",\n   *  mode: \"popup\"\n   * });\n   * ```\n   *\n   * @param {Extract<AuthParams, { type: \"oauth\"; mode: \"popup\" }>} args The authentication parameters specifying OAuth type and popup mode\n   * @returns {Promise<User>} A promise that resolves to a `User` object containing the authenticated user information\n   */\n  public override oauthWithPopup = async (\n    args: Extract<AuthParams, { type: \"oauth\"; mode: \"popup\" }>\n  ): Promise<User> => {\n    const providerUrl = await this.getOauthProviderUrl(args);\n    const popup = window.open(\n      providerUrl,\n      \"_blank\",\n      \"popup,width=500,height=600\"\n    );\n    return new Promise((resolve, reject) => {\n      const handleMessage = (event: MessageEvent) => {\n        if (!event.data) {\n          return;\n        }\n        const {\n          alchemyBundle: bundle,\n          alchemyOrgId: orgId,\n          alchemyError,\n        } = event.data;\n        if (bundle && orgId) {\n          cleanup();\n          popup?.close();\n          this.completeAuthWithBundle({\n            bundle,\n            orgId,\n            connectedEventName: \"connectedOauth\",\n          }).then(resolve, reject);\n        } else if (alchemyError) {\n          cleanup();\n          popup?.close();\n          reject(new OauthFailedError(alchemyError));\n        }\n      };\n\n      window.addEventListener(\"message\", handleMessage);\n\n      const checkCloseIntervalId = setInterval(() => {\n        if (popup?.closed) {\n          cleanup();\n          reject(new OauthCancelledError());\n        }\n      }, CHECK_CLOSE_INTERVAL);\n\n      const cleanup = () => {\n        window.removeEventListener(\"message\", handleMessage);\n        clearInterval(checkCloseIntervalId);\n      };\n    });\n  };\n\n  private getOauthProviderUrl = async (args: OauthParams): Promise<string> => {\n    const {\n      authProviderId,\n      isCustomProvider,\n      auth0Connection,\n      scope: providedScope,\n      claims: providedClaims,\n      mode,\n      redirectUrl,\n      expirationSeconds,\n    } = args;\n    const { codeChallenge, requestKey, authProviders } =\n      await this.getOauthConfigForMode(mode);\n    const authProvider = authProviders.find(\n      (provider) =>\n        provider.id === authProviderId &&\n        !!provider.isCustomProvider === !!isCustomProvider\n    );\n    if (!authProvider) {\n      throw new Error(`No auth provider found with id ${authProviderId}`);\n    }\n    let scope: string;\n    let claims: string | undefined;\n    if (providedScope) {\n      scope = providedScope;\n      claims = providedClaims;\n    } else {\n      if (isCustomProvider) {\n        throw new Error(\"scope must be provided for a custom provider\");\n      }\n      const scopeAndClaims = getDefaultScopeAndClaims(authProviderId);\n      if (!scopeAndClaims) {\n        throw new Error(\n          `Default scope not known for provider ${authProviderId}`\n        );\n      }\n      ({ scope, claims } = scopeAndClaims);\n    }\n    const { authEndpoint, clientId } = authProvider;\n    const turnkeyPublicKey = await this.initIframeStamper();\n    const nonce = getOauthNonce(turnkeyPublicKey);\n    const stateObject: OauthState = {\n      authProviderId,\n      isCustomProvider,\n      requestKey,\n      turnkeyPublicKey,\n      expirationSeconds,\n      redirectUrl:\n        mode === \"redirect\" ? resolveRelativeUrl(redirectUrl) : undefined,\n      openerOrigin: mode === \"popup\" ? window.location.origin : undefined,\n    };\n    const state = base64UrlEncode(\n      new TextEncoder().encode(JSON.stringify(stateObject))\n    );\n    const authUrl = new URL(authEndpoint);\n    const params: Record<string, string> = {\n      redirect_uri: this.oauthCallbackUrl,\n      response_type: \"code\",\n      scope,\n      state,\n      code_challenge: codeChallenge,\n      code_challenge_method: \"S256\",\n      prompt: \"select_account\",\n      client_id: clientId,\n      nonce,\n    };\n    if (claims) {\n      params.claims = claims;\n    }\n    if (auth0Connection) {\n      params.connection = auth0Connection;\n    }\n    authUrl.search = new URLSearchParams(params).toString();\n    return authUrl.toString();\n  };\n\n  private initIframeStamper = async () => {\n    if (!this.iframeStamper.publicKey()) {\n      await this.iframeStamper.init();\n    }\n\n    this.setStamper(this.iframeStamper);\n\n    return this.iframeStamper.publicKey()!;\n  };\n\n  private initWebauthnStamper = async (user: User | undefined = this.user) => {\n    this.setStamper(this.webauthnStamper);\n    if (user && user.credentialId) {\n      // The goal here is to allow us to cache the allowed credential, but this doesn't work with hybrid transport :(\n      this.webauthnStamper.allowCredentials = [\n        {\n          id: Buffer.from(user.credentialId, \"base64\"),\n          type: \"public-key\",\n          transports: [\"internal\", \"hybrid\"],\n        },\n      ];\n    }\n  };\n\n  protected override getWebAuthnAttestation = async (\n    options?: CredentialCreationOptionOverrides,\n    userDetails: { username: string } = {\n      username: this.user?.email ?? \"anonymous\",\n    }\n  ) => {\n    const challenge = generateRandomBuffer();\n    const authenticatorUserId = generateRandomBuffer();\n\n    const attestation = await getWebAuthnAttestation({\n      publicKey: {\n        ...options?.publicKey,\n        authenticatorSelection: {\n          residentKey: \"preferred\",\n          requireResidentKey: false,\n          userVerification: \"preferred\",\n          ...options?.publicKey?.authenticatorSelection,\n        },\n        challenge,\n        rp: {\n          id: window.location.hostname,\n          name: window.location.hostname,\n          ...options?.publicKey?.rp,\n        },\n        pubKeyCredParams: [\n          {\n            type: \"public-key\",\n            alg: -7,\n          },\n          {\n            type: \"public-key\",\n            alg: -257,\n          },\n        ],\n        user: {\n          id: authenticatorUserId,\n          name: userDetails.username,\n          displayName: userDetails.username,\n          ...options?.publicKey?.user,\n        },\n      },\n      signal: options?.signal,\n    });\n\n    // on iOS sometimes this is returned as empty or null, so handling that here\n    if (attestation.transports == null || attestation.transports.length === 0) {\n      attestation.transports = [\n        \"AUTHENTICATOR_TRANSPORT_INTERNAL\",\n        \"AUTHENTICATOR_TRANSPORT_HYBRID\",\n      ];\n    }\n\n    return { challenge, authenticatorUserId, attestation };\n  };\n\n  protected override getOauthConfig = async (): Promise<OauthConfig> => {\n    const publicKey = await this.initIframeStamper();\n    const nonce = getOauthNonce(publicKey);\n    return this.request(\"/v1/prepare-oauth\", { nonce });\n  };\n\n  private getOauthConfigForMode = async (\n    mode: OauthMode\n  ): Promise<OauthConfig> => {\n    if (this.oauthConfig) {\n      return this.oauthConfig;\n    } else if (mode === \"redirect\") {\n      return this.initOauth();\n    } else {\n      throw new Error(\n        \"enablePopupOauth must be set in configuration or signer.preparePopupOauth must be called before using popup-based OAuth login\"\n      );\n    }\n  };\n}\n\nfunction resolveRelativeUrl(url: string): string {\n  // Funny trick.\n  const a = document.createElement(\"a\");\n  a.href = url;\n  return a.href;\n}\n\n/**\n * This error is thrown when the OAuth flow is cancelled because the auth popup\n * window was closed.\n */\nexport class OauthCancelledError extends BaseError {\n  override name = \"OauthCancelledError\";\n\n  /**\n   * Constructor for initializing an error indicating that the OAuth flow was\n   * cancelled.\n   */\n  constructor() {\n    super(\"OAuth cancelled\");\n  }\n}\n\n/**\n * This error is thrown when an error occurs during the OAuth login flow.\n */\nexport class OauthFailedError extends BaseError {\n  override name = \"OauthFailedError\";\n}\n"]}

package/dist/esm/index.d.ts

@@ -1,6 +1,6 @@
 export { BaseAlchemySigner } from "./base.js";
 export { BaseSignerClient } from "./client/base.js";
-export { AlchemySignerWebClient } from "./client/index.js";
+export { AlchemySignerWebClient, OauthCancelledError, OauthFailedError, } from "./client/index.js";
 export type * from "./client/types.js";
 export { DEFAULT_SESSION_MS } from "./session/manager.js";
 export type * from "./signer.js";

package/dist/esm/index.js

@@ -1,6 +1,6 @@
 export { BaseAlchemySigner } from "./base.js";
 export { BaseSignerClient } from "./client/base.js";
-export { AlchemySignerWebClient } from "./client/index.js";
+export { AlchemySignerWebClient, OauthCancelledError, OauthFailedError, } from "./client/index.js";
 export { DEFAULT_SESSION_MS } from "./session/manager.js";
 export { AlchemyWebSigner } from "./signer.js";
 export { AlchemySignerStatus } from "./types.js";

package/dist/esm/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAE1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAE/C,OAAO,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC","sourcesContent":["export { BaseAlchemySigner } from \"./base.js\";\nexport { BaseSignerClient } from \"./client/base.js\";\nexport { AlchemySignerWebClient } from \"./client/index.js\";\nexport type * from \"./client/types.js\";\nexport { DEFAULT_SESSION_MS } from \"./session/manager.js\";\nexport type * from \"./signer.js\";\nexport { AlchemyWebSigner } from \"./signer.js\";\nexport type * from \"./types.js\";\nexport { AlchemySignerStatus } from \"./types.js\";\n"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EACL,sBAAsB,EACtB,mBAAmB,EACnB,gBAAgB,GACjB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAE1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAE/C,OAAO,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC","sourcesContent":["export { BaseAlchemySigner } from \"./base.js\";\nexport { BaseSignerClient } from \"./client/base.js\";\nexport {\n  AlchemySignerWebClient,\n  OauthCancelledError,\n  OauthFailedError,\n} from \"./client/index.js\";\nexport type * from \"./client/types.js\";\nexport { DEFAULT_SESSION_MS } from \"./session/manager.js\";\nexport type * from \"./signer.js\";\nexport { AlchemyWebSigner } from \"./signer.js\";\nexport type * from \"./types.js\";\nexport { AlchemySignerStatus } from \"./types.js\";\n"]}

package/dist/esm/oauth.d.ts

@@ -1,3 +1,4 @@
+import type { KnownAuthProvider } from "./signer";
 /**
  * Turnkey requires the nonce in the id token to be in this format.
  *
@@ -15,4 +16,4 @@ export type ScopeAndClaims = {
  * @param {string} knownAuthProviderId id of a known auth provider, e.g. "google"
  * @returns {ScopeAndClaims | undefined} default scope and claims
  */
-export declare function getDefaultScopeAndClaims(knownAuthProviderId: string): ScopeAndClaims | undefined;
+export declare function getDefaultScopeAndClaims(knownAuthProviderId: KnownAuthProvider): ScopeAndClaims | undefined;

package/dist/esm/oauth.js

@@ -12,10 +12,7 @@ const DEFAULT_SCOPE_AND_CLAIMS = {
     google: { scope: "openid email" },
     apple: { scope: "openid email" },
     facebook: { scope: "openid email" },
-    twitch: {
-        scope: "openid user:read:email",
-        claims: JSON.stringify({ id_token: { email: null } }),
-    },
+    auth0: { scope: "openid email" },
 };
 /**
  * Returns the default scope and claims when using a known auth provider

package/dist/esm/oauth.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth.js","sourceRoot":"","sources":["../../src/oauth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAC;AAE9B;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,gBAAwB;IACpD,OAAO,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACrE,CAAC;AAOD,MAAM,wBAAwB,GAAmC;IAC/D,MAAM,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE;IACjC,KAAK,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE;IAChC,QAAQ,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE;IACnC,MAAM,EAAE;QACN,KAAK,EAAE,wBAAwB;QAC/B,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC;KACtD;CACF,CAAC;AAEF;;;;;GAKG;AACH,MAAM,UAAU,wBAAwB,CACtC,mBAA2B;IAE3B,OAAO,wBAAwB,CAAC,mBAAmB,CAAC,CAAC;AACvD,CAAC","sourcesContent":["import { sha256 } from \"viem\";\n\n/**\n * Turnkey requires the nonce in the id token to be in this format.\n *\n * @param {string} turnkeyPublicKey key from a Turnkey iframe\n * @returns {string} nonce to be used in OIDC\n */\nexport function getOauthNonce(turnkeyPublicKey: string): string {\n  return sha256(new TextEncoder().encode(turnkeyPublicKey)).slice(2);\n}\n\nexport type ScopeAndClaims = {\n  scope: string;\n  claims?: string;\n};\n\nconst DEFAULT_SCOPE_AND_CLAIMS: Record<string, ScopeAndClaims> = {\n  google: { scope: \"openid email\" },\n  apple: { scope: \"openid email\" },\n  facebook: { scope: \"openid email\" },\n  twitch: {\n    scope: \"openid user:read:email\",\n    claims: JSON.stringify({ id_token: { email: null } }),\n  },\n};\n\n/**\n * Returns the default scope and claims when using a known auth provider\n *\n * @param {string} knownAuthProviderId id of a known auth provider, e.g. \"google\"\n * @returns {ScopeAndClaims | undefined} default scope and claims\n */\nexport function getDefaultScopeAndClaims(\n  knownAuthProviderId: string\n): ScopeAndClaims | undefined {\n  return DEFAULT_SCOPE_AND_CLAIMS[knownAuthProviderId];\n}\n"]}
+{"version":3,"file":"oauth.js","sourceRoot":"","sources":["../../src/oauth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAC;AAG9B;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,gBAAwB;IACpD,OAAO,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACrE,CAAC;AAOD,MAAM,wBAAwB,GAA8C;IAC1E,MAAM,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE;IACjC,KAAK,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE;IAChC,QAAQ,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE;IACnC,KAAK,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE;CACjC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,UAAU,wBAAwB,CACtC,mBAAsC;IAEtC,OAAO,wBAAwB,CAAC,mBAAmB,CAAC,CAAC;AACvD,CAAC","sourcesContent":["import { sha256 } from \"viem\";\nimport type { KnownAuthProvider } from \"./signer\";\n\n/**\n * Turnkey requires the nonce in the id token to be in this format.\n *\n * @param {string} turnkeyPublicKey key from a Turnkey iframe\n * @returns {string} nonce to be used in OIDC\n */\nexport function getOauthNonce(turnkeyPublicKey: string): string {\n  return sha256(new TextEncoder().encode(turnkeyPublicKey)).slice(2);\n}\n\nexport type ScopeAndClaims = {\n  scope: string;\n  claims?: string;\n};\n\nconst DEFAULT_SCOPE_AND_CLAIMS: Record<KnownAuthProvider, ScopeAndClaims> = {\n  google: { scope: \"openid email\" },\n  apple: { scope: \"openid email\" },\n  facebook: { scope: \"openid email\" },\n  auth0: { scope: \"openid email\" },\n};\n\n/**\n * Returns the default scope and claims when using a known auth provider\n *\n * @param {string} knownAuthProviderId id of a known auth provider, e.g. \"google\"\n * @returns {ScopeAndClaims | undefined} default scope and claims\n */\nexport function getDefaultScopeAndClaims(\n  knownAuthProviderId: KnownAuthProvider\n): ScopeAndClaims | undefined {\n  return DEFAULT_SCOPE_AND_CLAIMS[knownAuthProviderId];\n}\n"]}

package/dist/esm/signer.d.ts

@@ -24,23 +24,35 @@ export type AuthParams = {
     creationOpts?: CredentialCreationOptionOverrides;
 } | ({
     type: "oauth";
-    authProviderId: string;
-    isCustomProvider?: boolean;
     scope?: string;
     claims?: string;
-} & RedirectConfig) | {
+} & OauthProviderConfig & OauthRedirectConfig) | {
     type: "oauthReturn";
     bundle: string;
     orgId: string;
 };
-export type OauthMode = "redirect" | "popup";
-export type RedirectConfig = {
+export type OauthProviderConfig = {
+    authProviderId: "auth0";
+    isCustomProvider?: false;
+    auth0Connection?: string;
+} | {
+    authProviderId: KnownAuthProvider;
+    isCustomProvider?: false;
+    auth0Connection?: never;
+} | {
+    authProviderId: string;
+    isCustomProvider: true;
+    auth0Connection?: never;
+};
+export type OauthRedirectConfig = {
     mode: "redirect";
     redirectUrl: string;
 } | {
     mode: "popup";
     redirectUrl?: never;
 };
+export type KnownAuthProvider = "google" | "apple" | "facebook" | "auth0";
+export type OauthMode = "redirect" | "popup";
 export declare const AlchemySignerParamsSchema: z.ZodObject<{
     client: z.ZodUnion<[z.ZodType<AlchemySignerWebClient, z.ZodTypeDef, AlchemySignerWebClient>, z.ZodObject<{
         connection: z.ZodUnion<[z.ZodObject<{

package/dist/esm/signer.js.map

@@ -1 +1 @@
-{"version":3,"file":"signer.js","sourceRoot":"","sources":["../../src/signer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,EACL,+BAA+B,EAC/B,sBAAsB,GACvB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAE,0BAA0B,EAAE,MAAM,sBAAsB,CAAC;AAmClE,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC;KACvC,MAAM,CAAC;IACN,MAAM,EAAE,CAAC;SACN,MAAM,EAA0B;SAChC,EAAE,CAAC,+BAA+B,CAAC;CACvC,CAAC;KACD,MAAM,CAAC;IACN,aAAa,EAAE,0BAA0B,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC5E,CAAC,CAAC;AAIL;;GAEG;AACH,MAAM,OAAO,gBAAiB,SAAQ,iBAAyC;IAC7E;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,YAAY,MAA2B;QACrC,MAAM,EAAE,aAAa,EAAE,GAAG,OAAO,EAAE,GACjC,yBAAyB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAE1C,IAAI,MAA8B,CAAC;QACnC,IAAI,YAAY,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnC,MAAM,GAAG,IAAI,sBAAsB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACtD,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC1B,CAAC;QACD,KAAK,CAAC;YACJ,MAAM;YACN,aAAa;SACd,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["import { z } from \"zod\";\nimport { BaseAlchemySigner } from \"./base.js\";\nimport {\n  AlchemySignerClientParamsSchema,\n  AlchemySignerWebClient,\n} from \"./client/index.js\";\nimport type { CredentialCreationOptionOverrides } from \"./client/types.js\";\nimport { SessionManagerParamsSchema } from \"./session/manager.js\";\n\nexport type AuthParams =\n  | { type: \"email\"; email: string; redirectParams?: URLSearchParams }\n  | { type: \"email\"; bundle: string; orgId?: string }\n  | {\n      type: \"passkey\";\n      email: string;\n      creationOpts?: CredentialCreationOptionOverrides;\n    }\n  | {\n      type: \"passkey\";\n      createNew: false;\n    }\n  | {\n      type: \"passkey\";\n      createNew: true;\n      username: string;\n      creationOpts?: CredentialCreationOptionOverrides;\n    }\n  | ({\n      type: \"oauth\";\n      authProviderId: string;\n      isCustomProvider?: boolean;\n      scope?: string;\n      claims?: string;\n    } & RedirectConfig)\n  | { type: \"oauthReturn\"; bundle: string; orgId: string };\n\nexport type OauthMode = \"redirect\" | \"popup\";\n\nexport type RedirectConfig =\n  | { mode: \"redirect\"; redirectUrl: string }\n  | { mode: \"popup\"; redirectUrl?: never };\n\nexport const AlchemySignerParamsSchema = z\n  .object({\n    client: z\n      .custom<AlchemySignerWebClient>()\n      .or(AlchemySignerClientParamsSchema),\n  })\n  .extend({\n    sessionConfig: SessionManagerParamsSchema.omit({ client: true }).optional(),\n  });\n\nexport type AlchemySignerParams = z.input<typeof AlchemySignerParamsSchema>;\n\n/**\n * A SmartAccountSigner that can be used with any SmartContractAccount\n */\nexport class AlchemyWebSigner extends BaseAlchemySigner<AlchemySignerWebClient> {\n  /**\n   * Initializes an instance with the provided Alchemy signer parameters after parsing them with a schema.\n   *\n   * @example\n   * ```ts\n   * import { AlchemyWebSigner } from \"@account-kit/signer\";\n   *\n   * const signer = new AlchemyWebSigner({\n   *  client: {\n   *    connection: {\n   *      rpcUrl: \"/api/rpc\",\n   *    },\n   *    iframeConfig: {\n   *      iframeContainerId: \"alchemy-signer-iframe-container\",\n   *    },\n   *  },\n   * });\n   * ```\n   *\n   * @param {AlchemySignerParams} params The parameters for the Alchemy signer, including the client and session configuration\n   */\n  constructor(params: AlchemySignerParams) {\n    const { sessionConfig, ...params_ } =\n      AlchemySignerParamsSchema.parse(params);\n\n    let client: AlchemySignerWebClient;\n    if (\"connection\" in params_.client) {\n      client = new AlchemySignerWebClient(params_.client);\n    } else {\n      client = params_.client;\n    }\n    super({\n      client,\n      sessionConfig,\n    });\n  }\n}\n"]}
+{"version":3,"file":"signer.js","sourceRoot":"","sources":["../../src/signer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,EACL,+BAA+B,EAC/B,sBAAsB,GACvB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAE,0BAA0B,EAAE,MAAM,sBAAsB,CAAC;AAqDlE,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC;KACvC,MAAM,CAAC;IACN,MAAM,EAAE,CAAC;SACN,MAAM,EAA0B;SAChC,EAAE,CAAC,+BAA+B,CAAC;CACvC,CAAC;KACD,MAAM,CAAC;IACN,aAAa,EAAE,0BAA0B,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC5E,CAAC,CAAC;AAIL;;GAEG;AACH,MAAM,OAAO,gBAAiB,SAAQ,iBAAyC;IAC7E;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,YAAY,MAA2B;QACrC,MAAM,EAAE,aAAa,EAAE,GAAG,OAAO,EAAE,GACjC,yBAAyB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAE1C,IAAI,MAA8B,CAAC;QACnC,IAAI,YAAY,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnC,MAAM,GAAG,IAAI,sBAAsB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACtD,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC1B,CAAC;QACD,KAAK,CAAC;YACJ,MAAM;YACN,aAAa;SACd,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["import { z } from \"zod\";\nimport { BaseAlchemySigner } from \"./base.js\";\nimport {\n  AlchemySignerClientParamsSchema,\n  AlchemySignerWebClient,\n} from \"./client/index.js\";\nimport type { CredentialCreationOptionOverrides } from \"./client/types.js\";\nimport { SessionManagerParamsSchema } from \"./session/manager.js\";\n\nexport type AuthParams =\n  | { type: \"email\"; email: string; redirectParams?: URLSearchParams }\n  | { type: \"email\"; bundle: string; orgId?: string }\n  | {\n      type: \"passkey\";\n      email: string;\n      creationOpts?: CredentialCreationOptionOverrides;\n    }\n  | {\n      type: \"passkey\";\n      createNew: false;\n    }\n  | {\n      type: \"passkey\";\n      createNew: true;\n      username: string;\n      creationOpts?: CredentialCreationOptionOverrides;\n    }\n  | ({\n      type: \"oauth\";\n      scope?: string;\n      claims?: string;\n    } & OauthProviderConfig &\n      OauthRedirectConfig)\n  | { type: \"oauthReturn\"; bundle: string; orgId: string };\n\nexport type OauthProviderConfig =\n  | {\n      authProviderId: \"auth0\";\n      isCustomProvider?: false;\n      auth0Connection?: string;\n    }\n  | {\n      authProviderId: KnownAuthProvider;\n      isCustomProvider?: false;\n      auth0Connection?: never;\n    }\n  | {\n      authProviderId: string;\n      isCustomProvider: true;\n      auth0Connection?: never;\n    };\n\nexport type OauthRedirectConfig =\n  | { mode: \"redirect\"; redirectUrl: string }\n  | { mode: \"popup\"; redirectUrl?: never };\n\nexport type KnownAuthProvider = \"google\" | \"apple\" | \"facebook\" | \"auth0\";\n\nexport type OauthMode = \"redirect\" | \"popup\";\n\nexport const AlchemySignerParamsSchema = z\n  .object({\n    client: z\n      .custom<AlchemySignerWebClient>()\n      .or(AlchemySignerClientParamsSchema),\n  })\n  .extend({\n    sessionConfig: SessionManagerParamsSchema.omit({ client: true }).optional(),\n  });\n\nexport type AlchemySignerParams = z.input<typeof AlchemySignerParamsSchema>;\n\n/**\n * A SmartAccountSigner that can be used with any SmartContractAccount\n */\nexport class AlchemyWebSigner extends BaseAlchemySigner<AlchemySignerWebClient> {\n  /**\n   * Initializes an instance with the provided Alchemy signer parameters after parsing them with a schema.\n   *\n   * @example\n   * ```ts\n   * import { AlchemyWebSigner } from \"@account-kit/signer\";\n   *\n   * const signer = new AlchemyWebSigner({\n   *  client: {\n   *    connection: {\n   *      rpcUrl: \"/api/rpc\",\n   *    },\n   *    iframeConfig: {\n   *      iframeContainerId: \"alchemy-signer-iframe-container\",\n   *    },\n   *  },\n   * });\n   * ```\n   *\n   * @param {AlchemySignerParams} params The parameters for the Alchemy signer, including the client and session configuration\n   */\n  constructor(params: AlchemySignerParams) {\n    const { sessionConfig, ...params_ } =\n      AlchemySignerParamsSchema.parse(params);\n\n    let client: AlchemySignerWebClient;\n    if (\"connection\" in params_.client) {\n      client = new AlchemySignerWebClient(params_.client);\n    } else {\n      client = params_.client;\n    }\n    super({\n      client,\n      sessionConfig,\n    });\n  }\n}\n"]}

package/dist/esm/version.d.ts

@@ -1 +1 @@
-export declare const VERSION = "4.0.0-beta.6";
+export declare const VERSION = "4.0.0-beta.7";

package/dist/esm/version.js

@@ -1,4 +1,4 @@
 // This file is autogenerated by inject-version.ts. Any changes will be
 // overwritten on commit!
-export const VERSION = "4.0.0-beta.6";
+export const VERSION = "4.0.0-beta.7";
 //# sourceMappingURL=version.js.map

package/dist/esm/version.js.map

@@ -1 +1 @@
-{"version":3,"file":"version.js","sourceRoot":"","sources":["../../src/version.ts"],"names":[],"mappings":"AAAA,uEAAuE;AACvE,yBAAyB;AACzB,MAAM,CAAC,MAAM,OAAO,GAAG,cAAc,CAAC","sourcesContent":["// This file is autogenerated by inject-version.ts. Any changes will be\n// overwritten on commit!\nexport const VERSION = \"4.0.0-beta.6\";\n"]}
+{"version":3,"file":"version.js","sourceRoot":"","sources":["../../src/version.ts"],"names":[],"mappings":"AAAA,uEAAuE;AACvE,yBAAyB;AACzB,MAAM,CAAC,MAAM,OAAO,GAAG,cAAc,CAAC","sourcesContent":["// This file is autogenerated by inject-version.ts. Any changes will be\n// overwritten on commit!\nexport const VERSION = \"4.0.0-beta.7\";\n"]}

package/dist/types/client/index.d.ts

@@ -1,3 +1,4 @@
+import { BaseError } from "@aa-sdk/core";
 import { z } from "zod";
 import { BaseSignerClient } from "./base.js";
 import type { AlchemySignerClientEvents, CreateAccountParams, CredentialCreationOptionOverrides, EmailAuthParams, ExportWalletParams, OauthConfig, User } from "./types.js";
@@ -379,4 +380,22 @@ export declare class AlchemySignerWebClient extends BaseSignerClient<ExportWalle
     protected getOauthConfig: () => Promise<OauthConfig>;
     private getOauthConfigForMode;
 }
+/**
+ * This error is thrown when the OAuth flow is cancelled because the auth popup
+ * window was closed.
+ */
+export declare class OauthCancelledError extends BaseError {
+    name: string;
+    /**
+     * Constructor for initializing an error indicating that the OAuth flow was
+     * cancelled.
+     */
+    constructor();
+}
+/**
+ * This error is thrown when an error occurs during the OAuth login flow.
+ */
+export declare class OauthFailedError extends BaseError {
+    name: string;
+}
 //# sourceMappingURL=index.d.ts.map

package/dist/types/client/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/client/index.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,KAAK,EACV,yBAAyB,EACzB,mBAAmB,EACnB,iCAAiC,EACjC,eAAe,EACf,kBAAkB,EAClB,WAAW,EAEX,IAAI,EACL,MAAM,YAAY,CAAC;AAEpB,OAAO,KAAK,EAAE,UAAU,EAAa,MAAM,cAAc,CAAC;AAI1D,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAgB1C,CAAC;AAEH,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAC7C,OAAO,+BAA+B,CACvC,CAAC;AAYF;;;GAGG;AACH,qBAAa,sBAAuB,SAAQ,gBAAgB,CAAC,kBAAkB,CAAC;IAC9E,OAAO,CAAC,aAAa,CAAgB;IACrC,OAAO,CAAC,eAAe,CAAkB;IACzC,gBAAgB,EAAE,MAAM,CAAC;IACzB,iBAAiB,EAAE,MAAM,CAAC;IAE1B;;;;;;;;;;;;;;;;;;;;;;OAsBG;gBACS,MAAM,EAAE,yBAAyB;IA0B7C;;;;;;;;;;;;;;;;;;;;;OAqBG;IACa,aAAa,WAAkB,mBAAmB,kDAwChE;IAEF;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACa,aAAa,WACnB,KAAK,eAAe,EAAE,iBAAiB,CAAC;;OAYhD;IAEF;;;;;;;;;;;;;;;;;;;;;OAqBG;IACa,sBAAsB;gBAK5B,MAAM;eACP,MAAM;4BACO,MAAM,yBAAyB;UACjD,QAAQ,IAAI,CAAC,CAcf;IAEF;;;;;;;;;;;;;;;;;;;;;OAqBG;IACa,qBAAqB,UAC7B,IAAI,GAAG,SAAS,mBActB;IAEF;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACa,YAAY,4CAGzB,kBAAkB,sBAmBnB;IAEF;;;;;;;;;;;;;;;;;;OAkBG;IACa,UAAU,sBAGxB;IAEF;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACa,iBAAiB,SACzB,QAAQ,UAAU,EAAE;QAAE,IAAI,EAAE,OAAO,CAAC;QAAC,IAAI,EAAE,UAAU,CAAA;KAAE,CAAC,KAC7D,QAAQ,KAAK,CAAC,CAMf;IAEF;;;;;;;;;;;;;;;;;;;;;;;;;OAyBG;IACa,cAAc,SACtB,QAAQ,UAAU,EAAE;QAAE,IAAI,EAAE,OAAO,CAAC;QAAC,IAAI,EAAE,OAAO,CAAA;KAAE,CAAC,KAC1D,QAAQ,IAAI,CAAC,CAqCd;IAEF,OAAO,CAAC,mBAAmB,CAsEzB;IAEF,OAAO,CAAC,iBAAiB,CAQvB;IAEF,OAAO,CAAC,mBAAmB,CAYzB;IAEF,UAAmB,sBAAsB,aAC7B,iCAAiC,gBAC9B;QAAE,QAAQ,EAAE,MAAM,CAAA;KAAE;;;;;;;;;OAmDjC;IAEF,UAAmB,cAAc,QAAa,QAAQ,WAAW,CAAC,CAIhE;IAEF,OAAO,CAAC,qBAAqB,CAY3B;CACH"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/client/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAA0B,MAAM,cAAc,CAAC;AAIjE,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,KAAK,EACV,yBAAyB,EACzB,mBAAmB,EACnB,iCAAiC,EACjC,eAAe,EACf,kBAAkB,EAClB,WAAW,EAEX,IAAI,EACL,MAAM,YAAY,CAAC;AAEpB,OAAO,KAAK,EAAE,UAAU,EAAa,MAAM,cAAc,CAAC;AAI1D,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAgB1C,CAAC;AAEH,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAC7C,OAAO,+BAA+B,CACvC,CAAC;AAYF;;;GAGG;AACH,qBAAa,sBAAuB,SAAQ,gBAAgB,CAAC,kBAAkB,CAAC;IAC9E,OAAO,CAAC,aAAa,CAAgB;IACrC,OAAO,CAAC,eAAe,CAAkB;IACzC,gBAAgB,EAAE,MAAM,CAAC;IACzB,iBAAiB,EAAE,MAAM,CAAC;IAE1B;;;;;;;;;;;;;;;;;;;;;;OAsBG;gBACS,MAAM,EAAE,yBAAyB;IA0B7C;;;;;;;;;;;;;;;;;;;;;OAqBG;IACa,aAAa,WAAkB,mBAAmB,kDAwChE;IAEF;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACa,aAAa,WACnB,KAAK,eAAe,EAAE,iBAAiB,CAAC;;OAYhD;IAEF;;;;;;;;;;;;;;;;;;;;;OAqBG;IACa,sBAAsB;gBAK5B,MAAM;eACP,MAAM;4BACO,MAAM,yBAAyB;UACjD,QAAQ,IAAI,CAAC,CAcf;IAEF;;;;;;;;;;;;;;;;;;;;;OAqBG;IACa,qBAAqB,UAC7B,IAAI,GAAG,SAAS,mBActB;IAEF;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACa,YAAY,4CAGzB,kBAAkB,sBAmBnB;IAEF;;;;;;;;;;;;;;;;;;OAkBG;IACa,UAAU,sBAGxB;IAEF;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACa,iBAAiB,SACzB,QAAQ,UAAU,EAAE;QAAE,IAAI,EAAE,OAAO,CAAC;QAAC,IAAI,EAAE,UAAU,CAAA;KAAE,CAAC,KAC7D,QAAQ,KAAK,CAAC,CAMf;IAEF;;;;;;;;;;;;;;;;;;;;;;;;;OAyBG;IACa,cAAc,SACtB,QAAQ,UAAU,EAAE;QAAE,IAAI,EAAE,OAAO,CAAC;QAAC,IAAI,EAAE,OAAO,CAAA;KAAE,CAAC,KAC1D,QAAQ,IAAI,CAAC,CA8Cd;IAEF,OAAO,CAAC,mBAAmB,CA0EzB;IAEF,OAAO,CAAC,iBAAiB,CAQvB;IAEF,OAAO,CAAC,mBAAmB,CAYzB;IAEF,UAAmB,sBAAsB,aAC7B,iCAAiC,gBAC9B;QAAE,QAAQ,EAAE,MAAM,CAAA;KAAE;;;;;;;;;OAmDjC;IAEF,UAAmB,cAAc,QAAa,QAAQ,WAAW,CAAC,CAIhE;IAEF,OAAO,CAAC,qBAAqB,CAY3B;CACH;AASD;;;GAGG;AACH,qBAAa,mBAAoB,SAAQ,SAAS;IACvC,IAAI,SAAyB;IAEtC;;;OAGG;;CAIJ;AAED;;GAEG;AACH,qBAAa,gBAAiB,SAAQ,SAAS;IACpC,IAAI,SAAsB;CACpC"}

package/dist/types/index.d.ts

@@ -1,6 +1,6 @@
 export { BaseAlchemySigner } from "./base.js";
 export { BaseSignerClient } from "./client/base.js";
-export { AlchemySignerWebClient } from "./client/index.js";
+export { AlchemySignerWebClient, OauthCancelledError, OauthFailedError, } from "./client/index.js";
 export type * from "./client/types.js";
 export { DEFAULT_SESSION_MS } from "./session/manager.js";
 export type * from "./signer.js";

package/dist/types/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AAC3D,mBAAmB,mBAAmB,CAAC;AACvC,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,mBAAmB,aAAa,CAAC;AACjC,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,mBAAmB,YAAY,CAAC;AAChC,OAAO,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EACL,sBAAsB,EACtB,mBAAmB,EACnB,gBAAgB,GACjB,MAAM,mBAAmB,CAAC;AAC3B,mBAAmB,mBAAmB,CAAC;AACvC,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,mBAAmB,aAAa,CAAC;AACjC,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,mBAAmB,YAAY,CAAC;AAChC,OAAO,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC"}

package/dist/types/oauth.d.ts

@@ -1,3 +1,4 @@
+import type { KnownAuthProvider } from "./signer";
 /**
  * Turnkey requires the nonce in the id token to be in this format.
  *
@@ -15,5 +16,5 @@ export type ScopeAndClaims = {
  * @param {string} knownAuthProviderId id of a known auth provider, e.g. "google"
  * @returns {ScopeAndClaims | undefined} default scope and claims
  */
-export declare function getDefaultScopeAndClaims(knownAuthProviderId: string): ScopeAndClaims | undefined;
+export declare function getDefaultScopeAndClaims(knownAuthProviderId: KnownAuthProvider): ScopeAndClaims | undefined;
 //# sourceMappingURL=oauth.d.ts.map

package/dist/types/oauth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../../src/oauth.ts"],"names":[],"mappings":"AAEA;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,gBAAgB,EAAE,MAAM,GAAG,MAAM,CAE9D;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC;AAYF;;;;;GAKG;AACH,wBAAgB,wBAAwB,CACtC,mBAAmB,EAAE,MAAM,GAC1B,cAAc,GAAG,SAAS,CAE5B"}
+{"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../../src/oauth.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAElD;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,gBAAgB,EAAE,MAAM,GAAG,MAAM,CAE9D;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC;AASF;;;;;GAKG;AACH,wBAAgB,wBAAwB,CACtC,mBAAmB,EAAE,iBAAiB,GACrC,cAAc,GAAG,SAAS,CAE5B"}

package/dist/types/signer.d.ts

@@ -24,23 +24,35 @@ export type AuthParams = {
     creationOpts?: CredentialCreationOptionOverrides;
 } | ({
     type: "oauth";
-    authProviderId: string;
-    isCustomProvider?: boolean;
     scope?: string;
     claims?: string;
-} & RedirectConfig) | {
+} & OauthProviderConfig & OauthRedirectConfig) | {
     type: "oauthReturn";
     bundle: string;
     orgId: string;
 };
-export type OauthMode = "redirect" | "popup";
-export type RedirectConfig = {
+export type OauthProviderConfig = {
+    authProviderId: "auth0";
+    isCustomProvider?: false;
+    auth0Connection?: string;
+} | {
+    authProviderId: KnownAuthProvider;
+    isCustomProvider?: false;
+    auth0Connection?: never;
+} | {
+    authProviderId: string;
+    isCustomProvider: true;
+    auth0Connection?: never;
+};
+export type OauthRedirectConfig = {
     mode: "redirect";
     redirectUrl: string;
 } | {
     mode: "popup";
     redirectUrl?: never;
 };
+export type KnownAuthProvider = "google" | "apple" | "facebook" | "auth0";
+export type OauthMode = "redirect" | "popup";
 export declare const AlchemySignerParamsSchema: z.ZodObject<{
     client: z.ZodUnion<[z.ZodType<AlchemySignerWebClient, z.ZodTypeDef, AlchemySignerWebClient>, z.ZodObject<{
         connection: z.ZodUnion<[z.ZodObject<{

package/dist/types/signer.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"signer.d.ts","sourceRoot":"","sources":["../../src/signer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,EAEL,sBAAsB,EACvB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,mBAAmB,CAAC;AAG3E,MAAM,MAAM,UAAU,GAClB;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,cAAc,CAAC,EAAE,eAAe,CAAA;CAAE,GAClE;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,GACjD;IACE,IAAI,EAAE,SAAS,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,CAAC,EAAE,iCAAiC,CAAC;CAClD,GACD;IACE,IAAI,EAAE,SAAS,CAAC;IAChB,SAAS,EAAE,KAAK,CAAC;CAClB,GACD;IACE,IAAI,EAAE,SAAS,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,iCAAiC,CAAC;CAClD,GACD,CAAC;IACC,IAAI,EAAE,OAAO,CAAC;IACd,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,GAAG,cAAc,CAAC,GACnB;IAAE,IAAI,EAAE,aAAa,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC;AAE3D,MAAM,MAAM,SAAS,GAAG,UAAU,GAAG,OAAO,CAAC;AAE7C,MAAM,MAAM,cAAc,GACtB;IAAE,IAAI,EAAE,UAAU,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,GACzC;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,WAAW,CAAC,EAAE,KAAK,CAAA;CAAE,CAAC;AAE3C,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAQlC,CAAC;AAEL,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAE5E;;GAEG;AACH,qBAAa,gBAAiB,SAAQ,iBAAiB,CAAC,sBAAsB,CAAC;IAC7E;;;;;;;;;;;;;;;;;;;;OAoBG;gBACS,MAAM,EAAE,mBAAmB;CAexC"}
+{"version":3,"file":"signer.d.ts","sourceRoot":"","sources":["../../src/signer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,EAEL,sBAAsB,EACvB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,mBAAmB,CAAC;AAG3E,MAAM,MAAM,UAAU,GAClB;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,cAAc,CAAC,EAAE,eAAe,CAAA;CAAE,GAClE;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,GACjD;IACE,IAAI,EAAE,SAAS,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,CAAC,EAAE,iCAAiC,CAAC;CAClD,GACD;IACE,IAAI,EAAE,SAAS,CAAC;IAChB,SAAS,EAAE,KAAK,CAAC;CAClB,GACD;IACE,IAAI,EAAE,SAAS,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,iCAAiC,CAAC;CAClD,GACD,CAAC;IACC,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,GAAG,mBAAmB,GACrB,mBAAmB,CAAC,GACtB;IAAE,IAAI,EAAE,aAAa,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC;AAE3D,MAAM,MAAM,mBAAmB,GAC3B;IACE,cAAc,EAAE,OAAO,CAAC;IACxB,gBAAgB,CAAC,EAAE,KAAK,CAAC;IACzB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B,GACD;IACE,cAAc,EAAE,iBAAiB,CAAC;IAClC,gBAAgB,CAAC,EAAE,KAAK,CAAC;IACzB,eAAe,CAAC,EAAE,KAAK,CAAC;CACzB,GACD;IACE,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,IAAI,CAAC;IACvB,eAAe,CAAC,EAAE,KAAK,CAAC;CACzB,CAAC;AAEN,MAAM,MAAM,mBAAmB,GAC3B;IAAE,IAAI,EAAE,UAAU,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,GACzC;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,WAAW,CAAC,EAAE,KAAK,CAAA;CAAE,CAAC;AAE3C,MAAM,MAAM,iBAAiB,GAAG,QAAQ,GAAG,OAAO,GAAG,UAAU,GAAG,OAAO,CAAC;AAE1E,MAAM,MAAM,SAAS,GAAG,UAAU,GAAG,OAAO,CAAC;AAE7C,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAQlC,CAAC;AAEL,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAE5E;;GAEG;AACH,qBAAa,gBAAiB,SAAQ,iBAAiB,CAAC,sBAAsB,CAAC;IAC7E;;;;;;;;;;;;;;;;;;;;OAoBG;gBACS,MAAM,EAAE,mBAAmB;CAexC"}

package/dist/types/version.d.ts

@@ -1,2 +1,2 @@
-export declare const VERSION = "4.0.0-beta.6";
+export declare const VERSION = "4.0.0-beta.7";
 //# sourceMappingURL=version.d.ts.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@account-kit/signer",
-  "version": "4.0.0-beta.6",
+  "version": "4.0.0-beta.7",
   "description": "Core interfaces and clients for interfacing with the Alchemy Signer API",
   "author": "Alchemy",
   "license": "MIT",
@@ -49,7 +49,7 @@
     "vitest": "^2.0.4"
   },
   "dependencies": {
-    "@aa-sdk/core": "^4.0.0-beta.6",
+    "@aa-sdk/core": "^4.0.0-beta.7",
     "@turnkey/http": "^2.6.2",
     "@turnkey/iframe-stamper": "^1.0.0",
     "@turnkey/viem": "^0.4.8",
@@ -71,5 +71,5 @@
     "url": "https://github.com/alchemyplatform/aa-sdk/issues"
   },
   "homepage": "https://github.com/alchemyplatform/aa-sdk#readme",
-  "gitHead": "c25850c8617a78ee1956896b64c85db7a9ad6c08"
+  "gitHead": "4052aad057a2d8b6659e309f1a753efcff8aeea0"
 }

package/src/client/index.ts

@@ -1,4 +1,4 @@
-import { ConnectionConfigSchema } from "@aa-sdk/core";
+import { BaseError, ConnectionConfigSchema } from "@aa-sdk/core";
 import { getWebAuthnAttestation } from "@turnkey/http";
 import { IframeStamper } from "@turnkey/iframe-stamper";
 import { WebauthnStamper } from "@turnkey/webauthn-stamper";
@@ -451,14 +451,23 @@ export class AlchemySignerWebClient extends BaseSignerClient<ExportWalletParams>
         if (!event.data) {
           return;
         }
-        const { alchemyBundle: bundle, alchemyOrgId: orgId } = event.data;
+        const {
+          alchemyBundle: bundle,
+          alchemyOrgId: orgId,
+          alchemyError,
+        } = event.data;
         if (bundle && orgId) {
           cleanup();
+          popup?.close();
           this.completeAuthWithBundle({
             bundle,
             orgId,
             connectedEventName: "connectedOauth",
           }).then(resolve, reject);
+        } else if (alchemyError) {
+          cleanup();
+          popup?.close();
+          reject(new OauthFailedError(alchemyError));
         }
       };
 
@@ -467,7 +476,7 @@ export class AlchemySignerWebClient extends BaseSignerClient<ExportWalletParams>
       const checkCloseIntervalId = setInterval(() => {
         if (popup?.closed) {
           cleanup();
-          reject(new Error("OAuth cancelled"));
+          reject(new OauthCancelledError());
         }
       }, CHECK_CLOSE_INTERVAL);
 
@@ -482,6 +491,7 @@ export class AlchemySignerWebClient extends BaseSignerClient<ExportWalletParams>
     const {
       authProviderId,
       isCustomProvider,
+      auth0Connection,
       scope: providedScope,
       claims: providedClaims,
       mode,
@@ -546,6 +556,9 @@ export class AlchemySignerWebClient extends BaseSignerClient<ExportWalletParams>
     if (claims) {
       params.claims = claims;
     }
+    if (auth0Connection) {
+      params.connection = auth0Connection;
+    }
     authUrl.search = new URLSearchParams(params).toString();
     return authUrl.toString();
   };
@@ -656,3 +669,26 @@ function resolveRelativeUrl(url: string): string {
   a.href = url;
   return a.href;
 }
+
+/**
+ * This error is thrown when the OAuth flow is cancelled because the auth popup
+ * window was closed.
+ */
+export class OauthCancelledError extends BaseError {
+  override name = "OauthCancelledError";
+
+  /**
+   * Constructor for initializing an error indicating that the OAuth flow was
+   * cancelled.
+   */
+  constructor() {
+    super("OAuth cancelled");
+  }
+}
+
+/**
+ * This error is thrown when an error occurs during the OAuth login flow.
+ */
+export class OauthFailedError extends BaseError {
+  override name = "OauthFailedError";
+}

package/src/index.ts

@@ -1,6 +1,10 @@
 export { BaseAlchemySigner } from "./base.js";
 export { BaseSignerClient } from "./client/base.js";
-export { AlchemySignerWebClient } from "./client/index.js";
+export {
+  AlchemySignerWebClient,
+  OauthCancelledError,
+  OauthFailedError,
+} from "./client/index.js";
 export type * from "./client/types.js";
 export { DEFAULT_SESSION_MS } from "./session/manager.js";
 export type * from "./signer.js";

package/src/oauth.ts

@@ -1,4 +1,5 @@
 import { sha256 } from "viem";
+import type { KnownAuthProvider } from "./signer";
 
 /**
  * Turnkey requires the nonce in the id token to be in this format.
@@ -15,14 +16,11 @@ export type ScopeAndClaims = {
   claims?: string;
 };
 
-const DEFAULT_SCOPE_AND_CLAIMS: Record<string, ScopeAndClaims> = {
+const DEFAULT_SCOPE_AND_CLAIMS: Record<KnownAuthProvider, ScopeAndClaims> = {
   google: { scope: "openid email" },
   apple: { scope: "openid email" },
   facebook: { scope: "openid email" },
-  twitch: {
-    scope: "openid user:read:email",
-    claims: JSON.stringify({ id_token: { email: null } }),
-  },
+  auth0: { scope: "openid email" },
 };
 
 /**
@@ -32,7 +30,7 @@ const DEFAULT_SCOPE_AND_CLAIMS: Record<string, ScopeAndClaims> = {
  * @returns {ScopeAndClaims | undefined} default scope and claims
  */
 export function getDefaultScopeAndClaims(
-  knownAuthProviderId: string
+  knownAuthProviderId: KnownAuthProvider
 ): ScopeAndClaims | undefined {
   return DEFAULT_SCOPE_AND_CLAIMS[knownAuthProviderId];
 }

package/src/signer.ts

@@ -27,19 +27,37 @@ export type AuthParams =
     }
   | ({
       type: "oauth";
-      authProviderId: string;
-      isCustomProvider?: boolean;
       scope?: string;
       claims?: string;
-    } & RedirectConfig)
+    } & OauthProviderConfig &
+      OauthRedirectConfig)
   | { type: "oauthReturn"; bundle: string; orgId: string };
 
-export type OauthMode = "redirect" | "popup";
+export type OauthProviderConfig =
+  | {
+      authProviderId: "auth0";
+      isCustomProvider?: false;
+      auth0Connection?: string;
+    }
+  | {
+      authProviderId: KnownAuthProvider;
+      isCustomProvider?: false;
+      auth0Connection?: never;
+    }
+  | {
+      authProviderId: string;
+      isCustomProvider: true;
+      auth0Connection?: never;
+    };
 
-export type RedirectConfig =
+export type OauthRedirectConfig =
   | { mode: "redirect"; redirectUrl: string }
   | { mode: "popup"; redirectUrl?: never };
 
+export type KnownAuthProvider = "google" | "apple" | "facebook" | "auth0";
+
+export type OauthMode = "redirect" | "popup";
+
 export const AlchemySignerParamsSchema = z
   .object({
     client: z

package/src/version.ts

@@ -1,3 +1,3 @@
 // This file is autogenerated by inject-version.ts. Any changes will be
 // overwritten on commit!
-export const VERSION = "4.0.0-beta.5";
+export const VERSION = "4.0.0-beta.7";