@account-kit/signer 4.8.0 → 4.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/esm/client/base.d.ts +45 -3
- package/dist/esm/client/base.js +141 -1
- package/dist/esm/client/base.js.map +1 -1
- package/dist/esm/client/index.d.ts +0 -2
- package/dist/esm/client/index.js +15 -103
- package/dist/esm/client/index.js.map +1 -1
- package/dist/esm/client/types.d.ts +16 -0
- package/dist/esm/client/types.js.map +1 -1
- package/dist/esm/errors.js +3 -1
- package/dist/esm/errors.js.map +1 -1
- package/dist/esm/index.d.ts +1 -0
- package/dist/esm/index.js +1 -0
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/oauth.d.ts +8 -7
- package/dist/esm/oauth.js +10 -10
- package/dist/esm/oauth.js.map +1 -1
- package/dist/esm/utils/resolveRelativeUrl.d.ts +1 -0
- package/dist/esm/utils/resolveRelativeUrl.js +7 -0
- package/dist/esm/utils/resolveRelativeUrl.js.map +1 -0
- package/dist/esm/version.d.ts +1 -1
- package/dist/esm/version.js +1 -1
- package/dist/esm/version.js.map +1 -1
- package/dist/types/client/base.d.ts +45 -3
- package/dist/types/client/base.d.ts.map +1 -1
- package/dist/types/client/index.d.ts +0 -2
- package/dist/types/client/index.d.ts.map +1 -1
- package/dist/types/client/types.d.ts +16 -0
- package/dist/types/client/types.d.ts.map +1 -1
- package/dist/types/errors.d.ts.map +1 -1
- package/dist/types/index.d.ts +1 -0
- package/dist/types/index.d.ts.map +1 -1
- package/dist/types/oauth.d.ts +8 -7
- package/dist/types/oauth.d.ts.map +1 -1
- package/dist/types/utils/resolveRelativeUrl.d.ts +2 -0
- package/dist/types/utils/resolveRelativeUrl.d.ts.map +1 -0
- package/dist/types/version.d.ts +1 -1
- package/dist/types/version.d.ts.map +1 -1
- package/package.json +5 -4
- package/src/client/base.ts +170 -4
- package/src/client/index.ts +18 -128
- package/src/client/types.ts +24 -2
- package/src/errors.ts +3 -1
- package/src/index.ts +1 -0
- package/src/oauth.ts +11 -11
- package/src/utils/resolveRelativeUrl.ts +6 -0
- package/src/version.ts +1 -1
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
import { type ConnectionConfig } from "@aa-sdk/core";
|
|
2
2
|
import { TurnkeyClient, type TSignedRequest } from "@turnkey/http";
|
|
3
3
|
import EventEmitter from "eventemitter3";
|
|
4
|
-
import type
|
|
5
|
-
import type { AlchemySignerClientEvents, AuthenticatingEventMetadata, CreateAccountParams, EmailAuthParams, GetWebAuthnAttestationResult, OauthConfig, OauthParams, OtpParams, SignerBody, SignerResponse, SignupResponse, User } from "./types.js";
|
|
4
|
+
import { type Hex } from "viem";
|
|
5
|
+
import type { AlchemySignerClientEvents, AuthenticatingEventMetadata, CreateAccountParams, EmailAuthParams, GetOauthProviderUrlArgs, GetWebAuthnAttestationResult, OauthConfig, OauthParams, OtpParams, SignerBody, SignerResponse, SignupResponse, User } from "./types.js";
|
|
6
6
|
export interface BaseSignerClientParams {
|
|
7
7
|
stamper: TurnkeyClient["stamper"];
|
|
8
8
|
connection: ConnectionConfig;
|
|
@@ -70,7 +70,7 @@ export declare abstract class BaseSignerClient<TExportWalletParams = unknown> {
|
|
|
70
70
|
}): Promise<User>;
|
|
71
71
|
abstract oauthWithRedirect(args: Extract<OauthParams, {
|
|
72
72
|
mode: "redirect";
|
|
73
|
-
}>): Promise<never>;
|
|
73
|
+
}>): Promise<User | never>;
|
|
74
74
|
abstract oauthWithPopup(args: Extract<OauthParams, {
|
|
75
75
|
mode: "popup";
|
|
76
76
|
}>): Promise<User>;
|
|
@@ -154,6 +154,41 @@ export declare abstract class BaseSignerClient<TExportWalletParams = unknown> {
|
|
|
154
154
|
request: <R extends "/v1/signup" | "/v1/whoami" | "/v1/auth" | "/v1/lookup" | "/v1/sign-payload" | "/v1/prepare-oauth" | "/v1/otp">(route: R, body: SignerBody<R>) => Promise<SignerResponse<R>>;
|
|
155
155
|
private exportAsSeedPhrase;
|
|
156
156
|
private exportAsPrivateKey;
|
|
157
|
+
/**
|
|
158
|
+
* Returns the authentication url for the selected OAuth Proivder
|
|
159
|
+
*
|
|
160
|
+
* @example
|
|
161
|
+
* ```ts
|
|
162
|
+
*
|
|
163
|
+
* cosnt oauthParams = {
|
|
164
|
+
* authProviderId: "google",
|
|
165
|
+
* isCustomProvider: false,
|
|
166
|
+
* auth0Connection: undefined,
|
|
167
|
+
* scope: undefined,
|
|
168
|
+
* claims: undefined,
|
|
169
|
+
* mode: "redirect",
|
|
170
|
+
* redirectUrl: "https://your-url-path/oauth-return",
|
|
171
|
+
* expirationSeconds: 3000
|
|
172
|
+
* };
|
|
173
|
+
*
|
|
174
|
+
* const turnkeyPublicKey = await this.initIframeStamper();
|
|
175
|
+
* const oauthCallbackUrl = this.oauthCallbackUrl;
|
|
176
|
+
* const oauthConfig = this.getOauthConfig() // Optional value for OauthConfig()
|
|
177
|
+
* const usesRelativeUrl = true // Optional value to determine if we use a relative (or absolute) url for the `redirect_url`
|
|
178
|
+
*
|
|
179
|
+
* const oauthProviderUrl = getOauthProviderUrl({
|
|
180
|
+
* oauthParams,
|
|
181
|
+
* turnkeyPublicKey,
|
|
182
|
+
* oauthCallbackUrl
|
|
183
|
+
* })
|
|
184
|
+
*
|
|
185
|
+
* ```
|
|
186
|
+
* @param {GetOauthProviderUrlArgs} args Required. The Oauth provider's auth parameters
|
|
187
|
+
*
|
|
188
|
+
* @returns {Promise<string>} returns the Oauth provider's url
|
|
189
|
+
*/
|
|
190
|
+
protected getOauthProviderUrl: (args: GetOauthProviderUrlArgs) => Promise<string>;
|
|
191
|
+
private getOauthConfigForMode;
|
|
157
192
|
protected pollActivityCompletion: <T extends "createOrganizationResult" | "createAuthenticatorsResult" | "createUsersResult" | "createPrivateKeysResult" | "createInvitationsResult" | "acceptInvitationResult" | "signRawPayloadResult" | "createPolicyResult" | "disablePrivateKeyResult" | "deleteUsersResult" | "deleteAuthenticatorsResult" | "deleteInvitationResult" | "deleteOrganizationResult" | "deletePolicyResult" | "createUserTagResult" | "deleteUserTagsResult" | "signTransactionResult" | "deleteApiKeysResult" | "createApiKeysResult" | "createPrivateKeyTagResult" | "deletePrivateKeyTagsResult" | "setPaymentMethodResult" | "activateBillingTierResult" | "deletePaymentMethodResult" | "createApiOnlyUsersResult" | "updateRootQuorumResult" | "updateUserTagResult" | "updatePrivateKeyTagResult" | "createSubOrganizationResult" | "updateAllowedOriginsResult" | "createPrivateKeysResultV2" | "updateUserResult" | "updatePolicyResult" | "createSubOrganizationResultV3" | "createWalletResult" | "createWalletAccountsResult" | "initUserEmailRecoveryResult" | "recoverUserResult" | "setOrganizationFeatureResult" | "removeOrganizationFeatureResult" | "exportPrivateKeyResult" | "exportWalletResult" | "createSubOrganizationResultV4" | "emailAuthResult" | "exportWalletAccountResult">(activity: Awaited<ReturnType<(typeof this.turnkeyClient)["getActivity"]>>["activity"], organizationId: string, resultKey: T) => Promise<NonNullable<{
|
|
158
193
|
createOrganizationResult?: {
|
|
159
194
|
organizationId: string;
|
|
@@ -328,4 +363,11 @@ export declare abstract class BaseSignerClient<TExportWalletParams = unknown> {
|
|
|
328
363
|
exportBundle: string;
|
|
329
364
|
} | undefined;
|
|
330
365
|
}[T]>>;
|
|
366
|
+
/**
|
|
367
|
+
* Turnkey requires the nonce in the id token to be in this format.
|
|
368
|
+
*
|
|
369
|
+
* @param {string} turnkeyPublicKey key from a Turnkey iframe
|
|
370
|
+
* @returns {string} nonce to be used in OIDC
|
|
371
|
+
*/
|
|
372
|
+
protected getOauthNonce: (turnkeyPublicKey: string) => string;
|
|
331
373
|
}
|
package/dist/esm/client/base.js
CHANGED
|
@@ -2,9 +2,12 @@ import { ConnectionConfigSchema } from "@aa-sdk/core";
|
|
|
2
2
|
import { TurnkeyClient } from "@turnkey/http";
|
|
3
3
|
import EventEmitter from "eventemitter3";
|
|
4
4
|
import { jwtDecode } from "jwt-decode";
|
|
5
|
-
import {
|
|
5
|
+
import { sha256 } from "viem";
|
|
6
|
+
import { NotAuthenticatedError, OAuthProvidersError } from "../errors.js";
|
|
6
7
|
import { base64UrlEncode } from "../utils/base64UrlEncode.js";
|
|
7
8
|
import { assertNever } from "../utils/typeAssertions.js";
|
|
9
|
+
import { resolveRelativeUrl } from "../utils/resolveRelativeUrl.js";
|
|
10
|
+
import { addOpenIdIfAbsent, getDefaultScopeAndClaims } from "../oauth.js";
|
|
8
11
|
/**
|
|
9
12
|
* Base class for all Alchemy Signer clients
|
|
10
13
|
*/
|
|
@@ -347,6 +350,128 @@ export class BaseSignerClient {
|
|
|
347
350
|
return result;
|
|
348
351
|
}
|
|
349
352
|
});
|
|
353
|
+
/**
|
|
354
|
+
* Returns the authentication url for the selected OAuth Proivder
|
|
355
|
+
*
|
|
356
|
+
* @example
|
|
357
|
+
* ```ts
|
|
358
|
+
*
|
|
359
|
+
* cosnt oauthParams = {
|
|
360
|
+
* authProviderId: "google",
|
|
361
|
+
* isCustomProvider: false,
|
|
362
|
+
* auth0Connection: undefined,
|
|
363
|
+
* scope: undefined,
|
|
364
|
+
* claims: undefined,
|
|
365
|
+
* mode: "redirect",
|
|
366
|
+
* redirectUrl: "https://your-url-path/oauth-return",
|
|
367
|
+
* expirationSeconds: 3000
|
|
368
|
+
* };
|
|
369
|
+
*
|
|
370
|
+
* const turnkeyPublicKey = await this.initIframeStamper();
|
|
371
|
+
* const oauthCallbackUrl = this.oauthCallbackUrl;
|
|
372
|
+
* const oauthConfig = this.getOauthConfig() // Optional value for OauthConfig()
|
|
373
|
+
* const usesRelativeUrl = true // Optional value to determine if we use a relative (or absolute) url for the `redirect_url`
|
|
374
|
+
*
|
|
375
|
+
* const oauthProviderUrl = getOauthProviderUrl({
|
|
376
|
+
* oauthParams,
|
|
377
|
+
* turnkeyPublicKey,
|
|
378
|
+
* oauthCallbackUrl
|
|
379
|
+
* })
|
|
380
|
+
*
|
|
381
|
+
* ```
|
|
382
|
+
* @param {GetOauthProviderUrlArgs} args Required. The Oauth provider's auth parameters
|
|
383
|
+
*
|
|
384
|
+
* @returns {Promise<string>} returns the Oauth provider's url
|
|
385
|
+
*/
|
|
386
|
+
Object.defineProperty(this, "getOauthProviderUrl", {
|
|
387
|
+
enumerable: true,
|
|
388
|
+
configurable: true,
|
|
389
|
+
writable: true,
|
|
390
|
+
value: async (args) => {
|
|
391
|
+
const { oauthParams, turnkeyPublicKey, oauthCallbackUrl, oauthConfig, usesRelativeUrl = true, } = args;
|
|
392
|
+
const { authProviderId, isCustomProvider, auth0Connection, scope: providedScope, claims: providedClaims, mode, redirectUrl, expirationSeconds, } = oauthParams;
|
|
393
|
+
const { codeChallenge, requestKey, authProviders } = oauthConfig ?? (await this.getOauthConfigForMode(mode));
|
|
394
|
+
if (!authProviders) {
|
|
395
|
+
throw new OAuthProvidersError();
|
|
396
|
+
}
|
|
397
|
+
const authProvider = authProviders.find((provider) => provider.id === authProviderId &&
|
|
398
|
+
!!provider.isCustomProvider === !!isCustomProvider);
|
|
399
|
+
if (!authProvider) {
|
|
400
|
+
throw new Error(`No auth provider found with id ${authProviderId}`);
|
|
401
|
+
}
|
|
402
|
+
let scope;
|
|
403
|
+
let claims;
|
|
404
|
+
if (providedScope) {
|
|
405
|
+
scope = addOpenIdIfAbsent(providedScope);
|
|
406
|
+
claims = providedClaims;
|
|
407
|
+
}
|
|
408
|
+
else {
|
|
409
|
+
if (isCustomProvider) {
|
|
410
|
+
throw new Error("scope must be provided for a custom provider");
|
|
411
|
+
}
|
|
412
|
+
const scopeAndClaims = getDefaultScopeAndClaims(authProviderId);
|
|
413
|
+
if (!scopeAndClaims) {
|
|
414
|
+
throw new Error(`Default scope not known for provider ${authProviderId}`);
|
|
415
|
+
}
|
|
416
|
+
({ scope, claims } = scopeAndClaims);
|
|
417
|
+
}
|
|
418
|
+
const { authEndpoint, clientId } = authProvider;
|
|
419
|
+
const nonce = this.getOauthNonce(turnkeyPublicKey);
|
|
420
|
+
const stateObject = {
|
|
421
|
+
authProviderId,
|
|
422
|
+
isCustomProvider,
|
|
423
|
+
requestKey,
|
|
424
|
+
turnkeyPublicKey,
|
|
425
|
+
expirationSeconds,
|
|
426
|
+
redirectUrl: mode === "redirect"
|
|
427
|
+
? usesRelativeUrl
|
|
428
|
+
? resolveRelativeUrl(redirectUrl)
|
|
429
|
+
: redirectUrl
|
|
430
|
+
: undefined,
|
|
431
|
+
openerOrigin: mode === "popup" ? window.location.origin : undefined,
|
|
432
|
+
};
|
|
433
|
+
const state = base64UrlEncode(new TextEncoder().encode(JSON.stringify(stateObject)));
|
|
434
|
+
const authUrl = new URL(authEndpoint);
|
|
435
|
+
const params = {
|
|
436
|
+
redirect_uri: oauthCallbackUrl,
|
|
437
|
+
response_type: "code",
|
|
438
|
+
scope,
|
|
439
|
+
state,
|
|
440
|
+
code_challenge: codeChallenge,
|
|
441
|
+
code_challenge_method: "S256",
|
|
442
|
+
prompt: "select_account",
|
|
443
|
+
client_id: clientId,
|
|
444
|
+
nonce,
|
|
445
|
+
};
|
|
446
|
+
if (claims) {
|
|
447
|
+
params.claims = claims;
|
|
448
|
+
}
|
|
449
|
+
if (auth0Connection) {
|
|
450
|
+
params.connection = auth0Connection;
|
|
451
|
+
}
|
|
452
|
+
Object.keys(params).forEach((param) => {
|
|
453
|
+
params[param] && authUrl.searchParams.append(param, params[param]);
|
|
454
|
+
});
|
|
455
|
+
const [urlPath, searchParams] = authUrl.href.split("?");
|
|
456
|
+
return `${urlPath?.replace(/\/$/, "")}?${searchParams}`;
|
|
457
|
+
}
|
|
458
|
+
});
|
|
459
|
+
Object.defineProperty(this, "getOauthConfigForMode", {
|
|
460
|
+
enumerable: true,
|
|
461
|
+
configurable: true,
|
|
462
|
+
writable: true,
|
|
463
|
+
value: async (mode) => {
|
|
464
|
+
if (this.oauthConfig) {
|
|
465
|
+
return this.oauthConfig;
|
|
466
|
+
}
|
|
467
|
+
else if (mode === "redirect") {
|
|
468
|
+
return this.initOauth();
|
|
469
|
+
}
|
|
470
|
+
else {
|
|
471
|
+
throw new Error("enablePopupOauth must be set in configuration or signer.preparePopupOauth must be called before using popup-based OAuth login");
|
|
472
|
+
}
|
|
473
|
+
}
|
|
474
|
+
});
|
|
350
475
|
// eslint-disable-next-line eslint-rules/require-jsdoc-on-reexported-functions
|
|
351
476
|
Object.defineProperty(this, "pollActivityCompletion", {
|
|
352
477
|
enumerable: true,
|
|
@@ -373,6 +498,21 @@ export class BaseSignerClient {
|
|
|
373
498
|
return this.pollActivityCompletion(activity, organizationId, resultKey);
|
|
374
499
|
}
|
|
375
500
|
});
|
|
501
|
+
// #endregion
|
|
502
|
+
/**
|
|
503
|
+
* Turnkey requires the nonce in the id token to be in this format.
|
|
504
|
+
*
|
|
505
|
+
* @param {string} turnkeyPublicKey key from a Turnkey iframe
|
|
506
|
+
* @returns {string} nonce to be used in OIDC
|
|
507
|
+
*/
|
|
508
|
+
Object.defineProperty(this, "getOauthNonce", {
|
|
509
|
+
enumerable: true,
|
|
510
|
+
configurable: true,
|
|
511
|
+
writable: true,
|
|
512
|
+
value: (turnkeyPublicKey) => {
|
|
513
|
+
return sha256(new TextEncoder().encode(turnkeyPublicKey)).slice(2);
|
|
514
|
+
}
|
|
515
|
+
});
|
|
376
516
|
const { stamper, connection, rootOrgId } = params;
|
|
377
517
|
this.rootOrg = rootOrgId ?? "24c1acf5-810f-41e0-a503-d5d13fa8e830";
|
|
378
518
|
this.eventEmitter = new EventEmitter();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"base.js","sourceRoot":"","sources":["../../../src/client/base.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAyB,MAAM,cAAc,CAAC;AAC7E,OAAO,EAAE,aAAa,EAAuB,MAAM,eAAe,CAAC;AACnE,OAAO,YAAY,MAAM,eAAe,CAAC;AACzC,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEvC,OAAO,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AACrD,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAC9D,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AA+BzD;;GAEG;AACH,MAAM,OAAgB,gBAAgB;IAQpC;;;;OAIG;IACH,YAAY,MAA8B;QAZlC;;;;;WAAwB;QACxB;;;;;WAAmC;QACjC;;;;;WAA6B;QAC7B;;;;;WAAgB;QAChB;;;;;WAAsD;QACtD;;;;;WAAqC;QAkB/C;;;;WAIG;QACI;;;;mBAAY,KAAK,IAA0B,EAAE;gBAClD,IAAI,CAAC,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;gBAC/C,OAAO,IAAI,CAAC,WAAW,CAAC;YAC1B,CAAC;WAAC;QA2FF,aAAa;QAEb,yBAAyB;QAEzB;;;;;;WAMG;QACI;;;;mBAAK,CACV,KAAQ,EACR,QAAsC,EACtC,EAAE;gBACF,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE,QAAe,CAAC,CAAC;gBAE7C,OAAO,GAAG,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC,KAAK,EAAE,QAAe,CAAC,CAAC;YACxE,CAAC;WAAC;QAEF;;;;;;WAMG;QACI;;;;mBAAa,KAAK,EAAE,OAAkC,EAAE,EAAE;gBAC/D,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBACD,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAClE,OAAO,CACR,CAAC;gBAEF,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,oBAAoB,CAAC;oBACjE,IAAI,EAAE,wCAAwC;oBAC9C,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,UAAU,EAAE;wBACV,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM;wBACxB,cAAc,EAAE;4BACd;gCACE,WAAW;gCACX,iBAAiB,EAAE,WAAW,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,EAAE;gCACrD,SAAS,EAAE,eAAe,CAAC,SAAS,CAAC;6BACtC;yBACF;qBACF;iBACF,CAAC,CAAC;gBAEH,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAC5D,QAAQ,EACR,IAAI,CAAC,IAAI,CAAC,KAAK,EACf,4BAA4B,CAC7B,CAAC;gBAEF,OAAO,gBAAgB,CAAC;YAC1B,CAAC;WAAC;QAEF;;;;;;;WAOG;QACI;;;;mBAAS,KAAK,EACnB,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,KAAK,EACxB,OAAgB,EACD,EAAE;gBACjB,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;oBACd,OAAO,IAAI,CAAC,IAAI,CAAC;gBACnB,CAAC;gBAED,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;gBACvC,CAAC;gBAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC;oBAC7D,cAAc,EAAE,KAAK;iBACtB,CAAC,CAAC;gBAEH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE;oBAC5C,cAAc;iBACf,CAAC,CAAC;gBAEH,IAAI,OAAO,EAAE,CAAC;oBACZ,MAAM,MAAM,GAA4B,SAAS,CAAC,OAAO,CAAC,CAAC;oBAC3D,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;oBACvB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;oBACrB,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;wBACrC,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;oBAC5B,CAAC;gBACH,CAAC;gBAED,MAAM,YAAY,GAAG,CAAC,GAAG,EAAE;oBACzB,IAAI,CAAC;wBACH,OAAO,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,gBAAgB,CAAC;6BACtD,YAAsB,CAAC;oBAC5B,CAAC;oBAAC,OAAO,CAAC,EAAE,CAAC;wBACX,OAAO,SAAS,CAAC;oBACnB,CAAC;gBACH,CAAC,CAAC,EAAE,CAAC;gBAEL,IAAI,CAAC,IAAI,GAAG;oBACV,GAAG,IAAI;oBACP,YAAY;iBACb,CAAC;gBAEF,OAAO,IAAI,CAAC,IAAI,CAAC;YACnB,CAAC;WAAC;QAEF;;;;;;;;WAQG;QACI;;;;mBAAc,KAAK,IAA6B,EAAE;gBACvD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;gBAC1E,CAAC;gBAED,OAAO,MAAM,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC;oBAC7C,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;iBAChC,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;WAKG;QACI;;;;mBAAoB,KAAK,EAAE,KAAa,EAAE,EAAE;gBACjD,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YAC/C,CAAC;WAAC;QAEF;;;;;;;WAOG;QACI;;;;mBAAiB,KAAK,EAAE,GAAQ,EAAgB,EAAE;gBACvD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC;oBAClE,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,IAAI,EAAE,mCAAmC;oBACzC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,UAAU,EAAE;wBACV,QAAQ,EAAE,8BAA8B;wBACxC,YAAY,EAAE,qBAAqB;wBACnC,OAAO,EAAE,GAAG;wBACZ,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO;qBAC5B;iBACF,CAAC,CAAC;gBAEH,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE;oBAC3D,cAAc;iBACf,CAAC,CAAC;gBAEH,OAAO,SAAS,CAAC;YACnB,CAAC;WAAC;QAEF;;;;WAIG;QACI;;;;mBAAU,GAAgB,EAAE;gBACjC,OAAO,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC;YAC3B,CAAC;WAAC;QAEF;;;;;;;WAOG;QACI;;;;mBAAU,KAAK,EACpB,KAAQ,EACR,IAAmB,EACS,EAAE;gBAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,gBAAgB,CAAC,MAAM,IAAI,2BAA2B,CAAC;gBAExE,MAAM,QAAQ,GAAG,SAAS,CAAC;gBAE3B,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;gBAC9B,OAAO,CAAC,MAAM,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;gBACnD,IAAI,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC;oBACjC,OAAO,CAAC,MAAM,CAAC,eAAe,EAAE,UAAU,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC;gBAC5E,CAAC;qBAAM,IAAI,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,CAAC;oBACrC,OAAO,CAAC,MAAM,CAAC,eAAe,EAAE,UAAU,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,CAAC,CAAC;gBACzE,CAAC;gBAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,GAAG,GAAG,QAAQ,GAAG,KAAK,EAAE,EAAE;oBACxD,MAAM,EAAE,MAAM;oBACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;oBAC1B,OAAO;iBACR,CAAC,CAAC;gBAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;oBACjB,MAAM,IAAI,KAAK,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;gBACzC,CAAC;gBAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAEnC,OAAO,IAAyB,CAAC;YACnC,CAAC;WAAC;QAEF,aAAa;QAEb,0BAA0B;QAClB;;;;mBAAqB,KAAK,EAAE,OAA4B,EAAE,EAAE;gBAClE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC;oBACtD,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;iBAChC,CAAC,CAAC;gBAEH,MAAM,cAAc,GAAG,MAAM,OAAO,CAAC,GAAG,CACtC,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAC3B,IAAI,CAAC,aAAa,CAAC,iBAAiB,CAAC;oBACnC,cAAc,EAAE,IAAI,CAAC,IAAK,CAAC,KAAK;oBAChC,QAAQ;iBACT,CAAC,CACH,CACF,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAE5C,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,CACvC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,IAAI,CAAC,IAAK,CAAC,OAAO,CACxC,CAAC;gBAEF,IAAI,CAAC,aAAa,EAAE,CAAC;oBACnB,MAAM,IAAI,KAAK,CACb,yCAAyC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAC7D,CAAC;gBACJ,CAAC;gBAED,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC;oBACzD,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,IAAI,EAAE,6BAA6B;oBACnC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,UAAU,EAAE;wBACV,QAAQ,EAAE,aAAc,CAAC,QAAQ;wBACjC,eAAe,EAAE,OAAO,CAAC,SAAS,EAAG;qBACtC;iBACF,CAAC,CAAC;gBAEH,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,IAAI,CAAC,sBAAsB,CACxD,QAAQ,EACR,IAAI,CAAC,IAAI,CAAC,KAAK,EACf,oBAAoB,CACrB,CAAC;gBAEF,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,wBAAwB,CAAC,YAAY,CAAC,CAAC;gBAEpE,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;gBAC3D,CAAC;gBAED,OAAO,MAAM,CAAC;YAChB,CAAC;WAAC;QAEM;;;;mBAAqB,KAAK,EAAE,OAA4B,EAAE,EAAE;gBAClE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC;oBAChE,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,IAAI,EAAE,qCAAqC;oBAC3C,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,UAAU,EAAE;wBACV,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO;wBAC1B,eAAe,EAAE,OAAO,CAAC,SAAS,EAAG;qBACtC;iBACF,CAAC,CAAC;gBAEH,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,IAAI,CAAC,sBAAsB,CACxD,QAAQ,EACR,IAAI,CAAC,IAAI,CAAC,KAAK,EACf,2BAA2B,CAC5B,CAAC;gBAEF,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC;gBAEjE,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;gBAC3D,CAAC;gBAED,OAAO,MAAM,CAAC;YAChB,CAAC;WAAC;QAEF,8EAA8E;QACpE;;;;mBAAyB,KAAK,EAKtC,QAEa,EACb,cAAsB,EACtB,SAAY,EAOZ,EAAE;gBACF,IAAI,QAAQ,CAAC,MAAM,KAAK,2BAA2B,EAAE,CAAC;oBACpD,OAAO,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAE,CAAC;gBACrC,CAAC;gBAED,MAAM,EACJ,QAAQ,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,GACjC,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC;oBACvC,UAAU,EAAE,QAAQ,CAAC,EAAE;oBACvB,cAAc;iBACf,CAAC,CAAC;gBAEH,IAAI,MAAM,KAAK,2BAA2B,EAAE,CAAC;oBAC3C,OAAO,MAAM,CAAC,SAAS,CAAE,CAAC;gBAC5B,CAAC;gBAED,IACE,MAAM,KAAK,wBAAwB;oBACnC,MAAM,KAAK,0BAA0B;oBACrC,MAAM,KAAK,kCAAkC,EAC7C,CAAC;oBACD,MAAM,IAAI,KAAK,CACb,uCAAuC,EAAE,aAAa,MAAM,GAAG,CAChE,CAAC;gBACJ,CAAC;gBAED,gEAAgE;gBAChE,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC;gBAEzD,OAAO,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,cAAc,EAAE,SAAS,CAAC,CAAC;YAC1E,CAAC;WAAC;QAjdA,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;QAClD,IAAI,CAAC,OAAO,GAAG,SAAS,IAAI,sCAAsC,CAAC;QACnE,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,EAA6B,CAAC;QAClE,IAAI,CAAC,gBAAgB,GAAG,sBAAsB,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QACjE,IAAI,CAAC,aAAa,GAAG,IAAI,aAAa,CACpC,EAAE,OAAO,EAAE,yBAAyB,EAAE,EACtC,OAAO,CACR,CAAC;IACJ,CAAC;IAYD,IAAc,IAAI;QAChB,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,IAAc,IAAI,CAAC,IAAsB;QACvC,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;YACxB,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;QAC5C,CAAC;aAAM,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC/B,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACzC,CAAC;QAED,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;IACpB,CAAC;IAED;;;;OAIG;IACO,UAAU,CAAC,OAAiC;QACpD,IAAI,CAAC,aAAa,CAAC,OAAO,GAAG,OAAO,CAAC;IACvC,CAAC;IAED;;;;;;;OAOG;IACO,iBAAiB,CAAC,MAG3B;QACC,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC;QAC5B,QAAQ,QAAQ,EAAE,CAAC;YACjB,KAAK,aAAa;gBAChB,OAAO,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YACvD,KAAK,aAAa;gBAChB,OAAO,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YACvD;gBACE,WAAW,CAAC,QAAQ,EAAE,wBAAwB,QAAQ,EAAE,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;CAmZF","sourcesContent":["import { ConnectionConfigSchema, type ConnectionConfig } from \"@aa-sdk/core\";\nimport { TurnkeyClient, type TSignedRequest } from \"@turnkey/http\";\nimport EventEmitter from \"eventemitter3\";\nimport { jwtDecode } from \"jwt-decode\";\nimport type { Hex } from \"viem\";\nimport { NotAuthenticatedError } from \"../errors.js\";\nimport { base64UrlEncode } from \"../utils/base64UrlEncode.js\";\nimport { assertNever } from \"../utils/typeAssertions.js\";\nimport type {\n AlchemySignerClientEvent,\n AlchemySignerClientEvents,\n AuthenticatingEventMetadata,\n CreateAccountParams,\n EmailAuthParams,\n GetWebAuthnAttestationResult,\n OauthConfig,\n OauthParams,\n OtpParams,\n SignerBody,\n SignerResponse,\n SignerRoutes,\n SignupResponse,\n User,\n} from \"./types.js\";\n\nexport interface BaseSignerClientParams {\n stamper: TurnkeyClient[\"stamper\"];\n connection: ConnectionConfig;\n rootOrgId?: string;\n rpId?: string;\n}\n\nexport type ExportWalletStamper = TurnkeyClient[\"stamper\"] & {\n injectWalletExportBundle(bundle: string): Promise<boolean>;\n injectKeyExportBundle(bundle: string): Promise<boolean>;\n publicKey(): string | null;\n};\n\n/**\n * Base class for all Alchemy Signer clients\n */\nexport abstract class BaseSignerClient<TExportWalletParams = unknown> {\n private _user: User | undefined;\n private connectionConfig: ConnectionConfig;\n protected turnkeyClient: TurnkeyClient;\n protected rootOrg: string;\n protected eventEmitter: EventEmitter<AlchemySignerClientEvents>;\n protected oauthConfig: OauthConfig | undefined;\n\n /**\n * Create a new instance of the Alchemy Signer client\n *\n * @param {BaseSignerClientParams} params the parameters required to create the client\n */\n constructor(params: BaseSignerClientParams) {\n const { stamper, connection, rootOrgId } = params;\n this.rootOrg = rootOrgId ?? \"24c1acf5-810f-41e0-a503-d5d13fa8e830\";\n this.eventEmitter = new EventEmitter<AlchemySignerClientEvents>();\n this.connectionConfig = ConnectionConfigSchema.parse(connection);\n this.turnkeyClient = new TurnkeyClient(\n { baseUrl: \"https://api.turnkey.com\" },\n stamper\n );\n }\n\n /**\n * Asynchronously fetches and sets the OAuth configuration.\n *\n * @returns {Promise<OauthConfig>} A promise that resolves to the OAuth configuration\n */\n public initOauth = async (): Promise<OauthConfig> => {\n this.oauthConfig = await this.getOauthConfig();\n return this.oauthConfig;\n };\n\n protected get user() {\n return this._user;\n }\n\n protected set user(user: User | undefined) {\n if (user && !this._user) {\n this.eventEmitter.emit(\"connected\", user);\n } else if (!user && this._user) {\n this.eventEmitter.emit(\"disconnected\");\n }\n\n this._user = user;\n }\n\n /**\n * Sets the stamper of the TurnkeyClient.\n *\n * @param {TurnkeyClient[\"stamper\"]} stamper the stamper function to set for the TurnkeyClient\n */\n protected setStamper(stamper: TurnkeyClient[\"stamper\"]) {\n this.turnkeyClient.stamper = stamper;\n }\n\n /**\n * Exports wallet credentials based on the specified type, either as a SEED_PHRASE or PRIVATE_KEY.\n *\n * @param {object} params The parameters for exporting the wallet\n * @param {ExportWalletStamper} params.exportStamper The stamper used for exporting the wallet\n * @param {\"SEED_PHRASE\" | \"PRIVATE_KEY\"} params.exportAs Specifies the format for exporting the wallet, either as a SEED_PHRASE or PRIVATE_KEY\n * @returns {Promise<boolean>} A promise that resolves to true if the export is successful\n */\n protected exportWalletInner(params: {\n exportStamper: ExportWalletStamper;\n exportAs: \"SEED_PHRASE\" | \"PRIVATE_KEY\";\n }): Promise<boolean> {\n const { exportAs } = params;\n switch (exportAs) {\n case \"PRIVATE_KEY\":\n return this.exportAsPrivateKey(params.exportStamper);\n case \"SEED_PHRASE\":\n return this.exportAsSeedPhrase(params.exportStamper);\n default:\n assertNever(exportAs, `Unknown export mode: ${exportAs}`);\n }\n }\n\n // #region ABSTRACT METHODS\n\n public abstract createAccount(\n params: CreateAccountParams\n ): Promise<SignupResponse>;\n\n public abstract initEmailAuth(\n params: Omit<EmailAuthParams, \"targetPublicKey\">\n ): Promise<{ orgId: string; otpId?: string }>;\n\n public abstract completeAuthWithBundle(params: {\n bundle: string;\n orgId: string;\n connectedEventName: keyof AlchemySignerClientEvents;\n authenticatingType: AuthenticatingEventMetadata[\"type\"];\n idToken?: string;\n }): Promise<User>;\n\n public abstract oauthWithRedirect(\n args: Extract<OauthParams, { mode: \"redirect\" }>\n ): Promise<never>;\n\n public abstract oauthWithPopup(\n args: Extract<OauthParams, { mode: \"popup\" }>\n ): Promise<User>;\n\n public abstract submitOtpCode(\n args: Omit<OtpParams, \"targetPublicKey\">\n ): Promise<{ bundle: string }>;\n\n public abstract disconnect(): Promise<void>;\n\n public abstract exportWallet(params: TExportWalletParams): Promise<boolean>;\n\n public abstract lookupUserWithPasskey(user?: User): Promise<User>;\n\n protected abstract getOauthConfig(): Promise<OauthConfig>;\n\n protected abstract getWebAuthnAttestation(\n options: CredentialCreationOptions,\n userDetails?: { username: string }\n ): Promise<GetWebAuthnAttestationResult>;\n\n // #endregion\n\n // #region PUBLIC METHODS\n\n /**\n * Listen to events emitted by the client\n *\n * @param {AlchemySignerClientEvent} event the event you want to listen to\n * @param {AlchemySignerClientEvents[AlchemySignerClientEvent]} listener the callback function to execute when an event is fired\n * @returns {() => void} a function that will remove the listener when called\n */\n public on = <E extends AlchemySignerClientEvent>(\n event: E,\n listener: AlchemySignerClientEvents[E]\n ) => {\n this.eventEmitter.on(event, listener as any);\n\n return () => this.eventEmitter.removeListener(event, listener as any);\n };\n\n /**\n * Handles the creation of authenticators using WebAuthn attestation and the provided options. Requires the user to be authenticated.\n *\n * @param {CredentialCreationOptions} options The options used to create the WebAuthn attestation\n * @returns {Promise<string[]>} A promise that resolves to an array of authenticator IDs\n * @throws {NotAuthenticatedError} If the user is not authenticated\n */\n public addPasskey = async (options: CredentialCreationOptions) => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n const { attestation, challenge } = await this.getWebAuthnAttestation(\n options\n );\n\n const { activity } = await this.turnkeyClient.createAuthenticators({\n type: \"ACTIVITY_TYPE_CREATE_AUTHENTICATORS_V2\",\n timestampMs: Date.now().toString(),\n organizationId: this.user.orgId,\n parameters: {\n userId: this.user.userId,\n authenticators: [\n {\n attestation,\n authenticatorName: `passkey-${Date.now().toString()}`,\n challenge: base64UrlEncode(challenge),\n },\n ],\n },\n });\n\n const { authenticatorIds } = await this.pollActivityCompletion(\n activity,\n this.user.orgId,\n \"createAuthenticatorsResult\"\n );\n\n return authenticatorIds;\n };\n\n /**\n * Retrieves the current user or fetches the user information if not already available.\n *\n * @param {string} [orgId] optional organization ID, defaults to the user's organization ID\n * @param {string} idToken an OIDC ID token containing additional user information\n * @returns {Promise<User>} A promise that resolves to the user object\n * @throws {Error} if no organization ID is provided when there is no current user\n */\n public whoami = async (\n orgId = this.user?.orgId,\n idToken?: string\n ): Promise<User> => {\n if (this.user) {\n return this.user;\n }\n\n if (!orgId) {\n throw new Error(\"No orgId provided\");\n }\n\n const stampedRequest = await this.turnkeyClient.stampGetWhoami({\n organizationId: orgId,\n });\n\n const user = await this.request(\"/v1/whoami\", {\n stampedRequest,\n });\n\n if (idToken) {\n const claims: Record<string, unknown> = jwtDecode(idToken);\n user.idToken = idToken;\n user.claims = claims;\n if (typeof claims.email === \"string\") {\n user.email = claims.email;\n }\n }\n\n const credentialId = (() => {\n try {\n return JSON.parse(stampedRequest?.stamp.stampHeaderValue)\n .credentialId as string;\n } catch (e) {\n return undefined;\n }\n })();\n\n this.user = {\n ...user,\n credentialId,\n };\n\n return this.user;\n };\n\n /**\n * Generates a stamped whoami request for the current user. This request can then be used to call /signer/v1/whoami to get the user information.\n * This is useful if you want to get the user information in a different context like a server. You can pass the stamped request to the server\n * and then call our API to get the user information. Using this stamp is the most trusted way to get the user information since a stamp can only\n * belong to the user who created it.\n *\n * @returns {Promise<TSignedRequest>} a promise that resolves to the \"whoami\" information for the logged in user\n * @throws {Error} if no organization ID is provided\n */\n public stampWhoami = async (): Promise<TSignedRequest> => {\n if (!this.user) {\n throw new Error(\"User must be authenticated to stamp a whoami request\");\n }\n\n return await this.turnkeyClient.stampGetWhoami({\n organizationId: this.user.orgId,\n });\n };\n\n /**\n * Looks up information based on an email address.\n *\n * @param {string} email the email address to look up\n * @returns {Promise<any>} the result of the lookup request\n */\n public lookupUserByEmail = async (email: string) => {\n return this.request(\"/v1/lookup\", { email });\n };\n\n /**\n * This will sign a message with the user's private key, without doing any transformations on the message.\n * For SignMessage or SignTypedData, the caller should hash the message before calling this method and pass\n * that result here.\n *\n * @param {Hex} msg the hex representation of the bytes to sign\n * @returns {Promise<Hex>} the signature over the raw hex\n */\n public signRawMessage = async (msg: Hex): Promise<Hex> => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n\n const stampedRequest = await this.turnkeyClient.stampSignRawPayload({\n organizationId: this.user.orgId,\n type: \"ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2\",\n timestampMs: Date.now().toString(),\n parameters: {\n encoding: \"PAYLOAD_ENCODING_HEXADECIMAL\",\n hashFunction: \"HASH_FUNCTION_NO_OP\",\n payload: msg,\n signWith: this.user.address,\n },\n });\n\n const { signature } = await this.request(\"/v1/sign-payload\", {\n stampedRequest,\n });\n\n return signature;\n };\n\n /**\n * Returns the current user or null if no user is set.\n *\n * @returns {User | null} the current user object or null if no user is available\n */\n public getUser = (): User | null => {\n return this.user ?? null;\n };\n\n /**\n * Sends a POST request to the given signer route with the specified body and returns the response.\n * Not intended to be used directly, use the specific methods instead on the client instead.\n *\n * @param {SignerRoutes} route The route to which the request should be sent\n * @param {SignerBody<R>} body The request body containing the data to be sent\n * @returns {Promise<SignerResponse<R>>} A promise that resolves to the response from the signer\n */\n public request = async <R extends SignerRoutes>(\n route: R,\n body: SignerBody<R>\n ): Promise<SignerResponse<R>> => {\n const url = this.connectionConfig.rpcUrl ?? \"https://api.g.alchemy.com\";\n\n const basePath = \"/signer\";\n\n const headers = new Headers();\n headers.append(\"Content-Type\", \"application/json\");\n if (this.connectionConfig.apiKey) {\n headers.append(\"Authorization\", `Bearer ${this.connectionConfig.apiKey}`);\n } else if (this.connectionConfig.jwt) {\n headers.append(\"Authorization\", `Bearer ${this.connectionConfig.jwt}`);\n }\n\n const response = await fetch(`${url}${basePath}${route}`, {\n method: \"POST\",\n body: JSON.stringify(body),\n headers,\n });\n\n if (!response.ok) {\n throw new Error(await response.text());\n }\n\n const json = await response.json();\n\n return json as SignerResponse<R>;\n };\n\n // #endregion\n\n // #region PRIVATE METHODS\n private exportAsSeedPhrase = async (stamper: ExportWalletStamper) => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n\n const { wallets } = await this.turnkeyClient.getWallets({\n organizationId: this.user.orgId,\n });\n\n const walletAccounts = await Promise.all(\n wallets.map(({ walletId }) =>\n this.turnkeyClient.getWalletAccounts({\n organizationId: this.user!.orgId,\n walletId,\n })\n )\n ).then((x) => x.flatMap((x) => x.accounts));\n\n const walletAccount = walletAccounts.find(\n (x) => x.address === this.user!.address\n );\n\n if (!walletAccount) {\n throw new Error(\n `Could not find wallet associated with ${this.user.address}`\n );\n }\n\n const { activity } = await this.turnkeyClient.exportWallet({\n organizationId: this.user.orgId,\n type: \"ACTIVITY_TYPE_EXPORT_WALLET\",\n timestampMs: Date.now().toString(),\n parameters: {\n walletId: walletAccount!.walletId,\n targetPublicKey: stamper.publicKey()!,\n },\n });\n\n const { exportBundle } = await this.pollActivityCompletion(\n activity,\n this.user.orgId,\n \"exportWalletResult\"\n );\n\n const result = await stamper.injectWalletExportBundle(exportBundle);\n\n if (!result) {\n throw new Error(\"Failed to inject wallet export bundle\");\n }\n\n return result;\n };\n\n private exportAsPrivateKey = async (stamper: ExportWalletStamper) => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n\n const { activity } = await this.turnkeyClient.exportWalletAccount({\n organizationId: this.user.orgId,\n type: \"ACTIVITY_TYPE_EXPORT_WALLET_ACCOUNT\",\n timestampMs: Date.now().toString(),\n parameters: {\n address: this.user.address,\n targetPublicKey: stamper.publicKey()!,\n },\n });\n\n const { exportBundle } = await this.pollActivityCompletion(\n activity,\n this.user.orgId,\n \"exportWalletAccountResult\"\n );\n\n const result = await stamper.injectKeyExportBundle(exportBundle);\n\n if (!result) {\n throw new Error(\"Failed to inject wallet export bundle\");\n }\n\n return result;\n };\n\n // eslint-disable-next-line eslint-rules/require-jsdoc-on-reexported-functions\n protected pollActivityCompletion = async <\n T extends keyof Awaited<\n ReturnType<(typeof this.turnkeyClient)[\"getActivity\"]>\n >[\"activity\"][\"result\"]\n >(\n activity: Awaited<\n ReturnType<(typeof this.turnkeyClient)[\"getActivity\"]>\n >[\"activity\"],\n organizationId: string,\n resultKey: T\n ): Promise<\n NonNullable<\n Awaited<\n ReturnType<(typeof this.turnkeyClient)[\"getActivity\"]>\n >[\"activity\"][\"result\"][T]\n >\n > => {\n if (activity.status === \"ACTIVITY_STATUS_COMPLETED\") {\n return activity.result[resultKey]!;\n }\n\n const {\n activity: { status, id, result },\n } = await this.turnkeyClient.getActivity({\n activityId: activity.id,\n organizationId,\n });\n\n if (status === \"ACTIVITY_STATUS_COMPLETED\") {\n return result[resultKey]!;\n }\n\n if (\n status === \"ACTIVITY_STATUS_FAILED\" ||\n status === \"ACTIVITY_STATUS_REJECTED\" ||\n status === \"ACTIVITY_STATUS_CONSENSUS_NEEDED\"\n ) {\n throw new Error(\n `Failed to get activity with with id ${id} (status: ${status})`\n );\n }\n\n // TODO: add ability to configure this + add exponential backoff\n await new Promise((resolve) => setTimeout(resolve, 500));\n\n return this.pollActivityCompletion(activity, organizationId, resultKey);\n };\n // #endregion\n}\n"]}
|
|
1
|
+
{"version":3,"file":"base.js","sourceRoot":"","sources":["../../../src/client/base.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAyB,MAAM,cAAc,CAAC;AAC7E,OAAO,EAAE,aAAa,EAAuB,MAAM,eAAe,CAAC;AACnE,OAAO,YAAY,MAAM,eAAe,CAAC;AACzC,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,EAAE,MAAM,EAAY,MAAM,MAAM,CAAC;AACxC,OAAO,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AAC1E,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAC9D,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AAoBpE,OAAO,EAAE,iBAAiB,EAAE,wBAAwB,EAAE,MAAM,aAAa,CAAC;AAe1E;;GAEG;AACH,MAAM,OAAgB,gBAAgB;IAOpC;;;;OAIG;IACH,YAAY,MAA8B;QAXlC;;;;;WAAwB;QACxB;;;;;WAAmC;QACjC;;;;;WAA6B;QAC7B;;;;;WAAgB;QAChB;;;;;WAAsD;QACtD;;;;;WAAqC;QAiB/C;;;;WAIG;QACI;;;;mBAAY,KAAK,IAA0B,EAAE;gBAClD,IAAI,CAAC,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;gBAC/C,OAAO,IAAI,CAAC,WAAW,CAAC;YAC1B,CAAC;WAAC;QA2FF,aAAa;QAEb,yBAAyB;QAEzB;;;;;;WAMG;QACI;;;;mBAAK,CACV,KAAQ,EACR,QAAsC,EACtC,EAAE;gBACF,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE,QAAe,CAAC,CAAC;gBAE7C,OAAO,GAAG,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC,KAAK,EAAE,QAAe,CAAC,CAAC;YACxE,CAAC;WAAC;QAEF;;;;;;WAMG;QACI;;;;mBAAa,KAAK,EAAE,OAAkC,EAAE,EAAE;gBAC/D,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBACD,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAClE,OAAO,CACR,CAAC;gBAEF,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,oBAAoB,CAAC;oBACjE,IAAI,EAAE,wCAAwC;oBAC9C,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,UAAU,EAAE;wBACV,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM;wBACxB,cAAc,EAAE;4BACd;gCACE,WAAW;gCACX,iBAAiB,EAAE,WAAW,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,EAAE;gCACrD,SAAS,EAAE,eAAe,CAAC,SAAS,CAAC;6BACtC;yBACF;qBACF;iBACF,CAAC,CAAC;gBAEH,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAC5D,QAAQ,EACR,IAAI,CAAC,IAAI,CAAC,KAAK,EACf,4BAA4B,CAC7B,CAAC;gBAEF,OAAO,gBAAgB,CAAC;YAC1B,CAAC;WAAC;QAEF;;;;;;;WAOG;QACI;;;;mBAAS,KAAK,EACnB,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,KAAK,EACxB,OAAgB,EACD,EAAE;gBACjB,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;oBACd,OAAO,IAAI,CAAC,IAAI,CAAC;gBACnB,CAAC;gBAED,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;gBACvC,CAAC;gBAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC;oBAC7D,cAAc,EAAE,KAAK;iBACtB,CAAC,CAAC;gBAEH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE;oBAC5C,cAAc;iBACf,CAAC,CAAC;gBAEH,IAAI,OAAO,EAAE,CAAC;oBACZ,MAAM,MAAM,GAA4B,SAAS,CAAC,OAAO,CAAC,CAAC;oBAC3D,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;oBACvB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;oBACrB,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;wBACrC,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;oBAC5B,CAAC;gBACH,CAAC;gBAED,MAAM,YAAY,GAAG,CAAC,GAAG,EAAE;oBACzB,IAAI,CAAC;wBACH,OAAO,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,gBAAgB,CAAC;6BACtD,YAAsB,CAAC;oBAC5B,CAAC;oBAAC,OAAO,CAAC,EAAE,CAAC;wBACX,OAAO,SAAS,CAAC;oBACnB,CAAC;gBACH,CAAC,CAAC,EAAE,CAAC;gBAEL,IAAI,CAAC,IAAI,GAAG;oBACV,GAAG,IAAI;oBACP,YAAY;iBACb,CAAC;gBAEF,OAAO,IAAI,CAAC,IAAI,CAAC;YACnB,CAAC;WAAC;QAEF;;;;;;;;WAQG;QACI;;;;mBAAc,KAAK,IAA6B,EAAE;gBACvD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;gBAC1E,CAAC;gBAED,OAAO,MAAM,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC;oBAC7C,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;iBAChC,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;WAKG;QACI;;;;mBAAoB,KAAK,EAAE,KAAa,EAAE,EAAE;gBACjD,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YAC/C,CAAC;WAAC;QAEF;;;;;;;WAOG;QACI;;;;mBAAiB,KAAK,EAAE,GAAQ,EAAgB,EAAE;gBACvD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC;oBAClE,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,IAAI,EAAE,mCAAmC;oBACzC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,UAAU,EAAE;wBACV,QAAQ,EAAE,8BAA8B;wBACxC,YAAY,EAAE,qBAAqB;wBACnC,OAAO,EAAE,GAAG;wBACZ,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO;qBAC5B;iBACF,CAAC,CAAC;gBAEH,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE;oBAC3D,cAAc;iBACf,CAAC,CAAC;gBAEH,OAAO,SAAS,CAAC;YACnB,CAAC;WAAC;QAEF;;;;WAIG;QACI;;;;mBAAU,GAAgB,EAAE;gBACjC,OAAO,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC;YAC3B,CAAC;WAAC;QAEF;;;;;;;WAOG;QACI;;;;mBAAU,KAAK,EACpB,KAAQ,EACR,IAAmB,EACS,EAAE;gBAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,gBAAgB,CAAC,MAAM,IAAI,2BAA2B,CAAC;gBAExE,MAAM,QAAQ,GAAG,SAAS,CAAC;gBAE3B,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;gBAC9B,OAAO,CAAC,MAAM,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;gBACnD,IAAI,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC;oBACjC,OAAO,CAAC,MAAM,CAAC,eAAe,EAAE,UAAU,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC;gBAC5E,CAAC;qBAAM,IAAI,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,CAAC;oBACrC,OAAO,CAAC,MAAM,CAAC,eAAe,EAAE,UAAU,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,CAAC,CAAC;gBACzE,CAAC;gBAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,GAAG,GAAG,QAAQ,GAAG,KAAK,EAAE,EAAE;oBACxD,MAAM,EAAE,MAAM;oBACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;oBAC1B,OAAO;iBACR,CAAC,CAAC;gBAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;oBACjB,MAAM,IAAI,KAAK,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;gBACzC,CAAC;gBAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAEnC,OAAO,IAAyB,CAAC;YACnC,CAAC;WAAC;QAEF,aAAa;QAEb,0BAA0B;QAClB;;;;mBAAqB,KAAK,EAAE,OAA4B,EAAE,EAAE;gBAClE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC;oBACtD,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;iBAChC,CAAC,CAAC;gBAEH,MAAM,cAAc,GAAG,MAAM,OAAO,CAAC,GAAG,CACtC,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAC3B,IAAI,CAAC,aAAa,CAAC,iBAAiB,CAAC;oBACnC,cAAc,EAAE,IAAI,CAAC,IAAK,CAAC,KAAK;oBAChC,QAAQ;iBACT,CAAC,CACH,CACF,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAE5C,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,CACvC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,IAAI,CAAC,IAAK,CAAC,OAAO,CACxC,CAAC;gBAEF,IAAI,CAAC,aAAa,EAAE,CAAC;oBACnB,MAAM,IAAI,KAAK,CACb,yCAAyC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAC7D,CAAC;gBACJ,CAAC;gBAED,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC;oBACzD,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,IAAI,EAAE,6BAA6B;oBACnC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,UAAU,EAAE;wBACV,QAAQ,EAAE,aAAc,CAAC,QAAQ;wBACjC,eAAe,EAAE,OAAO,CAAC,SAAS,EAAG;qBACtC;iBACF,CAAC,CAAC;gBAEH,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,IAAI,CAAC,sBAAsB,CACxD,QAAQ,EACR,IAAI,CAAC,IAAI,CAAC,KAAK,EACf,oBAAoB,CACrB,CAAC;gBAEF,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,wBAAwB,CAAC,YAAY,CAAC,CAAC;gBAEpE,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;gBAC3D,CAAC;gBAED,OAAO,MAAM,CAAC;YAChB,CAAC;WAAC;QAEM;;;;mBAAqB,KAAK,EAAE,OAA4B,EAAE,EAAE;gBAClE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC;oBAChE,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,IAAI,EAAE,qCAAqC;oBAC3C,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,UAAU,EAAE;wBACV,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO;wBAC1B,eAAe,EAAE,OAAO,CAAC,SAAS,EAAG;qBACtC;iBACF,CAAC,CAAC;gBAEH,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,IAAI,CAAC,sBAAsB,CACxD,QAAQ,EACR,IAAI,CAAC,IAAI,CAAC,KAAK,EACf,2BAA2B,CAC5B,CAAC;gBAEF,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC;gBAEjE,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;gBAC3D,CAAC;gBAED,OAAO,MAAM,CAAC;YAChB,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAgCG;QACO;;;;mBAAsB,KAAK,EACnC,IAA6B,EACZ,EAAE;gBACnB,MAAM,EACJ,WAAW,EACX,gBAAgB,EAChB,gBAAgB,EAChB,WAAW,EACX,eAAe,GAAG,IAAI,GACvB,GAAG,IAAI,CAAC;gBAET,MAAM,EACJ,cAAc,EACd,gBAAgB,EAChB,eAAe,EACf,KAAK,EAAE,aAAa,EACpB,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,WAAW,EACX,iBAAiB,GAClB,GAAG,WAAW,CAAC;gBAEhB,MAAM,EAAE,aAAa,EAAE,UAAU,EAAE,aAAa,EAAE,GAChD,WAAW,IAAI,CAAC,MAAM,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC;gBAE1D,IAAI,CAAC,aAAa,EAAE,CAAC;oBACnB,MAAM,IAAI,mBAAmB,EAAE,CAAC;gBAClC,CAAC;gBAED,MAAM,YAAY,GAAG,aAAa,CAAC,IAAI,CACrC,CAAC,QAAQ,EAAE,EAAE,CACX,QAAQ,CAAC,EAAE,KAAK,cAAc;oBAC9B,CAAC,CAAC,QAAQ,CAAC,gBAAgB,KAAK,CAAC,CAAC,gBAAgB,CACrD,CAAC;gBAEF,IAAI,CAAC,YAAY,EAAE,CAAC;oBAClB,MAAM,IAAI,KAAK,CAAC,kCAAkC,cAAc,EAAE,CAAC,CAAC;gBACtE,CAAC;gBAED,IAAI,KAAa,CAAC;gBAClB,IAAI,MAA0B,CAAC;gBAE/B,IAAI,aAAa,EAAE,CAAC;oBAClB,KAAK,GAAG,iBAAiB,CAAC,aAAa,CAAC,CAAC;oBACzC,MAAM,GAAG,cAAc,CAAC;gBAC1B,CAAC;qBAAM,CAAC;oBACN,IAAI,gBAAgB,EAAE,CAAC;wBACrB,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;oBAClE,CAAC;oBACD,MAAM,cAAc,GAAG,wBAAwB,CAAC,cAAc,CAAC,CAAC;oBAChE,IAAI,CAAC,cAAc,EAAE,CAAC;wBACpB,MAAM,IAAI,KAAK,CACb,wCAAwC,cAAc,EAAE,CACzD,CAAC;oBACJ,CAAC;oBACD,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,cAAc,CAAC,CAAC;gBACvC,CAAC;gBACD,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,YAAY,CAAC;gBAEhD,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC;gBACnD,MAAM,WAAW,GAAe;oBAC9B,cAAc;oBACd,gBAAgB;oBAChB,UAAU;oBACV,gBAAgB;oBAChB,iBAAiB;oBACjB,WAAW,EACT,IAAI,KAAK,UAAU;wBACjB,CAAC,CAAC,eAAe;4BACf,CAAC,CAAC,kBAAkB,CAAC,WAAW,CAAC;4BACjC,CAAC,CAAC,WAAW;wBACf,CAAC,CAAC,SAAS;oBACf,YAAY,EAAE,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;iBACpE,CAAC;gBACF,MAAM,KAAK,GAAG,eAAe,CAC3B,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,CACtD,CAAC;gBACF,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC;gBACtC,MAAM,MAAM,GAA2B;oBACrC,YAAY,EAAE,gBAAgB;oBAC9B,aAAa,EAAE,MAAM;oBACrB,KAAK;oBACL,KAAK;oBACL,cAAc,EAAE,aAAa;oBAC7B,qBAAqB,EAAE,MAAM;oBAC7B,MAAM,EAAE,gBAAgB;oBACxB,SAAS,EAAE,QAAQ;oBACnB,KAAK;iBACN,CAAC;gBACF,IAAI,MAAM,EAAE,CAAC;oBACX,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC;gBACzB,CAAC;gBACD,IAAI,eAAe,EAAE,CAAC;oBACpB,MAAM,CAAC,UAAU,GAAG,eAAe,CAAC;gBACtC,CAAC;gBAED,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;oBACpC,MAAM,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;gBACrE,CAAC,CAAC,CAAC;gBAEH,MAAM,CAAC,OAAO,EAAE,YAAY,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAExD,OAAO,GAAG,OAAO,EAAE,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,YAAY,EAAE,CAAC;YAC1D,CAAC;WAAC;QAEM;;;;mBAAwB,KAAK,EACnC,IAAe,EACO,EAAE;gBACxB,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;oBACrB,OAAO,IAAI,CAAC,WAAW,CAAC;gBAC1B,CAAC;qBAAM,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;oBAC/B,OAAO,IAAI,CAAC,SAAS,EAAE,CAAC;gBAC1B,CAAC;qBAAM,CAAC;oBACN,MAAM,IAAI,KAAK,CACb,+HAA+H,CAChI,CAAC;gBACJ,CAAC;YACH,CAAC;WAAC;QAEF,8EAA8E;QACpE;;;;mBAAyB,KAAK,EAKtC,QAEa,EACb,cAAsB,EACtB,SAAY,EAOZ,EAAE;gBACF,IAAI,QAAQ,CAAC,MAAM,KAAK,2BAA2B,EAAE,CAAC;oBACpD,OAAO,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAE,CAAC;gBACrC,CAAC;gBAED,MAAM,EACJ,QAAQ,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,GACjC,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC;oBACvC,UAAU,EAAE,QAAQ,CAAC,EAAE;oBACvB,cAAc;iBACf,CAAC,CAAC;gBAEH,IAAI,MAAM,KAAK,2BAA2B,EAAE,CAAC;oBAC3C,OAAO,MAAM,CAAC,SAAS,CAAE,CAAC;gBAC5B,CAAC;gBAED,IACE,MAAM,KAAK,wBAAwB;oBACnC,MAAM,KAAK,0BAA0B;oBACrC,MAAM,KAAK,kCAAkC,EAC7C,CAAC;oBACD,MAAM,IAAI,KAAK,CACb,uCAAuC,EAAE,aAAa,MAAM,GAAG,CAChE,CAAC;gBACJ,CAAC;gBAED,gEAAgE;gBAChE,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC;gBAEzD,OAAO,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,cAAc,EAAE,SAAS,CAAC,CAAC;YAC1E,CAAC;WAAC;QACF,aAAa;QAEb;;;;;WAKG;QACO;;;;mBAAgB,CAAC,gBAAwB,EAAU,EAAE;gBAC7D,OAAO,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACrE,CAAC;WAAC;QApnBA,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;QAClD,IAAI,CAAC,OAAO,GAAG,SAAS,IAAI,sCAAsC,CAAC;QACnE,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,EAA6B,CAAC;QAClE,IAAI,CAAC,gBAAgB,GAAG,sBAAsB,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QACjE,IAAI,CAAC,aAAa,GAAG,IAAI,aAAa,CACpC,EAAE,OAAO,EAAE,yBAAyB,EAAE,EACtC,OAAO,CACR,CAAC;IACJ,CAAC;IAYD,IAAc,IAAI;QAChB,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,IAAc,IAAI,CAAC,IAAsB;QACvC,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;YACxB,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;QAC5C,CAAC;aAAM,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC/B,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACzC,CAAC;QAED,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;IACpB,CAAC;IAED;;;;OAIG;IACO,UAAU,CAAC,OAAiC;QACpD,IAAI,CAAC,aAAa,CAAC,OAAO,GAAG,OAAO,CAAC;IACvC,CAAC;IAED;;;;;;;OAOG;IACO,iBAAiB,CAAC,MAG3B;QACC,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC;QAC5B,QAAQ,QAAQ,EAAE,CAAC;YACjB,KAAK,aAAa;gBAChB,OAAO,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YACvD,KAAK,aAAa;gBAChB,OAAO,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YACvD;gBACE,WAAW,CAAC,QAAQ,EAAE,wBAAwB,QAAQ,EAAE,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;CAqjBF","sourcesContent":["import { ConnectionConfigSchema, type ConnectionConfig } from \"@aa-sdk/core\";\nimport { TurnkeyClient, type TSignedRequest } from \"@turnkey/http\";\nimport EventEmitter from \"eventemitter3\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { sha256, type Hex } from \"viem\";\nimport { NotAuthenticatedError, OAuthProvidersError } from \"../errors.js\";\nimport { base64UrlEncode } from \"../utils/base64UrlEncode.js\";\nimport { assertNever } from \"../utils/typeAssertions.js\";\nimport { resolveRelativeUrl } from \"../utils/resolveRelativeUrl.js\";\nimport type {\n AlchemySignerClientEvent,\n AlchemySignerClientEvents,\n AuthenticatingEventMetadata,\n CreateAccountParams,\n EmailAuthParams,\n GetOauthProviderUrlArgs,\n GetWebAuthnAttestationResult,\n OauthConfig,\n OauthParams,\n OauthState,\n OtpParams,\n SignerBody,\n SignerResponse,\n SignerRoutes,\n SignupResponse,\n User,\n} from \"./types.js\";\nimport type { OauthMode } from \"../signer.js\";\nimport { addOpenIdIfAbsent, getDefaultScopeAndClaims } from \"../oauth.js\";\n\nexport interface BaseSignerClientParams {\n stamper: TurnkeyClient[\"stamper\"];\n connection: ConnectionConfig;\n rootOrgId?: string;\n rpId?: string;\n}\n\nexport type ExportWalletStamper = TurnkeyClient[\"stamper\"] & {\n injectWalletExportBundle(bundle: string): Promise<boolean>;\n injectKeyExportBundle(bundle: string): Promise<boolean>;\n publicKey(): string | null;\n};\n\n/**\n * Base class for all Alchemy Signer clients\n */\nexport abstract class BaseSignerClient<TExportWalletParams = unknown> {\n private _user: User | undefined;\n private connectionConfig: ConnectionConfig;\n protected turnkeyClient: TurnkeyClient;\n protected rootOrg: string;\n protected eventEmitter: EventEmitter<AlchemySignerClientEvents>;\n protected oauthConfig: OauthConfig | undefined;\n /**\n * Create a new instance of the Alchemy Signer client\n *\n * @param {BaseSignerClientParams} params the parameters required to create the client\n */\n constructor(params: BaseSignerClientParams) {\n const { stamper, connection, rootOrgId } = params;\n this.rootOrg = rootOrgId ?? \"24c1acf5-810f-41e0-a503-d5d13fa8e830\";\n this.eventEmitter = new EventEmitter<AlchemySignerClientEvents>();\n this.connectionConfig = ConnectionConfigSchema.parse(connection);\n this.turnkeyClient = new TurnkeyClient(\n { baseUrl: \"https://api.turnkey.com\" },\n stamper\n );\n }\n\n /**\n * Asynchronously fetches and sets the OAuth configuration.\n *\n * @returns {Promise<OauthConfig>} A promise that resolves to the OAuth configuration\n */\n public initOauth = async (): Promise<OauthConfig> => {\n this.oauthConfig = await this.getOauthConfig();\n return this.oauthConfig;\n };\n\n protected get user() {\n return this._user;\n }\n\n protected set user(user: User | undefined) {\n if (user && !this._user) {\n this.eventEmitter.emit(\"connected\", user);\n } else if (!user && this._user) {\n this.eventEmitter.emit(\"disconnected\");\n }\n\n this._user = user;\n }\n\n /**\n * Sets the stamper of the TurnkeyClient.\n *\n * @param {TurnkeyClient[\"stamper\"]} stamper the stamper function to set for the TurnkeyClient\n */\n protected setStamper(stamper: TurnkeyClient[\"stamper\"]) {\n this.turnkeyClient.stamper = stamper;\n }\n\n /**\n * Exports wallet credentials based on the specified type, either as a SEED_PHRASE or PRIVATE_KEY.\n *\n * @param {object} params The parameters for exporting the wallet\n * @param {ExportWalletStamper} params.exportStamper The stamper used for exporting the wallet\n * @param {\"SEED_PHRASE\" | \"PRIVATE_KEY\"} params.exportAs Specifies the format for exporting the wallet, either as a SEED_PHRASE or PRIVATE_KEY\n * @returns {Promise<boolean>} A promise that resolves to true if the export is successful\n */\n protected exportWalletInner(params: {\n exportStamper: ExportWalletStamper;\n exportAs: \"SEED_PHRASE\" | \"PRIVATE_KEY\";\n }): Promise<boolean> {\n const { exportAs } = params;\n switch (exportAs) {\n case \"PRIVATE_KEY\":\n return this.exportAsPrivateKey(params.exportStamper);\n case \"SEED_PHRASE\":\n return this.exportAsSeedPhrase(params.exportStamper);\n default:\n assertNever(exportAs, `Unknown export mode: ${exportAs}`);\n }\n }\n\n // #region ABSTRACT METHODS\n\n public abstract createAccount(\n params: CreateAccountParams\n ): Promise<SignupResponse>;\n\n public abstract initEmailAuth(\n params: Omit<EmailAuthParams, \"targetPublicKey\">\n ): Promise<{ orgId: string; otpId?: string }>;\n\n public abstract completeAuthWithBundle(params: {\n bundle: string;\n orgId: string;\n connectedEventName: keyof AlchemySignerClientEvents;\n authenticatingType: AuthenticatingEventMetadata[\"type\"];\n idToken?: string;\n }): Promise<User>;\n\n public abstract oauthWithRedirect(\n args: Extract<OauthParams, { mode: \"redirect\" }>\n ): Promise<User | never>;\n\n public abstract oauthWithPopup(\n args: Extract<OauthParams, { mode: \"popup\" }>\n ): Promise<User>;\n\n public abstract submitOtpCode(\n args: Omit<OtpParams, \"targetPublicKey\">\n ): Promise<{ bundle: string }>;\n\n public abstract disconnect(): Promise<void>;\n\n public abstract exportWallet(params: TExportWalletParams): Promise<boolean>;\n\n public abstract lookupUserWithPasskey(user?: User): Promise<User>;\n\n protected abstract getOauthConfig(): Promise<OauthConfig>;\n\n protected abstract getWebAuthnAttestation(\n options: CredentialCreationOptions,\n userDetails?: { username: string }\n ): Promise<GetWebAuthnAttestationResult>;\n\n // #endregion\n\n // #region PUBLIC METHODS\n\n /**\n * Listen to events emitted by the client\n *\n * @param {AlchemySignerClientEvent} event the event you want to listen to\n * @param {AlchemySignerClientEvents[AlchemySignerClientEvent]} listener the callback function to execute when an event is fired\n * @returns {() => void} a function that will remove the listener when called\n */\n public on = <E extends AlchemySignerClientEvent>(\n event: E,\n listener: AlchemySignerClientEvents[E]\n ) => {\n this.eventEmitter.on(event, listener as any);\n\n return () => this.eventEmitter.removeListener(event, listener as any);\n };\n\n /**\n * Handles the creation of authenticators using WebAuthn attestation and the provided options. Requires the user to be authenticated.\n *\n * @param {CredentialCreationOptions} options The options used to create the WebAuthn attestation\n * @returns {Promise<string[]>} A promise that resolves to an array of authenticator IDs\n * @throws {NotAuthenticatedError} If the user is not authenticated\n */\n public addPasskey = async (options: CredentialCreationOptions) => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n const { attestation, challenge } = await this.getWebAuthnAttestation(\n options\n );\n\n const { activity } = await this.turnkeyClient.createAuthenticators({\n type: \"ACTIVITY_TYPE_CREATE_AUTHENTICATORS_V2\",\n timestampMs: Date.now().toString(),\n organizationId: this.user.orgId,\n parameters: {\n userId: this.user.userId,\n authenticators: [\n {\n attestation,\n authenticatorName: `passkey-${Date.now().toString()}`,\n challenge: base64UrlEncode(challenge),\n },\n ],\n },\n });\n\n const { authenticatorIds } = await this.pollActivityCompletion(\n activity,\n this.user.orgId,\n \"createAuthenticatorsResult\"\n );\n\n return authenticatorIds;\n };\n\n /**\n * Retrieves the current user or fetches the user information if not already available.\n *\n * @param {string} [orgId] optional organization ID, defaults to the user's organization ID\n * @param {string} idToken an OIDC ID token containing additional user information\n * @returns {Promise<User>} A promise that resolves to the user object\n * @throws {Error} if no organization ID is provided when there is no current user\n */\n public whoami = async (\n orgId = this.user?.orgId,\n idToken?: string\n ): Promise<User> => {\n if (this.user) {\n return this.user;\n }\n\n if (!orgId) {\n throw new Error(\"No orgId provided\");\n }\n\n const stampedRequest = await this.turnkeyClient.stampGetWhoami({\n organizationId: orgId,\n });\n\n const user = await this.request(\"/v1/whoami\", {\n stampedRequest,\n });\n\n if (idToken) {\n const claims: Record<string, unknown> = jwtDecode(idToken);\n user.idToken = idToken;\n user.claims = claims;\n if (typeof claims.email === \"string\") {\n user.email = claims.email;\n }\n }\n\n const credentialId = (() => {\n try {\n return JSON.parse(stampedRequest?.stamp.stampHeaderValue)\n .credentialId as string;\n } catch (e) {\n return undefined;\n }\n })();\n\n this.user = {\n ...user,\n credentialId,\n };\n\n return this.user;\n };\n\n /**\n * Generates a stamped whoami request for the current user. This request can then be used to call /signer/v1/whoami to get the user information.\n * This is useful if you want to get the user information in a different context like a server. You can pass the stamped request to the server\n * and then call our API to get the user information. Using this stamp is the most trusted way to get the user information since a stamp can only\n * belong to the user who created it.\n *\n * @returns {Promise<TSignedRequest>} a promise that resolves to the \"whoami\" information for the logged in user\n * @throws {Error} if no organization ID is provided\n */\n public stampWhoami = async (): Promise<TSignedRequest> => {\n if (!this.user) {\n throw new Error(\"User must be authenticated to stamp a whoami request\");\n }\n\n return await this.turnkeyClient.stampGetWhoami({\n organizationId: this.user.orgId,\n });\n };\n\n /**\n * Looks up information based on an email address.\n *\n * @param {string} email the email address to look up\n * @returns {Promise<any>} the result of the lookup request\n */\n public lookupUserByEmail = async (email: string) => {\n return this.request(\"/v1/lookup\", { email });\n };\n\n /**\n * This will sign a message with the user's private key, without doing any transformations on the message.\n * For SignMessage or SignTypedData, the caller should hash the message before calling this method and pass\n * that result here.\n *\n * @param {Hex} msg the hex representation of the bytes to sign\n * @returns {Promise<Hex>} the signature over the raw hex\n */\n public signRawMessage = async (msg: Hex): Promise<Hex> => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n\n const stampedRequest = await this.turnkeyClient.stampSignRawPayload({\n organizationId: this.user.orgId,\n type: \"ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2\",\n timestampMs: Date.now().toString(),\n parameters: {\n encoding: \"PAYLOAD_ENCODING_HEXADECIMAL\",\n hashFunction: \"HASH_FUNCTION_NO_OP\",\n payload: msg,\n signWith: this.user.address,\n },\n });\n\n const { signature } = await this.request(\"/v1/sign-payload\", {\n stampedRequest,\n });\n\n return signature;\n };\n\n /**\n * Returns the current user or null if no user is set.\n *\n * @returns {User | null} the current user object or null if no user is available\n */\n public getUser = (): User | null => {\n return this.user ?? null;\n };\n\n /**\n * Sends a POST request to the given signer route with the specified body and returns the response.\n * Not intended to be used directly, use the specific methods instead on the client instead.\n *\n * @param {SignerRoutes} route The route to which the request should be sent\n * @param {SignerBody<R>} body The request body containing the data to be sent\n * @returns {Promise<SignerResponse<R>>} A promise that resolves to the response from the signer\n */\n public request = async <R extends SignerRoutes>(\n route: R,\n body: SignerBody<R>\n ): Promise<SignerResponse<R>> => {\n const url = this.connectionConfig.rpcUrl ?? \"https://api.g.alchemy.com\";\n\n const basePath = \"/signer\";\n\n const headers = new Headers();\n headers.append(\"Content-Type\", \"application/json\");\n if (this.connectionConfig.apiKey) {\n headers.append(\"Authorization\", `Bearer ${this.connectionConfig.apiKey}`);\n } else if (this.connectionConfig.jwt) {\n headers.append(\"Authorization\", `Bearer ${this.connectionConfig.jwt}`);\n }\n\n const response = await fetch(`${url}${basePath}${route}`, {\n method: \"POST\",\n body: JSON.stringify(body),\n headers,\n });\n\n if (!response.ok) {\n throw new Error(await response.text());\n }\n\n const json = await response.json();\n\n return json as SignerResponse<R>;\n };\n\n // #endregion\n\n // #region PRIVATE METHODS\n private exportAsSeedPhrase = async (stamper: ExportWalletStamper) => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n\n const { wallets } = await this.turnkeyClient.getWallets({\n organizationId: this.user.orgId,\n });\n\n const walletAccounts = await Promise.all(\n wallets.map(({ walletId }) =>\n this.turnkeyClient.getWalletAccounts({\n organizationId: this.user!.orgId,\n walletId,\n })\n )\n ).then((x) => x.flatMap((x) => x.accounts));\n\n const walletAccount = walletAccounts.find(\n (x) => x.address === this.user!.address\n );\n\n if (!walletAccount) {\n throw new Error(\n `Could not find wallet associated with ${this.user.address}`\n );\n }\n\n const { activity } = await this.turnkeyClient.exportWallet({\n organizationId: this.user.orgId,\n type: \"ACTIVITY_TYPE_EXPORT_WALLET\",\n timestampMs: Date.now().toString(),\n parameters: {\n walletId: walletAccount!.walletId,\n targetPublicKey: stamper.publicKey()!,\n },\n });\n\n const { exportBundle } = await this.pollActivityCompletion(\n activity,\n this.user.orgId,\n \"exportWalletResult\"\n );\n\n const result = await stamper.injectWalletExportBundle(exportBundle);\n\n if (!result) {\n throw new Error(\"Failed to inject wallet export bundle\");\n }\n\n return result;\n };\n\n private exportAsPrivateKey = async (stamper: ExportWalletStamper) => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n\n const { activity } = await this.turnkeyClient.exportWalletAccount({\n organizationId: this.user.orgId,\n type: \"ACTIVITY_TYPE_EXPORT_WALLET_ACCOUNT\",\n timestampMs: Date.now().toString(),\n parameters: {\n address: this.user.address,\n targetPublicKey: stamper.publicKey()!,\n },\n });\n\n const { exportBundle } = await this.pollActivityCompletion(\n activity,\n this.user.orgId,\n \"exportWalletAccountResult\"\n );\n\n const result = await stamper.injectKeyExportBundle(exportBundle);\n\n if (!result) {\n throw new Error(\"Failed to inject wallet export bundle\");\n }\n\n return result;\n };\n\n /**\n * Returns the authentication url for the selected OAuth Proivder\n *\n * @example\n * ```ts\n *\n * cosnt oauthParams = {\n * authProviderId: \"google\",\n * isCustomProvider: false,\n * auth0Connection: undefined,\n * scope: undefined,\n * claims: undefined,\n * mode: \"redirect\",\n * redirectUrl: \"https://your-url-path/oauth-return\",\n * expirationSeconds: 3000\n * };\n *\n * const turnkeyPublicKey = await this.initIframeStamper();\n * const oauthCallbackUrl = this.oauthCallbackUrl;\n * const oauthConfig = this.getOauthConfig() // Optional value for OauthConfig()\n * const usesRelativeUrl = true // Optional value to determine if we use a relative (or absolute) url for the `redirect_url`\n *\n * const oauthProviderUrl = getOauthProviderUrl({\n * oauthParams,\n * turnkeyPublicKey,\n * oauthCallbackUrl\n * })\n *\n * ```\n * @param {GetOauthProviderUrlArgs} args Required. The Oauth provider's auth parameters\n *\n * @returns {Promise<string>} returns the Oauth provider's url\n */\n protected getOauthProviderUrl = async (\n args: GetOauthProviderUrlArgs\n ): Promise<string> => {\n const {\n oauthParams,\n turnkeyPublicKey,\n oauthCallbackUrl,\n oauthConfig,\n usesRelativeUrl = true,\n } = args;\n\n const {\n authProviderId,\n isCustomProvider,\n auth0Connection,\n scope: providedScope,\n claims: providedClaims,\n mode,\n redirectUrl,\n expirationSeconds,\n } = oauthParams;\n\n const { codeChallenge, requestKey, authProviders } =\n oauthConfig ?? (await this.getOauthConfigForMode(mode));\n\n if (!authProviders) {\n throw new OAuthProvidersError();\n }\n\n const authProvider = authProviders.find(\n (provider) =>\n provider.id === authProviderId &&\n !!provider.isCustomProvider === !!isCustomProvider\n );\n\n if (!authProvider) {\n throw new Error(`No auth provider found with id ${authProviderId}`);\n }\n\n let scope: string;\n let claims: string | undefined;\n\n if (providedScope) {\n scope = addOpenIdIfAbsent(providedScope);\n claims = providedClaims;\n } else {\n if (isCustomProvider) {\n throw new Error(\"scope must be provided for a custom provider\");\n }\n const scopeAndClaims = getDefaultScopeAndClaims(authProviderId);\n if (!scopeAndClaims) {\n throw new Error(\n `Default scope not known for provider ${authProviderId}`\n );\n }\n ({ scope, claims } = scopeAndClaims);\n }\n const { authEndpoint, clientId } = authProvider;\n\n const nonce = this.getOauthNonce(turnkeyPublicKey);\n const stateObject: OauthState = {\n authProviderId,\n isCustomProvider,\n requestKey,\n turnkeyPublicKey,\n expirationSeconds,\n redirectUrl:\n mode === \"redirect\"\n ? usesRelativeUrl\n ? resolveRelativeUrl(redirectUrl)\n : redirectUrl\n : undefined,\n openerOrigin: mode === \"popup\" ? window.location.origin : undefined,\n };\n const state = base64UrlEncode(\n new TextEncoder().encode(JSON.stringify(stateObject))\n );\n const authUrl = new URL(authEndpoint);\n const params: Record<string, string> = {\n redirect_uri: oauthCallbackUrl,\n response_type: \"code\",\n scope,\n state,\n code_challenge: codeChallenge,\n code_challenge_method: \"S256\",\n prompt: \"select_account\",\n client_id: clientId,\n nonce,\n };\n if (claims) {\n params.claims = claims;\n }\n if (auth0Connection) {\n params.connection = auth0Connection;\n }\n\n Object.keys(params).forEach((param) => {\n params[param] && authUrl.searchParams.append(param, params[param]);\n });\n\n const [urlPath, searchParams] = authUrl.href.split(\"?\");\n\n return `${urlPath?.replace(/\\/$/, \"\")}?${searchParams}`;\n };\n\n private getOauthConfigForMode = async (\n mode: OauthMode\n ): Promise<OauthConfig> => {\n if (this.oauthConfig) {\n return this.oauthConfig;\n } else if (mode === \"redirect\") {\n return this.initOauth();\n } else {\n throw new Error(\n \"enablePopupOauth must be set in configuration or signer.preparePopupOauth must be called before using popup-based OAuth login\"\n );\n }\n };\n\n // eslint-disable-next-line eslint-rules/require-jsdoc-on-reexported-functions\n protected pollActivityCompletion = async <\n T extends keyof Awaited<\n ReturnType<(typeof this.turnkeyClient)[\"getActivity\"]>\n >[\"activity\"][\"result\"]\n >(\n activity: Awaited<\n ReturnType<(typeof this.turnkeyClient)[\"getActivity\"]>\n >[\"activity\"],\n organizationId: string,\n resultKey: T\n ): Promise<\n NonNullable<\n Awaited<\n ReturnType<(typeof this.turnkeyClient)[\"getActivity\"]>\n >[\"activity\"][\"result\"][T]\n >\n > => {\n if (activity.status === \"ACTIVITY_STATUS_COMPLETED\") {\n return activity.result[resultKey]!;\n }\n\n const {\n activity: { status, id, result },\n } = await this.turnkeyClient.getActivity({\n activityId: activity.id,\n organizationId,\n });\n\n if (status === \"ACTIVITY_STATUS_COMPLETED\") {\n return result[resultKey]!;\n }\n\n if (\n status === \"ACTIVITY_STATUS_FAILED\" ||\n status === \"ACTIVITY_STATUS_REJECTED\" ||\n status === \"ACTIVITY_STATUS_CONSENSUS_NEEDED\"\n ) {\n throw new Error(\n `Failed to get activity with with id ${id} (status: ${status})`\n );\n }\n\n // TODO: add ability to configure this + add exponential backoff\n await new Promise((resolve) => setTimeout(resolve, 500));\n\n return this.pollActivityCompletion(activity, organizationId, resultKey);\n };\n // #endregion\n\n /**\n * Turnkey requires the nonce in the id token to be in this format.\n *\n * @param {string} turnkeyPublicKey key from a Turnkey iframe\n * @returns {string} nonce to be used in OIDC\n */\n protected getOauthNonce = (turnkeyPublicKey: string): string => {\n return sha256(new TextEncoder().encode(turnkeyPublicKey)).slice(2);\n };\n}\n"]}
|
|
@@ -401,7 +401,6 @@ export declare class AlchemySignerWebClient extends BaseSignerClient<ExportWalle
|
|
|
401
401
|
type: "oauth";
|
|
402
402
|
mode: "popup";
|
|
403
403
|
}>) => Promise<User>;
|
|
404
|
-
private getOauthProviderUrl;
|
|
405
404
|
private initIframeStamper;
|
|
406
405
|
private initWebauthnStamper;
|
|
407
406
|
protected getWebAuthnAttestation: (options?: CredentialCreationOptionOverrides, userDetails?: {
|
|
@@ -417,7 +416,6 @@ export declare class AlchemySignerWebClient extends BaseSignerClient<ExportWalle
|
|
|
417
416
|
};
|
|
418
417
|
}>;
|
|
419
418
|
protected getOauthConfig: () => Promise<OauthConfig>;
|
|
420
|
-
private getOauthConfigForMode;
|
|
421
419
|
}
|
|
422
420
|
/**
|
|
423
421
|
* This error is thrown when the OAuth flow is cancelled because the auth popup
|
package/dist/esm/client/index.js
CHANGED
|
@@ -3,8 +3,6 @@ import { getWebAuthnAttestation } from "@turnkey/http";
|
|
|
3
3
|
import { IframeStamper } from "@turnkey/iframe-stamper";
|
|
4
4
|
import { WebauthnStamper } from "@turnkey/webauthn-stamper";
|
|
5
5
|
import { z } from "zod";
|
|
6
|
-
import { OAuthProvidersError } from "../errors.js";
|
|
7
|
-
import { getDefaultScopeAndClaims, getOauthNonce } from "../oauth.js";
|
|
8
6
|
import { base64UrlEncode } from "../utils/base64UrlEncode.js";
|
|
9
7
|
import { generateRandomBuffer } from "../utils/generateRandomBuffer.js";
|
|
10
8
|
import { BaseSignerClient } from "./base.js";
|
|
@@ -387,7 +385,13 @@ export class AlchemySignerWebClient extends BaseSignerClient {
|
|
|
387
385
|
configurable: true,
|
|
388
386
|
writable: true,
|
|
389
387
|
value: async (args) => {
|
|
390
|
-
const
|
|
388
|
+
const turnkeyPublicKey = await this.initIframeStamper();
|
|
389
|
+
const oauthParams = args;
|
|
390
|
+
const providerUrl = await this.getOauthProviderUrl({
|
|
391
|
+
oauthParams,
|
|
392
|
+
turnkeyPublicKey,
|
|
393
|
+
oauthCallbackUrl: this.oauthCallbackUrl,
|
|
394
|
+
});
|
|
391
395
|
window.location.href = providerUrl;
|
|
392
396
|
return new Promise((_, reject) => setTimeout(() => reject("Failed to redirect to OAuth provider"), 1000));
|
|
393
397
|
}
|
|
@@ -423,7 +427,13 @@ export class AlchemySignerWebClient extends BaseSignerClient {
|
|
|
423
427
|
configurable: true,
|
|
424
428
|
writable: true,
|
|
425
429
|
value: async (args) => {
|
|
426
|
-
const
|
|
430
|
+
const turnkeyPublicKey = await this.initIframeStamper();
|
|
431
|
+
const oauthParams = args;
|
|
432
|
+
const providerUrl = await this.getOauthProviderUrl({
|
|
433
|
+
oauthParams,
|
|
434
|
+
turnkeyPublicKey,
|
|
435
|
+
oauthCallbackUrl: this.oauthCallbackUrl,
|
|
436
|
+
});
|
|
427
437
|
const popup = window.open(providerUrl, "_blank", "popup,width=500,height=600");
|
|
428
438
|
const eventEmitter = this.eventEmitter;
|
|
429
439
|
return new Promise((resolve, reject) => {
|
|
@@ -468,72 +478,6 @@ export class AlchemySignerWebClient extends BaseSignerClient {
|
|
|
468
478
|
});
|
|
469
479
|
}
|
|
470
480
|
});
|
|
471
|
-
Object.defineProperty(this, "getOauthProviderUrl", {
|
|
472
|
-
enumerable: true,
|
|
473
|
-
configurable: true,
|
|
474
|
-
writable: true,
|
|
475
|
-
value: async (args) => {
|
|
476
|
-
const { authProviderId, isCustomProvider, auth0Connection, scope: providedScope, claims: providedClaims, mode, redirectUrl, expirationSeconds, } = args;
|
|
477
|
-
const { codeChallenge, requestKey, authProviders } = await this.getOauthConfigForMode(mode);
|
|
478
|
-
if (!authProviders) {
|
|
479
|
-
throw new OAuthProvidersError();
|
|
480
|
-
}
|
|
481
|
-
const authProvider = authProviders.find((provider) => provider.id === authProviderId &&
|
|
482
|
-
!!provider.isCustomProvider === !!isCustomProvider);
|
|
483
|
-
if (!authProvider) {
|
|
484
|
-
throw new Error(`No auth provider found with id ${authProviderId}`);
|
|
485
|
-
}
|
|
486
|
-
let scope;
|
|
487
|
-
let claims;
|
|
488
|
-
if (providedScope) {
|
|
489
|
-
scope = addOpenIdIfAbsent(providedScope);
|
|
490
|
-
claims = providedClaims;
|
|
491
|
-
}
|
|
492
|
-
else {
|
|
493
|
-
if (isCustomProvider) {
|
|
494
|
-
throw new Error("scope must be provided for a custom provider");
|
|
495
|
-
}
|
|
496
|
-
const scopeAndClaims = getDefaultScopeAndClaims(authProviderId);
|
|
497
|
-
if (!scopeAndClaims) {
|
|
498
|
-
throw new Error(`Default scope not known for provider ${authProviderId}`);
|
|
499
|
-
}
|
|
500
|
-
({ scope, claims } = scopeAndClaims);
|
|
501
|
-
}
|
|
502
|
-
const { authEndpoint, clientId } = authProvider;
|
|
503
|
-
const turnkeyPublicKey = await this.initIframeStamper();
|
|
504
|
-
const nonce = getOauthNonce(turnkeyPublicKey);
|
|
505
|
-
const stateObject = {
|
|
506
|
-
authProviderId,
|
|
507
|
-
isCustomProvider,
|
|
508
|
-
requestKey,
|
|
509
|
-
turnkeyPublicKey,
|
|
510
|
-
expirationSeconds,
|
|
511
|
-
redirectUrl: mode === "redirect" ? resolveRelativeUrl(redirectUrl) : undefined,
|
|
512
|
-
openerOrigin: mode === "popup" ? window.location.origin : undefined,
|
|
513
|
-
};
|
|
514
|
-
const state = base64UrlEncode(new TextEncoder().encode(JSON.stringify(stateObject)));
|
|
515
|
-
const authUrl = new URL(authEndpoint);
|
|
516
|
-
const params = {
|
|
517
|
-
redirect_uri: this.oauthCallbackUrl,
|
|
518
|
-
response_type: "code",
|
|
519
|
-
scope,
|
|
520
|
-
state,
|
|
521
|
-
code_challenge: codeChallenge,
|
|
522
|
-
code_challenge_method: "S256",
|
|
523
|
-
prompt: "select_account",
|
|
524
|
-
client_id: clientId,
|
|
525
|
-
nonce,
|
|
526
|
-
};
|
|
527
|
-
if (claims) {
|
|
528
|
-
params.claims = claims;
|
|
529
|
-
}
|
|
530
|
-
if (auth0Connection) {
|
|
531
|
-
params.connection = auth0Connection;
|
|
532
|
-
}
|
|
533
|
-
authUrl.search = new URLSearchParams(params).toString();
|
|
534
|
-
return authUrl.toString();
|
|
535
|
-
}
|
|
536
|
-
});
|
|
537
481
|
Object.defineProperty(this, "initIframeStamper", {
|
|
538
482
|
enumerable: true,
|
|
539
483
|
configurable: true,
|
|
@@ -626,26 +570,10 @@ export class AlchemySignerWebClient extends BaseSignerClient {
|
|
|
626
570
|
const publicKey = await this.initIframeStamper();
|
|
627
571
|
// swap the stamper back in case the user logged in with a different stamper (passkeys)
|
|
628
572
|
this.setStamper(currentStamper);
|
|
629
|
-
const nonce = getOauthNonce(publicKey);
|
|
573
|
+
const nonce = this.getOauthNonce(publicKey);
|
|
630
574
|
return this.request("/v1/prepare-oauth", { nonce });
|
|
631
575
|
}
|
|
632
576
|
});
|
|
633
|
-
Object.defineProperty(this, "getOauthConfigForMode", {
|
|
634
|
-
enumerable: true,
|
|
635
|
-
configurable: true,
|
|
636
|
-
writable: true,
|
|
637
|
-
value: async (mode) => {
|
|
638
|
-
if (this.oauthConfig) {
|
|
639
|
-
return this.oauthConfig;
|
|
640
|
-
}
|
|
641
|
-
else if (mode === "redirect") {
|
|
642
|
-
return this.initOauth();
|
|
643
|
-
}
|
|
644
|
-
else {
|
|
645
|
-
throw new Error("enablePopupOauth must be set in configuration or signer.preparePopupOauth must be called before using popup-based OAuth login");
|
|
646
|
-
}
|
|
647
|
-
}
|
|
648
|
-
});
|
|
649
577
|
this.iframeStamper = iframeStamper;
|
|
650
578
|
this.iframeContainerId = iframeConfig.iframeContainerId;
|
|
651
579
|
this.webauthnStamper = new WebauthnStamper({
|
|
@@ -689,22 +617,6 @@ export class AlchemySignerWebClient extends BaseSignerClient {
|
|
|
689
617
|
return { bundle: credentialBundle };
|
|
690
618
|
}
|
|
691
619
|
}
|
|
692
|
-
function resolveRelativeUrl(url) {
|
|
693
|
-
// Funny trick.
|
|
694
|
-
const a = document.createElement("a");
|
|
695
|
-
a.href = url;
|
|
696
|
-
return a.href;
|
|
697
|
-
}
|
|
698
|
-
/**
|
|
699
|
-
* "openid" is a required scope in the OIDC protocol. Insert it if the user
|
|
700
|
-
* forgot.
|
|
701
|
-
*
|
|
702
|
-
* @param {string} scope scope param which may be missing "openid"
|
|
703
|
-
* @returns {string} scope which most definitely contains "openid"
|
|
704
|
-
*/
|
|
705
|
-
function addOpenIdIfAbsent(scope) {
|
|
706
|
-
return scope.match(/\bopenid\b/) ? scope : `openid ${scope}`;
|
|
707
|
-
}
|
|
708
620
|
/**
|
|
709
621
|
* This error is thrown when the OAuth flow is cancelled because the auth popup
|
|
710
622
|
* window was closed.
|