@account-kit/signer 4.16.1-alpha.3 → 4.18.0-alpha.3

package/dist/esm/client/index.d.ts

@@ -2,7 +2,7 @@ import { BaseError } from "@aa-sdk/core";
 import { z } from "zod";
 import type { AuthParams } from "../signer.js";
 import { BaseSignerClient } from "./base.js";
-import type { AlchemySignerClientEvents, AuthenticatingEventMetadata, CreateAccountParams, CredentialCreationOptionOverrides, EmailAuthParams, ExportWalletParams, OauthConfig, OtpParams, User, MfaFactor, EnableMfaParams, EnableMfaResult, VerifyMfaParams, RemoveMfaParams } from "./types.js";
+import type { AlchemySignerClientEvents, AuthenticatingEventMetadata, CreateAccountParams, CredentialCreationOptionOverrides, EmailAuthParams, ExportWalletParams, JwtParams, OauthConfig, OtpParams, JwtResponse, User } from "./types.js";
 export declare const AlchemySignerClientParamsSchema: z.ZodObject<{
     connection: z.ZodUnion<[z.ZodObject<{
         rpcUrl: z.ZodOptional<z.ZodNever>;
@@ -203,7 +203,6 @@ export declare class AlchemySignerWebClient extends BaseSignerClient<ExportWalle
     initEmailAuth: (params: Omit<EmailAuthParams, "targetPublicKey">) => Promise<{
         orgId: string;
         otpId?: string | undefined;
-        multiFactors?: MfaFactor[] | undefined;
     }>;
     /**
      * Authenticates using an OTP code which was previously received via email.
@@ -234,6 +233,32 @@ export declare class AlchemySignerWebClient extends BaseSignerClient<ExportWalle
     submitOtpCode(args: Omit<OtpParams, "targetPublicKey">): Promise<{
         bundle: string;
     }>;
+    /**
+     * Authenticates using a custom issued JWT
+     *
+     * @example
+     * ```ts
+     * import { AlchemySignerWebClient } from "@account-kit/signer";
+     *
+     * const client = new AlchemySignerWebClient({
+     *  connection: {
+     *    apiKey: "your-api-key",
+     *  },
+     *  iframeConfig: {
+     *   iframeContainerId: "signer-iframe-container",
+     *  },
+     * });
+     *
+     * const account = await client.submitJwt({
+     *   jwt: "custom-issued-jwt",
+     *   authProvider: "auth-provider-name",
+     * });
+     * ```
+     *
+     * @param {Omit<JwtParams, "targetPublicKey">} args The parameters for the JWT request, excluding the target public key.
+     * @returns {Promise<{ bundle: string }>} A promise that resolves to an object containing the credential bundle.
+     */
+    submitJwt(args: Omit<JwtParams, "targetPublicKey">): Promise<JwtResponse>;
     /**
      * Completes auth for the user by injecting a credential bundle and retrieving
      * the user information based on the provided organization ID. Emits events
@@ -439,44 +464,6 @@ export declare class AlchemySignerWebClient extends BaseSignerClient<ExportWalle
         };
     }>;
     protected getOauthConfig: () => Promise<OauthConfig>;
-    /**
-     * Retrieves the list of MFA factors configured for the current user.
-     *
-     * @returns {Promise<{ multiFactors: MfaFactor[] }>} A promise that resolves to an array of configured MFA factors
-     * @throws {NotAuthenticatedError} If no user is authenticated
-     */
-    getMfaFactors: () => Promise<{
-        multiFactors: MfaFactor[];
-    }>;
-    /**
-     * Initiates the setup of a new MFA factor for the current user. Mfa will need to be verified before it is active.
-     *
-     * @param {EnableMfaParams} params The parameters required to enable a new MFA factor
-     * @returns {Promise<EnableMfaResult>} A promise that resolves to the factor setup information
-     * @throws {NotAuthenticatedError} If no user is authenticated
-     * @throws {Error} If an unsupported factor type is provided
-     */
-    addMfa: (params: EnableMfaParams) => Promise<EnableMfaResult>;
-    /**
-     * Verifies a newly created MFA factor to complete the setup process.
-     *
-     * @param {VerifyMfaParams} params The parameters required to verify the MFA factor
-     * @returns {Promise<{ multiFactors: MfaFactor[] }>} A promise that resolves to the updated list of MFA factors
-     * @throws {NotAuthenticatedError} If no user is authenticated
-     */
-    verifyMfa: (params: VerifyMfaParams) => Promise<{
-        multiFactors: MfaFactor[];
-    }>;
-    /**
-     * Removes existing MFA factors by ID.
-     *
-     * @param {RemoveMfaParams} params The parameters specifying which factors to disable
-     * @returns {Promise<{ multiFactors: MfaFactor[] }>} A promise that resolves to the updated list of MFA factors
-     * @throws {NotAuthenticatedError} If no user is authenticated
-     */
-    removeMfa: (params: RemoveMfaParams) => Promise<{
-        multiFactors: MfaFactor[];
-    }>;
 }
 /**
  * This error is thrown when the OAuth flow is cancelled because the auth popup

package/dist/esm/client/index.js

@@ -6,16 +6,7 @@ import { z } from "zod";
 import { base64UrlEncode } from "../utils/base64UrlEncode.js";
 import { generateRandomBuffer } from "../utils/generateRandomBuffer.js";
 import { BaseSignerClient } from "./base.js";
-import { MfaRequiredError, NotAuthenticatedError } from "../errors.js";
-import { parseMfaError } from "../utils/parseMfaError.js";
 const CHECK_CLOSE_INTERVAL = 500;
-const MFA_PAYLOAD = {
-    GET: "get_mfa",
-    ADD: "add_mfa",
-    DELETE: "delete_mfas",
-    VERIFY: "verify_mfa",
-    LIST: "list_mfas",
-};
 export const AlchemySignerClientParamsSchema = z.object({
     connection: ConnectionConfigSchema,
     iframeConfig: z.object({
@@ -189,25 +180,13 @@ export class AlchemySignerWebClient extends BaseSignerClient {
                 this.eventEmitter.emit("authenticating", { type: "otp" });
                 const { email, emailMode, expirationSeconds } = params;
                 const publicKey = await this.initIframeStamper();
-                try {
-                    return await this.request("/v1/auth", {
-                        email,
-                        emailMode,
-                        targetPublicKey: publicKey,
-                        expirationSeconds,
-                        redirectParams: params.redirectParams?.toString(),
-                        multiFactors: params.multiFactors,
-                    });
-                }
-                catch (error) {
-                    const multiFactors = parseMfaError(error);
-                    // If MFA is required, and emailMode is Magic Link, the user must submit mfa with the request or
-                    // the the server will return an error with the required mfa factors.
-                    if (multiFactors) {
-                        throw new MfaRequiredError(multiFactors);
-                    }
-                    throw error;
-                }
+                return this.request("/v1/auth", {
+                    email,
+                    emailMode,
+                    targetPublicKey: publicKey,
+                    expirationSeconds,
+                    redirectParams: params.redirectParams?.toString(),
+                });
             }
         });
         /**
@@ -624,139 +603,6 @@ export class AlchemySignerWebClient extends BaseSignerClient {
                 return this.request("/v1/prepare-oauth", { nonce });
             }
         });
-        /**
-         * Retrieves the list of MFA factors configured for the current user.
-         *
-         * @returns {Promise<{ multiFactors: MfaFactor[] }>} A promise that resolves to an array of configured MFA factors
-         * @throws {NotAuthenticatedError} If no user is authenticated
-         */
-        Object.defineProperty(this, "getMfaFactors", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: async () => {
-                if (!this.user) {
-                    throw new NotAuthenticatedError();
-                }
-                const stampedRequest = await this.turnkeyClient.stampSignRawPayload({
-                    organizationId: this.user.orgId,
-                    type: "ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2",
-                    timestampMs: Date.now().toString(),
-                    parameters: {
-                        encoding: "PAYLOAD_ENCODING_HEXADECIMAL",
-                        hashFunction: "HASH_FUNCTION_NO_OP",
-                        payload: MFA_PAYLOAD.LIST,
-                        signWith: this.user.address,
-                    },
-                });
-                return this.request("/v1/auth-list-multi-factors", {
-                    stampedRequest,
-                });
-            }
-        });
-        /**
-         * Initiates the setup of a new MFA factor for the current user. Mfa will need to be verified before it is active.
-         *
-         * @param {EnableMfaParams} params The parameters required to enable a new MFA factor
-         * @returns {Promise<EnableMfaResult>} A promise that resolves to the factor setup information
-         * @throws {NotAuthenticatedError} If no user is authenticated
-         * @throws {Error} If an unsupported factor type is provided
-         */
-        Object.defineProperty(this, "addMfa", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: async (params) => {
-                if (!this.user) {
-                    throw new NotAuthenticatedError();
-                }
-                const stampedRequest = await this.turnkeyClient.stampSignRawPayload({
-                    organizationId: this.user.orgId,
-                    type: "ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2",
-                    timestampMs: Date.now().toString(),
-                    parameters: {
-                        encoding: "PAYLOAD_ENCODING_HEXADECIMAL",
-                        hashFunction: "HASH_FUNCTION_NO_OP",
-                        payload: MFA_PAYLOAD.ADD,
-                        signWith: this.user.address,
-                    },
-                });
-                switch (params.multiFactorType) {
-                    case "totp":
-                        return this.request("/v1/auth-request-multi-factor", {
-                            stampedRequest,
-                            multiFactorType: params.multiFactorType,
-                        });
-                    default:
-                        throw new Error(`Unsupported MFA factor type: ${params.multiFactorType}`);
-                }
-            }
-        });
-        /**
-         * Verifies a newly created MFA factor to complete the setup process.
-         *
-         * @param {VerifyMfaParams} params The parameters required to verify the MFA factor
-         * @returns {Promise<{ multiFactors: MfaFactor[] }>} A promise that resolves to the updated list of MFA factors
-         * @throws {NotAuthenticatedError} If no user is authenticated
-         */
-        Object.defineProperty(this, "verifyMfa", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: async (params) => {
-                if (!this.user) {
-                    throw new NotAuthenticatedError();
-                }
-                const stampedRequest = await this.turnkeyClient.stampSignRawPayload({
-                    organizationId: this.user.orgId,
-                    type: "ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2",
-                    timestampMs: Date.now().toString(),
-                    parameters: {
-                        encoding: "PAYLOAD_ENCODING_HEXADECIMAL",
-                        hashFunction: "HASH_FUNCTION_NO_OP",
-                        payload: MFA_PAYLOAD.VERIFY,
-                        signWith: this.user.address,
-                    },
-                });
-                return this.request("/v1/auth-verify-multi-factor", {
-                    stampedRequest,
-                    multiFactorId: params.multiFactorId,
-                    multiFactorCode: params.multiFactorCode,
-                });
-            }
-        });
-        /**
-         * Removes existing MFA factors by ID.
-         *
-         * @param {RemoveMfaParams} params The parameters specifying which factors to disable
-         * @returns {Promise<{ multiFactors: MfaFactor[] }>} A promise that resolves to the updated list of MFA factors
-         * @throws {NotAuthenticatedError} If no user is authenticated
-         */
-        Object.defineProperty(this, "removeMfa", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: async (params) => {
-                if (!this.user) {
-                    throw new NotAuthenticatedError();
-                }
-                const stampedRequest = await this.turnkeyClient.stampSignRawPayload({
-                    organizationId: this.user.orgId,
-                    type: "ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2",
-                    timestampMs: Date.now().toString(),
-                    parameters: {
-                        encoding: "PAYLOAD_ENCODING_HEXADECIMAL",
-                        hashFunction: "HASH_FUNCTION_NO_OP",
-                        payload: MFA_PAYLOAD.DELETE,
-                        signWith: this.user.address,
-                    },
-                });
-                return this.request("/v1/auth-delete-multi-factors", {
-                    stampedRequest,
-                    multiFactorIds: params.multiFactorIds,
-                });
-            }
-        });
         this.iframeStamper = iframeStamper;
         this.iframeContainerId = iframeConfig.iframeContainerId;
         this.webauthnStamper = new WebauthnStamper({
@@ -797,11 +643,42 @@ export class AlchemySignerWebClient extends BaseSignerClient {
             ...args,
             targetPublicKey,
         });
-        if (!credentialBundle) {
-            throw new Error("Failed to submit OTP code. Check if multiFactor is required.");
-        }
         return { bundle: credentialBundle };
     }
+    /**
+     * Authenticates using a custom issued JWT
+     *
+     * @example
+     * ```ts
+     * import { AlchemySignerWebClient } from "@account-kit/signer";
+     *
+     * const client = new AlchemySignerWebClient({
+     *  connection: {
+     *    apiKey: "your-api-key",
+     *  },
+     *  iframeConfig: {
+     *   iframeContainerId: "signer-iframe-container",
+     *  },
+     * });
+     *
+     * const account = await client.submitJwt({
+     *   jwt: "custom-issued-jwt",
+     *   authProvider: "auth-provider-name",
+     * });
+     * ```
+     *
+     * @param {Omit<JwtParams, "targetPublicKey">} args The parameters for the JWT request, excluding the target public key.
+     * @returns {Promise<{ bundle: string }>} A promise that resolves to an object containing the credential bundle.
+     */
+    async submitJwt(args) {
+        this.eventEmitter.emit("authenticating", { type: "custom-jwt" });
+        const targetPublicKey = await this.initIframeStamper();
+        return this.request("/v1/auth-jwt", {
+            jwt: args.jwt,
+            targetPublicKey,
+            authProvider: args.authProvider,
+        });
+    }
 }
 /**
  * This error is thrown when the OAuth flow is cancelled because the auth popup

package/dist/esm/client/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/client/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AACjE,OAAO,EAAE,sBAAsB,EAAE,MAAM,eAAe,CAAC;AACvD,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAC5D,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,kCAAkC,CAAC;AACxE,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAiB7C,OAAO,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AACvE,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAE1D,MAAM,oBAAoB,GAAG,GAAG,CAAC;AACjC,MAAM,WAAW,GAAG;IAClB,GAAG,EAAE,SAAS;IACd,GAAG,EAAE,SAAS;IACd,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,YAAY;IACpB,IAAI,EAAE,WAAW;CAClB,CAAC;AAEF,MAAM,CAAC,MAAM,+BAA+B,GAAG,CAAC,CAAC,MAAM,CAAC;IACtD,UAAU,EAAE,sBAAsB;IAClC,YAAY,EAAE,CAAC,CAAC,MAAM,CAAC;QACrB,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,gBAAgB,CAAC;QACrD,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE;KAC9B,CAAC;IACF,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,SAAS,EAAE,CAAC;SACT,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,OAAO,CAAC,sCAAsC,CAAC;IAClD,gBAAgB,EAAE,CAAC;SAChB,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,OAAO,CAAC,qCAAqC,CAAC;IACjD,gBAAgB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;CACxD,CAAC,CAAC;AAMH;;;GAGG;AACH,MAAM,OAAO,sBAAuB,SAAQ,gBAAoC;IAM9E;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACH,YAAY,MAAiC;QAC3C,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,IAAI,EAAE,SAAS,EAAE,gBAAgB,EAAE,GACnE,+BAA+B,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAEhD,MAAM,aAAa,GAAG,IAAI,aAAa,CAAC;YACtC,eAAe,EAAE,YAAY,CAAC,eAAe;YAC7C,SAAS,EAAE,0BAA0B;YACrC,eAAe,EAAE,QAAQ,CAAC,cAAc,CAAC,YAAY,CAAC,iBAAiB,CAAC;SACzE,CAAC,CAAC;QAEH,KAAK,CAAC;YACJ,UAAU;YACV,SAAS;YACT,OAAO,EAAE,aAAa;SACvB,CAAC,CAAC;QA1CG;;;;;WAA6B;QAC7B;;;;;WAAiC;QACzC;;;;;WAAyB;QACzB;;;;;WAA0B;QAmD1B;;;;;;;;;;;;;;;;;;;;;WAqBG;QACa;;;;mBAAgB,KAAK,EAAE,MAA2B,EAAE,EAAE;gBACpE,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;oBAC5B,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;oBAC1D,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,iBAAiB,EAAE,GAAG,MAAM,CAAC;oBACvD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;oBAEjD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE;wBAChD,KAAK;wBACL,SAAS;wBACT,eAAe,EAAE,SAAS;wBAC1B,iBAAiB;wBACjB,cAAc,EAAE,MAAM,CAAC,cAAc,EAAE,QAAQ,EAAE;qBAClD,CAAC,CAAC;oBAEH,OAAO,QAAQ,CAAC;gBAClB,CAAC;gBAED,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;gBAC9D,gCAAgC;gBAChC,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAClE,MAAM,CAAC,YAAY,EACnB,EAAE,QAAQ,EAAE,OAAO,IAAI,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,EAAE,CACjE,CAAC;gBAEF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE;oBAC9C,OAAO,EAAE;wBACP,SAAS,EAAE,eAAe,CAAC,SAAS,CAAC;wBACrC,WAAW;qBACZ;oBACD,KAAK,EAAE,OAAO,IAAI,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;iBACpD,CAAC,CAAC;gBAEH,IAAI,CAAC,IAAI,GAAG;oBACV,KAAK,EAAE,MAAM,CAAC,KAAK;oBACnB,OAAO,EAAE,MAAM,CAAC,OAAQ;oBACxB,MAAM,EAAE,MAAM,CAAC,MAAO;oBACtB,YAAY,EAAE,WAAW,CAAC,YAAY;iBACvC,CAAC;gBACF,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACpC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,kBAAkB,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;gBAEtD,OAAO,MAAM,CAAC;YAChB,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;;WAsBG;QACa;;;;mBAAgB,KAAK,EACnC,MAAgD,EAChD,EAAE;gBACF,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;gBAC1D,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,iBAAiB,EAAE,GAAG,MAAM,CAAC;gBACvD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBAEjD,IAAI,CAAC;oBACH,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE;wBACpC,KAAK;wBACL,SAAS;wBACT,eAAe,EAAE,SAAS;wBAC1B,iBAAiB;wBACjB,cAAc,EAAE,MAAM,CAAC,cAAc,EAAE,QAAQ,EAAE;wBACjD,YAAY,EAAE,MAAM,CAAC,YAAY;qBAClC,CAAC,CAAC;gBACL,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,MAAM,YAAY,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;oBAE1C,gGAAgG;oBAChG,qEAAqE;oBACrE,IAAI,YAAY,EAAE,CAAC;wBACjB,MAAM,IAAI,gBAAgB,CAAC,YAAY,CAAC,CAAC;oBAC3C,CAAC;oBACD,MAAM,KAAK,CAAC;gBACd,CAAC;YACH,CAAC;WAAC;QA8CF;;;;;;;;;;;;;;;;;;;;;;;;;;;;WA4BG;QACa;;;;mBAAyB,KAAK,EAAE,EAC9C,MAAM,EACN,KAAK,EACL,kBAAkB,EAClB,OAAO,EACP,kBAAkB,GAOnB,EAAiB,EAAE;gBAClB,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,IAAI,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBACvE,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBAE/B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC;gBAEvE,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;gBACxD,CAAC;gBAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;gBAE/C,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,kBAAkB,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;gBAEzD,OAAO,IAAI,CAAC;YACd,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;WAqBG;QACa;;;;mBAAwB,KAAK,EAC3C,OAAyB,SAAS,EAClC,EAAE;gBACF,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;gBAC9D,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;gBACrC,IAAI,IAAI,EAAE,CAAC;oBACT,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;oBACjB,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,kBAAkB,EAAE,IAAI,CAAC,CAAC;oBACjD,OAAO,IAAI,CAAC;gBACd,CAAC;gBAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAC/C,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;gBACvC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,kBAAkB,EAAE,MAAM,CAAC,CAAC;gBAEnD,OAAO,MAAM,CAAC;YAChB,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;;;;;;WA0BG;QACa;;;;mBAAe,KAAK,EAAE,EACpC,iBAAiB,EACjB,eAAe,GAAG,uBAAuB,GACtB,EAAE,EAAE;gBACvB,MAAM,yBAAyB,GAAG,IAAI,aAAa,CAAC;oBAClD,eAAe,EAAE,QAAQ,CAAC,cAAc,CAAC,iBAAiB,CAAC;oBAC3D,eAAe,EAAE,eAAe;oBAChC,SAAS,EAAE,4BAA4B;iBACxC,CAAC,CAAC;gBACH,MAAM,yBAAyB,CAAC,IAAI,EAAE,CAAC;gBAEvC,IAAI,IAAI,CAAC,aAAa,CAAC,OAAO,KAAK,IAAI,CAAC,aAAa,EAAE,CAAC;oBACtD,OAAO,IAAI,CAAC,iBAAiB,CAAC;wBAC5B,aAAa,EAAE,yBAAyB;wBACxC,QAAQ,EAAE,aAAa;qBACxB,CAAC,CAAC;gBACL,CAAC;gBAED,OAAO,IAAI,CAAC,iBAAiB,CAAC;oBAC5B,aAAa,EAAE,yBAAyB;oBACxC,QAAQ,EAAE,aAAa;iBACxB,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;WAkBG;QACa;;;;mBAAa,KAAK,IAAI,EAAE;gBACtC,IAAI,CAAC,IAAI,GAAG,SAAS,CAAC;gBACtB,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,CAAC;gBAC3B,MAAM,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;YAClC,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;;;;;;WA0BG;QACa;;;;mBAAoB,KAAK,EACvC,IAA8D,EAC9C,EAAE;gBAClB,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBAExD,MAAM,WAAW,GAAG,IAAI,CAAC;gBACzB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC;oBACjD,WAAW;oBACX,gBAAgB;oBAChB,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;iBACxC,CAAC,CAAC;gBAEH,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,WAAW,CAAC;gBACnC,OAAO,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,CAC/B,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,sCAAsC,CAAC,EAAE,IAAI,CAAC,CACvE,CAAC;YACJ,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;;;;;WAyBG;QACa;;;;mBAAiB,KAAK,EACpC,IAA2D,EAC5C,EAAE;gBACjB,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBACxD,MAAM,WAAW,GAAG,IAAI,CAAC;gBACzB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC;oBACjD,WAAW;oBACX,gBAAgB;oBAChB,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;iBACxC,CAAC,CAAC;gBACH,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CACvB,WAAW,EACX,QAAQ,EACR,4BAA4B,CAC7B,CAAC;gBACF,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC;gBACvC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;oBACrC,MAAM,aAAa,GAAG,CAAC,KAAmB,EAAE,EAAE;wBAC5C,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;4BAChB,OAAO;wBACT,CAAC;wBACD,MAAM,EACJ,aAAa,EAAE,MAAM,EACrB,YAAY,EAAE,KAAK,EACnB,cAAc,EAAE,OAAO,EACvB,eAAe,EAAE,QAAQ,EACzB,YAAY,GACb,GAAG,KAAK,CAAC,IAAI,CAAC;wBACf,IAAI,MAAM,IAAI,KAAK,IAAI,OAAO,EAAE,CAAC;4BAC/B,OAAO,EAAE,CAAC;4BACV,KAAK,EAAE,KAAK,EAAE,CAAC;4BACf,IAAI,CAAC,sBAAsB,CAAC;gCAC1B,MAAM;gCACN,KAAK;gCACL,kBAAkB,EAAE,gBAAgB;gCACpC,OAAO;gCACP,kBAAkB,EAAE,OAAO;6BAC5B,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE;gCACf,IAAI,QAAQ,EAAE,CAAC;oCACb,YAAY,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;gCACrC,CAAC;gCAED,OAAO,CAAC,IAAI,CAAC,CAAC;4BAChB,CAAC,EAAE,MAAM,CAAC,CAAC;wBACb,CAAC;6BAAM,IAAI,YAAY,EAAE,CAAC;4BACxB,OAAO,EAAE,CAAC;4BACV,KAAK,EAAE,KAAK,EAAE,CAAC;4BACf,MAAM,CAAC,IAAI,gBAAgB,CAAC,YAAY,CAAC,CAAC,CAAC;wBAC7C,CAAC;oBACH,CAAC,CAAC;oBAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;oBAElD,MAAM,oBAAoB,GAAG,WAAW,CAAC,GAAG,EAAE;wBAC5C,IAAI,KAAK,EAAE,MAAM,EAAE,CAAC;4BAClB,OAAO,EAAE,CAAC;4BACV,MAAM,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;wBACpC,CAAC;oBACH,CAAC,EAAE,oBAAoB,CAAC,CAAC;oBAEzB,MAAM,OAAO,GAAG,GAAG,EAAE;wBACnB,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;wBACrD,aAAa,CAAC,oBAAoB,CAAC,CAAC;oBACtC,CAAC,CAAC;gBACJ,CAAC,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;WAoBG;QACa;;;;mBAAkB,KAAK,IAAqB,EAAE;gBAC5D,OAAO,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAClC,CAAC;WAAC;QAEM;;;;mBAAoB,KAAK,IAAI,EAAE;gBACrC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,EAAE,CAAC;oBACpC,MAAM,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;gBAClC,CAAC;gBAED,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;gBAEpC,OAAO,IAAI,CAAC,aAAa,CAAC,SAAS,EAAG,CAAC;YACzC,CAAC;WAAC;QAEM;;;;mBAAsB,KAAK,EAAE,OAAyB,IAAI,CAAC,IAAI,EAAE,EAAE;gBACzE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;gBACtC,IAAI,IAAI,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;oBAC9B,+GAA+G;oBAC/G,IAAI,CAAC,eAAe,CAAC,gBAAgB,GAAG;wBACtC;4BACE,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC;4BAC5C,IAAI,EAAE,YAAY;4BAClB,UAAU,EAAE,CAAC,UAAU,EAAE,QAAQ,CAAC;yBACnC;qBACF,CAAC;gBACJ,CAAC;YACH,CAAC;WAAC;QAEiB;;;;mBAAyB,KAAK,EAC/C,OAA2C,EAC3C,cAAoC;gBAClC,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,KAAK,IAAI,WAAW;aAC1C,EACD,EAAE;gBACF,MAAM,SAAS,GAAG,oBAAoB,EAAE,CAAC;gBACzC,MAAM,mBAAmB,GAAG,oBAAoB,EAAE,CAAC;gBAEnD,MAAM,WAAW,GAAG,MAAM,sBAAsB,CAAC;oBAC/C,SAAS,EAAE;wBACT,GAAG,OAAO,EAAE,SAAS;wBACrB,sBAAsB,EAAE;4BACtB,WAAW,EAAE,WAAW;4BACxB,kBAAkB,EAAE,KAAK;4BACzB,gBAAgB,EAAE,WAAW;4BAC7B,GAAG,OAAO,EAAE,SAAS,EAAE,sBAAsB;yBAC9C;wBACD,SAAS;wBACT,EAAE,EAAE;4BACF,EAAE,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ;4BAC5B,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ;4BAC9B,GAAG,OAAO,EAAE,SAAS,EAAE,EAAE;yBAC1B;wBACD,gBAAgB,EAAE;4BAChB;gCACE,IAAI,EAAE,YAAY;gCAClB,GAAG,EAAE,CAAC,CAAC;6BACR;4BACD;gCACE,IAAI,EAAE,YAAY;gCAClB,GAAG,EAAE,CAAC,GAAG;6BACV;yBACF;wBACD,IAAI,EAAE;4BACJ,EAAE,EAAE,mBAAmB;4BACvB,IAAI,EAAE,WAAW,CAAC,QAAQ;4BAC1B,WAAW,EAAE,WAAW,CAAC,QAAQ;4BACjC,GAAG,OAAO,EAAE,SAAS,EAAE,IAAI;yBAC5B;qBACF;oBACD,MAAM,EAAE,OAAO,EAAE,MAAM;iBACxB,CAAC,CAAC;gBAEH,4EAA4E;gBAC5E,IAAI,WAAW,CAAC,UAAU,IAAI,IAAI,IAAI,WAAW,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAC1E,WAAW,CAAC,UAAU,GAAG;wBACvB,kCAAkC;wBAClC,gCAAgC;qBACjC,CAAC;gBACJ,CAAC;gBAED,OAAO,EAAE,SAAS,EAAE,mBAAmB,EAAE,WAAW,EAAE,CAAC;YACzD,CAAC;WAAC;QAEiB;;;;mBAAiB,KAAK,IAA0B,EAAE;gBACnE,MAAM,cAAc,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC;gBAClD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBAEjD,uFAAuF;gBACvF,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;gBAChC,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;gBAC5C,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YACtD,CAAC;WAAC;QAEF;;;;;WAKG;QACa;;;;mBAAgB,KAAK,IAElC,EAAE;gBACH,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC;oBAClE,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,IAAI,EAAE,mCAAmC;oBACzC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,UAAU,EAAE;wBACV,QAAQ,EAAE,8BAA8B;wBACxC,YAAY,EAAE,qBAAqB;wBACnC,OAAO,EAAE,WAAW,CAAC,IAAI;wBACzB,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO;qBAC5B;iBACF,CAAC,CAAC;gBAEH,OAAO,IAAI,CAAC,OAAO,CAAC,6BAA6B,EAAE;oBACjD,cAAc;iBACf,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;;;WAOG;QACa;;;;mBAAS,KAAK,EAC5B,MAAuB,EACG,EAAE;gBAC5B,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC;oBAClE,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,IAAI,EAAE,mCAAmC;oBACzC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,UAAU,EAAE;wBACV,QAAQ,EAAE,8BAA8B;wBACxC,YAAY,EAAE,qBAAqB;wBACnC,OAAO,EAAE,WAAW,CAAC,GAAG;wBACxB,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO;qBAC5B;iBACF,CAAC,CAAC;gBAEH,QAAQ,MAAM,CAAC,eAAe,EAAE,CAAC;oBAC/B,KAAK,MAAM;wBACT,OAAO,IAAI,CAAC,OAAO,CAAC,+BAA+B,EAAE;4BACnD,cAAc;4BACd,eAAe,EAAE,MAAM,CAAC,eAAe;yBACxC,CAAC,CAAC;oBACL;wBACE,MAAM,IAAI,KAAK,CACb,gCAAgC,MAAM,CAAC,eAAe,EAAE,CACzD,CAAC;gBACN,CAAC;YACH,CAAC;WAAC;QAEF;;;;;;WAMG;QACa;;;;mBAAY,KAAK,EAC/B,MAAuB,EACiB,EAAE;gBAC1C,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC;oBAClE,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,IAAI,EAAE,mCAAmC;oBACzC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,UAAU,EAAE;wBACV,QAAQ,EAAE,8BAA8B;wBACxC,YAAY,EAAE,qBAAqB;wBACnC,OAAO,EAAE,WAAW,CAAC,MAAM;wBAC3B,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO;qBAC5B;iBACF,CAAC,CAAC;gBAEH,OAAO,IAAI,CAAC,OAAO,CAAC,8BAA8B,EAAE;oBAClD,cAAc;oBACd,aAAa,EAAE,MAAM,CAAC,aAAa;oBACnC,eAAe,EAAE,MAAM,CAAC,eAAe;iBACxC,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;;WAMG;QACa;;;;mBAAY,KAAK,EAC/B,MAAuB,EACiB,EAAE;gBAC1C,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC;oBAClE,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,IAAI,EAAE,mCAAmC;oBACzC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,UAAU,EAAE;wBACV,QAAQ,EAAE,8BAA8B;wBACxC,YAAY,EAAE,qBAAqB;wBACnC,OAAO,EAAE,WAAW,CAAC,MAAM;wBAC3B,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO;qBAC5B;iBACF,CAAC,CAAC;gBAEH,OAAO,IAAI,CAAC,OAAO,CAAC,+BAA+B,EAAE;oBACnD,cAAc;oBACd,cAAc,EAAE,MAAM,CAAC,cAAc;iBACtC,CAAC,CAAC;YACL,CAAC;WAAC;QA1tBA,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QACnC,IAAI,CAAC,iBAAiB,GAAG,YAAY,CAAC,iBAAiB,CAAC;QAExD,IAAI,CAAC,eAAe,GAAG,IAAI,eAAe,CAAC;YACzC,IAAI,EAAE,IAAI,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ;SACvC,CAAC,CAAC;QAEH,IAAI,CAAC,gBAAgB,GAAG,gBAAgB,CAAC;IAC3C,CAAC;IAuHD;;;;;;;;;;;;;;;;;;;;;;;;;OAyBG;IACa,KAAK,CAAC,aAAa,CACjC,IAAwC;QAExC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC;QAChE,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACvD,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE;YACzD,GAAG,IAAI;YACP,eAAe;SAChB,CAAC,CAAC;QAEH,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CACb,8DAA8D,CAC/D,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;IACtC,CAAC;CAkjBF;AAED;;;GAGG;AACH,MAAM,OAAO,mBAAoB,SAAQ,SAAS;IAGhD;;;OAGG;IACH;QACE,KAAK,CAAC,iBAAiB,CAAC,CAAC;QAPlB;;;;mBAAO,qBAAqB;WAAC;IAQtC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,gBAAiB,SAAQ,SAAS;IAA/C;;QACW;;;;mBAAO,kBAAkB;WAAC;IACrC,CAAC;CAAA","sourcesContent":["import { BaseError, ConnectionConfigSchema } from \"@aa-sdk/core\";\nimport { getWebAuthnAttestation } from \"@turnkey/http\";\nimport { IframeStamper } from \"@turnkey/iframe-stamper\";\nimport { WebauthnStamper } from \"@turnkey/webauthn-stamper\";\nimport { z } from \"zod\";\nimport type { AuthParams } from \"../signer.js\";\nimport { base64UrlEncode } from \"../utils/base64UrlEncode.js\";\nimport { generateRandomBuffer } from \"../utils/generateRandomBuffer.js\";\nimport { BaseSignerClient } from \"./base.js\";\nimport type {\n  AlchemySignerClientEvents,\n  AuthenticatingEventMetadata,\n  CreateAccountParams,\n  CredentialCreationOptionOverrides,\n  EmailAuthParams,\n  ExportWalletParams,\n  OauthConfig,\n  OtpParams,\n  User,\n  MfaFactor,\n  EnableMfaParams,\n  EnableMfaResult,\n  VerifyMfaParams,\n  RemoveMfaParams,\n} from \"./types.js\";\nimport { MfaRequiredError, NotAuthenticatedError } from \"../errors.js\";\nimport { parseMfaError } from \"../utils/parseMfaError.js\";\n\nconst CHECK_CLOSE_INTERVAL = 500;\nconst MFA_PAYLOAD = {\n  GET: \"get_mfa\",\n  ADD: \"add_mfa\",\n  DELETE: \"delete_mfas\",\n  VERIFY: \"verify_mfa\",\n  LIST: \"list_mfas\",\n};\n\nexport const AlchemySignerClientParamsSchema = z.object({\n  connection: ConnectionConfigSchema,\n  iframeConfig: z.object({\n    iframeElementId: z.string().default(\"turnkey-iframe\"),\n    iframeContainerId: z.string(),\n  }),\n  rpId: z.string().optional(),\n  rootOrgId: z\n    .string()\n    .optional()\n    .default(\"24c1acf5-810f-41e0-a503-d5d13fa8e830\"),\n  oauthCallbackUrl: z\n    .string()\n    .optional()\n    .default(\"https://signer.alchemy.com/callback\"),\n  enablePopupOauth: z.boolean().optional().default(false),\n});\n\nexport type AlchemySignerClientParams = z.input<\n  typeof AlchemySignerClientParamsSchema\n>;\n\n/**\n * A lower level client used by the AlchemySigner used to communicate with\n * Alchemy's signer service.\n */\nexport class AlchemySignerWebClient extends BaseSignerClient<ExportWalletParams> {\n  private iframeStamper: IframeStamper;\n  private webauthnStamper: WebauthnStamper;\n  oauthCallbackUrl: string;\n  iframeContainerId: string;\n\n  /**\n   * Initializes a new instance with the given parameters, setting up the connection, iframe configuration, and WebAuthn stamper.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   * ```\n   *\n   * @param {AlchemySignerClientParams} params the parameters required to initialize the client\n   * @param {ConnectionConfig} params.connection The connection details needed to connect to the service\n   * @param {{ iframeElementId?: string; iframeContainerId: string }} params.iframeConfig The configuration details for setting up the iframe stamper\n   * @param {string} params.rpId The relying party ID, defaulting to the current hostname if not provided\n   * @param {string} params.rootOrgId The root organization ID\n   */\n  constructor(params: AlchemySignerClientParams) {\n    const { connection, iframeConfig, rpId, rootOrgId, oauthCallbackUrl } =\n      AlchemySignerClientParamsSchema.parse(params);\n\n    const iframeStamper = new IframeStamper({\n      iframeElementId: iframeConfig.iframeElementId,\n      iframeUrl: \"https://auth.turnkey.com\",\n      iframeContainer: document.getElementById(iframeConfig.iframeContainerId),\n    });\n\n    super({\n      connection,\n      rootOrgId,\n      stamper: iframeStamper,\n    });\n\n    this.iframeStamper = iframeStamper;\n    this.iframeContainerId = iframeConfig.iframeContainerId;\n\n    this.webauthnStamper = new WebauthnStamper({\n      rpId: rpId ?? window.location.hostname,\n    });\n\n    this.oauthCallbackUrl = oauthCallbackUrl;\n  }\n\n  /**\n   * Authenticates the user by either email or passkey account creation flow. Emits events during the process.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * const account = await client.createAccount({ type: \"email\", email: \"you@mail.com\" });\n   * ```\n   *\n   * @param {CreateAccountParams} params The parameters for creating an account, including the type (email or passkey) and additional details.\n   * @returns {Promise<SignupResponse>} A promise that resolves with the response object containing the account creation result.\n   */\n  public override createAccount = async (params: CreateAccountParams) => {\n    if (params.type === \"email\") {\n      this.eventEmitter.emit(\"authenticating\", { type: \"otp\" });\n      const { email, emailMode, expirationSeconds } = params;\n      const publicKey = await this.initIframeStamper();\n\n      const response = await this.request(\"/v1/signup\", {\n        email,\n        emailMode,\n        targetPublicKey: publicKey,\n        expirationSeconds,\n        redirectParams: params.redirectParams?.toString(),\n      });\n\n      return response;\n    }\n\n    this.eventEmitter.emit(\"authenticating\", { type: \"passkey\" });\n    // Passkey account creation flow\n    const { attestation, challenge } = await this.getWebAuthnAttestation(\n      params.creationOpts,\n      { username: \"email\" in params ? params.email : params.username }\n    );\n\n    const result = await this.request(\"/v1/signup\", {\n      passkey: {\n        challenge: base64UrlEncode(challenge),\n        attestation,\n      },\n      email: \"email\" in params ? params.email : undefined,\n    });\n\n    this.user = {\n      orgId: result.orgId,\n      address: result.address!,\n      userId: result.userId!,\n      credentialId: attestation.credentialId,\n    };\n    this.initWebauthnStamper(this.user);\n    this.eventEmitter.emit(\"connectedPasskey\", this.user);\n\n    return result;\n  };\n\n  /**\n   * Begin authenticating a user with their email and an expiration time for the authentication request. Initializes the iframe stamper to get the target public key.\n   * This method sends an email to the user to complete their login\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * const account = await client.initEmailAuth({ email: \"you@mail.com\" });\n   * ```\n   *\n   * @param {Omit<EmailAuthParams, \"targetPublicKey\">} params The parameters for email authentication, excluding the target public key\n   * @returns {Promise<any>} The response from the authentication request\n   */\n  public override initEmailAuth = async (\n    params: Omit<EmailAuthParams, \"targetPublicKey\">\n  ) => {\n    this.eventEmitter.emit(\"authenticating\", { type: \"otp\" });\n    const { email, emailMode, expirationSeconds } = params;\n    const publicKey = await this.initIframeStamper();\n\n    try {\n      return await this.request(\"/v1/auth\", {\n        email,\n        emailMode,\n        targetPublicKey: publicKey,\n        expirationSeconds,\n        redirectParams: params.redirectParams?.toString(),\n        multiFactors: params.multiFactors,\n      });\n    } catch (error) {\n      const multiFactors = parseMfaError(error);\n\n      // If MFA is required, and emailMode is Magic Link, the user must submit mfa with the request or\n      // the the server will return an error with the required mfa factors.\n      if (multiFactors) {\n        throw new MfaRequiredError(multiFactors);\n      }\n      throw error;\n    }\n  };\n\n  /**\n   * Authenticates using an OTP code which was previously received via email.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * const account = await client.submitOtpCode({\n   *   orgId: \"user-org-id\",\n   *   otpId: \"opt-returned-from-initEmailAuth\",\n   *   otpCode: \"otp-code-from-email\",\n   * });\n   * ```\n   *\n   * @param {Omit<OtpParams, \"targetPublicKey\">} args The parameters for the OTP request, excluding the target public key.\n   * @returns {Promise<{ bundle: string }>} A promise that resolves to an object containing the credential bundle.\n   */\n  public override async submitOtpCode(\n    args: Omit<OtpParams, \"targetPublicKey\">\n  ): Promise<{ bundle: string }> {\n    this.eventEmitter.emit(\"authenticating\", { type: \"otpVerify\" });\n    const targetPublicKey = await this.initIframeStamper();\n    const { credentialBundle } = await this.request(\"/v1/otp\", {\n      ...args,\n      targetPublicKey,\n    });\n\n    if (!credentialBundle) {\n      throw new Error(\n        \"Failed to submit OTP code. Check if multiFactor is required.\"\n      );\n    }\n    return { bundle: credentialBundle };\n  }\n\n  /**\n   * Completes auth for the user by injecting a credential bundle and retrieving\n   * the user information based on the provided organization ID. Emits events\n   * during the process.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * const account = await client.completeAuthWithBundle({ orgId: \"user-org-id\", bundle: \"bundle-from-email\", connectedEventName: \"connectedEmail\" });\n   * ```\n   *\n   * @param {{ bundle: string; orgId: string, connectedEventName: keyof AlchemySignerClientEvents, idToken?: string }} config\n   * The configuration object for the authentication function containing the\n   * credential bundle to inject and the organization id associated with the\n   * user, as well as the event to be emitted on success and optionally an OIDC\n   * ID token with extra user information\n   * @returns {Promise<User>} A promise that resolves to the authenticated user\n   * information\n   */\n  public override completeAuthWithBundle = async ({\n    bundle,\n    orgId,\n    connectedEventName,\n    idToken,\n    authenticatingType,\n  }: {\n    bundle: string;\n    orgId: string;\n    connectedEventName: keyof AlchemySignerClientEvents;\n    authenticatingType: AuthenticatingEventMetadata[\"type\"];\n    idToken?: string;\n  }): Promise<User> => {\n    this.eventEmitter.emit(\"authenticating\", { type: authenticatingType });\n    await this.initIframeStamper();\n\n    const result = await this.iframeStamper.injectCredentialBundle(bundle);\n\n    if (!result) {\n      throw new Error(\"Failed to inject credential bundle\");\n    }\n\n    const user = await this.whoami(orgId, idToken);\n\n    this.eventEmitter.emit(connectedEventName, user, bundle);\n\n    return user;\n  };\n\n  /**\n   * Asynchronously handles the authentication process using WebAuthn Stamper. If a user is provided, sets the user and returns it. Otherwise, retrieves the current user and initializes the WebAuthn stamper.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * const account = await client.lookupUserWithPasskey();\n   * ```\n   *\n   * @param {User} [user] An optional user object to authenticate\n   * @returns {Promise<User>} A promise that resolves to the authenticated user object\n   */\n  public override lookupUserWithPasskey = async (\n    user: User | undefined = undefined\n  ) => {\n    this.eventEmitter.emit(\"authenticating\", { type: \"passkey\" });\n    await this.initWebauthnStamper(user);\n    if (user) {\n      this.user = user;\n      this.eventEmitter.emit(\"connectedPasskey\", user);\n      return user;\n    }\n\n    const result = await this.whoami(this.rootOrg);\n    await this.initWebauthnStamper(result);\n    this.eventEmitter.emit(\"connectedPasskey\", result);\n\n    return result;\n  };\n\n  /**\n   * Initiates the export of a wallet by creating an iframe stamper and calling the appropriate export function.\n   * The export can be based on a seed phrase or a private key.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * const account = await client.exportWallet({\n   *  iframeContainerId: \"export-iframe-container\",\n   * });\n   * ```\n   *\n   * @param {ExportWalletParams} config The parameters for exporting the wallet\n   * @param {string} config.iframeContainerId The ID of the container element that will hold the iframe stamper\n   * @param {string} [config.iframeElementId] Optional ID for the iframe element\n   * @returns {Promise<void>} A promise that resolves when the export process is complete\n   */\n  public override exportWallet = async ({\n    iframeContainerId,\n    iframeElementId = \"turnkey-export-iframe\",\n  }: ExportWalletParams) => {\n    const exportWalletIframeStamper = new IframeStamper({\n      iframeContainer: document.getElementById(iframeContainerId),\n      iframeElementId: iframeElementId,\n      iframeUrl: \"https://export.turnkey.com\",\n    });\n    await exportWalletIframeStamper.init();\n\n    if (this.turnkeyClient.stamper === this.iframeStamper) {\n      return this.exportWalletInner({\n        exportStamper: exportWalletIframeStamper,\n        exportAs: \"SEED_PHRASE\",\n      });\n    }\n\n    return this.exportWalletInner({\n      exportStamper: exportWalletIframeStamper,\n      exportAs: \"PRIVATE_KEY\",\n    });\n  };\n\n  /**\n   * Asynchronous function that clears the user and resets the iframe stamper.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * const account = await client.disconnect();\n   * ```\n   */\n  public override disconnect = async () => {\n    this.user = undefined;\n    this.iframeStamper.clear();\n    await this.iframeStamper.init();\n  };\n\n  /**\n   * Redirects the user to the OAuth provider URL based on the provided arguments. This function will always reject after 1 second if the redirection does not occur.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * await client.oauthWithRedirect({\n   *   type: \"oauth\",\n   *   authProviderId: \"google\",\n   *   mode: \"redirect\",\n   *   redirectUrl: \"/\",\n   * });\n   * ```\n   *\n   * @param {Extract<AuthParams, { type: \"oauth\"; mode: \"redirect\" }>} args The arguments required to obtain the OAuth provider URL\n   * @returns {Promise<never>} A promise that will never resolve, only reject if the redirection fails\n   */\n  public override oauthWithRedirect = async (\n    args: Extract<AuthParams, { type: \"oauth\"; mode: \"redirect\" }>\n  ): Promise<never> => {\n    const turnkeyPublicKey = await this.initIframeStamper();\n\n    const oauthParams = args;\n    const providerUrl = await this.getOauthProviderUrl({\n      oauthParams,\n      turnkeyPublicKey,\n      oauthCallbackUrl: this.oauthCallbackUrl,\n    });\n\n    window.location.href = providerUrl;\n    return new Promise((_, reject) =>\n      setTimeout(() => reject(\"Failed to redirect to OAuth provider\"), 1000)\n    );\n  };\n\n  /**\n   * Initiates an OAuth authentication flow in a popup window and returns the authenticated user.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * const user = await client.oauthWithPopup({\n   *  type: \"oauth\",\n   *  authProviderId: \"google\",\n   *  mode: \"popup\"\n   * });\n   * ```\n   *\n   * @param {Extract<AuthParams, { type: \"oauth\"; mode: \"popup\" }>} args The authentication parameters specifying OAuth type and popup mode\n   * @returns {Promise<User>} A promise that resolves to a `User` object containing the authenticated user information\n   */\n  public override oauthWithPopup = async (\n    args: Extract<AuthParams, { type: \"oauth\"; mode: \"popup\" }>\n  ): Promise<User> => {\n    const turnkeyPublicKey = await this.initIframeStamper();\n    const oauthParams = args;\n    const providerUrl = await this.getOauthProviderUrl({\n      oauthParams,\n      turnkeyPublicKey,\n      oauthCallbackUrl: this.oauthCallbackUrl,\n    });\n    const popup = window.open(\n      providerUrl,\n      \"_blank\",\n      \"popup,width=500,height=600\"\n    );\n    const eventEmitter = this.eventEmitter;\n    return new Promise((resolve, reject) => {\n      const handleMessage = (event: MessageEvent) => {\n        if (!event.data) {\n          return;\n        }\n        const {\n          alchemyBundle: bundle,\n          alchemyOrgId: orgId,\n          alchemyIdToken: idToken,\n          alchemyIsSignup: isSignup,\n          alchemyError,\n        } = event.data;\n        if (bundle && orgId && idToken) {\n          cleanup();\n          popup?.close();\n          this.completeAuthWithBundle({\n            bundle,\n            orgId,\n            connectedEventName: \"connectedOauth\",\n            idToken,\n            authenticatingType: \"oauth\",\n          }).then((user) => {\n            if (isSignup) {\n              eventEmitter.emit(\"newUserSignup\");\n            }\n\n            resolve(user);\n          }, reject);\n        } else if (alchemyError) {\n          cleanup();\n          popup?.close();\n          reject(new OauthFailedError(alchemyError));\n        }\n      };\n\n      window.addEventListener(\"message\", handleMessage);\n\n      const checkCloseIntervalId = setInterval(() => {\n        if (popup?.closed) {\n          cleanup();\n          reject(new OauthCancelledError());\n        }\n      }, CHECK_CLOSE_INTERVAL);\n\n      const cleanup = () => {\n        window.removeEventListener(\"message\", handleMessage);\n        clearInterval(checkCloseIntervalId);\n      };\n    });\n  };\n\n  /**\n   * Initializes the iframe stamper and returns its public key.\n   *\n   * @example\n   * ```ts twoslash\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * const publicKey = await client.targetPublicKey();\n   * ```\n   *\n   * @returns {Promise<string>} A promise that resolves with the target public key when the iframe stamper is successfully initialized, or throws an error if the target public key is not supported.\n   */\n  public override targetPublicKey = async (): Promise<string> => {\n    return this.initIframeStamper();\n  };\n\n  private initIframeStamper = async () => {\n    if (!this.iframeStamper.publicKey()) {\n      await this.iframeStamper.init();\n    }\n\n    this.setStamper(this.iframeStamper);\n\n    return this.iframeStamper.publicKey()!;\n  };\n\n  private initWebauthnStamper = async (user: User | undefined = this.user) => {\n    this.setStamper(this.webauthnStamper);\n    if (user && user.credentialId) {\n      // The goal here is to allow us to cache the allowed credential, but this doesn't work with hybrid transport :(\n      this.webauthnStamper.allowCredentials = [\n        {\n          id: Buffer.from(user.credentialId, \"base64\"),\n          type: \"public-key\",\n          transports: [\"internal\", \"hybrid\"],\n        },\n      ];\n    }\n  };\n\n  protected override getWebAuthnAttestation = async (\n    options?: CredentialCreationOptionOverrides,\n    userDetails: { username: string } = {\n      username: this.user?.email ?? \"anonymous\",\n    }\n  ) => {\n    const challenge = generateRandomBuffer();\n    const authenticatorUserId = generateRandomBuffer();\n\n    const attestation = await getWebAuthnAttestation({\n      publicKey: {\n        ...options?.publicKey,\n        authenticatorSelection: {\n          residentKey: \"preferred\",\n          requireResidentKey: false,\n          userVerification: \"preferred\",\n          ...options?.publicKey?.authenticatorSelection,\n        },\n        challenge,\n        rp: {\n          id: window.location.hostname,\n          name: window.location.hostname,\n          ...options?.publicKey?.rp,\n        },\n        pubKeyCredParams: [\n          {\n            type: \"public-key\",\n            alg: -7,\n          },\n          {\n            type: \"public-key\",\n            alg: -257,\n          },\n        ],\n        user: {\n          id: authenticatorUserId,\n          name: userDetails.username,\n          displayName: userDetails.username,\n          ...options?.publicKey?.user,\n        },\n      },\n      signal: options?.signal,\n    });\n\n    // on iOS sometimes this is returned as empty or null, so handling that here\n    if (attestation.transports == null || attestation.transports.length === 0) {\n      attestation.transports = [\n        \"AUTHENTICATOR_TRANSPORT_INTERNAL\",\n        \"AUTHENTICATOR_TRANSPORT_HYBRID\",\n      ];\n    }\n\n    return { challenge, authenticatorUserId, attestation };\n  };\n\n  protected override getOauthConfig = async (): Promise<OauthConfig> => {\n    const currentStamper = this.turnkeyClient.stamper;\n    const publicKey = await this.initIframeStamper();\n\n    // swap the stamper back in case the user logged in with a different stamper (passkeys)\n    this.setStamper(currentStamper);\n    const nonce = this.getOauthNonce(publicKey);\n    return this.request(\"/v1/prepare-oauth\", { nonce });\n  };\n\n  /**\n   * Retrieves the list of MFA factors configured for the current user.\n   *\n   * @returns {Promise<{ multiFactors: MfaFactor[] }>} A promise that resolves to an array of configured MFA factors\n   * @throws {NotAuthenticatedError} If no user is authenticated\n   */\n  public override getMfaFactors = async (): Promise<{\n    multiFactors: MfaFactor[];\n  }> => {\n    if (!this.user) {\n      throw new NotAuthenticatedError();\n    }\n\n    const stampedRequest = await this.turnkeyClient.stampSignRawPayload({\n      organizationId: this.user.orgId,\n      type: \"ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2\",\n      timestampMs: Date.now().toString(),\n      parameters: {\n        encoding: \"PAYLOAD_ENCODING_HEXADECIMAL\",\n        hashFunction: \"HASH_FUNCTION_NO_OP\",\n        payload: MFA_PAYLOAD.LIST,\n        signWith: this.user.address,\n      },\n    });\n\n    return this.request(\"/v1/auth-list-multi-factors\", {\n      stampedRequest,\n    });\n  };\n\n  /**\n   * Initiates the setup of a new MFA factor for the current user. Mfa will need to be verified before it is active.\n   *\n   * @param {EnableMfaParams} params The parameters required to enable a new MFA factor\n   * @returns {Promise<EnableMfaResult>} A promise that resolves to the factor setup information\n   * @throws {NotAuthenticatedError} If no user is authenticated\n   * @throws {Error} If an unsupported factor type is provided\n   */\n  public override addMfa = async (\n    params: EnableMfaParams\n  ): Promise<EnableMfaResult> => {\n    if (!this.user) {\n      throw new NotAuthenticatedError();\n    }\n\n    const stampedRequest = await this.turnkeyClient.stampSignRawPayload({\n      organizationId: this.user.orgId,\n      type: \"ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2\",\n      timestampMs: Date.now().toString(),\n      parameters: {\n        encoding: \"PAYLOAD_ENCODING_HEXADECIMAL\",\n        hashFunction: \"HASH_FUNCTION_NO_OP\",\n        payload: MFA_PAYLOAD.ADD,\n        signWith: this.user.address,\n      },\n    });\n\n    switch (params.multiFactorType) {\n      case \"totp\":\n        return this.request(\"/v1/auth-request-multi-factor\", {\n          stampedRequest,\n          multiFactorType: params.multiFactorType,\n        });\n      default:\n        throw new Error(\n          `Unsupported MFA factor type: ${params.multiFactorType}`\n        );\n    }\n  };\n\n  /**\n   * Verifies a newly created MFA factor to complete the setup process.\n   *\n   * @param {VerifyMfaParams} params The parameters required to verify the MFA factor\n   * @returns {Promise<{ multiFactors: MfaFactor[] }>} A promise that resolves to the updated list of MFA factors\n   * @throws {NotAuthenticatedError} If no user is authenticated\n   */\n  public override verifyMfa = async (\n    params: VerifyMfaParams\n  ): Promise<{ multiFactors: MfaFactor[] }> => {\n    if (!this.user) {\n      throw new NotAuthenticatedError();\n    }\n\n    const stampedRequest = await this.turnkeyClient.stampSignRawPayload({\n      organizationId: this.user.orgId,\n      type: \"ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2\",\n      timestampMs: Date.now().toString(),\n      parameters: {\n        encoding: \"PAYLOAD_ENCODING_HEXADECIMAL\",\n        hashFunction: \"HASH_FUNCTION_NO_OP\",\n        payload: MFA_PAYLOAD.VERIFY,\n        signWith: this.user.address,\n      },\n    });\n\n    return this.request(\"/v1/auth-verify-multi-factor\", {\n      stampedRequest,\n      multiFactorId: params.multiFactorId,\n      multiFactorCode: params.multiFactorCode,\n    });\n  };\n\n  /**\n   * Removes existing MFA factors by ID.\n   *\n   * @param {RemoveMfaParams} params The parameters specifying which factors to disable\n   * @returns {Promise<{ multiFactors: MfaFactor[] }>} A promise that resolves to the updated list of MFA factors\n   * @throws {NotAuthenticatedError} If no user is authenticated\n   */\n  public override removeMfa = async (\n    params: RemoveMfaParams\n  ): Promise<{ multiFactors: MfaFactor[] }> => {\n    if (!this.user) {\n      throw new NotAuthenticatedError();\n    }\n\n    const stampedRequest = await this.turnkeyClient.stampSignRawPayload({\n      organizationId: this.user.orgId,\n      type: \"ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2\",\n      timestampMs: Date.now().toString(),\n      parameters: {\n        encoding: \"PAYLOAD_ENCODING_HEXADECIMAL\",\n        hashFunction: \"HASH_FUNCTION_NO_OP\",\n        payload: MFA_PAYLOAD.DELETE,\n        signWith: this.user.address,\n      },\n    });\n\n    return this.request(\"/v1/auth-delete-multi-factors\", {\n      stampedRequest,\n      multiFactorIds: params.multiFactorIds,\n    });\n  };\n}\n\n/**\n * This error is thrown when the OAuth flow is cancelled because the auth popup\n * window was closed.\n */\nexport class OauthCancelledError extends BaseError {\n  override name = \"OauthCancelledError\";\n\n  /**\n   * Constructor for initializing an error indicating that the OAuth flow was\n   * cancelled.\n   */\n  constructor() {\n    super(\"OAuth cancelled\");\n  }\n}\n\n/**\n * This error is thrown when an error occurs during the OAuth login flow.\n */\nexport class OauthFailedError extends BaseError {\n  override name = \"OauthFailedError\";\n}\n"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/client/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AACjE,OAAO,EAAE,sBAAsB,EAAE,MAAM,eAAe,CAAC;AACvD,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAC5D,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,kCAAkC,CAAC;AACxE,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAe7C,MAAM,oBAAoB,GAAG,GAAG,CAAC;AAEjC,MAAM,CAAC,MAAM,+BAA+B,GAAG,CAAC,CAAC,MAAM,CAAC;IACtD,UAAU,EAAE,sBAAsB;IAClC,YAAY,EAAE,CAAC,CAAC,MAAM,CAAC;QACrB,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,gBAAgB,CAAC;QACrD,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE;KAC9B,CAAC;IACF,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,SAAS,EAAE,CAAC;SACT,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,OAAO,CAAC,sCAAsC,CAAC;IAClD,gBAAgB,EAAE,CAAC;SAChB,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,OAAO,CAAC,qCAAqC,CAAC;IACjD,gBAAgB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;CACxD,CAAC,CAAC;AAMH;;;GAGG;AACH,MAAM,OAAO,sBAAuB,SAAQ,gBAAoC;IAM9E;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACH,YAAY,MAAiC;QAC3C,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,IAAI,EAAE,SAAS,EAAE,gBAAgB,EAAE,GACnE,+BAA+B,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAEhD,MAAM,aAAa,GAAG,IAAI,aAAa,CAAC;YACtC,eAAe,EAAE,YAAY,CAAC,eAAe;YAC7C,SAAS,EAAE,0BAA0B;YACrC,eAAe,EAAE,QAAQ,CAAC,cAAc,CAAC,YAAY,CAAC,iBAAiB,CAAC;SACzE,CAAC,CAAC;QAEH,KAAK,CAAC;YACJ,UAAU;YACV,SAAS;YACT,OAAO,EAAE,aAAa;SACvB,CAAC,CAAC;QA1CG;;;;;WAA6B;QAC7B;;;;;WAAiC;QACzC;;;;;WAAyB;QACzB;;;;;WAA0B;QAmD1B;;;;;;;;;;;;;;;;;;;;;WAqBG;QACa;;;;mBAAgB,KAAK,EAAE,MAA2B,EAAE,EAAE;gBACpE,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;oBAC5B,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;oBAC1D,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,iBAAiB,EAAE,GAAG,MAAM,CAAC;oBACvD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;oBAEjD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE;wBAChD,KAAK;wBACL,SAAS;wBACT,eAAe,EAAE,SAAS;wBAC1B,iBAAiB;wBACjB,cAAc,EAAE,MAAM,CAAC,cAAc,EAAE,QAAQ,EAAE;qBAClD,CAAC,CAAC;oBAEH,OAAO,QAAQ,CAAC;gBAClB,CAAC;gBAED,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;gBAC9D,gCAAgC;gBAChC,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAClE,MAAM,CAAC,YAAY,EACnB,EAAE,QAAQ,EAAE,OAAO,IAAI,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,EAAE,CACjE,CAAC;gBAEF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE;oBAC9C,OAAO,EAAE;wBACP,SAAS,EAAE,eAAe,CAAC,SAAS,CAAC;wBACrC,WAAW;qBACZ;oBACD,KAAK,EAAE,OAAO,IAAI,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;iBACpD,CAAC,CAAC;gBAEH,IAAI,CAAC,IAAI,GAAG;oBACV,KAAK,EAAE,MAAM,CAAC,KAAK;oBACnB,OAAO,EAAE,MAAM,CAAC,OAAQ;oBACxB,MAAM,EAAE,MAAM,CAAC,MAAO;oBACtB,YAAY,EAAE,WAAW,CAAC,YAAY;iBACvC,CAAC;gBACF,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACpC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,kBAAkB,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;gBAEtD,OAAO,MAAM,CAAC;YAChB,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;;WAsBG;QACa;;;;mBAAgB,KAAK,EACnC,MAAgD,EAChD,EAAE;gBACF,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;gBAC1D,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,iBAAiB,EAAE,GAAG,MAAM,CAAC;gBACvD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBAEjD,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE;oBAC9B,KAAK;oBACL,SAAS;oBACT,eAAe,EAAE,SAAS;oBAC1B,iBAAiB;oBACjB,cAAc,EAAE,MAAM,CAAC,cAAc,EAAE,QAAQ,EAAE;iBAClD,CAAC,CAAC;YACL,CAAC;WAAC;QA6EF;;;;;;;;;;;;;;;;;;;;;;;;;;;;WA4BG;QACa;;;;mBAAyB,KAAK,EAAE,EAC9C,MAAM,EACN,KAAK,EACL,kBAAkB,EAClB,OAAO,EACP,kBAAkB,GAOnB,EAAiB,EAAE;gBAClB,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,IAAI,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBACvE,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBAE/B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC;gBAEvE,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;gBACxD,CAAC;gBAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;gBAE/C,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,kBAAkB,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;gBAEzD,OAAO,IAAI,CAAC;YACd,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;WAqBG;QACa;;;;mBAAwB,KAAK,EAC3C,OAAyB,SAAS,EAClC,EAAE;gBACF,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;gBAC9D,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;gBACrC,IAAI,IAAI,EAAE,CAAC;oBACT,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;oBACjB,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,kBAAkB,EAAE,IAAI,CAAC,CAAC;oBACjD,OAAO,IAAI,CAAC;gBACd,CAAC;gBAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAC/C,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;gBACvC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,kBAAkB,EAAE,MAAM,CAAC,CAAC;gBAEnD,OAAO,MAAM,CAAC;YAChB,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;;;;;;WA0BG;QACa;;;;mBAAe,KAAK,EAAE,EACpC,iBAAiB,EACjB,eAAe,GAAG,uBAAuB,GACtB,EAAE,EAAE;gBACvB,MAAM,yBAAyB,GAAG,IAAI,aAAa,CAAC;oBAClD,eAAe,EAAE,QAAQ,CAAC,cAAc,CAAC,iBAAiB,CAAC;oBAC3D,eAAe,EAAE,eAAe;oBAChC,SAAS,EAAE,4BAA4B;iBACxC,CAAC,CAAC;gBACH,MAAM,yBAAyB,CAAC,IAAI,EAAE,CAAC;gBAEvC,IAAI,IAAI,CAAC,aAAa,CAAC,OAAO,KAAK,IAAI,CAAC,aAAa,EAAE,CAAC;oBACtD,OAAO,IAAI,CAAC,iBAAiB,CAAC;wBAC5B,aAAa,EAAE,yBAAyB;wBACxC,QAAQ,EAAE,aAAa;qBACxB,CAAC,CAAC;gBACL,CAAC;gBAED,OAAO,IAAI,CAAC,iBAAiB,CAAC;oBAC5B,aAAa,EAAE,yBAAyB;oBACxC,QAAQ,EAAE,aAAa;iBACxB,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;WAkBG;QACa;;;;mBAAa,KAAK,IAAI,EAAE;gBACtC,IAAI,CAAC,IAAI,GAAG,SAAS,CAAC;gBACtB,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,CAAC;gBAC3B,MAAM,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;YAClC,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;;;;;;WA0BG;QACa;;;;mBAAoB,KAAK,EACvC,IAA8D,EAC9C,EAAE;gBAClB,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBAExD,MAAM,WAAW,GAAG,IAAI,CAAC;gBACzB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC;oBACjD,WAAW;oBACX,gBAAgB;oBAChB,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;iBACxC,CAAC,CAAC;gBAEH,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,WAAW,CAAC;gBACnC,OAAO,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,CAC/B,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,sCAAsC,CAAC,EAAE,IAAI,CAAC,CACvE,CAAC;YACJ,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;;;;;WAyBG;QACa;;;;mBAAiB,KAAK,EACpC,IAA2D,EAC5C,EAAE;gBACjB,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBACxD,MAAM,WAAW,GAAG,IAAI,CAAC;gBACzB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC;oBACjD,WAAW;oBACX,gBAAgB;oBAChB,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;iBACxC,CAAC,CAAC;gBACH,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CACvB,WAAW,EACX,QAAQ,EACR,4BAA4B,CAC7B,CAAC;gBACF,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC;gBACvC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;oBACrC,MAAM,aAAa,GAAG,CAAC,KAAmB,EAAE,EAAE;wBAC5C,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;4BAChB,OAAO;wBACT,CAAC;wBACD,MAAM,EACJ,aAAa,EAAE,MAAM,EACrB,YAAY,EAAE,KAAK,EACnB,cAAc,EAAE,OAAO,EACvB,eAAe,EAAE,QAAQ,EACzB,YAAY,GACb,GAAG,KAAK,CAAC,IAAI,CAAC;wBACf,IAAI,MAAM,IAAI,KAAK,IAAI,OAAO,EAAE,CAAC;4BAC/B,OAAO,EAAE,CAAC;4BACV,KAAK,EAAE,KAAK,EAAE,CAAC;4BACf,IAAI,CAAC,sBAAsB,CAAC;gCAC1B,MAAM;gCACN,KAAK;gCACL,kBAAkB,EAAE,gBAAgB;gCACpC,OAAO;gCACP,kBAAkB,EAAE,OAAO;6BAC5B,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE;gCACf,IAAI,QAAQ,EAAE,CAAC;oCACb,YAAY,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;gCACrC,CAAC;gCAED,OAAO,CAAC,IAAI,CAAC,CAAC;4BAChB,CAAC,EAAE,MAAM,CAAC,CAAC;wBACb,CAAC;6BAAM,IAAI,YAAY,EAAE,CAAC;4BACxB,OAAO,EAAE,CAAC;4BACV,KAAK,EAAE,KAAK,EAAE,CAAC;4BACf,MAAM,CAAC,IAAI,gBAAgB,CAAC,YAAY,CAAC,CAAC,CAAC;wBAC7C,CAAC;oBACH,CAAC,CAAC;oBAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;oBAElD,MAAM,oBAAoB,GAAG,WAAW,CAAC,GAAG,EAAE;wBAC5C,IAAI,KAAK,EAAE,MAAM,EAAE,CAAC;4BAClB,OAAO,EAAE,CAAC;4BACV,MAAM,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;wBACpC,CAAC;oBACH,CAAC,EAAE,oBAAoB,CAAC,CAAC;oBAEzB,MAAM,OAAO,GAAG,GAAG,EAAE;wBACnB,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;wBACrD,aAAa,CAAC,oBAAoB,CAAC,CAAC;oBACtC,CAAC,CAAC;gBACJ,CAAC,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;WAoBG;QACa;;;;mBAAkB,KAAK,IAAqB,EAAE;gBAC5D,OAAO,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAClC,CAAC;WAAC;QAEM;;;;mBAAoB,KAAK,IAAI,EAAE;gBACrC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,EAAE,CAAC;oBACpC,MAAM,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;gBAClC,CAAC;gBAED,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;gBAEpC,OAAO,IAAI,CAAC,aAAa,CAAC,SAAS,EAAG,CAAC;YACzC,CAAC;WAAC;QAEM;;;;mBAAsB,KAAK,EAAE,OAAyB,IAAI,CAAC,IAAI,EAAE,EAAE;gBACzE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;gBACtC,IAAI,IAAI,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;oBAC9B,+GAA+G;oBAC/G,IAAI,CAAC,eAAe,CAAC,gBAAgB,GAAG;wBACtC;4BACE,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC;4BAC5C,IAAI,EAAE,YAAY;4BAClB,UAAU,EAAE,CAAC,UAAU,EAAE,QAAQ,CAAC;yBACnC;qBACF,CAAC;gBACJ,CAAC;YACH,CAAC;WAAC;QAEiB;;;;mBAAyB,KAAK,EAC/C,OAA2C,EAC3C,cAAoC;gBAClC,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,KAAK,IAAI,WAAW;aAC1C,EACD,EAAE;gBACF,MAAM,SAAS,GAAG,oBAAoB,EAAE,CAAC;gBACzC,MAAM,mBAAmB,GAAG,oBAAoB,EAAE,CAAC;gBAEnD,MAAM,WAAW,GAAG,MAAM,sBAAsB,CAAC;oBAC/C,SAAS,EAAE;wBACT,GAAG,OAAO,EAAE,SAAS;wBACrB,sBAAsB,EAAE;4BACtB,WAAW,EAAE,WAAW;4BACxB,kBAAkB,EAAE,KAAK;4BACzB,gBAAgB,EAAE,WAAW;4BAC7B,GAAG,OAAO,EAAE,SAAS,EAAE,sBAAsB;yBAC9C;wBACD,SAAS;wBACT,EAAE,EAAE;4BACF,EAAE,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ;4BAC5B,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ;4BAC9B,GAAG,OAAO,EAAE,SAAS,EAAE,EAAE;yBAC1B;wBACD,gBAAgB,EAAE;4BAChB;gCACE,IAAI,EAAE,YAAY;gCAClB,GAAG,EAAE,CAAC,CAAC;6BACR;4BACD;gCACE,IAAI,EAAE,YAAY;gCAClB,GAAG,EAAE,CAAC,GAAG;6BACV;yBACF;wBACD,IAAI,EAAE;4BACJ,EAAE,EAAE,mBAAmB;4BACvB,IAAI,EAAE,WAAW,CAAC,QAAQ;4BAC1B,WAAW,EAAE,WAAW,CAAC,QAAQ;4BACjC,GAAG,OAAO,EAAE,SAAS,EAAE,IAAI;yBAC5B;qBACF;oBACD,MAAM,EAAE,OAAO,EAAE,MAAM;iBACxB,CAAC,CAAC;gBAEH,4EAA4E;gBAC5E,IAAI,WAAW,CAAC,UAAU,IAAI,IAAI,IAAI,WAAW,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAC1E,WAAW,CAAC,UAAU,GAAG;wBACvB,kCAAkC;wBAClC,gCAAgC;qBACjC,CAAC;gBACJ,CAAC;gBAED,OAAO,EAAE,SAAS,EAAE,mBAAmB,EAAE,WAAW,EAAE,CAAC;YACzD,CAAC;WAAC;QAEiB;;;;mBAAiB,KAAK,IAA0B,EAAE;gBACnE,MAAM,cAAc,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC;gBAClD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBAEjD,uFAAuF;gBACvF,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;gBAChC,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;gBAC5C,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YACtD,CAAC;WAAC;QAtmBA,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QACnC,IAAI,CAAC,iBAAiB,GAAG,YAAY,CAAC,iBAAiB,CAAC;QAExD,IAAI,CAAC,eAAe,GAAG,IAAI,eAAe,CAAC;YACzC,IAAI,EAAE,IAAI,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ;SACvC,CAAC,CAAC;QAEH,IAAI,CAAC,gBAAgB,GAAG,gBAAgB,CAAC;IAC3C,CAAC;IA2GD;;;;;;;;;;;;;;;;;;;;;;;;;OAyBG;IACa,KAAK,CAAC,aAAa,CACjC,IAAwC;QAExC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC;QAChE,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACvD,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE;YACzD,GAAG,IAAI;YACP,eAAe;SAChB,CAAC,CAAC;QACH,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;IACtC,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACa,KAAK,CAAC,SAAS,CAC7B,IAAwC;QAExC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC;QACjE,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACvD,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE;YAClC,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,eAAe;YACf,YAAY,EAAE,IAAI,CAAC,YAAY;SAChC,CAAC,CAAC;IACL,CAAC;CA2aF;AAED;;;GAGG;AACH,MAAM,OAAO,mBAAoB,SAAQ,SAAS;IAGhD;;;OAGG;IACH;QACE,KAAK,CAAC,iBAAiB,CAAC,CAAC;QAPlB;;;;mBAAO,qBAAqB;WAAC;IAQtC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,gBAAiB,SAAQ,SAAS;IAA/C;;QACW;;;;mBAAO,kBAAkB;WAAC;IACrC,CAAC;CAAA","sourcesContent":["import { BaseError, ConnectionConfigSchema } from \"@aa-sdk/core\";\nimport { getWebAuthnAttestation } from \"@turnkey/http\";\nimport { IframeStamper } from \"@turnkey/iframe-stamper\";\nimport { WebauthnStamper } from \"@turnkey/webauthn-stamper\";\nimport { z } from \"zod\";\nimport type { AuthParams } from \"../signer.js\";\nimport { base64UrlEncode } from \"../utils/base64UrlEncode.js\";\nimport { generateRandomBuffer } from \"../utils/generateRandomBuffer.js\";\nimport { BaseSignerClient } from \"./base.js\";\nimport type {\n  AlchemySignerClientEvents,\n  AuthenticatingEventMetadata,\n  CreateAccountParams,\n  CredentialCreationOptionOverrides,\n  EmailAuthParams,\n  ExportWalletParams,\n  JwtParams,\n  OauthConfig,\n  OtpParams,\n  JwtResponse,\n  User,\n} from \"./types.js\";\n\nconst CHECK_CLOSE_INTERVAL = 500;\n\nexport const AlchemySignerClientParamsSchema = z.object({\n  connection: ConnectionConfigSchema,\n  iframeConfig: z.object({\n    iframeElementId: z.string().default(\"turnkey-iframe\"),\n    iframeContainerId: z.string(),\n  }),\n  rpId: z.string().optional(),\n  rootOrgId: z\n    .string()\n    .optional()\n    .default(\"24c1acf5-810f-41e0-a503-d5d13fa8e830\"),\n  oauthCallbackUrl: z\n    .string()\n    .optional()\n    .default(\"https://signer.alchemy.com/callback\"),\n  enablePopupOauth: z.boolean().optional().default(false),\n});\n\nexport type AlchemySignerClientParams = z.input<\n  typeof AlchemySignerClientParamsSchema\n>;\n\n/**\n * A lower level client used by the AlchemySigner used to communicate with\n * Alchemy's signer service.\n */\nexport class AlchemySignerWebClient extends BaseSignerClient<ExportWalletParams> {\n  private iframeStamper: IframeStamper;\n  private webauthnStamper: WebauthnStamper;\n  oauthCallbackUrl: string;\n  iframeContainerId: string;\n\n  /**\n   * Initializes a new instance with the given parameters, setting up the connection, iframe configuration, and WebAuthn stamper.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   * ```\n   *\n   * @param {AlchemySignerClientParams} params the parameters required to initialize the client\n   * @param {ConnectionConfig} params.connection The connection details needed to connect to the service\n   * @param {{ iframeElementId?: string; iframeContainerId: string }} params.iframeConfig The configuration details for setting up the iframe stamper\n   * @param {string} params.rpId The relying party ID, defaulting to the current hostname if not provided\n   * @param {string} params.rootOrgId The root organization ID\n   */\n  constructor(params: AlchemySignerClientParams) {\n    const { connection, iframeConfig, rpId, rootOrgId, oauthCallbackUrl } =\n      AlchemySignerClientParamsSchema.parse(params);\n\n    const iframeStamper = new IframeStamper({\n      iframeElementId: iframeConfig.iframeElementId,\n      iframeUrl: \"https://auth.turnkey.com\",\n      iframeContainer: document.getElementById(iframeConfig.iframeContainerId),\n    });\n\n    super({\n      connection,\n      rootOrgId,\n      stamper: iframeStamper,\n    });\n\n    this.iframeStamper = iframeStamper;\n    this.iframeContainerId = iframeConfig.iframeContainerId;\n\n    this.webauthnStamper = new WebauthnStamper({\n      rpId: rpId ?? window.location.hostname,\n    });\n\n    this.oauthCallbackUrl = oauthCallbackUrl;\n  }\n\n  /**\n   * Authenticates the user by either email or passkey account creation flow. Emits events during the process.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * const account = await client.createAccount({ type: \"email\", email: \"you@mail.com\" });\n   * ```\n   *\n   * @param {CreateAccountParams} params The parameters for creating an account, including the type (email or passkey) and additional details.\n   * @returns {Promise<SignupResponse>} A promise that resolves with the response object containing the account creation result.\n   */\n  public override createAccount = async (params: CreateAccountParams) => {\n    if (params.type === \"email\") {\n      this.eventEmitter.emit(\"authenticating\", { type: \"otp\" });\n      const { email, emailMode, expirationSeconds } = params;\n      const publicKey = await this.initIframeStamper();\n\n      const response = await this.request(\"/v1/signup\", {\n        email,\n        emailMode,\n        targetPublicKey: publicKey,\n        expirationSeconds,\n        redirectParams: params.redirectParams?.toString(),\n      });\n\n      return response;\n    }\n\n    this.eventEmitter.emit(\"authenticating\", { type: \"passkey\" });\n    // Passkey account creation flow\n    const { attestation, challenge } = await this.getWebAuthnAttestation(\n      params.creationOpts,\n      { username: \"email\" in params ? params.email : params.username }\n    );\n\n    const result = await this.request(\"/v1/signup\", {\n      passkey: {\n        challenge: base64UrlEncode(challenge),\n        attestation,\n      },\n      email: \"email\" in params ? params.email : undefined,\n    });\n\n    this.user = {\n      orgId: result.orgId,\n      address: result.address!,\n      userId: result.userId!,\n      credentialId: attestation.credentialId,\n    };\n    this.initWebauthnStamper(this.user);\n    this.eventEmitter.emit(\"connectedPasskey\", this.user);\n\n    return result;\n  };\n\n  /**\n   * Begin authenticating a user with their email and an expiration time for the authentication request. Initializes the iframe stamper to get the target public key.\n   * This method sends an email to the user to complete their login\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * const account = await client.initEmailAuth({ email: \"you@mail.com\" });\n   * ```\n   *\n   * @param {Omit<EmailAuthParams, \"targetPublicKey\">} params The parameters for email authentication, excluding the target public key\n   * @returns {Promise<any>} The response from the authentication request\n   */\n  public override initEmailAuth = async (\n    params: Omit<EmailAuthParams, \"targetPublicKey\">\n  ) => {\n    this.eventEmitter.emit(\"authenticating\", { type: \"otp\" });\n    const { email, emailMode, expirationSeconds } = params;\n    const publicKey = await this.initIframeStamper();\n\n    return this.request(\"/v1/auth\", {\n      email,\n      emailMode,\n      targetPublicKey: publicKey,\n      expirationSeconds,\n      redirectParams: params.redirectParams?.toString(),\n    });\n  };\n\n  /**\n   * Authenticates using an OTP code which was previously received via email.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * const account = await client.submitOtpCode({\n   *   orgId: \"user-org-id\",\n   *   otpId: \"opt-returned-from-initEmailAuth\",\n   *   otpCode: \"otp-code-from-email\",\n   * });\n   * ```\n   *\n   * @param {Omit<OtpParams, \"targetPublicKey\">} args The parameters for the OTP request, excluding the target public key.\n   * @returns {Promise<{ bundle: string }>} A promise that resolves to an object containing the credential bundle.\n   */\n  public override async submitOtpCode(\n    args: Omit<OtpParams, \"targetPublicKey\">\n  ): Promise<{ bundle: string }> {\n    this.eventEmitter.emit(\"authenticating\", { type: \"otpVerify\" });\n    const targetPublicKey = await this.initIframeStamper();\n    const { credentialBundle } = await this.request(\"/v1/otp\", {\n      ...args,\n      targetPublicKey,\n    });\n    return { bundle: credentialBundle };\n  }\n\n  /**\n   * Authenticates using a custom issued JWT\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * const account = await client.submitJwt({\n   *   jwt: \"custom-issued-jwt\",\n   *   authProvider: \"auth-provider-name\",\n   * });\n   * ```\n   *\n   * @param {Omit<JwtParams, \"targetPublicKey\">} args The parameters for the JWT request, excluding the target public key.\n   * @returns {Promise<{ bundle: string }>} A promise that resolves to an object containing the credential bundle.\n   */\n  public override async submitJwt(\n    args: Omit<JwtParams, \"targetPublicKey\">\n  ): Promise<JwtResponse> {\n    this.eventEmitter.emit(\"authenticating\", { type: \"custom-jwt\" });\n    const targetPublicKey = await this.initIframeStamper();\n    return this.request(\"/v1/auth-jwt\", {\n      jwt: args.jwt,\n      targetPublicKey,\n      authProvider: args.authProvider,\n    });\n  }\n\n  /**\n   * Completes auth for the user by injecting a credential bundle and retrieving\n   * the user information based on the provided organization ID. Emits events\n   * during the process.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * const account = await client.completeAuthWithBundle({ orgId: \"user-org-id\", bundle: \"bundle-from-email\", connectedEventName: \"connectedEmail\" });\n   * ```\n   *\n   * @param {{ bundle: string; orgId: string, connectedEventName: keyof AlchemySignerClientEvents, idToken?: string }} config\n   * The configuration object for the authentication function containing the\n   * credential bundle to inject and the organization id associated with the\n   * user, as well as the event to be emitted on success and optionally an OIDC\n   * ID token with extra user information\n   * @returns {Promise<User>} A promise that resolves to the authenticated user\n   * information\n   */\n  public override completeAuthWithBundle = async ({\n    bundle,\n    orgId,\n    connectedEventName,\n    idToken,\n    authenticatingType,\n  }: {\n    bundle: string;\n    orgId: string;\n    connectedEventName: keyof AlchemySignerClientEvents;\n    authenticatingType: AuthenticatingEventMetadata[\"type\"];\n    idToken?: string;\n  }): Promise<User> => {\n    this.eventEmitter.emit(\"authenticating\", { type: authenticatingType });\n    await this.initIframeStamper();\n\n    const result = await this.iframeStamper.injectCredentialBundle(bundle);\n\n    if (!result) {\n      throw new Error(\"Failed to inject credential bundle\");\n    }\n\n    const user = await this.whoami(orgId, idToken);\n\n    this.eventEmitter.emit(connectedEventName, user, bundle);\n\n    return user;\n  };\n\n  /**\n   * Asynchronously handles the authentication process using WebAuthn Stamper. If a user is provided, sets the user and returns it. Otherwise, retrieves the current user and initializes the WebAuthn stamper.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * const account = await client.lookupUserWithPasskey();\n   * ```\n   *\n   * @param {User} [user] An optional user object to authenticate\n   * @returns {Promise<User>} A promise that resolves to the authenticated user object\n   */\n  public override lookupUserWithPasskey = async (\n    user: User | undefined = undefined\n  ) => {\n    this.eventEmitter.emit(\"authenticating\", { type: \"passkey\" });\n    await this.initWebauthnStamper(user);\n    if (user) {\n      this.user = user;\n      this.eventEmitter.emit(\"connectedPasskey\", user);\n      return user;\n    }\n\n    const result = await this.whoami(this.rootOrg);\n    await this.initWebauthnStamper(result);\n    this.eventEmitter.emit(\"connectedPasskey\", result);\n\n    return result;\n  };\n\n  /**\n   * Initiates the export of a wallet by creating an iframe stamper and calling the appropriate export function.\n   * The export can be based on a seed phrase or a private key.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * const account = await client.exportWallet({\n   *  iframeContainerId: \"export-iframe-container\",\n   * });\n   * ```\n   *\n   * @param {ExportWalletParams} config The parameters for exporting the wallet\n   * @param {string} config.iframeContainerId The ID of the container element that will hold the iframe stamper\n   * @param {string} [config.iframeElementId] Optional ID for the iframe element\n   * @returns {Promise<void>} A promise that resolves when the export process is complete\n   */\n  public override exportWallet = async ({\n    iframeContainerId,\n    iframeElementId = \"turnkey-export-iframe\",\n  }: ExportWalletParams) => {\n    const exportWalletIframeStamper = new IframeStamper({\n      iframeContainer: document.getElementById(iframeContainerId),\n      iframeElementId: iframeElementId,\n      iframeUrl: \"https://export.turnkey.com\",\n    });\n    await exportWalletIframeStamper.init();\n\n    if (this.turnkeyClient.stamper === this.iframeStamper) {\n      return this.exportWalletInner({\n        exportStamper: exportWalletIframeStamper,\n        exportAs: \"SEED_PHRASE\",\n      });\n    }\n\n    return this.exportWalletInner({\n      exportStamper: exportWalletIframeStamper,\n      exportAs: \"PRIVATE_KEY\",\n    });\n  };\n\n  /**\n   * Asynchronous function that clears the user and resets the iframe stamper.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * const account = await client.disconnect();\n   * ```\n   */\n  public override disconnect = async () => {\n    this.user = undefined;\n    this.iframeStamper.clear();\n    await this.iframeStamper.init();\n  };\n\n  /**\n   * Redirects the user to the OAuth provider URL based on the provided arguments. This function will always reject after 1 second if the redirection does not occur.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * await client.oauthWithRedirect({\n   *   type: \"oauth\",\n   *   authProviderId: \"google\",\n   *   mode: \"redirect\",\n   *   redirectUrl: \"/\",\n   * });\n   * ```\n   *\n   * @param {Extract<AuthParams, { type: \"oauth\"; mode: \"redirect\" }>} args The arguments required to obtain the OAuth provider URL\n   * @returns {Promise<never>} A promise that will never resolve, only reject if the redirection fails\n   */\n  public override oauthWithRedirect = async (\n    args: Extract<AuthParams, { type: \"oauth\"; mode: \"redirect\" }>\n  ): Promise<never> => {\n    const turnkeyPublicKey = await this.initIframeStamper();\n\n    const oauthParams = args;\n    const providerUrl = await this.getOauthProviderUrl({\n      oauthParams,\n      turnkeyPublicKey,\n      oauthCallbackUrl: this.oauthCallbackUrl,\n    });\n\n    window.location.href = providerUrl;\n    return new Promise((_, reject) =>\n      setTimeout(() => reject(\"Failed to redirect to OAuth provider\"), 1000)\n    );\n  };\n\n  /**\n   * Initiates an OAuth authentication flow in a popup window and returns the authenticated user.\n   *\n   * @example\n   * ```ts\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * const user = await client.oauthWithPopup({\n   *  type: \"oauth\",\n   *  authProviderId: \"google\",\n   *  mode: \"popup\"\n   * });\n   * ```\n   *\n   * @param {Extract<AuthParams, { type: \"oauth\"; mode: \"popup\" }>} args The authentication parameters specifying OAuth type and popup mode\n   * @returns {Promise<User>} A promise that resolves to a `User` object containing the authenticated user information\n   */\n  public override oauthWithPopup = async (\n    args: Extract<AuthParams, { type: \"oauth\"; mode: \"popup\" }>\n  ): Promise<User> => {\n    const turnkeyPublicKey = await this.initIframeStamper();\n    const oauthParams = args;\n    const providerUrl = await this.getOauthProviderUrl({\n      oauthParams,\n      turnkeyPublicKey,\n      oauthCallbackUrl: this.oauthCallbackUrl,\n    });\n    const popup = window.open(\n      providerUrl,\n      \"_blank\",\n      \"popup,width=500,height=600\"\n    );\n    const eventEmitter = this.eventEmitter;\n    return new Promise((resolve, reject) => {\n      const handleMessage = (event: MessageEvent) => {\n        if (!event.data) {\n          return;\n        }\n        const {\n          alchemyBundle: bundle,\n          alchemyOrgId: orgId,\n          alchemyIdToken: idToken,\n          alchemyIsSignup: isSignup,\n          alchemyError,\n        } = event.data;\n        if (bundle && orgId && idToken) {\n          cleanup();\n          popup?.close();\n          this.completeAuthWithBundle({\n            bundle,\n            orgId,\n            connectedEventName: \"connectedOauth\",\n            idToken,\n            authenticatingType: \"oauth\",\n          }).then((user) => {\n            if (isSignup) {\n              eventEmitter.emit(\"newUserSignup\");\n            }\n\n            resolve(user);\n          }, reject);\n        } else if (alchemyError) {\n          cleanup();\n          popup?.close();\n          reject(new OauthFailedError(alchemyError));\n        }\n      };\n\n      window.addEventListener(\"message\", handleMessage);\n\n      const checkCloseIntervalId = setInterval(() => {\n        if (popup?.closed) {\n          cleanup();\n          reject(new OauthCancelledError());\n        }\n      }, CHECK_CLOSE_INTERVAL);\n\n      const cleanup = () => {\n        window.removeEventListener(\"message\", handleMessage);\n        clearInterval(checkCloseIntervalId);\n      };\n    });\n  };\n\n  /**\n   * Initializes the iframe stamper and returns its public key.\n   *\n   * @example\n   * ```ts twoslash\n   * import { AlchemySignerWebClient } from \"@account-kit/signer\";\n   *\n   * const client = new AlchemySignerWebClient({\n   *  connection: {\n   *    apiKey: \"your-api-key\",\n   *  },\n   *  iframeConfig: {\n   *   iframeContainerId: \"signer-iframe-container\",\n   *  },\n   * });\n   *\n   * const publicKey = await client.targetPublicKey();\n   * ```\n   *\n   * @returns {Promise<string>} A promise that resolves with the target public key when the iframe stamper is successfully initialized, or throws an error if the target public key is not supported.\n   */\n  public override targetPublicKey = async (): Promise<string> => {\n    return this.initIframeStamper();\n  };\n\n  private initIframeStamper = async () => {\n    if (!this.iframeStamper.publicKey()) {\n      await this.iframeStamper.init();\n    }\n\n    this.setStamper(this.iframeStamper);\n\n    return this.iframeStamper.publicKey()!;\n  };\n\n  private initWebauthnStamper = async (user: User | undefined = this.user) => {\n    this.setStamper(this.webauthnStamper);\n    if (user && user.credentialId) {\n      // The goal here is to allow us to cache the allowed credential, but this doesn't work with hybrid transport :(\n      this.webauthnStamper.allowCredentials = [\n        {\n          id: Buffer.from(user.credentialId, \"base64\"),\n          type: \"public-key\",\n          transports: [\"internal\", \"hybrid\"],\n        },\n      ];\n    }\n  };\n\n  protected override getWebAuthnAttestation = async (\n    options?: CredentialCreationOptionOverrides,\n    userDetails: { username: string } = {\n      username: this.user?.email ?? \"anonymous\",\n    }\n  ) => {\n    const challenge = generateRandomBuffer();\n    const authenticatorUserId = generateRandomBuffer();\n\n    const attestation = await getWebAuthnAttestation({\n      publicKey: {\n        ...options?.publicKey,\n        authenticatorSelection: {\n          residentKey: \"preferred\",\n          requireResidentKey: false,\n          userVerification: \"preferred\",\n          ...options?.publicKey?.authenticatorSelection,\n        },\n        challenge,\n        rp: {\n          id: window.location.hostname,\n          name: window.location.hostname,\n          ...options?.publicKey?.rp,\n        },\n        pubKeyCredParams: [\n          {\n            type: \"public-key\",\n            alg: -7,\n          },\n          {\n            type: \"public-key\",\n            alg: -257,\n          },\n        ],\n        user: {\n          id: authenticatorUserId,\n          name: userDetails.username,\n          displayName: userDetails.username,\n          ...options?.publicKey?.user,\n        },\n      },\n      signal: options?.signal,\n    });\n\n    // on iOS sometimes this is returned as empty or null, so handling that here\n    if (attestation.transports == null || attestation.transports.length === 0) {\n      attestation.transports = [\n        \"AUTHENTICATOR_TRANSPORT_INTERNAL\",\n        \"AUTHENTICATOR_TRANSPORT_HYBRID\",\n      ];\n    }\n\n    return { challenge, authenticatorUserId, attestation };\n  };\n\n  protected override getOauthConfig = async (): Promise<OauthConfig> => {\n    const currentStamper = this.turnkeyClient.stamper;\n    const publicKey = await this.initIframeStamper();\n\n    // swap the stamper back in case the user logged in with a different stamper (passkeys)\n    this.setStamper(currentStamper);\n    const nonce = this.getOauthNonce(publicKey);\n    return this.request(\"/v1/prepare-oauth\", { nonce });\n  };\n}\n\n/**\n * This error is thrown when the OAuth flow is cancelled because the auth popup\n * window was closed.\n */\nexport class OauthCancelledError extends BaseError {\n  override name = \"OauthCancelledError\";\n\n  /**\n   * Constructor for initializing an error indicating that the OAuth flow was\n   * cancelled.\n   */\n  constructor() {\n    super(\"OAuth cancelled\");\n  }\n}\n\n/**\n * This error is thrown when an error occurs during the OAuth login flow.\n */\nexport class OauthFailedError extends BaseError {\n  override name = \"OauthFailedError\";\n}\n"]}