@account-kit/signer 4.61.0 → 4.62.0

package/dist/esm/base.d.ts

@@ -25,6 +25,9 @@ type GetUserParams = {
     type: "phone";
     value: string;
 };
+type VerificationParams = {
+    verificationCode: string;
+};
 /**
  * Base abstract class for Alchemy Signer, providing authentication and session management for smart accounts.
  * Implements the `SmartAccountAuthenticator` interface and handles various signer events.
@@ -375,7 +378,31 @@ export declare abstract class BaseAlchemySigner<TClient extends BaseSignerClient
     getUser(params: GetUserParams): Promise<{
         orgId: string;
     } | null>;
-    setEmail: (email: string) => Promise<void>;
+    /**
+     * Sets the email for the authenticated user, allowing them to login with that
+     * email.
+     *
+     * @deprecated You must contact Alchemy to enable this feature for your team,
+     * as there are important security considerations. In particular, you must not
+     * call this without first validating that the user owns this email account.
+     * It is recommended to now use the email verification flow instead.
+     *
+     * @param {string} email The email to set for the user
+     * @returns {Promise<string>} A promise that resolves to the updated email address
+     * @throws {NotAuthenticatedError} If the user is not authenticated
+     */
+    setEmail(email: string): Promise<string>;
+    /**
+     * Uses a verification code to update a user's email, allowing them to login
+     * with that email. `sendVerificationCode` should be called first to obtain
+     * the code.
+     *
+     * @param {VerificationParams} params An object containing the verification code
+     * @param {string} params.verificationCode The OTP verification code
+     * @returns {Promise<string>} A promise that resolves to the updated email address
+     * @throws {NotAuthenticatedError} If the user is not authenticated
+     */
+    setEmail(params: VerificationParams): Promise<string>;
     /**
      * Removes the email for the authenticated user, disallowing them from login with that email.
      *
@@ -383,6 +410,35 @@ export declare abstract class BaseAlchemySigner<TClient extends BaseSignerClient
      * @throws {NotAuthenticatedError} If the user is not authenticated
      */
     removeEmail: () => Promise<void>;
+    /**
+     * Sets the phone number for the authenticated user, allowing them to login with that
+     * phone number. `sendVerificationCode` should be called first to obtain the code.
+     *
+     * @param {VerificationParams} params An object containing the verification code
+     * @param {string} params.verificationCode The OTP verification code
+     * @returns {Promise<void>} A promise that resolves when the phone number is set
+     * @throws {NotAuthenticatedError} If the user is not authenticated
+     */
+    setPhoneNumber: (params: VerificationParams) => Promise<void>;
+    /**
+     * Removes the phone number for the authenticated user, disallowing them from login with that phone number.
+     *
+     * @returns {Promise<void>} A promise that resolves when the phone number is removed
+     * @throws {NotAuthenticatedError} If the user is not authenticated
+     */
+    removePhoneNumber: () => Promise<void>;
+    /**
+     * Initiates an OTP (One-Time Password) verification process for a user contact.
+     * Use this method before calling `setEmail` with verification code to verify ownership of the email address.
+     *
+     * @param {"email" | "sms"} type The type of OTP to send, either "email" or "sms"
+     * @param {string} contact The email address or phone number to send the OTP to
+     * @returns {Promise<{ otpId: string }>} A promise that resolves to an object containing the OTP ID
+     * @throws {NotAuthenticatedError} If the user is not authenticated
+     */
+    sendVerificationCode: (type: "email" | "sms", contact: string) => Promise<{
+        otpId: string;
+    }>;
     /**
      * Adds a passkey to the user's account
      *

package/dist/esm/base.js

@@ -565,38 +565,75 @@ export class BaseAlchemySigner {
                 };
             }
         });
-        /*
-         * Sets the email for the authenticated user, allowing them to login with that
-         * email.
+        /**
+         * Removes the email for the authenticated user, disallowing them from login with that email.
          *
-         * You must contact Alchemy to enable this feature for your team, as there are
-         * important security considerations. In particular, you must not call this
-         * without first validating that the user owns this email account.
+         * @returns {Promise<void>} A promise that resolves when the email is removed
+         * @throws {NotAuthenticatedError} If the user is not authenticated
+         */
+        Object.defineProperty(this, "removeEmail", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: SignerLogger.profiled("BaseAlchemySigner.removeEmail", async () => {
+                await this.inner.removeEmail();
+            })
+        });
+        /**
+         * Sets the phone number for the authenticated user, allowing them to login with that
+         * phone number. `sendVerificationCode` should be called first to obtain the code.
          *
-         * @param {string} email The email to set for the user
-         * @returns {Promise<void>} A promise that resolves when the email is set
+         * @param {VerificationParams} params An object containing the verification code
+         * @param {string} params.verificationCode The OTP verification code
+         * @returns {Promise<void>} A promise that resolves when the phone number is set
          * @throws {NotAuthenticatedError} If the user is not authenticated
          */
-        Object.defineProperty(this, "setEmail", {
+        Object.defineProperty(this, "setPhoneNumber", {
             enumerable: true,
             configurable: true,
             writable: true,
-            value: SignerLogger.profiled("BaseAlchemySigner.setEmail", async (email) => {
-                return this.inner.setEmail(email);
+            value: SignerLogger.profiled("BaseAlchemySigner.setPhoneNumber", async ({ verificationCode }) => {
+                const { otpId } = this.store.getState();
+                if (!otpId) {
+                    throw new Error("Missing OTP ID");
+                }
+                await this.inner.setPhoneNumber({
+                    id: otpId,
+                    code: verificationCode,
+                });
             })
         });
         /**
-         * Removes the email for the authenticated user, disallowing them from login with that email.
+         * Removes the phone number for the authenticated user, disallowing them from login with that phone number.
          *
-         * @returns {Promise<void>} A promise that resolves when the email is removed
+         * @returns {Promise<void>} A promise that resolves when the phone number is removed
          * @throws {NotAuthenticatedError} If the user is not authenticated
          */
-        Object.defineProperty(this, "removeEmail", {
+        Object.defineProperty(this, "removePhoneNumber", {
             enumerable: true,
             configurable: true,
             writable: true,
-            value: SignerLogger.profiled("BaseAlchemySigner.removeEmail", async () => {
-                return this.inner.removeEmail();
+            value: SignerLogger.profiled("BaseAlchemySigner.removePhoneNumber", async () => {
+                await this.inner.removePhoneNumber();
+            })
+        });
+        /**
+         * Initiates an OTP (One-Time Password) verification process for a user contact.
+         * Use this method before calling `setEmail` with verification code to verify ownership of the email address.
+         *
+         * @param {"email" | "sms"} type The type of OTP to send, either "email" or "sms"
+         * @param {string} contact The email address or phone number to send the OTP to
+         * @returns {Promise<{ otpId: string }>} A promise that resolves to an object containing the OTP ID
+         * @throws {NotAuthenticatedError} If the user is not authenticated
+         */
+        Object.defineProperty(this, "sendVerificationCode", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: SignerLogger.profiled("BaseAlchemySigner.sendVerificationCode", async (type, contact) => {
+                const { otpId } = await this.inner.initOtp(type, contact);
+                this.store.setState({ otpId });
+                return { otpId };
             })
         });
         /**
@@ -1431,6 +1468,29 @@ export class BaseAlchemySigner {
             };
         })(params);
     }
+    /**
+     * Implementation for setEmail method.
+     *
+     * @param {string | VerificationParams} params An object containing the verificationCode (or simply an email for legacy usage)
+     * @returns {Promise<void>} A promise that resolves when the email is set
+     */
+    async setEmail(params) {
+        return SignerLogger.profiled("BaseAlchemySigner.setEmail", async (params) => {
+            if (typeof params === "string") {
+                // Deprecated usage for backwards compatibility.
+                const email = params;
+                return await this.inner.setEmail(email);
+            }
+            const { otpId } = this.store.getState();
+            if (!otpId) {
+                throw new Error("Missing OTP ID");
+            }
+            return await this.inner.setEmail({
+                id: otpId,
+                code: params.verificationCode,
+            });
+        })(params);
+    }
     handleMfaRequired(encryptedPayload, multiFactors) {
         // Store complete MFA context in the temporary session
         const tempSession = this.sessionManager.getTemporarySession();