@account-kit/signer 4.16.1-alpha.3 → 4.17.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@account-kit/signer",
-  "version": "4.16.1-alpha.3",
+  "version": "4.17.0",
   "description": "Core interfaces and clients for interfacing with the Alchemy Signer API",
   "author": "Alchemy",
   "license": "MIT",
@@ -49,8 +49,8 @@
     "vitest": "^2.0.4"
   },
   "dependencies": {
-    "@aa-sdk/core": "^4.16.1-alpha.3",
-    "@account-kit/logging": "^4.16.1-alpha.3",
+    "@aa-sdk/core": "^4.17.0",
+    "@account-kit/logging": "^4.17.0",
     "@solana/web3.js": "^1.98.0",
     "@turnkey/http": "^2.6.2",
     "@turnkey/iframe-stamper": "^1.0.0",
@@ -74,5 +74,5 @@
     "url": "https://github.com/alchemyplatform/aa-sdk/issues"
   },
   "homepage": "https://github.com/alchemyplatform/aa-sdk#readme",
-  "gitHead": "156dbc81d12e9f120f8123df6b4fec8a41f41e7a"
+  "gitHead": "680b0acb112f02deaa1fa4e8b253ac3800c06cb2"
 }

package/src/base.ts

@@ -21,14 +21,7 @@ import type { Mutate, StoreApi } from "zustand";
 import { subscribeWithSelector } from "zustand/middleware";
 import { createStore } from "zustand/vanilla";
 import type { BaseSignerClient } from "./client/base";
-import type {
-  EmailType,
-  MfaFactor,
-  OauthConfig,
-  OauthParams,
-  User,
-  VerifyMfaParams,
-} from "./client/types";
+import type { OauthConfig, OauthParams, User } from "./client/types";
 import { NotAuthenticatedError } from "./errors.js";
 import { SignerLogger } from "./metrics.js";
 import {
@@ -58,10 +51,6 @@ type AlchemySignerStore = {
   error: ErrorInfo | null;
   otpId?: string;
   isNewUser?: boolean;
-  mfaStatus: {
-    mfaRequired: boolean;
-    mfaFactorId?: string;
-  };
 };
 
 type UnpackedSignature = {
@@ -75,6 +64,14 @@ type InternalStore = Mutate<
   [["zustand/subscribeWithSelector", never]]
 >;
 
+export type EmailConfig = {
+  mode?: "MAGIC_LINK" | "OTP";
+};
+
+export type SignerConfig = {
+  email: EmailConfig;
+};
+
 /**
  * Base abstract class for Alchemy Signer, providing authentication and session management for smart accounts.
  * Implements the `SmartAccountAuthenticator` interface and handles various signer events.
@@ -86,6 +83,7 @@ export abstract class BaseAlchemySigner<TClient extends BaseSignerClient>
   inner: TClient;
   private sessionManager: SessionManager;
   private store: InternalStore;
+  private config: Promise<SignerConfig>;
 
   /**
    * Initializes an instance with the provided client and session configuration.
@@ -110,10 +108,6 @@ export abstract class BaseAlchemySigner<TClient extends BaseSignerClient>
             user: null,
             status: AlchemySignerStatus.INITIALIZING,
             error: initialError ?? null,
-            mfaStatus: {
-              mfaRequired: false,
-              mfaFactorId: undefined,
-            },
           } satisfies AlchemySignerStore)
       )
     );
@@ -128,6 +122,7 @@ export abstract class BaseAlchemySigner<TClient extends BaseSignerClient>
     this.registerListeners();
     // then initialize so that we can catch those events
     this.sessionManager.initialize();
+    this.config = this.fetchConfig();
   }
 
   /**
@@ -186,13 +181,6 @@ export abstract class BaseAlchemySigner<TClient extends BaseSignerClient>
           },
           { fireImmediately: true }
         );
-      case "mfaStatusChanged":
-        return this.store.subscribe(
-          ({ mfaStatus }) => mfaStatus,
-          (mfaStatus) =>
-            (listener as AlchemySignerEvents["mfaStatusChanged"])(mfaStatus),
-          { fireImmediately: true }
-        );
       default:
         assertNever(event, `Unknown event type ${event}`);
     }
@@ -602,39 +590,6 @@ export abstract class BaseAlchemySigner<TClient extends BaseSignerClient>
     }
   );
 
-  /**
-   * Gets the current MFA status
-   *
-   * @example
-   * ```ts
-   * import { AlchemyWebSigner } from "@account-kit/signer";
-   *
-   * const signer = new AlchemyWebSigner({
-   *  client: {
-   *    connection: {
-   *      rpcUrl: "/api/rpc",
-   *    },
-   *    iframeConfig: {
-   *      iframeContainerId: "alchemy-signer-iframe-container",
-   *    },
-   *  },
-   * });
-   *
-   * const mfaStatus = signer.getMfaStatus();
-   * if (mfaStatus === AlchemyMfaStatus.REQUIRED) {
-   *   // Handle MFA requirement
-   * }
-   * ```
-   *
-   * @returns {{ mfaRequired: boolean; mfaFactorId?: string }} The current MFA status
-   */
-  getMfaStatus = (): {
-    mfaRequired: boolean;
-    mfaFactorId?: string;
-  } => {
-    return this.store.getState().mfaStatus;
-  };
-
   private unpackSignRawMessageBytes = (
     hex: `0x${string}`
   ): UnpackedSignature => {
@@ -824,48 +779,70 @@ export abstract class BaseAlchemySigner<TClient extends BaseSignerClient>
   private authenticateWithEmail = async (
     params: Extract<AuthParams, { type: "email" }>
   ): Promise<User> => {
-    if ("bundle" in params) {
-      return this.completeEmailAuth(params);
-    }
+    if ("email" in params) {
+      const existingUser = await this.getUser(params.email);
+      const expirationSeconds = this.getExpirationSeconds();
+
+      const { orgId, otpId } = existingUser
+        ? await this.inner.initEmailAuth({
+            email: params.email,
+            emailMode: params.emailMode,
+            expirationSeconds,
+            redirectParams: params.redirectParams,
+          })
+        : await this.inner.createAccount({
+            type: "email",
+            email: params.email,
+            emailMode: params.emailMode,
+            expirationSeconds,
+            redirectParams: params.redirectParams,
+          });
 
-    if (!("email" in params)) {
-      throw new Error("Email is required");
-    }
+      this.sessionManager.setTemporarySession({
+        orgId,
+        isNewUser: !existingUser,
+      });
+      this.store.setState({
+        status: AlchemySignerStatus.AWAITING_EMAIL_AUTH,
+        otpId,
+        error: null,
+      });
 
-    const { orgId, otpId, multiFactors, isNewUser } =
-      await this.initOrCreateEmailUser(
-        params.email,
-        params.emailMode ?? "otp",
-        params.multiFactors,
-        params.redirectParams
-      );
+      // We wait for the session manager to emit a connected event if
+      // cross tab sessions are permitted
+      return new Promise<User>((resolve) => {
+        const removeListener = this.sessionManager.on(
+          "connected",
+          (session) => {
+            resolve(session.user);
+            removeListener();
+          }
+        );
+      });
+    } else {
+      const temporarySession = params.orgId
+        ? { orgId: params.orgId }
+        : this.sessionManager.getTemporarySession();
 
-    const isMfaRequired = multiFactors ? multiFactors?.length > 0 : false;
+      if (!temporarySession) {
+        this.store.setState({
+          status: AlchemySignerStatus.DISCONNECTED,
+        });
+        throw new Error("Could not find email auth init session!");
+      }
 
-    this.sessionManager.setTemporarySession({
-      orgId,
-      isNewUser,
-      isMfaRequired,
-    });
+      const user = await this.inner.completeAuthWithBundle({
+        bundle: params.bundle,
+        orgId: temporarySession.orgId,
+        connectedEventName: "connectedEmail",
+        authenticatingType: "email",
+      });
 
-    this.store.setState({
-      status: AlchemySignerStatus.AWAITING_EMAIL_AUTH,
-      otpId,
-      error: null,
-      mfaStatus: {
-        mfaRequired: isMfaRequired,
-        mfaFactorId: multiFactors?.[0]?.multiFactorId,
-      },
-    });
+      // fire new user event
+      this.emitNewUserEvent(params.isNewUser);
 
-    // We wait for the session manager to emit a connected event if
-    // cross tab sessions are permitted
-    return new Promise<User>((resolve) => {
-      const removeListener = this.sessionManager.on("connected", (session) => {
-        resolve(session.user);
-        removeListener();
-      });
-    });
+      return user;
+    }
   };
 
   private authenticateWithPasskey = async (
@@ -926,7 +903,7 @@ export abstract class BaseAlchemySigner<TClient extends BaseSignerClient>
     args: Extract<AuthParams, { type: "otp" }>
   ): Promise<User> => {
     const tempSession = this.sessionManager.getTemporarySession();
-    const { orgId, isNewUser, isMfaRequired } = tempSession ?? {};
+    const { orgId, isNewUser } = tempSession ?? {};
     const { otpId } = this.store.getState();
     if (!orgId) {
       throw new Error("orgId not found in session");
@@ -934,16 +911,11 @@ export abstract class BaseAlchemySigner<TClient extends BaseSignerClient>
     if (!otpId) {
       throw new Error("otpId not found in session");
     }
-    if (isMfaRequired && !args.multiFactors) {
-      throw new Error(`MFA is required.`);
-    }
-
     const { bundle } = await this.inner.submitOtpCode({
       orgId,
       otpId,
       otpCode: args.otpCode,
       expirationSeconds: this.getExpirationSeconds(),
-      multiFactors: args.multiFactors,
     });
     const user = await this.inner.completeAuthWithBundle({
       bundle,
@@ -1050,78 +1022,27 @@ export abstract class BaseAlchemySigner<TClient extends BaseSignerClient>
     if (isNewUser) this.store.setState({ isNewUser });
   };
 
-  private async initOrCreateEmailUser(
-    email: string,
-    emailMode: EmailType,
-    multiFactors?: VerifyMfaParams[],
-    redirectParams?: URLSearchParams
-  ): Promise<{
-    orgId: string;
-    otpId?: string;
-    multiFactors?: MfaFactor[];
-    isNewUser: boolean;
-  }> {
-    const existingUser = await this.getUser(email);
-    const expirationSeconds = this.getExpirationSeconds();
-
-    if (existingUser) {
-      const {
-        orgId,
-        otpId,
-        multiFactors: mfaFactors,
-      } = await this.inner.initEmailAuth({
-        email: email,
-        emailMode: emailMode,
-        expirationSeconds,
-        redirectParams: redirectParams,
-        multiFactors,
-      });
-      return {
-        orgId,
-        otpId,
-        multiFactors: mfaFactors,
-        isNewUser: false,
-      };
-    }
-
-    const { orgId, otpId } = await this.inner.createAccount({
-      type: "email",
-      email,
-      emailMode,
-      expirationSeconds,
-      redirectParams,
-    });
-    return {
-      orgId,
-      otpId,
-      isNewUser: true,
-    };
-  }
-
-  private async completeEmailAuth(
-    params: Extract<AuthParams, { type: "email"; bundle: string }>
-  ): Promise<User> {
-    const temporarySession = params.orgId
-      ? { orgId: params.orgId }
-      : this.sessionManager.getTemporarySession();
+  protected initConfig = async (): Promise<SignerConfig> => {
+    this.config = this.fetchConfig();
+    return this.config;
+  };
 
-    if (!temporarySession) {
-      this.store.setState({ status: AlchemySignerStatus.DISCONNECTED });
-      throw new Error("Could not find email auth init session!");
+  /**
+   * Returns the signer configuration while fetching it if it's not already initialized.
+   *
+   * @returns {Promise<SignerConfig>} A promise that resolves to the signer configuration
+   */
+  public getConfig = async (): Promise<SignerConfig> => {
+    if (!this.config) {
+      return this.initConfig();
     }
 
-    const user = await this.inner.completeAuthWithBundle({
-      bundle: params.bundle,
-      orgId: temporarySession.orgId,
-      connectedEventName: "connectedEmail",
-      authenticatingType: "email",
-    });
-
-    // fire new user event
-    this.emitNewUserEvent(params.isNewUser);
+    return this.config;
+  };
 
-    return user;
-  }
+  protected fetchConfig = async (): Promise<SignerConfig> => {
+    return this.inner.request("/v1/signer-config", {});
+  };
 }
 
 function toErrorInfo(error: unknown): ErrorInfo {

package/src/client/base.ts

@@ -14,13 +14,9 @@ import type {
   AlchemySignerClientEvents,
   AuthenticatingEventMetadata,
   CreateAccountParams,
-  RemoveMfaParams,
   EmailAuthParams,
-  EnableMfaParams,
-  EnableMfaResult,
   GetOauthProviderUrlArgs,
   GetWebAuthnAttestationResult,
-  MfaFactor,
   OauthConfig,
   OauthParams,
   OauthState,
@@ -30,7 +26,6 @@ import type {
   SignerRoutes,
   SignupResponse,
   User,
-  VerifyMfaParams,
 } from "./types.js";
 
 export interface BaseSignerClientParams {
@@ -136,44 +131,7 @@ export abstract class BaseSignerClient<TExportWalletParams = unknown> {
 
   public abstract initEmailAuth(
     params: Omit<EmailAuthParams, "targetPublicKey">
-  ): Promise<{ orgId: string; otpId?: string; multiFactors?: MfaFactor[] }>;
-
-  /**
-   * Retrieves the list of MFA factors configured for the current user.
-   *
-   * @returns {Promise<{ multiFactors: Array<MfaFactor> }>} A promise that resolves to an array of configured MFA factors
-   */
-  public abstract getMfaFactors(): Promise<{
-    multiFactors: MfaFactor[];
-  }>;
-
-  /**
-   * Initiates the setup of a new MFA factor for the current user. Mfa will need to be verified before it is active.
-   *
-   * @param {EnableMfaParams} params The parameters required to enable a new MFA factor
-   * @returns {Promise<EnableMfaResult>} A promise that resolves to the factor setup information
-   */
-  public abstract addMfa(params: EnableMfaParams): Promise<EnableMfaResult>;
-
-  /**
-   * Verifies a newly created MFA factor to complete the setup process.
-   *
-   * @param {VerifyMfaParams} params The parameters required to verify the MFA factor
-   * @returns {Promise<{ multiFactors: MfaFactor[] }>} A promise that resolves to the updated list of MFA factors
-   */
-  public abstract verifyMfa(params: VerifyMfaParams): Promise<{
-    multiFactors: MfaFactor[];
-  }>;
-
-  /**
-   * Removes existing MFA factors by ID or factor type.
-   *
-   * @param {RemoveMfaParams} params The parameters specifying which factors to disable
-   * @returns {Promise<{ multiFactors: MfaFactor[] }>} A promise that resolves to the updated list of MFA factors
-   */
-  public abstract removeMfa(params: RemoveMfaParams): Promise<{
-    multiFactors: MfaFactor[];
-  }>;
+  ): Promise<{ orgId: string; otpId?: string }>;
 
   public abstract completeAuthWithBundle(params: {
     bundle: string;

package/src/client/index.ts

@@ -17,23 +17,9 @@ import type {
   OauthConfig,
   OtpParams,
   User,
-  MfaFactor,
-  EnableMfaParams,
-  EnableMfaResult,
-  VerifyMfaParams,
-  RemoveMfaParams,
 } from "./types.js";
-import { MfaRequiredError, NotAuthenticatedError } from "../errors.js";
-import { parseMfaError } from "../utils/parseMfaError.js";
 
 const CHECK_CLOSE_INTERVAL = 500;
-const MFA_PAYLOAD = {
-  GET: "get_mfa",
-  ADD: "add_mfa",
-  DELETE: "delete_mfas",
-  VERIFY: "verify_mfa",
-  LIST: "list_mfas",
-};
 
 export const AlchemySignerClientParamsSchema = z.object({
   connection: ConnectionConfigSchema,
@@ -212,25 +198,13 @@ export class AlchemySignerWebClient extends BaseSignerClient<ExportWalletParams>
     const { email, emailMode, expirationSeconds } = params;
     const publicKey = await this.initIframeStamper();
 
-    try {
-      return await this.request("/v1/auth", {
-        email,
-        emailMode,
-        targetPublicKey: publicKey,
-        expirationSeconds,
-        redirectParams: params.redirectParams?.toString(),
-        multiFactors: params.multiFactors,
-      });
-    } catch (error) {
-      const multiFactors = parseMfaError(error);
-
-      // If MFA is required, and emailMode is Magic Link, the user must submit mfa with the request or
-      // the the server will return an error with the required mfa factors.
-      if (multiFactors) {
-        throw new MfaRequiredError(multiFactors);
-      }
-      throw error;
-    }
+    return this.request("/v1/auth", {
+      email,
+      emailMode,
+      targetPublicKey: publicKey,
+      expirationSeconds,
+      redirectParams: params.redirectParams?.toString(),
+    });
   };
 
   /**
@@ -268,12 +242,6 @@ export class AlchemySignerWebClient extends BaseSignerClient<ExportWalletParams>
       ...args,
       targetPublicKey,
     });
-
-    if (!credentialBundle) {
-      throw new Error(
-        "Failed to submit OTP code. Check if multiFactor is required."
-      );
-    }
     return { bundle: credentialBundle };
   }
 
@@ -702,141 +670,6 @@ export class AlchemySignerWebClient extends BaseSignerClient<ExportWalletParams>
     const nonce = this.getOauthNonce(publicKey);
     return this.request("/v1/prepare-oauth", { nonce });
   };
-
-  /**
-   * Retrieves the list of MFA factors configured for the current user.
-   *
-   * @returns {Promise<{ multiFactors: MfaFactor[] }>} A promise that resolves to an array of configured MFA factors
-   * @throws {NotAuthenticatedError} If no user is authenticated
-   */
-  public override getMfaFactors = async (): Promise<{
-    multiFactors: MfaFactor[];
-  }> => {
-    if (!this.user) {
-      throw new NotAuthenticatedError();
-    }
-
-    const stampedRequest = await this.turnkeyClient.stampSignRawPayload({
-      organizationId: this.user.orgId,
-      type: "ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2",
-      timestampMs: Date.now().toString(),
-      parameters: {
-        encoding: "PAYLOAD_ENCODING_HEXADECIMAL",
-        hashFunction: "HASH_FUNCTION_NO_OP",
-        payload: MFA_PAYLOAD.LIST,
-        signWith: this.user.address,
-      },
-    });
-
-    return this.request("/v1/auth-list-multi-factors", {
-      stampedRequest,
-    });
-  };
-
-  /**
-   * Initiates the setup of a new MFA factor for the current user. Mfa will need to be verified before it is active.
-   *
-   * @param {EnableMfaParams} params The parameters required to enable a new MFA factor
-   * @returns {Promise<EnableMfaResult>} A promise that resolves to the factor setup information
-   * @throws {NotAuthenticatedError} If no user is authenticated
-   * @throws {Error} If an unsupported factor type is provided
-   */
-  public override addMfa = async (
-    params: EnableMfaParams
-  ): Promise<EnableMfaResult> => {
-    if (!this.user) {
-      throw new NotAuthenticatedError();
-    }
-
-    const stampedRequest = await this.turnkeyClient.stampSignRawPayload({
-      organizationId: this.user.orgId,
-      type: "ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2",
-      timestampMs: Date.now().toString(),
-      parameters: {
-        encoding: "PAYLOAD_ENCODING_HEXADECIMAL",
-        hashFunction: "HASH_FUNCTION_NO_OP",
-        payload: MFA_PAYLOAD.ADD,
-        signWith: this.user.address,
-      },
-    });
-
-    switch (params.multiFactorType) {
-      case "totp":
-        return this.request("/v1/auth-request-multi-factor", {
-          stampedRequest,
-          multiFactorType: params.multiFactorType,
-        });
-      default:
-        throw new Error(
-          `Unsupported MFA factor type: ${params.multiFactorType}`
-        );
-    }
-  };
-
-  /**
-   * Verifies a newly created MFA factor to complete the setup process.
-   *
-   * @param {VerifyMfaParams} params The parameters required to verify the MFA factor
-   * @returns {Promise<{ multiFactors: MfaFactor[] }>} A promise that resolves to the updated list of MFA factors
-   * @throws {NotAuthenticatedError} If no user is authenticated
-   */
-  public override verifyMfa = async (
-    params: VerifyMfaParams
-  ): Promise<{ multiFactors: MfaFactor[] }> => {
-    if (!this.user) {
-      throw new NotAuthenticatedError();
-    }
-
-    const stampedRequest = await this.turnkeyClient.stampSignRawPayload({
-      organizationId: this.user.orgId,
-      type: "ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2",
-      timestampMs: Date.now().toString(),
-      parameters: {
-        encoding: "PAYLOAD_ENCODING_HEXADECIMAL",
-        hashFunction: "HASH_FUNCTION_NO_OP",
-        payload: MFA_PAYLOAD.VERIFY,
-        signWith: this.user.address,
-      },
-    });
-
-    return this.request("/v1/auth-verify-multi-factor", {
-      stampedRequest,
-      multiFactorId: params.multiFactorId,
-      multiFactorCode: params.multiFactorCode,
-    });
-  };
-
-  /**
-   * Removes existing MFA factors by ID.
-   *
-   * @param {RemoveMfaParams} params The parameters specifying which factors to disable
-   * @returns {Promise<{ multiFactors: MfaFactor[] }>} A promise that resolves to the updated list of MFA factors
-   * @throws {NotAuthenticatedError} If no user is authenticated
-   */
-  public override removeMfa = async (
-    params: RemoveMfaParams
-  ): Promise<{ multiFactors: MfaFactor[] }> => {
-    if (!this.user) {
-      throw new NotAuthenticatedError();
-    }
-
-    const stampedRequest = await this.turnkeyClient.stampSignRawPayload({
-      organizationId: this.user.orgId,
-      type: "ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2",
-      timestampMs: Date.now().toString(),
-      parameters: {
-        encoding: "PAYLOAD_ENCODING_HEXADECIMAL",
-        hashFunction: "HASH_FUNCTION_NO_OP",
-        payload: MFA_PAYLOAD.DELETE,
-        signWith: this.user.address,
-      },
-    });
-
-    return this.request("/v1/auth-delete-multi-factors", {
-      stampedRequest,
-      multiFactorIds: params.multiFactorIds,
-    });
-  };
 }
 
 /**