@account-kit/signer 4.0.0-beta.6 → 4.0.0-beta.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (29) hide show
  1. package/dist/esm/client/index.d.ts +19 -0
  2. package/dist/esm/client/index.js +57 -5
  3. package/dist/esm/client/index.js.map +1 -1
  4. package/dist/esm/index.d.ts +1 -1
  5. package/dist/esm/index.js +1 -1
  6. package/dist/esm/index.js.map +1 -1
  7. package/dist/esm/oauth.d.ts +2 -1
  8. package/dist/esm/oauth.js +1 -4
  9. package/dist/esm/oauth.js.map +1 -1
  10. package/dist/esm/signer.d.ts +17 -5
  11. package/dist/esm/signer.js.map +1 -1
  12. package/dist/esm/version.d.ts +1 -1
  13. package/dist/esm/version.js +1 -1
  14. package/dist/esm/version.js.map +1 -1
  15. package/dist/types/client/index.d.ts +19 -0
  16. package/dist/types/client/index.d.ts.map +1 -1
  17. package/dist/types/index.d.ts +1 -1
  18. package/dist/types/index.d.ts.map +1 -1
  19. package/dist/types/oauth.d.ts +2 -1
  20. package/dist/types/oauth.d.ts.map +1 -1
  21. package/dist/types/signer.d.ts +17 -5
  22. package/dist/types/signer.d.ts.map +1 -1
  23. package/dist/types/version.d.ts +1 -1
  24. package/package.json +3 -3
  25. package/src/client/index.ts +51 -4
  26. package/src/index.ts +5 -1
  27. package/src/oauth.ts +4 -6
  28. package/src/signer.ts +23 -5
  29. package/src/version.ts +1 -1
package/dist/esm/client/index.d.ts CHANGED
@@ -1,3 +1,4 @@
1
+ import { BaseError } from "@aa-sdk/core";
1
2
  import { z } from "zod";
2
3
  import { BaseSignerClient } from "./base.js";
3
4
  import type { AlchemySignerClientEvents, CreateAccountParams, CredentialCreationOptionOverrides, EmailAuthParams, ExportWalletParams, OauthConfig, User } from "./types.js";
@@ -379,3 +380,21 @@ export declare class AlchemySignerWebClient extends BaseSignerClient<ExportWalle
379
380
  protected getOauthConfig: () => Promise<OauthConfig>;
380
381
  private getOauthConfigForMode;
381
382
  }
383
+ /**
384
+ * This error is thrown when the OAuth flow is cancelled because the auth popup
385
+ * window was closed.
386
+ */
387
+ export declare class OauthCancelledError extends BaseError {
388
+ name: string;
389
+ /**
390
+ * Constructor for initializing an error indicating that the OAuth flow was
391
+ * cancelled.
392
+ */
393
+ constructor();
394
+ }
395
+ /**
396
+ * This error is thrown when an error occurs during the OAuth login flow.
397
+ */
398
+ export declare class OauthFailedError extends BaseError {
399
+ name: string;
400
+ }
package/dist/esm/client/index.js CHANGED
@@ -1,4 +1,4 @@
1
- import { ConnectionConfigSchema } from "@aa-sdk/core";
1
+ import { BaseError, ConnectionConfigSchema } from "@aa-sdk/core";
2
2
  import { getWebAuthnAttestation } from "@turnkey/http";
3
3
  import { IframeStamper } from "@turnkey/iframe-stamper";
4
4
  import { WebauthnStamper } from "@turnkey/webauthn-stamper";
@@ -417,21 +417,27 @@ export class AlchemySignerWebClient extends BaseSignerClient {
417
417
  if (!event.data) {
418
418
  return;
419
419
  }
420
- const { alchemyBundle: bundle, alchemyOrgId: orgId } = event.data;
420
+ const { alchemyBundle: bundle, alchemyOrgId: orgId, alchemyError, } = event.data;
421
421
  if (bundle && orgId) {
422
422
  cleanup();
423
+ popup?.close();
423
424
  this.completeAuthWithBundle({
424
425
  bundle,
425
426
  orgId,
426
427
  connectedEventName: "connectedOauth",
427
428
  }).then(resolve, reject);
428
429
  }
430
+ else if (alchemyError) {
431
+ cleanup();
432
+ popup?.close();
433
+ reject(new OauthFailedError(alchemyError));
434
+ }
429
435
  };
430
436
  window.addEventListener("message", handleMessage);
431
437
  const checkCloseIntervalId = setInterval(() => {
432
438
  if (popup?.closed) {
433
439
  cleanup();
434
- reject(new Error("OAuth cancelled"));
440
+ reject(new OauthCancelledError());
435
441
  }
436
442
  }, CHECK_CLOSE_INTERVAL);
437
443
  const cleanup = () => {
@@ -446,7 +452,7 @@ export class AlchemySignerWebClient extends BaseSignerClient {
446
452
  configurable: true,
447
453
  writable: true,
448
454
  value: async (args) => {
449
- const { authProviderId, isCustomProvider, scope: providedScope, claims: providedClaims, mode, redirectUrl, expirationSeconds, } = args;
455
+ const { authProviderId, isCustomProvider, auth0Connection, scope: providedScope, claims: providedClaims, mode, redirectUrl, expirationSeconds, } = args;
450
456
  const { codeChallenge, requestKey, authProviders } = await this.getOauthConfigForMode(mode);
451
457
  const authProvider = authProviders.find((provider) => provider.id === authProviderId &&
452
458
  !!provider.isCustomProvider === !!isCustomProvider);
@@ -456,7 +462,7 @@ export class AlchemySignerWebClient extends BaseSignerClient {
456
462
  let scope;
457
463
  let claims;
458
464
  if (providedScope) {
459
- scope = providedScope;
465
+ scope = addOpenIdIfAbsent(providedScope);
460
466
  claims = providedClaims;
461
467
  }
462
468
  else {
@@ -497,6 +503,9 @@ export class AlchemySignerWebClient extends BaseSignerClient {
497
503
  if (claims) {
498
504
  params.claims = claims;
499
505
  }
506
+ if (auth0Connection) {
507
+ params.connection = auth0Connection;
508
+ }
500
509
  authUrl.search = new URLSearchParams(params).toString();
501
510
  return authUrl.toString();
502
511
  }
@@ -624,4 +633,47 @@ function resolveRelativeUrl(url) {
624
633
  a.href = url;
625
634
  return a.href;
626
635
  }
636
+ /**
637
+ * "openid" is a required scope in the OIDC protocol. Insert it if the user
638
+ * forgot.
639
+ *
640
+ * @param {string} scope scope param which may be missing "openid"
641
+ * @returns {string} scope which most definitely contains "openid"
642
+ */
643
+ function addOpenIdIfAbsent(scope) {
644
+ return scope.match(/\bopenid\b/) ? scope : `openid ${scope}`;
645
+ }
646
+ /**
647
+ * This error is thrown when the OAuth flow is cancelled because the auth popup
648
+ * window was closed.
649
+ */
650
+ export class OauthCancelledError extends BaseError {
651
+ /**
652
+ * Constructor for initializing an error indicating that the OAuth flow was
653
+ * cancelled.
654
+ */
655
+ constructor() {
656
+ super("OAuth cancelled");
657
+ Object.defineProperty(this, "name", {
658
+ enumerable: true,
659
+ configurable: true,
660
+ writable: true,
661
+ value: "OauthCancelledError"
662
+ });
663
+ }
664
+ }
665
+ /**
666
+ * This error is thrown when an error occurs during the OAuth login flow.
667
+ */
668
+ export class OauthFailedError extends BaseError {
669
+ constructor() {
670
+ super(...arguments);
671
+ Object.defineProperty(this, "name", {
672
+ enumerable: true,
673
+ configurable: true,
674
+ writable: true,
675
+ value: "OauthFailedError"
676
+ });
677
+ }
678
+ }
627
679
  //# sourceMappingURL=index.js.map
package/dist/esm/client/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/client/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AACtD,OAAO,EAAE,sBAAsB,EAAE,MAAM,eAAe,CAAC;AACvD,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAC5D,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,kCAAkC,CAAC;AACxE,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAW7C,OAAO,EAAE,wBAAwB,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAGtE,MAAM,oBAAoB,GAAG,GAAG,CAAC;AAEjC,MAAM,CAAC,MAAM,+BAA+B,GAAG,CAAC,CAAC,MAAM,CAAC;IACtD,UAAU,EAAE,sBAAsB;IAClC,YAAY,EAAE,CAAC,CAAC,MAAM,CAAC;QACrB,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,gBAAgB,CAAC;QACrD,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE;KAC9B,CAAC;IACF,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,SAAS,EAAE,CAAC;SACT,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,OAAO,CAAC,sCAAsC,CAAC;IAClD,gBAAgB,EAAE,CAAC;SAChB,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,OAAO,CAAC,qCAAqC,CAAC;IACjD,gBAAgB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;CACxD,CAAC,CAAC;AAgBH;;;GAGG;AACH,MAAM,OAAO,sBAAuB,SAAQ,gBAAoC;IAM9E;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACH,YAAY,MAAiC;QAC3C,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,IAAI,EAAE,SAAS,EAAE,gBAAgB,EAAE,GACnE,+BAA+B,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAEhD,MAAM,aAAa,GAAG,IAAI,aAAa,CAAC;YACtC,eAAe,EAAE,YAAY,CAAC,eAAe;YAC7C,SAAS,EAAE,0BAA0B;YACrC,eAAe,EAAE,QAAQ,CAAC,cAAc,CAAC,YAAY,CAAC,iBAAiB,CAAC;SACzE,CAAC,CAAC;QAEH,KAAK,CAAC;YACJ,UAAU;YACV,SAAS;YACT,OAAO,EAAE,aAAa;SACvB,CAAC,CAAC;QA1CG;;;;;WAA6B;QAC7B;;;;;WAAiC;QACzC;;;;;WAAyB;QACzB;;;;;WAA0B;QAmD1B;;;;;;;;;;;;;;;;;;;;;WAqBG;QACa;;;;mBAAgB,KAAK,EAAE,MAA2B,EAAE,EAAE;gBACpE,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;gBACzC,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;oBAC5B,MAAM,EAAE,KAAK,EAAE,iBAAiB,EAAE,GAAG,MAAM,CAAC;oBAC5C,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;oBAEjD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE;wBAChD,KAAK;wBACL,eAAe,EAAE,SAAS;wBAC1B,iBAAiB;wBACjB,cAAc,EAAE,MAAM,CAAC,cAAc,EAAE,QAAQ,EAAE;qBAClD,CAAC,CAAC;oBAEH,OAAO,QAAQ,CAAC;gBAClB,CAAC;gBAED,gCAAgC;gBAChC,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAClE,MAAM,CAAC,YAAY,EACnB,EAAE,QAAQ,EAAE,OAAO,IAAI,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,EAAE,CACjE,CAAC;gBAEF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE;oBAC9C,OAAO,EAAE;wBACP,SAAS,EAAE,eAAe,CAAC,SAAS,CAAC;wBACrC,WAAW;qBACZ;oBACD,KAAK,EAAE,OAAO,IAAI,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;iBACpD,CAAC,CAAC;gBAEH,IAAI,CAAC,IAAI,GAAG;oBACV,KAAK,EAAE,MAAM,CAAC,KAAK;oBACnB,OAAO,EAAE,MAAM,CAAC,OAAQ;oBACxB,MAAM,EAAE,MAAM,CAAC,MAAO;oBACtB,YAAY,EAAE,WAAW,CAAC,YAAY;iBACvC,CAAC;gBACF,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACpC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,kBAAkB,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;gBAEtD,OAAO,MAAM,CAAC;YAChB,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;;WAsBG;QACa;;;;mBAAgB,KAAK,EACnC,MAAgD,EAChD,EAAE;gBACF,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;gBACzC,MAAM,EAAE,KAAK,EAAE,iBAAiB,EAAE,GAAG,MAAM,CAAC;gBAC5C,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBAEjD,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE;oBAC9B,KAAK;oBACL,eAAe,EAAE,SAAS;oBAC1B,iBAAiB;oBACjB,cAAc,EAAE,MAAM,CAAC,cAAc,EAAE,QAAQ,EAAE;iBAClD,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;WAqBG;QACa;;;;mBAAyB,KAAK,EAAE,EAC9C,MAAM,EACN,KAAK,EACL,kBAAkB,GAKnB,EAAiB,EAAE;gBAClB,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;gBACzC,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBAE/B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC;gBAEvE,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;gBACxD,CAAC;gBAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBACtC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,kBAAkB,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;gBAEzD,OAAO,IAAI,CAAC;YACd,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;WAqBG;QACa;;;;mBAAwB,KAAK,EAC3C,OAAyB,SAAS,EAClC,EAAE;gBACF,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;gBACzC,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;gBACrC,IAAI,IAAI,EAAE,CAAC;oBACT,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;oBACjB,OAAO,IAAI,CAAC;gBACd,CAAC;gBAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAC/C,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;gBACvC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,kBAAkB,EAAE,MAAM,CAAC,CAAC;gBAEnD,OAAO,MAAM,CAAC;YAChB,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;;;;;;WA0BG;QACa;;;;mBAAe,KAAK,EAAE,EACpC,iBAAiB,EACjB,eAAe,GAAG,uBAAuB,GACtB,EAAE,EAAE;gBACvB,MAAM,yBAAyB,GAAG,IAAI,aAAa,CAAC;oBAClD,eAAe,EAAE,QAAQ,CAAC,cAAc,CAAC,iBAAiB,CAAC;oBAC3D,eAAe,EAAE,eAAe;oBAChC,SAAS,EAAE,4BAA4B;iBACxC,CAAC,CAAC;gBACH,MAAM,yBAAyB,CAAC,IAAI,EAAE,CAAC;gBAEvC,IAAI,IAAI,CAAC,aAAa,CAAC,OAAO,KAAK,IAAI,CAAC,aAAa,EAAE,CAAC;oBACtD,OAAO,IAAI,CAAC,iBAAiB,CAAC;wBAC5B,aAAa,EAAE,yBAAyB;wBACxC,QAAQ,EAAE,aAAa;qBACxB,CAAC,CAAC;gBACL,CAAC;gBAED,OAAO,IAAI,CAAC,iBAAiB,CAAC;oBAC5B,aAAa,EAAE,yBAAyB;oBACxC,QAAQ,EAAE,aAAa;iBACxB,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;WAkBG;QACa;;;;mBAAa,KAAK,IAAI,EAAE;gBACtC,IAAI,CAAC,IAAI,GAAG,SAAS,CAAC;gBACtB,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,CAAC;YAC7B,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;;;;;;WA0BG;QACa;;;;mBAAoB,KAAK,EACvC,IAA8D,EAC9C,EAAE;gBAClB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;gBACzD,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,WAAW,CAAC;gBACnC,OAAO,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,CAC/B,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,sCAAsC,CAAC,EAAE,IAAI,CAAC,CACvE,CAAC;YACJ,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;;;;;WAyBG;QACa;;;;mBAAiB,KAAK,EACpC,IAA2D,EAC5C,EAAE;gBACjB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;gBACzD,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CACvB,WAAW,EACX,QAAQ,EACR,4BAA4B,CAC7B,CAAC;gBACF,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;oBACrC,MAAM,aAAa,GAAG,CAAC,KAAmB,EAAE,EAAE;wBAC5C,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;4BAChB,OAAO;wBACT,CAAC;wBACD,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,YAAY,EAAE,KAAK,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC;wBAClE,IAAI,MAAM,IAAI,KAAK,EAAE,CAAC;4BACpB,OAAO,EAAE,CAAC;4BACV,IAAI,CAAC,sBAAsB,CAAC;gCAC1B,MAAM;gCACN,KAAK;gCACL,kBAAkB,EAAE,gBAAgB;6BACrC,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;wBAC3B,CAAC;oBACH,CAAC,CAAC;oBAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;oBAElD,MAAM,oBAAoB,GAAG,WAAW,CAAC,GAAG,EAAE;wBAC5C,IAAI,KAAK,EAAE,MAAM,EAAE,CAAC;4BAClB,OAAO,EAAE,CAAC;4BACV,MAAM,CAAC,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC;wBACvC,CAAC;oBACH,CAAC,EAAE,oBAAoB,CAAC,CAAC;oBAEzB,MAAM,OAAO,GAAG,GAAG,EAAE;wBACnB,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;wBACrD,aAAa,CAAC,oBAAoB,CAAC,CAAC;oBACtC,CAAC,CAAC;gBACJ,CAAC,CAAC,CAAC;YACL,CAAC;WAAC;QAEM;;;;mBAAsB,KAAK,EAAE,IAAiB,EAAmB,EAAE;gBACzE,MAAM,EACJ,cAAc,EACd,gBAAgB,EAChB,KAAK,EAAE,aAAa,EACpB,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,WAAW,EACX,iBAAiB,GAClB,GAAG,IAAI,CAAC;gBACT,MAAM,EAAE,aAAa,EAAE,UAAU,EAAE,aAAa,EAAE,GAChD,MAAM,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC;gBACzC,MAAM,YAAY,GAAG,aAAa,CAAC,IAAI,CACrC,CAAC,QAAQ,EAAE,EAAE,CACX,QAAQ,CAAC,EAAE,KAAK,cAAc;oBAC9B,CAAC,CAAC,QAAQ,CAAC,gBAAgB,KAAK,CAAC,CAAC,gBAAgB,CACrD,CAAC;gBACF,IAAI,CAAC,YAAY,EAAE,CAAC;oBAClB,MAAM,IAAI,KAAK,CAAC,kCAAkC,cAAc,EAAE,CAAC,CAAC;gBACtE,CAAC;gBACD,IAAI,KAAa,CAAC;gBAClB,IAAI,MAA0B,CAAC;gBAC/B,IAAI,aAAa,EAAE,CAAC;oBAClB,KAAK,GAAG,aAAa,CAAC;oBACtB,MAAM,GAAG,cAAc,CAAC;gBAC1B,CAAC;qBAAM,CAAC;oBACN,IAAI,gBAAgB,EAAE,CAAC;wBACrB,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;oBAClE,CAAC;oBACD,MAAM,cAAc,GAAG,wBAAwB,CAAC,cAAc,CAAC,CAAC;oBAChE,IAAI,CAAC,cAAc,EAAE,CAAC;wBACpB,MAAM,IAAI,KAAK,CACb,wCAAwC,cAAc,EAAE,CACzD,CAAC;oBACJ,CAAC;oBACD,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,cAAc,CAAC,CAAC;gBACvC,CAAC;gBACD,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,YAAY,CAAC;gBAChD,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBACxD,MAAM,KAAK,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAC;gBAC9C,MAAM,WAAW,GAAe;oBAC9B,cAAc;oBACd,gBAAgB;oBAChB,UAAU;oBACV,gBAAgB;oBAChB,iBAAiB;oBACjB,WAAW,EACT,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,SAAS;oBACnE,YAAY,EAAE,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;iBACpE,CAAC;gBACF,MAAM,KAAK,GAAG,eAAe,CAC3B,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,CACtD,CAAC;gBACF,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC;gBACtC,MAAM,MAAM,GAA2B;oBACrC,YAAY,EAAE,IAAI,CAAC,gBAAgB;oBACnC,aAAa,EAAE,MAAM;oBACrB,KAAK;oBACL,KAAK;oBACL,cAAc,EAAE,aAAa;oBAC7B,qBAAqB,EAAE,MAAM;oBAC7B,MAAM,EAAE,gBAAgB;oBACxB,SAAS,EAAE,QAAQ;oBACnB,KAAK;iBACN,CAAC;gBACF,IAAI,MAAM,EAAE,CAAC;oBACX,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC;gBACzB,CAAC;gBACD,OAAO,CAAC,MAAM,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;gBACxD,OAAO,OAAO,CAAC,QAAQ,EAAE,CAAC;YAC5B,CAAC;WAAC;QAEM;;;;mBAAoB,KAAK,IAAI,EAAE;gBACrC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,EAAE,CAAC;oBACpC,MAAM,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;gBAClC,CAAC;gBAED,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;gBAEpC,OAAO,IAAI,CAAC,aAAa,CAAC,SAAS,EAAG,CAAC;YACzC,CAAC;WAAC;QAEM;;;;mBAAsB,KAAK,EAAE,OAAyB,IAAI,CAAC,IAAI,EAAE,EAAE;gBACzE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;gBACtC,IAAI,IAAI,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;oBAC9B,+GAA+G;oBAC/G,IAAI,CAAC,eAAe,CAAC,gBAAgB,GAAG;wBACtC;4BACE,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC;4BAC5C,IAAI,EAAE,YAAY;4BAClB,UAAU,EAAE,CAAC,UAAU,EAAE,QAAQ,CAAC;yBACnC;qBACF,CAAC;gBACJ,CAAC;YACH,CAAC;WAAC;QAEiB;;;;mBAAyB,KAAK,EAC/C,OAA2C,EAC3C,cAAoC;gBAClC,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,KAAK,IAAI,WAAW;aAC1C,EACD,EAAE;gBACF,MAAM,SAAS,GAAG,oBAAoB,EAAE,CAAC;gBACzC,MAAM,mBAAmB,GAAG,oBAAoB,EAAE,CAAC;gBAEnD,MAAM,WAAW,GAAG,MAAM,sBAAsB,CAAC;oBAC/C,SAAS,EAAE;wBACT,GAAG,OAAO,EAAE,SAAS;wBACrB,sBAAsB,EAAE;4BACtB,WAAW,EAAE,WAAW;4BACxB,kBAAkB,EAAE,KAAK;4BACzB,gBAAgB,EAAE,WAAW;4BAC7B,GAAG,OAAO,EAAE,SAAS,EAAE,sBAAsB;yBAC9C;wBACD,SAAS;wBACT,EAAE,EAAE;4BACF,EAAE,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ;4BAC5B,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ;4BAC9B,GAAG,OAAO,EAAE,SAAS,EAAE,EAAE;yBAC1B;wBACD,gBAAgB,EAAE;4BAChB;gCACE,IAAI,EAAE,YAAY;gCAClB,GAAG,EAAE,CAAC,CAAC;6BACR;4BACD;gCACE,IAAI,EAAE,YAAY;gCAClB,GAAG,EAAE,CAAC,GAAG;6BACV;yBACF;wBACD,IAAI,EAAE;4BACJ,EAAE,EAAE,mBAAmB;4BACvB,IAAI,EAAE,WAAW,CAAC,QAAQ;4BAC1B,WAAW,EAAE,WAAW,CAAC,QAAQ;4BACjC,GAAG,OAAO,EAAE,SAAS,EAAE,IAAI;yBAC5B;qBACF;oBACD,MAAM,EAAE,OAAO,EAAE,MAAM;iBACxB,CAAC,CAAC;gBAEH,4EAA4E;gBAC5E,IAAI,WAAW,CAAC,UAAU,IAAI,IAAI,IAAI,WAAW,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAC1E,WAAW,CAAC,UAAU,GAAG;wBACvB,kCAAkC;wBAClC,gCAAgC;qBACjC,CAAC;gBACJ,CAAC;gBAED,OAAO,EAAE,SAAS,EAAE,mBAAmB,EAAE,WAAW,EAAE,CAAC;YACzD,CAAC;WAAC;QAEiB;;;;mBAAiB,KAAK,IAA0B,EAAE;gBACnE,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBACjD,MAAM,KAAK,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC;gBACvC,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YACtD,CAAC;WAAC;QAEM;;;;mBAAwB,KAAK,EACnC,IAAe,EACO,EAAE;gBACxB,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;oBACrB,OAAO,IAAI,CAAC,WAAW,CAAC;gBAC1B,CAAC;qBAAM,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;oBAC/B,OAAO,IAAI,CAAC,SAAS,EAAE,CAAC;gBAC1B,CAAC;qBAAM,CAAC;oBACN,MAAM,IAAI,KAAK,CACb,+HAA+H,CAChI,CAAC;gBACJ,CAAC;YACH,CAAC;WAAC;QAjiBA,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QACnC,IAAI,CAAC,iBAAiB,GAAG,YAAY,CAAC,iBAAiB,CAAC;QAExD,IAAI,CAAC,eAAe,GAAG,IAAI,eAAe,CAAC;YACzC,IAAI,EAAE,IAAI,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ;SACvC,CAAC,CAAC;QAEH,IAAI,CAAC,gBAAgB,GAAG,gBAAgB,CAAC;IAC3C,CAAC;CA0hBF;AAED,SAAS,kBAAkB,CAAC,GAAW;IACrC,eAAe;IACf,MAAM,CAAC,GAAG,QAAQ,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;IACtC,CAAC,CAAC,IAAI,GAAG,GAAG,CAAC;IACb,OAAO,CAAC,CAAC,IAAI,CAAC;AAChB,CAAC","sourcesContent":["import { ConnectionConfigSchema } from \"@aa-sdk/core\";\nimport { getWebAuthnAttestation } from \"@turnkey/http\";\nimport { IframeStamper } from \"@turnkey/iframe-stamper\";\nimport { WebauthnStamper } from \"@turnkey/webauthn-stamper\";\nimport { z } from \"zod\";\nimport { base64UrlEncode } from \"../utils/base64UrlEncode.js\";\nimport { generateRandomBuffer } from \"../utils/generateRandomBuffer.js\";\nimport { BaseSignerClient } from \"./base.js\";\nimport type {\n AlchemySignerClientEvents,\n CreateAccountParams,\n CredentialCreationOptionOverrides,\n EmailAuthParams,\n ExportWalletParams,\n OauthConfig,\n OauthParams,\n User,\n} from \"./types.js\";\nimport { getDefaultScopeAndClaims, getOauthNonce } from \"../oauth.js\";\nimport type { AuthParams, OauthMode } from \"../signer.js\";\n\nconst CHECK_CLOSE_INTERVAL = 500;\n\nexport const AlchemySignerClientParamsSchema = z.object({\n connection: ConnectionConfigSchema,\n iframeConfig: z.object({\n iframeElementId: z.string().default(\"turnkey-iframe\"),\n iframeContainerId: z.string(),\n }),\n rpId: z.string().optional(),\n rootOrgId: z\n .string()\n .optional()\n .default(\"24c1acf5-810f-41e0-a503-d5d13fa8e830\"),\n oauthCallbackUrl: z\n .string()\n .optional()\n .default(\"https://signer.alchemy.com/callback\"),\n enablePopupOauth: z.boolean().optional().default(false),\n});\n\nexport type AlchemySignerClientParams = z.input<\n typeof AlchemySignerClientParamsSchema\n>;\n\ntype OauthState = {\n authProviderId: string;\n isCustomProvider?: boolean;\n requestKey: string;\n turnkeyPublicKey: string;\n expirationSeconds?: number;\n redirectUrl?: string;\n openerOrigin?: string;\n};\n\n/**\n * A lower level client used by the AlchemySigner used to communicate with\n * Alchemy's signer service.\n */\nexport class AlchemySignerWebClient extends BaseSignerClient<ExportWalletParams> {\n private iframeStamper: IframeStamper;\n private webauthnStamper: WebauthnStamper;\n oauthCallbackUrl: string;\n iframeContainerId: string;\n\n /**\n * Initializes a new instance with the given parameters, setting up the connection, iframe configuration, and WebAuthn stamper.\n *\n * @example\n * ```ts\n * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n *\n * const client = new AlchemySignerWebClient({\n * connection: {\n * apiKey: \"your-api-key\",\n * },\n * iframeConfig: {\n * iframeContainerId: \"signer-iframe-container\",\n * },\n * });\n * ```\n *\n * @param {AlchemySignerClientParams} params the parameters required to initialize the client\n * @param {ConnectionConfig} params.connection The connection details needed to connect to the service\n * @param {{ iframeElementId?: string; iframeContainerId: string }} params.iframeConfig The configuration details for setting up the iframe stamper\n * @param {string} params.rpId The relying party ID, defaulting to the current hostname if not provided\n * @param {string} params.rootOrgId The root organization ID\n */\n constructor(params: AlchemySignerClientParams) {\n const { connection, iframeConfig, rpId, rootOrgId, oauthCallbackUrl } =\n AlchemySignerClientParamsSchema.parse(params);\n\n const iframeStamper = new IframeStamper({\n iframeElementId: iframeConfig.iframeElementId,\n iframeUrl: \"https://auth.turnkey.com\",\n iframeContainer: document.getElementById(iframeConfig.iframeContainerId),\n });\n\n super({\n connection,\n rootOrgId,\n stamper: iframeStamper,\n });\n\n this.iframeStamper = iframeStamper;\n this.iframeContainerId = iframeConfig.iframeContainerId;\n\n this.webauthnStamper = new WebauthnStamper({\n rpId: rpId ?? window.location.hostname,\n });\n\n this.oauthCallbackUrl = oauthCallbackUrl;\n }\n\n /**\n * Authenticates the user by either email or passkey account creation flow. Emits events during the process.\n *\n * @example\n * ```ts\n * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n *\n * const client = new AlchemySignerWebClient({\n * connection: {\n * apiKey: \"your-api-key\",\n * },\n * iframeConfig: {\n * iframeContainerId: \"signer-iframe-container\",\n * },\n * });\n *\n * const account = await client.createAccount({ type: \"email\", email: \"you@mail.com\" });\n * ```\n *\n * @param {CreateAccountParams} params The parameters for creating an account, including the type (email or passkey) and additional details.\n * @returns {Promise<SignupResponse>} A promise that resolves with the response object containing the account creation result.\n */\n public override createAccount = async (params: CreateAccountParams) => {\n this.eventEmitter.emit(\"authenticating\");\n if (params.type === \"email\") {\n const { email, expirationSeconds } = params;\n const publicKey = await this.initIframeStamper();\n\n const response = await this.request(\"/v1/signup\", {\n email,\n targetPublicKey: publicKey,\n expirationSeconds,\n redirectParams: params.redirectParams?.toString(),\n });\n\n return response;\n }\n\n // Passkey account creation flow\n const { attestation, challenge } = await this.getWebAuthnAttestation(\n params.creationOpts,\n { username: \"email\" in params ? params.email : params.username }\n );\n\n const result = await this.request(\"/v1/signup\", {\n passkey: {\n challenge: base64UrlEncode(challenge),\n attestation,\n },\n email: \"email\" in params ? params.email : undefined,\n });\n\n this.user = {\n orgId: result.orgId,\n address: result.address!,\n userId: result.userId!,\n credentialId: attestation.credentialId,\n };\n this.initWebauthnStamper(this.user);\n this.eventEmitter.emit(\"connectedPasskey\", this.user);\n\n return result;\n };\n\n /**\n * Begin authenticating a user with their email and an expiration time for the authentication request. Initializes the iframe stamper to get the target public key.\n * This method sends an email to the user to complete their login\n *\n * @example\n * ```ts\n * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n *\n * const client = new AlchemySignerWebClient({\n * connection: {\n * apiKey: \"your-api-key\",\n * },\n * iframeConfig: {\n * iframeContainerId: \"signer-iframe-container\",\n * },\n * });\n *\n * const account = await client.initEmailAuth({ email: \"you@mail.com\" });\n * ```\n *\n * @param {Omit<EmailAuthParams, \"targetPublicKey\">} params The parameters for email authentication, excluding the target public key\n * @returns {Promise<any>} The response from the authentication request\n */\n public override initEmailAuth = async (\n params: Omit<EmailAuthParams, \"targetPublicKey\">\n ) => {\n this.eventEmitter.emit(\"authenticating\");\n const { email, expirationSeconds } = params;\n const publicKey = await this.initIframeStamper();\n\n return this.request(\"/v1/auth\", {\n email,\n targetPublicKey: publicKey,\n expirationSeconds,\n redirectParams: params.redirectParams?.toString(),\n });\n };\n\n /**\n * Completes auth for the user by injecting a credential bundle and retrieving the user information based on the provided organization ID. Emits events during the process.\n *\n * @example\n * ```ts\n * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n *\n * const client = new AlchemySignerWebClient({\n * connection: {\n * apiKey: \"your-api-key\",\n * },\n * iframeConfig: {\n * iframeContainerId: \"signer-iframe-container\",\n * },\n * });\n *\n * const account = await client.completeAuthWithBundle({ orgId: \"user-org-id\", bundle: \"bundle-from-email\", connectedEventName: \"connectedEmail\" });\n * ```\n *\n * @param {{ bundle: string; orgId: string }} config The configuration object for the authentication function containing the credential bundle to inject and the organization id associated with the user\n * @returns {Promise<User>} A promise that resolves to the authenticated user information\n */\n public override completeAuthWithBundle = async ({\n bundle,\n orgId,\n connectedEventName,\n }: {\n bundle: string;\n orgId: string;\n connectedEventName: keyof AlchemySignerClientEvents;\n }): Promise<User> => {\n this.eventEmitter.emit(\"authenticating\");\n await this.initIframeStamper();\n\n const result = await this.iframeStamper.injectCredentialBundle(bundle);\n\n if (!result) {\n throw new Error(\"Failed to inject credential bundle\");\n }\n\n const user = await this.whoami(orgId);\n this.eventEmitter.emit(connectedEventName, user, bundle);\n\n return user;\n };\n\n /**\n * Asynchronously handles the authentication process using WebAuthn Stamper. If a user is provided, sets the user and returns it. Otherwise, retrieves the current user and initializes the WebAuthn stamper.\n *\n * @example\n * ```ts\n * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n *\n * const client = new AlchemySignerWebClient({\n * connection: {\n * apiKey: \"your-api-key\",\n * },\n * iframeConfig: {\n * iframeContainerId: \"signer-iframe-container\",\n * },\n * });\n *\n * const account = await client.lookupUserWithPasskey();\n * ```\n *\n * @param {User} [user] An optional user object to authenticate\n * @returns {Promise<User>} A promise that resolves to the authenticated user object\n */\n public override lookupUserWithPasskey = async (\n user: User | undefined = undefined\n ) => {\n this.eventEmitter.emit(\"authenticating\");\n await this.initWebauthnStamper(user);\n if (user) {\n this.user = user;\n return user;\n }\n\n const result = await this.whoami(this.rootOrg);\n await this.initWebauthnStamper(result);\n this.eventEmitter.emit(\"connectedPasskey\", result);\n\n return result;\n };\n\n /**\n * Initiates the export of a wallet by creating an iframe stamper and calling the appropriate export function.\n * The export can be based on a seed phrase or a private key.\n *\n * @example\n * ```ts\n * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n *\n * const client = new AlchemySignerWebClient({\n * connection: {\n * apiKey: \"your-api-key\",\n * },\n * iframeConfig: {\n * iframeContainerId: \"signer-iframe-container\",\n * },\n * });\n *\n * const account = await client.exportWallet({\n * iframeContainerId: \"export-iframe-container\",\n * });\n * ```\n *\n * @param {ExportWalletParams} config The parameters for exporting the wallet\n * @param {string} config.iframeContainerId The ID of the container element that will hold the iframe stamper\n * @param {string} [config.iframeElementId] Optional ID for the iframe element\n * @returns {Promise<void>} A promise that resolves when the export process is complete\n */\n public override exportWallet = async ({\n iframeContainerId,\n iframeElementId = \"turnkey-export-iframe\",\n }: ExportWalletParams) => {\n const exportWalletIframeStamper = new IframeStamper({\n iframeContainer: document.getElementById(iframeContainerId),\n iframeElementId: iframeElementId,\n iframeUrl: \"https://export.turnkey.com\",\n });\n await exportWalletIframeStamper.init();\n\n if (this.turnkeyClient.stamper === this.iframeStamper) {\n return this.exportWalletInner({\n exportStamper: exportWalletIframeStamper,\n exportAs: \"SEED_PHRASE\",\n });\n }\n\n return this.exportWalletInner({\n exportStamper: exportWalletIframeStamper,\n exportAs: \"PRIVATE_KEY\",\n });\n };\n\n /**\n * Asynchronous function that clears the user and resets the iframe stamper.\n *\n * @example\n * ```ts\n * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n *\n * const client = new AlchemySignerWebClient({\n * connection: {\n * apiKey: \"your-api-key\",\n * },\n * iframeConfig: {\n * iframeContainerId: \"signer-iframe-container\",\n * },\n * });\n *\n * const account = await client.disconnect();\n * ```\n */\n public override disconnect = async () => {\n this.user = undefined;\n this.iframeStamper.clear();\n };\n\n /**\n * Redirects the user to the OAuth provider URL based on the provided arguments. This function will always reject after 1 second if the redirection does not occur.\n *\n * @example\n * ```ts\n * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n *\n * const client = new AlchemySignerWebClient({\n * connection: {\n * apiKey: \"your-api-key\",\n * },\n * iframeConfig: {\n * iframeContainerId: \"signer-iframe-container\",\n * },\n * });\n *\n * await client.oauthWithRedirect({\n * type: \"oauth\",\n * authProviderId: \"google\",\n * mode: \"redirect\",\n * redirectUrl: \"/\",\n * });\n * ```\n *\n * @param {Extract<AuthParams, { type: \"oauth\"; mode: \"redirect\" }>} args The arguments required to obtain the OAuth provider URL\n * @returns {Promise<never>} A promise that will never resolve, only reject if the redirection fails\n */\n public override oauthWithRedirect = async (\n args: Extract<AuthParams, { type: \"oauth\"; mode: \"redirect\" }>\n ): Promise<never> => {\n const providerUrl = await this.getOauthProviderUrl(args);\n window.location.href = providerUrl;\n return new Promise((_, reject) =>\n setTimeout(() => reject(\"Failed to redirect to OAuth provider\"), 1000)\n );\n };\n\n /**\n * Initiates an OAuth authentication flow in a popup window and returns the authenticated user.\n *\n * @example\n * ```ts\n * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n *\n * const client = new AlchemySignerWebClient({\n * connection: {\n * apiKey: \"your-api-key\",\n * },\n * iframeConfig: {\n * iframeContainerId: \"signer-iframe-container\",\n * },\n * });\n *\n * const user = await client.oauthWithPopup({\n * type: \"oauth\",\n * authProviderId: \"google\",\n * mode: \"popup\"\n * });\n * ```\n *\n * @param {Extract<AuthParams, { type: \"oauth\"; mode: \"popup\" }>} args The authentication parameters specifying OAuth type and popup mode\n * @returns {Promise<User>} A promise that resolves to a `User` object containing the authenticated user information\n */\n public override oauthWithPopup = async (\n args: Extract<AuthParams, { type: \"oauth\"; mode: \"popup\" }>\n ): Promise<User> => {\n const providerUrl = await this.getOauthProviderUrl(args);\n const popup = window.open(\n providerUrl,\n \"_blank\",\n \"popup,width=500,height=600\"\n );\n return new Promise((resolve, reject) => {\n const handleMessage = (event: MessageEvent) => {\n if (!event.data) {\n return;\n }\n const { alchemyBundle: bundle, alchemyOrgId: orgId } = event.data;\n if (bundle && orgId) {\n cleanup();\n this.completeAuthWithBundle({\n bundle,\n orgId,\n connectedEventName: \"connectedOauth\",\n }).then(resolve, reject);\n }\n };\n\n window.addEventListener(\"message\", handleMessage);\n\n const checkCloseIntervalId = setInterval(() => {\n if (popup?.closed) {\n cleanup();\n reject(new Error(\"OAuth cancelled\"));\n }\n }, CHECK_CLOSE_INTERVAL);\n\n const cleanup = () => {\n window.removeEventListener(\"message\", handleMessage);\n clearInterval(checkCloseIntervalId);\n };\n });\n };\n\n private getOauthProviderUrl = async (args: OauthParams): Promise<string> => {\n const {\n authProviderId,\n isCustomProvider,\n scope: providedScope,\n claims: providedClaims,\n mode,\n redirectUrl,\n expirationSeconds,\n } = args;\n const { codeChallenge, requestKey, authProviders } =\n await this.getOauthConfigForMode(mode);\n const authProvider = authProviders.find(\n (provider) =>\n provider.id === authProviderId &&\n !!provider.isCustomProvider === !!isCustomProvider\n );\n if (!authProvider) {\n throw new Error(`No auth provider found with id ${authProviderId}`);\n }\n let scope: string;\n let claims: string | undefined;\n if (providedScope) {\n scope = providedScope;\n claims = providedClaims;\n } else {\n if (isCustomProvider) {\n throw new Error(\"scope must be provided for a custom provider\");\n }\n const scopeAndClaims = getDefaultScopeAndClaims(authProviderId);\n if (!scopeAndClaims) {\n throw new Error(\n `Default scope not known for provider ${authProviderId}`\n );\n }\n ({ scope, claims } = scopeAndClaims);\n }\n const { authEndpoint, clientId } = authProvider;\n const turnkeyPublicKey = await this.initIframeStamper();\n const nonce = getOauthNonce(turnkeyPublicKey);\n const stateObject: OauthState = {\n authProviderId,\n isCustomProvider,\n requestKey,\n turnkeyPublicKey,\n expirationSeconds,\n redirectUrl:\n mode === \"redirect\" ? resolveRelativeUrl(redirectUrl) : undefined,\n openerOrigin: mode === \"popup\" ? window.location.origin : undefined,\n };\n const state = base64UrlEncode(\n new TextEncoder().encode(JSON.stringify(stateObject))\n );\n const authUrl = new URL(authEndpoint);\n const params: Record<string, string> = {\n redirect_uri: this.oauthCallbackUrl,\n response_type: \"code\",\n scope,\n state,\n code_challenge: codeChallenge,\n code_challenge_method: \"S256\",\n prompt: \"select_account\",\n client_id: clientId,\n nonce,\n };\n if (claims) {\n params.claims = claims;\n }\n authUrl.search = new URLSearchParams(params).toString();\n return authUrl.toString();\n };\n\n private initIframeStamper = async () => {\n if (!this.iframeStamper.publicKey()) {\n await this.iframeStamper.init();\n }\n\n this.setStamper(this.iframeStamper);\n\n return this.iframeStamper.publicKey()!;\n };\n\n private initWebauthnStamper = async (user: User | undefined = this.user) => {\n this.setStamper(this.webauthnStamper);\n if (user && user.credentialId) {\n // The goal here is to allow us to cache the allowed credential, but this doesn't work with hybrid transport :(\n this.webauthnStamper.allowCredentials = [\n {\n id: Buffer.from(user.credentialId, \"base64\"),\n type: \"public-key\",\n transports: [\"internal\", \"hybrid\"],\n },\n ];\n }\n };\n\n protected override getWebAuthnAttestation = async (\n options?: CredentialCreationOptionOverrides,\n userDetails: { username: string } = {\n username: this.user?.email ?? \"anonymous\",\n }\n ) => {\n const challenge = generateRandomBuffer();\n const authenticatorUserId = generateRandomBuffer();\n\n const attestation = await getWebAuthnAttestation({\n publicKey: {\n ...options?.publicKey,\n authenticatorSelection: {\n residentKey: \"preferred\",\n requireResidentKey: false,\n userVerification: \"preferred\",\n ...options?.publicKey?.authenticatorSelection,\n },\n challenge,\n rp: {\n id: window.location.hostname,\n name: window.location.hostname,\n ...options?.publicKey?.rp,\n },\n pubKeyCredParams: [\n {\n type: \"public-key\",\n alg: -7,\n },\n {\n type: \"public-key\",\n alg: -257,\n },\n ],\n user: {\n id: authenticatorUserId,\n name: userDetails.username,\n displayName: userDetails.username,\n ...options?.publicKey?.user,\n },\n },\n signal: options?.signal,\n });\n\n // on iOS sometimes this is returned as empty or null, so handling that here\n if (attestation.transports == null || attestation.transports.length === 0) {\n attestation.transports = [\n \"AUTHENTICATOR_TRANSPORT_INTERNAL\",\n \"AUTHENTICATOR_TRANSPORT_HYBRID\",\n ];\n }\n\n return { challenge, authenticatorUserId, attestation };\n };\n\n protected override getOauthConfig = async (): Promise<OauthConfig> => {\n const publicKey = await this.initIframeStamper();\n const nonce = getOauthNonce(publicKey);\n return this.request(\"/v1/prepare-oauth\", { nonce });\n };\n\n private getOauthConfigForMode = async (\n mode: OauthMode\n ): Promise<OauthConfig> => {\n if (this.oauthConfig) {\n return this.oauthConfig;\n } else if (mode === \"redirect\") {\n return this.initOauth();\n } else {\n throw new Error(\n \"enablePopupOauth must be set in configuration or signer.preparePopupOauth must be called before using popup-based OAuth login\"\n );\n }\n };\n}\n\nfunction resolveRelativeUrl(url: string): string {\n // Funny trick.\n const a = document.createElement(\"a\");\n a.href = url;\n return a.href;\n}\n"]}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/client/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AACjE,OAAO,EAAE,sBAAsB,EAAE,MAAM,eAAe,CAAC;AACvD,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAC5D,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,kCAAkC,CAAC;AACxE,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAW7C,OAAO,EAAE,wBAAwB,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAGtE,MAAM,oBAAoB,GAAG,GAAG,CAAC;AAEjC,MAAM,CAAC,MAAM,+BAA+B,GAAG,CAAC,CAAC,MAAM,CAAC;IACtD,UAAU,EAAE,sBAAsB;IAClC,YAAY,EAAE,CAAC,CAAC,MAAM,CAAC;QACrB,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,gBAAgB,CAAC;QACrD,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE;KAC9B,CAAC;IACF,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,SAAS,EAAE,CAAC;SACT,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,OAAO,CAAC,sCAAsC,CAAC;IAClD,gBAAgB,EAAE,CAAC;SAChB,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,OAAO,CAAC,qCAAqC,CAAC;IACjD,gBAAgB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;CACxD,CAAC,CAAC;AAgBH;;;GAGG;AACH,MAAM,OAAO,sBAAuB,SAAQ,gBAAoC;IAM9E;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACH,YAAY,MAAiC;QAC3C,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,IAAI,EAAE,SAAS,EAAE,gBAAgB,EAAE,GACnE,+BAA+B,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAEhD,MAAM,aAAa,GAAG,IAAI,aAAa,CAAC;YACtC,eAAe,EAAE,YAAY,CAAC,eAAe;YAC7C,SAAS,EAAE,0BAA0B;YACrC,eAAe,EAAE,QAAQ,CAAC,cAAc,CAAC,YAAY,CAAC,iBAAiB,CAAC;SACzE,CAAC,CAAC;QAEH,KAAK,CAAC;YACJ,UAAU;YACV,SAAS;YACT,OAAO,EAAE,aAAa;SACvB,CAAC,CAAC;QA1CG;;;;;WAA6B;QAC7B;;;;;WAAiC;QACzC;;;;;WAAyB;QACzB;;;;;WAA0B;QAmD1B;;;;;;;;;;;;;;;;;;;;;WAqBG;QACa;;;;mBAAgB,KAAK,EAAE,MAA2B,EAAE,EAAE;gBACpE,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;gBACzC,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;oBAC5B,MAAM,EAAE,KAAK,EAAE,iBAAiB,EAAE,GAAG,MAAM,CAAC;oBAC5C,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;oBAEjD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE;wBAChD,KAAK;wBACL,eAAe,EAAE,SAAS;wBAC1B,iBAAiB;wBACjB,cAAc,EAAE,MAAM,CAAC,cAAc,EAAE,QAAQ,EAAE;qBAClD,CAAC,CAAC;oBAEH,OAAO,QAAQ,CAAC;gBAClB,CAAC;gBAED,gCAAgC;gBAChC,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAClE,MAAM,CAAC,YAAY,EACnB,EAAE,QAAQ,EAAE,OAAO,IAAI,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,EAAE,CACjE,CAAC;gBAEF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE;oBAC9C,OAAO,EAAE;wBACP,SAAS,EAAE,eAAe,CAAC,SAAS,CAAC;wBACrC,WAAW;qBACZ;oBACD,KAAK,EAAE,OAAO,IAAI,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;iBACpD,CAAC,CAAC;gBAEH,IAAI,CAAC,IAAI,GAAG;oBACV,KAAK,EAAE,MAAM,CAAC,KAAK;oBACnB,OAAO,EAAE,MAAM,CAAC,OAAQ;oBACxB,MAAM,EAAE,MAAM,CAAC,MAAO;oBACtB,YAAY,EAAE,WAAW,CAAC,YAAY;iBACvC,CAAC;gBACF,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACpC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,kBAAkB,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;gBAEtD,OAAO,MAAM,CAAC;YAChB,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;;WAsBG;QACa;;;;mBAAgB,KAAK,EACnC,MAAgD,EAChD,EAAE;gBACF,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;gBACzC,MAAM,EAAE,KAAK,EAAE,iBAAiB,EAAE,GAAG,MAAM,CAAC;gBAC5C,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBAEjD,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE;oBAC9B,KAAK;oBACL,eAAe,EAAE,SAAS;oBAC1B,iBAAiB;oBACjB,cAAc,EAAE,MAAM,CAAC,cAAc,EAAE,QAAQ,EAAE;iBAClD,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;WAqBG;QACa;;;;mBAAyB,KAAK,EAAE,EAC9C,MAAM,EACN,KAAK,EACL,kBAAkB,GAKnB,EAAiB,EAAE;gBAClB,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;gBACzC,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBAE/B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC;gBAEvE,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;gBACxD,CAAC;gBAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBACtC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,kBAAkB,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;gBAEzD,OAAO,IAAI,CAAC;YACd,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;WAqBG;QACa;;;;mBAAwB,KAAK,EAC3C,OAAyB,SAAS,EAClC,EAAE;gBACF,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;gBACzC,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;gBACrC,IAAI,IAAI,EAAE,CAAC;oBACT,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;oBACjB,OAAO,IAAI,CAAC;gBACd,CAAC;gBAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAC/C,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;gBACvC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,kBAAkB,EAAE,MAAM,CAAC,CAAC;gBAEnD,OAAO,MAAM,CAAC;YAChB,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;;;;;;WA0BG;QACa;;;;mBAAe,KAAK,EAAE,EACpC,iBAAiB,EACjB,eAAe,GAAG,uBAAuB,GACtB,EAAE,EAAE;gBACvB,MAAM,yBAAyB,GAAG,IAAI,aAAa,CAAC;oBAClD,eAAe,EAAE,QAAQ,CAAC,cAAc,CAAC,iBAAiB,CAAC;oBAC3D,eAAe,EAAE,eAAe;oBAChC,SAAS,EAAE,4BAA4B;iBACxC,CAAC,CAAC;gBACH,MAAM,yBAAyB,CAAC,IAAI,EAAE,CAAC;gBAEvC,IAAI,IAAI,CAAC,aAAa,CAAC,OAAO,KAAK,IAAI,CAAC,aAAa,EAAE,CAAC;oBACtD,OAAO,IAAI,CAAC,iBAAiB,CAAC;wBAC5B,aAAa,EAAE,yBAAyB;wBACxC,QAAQ,EAAE,aAAa;qBACxB,CAAC,CAAC;gBACL,CAAC;gBAED,OAAO,IAAI,CAAC,iBAAiB,CAAC;oBAC5B,aAAa,EAAE,yBAAyB;oBACxC,QAAQ,EAAE,aAAa;iBACxB,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;WAkBG;QACa;;;;mBAAa,KAAK,IAAI,EAAE;gBACtC,IAAI,CAAC,IAAI,GAAG,SAAS,CAAC;gBACtB,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,CAAC;YAC7B,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;;;;;;WA0BG;QACa;;;;mBAAoB,KAAK,EACvC,IAA8D,EAC9C,EAAE;gBAClB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;gBACzD,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,WAAW,CAAC;gBACnC,OAAO,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,CAC/B,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,sCAAsC,CAAC,EAAE,IAAI,CAAC,CACvE,CAAC;YACJ,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;;;;;WAyBG;QACa;;;;mBAAiB,KAAK,EACpC,IAA2D,EAC5C,EAAE;gBACjB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;gBACzD,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CACvB,WAAW,EACX,QAAQ,EACR,4BAA4B,CAC7B,CAAC;gBACF,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;oBACrC,MAAM,aAAa,GAAG,CAAC,KAAmB,EAAE,EAAE;wBAC5C,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;4BAChB,OAAO;wBACT,CAAC;wBACD,MAAM,EACJ,aAAa,EAAE,MAAM,EACrB,YAAY,EAAE,KAAK,EACnB,YAAY,GACb,GAAG,KAAK,CAAC,IAAI,CAAC;wBACf,IAAI,MAAM,IAAI,KAAK,EAAE,CAAC;4BACpB,OAAO,EAAE,CAAC;4BACV,KAAK,EAAE,KAAK,EAAE,CAAC;4BACf,IAAI,CAAC,sBAAsB,CAAC;gCAC1B,MAAM;gCACN,KAAK;gCACL,kBAAkB,EAAE,gBAAgB;6BACrC,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;wBAC3B,CAAC;6BAAM,IAAI,YAAY,EAAE,CAAC;4BACxB,OAAO,EAAE,CAAC;4BACV,KAAK,EAAE,KAAK,EAAE,CAAC;4BACf,MAAM,CAAC,IAAI,gBAAgB,CAAC,YAAY,CAAC,CAAC,CAAC;wBAC7C,CAAC;oBACH,CAAC,CAAC;oBAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;oBAElD,MAAM,oBAAoB,GAAG,WAAW,CAAC,GAAG,EAAE;wBAC5C,IAAI,KAAK,EAAE,MAAM,EAAE,CAAC;4BAClB,OAAO,EAAE,CAAC;4BACV,MAAM,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;wBACpC,CAAC;oBACH,CAAC,EAAE,oBAAoB,CAAC,CAAC;oBAEzB,MAAM,OAAO,GAAG,GAAG,EAAE;wBACnB,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;wBACrD,aAAa,CAAC,oBAAoB,CAAC,CAAC;oBACtC,CAAC,CAAC;gBACJ,CAAC,CAAC,CAAC;YACL,CAAC;WAAC;QAEM;;;;mBAAsB,KAAK,EAAE,IAAiB,EAAmB,EAAE;gBACzE,MAAM,EACJ,cAAc,EACd,gBAAgB,EAChB,eAAe,EACf,KAAK,EAAE,aAAa,EACpB,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,WAAW,EACX,iBAAiB,GAClB,GAAG,IAAI,CAAC;gBACT,MAAM,EAAE,aAAa,EAAE,UAAU,EAAE,aAAa,EAAE,GAChD,MAAM,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC;gBACzC,MAAM,YAAY,GAAG,aAAa,CAAC,IAAI,CACrC,CAAC,QAAQ,EAAE,EAAE,CACX,QAAQ,CAAC,EAAE,KAAK,cAAc;oBAC9B,CAAC,CAAC,QAAQ,CAAC,gBAAgB,KAAK,CAAC,CAAC,gBAAgB,CACrD,CAAC;gBACF,IAAI,CAAC,YAAY,EAAE,CAAC;oBAClB,MAAM,IAAI,KAAK,CAAC,kCAAkC,cAAc,EAAE,CAAC,CAAC;gBACtE,CAAC;gBACD,IAAI,KAAa,CAAC;gBAClB,IAAI,MAA0B,CAAC;gBAC/B,IAAI,aAAa,EAAE,CAAC;oBAClB,KAAK,GAAG,iBAAiB,CAAC,aAAa,CAAC,CAAC;oBACzC,MAAM,GAAG,cAAc,CAAC;gBAC1B,CAAC;qBAAM,CAAC;oBACN,IAAI,gBAAgB,EAAE,CAAC;wBACrB,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;oBAClE,CAAC;oBACD,MAAM,cAAc,GAAG,wBAAwB,CAAC,cAAc,CAAC,CAAC;oBAChE,IAAI,CAAC,cAAc,EAAE,CAAC;wBACpB,MAAM,IAAI,KAAK,CACb,wCAAwC,cAAc,EAAE,CACzD,CAAC;oBACJ,CAAC;oBACD,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,cAAc,CAAC,CAAC;gBACvC,CAAC;gBACD,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,YAAY,CAAC;gBAChD,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBACxD,MAAM,KAAK,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAC;gBAC9C,MAAM,WAAW,GAAe;oBAC9B,cAAc;oBACd,gBAAgB;oBAChB,UAAU;oBACV,gBAAgB;oBAChB,iBAAiB;oBACjB,WAAW,EACT,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,SAAS;oBACnE,YAAY,EAAE,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;iBACpE,CAAC;gBACF,MAAM,KAAK,GAAG,eAAe,CAC3B,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,CACtD,CAAC;gBACF,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC;gBACtC,MAAM,MAAM,GAA2B;oBACrC,YAAY,EAAE,IAAI,CAAC,gBAAgB;oBACnC,aAAa,EAAE,MAAM;oBACrB,KAAK;oBACL,KAAK;oBACL,cAAc,EAAE,aAAa;oBAC7B,qBAAqB,EAAE,MAAM;oBAC7B,MAAM,EAAE,gBAAgB;oBACxB,SAAS,EAAE,QAAQ;oBACnB,KAAK;iBACN,CAAC;gBACF,IAAI,MAAM,EAAE,CAAC;oBACX,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC;gBACzB,CAAC;gBACD,IAAI,eAAe,EAAE,CAAC;oBACpB,MAAM,CAAC,UAAU,GAAG,eAAe,CAAC;gBACtC,CAAC;gBACD,OAAO,CAAC,MAAM,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;gBACxD,OAAO,OAAO,CAAC,QAAQ,EAAE,CAAC;YAC5B,CAAC;WAAC;QAEM;;;;mBAAoB,KAAK,IAAI,EAAE;gBACrC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,EAAE,CAAC;oBACpC,MAAM,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;gBAClC,CAAC;gBAED,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;gBAEpC,OAAO,IAAI,CAAC,aAAa,CAAC,SAAS,EAAG,CAAC;YACzC,CAAC;WAAC;QAEM;;;;mBAAsB,KAAK,EAAE,OAAyB,IAAI,CAAC,IAAI,EAAE,EAAE;gBACzE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;gBACtC,IAAI,IAAI,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;oBAC9B,+GAA+G;oBAC/G,IAAI,CAAC,eAAe,CAAC,gBAAgB,GAAG;wBACtC;4BACE,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC;4BAC5C,IAAI,EAAE,YAAY;4BAClB,UAAU,EAAE,CAAC,UAAU,EAAE,QAAQ,CAAC;yBACnC;qBACF,CAAC;gBACJ,CAAC;YACH,CAAC;WAAC;QAEiB;;;;mBAAyB,KAAK,EAC/C,OAA2C,EAC3C,cAAoC;gBAClC,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,KAAK,IAAI,WAAW;aAC1C,EACD,EAAE;gBACF,MAAM,SAAS,GAAG,oBAAoB,EAAE,CAAC;gBACzC,MAAM,mBAAmB,GAAG,oBAAoB,EAAE,CAAC;gBAEnD,MAAM,WAAW,GAAG,MAAM,sBAAsB,CAAC;oBAC/C,SAAS,EAAE;wBACT,GAAG,OAAO,EAAE,SAAS;wBACrB,sBAAsB,EAAE;4BACtB,WAAW,EAAE,WAAW;4BACxB,kBAAkB,EAAE,KAAK;4BACzB,gBAAgB,EAAE,WAAW;4BAC7B,GAAG,OAAO,EAAE,SAAS,EAAE,sBAAsB;yBAC9C;wBACD,SAAS;wBACT,EAAE,EAAE;4BACF,EAAE,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ;4BAC5B,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ;4BAC9B,GAAG,OAAO,EAAE,SAAS,EAAE,EAAE;yBAC1B;wBACD,gBAAgB,EAAE;4BAChB;gCACE,IAAI,EAAE,YAAY;gCAClB,GAAG,EAAE,CAAC,CAAC;6BACR;4BACD;gCACE,IAAI,EAAE,YAAY;gCAClB,GAAG,EAAE,CAAC,GAAG;6BACV;yBACF;wBACD,IAAI,EAAE;4BACJ,EAAE,EAAE,mBAAmB;4BACvB,IAAI,EAAE,WAAW,CAAC,QAAQ;4BAC1B,WAAW,EAAE,WAAW,CAAC,QAAQ;4BACjC,GAAG,OAAO,EAAE,SAAS,EAAE,IAAI;yBAC5B;qBACF;oBACD,MAAM,EAAE,OAAO,EAAE,MAAM;iBACxB,CAAC,CAAC;gBAEH,4EAA4E;gBAC5E,IAAI,WAAW,CAAC,UAAU,IAAI,IAAI,IAAI,WAAW,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAC1E,WAAW,CAAC,UAAU,GAAG;wBACvB,kCAAkC;wBAClC,gCAAgC;qBACjC,CAAC;gBACJ,CAAC;gBAED,OAAO,EAAE,SAAS,EAAE,mBAAmB,EAAE,WAAW,EAAE,CAAC;YACzD,CAAC;WAAC;QAEiB;;;;mBAAiB,KAAK,IAA0B,EAAE;gBACnE,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBACjD,MAAM,KAAK,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC;gBACvC,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YACtD,CAAC;WAAC;QAEM;;;;mBAAwB,KAAK,EACnC,IAAe,EACO,EAAE;gBACxB,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;oBACrB,OAAO,IAAI,CAAC,WAAW,CAAC;gBAC1B,CAAC;qBAAM,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;oBAC/B,OAAO,IAAI,CAAC,SAAS,EAAE,CAAC;gBAC1B,CAAC;qBAAM,CAAC;oBACN,MAAM,IAAI,KAAK,CACb,+HAA+H,CAChI,CAAC;gBACJ,CAAC;YACH,CAAC;WAAC;QA9iBA,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QACnC,IAAI,CAAC,iBAAiB,GAAG,YAAY,CAAC,iBAAiB,CAAC;QAExD,IAAI,CAAC,eAAe,GAAG,IAAI,eAAe,CAAC;YACzC,IAAI,EAAE,IAAI,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ;SACvC,CAAC,CAAC;QAEH,IAAI,CAAC,gBAAgB,GAAG,gBAAgB,CAAC;IAC3C,CAAC;CAuiBF;AAED,SAAS,kBAAkB,CAAC,GAAW;IACrC,eAAe;IACf,MAAM,CAAC,GAAG,QAAQ,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;IACtC,CAAC,CAAC,IAAI,GAAG,GAAG,CAAC;IACb,OAAO,CAAC,CAAC,IAAI,CAAC;AAChB,CAAC;AAED;;;;;;GAMG;AACH,SAAS,iBAAiB,CAAC,KAAa;IACtC,OAAO,KAAK,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,KAAK,EAAE,CAAC;AAC/D,CAAC;AAED;;;GAGG;AACH,MAAM,OAAO,mBAAoB,SAAQ,SAAS;IAGhD;;;OAGG;IACH;QACE,KAAK,CAAC,iBAAiB,CAAC,CAAC;QAPlB;;;;mBAAO,qBAAqB;WAAC;IAQtC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,gBAAiB,SAAQ,SAAS;IAA/C;;QACW;;;;mBAAO,kBAAkB;WAAC;IACrC,CAAC;CAAA","sourcesContent":["import { BaseError, ConnectionConfigSchema } from \"@aa-sdk/core\";\nimport { getWebAuthnAttestation } from \"@turnkey/http\";\nimport { IframeStamper } from \"@turnkey/iframe-stamper\";\nimport { WebauthnStamper } from \"@turnkey/webauthn-stamper\";\nimport { z } from \"zod\";\nimport { base64UrlEncode } from \"../utils/base64UrlEncode.js\";\nimport { generateRandomBuffer } from \"../utils/generateRandomBuffer.js\";\nimport { BaseSignerClient } from \"./base.js\";\nimport type {\n AlchemySignerClientEvents,\n CreateAccountParams,\n CredentialCreationOptionOverrides,\n EmailAuthParams,\n ExportWalletParams,\n OauthConfig,\n OauthParams,\n User,\n} from \"./types.js\";\nimport { getDefaultScopeAndClaims, getOauthNonce } from \"../oauth.js\";\nimport type { AuthParams, OauthMode } from \"../signer.js\";\n\nconst CHECK_CLOSE_INTERVAL = 500;\n\nexport const AlchemySignerClientParamsSchema = z.object({\n connection: ConnectionConfigSchema,\n iframeConfig: z.object({\n iframeElementId: z.string().default(\"turnkey-iframe\"),\n iframeContainerId: z.string(),\n }),\n rpId: z.string().optional(),\n rootOrgId: z\n .string()\n .optional()\n .default(\"24c1acf5-810f-41e0-a503-d5d13fa8e830\"),\n oauthCallbackUrl: z\n .string()\n .optional()\n .default(\"https://signer.alchemy.com/callback\"),\n enablePopupOauth: z.boolean().optional().default(false),\n});\n\nexport type AlchemySignerClientParams = z.input<\n typeof AlchemySignerClientParamsSchema\n>;\n\ntype OauthState = {\n authProviderId: string;\n isCustomProvider?: boolean;\n requestKey: string;\n turnkeyPublicKey: string;\n expirationSeconds?: number;\n redirectUrl?: string;\n openerOrigin?: string;\n};\n\n/**\n * A lower level client used by the AlchemySigner used to communicate with\n * Alchemy's signer service.\n */\nexport class AlchemySignerWebClient extends BaseSignerClient<ExportWalletParams> {\n private iframeStamper: IframeStamper;\n private webauthnStamper: WebauthnStamper;\n oauthCallbackUrl: string;\n iframeContainerId: string;\n\n /**\n * Initializes a new instance with the given parameters, setting up the connection, iframe configuration, and WebAuthn stamper.\n *\n * @example\n * ```ts\n * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n *\n * const client = new AlchemySignerWebClient({\n * connection: {\n * apiKey: \"your-api-key\",\n * },\n * iframeConfig: {\n * iframeContainerId: \"signer-iframe-container\",\n * },\n * });\n * ```\n *\n * @param {AlchemySignerClientParams} params the parameters required to initialize the client\n * @param {ConnectionConfig} params.connection The connection details needed to connect to the service\n * @param {{ iframeElementId?: string; iframeContainerId: string }} params.iframeConfig The configuration details for setting up the iframe stamper\n * @param {string} params.rpId The relying party ID, defaulting to the current hostname if not provided\n * @param {string} params.rootOrgId The root organization ID\n */\n constructor(params: AlchemySignerClientParams) {\n const { connection, iframeConfig, rpId, rootOrgId, oauthCallbackUrl } =\n AlchemySignerClientParamsSchema.parse(params);\n\n const iframeStamper = new IframeStamper({\n iframeElementId: iframeConfig.iframeElementId,\n iframeUrl: \"https://auth.turnkey.com\",\n iframeContainer: document.getElementById(iframeConfig.iframeContainerId),\n });\n\n super({\n connection,\n rootOrgId,\n stamper: iframeStamper,\n });\n\n this.iframeStamper = iframeStamper;\n this.iframeContainerId = iframeConfig.iframeContainerId;\n\n this.webauthnStamper = new WebauthnStamper({\n rpId: rpId ?? window.location.hostname,\n });\n\n this.oauthCallbackUrl = oauthCallbackUrl;\n }\n\n /**\n * Authenticates the user by either email or passkey account creation flow. Emits events during the process.\n *\n * @example\n * ```ts\n * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n *\n * const client = new AlchemySignerWebClient({\n * connection: {\n * apiKey: \"your-api-key\",\n * },\n * iframeConfig: {\n * iframeContainerId: \"signer-iframe-container\",\n * },\n * });\n *\n * const account = await client.createAccount({ type: \"email\", email: \"you@mail.com\" });\n * ```\n *\n * @param {CreateAccountParams} params The parameters for creating an account, including the type (email or passkey) and additional details.\n * @returns {Promise<SignupResponse>} A promise that resolves with the response object containing the account creation result.\n */\n public override createAccount = async (params: CreateAccountParams) => {\n this.eventEmitter.emit(\"authenticating\");\n if (params.type === \"email\") {\n const { email, expirationSeconds } = params;\n const publicKey = await this.initIframeStamper();\n\n const response = await this.request(\"/v1/signup\", {\n email,\n targetPublicKey: publicKey,\n expirationSeconds,\n redirectParams: params.redirectParams?.toString(),\n });\n\n return response;\n }\n\n // Passkey account creation flow\n const { attestation, challenge } = await this.getWebAuthnAttestation(\n params.creationOpts,\n { username: \"email\" in params ? params.email : params.username }\n );\n\n const result = await this.request(\"/v1/signup\", {\n passkey: {\n challenge: base64UrlEncode(challenge),\n attestation,\n },\n email: \"email\" in params ? params.email : undefined,\n });\n\n this.user = {\n orgId: result.orgId,\n address: result.address!,\n userId: result.userId!,\n credentialId: attestation.credentialId,\n };\n this.initWebauthnStamper(this.user);\n this.eventEmitter.emit(\"connectedPasskey\", this.user);\n\n return result;\n };\n\n /**\n * Begin authenticating a user with their email and an expiration time for the authentication request. Initializes the iframe stamper to get the target public key.\n * This method sends an email to the user to complete their login\n *\n * @example\n * ```ts\n * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n *\n * const client = new AlchemySignerWebClient({\n * connection: {\n * apiKey: \"your-api-key\",\n * },\n * iframeConfig: {\n * iframeContainerId: \"signer-iframe-container\",\n * },\n * });\n *\n * const account = await client.initEmailAuth({ email: \"you@mail.com\" });\n * ```\n *\n * @param {Omit<EmailAuthParams, \"targetPublicKey\">} params The parameters for email authentication, excluding the target public key\n * @returns {Promise<any>} The response from the authentication request\n */\n public override initEmailAuth = async (\n params: Omit<EmailAuthParams, \"targetPublicKey\">\n ) => {\n this.eventEmitter.emit(\"authenticating\");\n const { email, expirationSeconds } = params;\n const publicKey = await this.initIframeStamper();\n\n return this.request(\"/v1/auth\", {\n email,\n targetPublicKey: publicKey,\n expirationSeconds,\n redirectParams: params.redirectParams?.toString(),\n });\n };\n\n /**\n * Completes auth for the user by injecting a credential bundle and retrieving the user information based on the provided organization ID. Emits events during the process.\n *\n * @example\n * ```ts\n * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n *\n * const client = new AlchemySignerWebClient({\n * connection: {\n * apiKey: \"your-api-key\",\n * },\n * iframeConfig: {\n * iframeContainerId: \"signer-iframe-container\",\n * },\n * });\n *\n * const account = await client.completeAuthWithBundle({ orgId: \"user-org-id\", bundle: \"bundle-from-email\", connectedEventName: \"connectedEmail\" });\n * ```\n *\n * @param {{ bundle: string; orgId: string }} config The configuration object for the authentication function containing the credential bundle to inject and the organization id associated with the user\n * @returns {Promise<User>} A promise that resolves to the authenticated user information\n */\n public override completeAuthWithBundle = async ({\n bundle,\n orgId,\n connectedEventName,\n }: {\n bundle: string;\n orgId: string;\n connectedEventName: keyof AlchemySignerClientEvents;\n }): Promise<User> => {\n this.eventEmitter.emit(\"authenticating\");\n await this.initIframeStamper();\n\n const result = await this.iframeStamper.injectCredentialBundle(bundle);\n\n if (!result) {\n throw new Error(\"Failed to inject credential bundle\");\n }\n\n const user = await this.whoami(orgId);\n this.eventEmitter.emit(connectedEventName, user, bundle);\n\n return user;\n };\n\n /**\n * Asynchronously handles the authentication process using WebAuthn Stamper. If a user is provided, sets the user and returns it. Otherwise, retrieves the current user and initializes the WebAuthn stamper.\n *\n * @example\n * ```ts\n * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n *\n * const client = new AlchemySignerWebClient({\n * connection: {\n * apiKey: \"your-api-key\",\n * },\n * iframeConfig: {\n * iframeContainerId: \"signer-iframe-container\",\n * },\n * });\n *\n * const account = await client.lookupUserWithPasskey();\n * ```\n *\n * @param {User} [user] An optional user object to authenticate\n * @returns {Promise<User>} A promise that resolves to the authenticated user object\n */\n public override lookupUserWithPasskey = async (\n user: User | undefined = undefined\n ) => {\n this.eventEmitter.emit(\"authenticating\");\n await this.initWebauthnStamper(user);\n if (user) {\n this.user = user;\n return user;\n }\n\n const result = await this.whoami(this.rootOrg);\n await this.initWebauthnStamper(result);\n this.eventEmitter.emit(\"connectedPasskey\", result);\n\n return result;\n };\n\n /**\n * Initiates the export of a wallet by creating an iframe stamper and calling the appropriate export function.\n * The export can be based on a seed phrase or a private key.\n *\n * @example\n * ```ts\n * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n *\n * const client = new AlchemySignerWebClient({\n * connection: {\n * apiKey: \"your-api-key\",\n * },\n * iframeConfig: {\n * iframeContainerId: \"signer-iframe-container\",\n * },\n * });\n *\n * const account = await client.exportWallet({\n * iframeContainerId: \"export-iframe-container\",\n * });\n * ```\n *\n * @param {ExportWalletParams} config The parameters for exporting the wallet\n * @param {string} config.iframeContainerId The ID of the container element that will hold the iframe stamper\n * @param {string} [config.iframeElementId] Optional ID for the iframe element\n * @returns {Promise<void>} A promise that resolves when the export process is complete\n */\n public override exportWallet = async ({\n iframeContainerId,\n iframeElementId = \"turnkey-export-iframe\",\n }: ExportWalletParams) => {\n const exportWalletIframeStamper = new IframeStamper({\n iframeContainer: document.getElementById(iframeContainerId),\n iframeElementId: iframeElementId,\n iframeUrl: \"https://export.turnkey.com\",\n });\n await exportWalletIframeStamper.init();\n\n if (this.turnkeyClient.stamper === this.iframeStamper) {\n return this.exportWalletInner({\n exportStamper: exportWalletIframeStamper,\n exportAs: \"SEED_PHRASE\",\n });\n }\n\n return this.exportWalletInner({\n exportStamper: exportWalletIframeStamper,\n exportAs: \"PRIVATE_KEY\",\n });\n };\n\n /**\n * Asynchronous function that clears the user and resets the iframe stamper.\n *\n * @example\n * ```ts\n * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n *\n * const client = new AlchemySignerWebClient({\n * connection: {\n * apiKey: \"your-api-key\",\n * },\n * iframeConfig: {\n * iframeContainerId: \"signer-iframe-container\",\n * },\n * });\n *\n * const account = await client.disconnect();\n * ```\n */\n public override disconnect = async () => {\n this.user = undefined;\n this.iframeStamper.clear();\n };\n\n /**\n * Redirects the user to the OAuth provider URL based on the provided arguments. This function will always reject after 1 second if the redirection does not occur.\n *\n * @example\n * ```ts\n * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n *\n * const client = new AlchemySignerWebClient({\n * connection: {\n * apiKey: \"your-api-key\",\n * },\n * iframeConfig: {\n * iframeContainerId: \"signer-iframe-container\",\n * },\n * });\n *\n * await client.oauthWithRedirect({\n * type: \"oauth\",\n * authProviderId: \"google\",\n * mode: \"redirect\",\n * redirectUrl: \"/\",\n * });\n * ```\n *\n * @param {Extract<AuthParams, { type: \"oauth\"; mode: \"redirect\" }>} args The arguments required to obtain the OAuth provider URL\n * @returns {Promise<never>} A promise that will never resolve, only reject if the redirection fails\n */\n public override oauthWithRedirect = async (\n args: Extract<AuthParams, { type: \"oauth\"; mode: \"redirect\" }>\n ): Promise<never> => {\n const providerUrl = await this.getOauthProviderUrl(args);\n window.location.href = providerUrl;\n return new Promise((_, reject) =>\n setTimeout(() => reject(\"Failed to redirect to OAuth provider\"), 1000)\n );\n };\n\n /**\n * Initiates an OAuth authentication flow in a popup window and returns the authenticated user.\n *\n * @example\n * ```ts\n * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n *\n * const client = new AlchemySignerWebClient({\n * connection: {\n * apiKey: \"your-api-key\",\n * },\n * iframeConfig: {\n * iframeContainerId: \"signer-iframe-container\",\n * },\n * });\n *\n * const user = await client.oauthWithPopup({\n * type: \"oauth\",\n * authProviderId: \"google\",\n * mode: \"popup\"\n * });\n * ```\n *\n * @param {Extract<AuthParams, { type: \"oauth\"; mode: \"popup\" }>} args The authentication parameters specifying OAuth type and popup mode\n * @returns {Promise<User>} A promise that resolves to a `User` object containing the authenticated user information\n */\n public override oauthWithPopup = async (\n args: Extract<AuthParams, { type: \"oauth\"; mode: \"popup\" }>\n ): Promise<User> => {\n const providerUrl = await this.getOauthProviderUrl(args);\n const popup = window.open(\n providerUrl,\n \"_blank\",\n \"popup,width=500,height=600\"\n );\n return new Promise((resolve, reject) => {\n const handleMessage = (event: MessageEvent) => {\n if (!event.data) {\n return;\n }\n const {\n alchemyBundle: bundle,\n alchemyOrgId: orgId,\n alchemyError,\n } = event.data;\n if (bundle && orgId) {\n cleanup();\n popup?.close();\n this.completeAuthWithBundle({\n bundle,\n orgId,\n connectedEventName: \"connectedOauth\",\n }).then(resolve, reject);\n } else if (alchemyError) {\n cleanup();\n popup?.close();\n reject(new OauthFailedError(alchemyError));\n }\n };\n\n window.addEventListener(\"message\", handleMessage);\n\n const checkCloseIntervalId = setInterval(() => {\n if (popup?.closed) {\n cleanup();\n reject(new OauthCancelledError());\n }\n }, CHECK_CLOSE_INTERVAL);\n\n const cleanup = () => {\n window.removeEventListener(\"message\", handleMessage);\n clearInterval(checkCloseIntervalId);\n };\n });\n };\n\n private getOauthProviderUrl = async (args: OauthParams): Promise<string> => {\n const {\n authProviderId,\n isCustomProvider,\n auth0Connection,\n scope: providedScope,\n claims: providedClaims,\n mode,\n redirectUrl,\n expirationSeconds,\n } = args;\n const { codeChallenge, requestKey, authProviders } =\n await this.getOauthConfigForMode(mode);\n const authProvider = authProviders.find(\n (provider) =>\n provider.id === authProviderId &&\n !!provider.isCustomProvider === !!isCustomProvider\n );\n if (!authProvider) {\n throw new Error(`No auth provider found with id ${authProviderId}`);\n }\n let scope: string;\n let claims: string | undefined;\n if (providedScope) {\n scope = addOpenIdIfAbsent(providedScope);\n claims = providedClaims;\n } else {\n if (isCustomProvider) {\n throw new Error(\"scope must be provided for a custom provider\");\n }\n const scopeAndClaims = getDefaultScopeAndClaims(authProviderId);\n if (!scopeAndClaims) {\n throw new Error(\n `Default scope not known for provider ${authProviderId}`\n );\n }\n ({ scope, claims } = scopeAndClaims);\n }\n const { authEndpoint, clientId } = authProvider;\n const turnkeyPublicKey = await this.initIframeStamper();\n const nonce = getOauthNonce(turnkeyPublicKey);\n const stateObject: OauthState = {\n authProviderId,\n isCustomProvider,\n requestKey,\n turnkeyPublicKey,\n expirationSeconds,\n redirectUrl:\n mode === \"redirect\" ? resolveRelativeUrl(redirectUrl) : undefined,\n openerOrigin: mode === \"popup\" ? window.location.origin : undefined,\n };\n const state = base64UrlEncode(\n new TextEncoder().encode(JSON.stringify(stateObject))\n );\n const authUrl = new URL(authEndpoint);\n const params: Record<string, string> = {\n redirect_uri: this.oauthCallbackUrl,\n response_type: \"code\",\n scope,\n state,\n code_challenge: codeChallenge,\n code_challenge_method: \"S256\",\n prompt: \"select_account\",\n client_id: clientId,\n nonce,\n };\n if (claims) {\n params.claims = claims;\n }\n if (auth0Connection) {\n params.connection = auth0Connection;\n }\n authUrl.search = new URLSearchParams(params).toString();\n return authUrl.toString();\n };\n\n private initIframeStamper = async () => {\n if (!this.iframeStamper.publicKey()) {\n await this.iframeStamper.init();\n }\n\n this.setStamper(this.iframeStamper);\n\n return this.iframeStamper.publicKey()!;\n };\n\n private initWebauthnStamper = async (user: User | undefined = this.user) => {\n this.setStamper(this.webauthnStamper);\n if (user && user.credentialId) {\n // The goal here is to allow us to cache the allowed credential, but this doesn't work with hybrid transport :(\n this.webauthnStamper.allowCredentials = [\n {\n id: Buffer.from(user.credentialId, \"base64\"),\n type: \"public-key\",\n transports: [\"internal\", \"hybrid\"],\n },\n ];\n }\n };\n\n protected override getWebAuthnAttestation = async (\n options?: CredentialCreationOptionOverrides,\n userDetails: { username: string } = {\n username: this.user?.email ?? \"anonymous\",\n }\n ) => {\n const challenge = generateRandomBuffer();\n const authenticatorUserId = generateRandomBuffer();\n\n const attestation = await getWebAuthnAttestation({\n publicKey: {\n ...options?.publicKey,\n authenticatorSelection: {\n residentKey: \"preferred\",\n requireResidentKey: false,\n userVerification: \"preferred\",\n ...options?.publicKey?.authenticatorSelection,\n },\n challenge,\n rp: {\n id: window.location.hostname,\n name: window.location.hostname,\n ...options?.publicKey?.rp,\n },\n pubKeyCredParams: [\n {\n type: \"public-key\",\n alg: -7,\n },\n {\n type: \"public-key\",\n alg: -257,\n },\n ],\n user: {\n id: authenticatorUserId,\n name: userDetails.username,\n displayName: userDetails.username,\n ...options?.publicKey?.user,\n },\n },\n signal: options?.signal,\n });\n\n // on iOS sometimes this is returned as empty or null, so handling that here\n if (attestation.transports == null || attestation.transports.length === 0) {\n attestation.transports = [\n \"AUTHENTICATOR_TRANSPORT_INTERNAL\",\n \"AUTHENTICATOR_TRANSPORT_HYBRID\",\n ];\n }\n\n return { challenge, authenticatorUserId, attestation };\n };\n\n protected override getOauthConfig = async (): Promise<OauthConfig> => {\n const publicKey = await this.initIframeStamper();\n const nonce = getOauthNonce(publicKey);\n return this.request(\"/v1/prepare-oauth\", { nonce });\n };\n\n private getOauthConfigForMode = async (\n mode: OauthMode\n ): Promise<OauthConfig> => {\n if (this.oauthConfig) {\n return this.oauthConfig;\n } else if (mode === \"redirect\") {\n return this.initOauth();\n } else {\n throw new Error(\n \"enablePopupOauth must be set in configuration or signer.preparePopupOauth must be called before using popup-based OAuth login\"\n );\n }\n };\n}\n\nfunction resolveRelativeUrl(url: string): string {\n // Funny trick.\n const a = document.createElement(\"a\");\n a.href = url;\n return a.href;\n}\n\n/**\n * \"openid\" is a required scope in the OIDC protocol. Insert it if the user\n * forgot.\n *\n * @param {string} scope scope param which may be missing \"openid\"\n * @returns {string} scope which most definitely contains \"openid\"\n */\nfunction addOpenIdIfAbsent(scope: string): string {\n return scope.match(/\\bopenid\\b/) ? scope : `openid ${scope}`;\n}\n\n/**\n * This error is thrown when the OAuth flow is cancelled because the auth popup\n * window was closed.\n */\nexport class OauthCancelledError extends BaseError {\n override name = \"OauthCancelledError\";\n\n /**\n * Constructor for initializing an error indicating that the OAuth flow was\n * cancelled.\n */\n constructor() {\n super(\"OAuth cancelled\");\n }\n}\n\n/**\n * This error is thrown when an error occurs during the OAuth login flow.\n */\nexport class OauthFailedError extends BaseError {\n override name = \"OauthFailedError\";\n}\n"]}
package/dist/esm/index.d.ts CHANGED
@@ -1,6 +1,6 @@
1
1
  export { BaseAlchemySigner } from "./base.js";
2
2
  export { BaseSignerClient } from "./client/base.js";
3
- export { AlchemySignerWebClient } from "./client/index.js";
3
+ export { AlchemySignerWebClient, OauthCancelledError, OauthFailedError, } from "./client/index.js";
4
4
  export type * from "./client/types.js";
5
5
  export { DEFAULT_SESSION_MS } from "./session/manager.js";
6
6
  export type * from "./signer.js";
package/dist/esm/index.js CHANGED
@@ -1,6 +1,6 @@
1
1
  export { BaseAlchemySigner } from "./base.js";
2
2
  export { BaseSignerClient } from "./client/base.js";
3
- export { AlchemySignerWebClient } from "./client/index.js";
3
+ export { AlchemySignerWebClient, OauthCancelledError, OauthFailedError, } from "./client/index.js";
4
4
  export { DEFAULT_SESSION_MS } from "./session/manager.js";
5
5
  export { AlchemyWebSigner } from "./signer.js";
6
6
  export { AlchemySignerStatus } from "./types.js";
package/dist/esm/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAE1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAE/C,OAAO,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC","sourcesContent":["export { BaseAlchemySigner } from \"./base.js\";\nexport { BaseSignerClient } from \"./client/base.js\";\nexport { AlchemySignerWebClient } from \"./client/index.js\";\nexport type * from \"./client/types.js\";\nexport { DEFAULT_SESSION_MS } from \"./session/manager.js\";\nexport type * from \"./signer.js\";\nexport { AlchemyWebSigner } from \"./signer.js\";\nexport type * from \"./types.js\";\nexport { AlchemySignerStatus } from \"./types.js\";\n"]}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EACL,sBAAsB,EACtB,mBAAmB,EACnB,gBAAgB,GACjB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAE1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAE/C,OAAO,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC","sourcesContent":["export { BaseAlchemySigner } from \"./base.js\";\nexport { BaseSignerClient } from \"./client/base.js\";\nexport {\n AlchemySignerWebClient,\n OauthCancelledError,\n OauthFailedError,\n} from \"./client/index.js\";\nexport type * from \"./client/types.js\";\nexport { DEFAULT_SESSION_MS } from \"./session/manager.js\";\nexport type * from \"./signer.js\";\nexport { AlchemyWebSigner } from \"./signer.js\";\nexport type * from \"./types.js\";\nexport { AlchemySignerStatus } from \"./types.js\";\n"]}
package/dist/esm/oauth.d.ts CHANGED
@@ -1,3 +1,4 @@
1
+ import type { KnownAuthProvider } from "./signer";
1
2
  /**
2
3
  * Turnkey requires the nonce in the id token to be in this format.
3
4
  *
@@ -15,4 +16,4 @@ export type ScopeAndClaims = {
15
16
  * @param {string} knownAuthProviderId id of a known auth provider, e.g. "google"
16
17
  * @returns {ScopeAndClaims | undefined} default scope and claims
17
18
  */
18
- export declare function getDefaultScopeAndClaims(knownAuthProviderId: string): ScopeAndClaims | undefined;
19
+ export declare function getDefaultScopeAndClaims(knownAuthProviderId: KnownAuthProvider): ScopeAndClaims | undefined;
package/dist/esm/oauth.js CHANGED
@@ -12,10 +12,7 @@ const DEFAULT_SCOPE_AND_CLAIMS = {
12
12
  google: { scope: "openid email" },
13
13
  apple: { scope: "openid email" },
14
14
  facebook: { scope: "openid email" },
15
- twitch: {
16
- scope: "openid user:read:email",
17
- claims: JSON.stringify({ id_token: { email: null } }),
18
- },
15
+ auth0: { scope: "openid email" },
19
16
  };
20
17
  /**
21
18
  * Returns the default scope and claims when using a known auth provider
package/dist/esm/oauth.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth.js","sourceRoot":"","sources":["../../src/oauth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAC;AAE9B;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,gBAAwB;IACpD,OAAO,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACrE,CAAC;AAOD,MAAM,wBAAwB,GAAmC;IAC/D,MAAM,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE;IACjC,KAAK,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE;IAChC,QAAQ,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE;IACnC,MAAM,EAAE;QACN,KAAK,EAAE,wBAAwB;QAC/B,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC;KACtD;CACF,CAAC;AAEF;;;;;GAKG;AACH,MAAM,UAAU,wBAAwB,CACtC,mBAA2B;IAE3B,OAAO,wBAAwB,CAAC,mBAAmB,CAAC,CAAC;AACvD,CAAC","sourcesContent":["import { sha256 } from \"viem\";\n\n/**\n * Turnkey requires the nonce in the id token to be in this format.\n *\n * @param {string} turnkeyPublicKey key from a Turnkey iframe\n * @returns {string} nonce to be used in OIDC\n */\nexport function getOauthNonce(turnkeyPublicKey: string): string {\n return sha256(new TextEncoder().encode(turnkeyPublicKey)).slice(2);\n}\n\nexport type ScopeAndClaims = {\n scope: string;\n claims?: string;\n};\n\nconst DEFAULT_SCOPE_AND_CLAIMS: Record<string, ScopeAndClaims> = {\n google: { scope: \"openid email\" },\n apple: { scope: \"openid email\" },\n facebook: { scope: \"openid email\" },\n twitch: {\n scope: \"openid user:read:email\",\n claims: JSON.stringify({ id_token: { email: null } }),\n },\n};\n\n/**\n * Returns the default scope and claims when using a known auth provider\n *\n * @param {string} knownAuthProviderId id of a known auth provider, e.g. \"google\"\n * @returns {ScopeAndClaims | undefined} default scope and claims\n */\nexport function getDefaultScopeAndClaims(\n knownAuthProviderId: string\n): ScopeAndClaims | undefined {\n return DEFAULT_SCOPE_AND_CLAIMS[knownAuthProviderId];\n}\n"]}
1
+ {"version":3,"file":"oauth.js","sourceRoot":"","sources":["../../src/oauth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAC;AAG9B;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,gBAAwB;IACpD,OAAO,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACrE,CAAC;AAOD,MAAM,wBAAwB,GAA8C;IAC1E,MAAM,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE;IACjC,KAAK,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE;IAChC,QAAQ,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE;IACnC,KAAK,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE;CACjC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,UAAU,wBAAwB,CACtC,mBAAsC;IAEtC,OAAO,wBAAwB,CAAC,mBAAmB,CAAC,CAAC;AACvD,CAAC","sourcesContent":["import { sha256 } from \"viem\";\nimport type { KnownAuthProvider } from \"./signer\";\n\n/**\n * Turnkey requires the nonce in the id token to be in this format.\n *\n * @param {string} turnkeyPublicKey key from a Turnkey iframe\n * @returns {string} nonce to be used in OIDC\n */\nexport function getOauthNonce(turnkeyPublicKey: string): string {\n return sha256(new TextEncoder().encode(turnkeyPublicKey)).slice(2);\n}\n\nexport type ScopeAndClaims = {\n scope: string;\n claims?: string;\n};\n\nconst DEFAULT_SCOPE_AND_CLAIMS: Record<KnownAuthProvider, ScopeAndClaims> = {\n google: { scope: \"openid email\" },\n apple: { scope: \"openid email\" },\n facebook: { scope: \"openid email\" },\n auth0: { scope: \"openid email\" },\n};\n\n/**\n * Returns the default scope and claims when using a known auth provider\n *\n * @param {string} knownAuthProviderId id of a known auth provider, e.g. \"google\"\n * @returns {ScopeAndClaims | undefined} default scope and claims\n */\nexport function getDefaultScopeAndClaims(\n knownAuthProviderId: KnownAuthProvider\n): ScopeAndClaims | undefined {\n return DEFAULT_SCOPE_AND_CLAIMS[knownAuthProviderId];\n}\n"]}
package/dist/esm/signer.d.ts CHANGED
@@ -24,23 +24,35 @@ export type AuthParams = {
24
24
  creationOpts?: CredentialCreationOptionOverrides;
25
25
  } | ({
26
26
  type: "oauth";
27
- authProviderId: string;
28
- isCustomProvider?: boolean;
29
27
  scope?: string;
30
28
  claims?: string;
31
- } & RedirectConfig) | {
29
+ } & OauthProviderConfig & OauthRedirectConfig) | {
32
30
  type: "oauthReturn";
33
31
  bundle: string;
34
32
  orgId: string;
35
33
  };
36
- export type OauthMode = "redirect" | "popup";
37
- export type RedirectConfig = {
34
+ export type OauthProviderConfig = {
35
+ authProviderId: "auth0";
36
+ isCustomProvider?: false;
37
+ auth0Connection?: string;
38
+ } | {
39
+ authProviderId: KnownAuthProvider;
40
+ isCustomProvider?: false;
41
+ auth0Connection?: never;
42
+ } | {
43
+ authProviderId: string;
44
+ isCustomProvider: true;
45
+ auth0Connection?: never;
46
+ };
47
+ export type OauthRedirectConfig = {
38
48
  mode: "redirect";
39
49
  redirectUrl: string;
40
50
  } | {
41
51
  mode: "popup";
42
52
  redirectUrl?: never;
43
53
  };
54
+ export type KnownAuthProvider = "google" | "apple" | "facebook" | "auth0";
55
+ export type OauthMode = "redirect" | "popup";
44
56
  export declare const AlchemySignerParamsSchema: z.ZodObject<{
45
57
  client: z.ZodUnion<[z.ZodType<AlchemySignerWebClient, z.ZodTypeDef, AlchemySignerWebClient>, z.ZodObject<{
46
58
  connection: z.ZodUnion<[z.ZodObject<{
package/dist/esm/signer.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"signer.js","sourceRoot":"","sources":["../../src/signer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,EACL,+BAA+B,EAC/B,sBAAsB,GACvB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAE,0BAA0B,EAAE,MAAM,sBAAsB,CAAC;AAmClE,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC;KACvC,MAAM,CAAC;IACN,MAAM,EAAE,CAAC;SACN,MAAM,EAA0B;SAChC,EAAE,CAAC,+BAA+B,CAAC;CACvC,CAAC;KACD,MAAM,CAAC;IACN,aAAa,EAAE,0BAA0B,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC5E,CAAC,CAAC;AAIL;;GAEG;AACH,MAAM,OAAO,gBAAiB,SAAQ,iBAAyC;IAC7E;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,YAAY,MAA2B;QACrC,MAAM,EAAE,aAAa,EAAE,GAAG,OAAO,EAAE,GACjC,yBAAyB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAE1C,IAAI,MAA8B,CAAC;QACnC,IAAI,YAAY,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnC,MAAM,GAAG,IAAI,sBAAsB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACtD,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC1B,CAAC;QACD,KAAK,CAAC;YACJ,MAAM;YACN,aAAa;SACd,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["import { z } from \"zod\";\nimport { BaseAlchemySigner } from \"./base.js\";\nimport {\n AlchemySignerClientParamsSchema,\n AlchemySignerWebClient,\n} from \"./client/index.js\";\nimport type { CredentialCreationOptionOverrides } from \"./client/types.js\";\nimport { SessionManagerParamsSchema } from \"./session/manager.js\";\n\nexport type AuthParams =\n | { type: \"email\"; email: string; redirectParams?: URLSearchParams }\n | { type: \"email\"; bundle: string; orgId?: string }\n | {\n type: \"passkey\";\n email: string;\n creationOpts?: CredentialCreationOptionOverrides;\n }\n | {\n type: \"passkey\";\n createNew: false;\n }\n | {\n type: \"passkey\";\n createNew: true;\n username: string;\n creationOpts?: CredentialCreationOptionOverrides;\n }\n | ({\n type: \"oauth\";\n authProviderId: string;\n isCustomProvider?: boolean;\n scope?: string;\n claims?: string;\n } & RedirectConfig)\n | { type: \"oauthReturn\"; bundle: string; orgId: string };\n\nexport type OauthMode = \"redirect\" | \"popup\";\n\nexport type RedirectConfig =\n | { mode: \"redirect\"; redirectUrl: string }\n | { mode: \"popup\"; redirectUrl?: never };\n\nexport const AlchemySignerParamsSchema = z\n .object({\n client: z\n .custom<AlchemySignerWebClient>()\n .or(AlchemySignerClientParamsSchema),\n })\n .extend({\n sessionConfig: SessionManagerParamsSchema.omit({ client: true }).optional(),\n });\n\nexport type AlchemySignerParams = z.input<typeof AlchemySignerParamsSchema>;\n\n/**\n * A SmartAccountSigner that can be used with any SmartContractAccount\n */\nexport class AlchemyWebSigner extends BaseAlchemySigner<AlchemySignerWebClient> {\n /**\n * Initializes an instance with the provided Alchemy signer parameters after parsing them with a schema.\n *\n * @example\n * ```ts\n * import { AlchemyWebSigner } from \"@account-kit/signer\";\n *\n * const signer = new AlchemyWebSigner({\n * client: {\n * connection: {\n * rpcUrl: \"/api/rpc\",\n * },\n * iframeConfig: {\n * iframeContainerId: \"alchemy-signer-iframe-container\",\n * },\n * },\n * });\n * ```\n *\n * @param {AlchemySignerParams} params The parameters for the Alchemy signer, including the client and session configuration\n */\n constructor(params: AlchemySignerParams) {\n const { sessionConfig, ...params_ } =\n AlchemySignerParamsSchema.parse(params);\n\n let client: AlchemySignerWebClient;\n if (\"connection\" in params_.client) {\n client = new AlchemySignerWebClient(params_.client);\n } else {\n client = params_.client;\n }\n super({\n client,\n sessionConfig,\n });\n }\n}\n"]}
1
+ {"version":3,"file":"signer.js","sourceRoot":"","sources":["../../src/signer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,EACL,+BAA+B,EAC/B,sBAAsB,GACvB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAE,0BAA0B,EAAE,MAAM,sBAAsB,CAAC;AAqDlE,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC;KACvC,MAAM,CAAC;IACN,MAAM,EAAE,CAAC;SACN,MAAM,EAA0B;SAChC,EAAE,CAAC,+BAA+B,CAAC;CACvC,CAAC;KACD,MAAM,CAAC;IACN,aAAa,EAAE,0BAA0B,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC5E,CAAC,CAAC;AAIL;;GAEG;AACH,MAAM,OAAO,gBAAiB,SAAQ,iBAAyC;IAC7E;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,YAAY,MAA2B;QACrC,MAAM,EAAE,aAAa,EAAE,GAAG,OAAO,EAAE,GACjC,yBAAyB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAE1C,IAAI,MAA8B,CAAC;QACnC,IAAI,YAAY,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnC,MAAM,GAAG,IAAI,sBAAsB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACtD,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC1B,CAAC;QACD,KAAK,CAAC;YACJ,MAAM;YACN,aAAa;SACd,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["import { z } from \"zod\";\nimport { BaseAlchemySigner } from \"./base.js\";\nimport {\n AlchemySignerClientParamsSchema,\n AlchemySignerWebClient,\n} from \"./client/index.js\";\nimport type { CredentialCreationOptionOverrides } from \"./client/types.js\";\nimport { SessionManagerParamsSchema } from \"./session/manager.js\";\n\nexport type AuthParams =\n | { type: \"email\"; email: string; redirectParams?: URLSearchParams }\n | { type: \"email\"; bundle: string; orgId?: string }\n | {\n type: \"passkey\";\n email: string;\n creationOpts?: CredentialCreationOptionOverrides;\n }\n | {\n type: \"passkey\";\n createNew: false;\n }\n | {\n type: \"passkey\";\n createNew: true;\n username: string;\n creationOpts?: CredentialCreationOptionOverrides;\n }\n | ({\n type: \"oauth\";\n scope?: string;\n claims?: string;\n } & OauthProviderConfig &\n OauthRedirectConfig)\n | { type: \"oauthReturn\"; bundle: string; orgId: string };\n\nexport type OauthProviderConfig =\n | {\n authProviderId: \"auth0\";\n isCustomProvider?: false;\n auth0Connection?: string;\n }\n | {\n authProviderId: KnownAuthProvider;\n isCustomProvider?: false;\n auth0Connection?: never;\n }\n | {\n authProviderId: string;\n isCustomProvider: true;\n auth0Connection?: never;\n };\n\nexport type OauthRedirectConfig =\n | { mode: \"redirect\"; redirectUrl: string }\n | { mode: \"popup\"; redirectUrl?: never };\n\nexport type KnownAuthProvider = \"google\" | \"apple\" | \"facebook\" | \"auth0\";\n\nexport type OauthMode = \"redirect\" | \"popup\";\n\nexport const AlchemySignerParamsSchema = z\n .object({\n client: z\n .custom<AlchemySignerWebClient>()\n .or(AlchemySignerClientParamsSchema),\n })\n .extend({\n sessionConfig: SessionManagerParamsSchema.omit({ client: true }).optional(),\n });\n\nexport type AlchemySignerParams = z.input<typeof AlchemySignerParamsSchema>;\n\n/**\n * A SmartAccountSigner that can be used with any SmartContractAccount\n */\nexport class AlchemyWebSigner extends BaseAlchemySigner<AlchemySignerWebClient> {\n /**\n * Initializes an instance with the provided Alchemy signer parameters after parsing them with a schema.\n *\n * @example\n * ```ts\n * import { AlchemyWebSigner } from \"@account-kit/signer\";\n *\n * const signer = new AlchemyWebSigner({\n * client: {\n * connection: {\n * rpcUrl: \"/api/rpc\",\n * },\n * iframeConfig: {\n * iframeContainerId: \"alchemy-signer-iframe-container\",\n * },\n * },\n * });\n * ```\n *\n * @param {AlchemySignerParams} params The parameters for the Alchemy signer, including the client and session configuration\n */\n constructor(params: AlchemySignerParams) {\n const { sessionConfig, ...params_ } =\n AlchemySignerParamsSchema.parse(params);\n\n let client: AlchemySignerWebClient;\n if (\"connection\" in params_.client) {\n client = new AlchemySignerWebClient(params_.client);\n } else {\n client = params_.client;\n }\n super({\n client,\n sessionConfig,\n });\n }\n}\n"]}
package/dist/esm/version.d.ts CHANGED
@@ -1 +1 @@
1
- export declare const VERSION = "4.0.0-beta.6";
1
+ export declare const VERSION = "4.0.0-beta.8";
package/dist/esm/version.js CHANGED
@@ -1,4 +1,4 @@
1
1
  // This file is autogenerated by inject-version.ts. Any changes will be
2
2
  // overwritten on commit!
3
- export const VERSION = "4.0.0-beta.6";
3
+ export const VERSION = "4.0.0-beta.8";
4
4
  //# sourceMappingURL=version.js.map
package/dist/esm/version.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"version.js","sourceRoot":"","sources":["../../src/version.ts"],"names":[],"mappings":"AAAA,uEAAuE;AACvE,yBAAyB;AACzB,MAAM,CAAC,MAAM,OAAO,GAAG,cAAc,CAAC","sourcesContent":["// This file is autogenerated by inject-version.ts. Any changes will be\n// overwritten on commit!\nexport const VERSION = \"4.0.0-beta.6\";\n"]}
1
+ {"version":3,"file":"version.js","sourceRoot":"","sources":["../../src/version.ts"],"names":[],"mappings":"AAAA,uEAAuE;AACvE,yBAAyB;AACzB,MAAM,CAAC,MAAM,OAAO,GAAG,cAAc,CAAC","sourcesContent":["// This file is autogenerated by inject-version.ts. Any changes will be\n// overwritten on commit!\nexport const VERSION = \"4.0.0-beta.8\";\n"]}
package/dist/types/client/index.d.ts CHANGED
@@ -1,3 +1,4 @@
1
+ import { BaseError } from "@aa-sdk/core";
1
2
  import { z } from "zod";
2
3
  import { BaseSignerClient } from "./base.js";
3
4
  import type { AlchemySignerClientEvents, CreateAccountParams, CredentialCreationOptionOverrides, EmailAuthParams, ExportWalletParams, OauthConfig, User } from "./types.js";
@@ -379,4 +380,22 @@ export declare class AlchemySignerWebClient extends BaseSignerClient<ExportWalle
379
380
  protected getOauthConfig: () => Promise<OauthConfig>;
380
381
  private getOauthConfigForMode;
381
382
  }
383
+ /**
384
+ * This error is thrown when the OAuth flow is cancelled because the auth popup
385
+ * window was closed.
386
+ */
387
+ export declare class OauthCancelledError extends BaseError {
388
+ name: string;
389
+ /**
390
+ * Constructor for initializing an error indicating that the OAuth flow was
391
+ * cancelled.
392
+ */
393
+ constructor();
394
+ }
395
+ /**
396
+ * This error is thrown when an error occurs during the OAuth login flow.
397
+ */
398
+ export declare class OauthFailedError extends BaseError {
399
+ name: string;
400
+ }
382
401
  //# sourceMappingURL=index.d.ts.map
package/dist/types/client/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/client/index.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,KAAK,EACV,yBAAyB,EACzB,mBAAmB,EACnB,iCAAiC,EACjC,eAAe,EACf,kBAAkB,EAClB,WAAW,EAEX,IAAI,EACL,MAAM,YAAY,CAAC;AAEpB,OAAO,KAAK,EAAE,UAAU,EAAa,MAAM,cAAc,CAAC;AAI1D,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAgB1C,CAAC;AAEH,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAC7C,OAAO,+BAA+B,CACvC,CAAC;AAYF;;;GAGG;AACH,qBAAa,sBAAuB,SAAQ,gBAAgB,CAAC,kBAAkB,CAAC;IAC9E,OAAO,CAAC,aAAa,CAAgB;IACrC,OAAO,CAAC,eAAe,CAAkB;IACzC,gBAAgB,EAAE,MAAM,CAAC;IACzB,iBAAiB,EAAE,MAAM,CAAC;IAE1B;;;;;;;;;;;;;;;;;;;;;;OAsBG;gBACS,MAAM,EAAE,yBAAyB;IA0B7C;;;;;;;;;;;;;;;;;;;;;OAqBG;IACa,aAAa,WAAkB,mBAAmB,kDAwChE;IAEF;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACa,aAAa,WACnB,KAAK,eAAe,EAAE,iBAAiB,CAAC;;OAYhD;IAEF;;;;;;;;;;;;;;;;;;;;;OAqBG;IACa,sBAAsB;gBAK5B,MAAM;eACP,MAAM;4BACO,MAAM,yBAAyB;UACjD,QAAQ,IAAI,CAAC,CAcf;IAEF;;;;;;;;;;;;;;;;;;;;;OAqBG;IACa,qBAAqB,UAC7B,IAAI,GAAG,SAAS,mBActB;IAEF;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACa,YAAY,4CAGzB,kBAAkB,sBAmBnB;IAEF;;;;;;;;;;;;;;;;;;OAkBG;IACa,UAAU,sBAGxB;IAEF;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACa,iBAAiB,SACzB,QAAQ,UAAU,EAAE;QAAE,IAAI,EAAE,OAAO,CAAC;QAAC,IAAI,EAAE,UAAU,CAAA;KAAE,CAAC,KAC7D,QAAQ,KAAK,CAAC,CAMf;IAEF;;;;;;;;;;;;;;;;;;;;;;;;;OAyBG;IACa,cAAc,SACtB,QAAQ,UAAU,EAAE;QAAE,IAAI,EAAE,OAAO,CAAC;QAAC,IAAI,EAAE,OAAO,CAAA;KAAE,CAAC,KAC1D,QAAQ,IAAI,CAAC,CAqCd;IAEF,OAAO,CAAC,mBAAmB,CAsEzB;IAEF,OAAO,CAAC,iBAAiB,CAQvB;IAEF,OAAO,CAAC,mBAAmB,CAYzB;IAEF,UAAmB,sBAAsB,aAC7B,iCAAiC,gBAC9B;QAAE,QAAQ,EAAE,MAAM,CAAA;KAAE;;;;;;;;;OAmDjC;IAEF,UAAmB,cAAc,QAAa,QAAQ,WAAW,CAAC,CAIhE;IAEF,OAAO,CAAC,qBAAqB,CAY3B;CACH"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/client/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAA0B,MAAM,cAAc,CAAC;AAIjE,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,KAAK,EACV,yBAAyB,EACzB,mBAAmB,EACnB,iCAAiC,EACjC,eAAe,EACf,kBAAkB,EAClB,WAAW,EAEX,IAAI,EACL,MAAM,YAAY,CAAC;AAEpB,OAAO,KAAK,EAAE,UAAU,EAAa,MAAM,cAAc,CAAC;AAI1D,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAgB1C,CAAC;AAEH,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAC7C,OAAO,+BAA+B,CACvC,CAAC;AAYF;;;GAGG;AACH,qBAAa,sBAAuB,SAAQ,gBAAgB,CAAC,kBAAkB,CAAC;IAC9E,OAAO,CAAC,aAAa,CAAgB;IACrC,OAAO,CAAC,eAAe,CAAkB;IACzC,gBAAgB,EAAE,MAAM,CAAC;IACzB,iBAAiB,EAAE,MAAM,CAAC;IAE1B;;;;;;;;;;;;;;;;;;;;;;OAsBG;gBACS,MAAM,EAAE,yBAAyB;IA0B7C;;;;;;;;;;;;;;;;;;;;;OAqBG;IACa,aAAa,WAAkB,mBAAmB,kDAwChE;IAEF;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACa,aAAa,WACnB,KAAK,eAAe,EAAE,iBAAiB,CAAC;;OAYhD;IAEF;;;;;;;;;;;;;;;;;;;;;OAqBG;IACa,sBAAsB;gBAK5B,MAAM;eACP,MAAM;4BACO,MAAM,yBAAyB;UACjD,QAAQ,IAAI,CAAC,CAcf;IAEF;;;;;;;;;;;;;;;;;;;;;OAqBG;IACa,qBAAqB,UAC7B,IAAI,GAAG,SAAS,mBActB;IAEF;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACa,YAAY,4CAGzB,kBAAkB,sBAmBnB;IAEF;;;;;;;;;;;;;;;;;;OAkBG;IACa,UAAU,sBAGxB;IAEF;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACa,iBAAiB,SACzB,QAAQ,UAAU,EAAE;QAAE,IAAI,EAAE,OAAO,CAAC;QAAC,IAAI,EAAE,UAAU,CAAA;KAAE,CAAC,KAC7D,QAAQ,KAAK,CAAC,CAMf;IAEF;;;;;;;;;;;;;;;;;;;;;;;;;OAyBG;IACa,cAAc,SACtB,QAAQ,UAAU,EAAE;QAAE,IAAI,EAAE,OAAO,CAAC;QAAC,IAAI,EAAE,OAAO,CAAA;KAAE,CAAC,KAC1D,QAAQ,IAAI,CAAC,CA8Cd;IAEF,OAAO,CAAC,mBAAmB,CA0EzB;IAEF,OAAO,CAAC,iBAAiB,CAQvB;IAEF,OAAO,CAAC,mBAAmB,CAYzB;IAEF,UAAmB,sBAAsB,aAC7B,iCAAiC,gBAC9B;QAAE,QAAQ,EAAE,MAAM,CAAA;KAAE;;;;;;;;;OAmDjC;IAEF,UAAmB,cAAc,QAAa,QAAQ,WAAW,CAAC,CAIhE;IAEF,OAAO,CAAC,qBAAqB,CAY3B;CACH;AAoBD;;;GAGG;AACH,qBAAa,mBAAoB,SAAQ,SAAS;IACvC,IAAI,SAAyB;IAEtC;;;OAGG;;CAIJ;AAED;;GAEG;AACH,qBAAa,gBAAiB,SAAQ,SAAS;IACpC,IAAI,SAAsB;CACpC"}
package/dist/types/index.d.ts CHANGED
@@ -1,6 +1,6 @@
1
1
  export { BaseAlchemySigner } from "./base.js";
2
2
  export { BaseSignerClient } from "./client/base.js";
3
- export { AlchemySignerWebClient } from "./client/index.js";
3
+ export { AlchemySignerWebClient, OauthCancelledError, OauthFailedError, } from "./client/index.js";
4
4
  export type * from "./client/types.js";
5
5
  export { DEFAULT_SESSION_MS } from "./session/manager.js";
6
6
  export type * from "./signer.js";
package/dist/types/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AAC3D,mBAAmB,mBAAmB,CAAC;AACvC,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,mBAAmB,aAAa,CAAC;AACjC,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,mBAAmB,YAAY,CAAC;AAChC,OAAO,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EACL,sBAAsB,EACtB,mBAAmB,EACnB,gBAAgB,GACjB,MAAM,mBAAmB,CAAC;AAC3B,mBAAmB,mBAAmB,CAAC;AACvC,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,mBAAmB,aAAa,CAAC;AACjC,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,mBAAmB,YAAY,CAAC;AAChC,OAAO,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC"}
package/dist/types/oauth.d.ts CHANGED
@@ -1,3 +1,4 @@
1
+ import type { KnownAuthProvider } from "./signer";
1
2
  /**
2
3
  * Turnkey requires the nonce in the id token to be in this format.
3
4
  *
@@ -15,5 +16,5 @@ export type ScopeAndClaims = {
15
16
  * @param {string} knownAuthProviderId id of a known auth provider, e.g. "google"
16
17
  * @returns {ScopeAndClaims | undefined} default scope and claims
17
18
  */
18
- export declare function getDefaultScopeAndClaims(knownAuthProviderId: string): ScopeAndClaims | undefined;
19
+ export declare function getDefaultScopeAndClaims(knownAuthProviderId: KnownAuthProvider): ScopeAndClaims | undefined;
19
20
  //# sourceMappingURL=oauth.d.ts.map
package/dist/types/oauth.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../../src/oauth.ts"],"names":[],"mappings":"AAEA;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,gBAAgB,EAAE,MAAM,GAAG,MAAM,CAE9D;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC;AAYF;;;;;GAKG;AACH,wBAAgB,wBAAwB,CACtC,mBAAmB,EAAE,MAAM,GAC1B,cAAc,GAAG,SAAS,CAE5B"}
1
+ {"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../../src/oauth.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAElD;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,gBAAgB,EAAE,MAAM,GAAG,MAAM,CAE9D;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC;AASF;;;;;GAKG;AACH,wBAAgB,wBAAwB,CACtC,mBAAmB,EAAE,iBAAiB,GACrC,cAAc,GAAG,SAAS,CAE5B"}
package/dist/types/signer.d.ts CHANGED
@@ -24,23 +24,35 @@ export type AuthParams = {
24
24
  creationOpts?: CredentialCreationOptionOverrides;
25
25
  } | ({
26
26
  type: "oauth";
27
- authProviderId: string;
28
- isCustomProvider?: boolean;
29
27
  scope?: string;
30
28
  claims?: string;
31
- } & RedirectConfig) | {
29
+ } & OauthProviderConfig & OauthRedirectConfig) | {
32
30
  type: "oauthReturn";
33
31
  bundle: string;
34
32
  orgId: string;
35
33
  };
36
- export type OauthMode = "redirect" | "popup";
37
- export type RedirectConfig = {
34
+ export type OauthProviderConfig = {
35
+ authProviderId: "auth0";
36
+ isCustomProvider?: false;
37
+ auth0Connection?: string;
38
+ } | {
39
+ authProviderId: KnownAuthProvider;
40
+ isCustomProvider?: false;
41
+ auth0Connection?: never;
42
+ } | {
43
+ authProviderId: string;
44
+ isCustomProvider: true;
45
+ auth0Connection?: never;
46
+ };
47
+ export type OauthRedirectConfig = {
38
48
  mode: "redirect";
39
49
  redirectUrl: string;
40
50
  } | {
41
51
  mode: "popup";
42
52
  redirectUrl?: never;
43
53
  };
54
+ export type KnownAuthProvider = "google" | "apple" | "facebook" | "auth0";
55
+ export type OauthMode = "redirect" | "popup";
44
56
  export declare const AlchemySignerParamsSchema: z.ZodObject<{
45
57
  client: z.ZodUnion<[z.ZodType<AlchemySignerWebClient, z.ZodTypeDef, AlchemySignerWebClient>, z.ZodObject<{
46
58
  connection: z.ZodUnion<[z.ZodObject<{
package/dist/types/signer.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"signer.d.ts","sourceRoot":"","sources":["../../src/signer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,EAEL,sBAAsB,EACvB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,mBAAmB,CAAC;AAG3E,MAAM,MAAM,UAAU,GAClB;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,cAAc,CAAC,EAAE,eAAe,CAAA;CAAE,GAClE;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,GACjD;IACE,IAAI,EAAE,SAAS,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,CAAC,EAAE,iCAAiC,CAAC;CAClD,GACD;IACE,IAAI,EAAE,SAAS,CAAC;IAChB,SAAS,EAAE,KAAK,CAAC;CAClB,GACD;IACE,IAAI,EAAE,SAAS,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,iCAAiC,CAAC;CAClD,GACD,CAAC;IACC,IAAI,EAAE,OAAO,CAAC;IACd,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,GAAG,cAAc,CAAC,GACnB;IAAE,IAAI,EAAE,aAAa,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC;AAE3D,MAAM,MAAM,SAAS,GAAG,UAAU,GAAG,OAAO,CAAC;AAE7C,MAAM,MAAM,cAAc,GACtB;IAAE,IAAI,EAAE,UAAU,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,GACzC;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,WAAW,CAAC,EAAE,KAAK,CAAA;CAAE,CAAC;AAE3C,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAQlC,CAAC;AAEL,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAE5E;;GAEG;AACH,qBAAa,gBAAiB,SAAQ,iBAAiB,CAAC,sBAAsB,CAAC;IAC7E;;;;;;;;;;;;;;;;;;;;OAoBG;gBACS,MAAM,EAAE,mBAAmB;CAexC"}
1
+ {"version":3,"file":"signer.d.ts","sourceRoot":"","sources":["../../src/signer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,EAEL,sBAAsB,EACvB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,mBAAmB,CAAC;AAG3E,MAAM,MAAM,UAAU,GAClB;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,cAAc,CAAC,EAAE,eAAe,CAAA;CAAE,GAClE;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,GACjD;IACE,IAAI,EAAE,SAAS,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,CAAC,EAAE,iCAAiC,CAAC;CAClD,GACD;IACE,IAAI,EAAE,SAAS,CAAC;IAChB,SAAS,EAAE,KAAK,CAAC;CAClB,GACD;IACE,IAAI,EAAE,SAAS,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,iCAAiC,CAAC;CAClD,GACD,CAAC;IACC,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,GAAG,mBAAmB,GACrB,mBAAmB,CAAC,GACtB;IAAE,IAAI,EAAE,aAAa,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC;AAE3D,MAAM,MAAM,mBAAmB,GAC3B;IACE,cAAc,EAAE,OAAO,CAAC;IACxB,gBAAgB,CAAC,EAAE,KAAK,CAAC;IACzB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B,GACD;IACE,cAAc,EAAE,iBAAiB,CAAC;IAClC,gBAAgB,CAAC,EAAE,KAAK,CAAC;IACzB,eAAe,CAAC,EAAE,KAAK,CAAC;CACzB,GACD;IACE,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,IAAI,CAAC;IACvB,eAAe,CAAC,EAAE,KAAK,CAAC;CACzB,CAAC;AAEN,MAAM,MAAM,mBAAmB,GAC3B;IAAE,IAAI,EAAE,UAAU,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,GACzC;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,WAAW,CAAC,EAAE,KAAK,CAAA;CAAE,CAAC;AAE3C,MAAM,MAAM,iBAAiB,GAAG,QAAQ,GAAG,OAAO,GAAG,UAAU,GAAG,OAAO,CAAC;AAE1E,MAAM,MAAM,SAAS,GAAG,UAAU,GAAG,OAAO,CAAC;AAE7C,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAQlC,CAAC;AAEL,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAE5E;;GAEG;AACH,qBAAa,gBAAiB,SAAQ,iBAAiB,CAAC,sBAAsB,CAAC;IAC7E;;;;;;;;;;;;;;;;;;;;OAoBG;gBACS,MAAM,EAAE,mBAAmB;CAexC"}
package/dist/types/version.d.ts CHANGED
@@ -1,2 +1,2 @@
1
- export declare const VERSION = "4.0.0-beta.6";
1
+ export declare const VERSION = "4.0.0-beta.8";
2
2
  //# sourceMappingURL=version.d.ts.map
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@account-kit/signer",
3
- "version": "4.0.0-beta.6",
3
+ "version": "4.0.0-beta.8",
4
4
  "description": "Core interfaces and clients for interfacing with the Alchemy Signer API",
5
5
  "author": "Alchemy",
6
6
  "license": "MIT",
@@ -49,7 +49,7 @@
49
49
  "vitest": "^2.0.4"
50
50
  },
51
51
  "dependencies": {
52
- "@aa-sdk/core": "^4.0.0-beta.6",
52
+ "@aa-sdk/core": "^4.0.0-beta.8",
53
53
  "@turnkey/http": "^2.6.2",
54
54
  "@turnkey/iframe-stamper": "^1.0.0",
55
55
  "@turnkey/viem": "^0.4.8",
@@ -71,5 +71,5 @@
71
71
  "url": "https://github.com/alchemyplatform/aa-sdk/issues"
72
72
  },
73
73
  "homepage": "https://github.com/alchemyplatform/aa-sdk#readme",
74
- "gitHead": "c25850c8617a78ee1956896b64c85db7a9ad6c08"
74
+ "gitHead": "de91f21bd8a8578a5cb119624fad7cc9b3726fee"
75
75
  }
package/src/client/index.ts CHANGED
@@ -1,4 +1,4 @@
1
- import { ConnectionConfigSchema } from "@aa-sdk/core";
1
+ import { BaseError, ConnectionConfigSchema } from "@aa-sdk/core";
2
2
  import { getWebAuthnAttestation } from "@turnkey/http";
3
3
  import { IframeStamper } from "@turnkey/iframe-stamper";
4
4
  import { WebauthnStamper } from "@turnkey/webauthn-stamper";
@@ -451,14 +451,23 @@ export class AlchemySignerWebClient extends BaseSignerClient<ExportWalletParams>
451
451
  if (!event.data) {
452
452
  return;
453
453
  }
454
- const { alchemyBundle: bundle, alchemyOrgId: orgId } = event.data;
454
+ const {
455
+ alchemyBundle: bundle,
456
+ alchemyOrgId: orgId,
457
+ alchemyError,
458
+ } = event.data;
455
459
  if (bundle && orgId) {
456
460
  cleanup();
461
+ popup?.close();
457
462
  this.completeAuthWithBundle({
458
463
  bundle,
459
464
  orgId,
460
465
  connectedEventName: "connectedOauth",
461
466
  }).then(resolve, reject);
467
+ } else if (alchemyError) {
468
+ cleanup();
469
+ popup?.close();
470
+ reject(new OauthFailedError(alchemyError));
462
471
  }
463
472
  };
464
473
 
@@ -467,7 +476,7 @@ export class AlchemySignerWebClient extends BaseSignerClient<ExportWalletParams>
467
476
  const checkCloseIntervalId = setInterval(() => {
468
477
  if (popup?.closed) {
469
478
  cleanup();
470
- reject(new Error("OAuth cancelled"));
479
+ reject(new OauthCancelledError());
471
480
  }
472
481
  }, CHECK_CLOSE_INTERVAL);
473
482
 
@@ -482,6 +491,7 @@ export class AlchemySignerWebClient extends BaseSignerClient<ExportWalletParams>
482
491
  const {
483
492
  authProviderId,
484
493
  isCustomProvider,
494
+ auth0Connection,
485
495
  scope: providedScope,
486
496
  claims: providedClaims,
487
497
  mode,
@@ -501,7 +511,7 @@ export class AlchemySignerWebClient extends BaseSignerClient<ExportWalletParams>
501
511
  let scope: string;
502
512
  let claims: string | undefined;
503
513
  if (providedScope) {
504
- scope = providedScope;
514
+ scope = addOpenIdIfAbsent(providedScope);
505
515
  claims = providedClaims;
506
516
  } else {
507
517
  if (isCustomProvider) {
@@ -546,6 +556,9 @@ export class AlchemySignerWebClient extends BaseSignerClient<ExportWalletParams>
546
556
  if (claims) {
547
557
  params.claims = claims;
548
558
  }
559
+ if (auth0Connection) {
560
+ params.connection = auth0Connection;
561
+ }
549
562
  authUrl.search = new URLSearchParams(params).toString();
550
563
  return authUrl.toString();
551
564
  };
@@ -656,3 +669,37 @@ function resolveRelativeUrl(url: string): string {
656
669
  a.href = url;
657
670
  return a.href;
658
671
  }
672
+
673
+ /**
674
+ * "openid" is a required scope in the OIDC protocol. Insert it if the user
675
+ * forgot.
676
+ *
677
+ * @param {string} scope scope param which may be missing "openid"
678
+ * @returns {string} scope which most definitely contains "openid"
679
+ */
680
+ function addOpenIdIfAbsent(scope: string): string {
681
+ return scope.match(/\bopenid\b/) ? scope : `openid ${scope}`;
682
+ }
683
+
684
+ /**
685
+ * This error is thrown when the OAuth flow is cancelled because the auth popup
686
+ * window was closed.
687
+ */
688
+ export class OauthCancelledError extends BaseError {
689
+ override name = "OauthCancelledError";
690
+
691
+ /**
692
+ * Constructor for initializing an error indicating that the OAuth flow was
693
+ * cancelled.
694
+ */
695
+ constructor() {
696
+ super("OAuth cancelled");
697
+ }
698
+ }
699
+
700
+ /**
701
+ * This error is thrown when an error occurs during the OAuth login flow.
702
+ */
703
+ export class OauthFailedError extends BaseError {
704
+ override name = "OauthFailedError";
705
+ }
package/src/index.ts CHANGED
@@ -1,6 +1,10 @@
1
1
  export { BaseAlchemySigner } from "./base.js";
2
2
  export { BaseSignerClient } from "./client/base.js";
3
- export { AlchemySignerWebClient } from "./client/index.js";
3
+ export {
4
+ AlchemySignerWebClient,
5
+ OauthCancelledError,
6
+ OauthFailedError,
7
+ } from "./client/index.js";
4
8
  export type * from "./client/types.js";
5
9
  export { DEFAULT_SESSION_MS } from "./session/manager.js";
6
10
  export type * from "./signer.js";
package/src/oauth.ts CHANGED
@@ -1,4 +1,5 @@
1
1
  import { sha256 } from "viem";
2
+ import type { KnownAuthProvider } from "./signer";
2
3
 
3
4
  /**
4
5
  * Turnkey requires the nonce in the id token to be in this format.
@@ -15,14 +16,11 @@ export type ScopeAndClaims = {
15
16
  claims?: string;
16
17
  };
17
18
 
18
- const DEFAULT_SCOPE_AND_CLAIMS: Record<string, ScopeAndClaims> = {
19
+ const DEFAULT_SCOPE_AND_CLAIMS: Record<KnownAuthProvider, ScopeAndClaims> = {
19
20
  google: { scope: "openid email" },
20
21
  apple: { scope: "openid email" },
21
22
  facebook: { scope: "openid email" },
22
- twitch: {
23
- scope: "openid user:read:email",
24
- claims: JSON.stringify({ id_token: { email: null } }),
25
- },
23
+ auth0: { scope: "openid email" },
26
24
  };
27
25
 
28
26
  /**
@@ -32,7 +30,7 @@ const DEFAULT_SCOPE_AND_CLAIMS: Record<string, ScopeAndClaims> = {
32
30
  * @returns {ScopeAndClaims | undefined} default scope and claims
33
31
  */
34
32
  export function getDefaultScopeAndClaims(
35
- knownAuthProviderId: string
33
+ knownAuthProviderId: KnownAuthProvider
36
34
  ): ScopeAndClaims | undefined {
37
35
  return DEFAULT_SCOPE_AND_CLAIMS[knownAuthProviderId];
38
36
  }
package/src/signer.ts CHANGED
@@ -27,19 +27,37 @@ export type AuthParams =
27
27
  }
28
28
  | ({
29
29
  type: "oauth";
30
- authProviderId: string;
31
- isCustomProvider?: boolean;
32
30
  scope?: string;
33
31
  claims?: string;
34
- } & RedirectConfig)
32
+ } & OauthProviderConfig &
33
+ OauthRedirectConfig)
35
34
  | { type: "oauthReturn"; bundle: string; orgId: string };
36
35
 
37
- export type OauthMode = "redirect" | "popup";
36
+ export type OauthProviderConfig =
37
+ | {
38
+ authProviderId: "auth0";
39
+ isCustomProvider?: false;
40
+ auth0Connection?: string;
41
+ }
42
+ | {
43
+ authProviderId: KnownAuthProvider;
44
+ isCustomProvider?: false;
45
+ auth0Connection?: never;
46
+ }
47
+ | {
48
+ authProviderId: string;
49
+ isCustomProvider: true;
50
+ auth0Connection?: never;
51
+ };
38
52
 
39
- export type RedirectConfig =
53
+ export type OauthRedirectConfig =
40
54
  | { mode: "redirect"; redirectUrl: string }
41
55
  | { mode: "popup"; redirectUrl?: never };
42
56
 
57
+ export type KnownAuthProvider = "google" | "apple" | "facebook" | "auth0";
58
+
59
+ export type OauthMode = "redirect" | "popup";
60
+
43
61
  export const AlchemySignerParamsSchema = z
44
62
  .object({
45
63
  client: z
package/src/version.ts CHANGED
@@ -1,3 +1,3 @@
1
1
  // This file is autogenerated by inject-version.ts. Any changes will be
2
2
  // overwritten on commit!
3
- export const VERSION = "4.0.0-beta.5";
3
+ export const VERSION = "4.0.0-beta.8";