@dynamic-labs-sdk/client 0.17.2 → 0.17.4

package/dist/index.esm.js

@@ -1,10 +1,10 @@
-import { A as getDefaultClient, C as isCookieEnabled, D as CLIENT_SDK_NAME, E as randomString, F as name, I as version, N as BaseError, P as getCore, T as ValueMustBeDefinedError, _ as MfaRateLimitedError, a as DYNAMIC_ICONIC_SPRITE_URL, b as InvalidExternalAuthError, c as CHAINS_INFO_MAP, d as UnauthorizedError, g as SandboxMaximumThresholdReachedError, h as getNonce, j as setDefaultClient, k as NONCE_POOL_SIZE, l as fetchAndStoreNonces, o as SDK_API_CORE_VERSION, s as getChainFromVerifiedCredentialChain, t as InvalidParamError, u as createApiClient, v as MfaInvalidOtpError, w as assertDefined, x as APIError, y as LinkCredentialError } from "./InvalidParamError-Dc2HgrDm.esm.js";
-import { A as getBuffer, C as CannotTrackError, D as INITIALIZE_STORAGE_SYNC_TRACKER_KEY, E as GENERATE_SESSION_KEYS_TRACKER_KEY, F as createLocalStorageAdapter, I as subscribeWithSelector, L as isEqualShallow, M as createStorageKeySchema, N as createStorage, O as REFRESH_USER_STATE_FROM_COOKIE_TRACKER_KEY, T as FETCH_PROJECT_SETTINGS_TRACKER_KEY, _ as NoNetworkProvidersError, a as updateWalletProviderKeysForVerifiedCredentials, b as createLogger, c as createSignInMessageStatement, d as createVisit, f as hasExtension, g as WalletAlreadyLinkedToAnotherUserError, h as isCaptchaRequired, i as getNetworksData, j as generateSessionKeys, k as isServerSideRendering, l as formatSignInMessage, m as consumeCaptchaToken, o as verifyMessageSignatureOwnership, p as setCaptchaToken, s as removeUnverifiedWalletAccount, t as getNetworkProviderFromNetworkId, u as setUnverifiedWalletAccounts, v as createRealtimeService, w as createDeferredPromise, x as createCrossTabBroadcast, y as createIndexedDBKeychainService } from "./getNetworkProviderFromNetworkId-DO13PEvc.esm.js";
-import { D as onceEvent, E as onEvent, O as setCookie, S as splitWalletProviderKey, T as offEvent, _ as getWalletAccounts, b as formatWalletAccountId, c as getWalletProviders, d as DYNAMIC_AUTH_COOKIE_NAME, f as getWalletProviderFromWalletAccount, g as NoWalletProviderFoundError, i as restoreUserSharesForAllWalletAccounts, l as checkAndRaiseWalletAccountsChangedEvent, n as getWalletProviderByKey, r as updateAuthFromVerifyResponse, t as getVerifiedCredentialForWalletAccount, u as emitWalletAccountsChangedEvent, w as emitEvent, x as normalizeAddress } from "./getVerifiedCredentialForWalletAccount-57Omjjyi.esm.js";
-import { n as refreshAuth, t as NotWaasWalletAccountError } from "./NotWaasWalletAccountError-B4xS_9HL.esm.js";
-import { n as getMfaMethods, r as consumeMfaToken, t as isMfaRequiredForAction } from "./isMfaRequiredForAction-CXRaUbFE.esm.js";
+import { A as NONCE_POOL_SIZE, D as randomString, E as ValueMustBeDefinedError, F as getCore, I as name, L as version, M as setDefaultClient, O as CLIENT_SDK_NAME, P as BaseError, S as getElevatedAccessToken, T as assertDefined, _ as MfaRateLimitedError, a as DYNAMIC_ICONIC_SPRITE_URL, b as InvalidExternalAuthError, c as CHAINS_INFO_MAP, d as UnauthorizedError, g as SandboxMaximumThresholdReachedError, h as getNonce, j as getDefaultClient, l as fetchAndStoreNonces, o as SDK_API_CORE_VERSION, s as getChainFromVerifiedCredentialChain, t as InvalidParamError, u as createApiClient, v as MfaInvalidOtpError, w as isCookieEnabled, x as APIError, y as LinkCredentialError } from "./InvalidParamError-BgvcmQ36.esm.js";
+import { A as getBuffer, C as CannotTrackError, D as INITIALIZE_STORAGE_SYNC_TRACKER_KEY, E as GENERATE_SESSION_KEYS_TRACKER_KEY, F as createLocalStorageAdapter, I as subscribeWithSelector, L as isEqualShallow, M as createStorageKeySchema, N as createStorage, O as REFRESH_USER_STATE_FROM_COOKIE_TRACKER_KEY, T as FETCH_PROJECT_SETTINGS_TRACKER_KEY, _ as NoNetworkProvidersError, a as updateWalletProviderKeysForVerifiedCredentials, b as createLogger, c as createSignInMessageStatement, d as createVisit, f as hasExtension, g as WalletAlreadyLinkedToAnotherUserError, h as isCaptchaRequired, i as getNetworksData, j as generateSessionKeys, k as isServerSideRendering, l as formatSignInMessage, m as consumeCaptchaToken, o as verifyMessageSignatureOwnership, p as setCaptchaToken, s as removeUnverifiedWalletAccount, t as getNetworkProviderFromNetworkId, u as setUnverifiedWalletAccounts, v as createRealtimeService, w as createDeferredPromise, x as createCrossTabBroadcast, y as createIndexedDBKeychainService } from "./getNetworkProviderFromNetworkId-DoLT1yjR.esm.js";
+import { D as onceEvent, E as onEvent, O as setCookie, S as splitWalletProviderKey, T as offEvent, _ as getWalletAccounts, b as formatWalletAccountId, c as getWalletProviders, d as DYNAMIC_AUTH_COOKIE_NAME, f as getWalletProviderFromWalletAccount, g as NoWalletProviderFoundError, i as restoreUserSharesForAllWalletAccounts, l as checkAndRaiseWalletAccountsChangedEvent, n as getWalletProviderByKey, r as updateAuthFromVerifyResponse, t as getVerifiedCredentialForWalletAccount, u as emitWalletAccountsChangedEvent, w as emitEvent, x as normalizeAddress } from "./getVerifiedCredentialForWalletAccount-CyyHc2ec.esm.js";
+import { n as refreshAuth, t as NotWaasWalletAccountError } from "./NotWaasWalletAccountError-CfH6ZpRB.esm.js";
+import { n as getMfaMethods, r as consumeMfaToken, t as isMfaRequiredForAction } from "./isMfaRequiredForAction-BtO6Xkeu.esm.js";
 import { assertPackageVersion } from "@dynamic-labs-sdk/assert-package-version";
-import { AuthModeEnum, ExchangeKeyEnum, JwtVerifiedCredentialFormatEnum, MFAAction, MfaBackupCodeAcknowledgement, ProviderEnum, WaasBackupOptionsEnum, WalletProviderEnum } from "@dynamic-labs/sdk-api-core";
+import { AuthModeEnum, ExchangeKeyEnum, JwtVerifiedCredentialFormatEnum, MFAAction, MfaBackupCodeAcknowledgement, ProviderEnum, TokenScope, WaasBackupOptionsEnum, WalletProviderEnum } from "@dynamic-labs/sdk-api-core";
 import * as z from "zod/mini";
 import EventEmitter, { EventEmitter as EventEmitter$1 } from "eventemitter3";
 import { browserSupportsWebAuthn, startAuthentication, startRegistration } from "@simplewebauthn/browser";
@@ -701,6 +701,61 @@ const createWebFetch = () => {
 	return window.fetch.bind(window);
 };
 
+//#endregion
+//#region src/services/instrumentation/constants.ts
+const DEFAULT_PII_FIELDS = [
+	"password",
+	"token",
+	"secret",
+	"privateKey",
+	"mnemonic",
+	"seed",
+	"email",
+	"phone",
+	"ssn",
+	"address",
+	"authorization"
+];
+
+//#endregion
+//#region src/services/instrumentation/createInstrumentation/createInstrumentation.ts
+const buildPiiFields = (customFields = []) => {
+	const merged = [...DEFAULT_PII_FIELDS, ...customFields];
+	return [...new Set(merged)];
+};
+/**
+* Creates the instrumentation service that gates event emission behind an
+* enabled flag and delegates to a pluggable transport.
+*
+* The transport is intentionally optional at creation time — it is wired in
+* later via setTransport so the SDK can initialise without one. Events logged
+* before a transport is set are simply dropped.
+*
+* Custom piiFields are merged with and deduplicated against the defaults so
+* callers only need to list additional fields, not replicate the baseline.
+*/
+const createInstrumentation = ({ config: inputConfig } = {}) => {
+	let transport;
+	const config = {
+		enabled: inputConfig?.enabled ?? true,
+		piiFields: buildPiiFields(inputConfig?.piiFields)
+	};
+	const emit = (event) => {
+		if (config.enabled) transport?.log(event);
+	};
+	return {
+		config,
+		log: emit,
+		logFunction: emit,
+		setEnabled: (value) => {
+			config.enabled = value;
+		},
+		setTransport: (t) => {
+			transport = t;
+		}
+	};
+};
+
 //#endregion
 //#region src/services/navigate/createNavigationHandler/createNavigationHandler.ts
 /**
@@ -916,6 +971,8 @@ const createCore = (config) => {
 	const debouncedMutex = createDebouncedMutex();
 	const eventEmitter = createEventEmitter();
 	const initTrack = createAsyncTrack();
+	const sdkSessionId = randomString({ length: 32 });
+	const instrumentation = createInstrumentation({ config: config.instrumentation });
 	const runtimeServices = createRuntimeServices();
 	const passkey = config.coreConfig?.passkey ?? createWebPasskeyService();
 	const realtime = config.coreConfig?.realtime ?? createRealtimeService();
@@ -932,6 +989,7 @@ const createCore = (config) => {
 		fetch,
 		getApiHeaders: config.coreConfig?.getApiHeaders ?? (() => ({})),
 		initTrack,
+		instrumentation,
 		keychain,
 		logger,
 		metadata: {
@@ -943,6 +1001,7 @@ const createCore = (config) => {
 		passkey,
 		realtime,
 		runtimeServices,
+		sdkSessionId,
 		state,
 		storage,
 		transformers: config.transformers,
@@ -1365,47 +1424,6 @@ const signInWithExternalJwt = async ({ externalJwt, sessionPublicKey } = {}, cli
 	return response;
 };
 
-//#endregion
-//#region src/modules/auth/getElevatedAccessToken/getElevatedAccessToken.ts
-/**
-* Gets an elevated access token by scope.
-*
-* This function retrieves an elevated access token that contains the specified scope.
-* Expired tokens are automatically filtered out.
-*
-* If the token has `singleUse: true`, it will be automatically
-* consumed (removed from state) after retrieval. Otherwise, it remains in state
-* for future use.
-*
-* @param params - The parameters object.
-* @param params.scope - The scope to match (e.g., 'wallet:export').
-* @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.
-* @returns The elevated access token if found and not expired, or undefined if not found or expired.
-*
-* @example
-* ```typescript
-* const token = getElevatedAccessToken({ scope: 'wallet:export' });
-* if (token) {
-*   // Use the token
-*   // Token is automatically consumed if singleUse: true
-* }
-* ```
-*/
-const getElevatedAccessToken = ({ scope }, client = getDefaultClient()) => {
-	const core = getCore(client);
-	const now = /* @__PURE__ */ new Date();
-	const elevatedAccessTokens = core.state.get().elevatedAccessTokens || [];
-	const validTokens = elevatedAccessTokens.filter((token$1) => !token$1.expiresAt || token$1.expiresAt > now);
-	if (validTokens.length !== elevatedAccessTokens.length) core.state.set({ elevatedAccessTokens: validTokens });
-	const token = validTokens.find((token$1) => token$1.scopes.includes(scope));
-	if (!token) return;
-	if (token.singleUse) {
-		const updatedTokens = validTokens.filter((t) => t !== token);
-		core.state.set({ elevatedAccessTokens: updatedTokens });
-	}
-	return token.token;
-};
-
 //#endregion
 //#region src/modules/auth/passkeys/deletePasskey/deletePasskey.ts
 /**
@@ -1417,7 +1435,10 @@ const getElevatedAccessToken = ({ scope }, client = getDefaultClient()) => {
 */
 const deletePasskey = async ({ passkeyId }, client = getDefaultClient()) => {
 	const core = getCore(client);
-	await createApiClient({ includeMfaToken: true }, client).deletePasskey({
+	await createApiClient({
+		elevatedAccessTokenScope: TokenScope.Credentialunlink,
+		includeMfaToken: true
+	}, client).deletePasskey({
 		deleteUserPasskeyRequest: { passkeyId },
 		environmentId: core.environmentId
 	});
@@ -1450,7 +1471,7 @@ const getPasskeyRegistrationOptions = async (client) => {
 //#region src/modules/auth/passkeys/serverRegisterPasskey/serverRegisterPasskey.ts
 const serverRegisterPasskey = async ({ registration, createMfaToken }, client) => {
 	const core = getCore(client);
-	return await createApiClient({}, client).registerPasskey({
+	return await createApiClient({ elevatedAccessTokenScope: TokenScope.Credentiallink }, client).registerPasskey({
 		environmentId: core.environmentId,
 		passkeyRegisterRequest: {
 			...registration,
@@ -3119,23 +3140,27 @@ const createNewMfaRecoveryCodes = async (client = getDefaultClient()) => {
 /**
 * Deletes a specific MFA device from the user's account.
 *
-* This function removes a multi-factor authentication device such as
-* a TOTP authenticator from the user's registered devices.
+* When an elevated access token for `credential:unlink` is available,
+* it is sent via the `x-dyn-elevated-access-token` header and the
+* MFA auth token is not required. Otherwise, `mfaAuthToken` must be
+* provided for backward compatibility with the legacy MFA flow.
 *
 * @param params.deviceId - The unique identifier of the MFA device to delete.
-* @param params.mfaAuthToken - The MFA authentication token required for device deletion.
+* @param params.mfaAuthToken - The MFA authentication token. Optional when using elevated access tokens.
 * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.
 * @returns A promise that resolves when the MFA device is successfully deleted.
 */
 const deleteMfaDevice = async ({ deviceId, mfaAuthToken }, client = getDefaultClient()) => {
 	const core = getCore(client);
-	const apiClient = createApiClient({}, client);
 	assertDefined(deviceId, "deviceId is required");
-	assertDefined(mfaAuthToken, "mfaAuthToken is required");
-	return apiClient.deleteMfaDevice({
+	if (!getElevatedAccessToken({
+		consume: false,
+		scope: TokenScope.Credentialunlink
+	}, client)) assertDefined(mfaAuthToken, "mfaAuthToken is required");
+	return createApiClient({ elevatedAccessTokenScope: TokenScope.Credentialunlink }, client).deleteMfaDevice({
 		environmentId: core.environmentId,
 		mfaDeviceId: deviceId,
-		xMfaAuthToken: mfaAuthToken
+		xMfaAuthToken: mfaAuthToken ?? ""
 	});
 };
 
@@ -3222,7 +3247,7 @@ const isUserMissingMfaAuth = (client = getDefaultClient()) => {
 */
 const registerTotpMfaDevice = async (client = getDefaultClient()) => {
 	const core = getCore(client);
-	return createApiClient({}, client).registerTotpMfaDevice({ environmentId: core.environmentId });
+	return createApiClient({ elevatedAccessTokenScope: TokenScope.Credentiallink }, client).registerTotpMfaDevice({ environmentId: core.environmentId });
 };
 
 //#endregion