@dynamic-labs-sdk/client 0.17.1 → 0.17.2

package/dist/index.esm.js

@@ -1,8 +1,8 @@
-import { A as randomString, B as version, C as InvalidExternalAuthError, D as isCookieEnabled, F as setDefaultClient, L as BaseError, N as NONCE_POOL_SIZE, O as assertDefined, P as getDefaultClient, R as getCore, S as LinkCredentialError, a as DYNAMIC_ICONIC_SPRITE_URL, b as MfaRateLimitedError, c as CHAINS_INFO_MAP, d as UnauthorizedError, g as createStorageKeySchema, j as CLIENT_SDK_NAME, k as ValueMustBeDefinedError, l as fetchAndStoreNonces, o as SDK_API_CORE_VERSION, s as getChainFromVerifiedCredentialChain, t as InvalidParamError, u as createApiClient, v as getNonce, w as APIError, x as MfaInvalidOtpError, y as SandboxMaximumThresholdReachedError, z as name } from "./InvalidParamError-3-1rSNtf.esm.js";
-import { A as isEqualShallow, C as isServerSideRendering, D as REFRESH_USER_STATE_FROM_COOKIE_TRACKER_KEY, E as INITIALIZE_STORAGE_SYNC_TRACKER_KEY, N as createLocalStorageAdapter, O as generateSessionKeys, S as createDeferredPromise, T as GENERATE_SESSION_KEYS_TRACKER_KEY, _ as NoNetworkProvidersError, a as updateWalletProviderKeysForVerifiedCredentials, c as createSignInMessageStatement, d as createVisit, f as hasExtension, g as WalletAlreadyLinkedToAnotherUserError, h as isCaptchaRequired, i as getNetworksData, j as createStorage, k as subscribeWithSelector, l as formatSignInMessage, m as consumeCaptchaToken, o as verifyMessageSignatureOwnership, p as setCaptchaToken, s as removeUnverifiedWalletAccount, t as getNetworkProviderFromNetworkId, u as setUnverifiedWalletAccounts, v as createLogger, w as FETCH_PROJECT_SETTINGS_TRACKER_KEY, x as CannotTrackError, y as createCrossTabBroadcast } from "./getNetworkProviderFromNetworkId-C7jp--76.esm.js";
-import { D as onceEvent, E as onEvent, O as setCookie, S as splitWalletProviderKey, T as offEvent, _ as getWalletAccounts, b as formatWalletAccountId, c as getWalletProviders, d as DYNAMIC_AUTH_COOKIE_NAME, f as getWalletProviderFromWalletAccount, g as NoWalletProviderFoundError, i as restoreUserSharesForAllWalletAccounts, l as checkAndRaiseWalletAccountsChangedEvent, n as getWalletProviderByKey, r as updateAuthFromVerifyResponse, t as getVerifiedCredentialForWalletAccount, u as emitWalletAccountsChangedEvent, w as emitEvent, x as normalizeAddress } from "./getVerifiedCredentialForWalletAccount-DLtDL1Gl.esm.js";
-import { n as refreshAuth, t as NotWaasWalletAccountError } from "./NotWaasWalletAccountError-DVIcEgHJ.esm.js";
-import { n as getMfaMethods, r as consumeMfaToken, t as isMfaRequiredForAction } from "./isMfaRequiredForAction-CPTFDCJp.esm.js";
+import { A as getDefaultClient, C as isCookieEnabled, D as CLIENT_SDK_NAME, E as randomString, F as name, I as version, N as BaseError, P as getCore, T as ValueMustBeDefinedError, _ as MfaRateLimitedError, a as DYNAMIC_ICONIC_SPRITE_URL, b as InvalidExternalAuthError, c as CHAINS_INFO_MAP, d as UnauthorizedError, g as SandboxMaximumThresholdReachedError, h as getNonce, j as setDefaultClient, k as NONCE_POOL_SIZE, l as fetchAndStoreNonces, o as SDK_API_CORE_VERSION, s as getChainFromVerifiedCredentialChain, t as InvalidParamError, u as createApiClient, v as MfaInvalidOtpError, w as assertDefined, x as APIError, y as LinkCredentialError } from "./InvalidParamError-Dc2HgrDm.esm.js";
+import { A as getBuffer, C as CannotTrackError, D as INITIALIZE_STORAGE_SYNC_TRACKER_KEY, E as GENERATE_SESSION_KEYS_TRACKER_KEY, F as createLocalStorageAdapter, I as subscribeWithSelector, L as isEqualShallow, M as createStorageKeySchema, N as createStorage, O as REFRESH_USER_STATE_FROM_COOKIE_TRACKER_KEY, T as FETCH_PROJECT_SETTINGS_TRACKER_KEY, _ as NoNetworkProvidersError, a as updateWalletProviderKeysForVerifiedCredentials, b as createLogger, c as createSignInMessageStatement, d as createVisit, f as hasExtension, g as WalletAlreadyLinkedToAnotherUserError, h as isCaptchaRequired, i as getNetworksData, j as generateSessionKeys, k as isServerSideRendering, l as formatSignInMessage, m as consumeCaptchaToken, o as verifyMessageSignatureOwnership, p as setCaptchaToken, s as removeUnverifiedWalletAccount, t as getNetworkProviderFromNetworkId, u as setUnverifiedWalletAccounts, v as createRealtimeService, w as createDeferredPromise, x as createCrossTabBroadcast, y as createIndexedDBKeychainService } from "./getNetworkProviderFromNetworkId-DO13PEvc.esm.js";
+import { D as onceEvent, E as onEvent, O as setCookie, S as splitWalletProviderKey, T as offEvent, _ as getWalletAccounts, b as formatWalletAccountId, c as getWalletProviders, d as DYNAMIC_AUTH_COOKIE_NAME, f as getWalletProviderFromWalletAccount, g as NoWalletProviderFoundError, i as restoreUserSharesForAllWalletAccounts, l as checkAndRaiseWalletAccountsChangedEvent, n as getWalletProviderByKey, r as updateAuthFromVerifyResponse, t as getVerifiedCredentialForWalletAccount, u as emitWalletAccountsChangedEvent, w as emitEvent, x as normalizeAddress } from "./getVerifiedCredentialForWalletAccount-57Omjjyi.esm.js";
+import { n as refreshAuth, t as NotWaasWalletAccountError } from "./NotWaasWalletAccountError-B4xS_9HL.esm.js";
+import { n as getMfaMethods, r as consumeMfaToken, t as isMfaRequiredForAction } from "./isMfaRequiredForAction-CXRaUbFE.esm.js";
 import { assertPackageVersion } from "@dynamic-labs-sdk/assert-package-version";
 import { AuthModeEnum, ExchangeKeyEnum, JwtVerifiedCredentialFormatEnum, MFAAction, MfaBackupCodeAcknowledgement, ProviderEnum, WaasBackupOptionsEnum, WalletProviderEnum } from "@dynamic-labs/sdk-api-core";
 import * as z from "zod/mini";
@@ -203,6 +203,7 @@ const logout = async (client = getDefaultClient()) => {
 		*/
 		if (isCookieEnabled(client)) setCookie(`${DYNAMIC_AUTH_COOKIE_NAME}=; Max-Age=-99999999; path=/; SameSite=Lax`);
 	}
+	await core.keychain.removeKey("session");
 	core.state.set({
 		captchaToken: null,
 		elevatedAccessTokens: [],
@@ -296,20 +297,6 @@ const setupCrossTabEventSync = (client) => {
 	core.crossTabBroadcast.on("deviceRegistrationCompleted", handleCrossTabDeviceRegistrationCompleted);
 };
 
-//#endregion
-//#region src/modules/state/raiseStateEvents/raiseStateEvents.ts
-const raiseStateEvents = (client) => {
-	getCore(client).state.subscribe((value, previous) => {
-		Object.entries(stateChangeEvents).forEach(([key, event]) => {
-			if (isEqualShallow(value[key], previous[key])) return;
-			emitEvent({
-				args: { [key]: value[key] },
-				event
-			}, client);
-		});
-	});
-};
-
 //#endregion
 //#region src/modules/wallets/unverifiedWalletAccounts/schema.ts
 const unverifiedWalletAccountSchema = z.object({
@@ -362,6 +349,87 @@ const sessionStorageKeySchema = createStorageKeySchema({
 	})
 });
 
+//#endregion
+//#region src/modules/keychainMigration/migrateSessionKeyToKeychain/KeyMigrationError.ts
+var KeyMigrationError = class extends BaseError {
+	constructor(expectedPublicKey, importedPublicKey) {
+		super({
+			cause: null,
+			code: "key_migration_public_key_mismatch",
+			docsUrl: null,
+			name: "KeyMigrationError",
+			shortMessage: `Public key mismatch after import: expected "${expectedPublicKey}", got "${importedPublicKey}"`
+		});
+	}
+};
+
+//#endregion
+//#region src/modules/keychainMigration/migrateSessionKeyToKeychain/migrateSessionKeyToKeychain.ts
+/**
+* Migrates legacy session keys from the hydrated state into the IndexedDB keychain
+* as non-extractable CryptoKey objects.
+*
+* Must run after hydrateStateWithStorage so that state.sessionKeys already holds
+* the legacy base64 blob (or the new public key hex if already migrated).
+*
+* Idempotent: skips if the keychain already has a `session` key.
+* Throws on failure — callers should handle errors (e.g. .catch(() => logout(client))).
+*/
+const migrateSessionKeyToKeychain = async ({ keychain, logger, state, storage }) => {
+	if (isServerSideRendering()) return;
+	logger.debug("[migrateSessionKeyToKeychain] Checking for existing session key in keychain");
+	if (await keychain.hasKey("session")) {
+		logger.debug("[migrateSessionKeyToKeychain] Session key already exists in keychain, skipping migration");
+		return;
+	}
+	const encodedSessionKeys = state.get().sessionKeys;
+	if (!encodedSessionKeys) {
+		logger.debug("[migrateSessionKeyToKeychain] No session keys in state, nothing to migrate");
+		return;
+	}
+	let blob;
+	try {
+		blob = JSON.parse(getBuffer().from(encodedSessionKeys, "base64").toString());
+	} catch {
+		logger.debug("[migrateSessionKeyToKeychain] Session keys are not a legacy blob, skipping migration");
+		return;
+	}
+	const { privateKeyJwk, publicKey } = blob;
+	if (!privateKeyJwk || !publicKey) {
+		logger.debug("[migrateSessionKeyToKeychain] Legacy blob missing privateKeyJwk or publicKey, skipping migration");
+		return;
+	}
+	logger.debug("[migrateSessionKeyToKeychain] Found legacy session key, importing into keychain", { expectedPublicKey: publicKey });
+	const importedPublicKey = await keychain.importKey("session", privateKeyJwk);
+	logger.debug("[migrateSessionKeyToKeychain] Key imported", {
+		expectedPublicKey: publicKey,
+		importedPublicKey
+	});
+	if (importedPublicKey !== publicKey) throw new KeyMigrationError(publicKey, importedPublicKey);
+	logger.debug("[migrateSessionKeyToKeychain] Public key validated, updating state and storage");
+	state.set({ sessionKeys: importedPublicKey });
+	const currentSession = await storage.getItem(sessionStorageKeySchema);
+	if (currentSession) await storage.setItem(sessionStorageKeySchema, {
+		...currentSession,
+		sessionKeys: importedPublicKey
+	});
+	logger.debug("[migrateSessionKeyToKeychain] Migration complete");
+};
+
+//#endregion
+//#region src/modules/state/raiseStateEvents/raiseStateEvents.ts
+const raiseStateEvents = (client) => {
+	getCore(client).state.subscribe((value, previous) => {
+		Object.entries(stateChangeEvents).forEach(([key, event]) => {
+			if (isEqualShallow(value[key], previous[key])) return;
+			emitEvent({
+				args: { [key]: value[key] },
+				event
+			}, client);
+		});
+	});
+};
+
 //#endregion
 //#region src/modules/storageSync/hydrateStateWithStorage/hydrateStateWithStorage.ts
 const hydrateStateWithStorage = async (client) => {
@@ -477,6 +545,14 @@ const initializeClient = async (client = getDefaultClient()) => {
 	setupCrossTabEventSync(client);
 	const initializeStorageSyncPromise = initializeStorageSync(client);
 	const fetchProjectSettingsPromise = initializeStorageSyncPromise.then(async () => {
+		await migrateSessionKeyToKeychain({
+			keychain: core.keychain,
+			logger: core.logger,
+			state: core.state,
+			storage: core.storage
+		}).catch(() => logout(client));
+		if (core.state.get().sessionKeys && !await core.keychain.hasKey("session")) await logout(client);
+	}).then(async () => {
 		if (!core.state.get().projectSettings) await fetchProjectSettings(client);
 	});
 	fetchProjectSettingsPromise.then(() => prefetchNoncesIfNeeded(client)).catch((error) => {
@@ -842,7 +918,9 @@ const createCore = (config) => {
 	const initTrack = createAsyncTrack();
 	const runtimeServices = createRuntimeServices();
 	const passkey = config.coreConfig?.passkey ?? createWebPasskeyService();
+	const realtime = config.coreConfig?.realtime ?? createRealtimeService();
 	const deviceSigner = config.coreConfig?.deviceSigner;
+	const keychain = config.coreConfig?.keychain ?? createIndexedDBKeychainService({ dbName: `dynamic_${config.environmentId}_keychain` });
 	return {
 		apiBaseUrl,
 		crossTabBroadcast: config.coreConfig?.crossTabBroadcast ?? createCrossTabBroadcast({ channelName: `dynamic_${config.environmentId}_broadcast` }),
@@ -854,6 +932,7 @@ const createCore = (config) => {
 		fetch,
 		getApiHeaders: config.coreConfig?.getApiHeaders ?? (() => ({})),
 		initTrack,
+		keychain,
 		logger,
 		metadata: {
 			...config.metadata,
@@ -862,6 +941,7 @@ const createCore = (config) => {
 		navigate,
 		openDeeplink,
 		passkey,
+		realtime,
 		runtimeServices,
 		state,
 		storage,