@devtion/devcli 0.0.0-57a8ab9 → 0.0.0-671e653

package/dist/.env

@@ -45,4 +45,11 @@ CONFIG_CEREMONY_BUCKET_POSTFIX=-p0tion-development-environment
 # The amount of time in seconds which indicates the duration about the validity of a pre-signed URL.
 # default: 7200 seconds = 2 hours.
 CONFIG_PRESIGNED_URL_EXPIRATION_IN_SECONDS=7200
+
+
+# Sign In With Ethereum
+# Auth0 client id
+AUTH_SIWE_CLIENT_ID=tRuFnJNoPTJtKr1RynYfty6uJ16QzHXA
+# The Auth0 application url that support SIWE + Device Flow Authentication
+AUTH0_APPLICATION_URL=https://dev-l0tyk1agsmopw1xa.us.auth0.com
 

package/dist/index.js

@@ -238,6 +238,14 @@ const checkAndMakeNewDirectoryIfNonexistent = (directoryLocalPath) => {
 const writeLocalJsonFile = (filePath, data) => {
     fs.writeFileSync(filePath, JSON.stringify(data), "utf-8");
 };
+/**
+ * Return the local current project directory name.
+ * @returns <string> - the local project (e.g., dist/) directory name.
+ */
+const getLocalDirname = () => {
+    const filename = fileURLToPath(import.meta.url);
+    return path.dirname(filename);
+};
 
 // Get npm package name.
 const packagePath$4 = `${dirname(fileURLToPath(import.meta.url))}/..`;
@@ -257,6 +265,10 @@ const config = new Conf({
         bandadaIdentity: {
             type: "string",
             default: ""
+        },
+        authMethod: {
+            type: "string",
+            default: ""
         }
     }
 });
@@ -336,6 +348,20 @@ const setLocalBandadaIdentity = (identity) => config.set("bandadaIdentity", iden
  * Delete the stored Bandada identity.
  */
 const deleteLocalBandadaIdentity = () => config.delete("bandadaIdentity");
+/**
+ * Return the authentication method, if present.
+ * @returns <string | undefined> - the authentication method if present, otherwise undefined.
+ */
+const getLocalAuthMethod = () => config.get("authMethod");
+/**
+ * Set the authentication method.
+ * @param method <string> - the authentication method to be stored.
+ */
+const setLocalAuthMethod = (method) => config.set("authMethod", method);
+/**
+ * Delete the stored authentication method.
+ */
+const deleteLocalAuthMethod = () => config.delete("authMethod");
 /**
  * Get the complete local file path.
  * @param cwd <string> - the current working directory path.
@@ -1589,20 +1615,30 @@ const checkAuth = async (firebaseApp) => {
     const token = String(getLocalAccessToken());
     let providerUserId;
     let username;
-    const isLocalBandadaIdentityStored = checkLocalBandadaIdentity();
-    if (isLocalBandadaIdentityStored) {
-        const userCredentials = await signInWithCustomToken(getAuth(), token);
-        providerUserId = userCredentials.user.uid;
-        username = providerUserId;
-    }
-    else {
-        // Get credentials.
-        const credentials = exchangeGithubTokenForCredentials(token);
-        // Sign in to Firebase using credentials.
-        await signInToFirebase(firebaseApp, credentials);
-        // Get Github unique identifier (handle-id).
-        providerUserId = await getGithubProviderUserId(String(token));
-        username = getUserHandleFromProviderUserId(providerUserId);
+    const authMethod = getLocalAuthMethod();
+    switch (authMethod) {
+        case "github": {
+            // Get credentials.
+            const credentials = exchangeGithubTokenForCredentials(token);
+            // Sign in to Firebase using credentials.
+            await signInToFirebase(firebaseApp, credentials);
+            // Get Github unique identifier (handle-id).
+            providerUserId = await getGithubProviderUserId(String(token));
+            username = getUserHandleFromProviderUserId(providerUserId);
+            break;
+        }
+        case "bandada": {
+            const userCredentials = await signInWithCustomToken(getAuth(), token);
+            providerUserId = userCredentials.user.uid;
+            username = providerUserId;
+            break;
+        }
+        case "siwe": {
+            const userCredentials = await signInWithCustomToken(getAuth(), token);
+            providerUserId = userCredentials.user.uid;
+            username = providerUserId;
+            break;
+        }
     }
     // Get current authenticated user.
     const user = getCurrentFirebaseAuthUser(firebaseApp);
@@ -2243,6 +2279,7 @@ const auth = async () => {
         // Generate a new access token using Github Device Flow (OAuth 2.0).
         const newToken = await executeGithubDeviceFlow(String(process.env.AUTH_GITHUB_CLIENT_ID));
         // Store the new access token.
+        setLocalAuthMethod("github");
         setLocalAccessToken(newToken);
     }
     else
@@ -2285,67 +2322,220 @@ const isGroupMember = async (groupId, identity) => {
 
 const { BANDADA_DASHBOARD_URL, BANDADA_GROUP_ID } = process.env;
 const authBandada = async () => {
-    const { firebaseFunctions } = await bootstrapCommandExecutionAndServices();
-    const spinner = customSpinner(`Checking identity string for Semaphore...`, `clock`);
-    spinner.start();
-    // 1. check if _identity string exists in local storage
-    let identityString;
-    const isIdentityStringStored = checkLocalBandadaIdentity();
-    if (isIdentityStringStored) {
-        identityString = getLocalBandadaIdentity();
-        spinner.succeed(`Identity seed found\n`);
-    }
-    else {
-        spinner.warn(`Identity seed not found\n`);
-        // 2. generate a random _identity string and save it in local storage
-        const { seed } = await prompts({
-            type: "text",
-            name: "seed",
-            message: theme.text.bold(`Enter a secret string to use as your identity seed in Semaphore:`),
-            initial: false
+    try {
+        const { firebaseFunctions } = await bootstrapCommandExecutionAndServices();
+        const spinner = customSpinner(`Checking identity string for Semaphore...`, `clock`);
+        spinner.start();
+        // 1. check if _identity string exists in local storage
+        let identityString;
+        const isIdentityStringStored = checkLocalBandadaIdentity();
+        if (isIdentityStringStored) {
+            identityString = getLocalBandadaIdentity();
+            spinner.succeed(`Identity seed found\n`);
+        }
+        else {
+            spinner.warn(`Identity seed not found\n`);
+            // 2. generate a random _identity string and save it in local storage
+            const { seed } = await prompts({
+                type: "text",
+                name: "seed",
+                message: theme.text.bold(`Enter a secret string to use as your identity seed in Semaphore:`),
+                initial: false
+            });
+            identityString = seed;
+            setLocalBandadaIdentity(identityString);
+        }
+        // 3. create a semaphore identity with _identity string as a seed
+        const identity = new Identity(identityString);
+        // 4. check if the user is a member of the group
+        console.log(`Checking Bandada membership...`);
+        const isMember = await isGroupMember(BANDADA_GROUP_ID, identity);
+        if (!isMember) {
+            await addMemberToGroup(BANDADA_GROUP_ID, BANDADA_DASHBOARD_URL, identity);
+        }
+        // 5. generate a proof that the user owns the commitment.
+        spinner.text = `Generating proof of identity...`;
+        spinner.start();
+        // publicSignals = [hash(externalNullifier, identityNullifier), commitment]
+        const initDirectoryName = getLocalDirname();
+        const directoryName = initDirectoryName.includes("/src") ? "." : initDirectoryName;
+        const { proof, publicSignals } = await groth16.fullProve({
+            identityTrapdoor: identity.trapdoor,
+            identityNullifier: identity.nullifier,
+            externalNullifier: BANDADA_GROUP_ID
+        }, `${directoryName}/public/mini-semaphore.wasm`, `${directoryName}/public/mini-semaphore.zkey`);
+        spinner.succeed(`Proof generated.\n`);
+        spinner.text = `Sending proof to verification...`;
+        spinner.start();
+        // 6. send proof to a cloud function that verifies it and checks membership
+        const cf = httpsCallable(firebaseFunctions, commonTerms.cloudFunctionsNames.bandadaValidateProof);
+        const result = await cf({
+            proof,
+            publicSignals
         });
-        identityString = seed;
-        setLocalBandadaIdentity(identityString);
-    }
-    // 3. create a semaphore identity with _identity string as a seed
-    const identity = new Identity(identityString);
-    // 4. check if the user is a member of the group
-    console.log(`Checking Bandada membership...`);
-    const isMember = await isGroupMember(BANDADA_GROUP_ID, identity);
-    if (!isMember) {
-        await addMemberToGroup(BANDADA_GROUP_ID, BANDADA_DASHBOARD_URL, identity);
-    }
-    // 5. generate a proof that the user owns the commitment.
-    spinner.text = `Generating proof of identity...`;
-    spinner.start();
-    // publicSignals = [hash(externalNullifier, identityNullifier), commitment]
-    const { proof, publicSignals } = await groth16.fullProve({
-        identityTrapdoor: identity.trapdoor,
-        identityNullifier: identity.nullifier,
-        externalNullifier: BANDADA_GROUP_ID
-    }, path.join(path.resolve(), "/public/mini-semaphore.wasm"), path.join(path.resolve(), "/public/mini-semaphore.zkey"));
-    spinner.succeed(`Proof generated.\n`);
-    spinner.text = `Sending proof to verification...`;
+        const { valid, token, message } = result.data;
+        if (!valid) {
+            showError(message, true);
+            deleteLocalAuthMethod();
+            deleteLocalAccessToken();
+            deleteLocalBandadaIdentity();
+        }
+        spinner.succeed(`Proof verified.\n`);
+        spinner.text = `Authenticating...`;
+        spinner.start();
+        // 7. Auth to p0tion firebase
+        const credentials = await signInWithCustomToken(getAuth(), token);
+        setLocalAuthMethod("bandada");
+        setLocalAccessToken(token);
+        spinner.succeed(`Authenticated as ${theme.text.bold(credentials.user.uid)}.`);
+        console.log(`\n${theme.symbols.warning} You can always log out by running the ${theme.text.bold(`phase2cli logout`)} command`);
+    }
+    catch (error) {
+        // Delete local token.
+        console.log("An error crashed the process. Deleting local token and identity.");
+        console.error(error);
+        deleteLocalAuthMethod();
+        deleteLocalAccessToken();
+        deleteLocalBandadaIdentity();
+    }
+    process.exit(0);
+};
+
+const showVerificationCodeAndUri = async (OAuthDeviceCode) => {
+    // Copy code to clipboard.
+    let noClipboard = false;
+    try {
+        clipboard.writeSync(OAuthDeviceCode.user_code);
+        clipboard.readSync();
+    }
+    catch (error) {
+        noClipboard = true;
+    }
+    // Display data.
+    console.log(`${theme.symbols.warning} Visit ${theme.text.bold(theme.text.underlined(OAuthDeviceCode.verification_uri))} on this device to generate a new token and authenticate\n`);
+    console.log(theme.colors.magenta(figlet.textSync("Code is Below", { font: "ANSI Shadow" })), "\n");
+    const message = !noClipboard ? `has been copied to your clipboard (${theme.emojis.clipboard})` : ``;
+    console.log(`${theme.symbols.info} Your auth code: ${theme.text.bold(OAuthDeviceCode.user_code)} ${message} ${theme.symbols.success}\n`);
+    const spinner = customSpinner(`Redirecting to Github...`, `clock`);
     spinner.start();
-    // 6. send proof to a cloud function that verifies it and checks membership
-    const cf = httpsCallable(firebaseFunctions, commonTerms.cloudFunctionsNames.bandadaValidateProof);
+    await sleep(10000); // ~10s to make users able to read the CLI.
+    try {
+        // Automatically open the page (# Step 2).
+        await open(OAuthDeviceCode.verification_uri);
+    }
+    catch (error) {
+        console.log(`${theme.symbols.info} Please authenticate via GitHub at ${OAuthDeviceCode.verification_uri}`);
+    }
+    spinner.stop();
+};
+/**
+ * Return the token to sign in to Firebase after passing the SIWE Device Flow
+ * @param clientId <string> - The client id of the Auth0 application.
+ * @param firebaseFunctions <any> - The Firebase functions instance to call the cloud function
+ * @returns <string> - The token to sign in to Firebase
+ */
+const executeSIWEDeviceFlow = async (clientId, firebaseFunctions) => {
+    // Call Auth0 endpoint to request device code uri
+    const OAuthDeviceCode = (await fetch$1(`${process.env.AUTH0_APPLICATION_URL}/oauth/device/code`, {
+        method: "POST",
+        headers: { "content-type": "application/json" },
+        body: JSON.stringify({
+            client_id: clientId,
+            scope: "openid",
+            audience: `${process.env.AUTH0_APPLICATION_URL}/api/v2/`
+        })
+    }).then((_res) => _res.json()));
+    await showVerificationCodeAndUri(OAuthDeviceCode);
+    // Poll Auth0 endpoint until you get token or request expires
+    let isSignedIn = false;
+    let isExpired = false;
+    let auth0Token = "";
+    while (!isSignedIn && !isExpired) {
+        // Call Auth0 endpoint to request token
+        const OAuthToken = (await fetch$1(`${process.env.AUTH0_APPLICATION_URL}/oauth/token`, {
+            method: "POST",
+            headers: { "content-type": "application/json" },
+            body: JSON.stringify({
+                client_id: clientId,
+                device_code: OAuthDeviceCode.device_code,
+                grant_type: "urn:ietf:params:oauth:grant-type:device_code"
+            })
+        }).then((_res) => _res.json()));
+        if (OAuthToken.error) {
+            if (OAuthToken.error === "authorization_pending") {
+                // Wait for the user to sign in
+                await sleep(OAuthDeviceCode.interval * 1000);
+            }
+            else if (OAuthToken.error === "slow_down") {
+                // Wait for the user to sign in
+                await sleep(OAuthDeviceCode.interval * 1000 * 2);
+            }
+            else if (OAuthToken.error === "expired_token") {
+                // The user didn't sign in on time
+                isExpired = true;
+            }
+        }
+        else {
+            // The user signed in
+            isSignedIn = true;
+            auth0Token = OAuthToken.access_token;
+        }
+    }
+    // Send token to cloud function to check nonce, create user and retrieve token
+    const cf = httpsCallable(firebaseFunctions, commonTerms.cloudFunctionsNames.checkNonceOfSIWEAddress);
     const result = await cf({
-        proof,
-        publicSignals
+        auth0Token
     });
-    const { valid, token, message } = result.data;
+    const { token, valid, message } = result.data;
     if (!valid) {
         showError(message, true);
+        deleteLocalAuthMethod();
+        deleteLocalAccessToken();
+    }
+    return token;
+};
+/**
+ * Auth command using Sign In With Ethereum
+ * @notice The auth command allows a user to make the association of their Ethereum account with the CLI by leveraging SIWE as an authentication mechanism.
+ * @dev Under the hood, the command handles a manual Device Flow following the guidelines in the SIWE documentation.
+ */
+const authSIWE = async () => {
+    try {
+        const { firebaseFunctions } = await bootstrapCommandExecutionAndServices();
+        // Console more context for the user.
+        console.log(`${theme.symbols.info} ${theme.text.bold(`You are about to authenticate on this CLI using your Ethereum address (device flow - OAuth 2.0 mechanism).\n${theme.symbols.warning} Please, note that only a Sign-in With Ethereum signature will be required`)}\n`);
+        const spinner = customSpinner(`Checking authentication token...`, `clock`);
+        spinner.start();
+        await sleep(5000);
+        // Manage OAuth Github or SIWE token.
+        const isLocalTokenStored = checkLocalAccessToken();
+        if (!isLocalTokenStored) {
+            spinner.fail(`No local authentication token found\n`);
+            // Generate a new access token using Github Device Flow (OAuth 2.0).
+            const newToken = await executeSIWEDeviceFlow(String(process.env.AUTH_SIWE_CLIENT_ID), firebaseFunctions);
+            // Store the new access token.
+            setLocalAuthMethod("siwe");
+            setLocalAccessToken(newToken);
+        }
+        else
+            spinner.succeed(`Local authentication token found\n`);
+        // Get access token from local store.
+        const token = String(getLocalAccessToken());
+        spinner.text = `Authenticating...`;
+        spinner.start();
+        // Exchange token for credential.
+        const credentials = await signInWithCustomToken(getAuth(), token);
+        spinner.succeed(`Authenticated as ${theme.text.bold(credentials.user.uid)}.`);
+        console.log(`\n${theme.symbols.warning} You can always log out by running the ${theme.text.bold(`phase2cli logout`)} command`);
+        process.exit(0);
+    }
+    catch (error) {
+        // Delete local token.
+        console.log("An error crashed the process. Deleting local token and identity.");
+        console.error(error);
+        deleteLocalAuthMethod();
+        deleteLocalAccessToken();
     }
-    spinner.succeed(`Proof verified.\n`);
-    spinner.text = `Authenticating...`;
-    spinner.start();
-    // 7. Auth to p0tion firebase
-    const userCredentials = await signInWithCustomToken(getAuth(), token);
-    setLocalAccessToken(token);
-    spinner.succeed(`Authenticated as ${theme.text.bold(userCredentials.user.uid)}.`);
-    console.log(`\n${theme.symbols.warning} You can always log out by running the ${theme.text.bold(`phase2cli logout`)} command`);
-    process.exit(0);
 };
 
 /**
@@ -2470,8 +2660,8 @@ const handleDiskSpaceRequirementForNextContribution = async (cloudFunctions, cer
         spinner.fail(`You may not have enough memory to calculate the contribution for the Circuit ${theme.colors.magenta(`${circuitSequencePosition}`)}.\n\n${theme.symbols.info} The required amount of disk space is ${contributionDiskSpaceRequirement < 0.01
             ? theme.text.bold(`< 0.01`)
             : theme.text.bold(contributionDiskSpaceRequirement)} GB but you only have ${participantFreeDiskSpace > 0 ? theme.text.bold(participantFreeDiskSpace.toFixed(2)) : theme.text.bold(0)} GB available memory \nThe estimate ${theme.text.bold("may not be 100% correct")} since is based on the aggregate free memory on your disks but some may not be detected!\n`);
-        const { confirmation } = await askForConfirmation(`Please, we kindly ask you to continue with the contribution if you have noticed the estimate is wrong and you have enough memory in your machine`, "Continue", "Exit");
-        wannaContributeOrHaveEnoughMemory = !!confirmation;
+        const { confirmationEnoughMemory } = await askForConfirmation(`Please, we kindly ask you to continue with the contribution if you have noticed the estimate is wrong and you have enough memory in your machine`, "Continue", "Exit");
+        wannaContributeOrHaveEnoughMemory = !!confirmationEnoughMemory;
         if (circuitSequencePosition > 1) {
             console.log(`${theme.symbols.info} Please note, you have time until ceremony ends to free up your memory and complete remaining contributions`);
             // Asks the contributor if their wants to terminate contributions for the ceremony.
@@ -2540,8 +2730,8 @@ const handlePublicAttestation = async (firestoreDatabase, circuits, ceremonyId,
     writeFile(getAttestationLocalFilePath(`${ceremonyPrefix}_${commonTerms.foldersAndPathsTerms.attestation}.log`), Buffer.from(publicAttestation));
     await sleep(1000); // workaround for file descriptor unexpected close.
     let gistUrl = "";
-    const isBandada = checkLocalBandadaIdentity();
-    if (!isBandada) {
+    const isGithub = getLocalAuthMethod() === "github";
+    if (isGithub) {
         gistUrl = await publishGist(participantAccessToken, publicAttestation, ceremonyName, ceremonyPrefix);
         console.log(`\n${theme.symbols.info} Your public attestation has been successfully posted as Github Gist (${theme.text.bold(theme.text.underlined(gistUrl))})`);
     }
@@ -2597,6 +2787,7 @@ const listenToCeremonyCircuitDocumentChanges = (firestoreDatabase, ceremonyId, p
         }
     });
 };
+let contributionInProgress = false;
 /**
  * Listen to current authenticated participant document changes.
  * @dev this is the core business logic related to the execution of the contribute command.
@@ -2724,11 +2915,21 @@ const listenToParticipantDocumentChanges = async (firestoreDatabase, cloudFuncti
                 (!noTemporaryContributionData && resumingWithSameTemporaryData);
             // Scenario (3.B).
             if (isCurrentContributor && hasResumableStep && startingOrResumingContribution) {
+                if (contributionInProgress) {
+                    console.warn(`\n${theme.symbols.warning} Received instruction to start/resume contribution but contribution is already in progress...[skipping]`);
+                    return;
+                }
                 // Communicate resume / start of the contribution to participant.
                 await simpleLoader(`${changedContributionStep === "DOWNLOADING" /* ParticipantContributionStep.DOWNLOADING */ ? `Starting` : `Resuming`} your contribution...`, `clock`, 3000);
-                // Start / Resume the contribution for the participant.
-                await handleStartOrResumeContribution(cloudFunctions, firestoreDatabase, ceremony, circuit, participant, entropy, providerUserId, false, // not finalizing.
-                circuits.length);
+                try {
+                    contributionInProgress = true;
+                    // Start / Resume the contribution for the participant.
+                    await handleStartOrResumeContribution(cloudFunctions, firestoreDatabase, ceremony, circuit, participant, entropy, providerUserId, false, // not finalizing.
+                    circuits.length);
+                }
+                finally {
+                    contributionInProgress = false;
+                }
             }
             // Scenario (3.A).
             else if (isWaitingForContribution)
@@ -3259,6 +3460,7 @@ const logout = async () => {
             const auth = getAuth();
             await signOut(auth);
             // Delete local token.
+            deleteLocalAuthMethod();
             deleteLocalAccessToken();
             deleteLocalBandadaIdentity();
             await sleep(3000); // ~3s.
@@ -3365,6 +3567,10 @@ program
     .command("auth-bandada")
     .description("authenticate yourself in a privacy-perserving manner using Bandada")
     .action(authBandada);
+program
+    .command("auth-siwe")
+    .description("authenticate yourself using your Ethereum account (Sign In With Ethereum - SIWE)")
+    .action(authSIWE);
 program
     .command("contribute")
     .description("compute contributions for a Phase2 Trusted Setup ceremony circuits")

package/dist/types/commands/authSIWE.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Auth command using Sign In With Ethereum
+ * @notice The auth command allows a user to make the association of their Ethereum account with the CLI by leveraging SIWE as an authentication mechanism.
+ * @dev Under the hood, the command handles a manual Device Flow following the guidelines in the SIWE documentation.
+ */
+declare const authSIWE: () => Promise<void>;
+export default authSIWE;

package/dist/types/commands/index.d.ts

@@ -1,6 +1,7 @@
 export { default as setup } from "./setup.js";
 export { default as auth } from "./auth.js";
 export { default as authBandada } from "./authBandada.js";
+export { default as authSIWE } from "./authSIWE.js";
 export { default as contribute } from "./contribute.js";
 export { default as observe } from "./observe.js";
 export { default as finalize } from "./finalize.js";

package/dist/types/lib/localConfigs.d.ts

@@ -54,6 +54,25 @@ export declare const setLocalBandadaIdentity: (identity: string) => void;
  * Delete the stored Bandada identity.
  */
 export declare const deleteLocalBandadaIdentity: () => void;
+/**
+ * Return the authentication method, if present.
+ * @returns <string | undefined> - the authentication method if present, otherwise undefined.
+ */
+export declare const getLocalAuthMethod: () => string | unknown;
+/**
+ * Check if the authentication method exists in the local storage.
+ * @returns <boolean>
+ */
+export declare const checkLocalAuthMethod: () => boolean;
+/**
+ * Set the authentication method.
+ * @param method <string> - the authentication method to be stored.
+ */
+export declare const setLocalAuthMethod: (method: string) => void;
+/**
+ * Delete the stored authentication method.
+ */
+export declare const deleteLocalAuthMethod: () => void;
 /**
  * Get the complete local file path.
  * @param cwd <string> - the current working directory path.

package/dist/types/types/index.d.ts

@@ -75,3 +75,54 @@ export type VerifiedBandadaResponse = {
     message: string;
     token: string;
 };
+/**
+ * Define the return object of the device code uri request.
+ * @typedef {Object} OAuthDeviceCodeResponse
+ * @property {string} device_code - the device code.
+ * @property {string} user_code - the user code.
+ * @property {string} verification_uri - the verification uri.
+ * @property {number} expires_in - the expiration time in seconds.
+ * @property {number} interval - the interval time in seconds.
+ * @property {string} verification_uri_complete - the complete verification uri.
+ */
+export type OAuthDeviceCodeResponse = {
+    device_code: string;
+    user_code: string;
+    verification_uri: string;
+    expires_in: number;
+    interval: number;
+    verification_uri_complete: string;
+};
+/**
+ * Define the return object of the polling endpoint
+ * @typedef {Object} OAuthTokenResponse
+ * @property {string} access_token - the resulting device flow token
+ * @property {string} token_type - token type
+ * @property {number} expires_in - when does the token expires
+ * @property {string} scope - the scope requested by the initial device flow endpoint
+ * @property {string} refresh_token - refresh token
+ * @property {string} id_token - id token
+ * @property {string} error - in case there was an error
+ * @property {string} error_description - error details
+ */
+export type OAuthTokenResponse = {
+    access_token: string;
+    token_type: string;
+    expires_in: number;
+    scope: string;
+    refresh_token: string;
+    id_token: string;
+    error?: string;
+    error_description?: string;
+};
+/**
+ * @typedef {Object} CheckNonceOfSIWEAddressResponse
+ * @property {boolean} valid - if the checking was valid or not
+ * @property {string} message - more information about the validity
+ * @property {string} token - token to sign into Firebase
+ */
+export type CheckNonceOfSIWEAddressResponse = {
+    valid: boolean;
+    message: string;
+    token: string;
+};

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@devtion/devcli",
   "type": "module",
-  "version": "0.0.0-57a8ab9",
+  "version": "0.0.0-671e653",
   "description": "All-in-one interactive command-line for interfacing with zkSNARK Phase 2 Trusted Setup ceremonies",
   "repository": "git@github.com:privacy-scaling-explorations/p0tion.git",
   "homepage": "https://github.com/privacy-scaling-explorations/p0tion",
@@ -34,6 +34,7 @@
     "build:watch": "rollup -c rollup.config.ts -w --configPlugin typescript",
     "start": "ts-node --esm ./src/index.ts",
     "auth": "yarn start auth",
+    "auth:siwe": "yarn start auth-siwe",
     "auth:bandada": "yarn start auth-bandada",
     "contribute": "yarn start contribute",
     "clean": "yarn start clean",
@@ -59,6 +60,7 @@
     "@types/winston": "^2.4.4",
     "rollup-plugin-auto-external": "^2.0.0",
     "rollup-plugin-cleanup": "^3.2.1",
+    "rollup-plugin-copy": "^3.5.0",
     "rollup-plugin-typescript2": "^0.34.1",
     "solc": "^0.8.19",
     "ts-node": "^10.9.1",
@@ -102,5 +104,5 @@
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "6bddf60f1121786c19ad4437e0448de4c859b829"
+  "gitHead": "c9c799447bc2e3abd6b665fe09622ac724ea9b79"
 }

package/src/commands/auth.ts

@@ -8,7 +8,12 @@ import figlet from "figlet"
 import { fileURLToPath } from "url"
 import { dirname } from "path"
 import { GENERIC_ERRORS, showError } from "../lib/errors.js"
-import { checkLocalAccessToken, getLocalAccessToken, setLocalAccessToken } from "../lib/localConfigs.js"
+import {
+    checkLocalAccessToken,
+    getLocalAccessToken,
+    setLocalAccessToken,
+    setLocalAuthMethod
+} from "../lib/localConfigs.js"
 import { bootstrapCommandExecutionAndServices, signInToFirebase } from "../lib/services.js"
 import theme from "../lib/theme.js"
 import {
@@ -171,6 +176,7 @@ const auth = async () => {
         const newToken = await executeGithubDeviceFlow(String(process.env.AUTH_GITHUB_CLIENT_ID))
 
         // Store the new access token.
+        setLocalAuthMethod("github")
         setLocalAccessToken(newToken)
     } else spinner.succeed(`Local authentication token found\n`)
 

package/src/commands/authBandada.ts

@@ -3,8 +3,9 @@ import { Identity } from "@semaphore-protocol/identity"
 import { commonTerms } from "@devtion/actions"
 import { httpsCallable } from "firebase/functions"
 import { groth16 } from "snarkjs"
-import path from "path"
 import { getAuth, signInWithCustomToken } from "firebase/auth"
+import prompts from "prompts"
+import { getLocalDirname } from "../lib/files.js"
 import theme from "../lib/theme.js"
 import { customSpinner } from "../lib/utils.js"
 import { VerifiedBandadaResponse } from "../types/index.js"
@@ -13,85 +14,105 @@ import { bootstrapCommandExecutionAndServices } from "../lib/services.js"
 import { addMemberToGroup, isGroupMember } from "../lib/bandada.js"
 import {
     checkLocalBandadaIdentity,
+    deleteLocalAccessToken,
+    deleteLocalAuthMethod,
+    deleteLocalBandadaIdentity,
     getLocalBandadaIdentity,
     setLocalAccessToken,
+    setLocalAuthMethod,
     setLocalBandadaIdentity
 } from "../lib/localConfigs.js"
-import prompts from "prompts"
 
 const { BANDADA_DASHBOARD_URL, BANDADA_GROUP_ID } = process.env
 
 const authBandada = async () => {
-    const { firebaseFunctions } = await bootstrapCommandExecutionAndServices()
-    const spinner = customSpinner(`Checking identity string for Semaphore...`, `clock`)
-    spinner.start()
-    // 1. check if _identity string exists in local storage
-    let identityString: string | unknown
-    const isIdentityStringStored = checkLocalBandadaIdentity()
-    if (isIdentityStringStored) {
-        identityString = getLocalBandadaIdentity()
-        spinner.succeed(`Identity seed found\n`)
-    } else {
-        spinner.warn(`Identity seed not found\n`)
-        // 2. generate a random _identity string and save it in local storage
-        const { seed } = await prompts({
-            type: "text",
-            name: "seed",
-            message: theme.text.bold(`Enter a secret string to use as your identity seed in Semaphore:`),
-            initial: false
-        })
-        identityString = seed as string
-        setLocalBandadaIdentity(identityString as string)
-    }
-    // 3. create a semaphore identity with _identity string as a seed
-    const identity = new Identity(identityString as string)
+    try {
+        const { firebaseFunctions } = await bootstrapCommandExecutionAndServices()
+        const spinner = customSpinner(`Checking identity string for Semaphore...`, `clock`)
+        spinner.start()
+        // 1. check if _identity string exists in local storage
+        let identityString: string | unknown
+        const isIdentityStringStored = checkLocalBandadaIdentity()
+        if (isIdentityStringStored) {
+            identityString = getLocalBandadaIdentity()
+            spinner.succeed(`Identity seed found\n`)
+        } else {
+            spinner.warn(`Identity seed not found\n`)
+            // 2. generate a random _identity string and save it in local storage
+            const { seed } = await prompts({
+                type: "text",
+                name: "seed",
+                message: theme.text.bold(`Enter a secret string to use as your identity seed in Semaphore:`),
+                initial: false
+            })
+            identityString = seed as string
+            setLocalBandadaIdentity(identityString as string)
+        }
+        // 3. create a semaphore identity with _identity string as a seed
+        const identity = new Identity(identityString as string)
 
-    // 4. check if the user is a member of the group
-    console.log(`Checking Bandada membership...`)
-    const isMember = await isGroupMember(BANDADA_GROUP_ID, identity)
-    if (!isMember) {
-        await addMemberToGroup(BANDADA_GROUP_ID, BANDADA_DASHBOARD_URL, identity)
-    }
+        // 4. check if the user is a member of the group
+        console.log(`Checking Bandada membership...`)
+        const isMember = await isGroupMember(BANDADA_GROUP_ID, identity)
+        if (!isMember) {
+            await addMemberToGroup(BANDADA_GROUP_ID, BANDADA_DASHBOARD_URL, identity)
+        }
 
-    // 5. generate a proof that the user owns the commitment.
-    spinner.text = `Generating proof of identity...`
-    spinner.start()
-    // publicSignals = [hash(externalNullifier, identityNullifier), commitment]
-    const { proof, publicSignals } = await groth16.fullProve(
-        {
-            identityTrapdoor: identity.trapdoor,
-            identityNullifier: identity.nullifier,
-            externalNullifier: BANDADA_GROUP_ID
-        },
-        path.join(path.resolve(), "/public/mini-semaphore.wasm"),
-        path.join(path.resolve(), "/public/mini-semaphore.zkey")
-    )
-    spinner.succeed(`Proof generated.\n`)
-    spinner.text = `Sending proof to verification...`
-    spinner.start()
-    // 6. send proof to a cloud function that verifies it and checks membership
-    const cf = httpsCallable(firebaseFunctions, commonTerms.cloudFunctionsNames.bandadaValidateProof)
-    const result = await cf({
-        proof,
-        publicSignals
-    })
-    const { valid, token, message } = result.data as VerifiedBandadaResponse
-    if (!valid) {
-        showError(message, true)
-    }
-    spinner.succeed(`Proof verified.\n`)
-    spinner.text = `Authenticating...`
-    spinner.start()
-    // 7. Auth to p0tion firebase
-    const userCredentials = await signInWithCustomToken(getAuth(), token)
-    setLocalAccessToken(token)
-    spinner.succeed(`Authenticated as ${theme.text.bold(userCredentials.user.uid)}.`)
+        // 5. generate a proof that the user owns the commitment.
+        spinner.text = `Generating proof of identity...`
+        spinner.start()
+        // publicSignals = [hash(externalNullifier, identityNullifier), commitment]
+
+        const initDirectoryName = getLocalDirname()
+        const directoryName = initDirectoryName.includes("/src") ? "." : initDirectoryName
 
-    console.log(
-        `\n${theme.symbols.warning} You can always log out by running the ${theme.text.bold(
-            `phase2cli logout`
-        )} command`
-    )
+        const { proof, publicSignals } = await groth16.fullProve(
+            {
+                identityTrapdoor: identity.trapdoor,
+                identityNullifier: identity.nullifier,
+                externalNullifier: BANDADA_GROUP_ID
+            },
+            `${directoryName}/public/mini-semaphore.wasm`,
+            `${directoryName}/public/mini-semaphore.zkey`
+        )
+        spinner.succeed(`Proof generated.\n`)
+        spinner.text = `Sending proof to verification...`
+        spinner.start()
+        // 6. send proof to a cloud function that verifies it and checks membership
+        const cf = httpsCallable(firebaseFunctions, commonTerms.cloudFunctionsNames.bandadaValidateProof)
+        const result = await cf({
+            proof,
+            publicSignals
+        })
+        const { valid, token, message } = result.data as VerifiedBandadaResponse
+        if (!valid) {
+            showError(message, true)
+            deleteLocalAuthMethod()
+            deleteLocalAccessToken()
+            deleteLocalBandadaIdentity()
+        }
+        spinner.succeed(`Proof verified.\n`)
+        spinner.text = `Authenticating...`
+        spinner.start()
+        // 7. Auth to p0tion firebase
+        const credentials = await signInWithCustomToken(getAuth(), token)
+        setLocalAuthMethod("bandada")
+        setLocalAccessToken(token)
+        spinner.succeed(`Authenticated as ${theme.text.bold(credentials.user.uid)}.`)
+
+        console.log(
+            `\n${theme.symbols.warning} You can always log out by running the ${theme.text.bold(
+                `phase2cli logout`
+            )} command`
+        )
+    } catch (error) {
+        // Delete local token.
+        console.log("An error crashed the process. Deleting local token and identity.")
+        console.error(error)
+        deleteLocalAuthMethod()
+        deleteLocalAccessToken()
+        deleteLocalBandadaIdentity()
+    }
 
     process.exit(0)
 }

package/src/commands/authSIWE.ts

@@ -0,0 +1,178 @@
+import open from "open"
+import figlet from "figlet"
+import clipboard from "clipboardy"
+import fetch from "node-fetch"
+import { getAuth, signInWithCustomToken } from "firebase/auth"
+import { httpsCallable } from "firebase/functions"
+import { commonTerms } from "@devtion/actions"
+import { showError } from "../lib/errors.js"
+import { bootstrapCommandExecutionAndServices } from "../lib/services.js"
+import theme from "../lib/theme.js"
+import { customSpinner, sleep } from "../lib/utils.js"
+import { CheckNonceOfSIWEAddressResponse, OAuthDeviceCodeResponse, OAuthTokenResponse } from "../types/index.js"
+import {
+    checkLocalAccessToken,
+    deleteLocalAccessToken,
+    deleteLocalAuthMethod,
+    getLocalAccessToken,
+    setLocalAccessToken,
+    setLocalAuthMethod
+} from "../lib/localConfigs.js"
+
+const showVerificationCodeAndUri = async (OAuthDeviceCode: OAuthDeviceCodeResponse) => {
+    // Copy code to clipboard.
+    let noClipboard = false
+    try {
+        clipboard.writeSync(OAuthDeviceCode.user_code)
+        clipboard.readSync()
+    } catch (error) {
+        noClipboard = true
+    }
+    // Display data.
+    console.log(
+        `${theme.symbols.warning} Visit ${theme.text.bold(
+            theme.text.underlined(OAuthDeviceCode.verification_uri)
+        )} on this device to generate a new token and authenticate\n`
+    )
+    console.log(theme.colors.magenta(figlet.textSync("Code is Below", { font: "ANSI Shadow" })), "\n")
+
+    const message = !noClipboard ? `has been copied to your clipboard (${theme.emojis.clipboard})` : ``
+    console.log(
+        `${theme.symbols.info} Your auth code: ${theme.text.bold(OAuthDeviceCode.user_code)} ${message} ${
+            theme.symbols.success
+        }\n`
+    )
+    const spinner = customSpinner(`Redirecting to Github...`, `clock`)
+    spinner.start()
+    await sleep(10000) // ~10s to make users able to read the CLI.
+    try {
+        // Automatically open the page (# Step 2).
+        await open(OAuthDeviceCode.verification_uri)
+    } catch (error: any) {
+        console.log(`${theme.symbols.info} Please authenticate via GitHub at ${OAuthDeviceCode.verification_uri}`)
+    }
+    spinner.stop()
+}
+
+/**
+ * Return the token to sign in to Firebase after passing the SIWE Device Flow
+ * @param clientId <string> - The client id of the Auth0 application.
+ * @param firebaseFunctions <any> - The Firebase functions instance to call the cloud function
+ * @returns <string> - The token to sign in to Firebase
+ */
+const executeSIWEDeviceFlow = async (clientId: string, firebaseFunctions: any): Promise<string> => {
+    // Call Auth0 endpoint to request device code uri
+    const OAuthDeviceCode = (await fetch(`${process.env.AUTH0_APPLICATION_URL}/oauth/device/code`, {
+        method: "POST",
+        headers: { "content-type": "application/json" },
+        body: JSON.stringify({
+            client_id: clientId,
+            scope: "openid",
+            audience: `${process.env.AUTH0_APPLICATION_URL}/api/v2/`
+        })
+    }).then((_res) => _res.json())) as OAuthDeviceCodeResponse
+    await showVerificationCodeAndUri(OAuthDeviceCode)
+    // Poll Auth0 endpoint until you get token or request expires
+    let isSignedIn = false
+    let isExpired = false
+    let auth0Token = ""
+    while (!isSignedIn && !isExpired) {
+        // Call Auth0 endpoint to request token
+        const OAuthToken = (await fetch(`${process.env.AUTH0_APPLICATION_URL}/oauth/token`, {
+            method: "POST",
+            headers: { "content-type": "application/json" },
+            body: JSON.stringify({
+                client_id: clientId,
+                device_code: OAuthDeviceCode.device_code,
+                grant_type: "urn:ietf:params:oauth:grant-type:device_code"
+            })
+        }).then((_res) => _res.json())) as OAuthTokenResponse
+        if (OAuthToken.error) {
+            if (OAuthToken.error === "authorization_pending") {
+                // Wait for the user to sign in
+                await sleep(OAuthDeviceCode.interval * 1000)
+            } else if (OAuthToken.error === "slow_down") {
+                // Wait for the user to sign in
+                await sleep(OAuthDeviceCode.interval * 1000 * 2)
+            } else if (OAuthToken.error === "expired_token") {
+                // The user didn't sign in on time
+                isExpired = true
+            }
+        } else {
+            // The user signed in
+            isSignedIn = true
+            auth0Token = OAuthToken.access_token
+        }
+    }
+    // Send token to cloud function to check nonce, create user and retrieve token
+    const cf = httpsCallable(firebaseFunctions, commonTerms.cloudFunctionsNames.checkNonceOfSIWEAddress)
+    const result = await cf({
+        auth0Token
+    })
+    const { token, valid, message } = result.data as CheckNonceOfSIWEAddressResponse
+    if (!valid) {
+        showError(message, true)
+        deleteLocalAuthMethod()
+        deleteLocalAccessToken()
+    }
+    return token
+}
+
+/**
+ * Auth command using Sign In With Ethereum
+ * @notice The auth command allows a user to make the association of their Ethereum account with the CLI by leveraging SIWE as an authentication mechanism.
+ * @dev Under the hood, the command handles a manual Device Flow following the guidelines in the SIWE documentation.
+ */
+const authSIWE = async () => {
+    try {
+        const { firebaseFunctions } = await bootstrapCommandExecutionAndServices()
+        // Console more context for the user.
+        console.log(
+            `${theme.symbols.info} ${theme.text.bold(
+                `You are about to authenticate on this CLI using your Ethereum address (device flow - OAuth 2.0 mechanism).\n${theme.symbols.warning} Please, note that only a Sign-in With Ethereum signature will be required`
+            )}\n`
+        )
+        const spinner = customSpinner(`Checking authentication token...`, `clock`)
+        spinner.start()
+        await sleep(5000)
+
+        // Manage OAuth Github or SIWE token.
+        const isLocalTokenStored = checkLocalAccessToken()
+
+        if (!isLocalTokenStored) {
+            spinner.fail(`No local authentication token found\n`)
+
+            // Generate a new access token using Github Device Flow (OAuth 2.0).
+            const newToken = await executeSIWEDeviceFlow(String(process.env.AUTH_SIWE_CLIENT_ID), firebaseFunctions)
+
+            // Store the new access token.
+            setLocalAuthMethod("siwe")
+            setLocalAccessToken(newToken)
+        } else spinner.succeed(`Local authentication token found\n`)
+
+        // Get access token from local store.
+        const token = String(getLocalAccessToken())
+
+        spinner.text = `Authenticating...`
+        spinner.start()
+
+        // Exchange token for credential.
+        const credentials = await signInWithCustomToken(getAuth(), token)
+        spinner.succeed(`Authenticated as ${theme.text.bold(credentials.user.uid)}.`)
+
+        console.log(
+            `\n${theme.symbols.warning} You can always log out by running the ${theme.text.bold(
+                `phase2cli logout`
+            )} command`
+        )
+        process.exit(0)
+    } catch (error) {
+        // Delete local token.
+        console.log("An error crashed the process. Deleting local token and identity.")
+        console.error(error)
+        deleteLocalAuthMethod()
+        deleteLocalAccessToken()
+    }
+}
+
+export default authSIWE

package/src/commands/contribute.ts

@@ -41,7 +41,7 @@ import {
 } from "../lib/utils.js"
 import { COMMAND_ERRORS, showError } from "../lib/errors.js"
 import { authWithToken, bootstrapCommandExecutionAndServices, checkAuth } from "../lib/services.js"
-import { checkLocalBandadaIdentity, getAttestationLocalFilePath, localPaths } from "../lib/localConfigs.js"
+import { getAttestationLocalFilePath, getLocalAuthMethod, localPaths } from "../lib/localConfigs.js"
 import theme from "../lib/theme.js"
 import { checkAndMakeNewDirectoryIfNonexistent, writeFile } from "../lib/files.js"
 
@@ -281,12 +281,12 @@ export const handleDiskSpaceRequirementForNextContribution = async (
             )} since is based on the aggregate free memory on your disks but some may not be detected!\n`
         )
 
-        const { confirmation } = await askForConfirmation(
+        const { confirmationEnoughMemory } = await askForConfirmation(
             `Please, we kindly ask you to continue with the contribution if you have noticed the estimate is wrong and you have enough memory in your machine`,
             "Continue",
             "Exit"
         )
-        wannaContributeOrHaveEnoughMemory = !!confirmation
+        wannaContributeOrHaveEnoughMemory = !!confirmationEnoughMemory
 
         if (circuitSequencePosition > 1) {
             console.log(
@@ -420,8 +420,8 @@ export const handlePublicAttestation = async (
     await sleep(1000) // workaround for file descriptor unexpected close.
 
     let gistUrl = ""
-    const isBandada = checkLocalBandadaIdentity()
-    if (!isBandada) {
+    const isGithub = getLocalAuthMethod() === "github"
+    if (isGithub) {
         gistUrl = await publishGist(participantAccessToken, publicAttestation, ceremonyName, ceremonyPrefix)
 
         console.log(
@@ -519,6 +519,8 @@ export const listenToCeremonyCircuitDocumentChanges = (
     })
 }
 
+let contributionInProgress = false
+
 /**
  * Listen to current authenticated participant document changes.
  * @dev this is the core business logic related to the execution of the contribute command.
@@ -711,6 +713,12 @@ export const listenToParticipantDocumentChanges = async (
 
             // Scenario (3.B).
             if (isCurrentContributor && hasResumableStep && startingOrResumingContribution) {
+                if (contributionInProgress) {
+                    console.warn(
+                        `\n${theme.symbols.warning} Received instruction to start/resume contribution but contribution is already in progress...[skipping]`
+                    )
+                    return
+                }
                 // Communicate resume / start of the contribution to participant.
                 await simpleLoader(
                     `${
@@ -720,18 +728,24 @@ export const listenToParticipantDocumentChanges = async (
                     3000
                 )
 
-                // Start / Resume the contribution for the participant.
-                await handleStartOrResumeContribution(
-                    cloudFunctions,
-                    firestoreDatabase,
-                    ceremony,
-                    circuit,
-                    participant,
-                    entropy,
-                    providerUserId,
-                    false, // not finalizing.
-                    circuits.length
-                )
+                try {
+                    contributionInProgress = true
+
+                    // Start / Resume the contribution for the participant.
+                    await handleStartOrResumeContribution(
+                        cloudFunctions,
+                        firestoreDatabase,
+                        ceremony,
+                        circuit,
+                        participant,
+                        entropy,
+                        providerUserId,
+                        false, // not finalizing.
+                        circuits.length
+                    )
+                } finally {
+                    contributionInProgress = false
+                }
             }
             // Scenario (3.A).
             else if (isWaitingForContribution)

package/src/commands/index.ts

@@ -1,6 +1,7 @@
 export { default as setup } from "./setup.js"
 export { default as auth } from "./auth.js"
 export { default as authBandada } from "./authBandada.js"
+export { default as authSIWE } from "./authSIWE.js"
 export { default as contribute } from "./contribute.js"
 export { default as observe } from "./observe.js"
 export { default as finalize } from "./finalize.js"

package/src/commands/logout.ts

@@ -6,7 +6,7 @@ import { showError } from "../lib/errors.js"
 import { askForConfirmation } from "../lib/prompts.js"
 import { customSpinner, sleep, terminate } from "../lib/utils.js"
 import theme from "../lib/theme.js"
-import { deleteLocalAccessToken, deleteLocalBandadaIdentity } from "../lib/localConfigs.js"
+import { deleteLocalAccessToken, deleteLocalAuthMethod, deleteLocalBandadaIdentity } from "../lib/localConfigs.js"
 
 /**
  * Logout command.
@@ -52,6 +52,7 @@ const logout = async () => {
             await signOut(auth)
 
             // Delete local token.
+            deleteLocalAuthMethod()
             deleteLocalAccessToken()
             deleteLocalBandadaIdentity()
 

package/src/index.ts

@@ -7,6 +7,7 @@ import { fileURLToPath } from "url"
 import {
     setup,
     auth,
+    authSIWE,
     authBandada,
     contribute,
     observe,
@@ -32,6 +33,10 @@ program
     .command("auth-bandada")
     .description("authenticate yourself in a privacy-perserving manner using Bandada")
     .action(authBandada)
+program
+    .command("auth-siwe")
+    .description("authenticate yourself using your Ethereum account (Sign In With Ethereum - SIWE)")
+    .action(authSIWE)
 program
     .command("contribute")
     .description("compute contributions for a Phase2 Trusted Setup ceremony circuits")

package/src/lib/localConfigs.ts

@@ -28,6 +28,10 @@ const config = new Conf({
         bandadaIdentity: {
             type: "string",
             default: ""
+        },
+        authMethod: {
+            type: "string",
+            default: ""
         }
     }
 })
@@ -118,6 +122,29 @@ export const setLocalBandadaIdentity = (identity: string) => config.set("bandada
  */
 export const deleteLocalBandadaIdentity = () => config.delete("bandadaIdentity")
 
+/**
+ * Return the authentication method, if present.
+ * @returns <string | undefined> - the authentication method if present, otherwise undefined.
+ */
+export const getLocalAuthMethod = (): string | unknown => config.get("authMethod")
+
+/**
+ * Check if the authentication method exists in the local storage.
+ * @returns <boolean>
+ */
+export const checkLocalAuthMethod = (): boolean => config.has("authMethod") && !!config.get("authMethod")
+
+/**
+ * Set the authentication method.
+ * @param method <string> - the authentication method to be stored.
+ */
+export const setLocalAuthMethod = (method: string) => config.set("authMethod", method)
+
+/**
+ * Delete the stored authentication method.
+ */
+export const deleteLocalAuthMethod = () => config.delete("authMethod")
+
 /**
  * Get the complete local file path.
  * @param cwd <string> - the current working directory path.

package/src/lib/services.ts

@@ -14,9 +14,9 @@ import { AuthUser } from "../types/index.js"
 import { CONFIG_ERRORS, CORE_SERVICES_ERRORS, showError, THIRD_PARTY_SERVICES_ERRORS } from "./errors.js"
 import {
     checkLocalAccessToken,
-    checkLocalBandadaIdentity,
     deleteLocalAccessToken,
-    getLocalAccessToken
+    getLocalAccessToken,
+    getLocalAuthMethod
 } from "./localConfigs.js"
 import theme from "./theme.js"
 import { exchangeGithubTokenForCredentials, getGithubProviderUserId, getUserHandleFromProviderUserId } from "./utils.js"
@@ -171,21 +171,33 @@ export const checkAuth = async (firebaseApp: FirebaseApp): Promise<AuthUser> =>
 
     let providerUserId: string
     let username: string
-    const isLocalBandadaIdentityStored = checkLocalBandadaIdentity()
-    if (isLocalBandadaIdentityStored) {
-        const userCredentials = await signInWithCustomToken(getAuth(), token)
-        providerUserId = userCredentials.user.uid
-        username = providerUserId
-    } else {
-        // Get credentials.
-        const credentials = exchangeGithubTokenForCredentials(token)
-
-        // Sign in to Firebase using credentials.
-        await signInToFirebase(firebaseApp, credentials)
-
-        // Get Github unique identifier (handle-id).
-        providerUserId = await getGithubProviderUserId(String(token))
-        username = getUserHandleFromProviderUserId(providerUserId)
+    const authMethod = getLocalAuthMethod()
+    switch (authMethod) {
+        case "github": {
+            // Get credentials.
+            const credentials = exchangeGithubTokenForCredentials(token)
+            // Sign in to Firebase using credentials.
+            await signInToFirebase(firebaseApp, credentials)
+            // Get Github unique identifier (handle-id).
+            providerUserId = await getGithubProviderUserId(String(token))
+            username = getUserHandleFromProviderUserId(providerUserId)
+            break
+        }
+        case "bandada": {
+            const userCredentials = await signInWithCustomToken(getAuth(), token)
+            providerUserId = userCredentials.user.uid
+            username = providerUserId
+            break
+        }
+        case "siwe": {
+            const userCredentials = await signInWithCustomToken(getAuth(), token)
+            providerUserId = userCredentials.user.uid
+            username = providerUserId
+            break
+        }
+        default: {
+            break
+        }
     }
 
     // Get current authenticated user.

package/src/types/index.ts

@@ -81,3 +81,58 @@ export type VerifiedBandadaResponse = {
     message: string
     token: string
 }
+
+/**
+ * Define the return object of the device code uri request.
+ * @typedef {Object} OAuthDeviceCodeResponse
+ * @property {string} device_code - the device code.
+ * @property {string} user_code - the user code.
+ * @property {string} verification_uri - the verification uri.
+ * @property {number} expires_in - the expiration time in seconds.
+ * @property {number} interval - the interval time in seconds.
+ * @property {string} verification_uri_complete - the complete verification uri.
+ */
+export type OAuthDeviceCodeResponse = {
+    device_code: string
+    user_code: string
+    verification_uri: string
+    expires_in: number
+    interval: number
+    verification_uri_complete: string
+}
+
+/**
+ * Define the return object of the polling endpoint
+ * @typedef {Object} OAuthTokenResponse
+ * @property {string} access_token - the resulting device flow token
+ * @property {string} token_type - token type
+ * @property {number} expires_in - when does the token expires
+ * @property {string} scope - the scope requested by the initial device flow endpoint
+ * @property {string} refresh_token - refresh token
+ * @property {string} id_token - id token
+ * @property {string} error - in case there was an error
+ * @property {string} error_description - error details
+ */
+export type OAuthTokenResponse = {
+    access_token: string
+    token_type: string
+    expires_in: number
+    scope: string
+    refresh_token: string
+    id_token: string
+    // error response should contain
+    error?: string
+    error_description?: string
+}
+
+/**
+ * @typedef {Object} CheckNonceOfSIWEAddressResponse
+ * @property {boolean} valid - if the checking was valid or not
+ * @property {string} message - more information about the validity
+ * @property {string} token - token to sign into Firebase
+ */
+export type CheckNonceOfSIWEAddressResponse = {
+    valid: boolean
+    message: string
+    token: string
+}