@account-kit/signer 4.60.1 → 4.62.0

package/dist/esm/client/base.js

@@ -7,7 +7,6 @@ import { NotAuthenticatedError, OAuthProvidersError } from "../errors.js";
 import { getDefaultProviderCustomization } from "../oauth.js";
 import { base64UrlEncode } from "../utils/base64UrlEncode.js";
 import { resolveRelativeUrl } from "../utils/resolveRelativeUrl.js";
-import { assertNever } from "../utils/typeAssertions.js";
 import { VERSION } from "../version.js";
 import { secp256k1 } from "@noble/curves/secp256k1";
 import { Point } from "@noble/secp256k1";
@@ -98,66 +97,140 @@ export class BaseSignerClient {
             }
         });
         /**
-         * Sets the email for the authenticated user, allowing them to login with that
-         * email.
-         *
-         * You must contact Alchemy to enable this feature for your team, as there are
-         * important security considerations. In particular, you must not call this
-         * without first validating that the user owns this email account.
+         * Removes the email for the authenticated user, disallowing them from login with that email.
          *
-         * @param {string} email The email to set for the user
-         * @returns {Promise<void>} A promise that resolves when the email is set
+         * @returns {Promise<string>} A promise that resolves when the email is removed
          * @throws {NotAuthenticatedError} If the user is not authenticated
          */
-        Object.defineProperty(this, "setEmail", {
+        Object.defineProperty(this, "removeEmail", {
             enumerable: true,
             configurable: true,
             writable: true,
-            value: async (email) => {
-                if (!email) {
-                    throw new Error("Email must not be empty. Use removeEmail() to remove email auth.");
+            value: async () => {
+                await this.updateEmail("");
+            }
+        });
+        Object.defineProperty(this, "updateEmail", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: async (email, verificationToken) => {
+                if (!this.user) {
+                    throw new NotAuthenticatedError();
                 }
-                await this.updateEmail(email);
+                // Unverified use is legacy & requires team flag.
+                const isUnverified = email && !verificationToken;
+                const stampedRequest = isUnverified
+                    ? await this.turnkeyClient.stampUpdateUser({
+                        type: "ACTIVITY_TYPE_UPDATE_USER",
+                        timestampMs: Date.now().toString(),
+                        organizationId: this.user.orgId,
+                        parameters: {
+                            userId: this.user.userId,
+                            userEmail: email,
+                        },
+                    })
+                    : await this.turnkeyClient.stampUpdateUserEmail({
+                        type: "ACTIVITY_TYPE_UPDATE_USER_EMAIL",
+                        timestampMs: Date.now().toString(),
+                        organizationId: this.user.orgId,
+                        parameters: {
+                            userId: this.user.userId,
+                            userEmail: email,
+                            verificationToken,
+                        },
+                    });
+                await this.request("/v1/update-email-auth", {
+                    stampedRequest,
+                });
+                this.user = {
+                    ...this.user,
+                    email: email || undefined,
+                };
             }
         });
         /**
-         * Removes the email for the authenticated user, disallowing them from login with that email.
+         * Updates the phone number for the authenticated user, allowing them to login with that
+         * phone number. Must be called after calling `initOtp` with the phone number.
          *
-         * @returns {Promise<void>} A promise that resolves when the email is removed
+         * @param {VerificationOtp} otp The OTP object including the OTP ID and OTP code
+         * @returns {Promise<void>} A promise that resolves when the phone number is set
          * @throws {NotAuthenticatedError} If the user is not authenticated
          */
-        Object.defineProperty(this, "removeEmail", {
+        Object.defineProperty(this, "setPhoneNumber", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: async (otp) => {
+                const { verificationToken } = await this.request("/v1/verify-otp", {
+                    otpId: otp.id,
+                    otpCode: otp.code,
+                });
+                const { contact } = jwtDecode(verificationToken);
+                await this.updatePhoneNumber(contact, verificationToken);
+            }
+        });
+        /**
+         * Removes the phone number for the authenticated user, disallowing them from login with that phone number.
+         *
+         * @returns {Promise<void>} A promise that resolves when the phone number is removed
+         * @throws {NotAuthenticatedError} If the user is not authenticated
+         */
+        Object.defineProperty(this, "removePhoneNumber", {
             enumerable: true,
             configurable: true,
             writable: true,
             value: async () => {
-                // This is a hack to remove the email for the user. Turnkey does not
-                // support clearing the email once set, so we set it to a known
-                // inaccessible address instead.
-                await this.updateEmail("not.enabled@example.invalid");
+                await this.updatePhoneNumber("");
             }
         });
-        Object.defineProperty(this, "updateEmail", {
+        Object.defineProperty(this, "updatePhoneNumber", {
             enumerable: true,
             configurable: true,
             writable: true,
-            value: async (email) => {
+            value: async (phone, verificationToken) => {
                 if (!this.user) {
                     throw new NotAuthenticatedError();
                 }
-                const stampedRequest = await this.turnkeyClient.stampUpdateUser({
-                    type: "ACTIVITY_TYPE_UPDATE_USER",
+                if (phone.trim() && !verificationToken) {
+                    throw new Error("Verification token is required to change phone number.");
+                }
+                const stampedRequest = await this.turnkeyClient.stampUpdateUserPhoneNumber({
+                    type: "ACTIVITY_TYPE_UPDATE_USER_PHONE_NUMBER",
                     timestampMs: Date.now().toString(),
                     organizationId: this.user.orgId,
                     parameters: {
                         userId: this.user.userId,
-                        userEmail: email,
-                        userTagIds: [],
+                        userPhoneNumber: phone,
+                        verificationToken,
                     },
                 });
-                await this.request("/v1/update-email-auth", {
+                await this.request("/v1/update-phone-auth", {
                     stampedRequest,
                 });
+                this.user = {
+                    ...this.user,
+                    phone: phone || undefined,
+                };
+            }
+        });
+        /**
+         * Initiates an OTP (One-Time Password) verification process for a user contact.
+         *
+         * @param {("email" | "sms")} type - The type of OTP to send, either "email" or "sms"
+         * @param {string} contact - The email address or phone number to send the OTP to
+         * @returns {Promise<{ otpId: string }>} A promise that resolves to an object containing the OTP ID
+         * @throws {NotAuthenticatedError} When no user is currently authenticated
+         */
+        Object.defineProperty(this, "initOtp", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: async (type, contact) => {
+                return await this.request("/v1/init-otp", {
+                    otpType: type === "email" ? "OTP_TYPE_EMAIL" : "OTP_TYPE_SMS",
+                    contact,
+                });
             }
         });
         /**
@@ -587,7 +660,7 @@ export class BaseSignerClient {
                     };
                     return {
                         stampHeaderName: "X-Stamp",
-                        stampHeaderValue: base64UrlEncode(Buffer.from(JSON.stringify(stamp))),
+                        stampHeaderValue: base64UrlEncode(Buffer.from(JSON.stringify(stamp)).buffer),
                     };
                 },
             })
@@ -923,67 +996,6 @@ export class BaseSignerClient {
         });
         // #endregion
         // #region PRIVATE METHODS
-        Object.defineProperty(this, "exportAsSeedPhrase", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: async (stamper) => {
-                if (!this.user) {
-                    throw new NotAuthenticatedError();
-                }
-                const { wallets } = await this.turnkeyClient.getWallets({
-                    organizationId: this.user.orgId,
-                });
-                const walletAccounts = await Promise.all(wallets.map(({ walletId }) => this.turnkeyClient.getWalletAccounts({
-                    organizationId: this.user.orgId,
-                    walletId,
-                }))).then((x) => x.flatMap((x) => x.accounts));
-                const walletAccount = walletAccounts.find((x) => x.address === this.user.address);
-                if (!walletAccount) {
-                    throw new Error(`Could not find wallet associated with ${this.user.address}`);
-                }
-                const { activity } = await this.turnkeyClient.exportWallet({
-                    organizationId: this.user.orgId,
-                    type: "ACTIVITY_TYPE_EXPORT_WALLET",
-                    timestampMs: Date.now().toString(),
-                    parameters: {
-                        walletId: walletAccount.walletId,
-                        targetPublicKey: stamper.publicKey(),
-                    },
-                });
-                const { exportBundle } = await this.pollActivityCompletion(activity, this.user.orgId, "exportWalletResult");
-                const result = await stamper.injectWalletExportBundle(exportBundle, this.user.orgId);
-                if (!result) {
-                    throw new Error("Failed to inject wallet export bundle");
-                }
-                return result;
-            }
-        });
-        Object.defineProperty(this, "exportAsPrivateKey", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: async (stamper) => {
-                if (!this.user) {
-                    throw new NotAuthenticatedError();
-                }
-                const { activity } = await this.turnkeyClient.exportWalletAccount({
-                    organizationId: this.user.orgId,
-                    type: "ACTIVITY_TYPE_EXPORT_WALLET_ACCOUNT",
-                    timestampMs: Date.now().toString(),
-                    parameters: {
-                        address: this.user.address,
-                        targetPublicKey: stamper.publicKey(),
-                    },
-                });
-                const { exportBundle } = await this.pollActivityCompletion(activity, this.user.orgId, "exportWalletAccountResult");
-                const result = await stamper.injectKeyExportBundle(exportBundle, this.user.orgId);
-                if (!result) {
-                    throw new Error("Failed to inject wallet export bundle");
-                }
-                return result;
-            }
-        });
         /**
          * Returns the authentication url for the selected OAuth Proivder
          *
@@ -1061,7 +1073,7 @@ export class BaseSignerClient {
                     openerOrigin: mode === "popup" ? window.location.origin : undefined,
                     fetchIdTokenOnly: oauthParams.fetchIdTokenOnly,
                 };
-                const state = base64UrlEncode(new TextEncoder().encode(JSON.stringify(stateObject)));
+                const state = base64UrlEncode(new TextEncoder().encode(JSON.stringify(stateObject)).buffer);
                 const authUrl = new URL(authEndpoint);
                 const params = {
                     redirect_uri: oauthCallbackUrl,
@@ -1172,25 +1184,6 @@ export class BaseSignerClient {
     setStamper(stamper) {
         this.turnkeyClient.stamper = stamper;
     }
-    /**
-     * Exports wallet credentials based on the specified type, either as a SEED_PHRASE or PRIVATE_KEY.
-     *
-     * @param {object} params The parameters for exporting the wallet
-     * @param {ExportWalletStamper} params.exportStamper The stamper used for exporting the wallet
-     * @param {"SEED_PHRASE" | "PRIVATE_KEY"} params.exportAs Specifies the format for exporting the wallet, either as a SEED_PHRASE or PRIVATE_KEY
-     * @returns {Promise<boolean>} A promise that resolves to true if the export is successful
-     */
-    exportWalletInner(params) {
-        const { exportAs } = params;
-        switch (exportAs) {
-            case "PRIVATE_KEY":
-                return this.exportAsPrivateKey(params.exportStamper);
-            case "SEED_PHRASE":
-                return this.exportAsSeedPhrase(params.exportStamper);
-            default:
-                assertNever(exportAs, `Unknown export mode: ${exportAs}`);
-        }
-    }
     /**
      * Authenticates the user by either email or passkey account creation flow. Emits events during the process.
      *
@@ -1244,5 +1237,29 @@ export class BaseSignerClient {
         this.eventEmitter.emit("connectedPasskey", this.user);
         return result;
     }
+    /**
+     * Implementation for setEmail method with optional OTP verification.
+     *
+     * @param {string | VerificationOtp} params An OTP object containing the OTP ID & OTP code (or an email address for legacy usage)
+     * @returns {Promise<void>} A promise that resolves to the updated email address
+     */
+    async setEmail(params) {
+        if (typeof params === "string") {
+            // Legacy use, requires team flag.
+            const contact = params;
+            if (!contact) {
+                throw new Error("Email must not be empty. Use removeEmail() to remove email auth.");
+            }
+            await this.updateEmail(contact);
+            return contact;
+        }
+        const { verificationToken } = await this.request("/v1/verify-otp", {
+            otpId: params.id,
+            otpCode: params.code,
+        });
+        const { contact } = jwtDecode(verificationToken);
+        await this.updateEmail(contact, verificationToken);
+        return contact;
+    }
 }
 //# sourceMappingURL=base.js.map