@account-kit/signer 4.31.2 → 4.33.0

package/dist/esm/base.d.ts

@@ -1,8 +1,7 @@
-import { type SmartAccountAuthenticator } from "@aa-sdk/core";
-import { type GetTransactionType, type Hex, type IsNarrowable, type LocalAccount, type SerializeTransactionFn, type SignableMessage, type TransactionSerializable, type TransactionSerialized, type TypedData, type TypedDataDefinition } from "viem";
-import { type Authorization } from "viem/experimental";
+import { type SmartAccountAuthenticator, type AuthorizationRequest } from "@aa-sdk/core";
+import { type GetTransactionType, type Hex, type IsNarrowable, type LocalAccount, type SerializeTransactionFn, type SignableMessage, type SignedAuthorization, type TransactionSerializable, type TransactionSerialized, type TypedData, type TypedDataDefinition } from "viem";
 import type { BaseSignerClient } from "./client/base";
-import type { MfaFactor, OauthConfig, User, VerifyMfaParams, AddMfaParams, AddMfaResult, RemoveMfaParams } from "./client/types";
+import { type MfaFactor, type OauthConfig, type User, type VerifyMfaParams, type AddMfaParams, type AddMfaResult, type RemoveMfaParams, type AuthLinkingPrompt } from "./client/types.js";
 import { type SessionManagerParams } from "./session/manager.js";
 import type { AuthParams } from "./signer";
 import { SolanaSigner } from "./solanaSigner.js";
@@ -11,6 +10,7 @@ export interface BaseAlchemySignerParams<TClient extends BaseSignerClient> {
     client: TClient;
     sessionConfig?: Omit<SessionManagerParams, "client">;
     initialError?: ErrorInfo;
+    initialAuthLinkingPrompt?: AuthLinkingPrompt;
 }
 export type EmailConfig = {
     mode?: "MAGIC_LINK" | "OTP";
@@ -38,7 +38,7 @@ export declare abstract class BaseAlchemySigner<TClient extends BaseSignerClient
      * @param {SessionConfig} param0.sessionConfig Configuration for managing sessions
      * @param {ErrorInfo | undefined} param0.initialError Error already present on the signer when initialized, if any
      */
-    constructor({ client, sessionConfig, initialError, }: BaseAlchemySignerParams<TClient>);
+    constructor({ client, sessionConfig, initialError, initialAuthLinkingPrompt, }: BaseAlchemySignerParams<TClient>);
     /**
      * Allows you to subscribe to events emitted by the signer
      *
@@ -277,10 +277,10 @@ export declare abstract class BaseAlchemySigner<TClient extends BaseSignerClient
      * });
      * ```
      *
-     * @param {Authorization<number, false>} unsignedAuthorization the authorization to be signed
-     * @returns {Promise<Authorization<number, true>> | undefined} a promise that resolves to the authorization with the signature
+     * @param {AuthorizationRequest<number>} unsignedAuthorization the authorization to be signed
+     * @returns {Promise<SignedAuthorization<number>> | undefined} a promise that resolves to the authorization with the signature
      */
-    signAuthorization: (unsignedAuthorization: Authorization<number, false>) => Promise<Authorization<number, true>>;
+    signAuthorization: (unsignedAuthorization: AuthorizationRequest<number>) => Promise<SignedAuthorization<number>>;
     /**
      * Gets the current MFA status
      *
@@ -450,6 +450,7 @@ export declare abstract class BaseAlchemySigner<TClient extends BaseSignerClient
     private authenticateWithPasskey;
     private authenticateWithOauth;
     private authenticateWithOtp;
+    private setAwaitingEmailAuth;
     private handleOauthReturn;
     private handleMfaRequired;
     private getExpirationSeconds;
@@ -613,4 +614,6 @@ export declare abstract class BaseAlchemySigner<TClient extends BaseSignerClient
      */
     getConfig: () => Promise<SignerConfig>;
     protected fetchConfig: () => Promise<SignerConfig>;
+    private setAuthLinkingPrompt;
+    private waitForConnected;
 }

package/dist/esm/base.js

@@ -1,15 +1,16 @@
-import { takeBytes } from "@aa-sdk/core";
+import { takeBytes, } from "@aa-sdk/core";
 import { hashMessage, hashTypedData, keccak256, serializeTransaction, } from "viem";
 import { toAccount } from "viem/accounts";
-import { hashAuthorization } from "viem/experimental";
 import { subscribeWithSelector } from "zustand/middleware";
 import { createStore } from "zustand/vanilla";
+import {} from "./client/types.js";
 import { NotAuthenticatedError } from "./errors.js";
 import { SignerLogger } from "./metrics.js";
 import { SessionManager, } from "./session/manager.js";
 import { SolanaSigner } from "./solanaSigner.js";
 import { AlchemySignerStatus, } from "./types.js";
 import { assertNever } from "./utils/typeAssertions.js";
+import { hashAuthorization } from "viem/utils";
 /**
  * Base abstract class for Alchemy Signer, providing authentication and session management for smart accounts.
  * Implements the `SmartAccountAuthenticator` interface and handles various signer events.
@@ -25,7 +26,7 @@ export class BaseAlchemySigner {
      * @param {SessionConfig} param0.sessionConfig Configuration for managing sessions
      * @param {ErrorInfo | undefined} param0.initialError Error already present on the signer when initialized, if any
      */
-    constructor({ client, sessionConfig, initialError, }) {
+    constructor({ client, sessionConfig, initialError, initialAuthLinkingPrompt, }) {
         Object.defineProperty(this, "signerType", {
             enumerable: true,
             configurable: true,
@@ -73,22 +74,28 @@ export class BaseAlchemySigner {
                 // is fired. In the Client and SessionManager we use EventEmitter because it's easier to handle internally
                 switch (event) {
                     case "connected":
-                        return this.store.subscribe(({ status }) => status, (status) => status === AlchemySignerStatus.CONNECTED &&
-                            listener(this.store.getState().user), { fireImmediately: true });
+                        return subscribeWithDelayedFireImmediately(this.store, ({ status }) => status, (status) => status === AlchemySignerStatus.CONNECTED &&
+                            listener(this.store.getState().user));
                     case "disconnected":
-                        return this.store.subscribe(({ status }) => status, (status) => status === AlchemySignerStatus.DISCONNECTED &&
-                            listener(), { fireImmediately: true });
+                        return subscribeWithDelayedFireImmediately(this.store, ({ status }) => status, (status) => status === AlchemySignerStatus.DISCONNECTED &&
+                            listener());
                     case "statusChanged":
-                        return this.store.subscribe(({ status }) => status, listener, { fireImmediately: true });
+                        return subscribeWithDelayedFireImmediately(this.store, ({ status }) => status, listener);
                     case "errorChanged":
-                        return this.store.subscribe(({ error }) => error, (error) => listener(error ?? undefined), { fireImmediately: true });
+                        return subscribeWithDelayedFireImmediately(this.store, ({ error }) => error, (error) => listener(error ?? undefined));
                     case "newUserSignup":
-                        return this.store.subscribe(({ isNewUser }) => isNewUser, (isNewUser) => {
+                        return subscribeWithDelayedFireImmediately(this.store, ({ isNewUser }) => isNewUser, (isNewUser) => {
                             if (isNewUser)
                                 listener();
-                        }, { fireImmediately: true });
+                        });
                     case "mfaStatusChanged":
-                        return this.store.subscribe(({ mfaStatus }) => mfaStatus, (mfaStatus) => listener(mfaStatus), { fireImmediately: true });
+                        return subscribeWithDelayedFireImmediately(this.store, ({ mfaStatus }) => mfaStatus, (mfaStatus) => listener(mfaStatus));
+                    case "emailAuthLinkingRequired":
+                        return subscribeWithDelayedFireImmediately(this.store, ({ authLinkingStatus }) => authLinkingStatus, (authLinkingStatus) => {
+                            if (authLinkingStatus) {
+                                listener(authLinkingStatus.email);
+                            }
+                        });
                     default:
                         assertNever(event, `Unknown event type ${event}`);
                 }
@@ -471,8 +478,8 @@ export class BaseAlchemySigner {
          * });
          * ```
          *
-         * @param {Authorization<number, false>} unsignedAuthorization the authorization to be signed
-         * @returns {Promise<Authorization<number, true>> | undefined} a promise that resolves to the authorization with the signature
+         * @param {AuthorizationRequest<number>} unsignedAuthorization the authorization to be signed
+         * @returns {Promise<SignedAuthorization<number>> | undefined} a promise that resolves to the authorization with the signature
          */
         Object.defineProperty(this, "signAuthorization", {
             enumerable: true,
@@ -482,7 +489,12 @@ export class BaseAlchemySigner {
                 const hashedAuthorization = hashAuthorization(unsignedAuthorization);
                 const signedAuthorizationHex = await this.inner.signRawMessage(hashedAuthorization);
                 const signature = this.unpackSignRawMessageBytes(signedAuthorizationHex);
-                return { ...unsignedAuthorization, ...signature };
+                const { address, contractAddress, ...unsignedAuthorizationRest } = unsignedAuthorization;
+                return {
+                    ...unsignedAuthorizationRest,
+                    ...signature,
+                    address: address ?? contractAddress,
+                };
             })
         });
         /**
@@ -731,23 +743,17 @@ export class BaseAlchemySigner {
                     return this.completeEmailAuth(params);
                 }
                 const { orgId, otpId, isNewUser } = await this.initOrCreateEmailUser(params.email, params.emailMode, params.multiFactors, params.redirectParams);
-                this.sessionManager.setTemporarySession({
-                    orgId,
-                    isNewUser,
-                });
-                this.store.setState({
-                    status: AlchemySignerStatus.AWAITING_EMAIL_AUTH,
-                    otpId,
-                    error: null,
-                });
+                this.setAwaitingEmailAuth({ orgId, otpId, isNewUser });
+                // Clear the auth linking status if the email has changed. This would mean
+                // that the previously initiated social login is not associated with the
+                // email which is now being used to login.
+                const { authLinkingStatus } = this.store.getState();
+                if (authLinkingStatus && authLinkingStatus.email !== params.email) {
+                    this.store.setState({ authLinkingStatus: undefined });
+                }
                 // We wait for the session manager to emit a connected event if
                 // cross tab sessions are permitted
-                return new Promise((resolve) => {
-                    const removeListener = this.sessionManager.on("connected", (session) => {
-                        resolve(session.user);
-                        removeListener();
-                    });
-                });
+                return this.waitForConnected();
             }
         });
         Object.defineProperty(this, "authenticateWithPasskey", {
@@ -790,6 +796,7 @@ export class BaseAlchemySigner {
             configurable: true,
             writable: true,
             value: async (args) => {
+                this.store.setState({ authLinkingStatus: undefined });
                 const params = {
                     ...args,
                     expirationSeconds: this.getExpirationSeconds(),
@@ -797,9 +804,12 @@ export class BaseAlchemySigner {
                 if (params.mode === "redirect") {
                     return this.inner.oauthWithRedirect(params);
                 }
-                else {
-                    return this.inner.oauthWithPopup(params);
+                const result = await this.inner.oauthWithPopup(params);
+                if (!isAuthLinkingPrompt(result)) {
+                    return result;
                 }
+                this.setAuthLinkingPrompt(result);
+                return this.waitForConnected();
             }
         });
         Object.defineProperty(this, "authenticateWithOtp", {
@@ -825,12 +835,7 @@ export class BaseAlchemySigner {
                 });
                 if (response.mfaRequired) {
                     this.handleMfaRequired(response.encryptedPayload, response.multiFactors);
-                    return new Promise((resolve) => {
-                        const removeListener = this.sessionManager.on("connected", (session) => {
-                            resolve(session.user);
-                            removeListener();
-                        });
-                    });
+                    return this.waitForConnected();
                 }
                 const user = await this.inner.completeAuthWithBundle({
                     bundle: response.bundle,
@@ -845,9 +850,34 @@ export class BaseAlchemySigner {
                         isNewUser: false,
                     });
                 }
+                const { authLinkingStatus } = this.store.getState();
+                if (authLinkingStatus) {
+                    (async () => {
+                        this.inner.addOauthProvider({
+                            providerName: authLinkingStatus.providerName,
+                            oidcToken: authLinkingStatus.idToken,
+                        });
+                    })();
+                }
                 return user;
             }
         });
+        Object.defineProperty(this, "setAwaitingEmailAuth", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: ({ orgId, otpId, isNewUser, }) => {
+                this.sessionManager.setTemporarySession({
+                    orgId,
+                    isNewUser,
+                });
+                this.store.setState({
+                    status: AlchemySignerStatus.AWAITING_EMAIL_AUTH,
+                    otpId,
+                    error: null,
+                });
+            }
+        });
         Object.defineProperty(this, "handleOauthReturn", {
             enumerable: true,
             configurable: true,
@@ -1111,6 +1141,38 @@ export class BaseAlchemySigner {
                 return this.inner.request("/v1/signer-config", {});
             }
         });
+        Object.defineProperty(this, "setAuthLinkingPrompt", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: (prompt) => {
+                this.setAwaitingEmailAuth({
+                    orgId: prompt.orgId,
+                    otpId: prompt.otpId,
+                    isNewUser: false,
+                });
+                this.store.setState({
+                    authLinkingStatus: {
+                        email: prompt.email,
+                        providerName: prompt.providerName,
+                        idToken: prompt.idToken,
+                    },
+                });
+            }
+        });
+        Object.defineProperty(this, "waitForConnected", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: () => {
+                return new Promise((resolve) => {
+                    const removeListener = this.sessionManager.on("connected", (session) => {
+                        resolve(session.user);
+                        removeListener();
+                    });
+                });
+            }
+        });
         this.inner = client;
         this.store = createStore(subscribeWithSelector(() => ({
             user: null,
@@ -1133,6 +1195,9 @@ export class BaseAlchemySigner {
         // then initialize so that we can catch those events
         this.sessionManager.initialize();
         this.config = this.fetchConfig();
+        if (initialAuthLinkingPrompt) {
+            this.setAuthLinkingPrompt(initialAuthLinkingPrompt);
+        }
     }
     handleMfaRequired(encryptedPayload, multiFactors) {
         // Store complete MFA context in the temporary session
@@ -1283,4 +1348,42 @@ function toErrorInfo(error) {
         ? { name: error.name, message: error.message }
         : { name: "Error", message: "Unknown error" };
 }
+// eslint-disable-next-line jsdoc/require-param, jsdoc/require-returns
+/**
+ * Zustand's `fireImmediately` option calls the listener before
+ * `store.subscribe` has returned, which breaks listeners which call
+ * unsubscribe, e.g.
+ *
+ * ```ts
+ * const unsubscribe = store.subscribe(
+ *   selector,
+ *   (update) => {
+ *     handleUpdate(update);
+ *     unsubscribe();
+ *   },
+ *   { fireImmediately: true },
+ * )
+ * ```
+ *
+ * since `unsubscribe` is still undefined at the time the listener is called. To
+ * prevent this, if the listener triggers before `subscribe` has returned, delay
+ * the callback to a later run of the event loop.
+ */
+function subscribeWithDelayedFireImmediately(store, selector, listener) {
+    let subscribeHasReturned = false;
+    const unsubscribe = store.subscribe(selector, (...args) => {
+        if (subscribeHasReturned) {
+            listener(...args);
+        }
+        else {
+            setTimeout(() => listener(...args), 0);
+        }
+    }, { fireImmediately: true });
+    subscribeHasReturned = true;
+    return unsubscribe;
+}
+function isAuthLinkingPrompt(result) {
+    return (result?.status ===
+        "ACCOUNT_LINKING_CONFIRMATION_REQUIRED");
+}
 //# sourceMappingURL=base.js.map