@enbox/auth 0.6.0 → 0.6.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/esm/auth-manager.js +147 -5
- package/dist/esm/auth-manager.js.map +1 -1
- package/dist/esm/connect/lifecycle.js +145 -2
- package/dist/esm/connect/lifecycle.js.map +1 -1
- package/dist/esm/connect/local.js +19 -5
- package/dist/esm/connect/local.js.map +1 -1
- package/dist/esm/connect/restore.js +22 -8
- package/dist/esm/connect/restore.js.map +1 -1
- package/dist/esm/connect/wallet.js +24 -137
- package/dist/esm/connect/wallet.js.map +1 -1
- package/dist/esm/index.js +9 -15
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/permissions.js +41 -0
- package/dist/esm/permissions.js.map +1 -0
- package/dist/esm/types.js +2 -0
- package/dist/esm/types.js.map +1 -1
- package/dist/esm/wallet-connect-client.js +4 -2
- package/dist/esm/wallet-connect-client.js.map +1 -1
- package/dist/types/auth-manager.d.ts +70 -6
- package/dist/types/auth-manager.d.ts.map +1 -1
- package/dist/types/connect/lifecycle.d.ts +49 -2
- package/dist/types/connect/lifecycle.d.ts.map +1 -1
- package/dist/types/connect/local.d.ts +6 -1
- package/dist/types/connect/local.d.ts.map +1 -1
- package/dist/types/connect/restore.d.ts.map +1 -1
- package/dist/types/connect/wallet.d.ts +1 -15
- package/dist/types/connect/wallet.d.ts.map +1 -1
- package/dist/types/index.d.ts +10 -16
- package/dist/types/index.d.ts.map +1 -1
- package/dist/types/permissions.d.ts +18 -0
- package/dist/types/permissions.d.ts.map +1 -0
- package/dist/types/types.d.ts +148 -1
- package/dist/types/types.d.ts.map +1 -1
- package/dist/types/wallet-connect-client.d.ts +5 -6
- package/dist/types/wallet-connect-client.d.ts.map +1 -1
- package/package.json +3 -3
- package/src/auth-manager.ts +167 -6
- package/src/connect/lifecycle.ts +170 -4
- package/src/connect/local.ts +20 -5
- package/src/connect/restore.ts +25 -9
- package/src/connect/wallet.ts +26 -146
- package/src/index.ts +16 -16
- package/src/permissions.ts +48 -0
- package/src/types.ts +164 -1
- package/src/wallet-connect-client.ts +5 -6
package/dist/types/index.d.ts
CHANGED
|
@@ -5,30 +5,23 @@
|
|
|
5
5
|
* in both browser and CLI environments. Depends only on `@enbox/agent`
|
|
6
6
|
* and can be used standalone or consumed by `@enbox/api`.
|
|
7
7
|
*
|
|
8
|
-
* @example Standalone auth
|
|
8
|
+
* @example Standalone auth (wallet app)
|
|
9
9
|
* ```ts
|
|
10
10
|
* import { AuthManager } from '@enbox/auth';
|
|
11
11
|
*
|
|
12
12
|
* const auth = await AuthManager.create({ sync: '15s' });
|
|
13
|
-
* const session = await auth.
|
|
14
|
-
*
|
|
15
|
-
* // session.agent — the authenticated Enbox agent
|
|
16
|
-
* // session.did — the connected DID URI
|
|
13
|
+
* const session = await auth.connectLocal({ password: userPin });
|
|
17
14
|
* ```
|
|
18
15
|
*
|
|
19
|
-
* @example
|
|
16
|
+
* @example Dapp with browser connect handler
|
|
20
17
|
* ```ts
|
|
21
18
|
* import { AuthManager } from '@enbox/auth';
|
|
22
|
-
* import {
|
|
23
|
-
*
|
|
24
|
-
* const auth = await AuthManager.create({ sync: '15s' });
|
|
25
|
-
* const session = await auth.connect();
|
|
19
|
+
* import { BrowserConnectHandler } from '@enbox/browser';
|
|
26
20
|
*
|
|
27
|
-
* const
|
|
28
|
-
*
|
|
29
|
-
* connectedDid: session.did,
|
|
30
|
-
* delegateDid: session.delegateDid,
|
|
21
|
+
* const auth = await AuthManager.create({
|
|
22
|
+
* connectHandler: BrowserConnectHandler(),
|
|
31
23
|
* });
|
|
24
|
+
* const session = await auth.connect({ protocols: [NotesProtocol] });
|
|
32
25
|
* ```
|
|
33
26
|
*
|
|
34
27
|
* @packageDocumentation
|
|
@@ -40,10 +33,11 @@ export { PasswordProvider } from './password-provider.js';
|
|
|
40
33
|
export type { PasswordContext } from './password-provider.js';
|
|
41
34
|
export { EnboxUserAgent, HdIdentityVault } from '@enbox/agent';
|
|
42
35
|
export { processConnectedGrants } from './connect/wallet.js';
|
|
36
|
+
export { normalizeProtocolRequests } from './permissions.js';
|
|
43
37
|
export { WalletConnect } from './wallet-connect-client.js';
|
|
44
|
-
export type {
|
|
38
|
+
export type { ProtocolPermissionOptions, WalletConnectClientOptions } from './wallet-connect-client.js';
|
|
45
39
|
export { loadTokensFromStorage, saveTokensToStorage } from './registration.js';
|
|
46
40
|
export { applyLocalDwnDiscovery, checkUrlForDwnDiscoveryPayload, clearLocalDwnEndpoint, discoverLocalDwn, persistLocalDwnEndpoint, requestLocalDwnDiscovery, restoreLocalDwnEndpoint, } from './discovery.js';
|
|
47
41
|
export { BrowserStorage, LevelStorage, MemoryStorage, createDefaultStorage } from './storage/storage.js';
|
|
48
|
-
export type { AuthEvent, AuthEventHandler, AuthEventMap, AuthManagerOptions, AuthSessionInfo, AuthState, ConnectPermissionRequest, DisconnectOptions, HeadlessConnectOptions, IdentityInfo, IdentityVaultBackup, ImportFromPhraseOptions, ImportFromPortableOptions, LocalConnectOptions, LocalDwnStrategy, PortableIdentity, ProviderAuthParams, ProviderAuthResult, RegistrationOptions, RegistrationTokenData, RestoreSessionOptions, ShutdownOptions, StorageAdapter, SyncOption, WalletConnectOptions, } from './types.js';
|
|
42
|
+
export type { AuthEvent, AuthEventHandler, AuthEventMap, AuthManagerOptions, AuthSessionInfo, AuthState, ConnectHandler, ConnectOptions, ConnectPermissionRequest, ConnectResult, DisconnectOptions, HandlerConnectOptions, HeadlessConnectOptions, IdentityInfo, IdentityVaultBackup, ImportFromPhraseOptions, ImportFromPortableOptions, LocalConnectOptions, LocalDwnStrategy, Permission, PortableIdentity, ProtocolRequest, ProviderAuthParams, ProviderAuthResult, RegistrationOptions, RegistrationTokenData, RestoreSessionOptions, ShutdownOptions, StorageAdapter, SyncOption, WalletConnectOptions, } from './types.js';
|
|
49
43
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAGH,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAG/C,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,YAAY,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAI9D,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAG/D,OAAO,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAC7D,OAAO,EAAE,yBAAyB,EAAE,MAAM,kBAAkB,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAC3D,YAAY,EAAE,yBAAyB,EAAE,0BAA0B,EAAE,MAAM,4BAA4B,CAAC;AAGxG,OAAO,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAG/E,OAAO,EACL,sBAAsB,EACtB,8BAA8B,EAC9B,qBAAqB,EACrB,gBAAgB,EAChB,uBAAuB,EACvB,wBAAwB,EACxB,uBAAuB,GACxB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAGzG,YAAY,EACV,SAAS,EACT,gBAAgB,EAChB,YAAY,EACZ,kBAAkB,EAClB,eAAe,EACf,SAAS,EACT,cAAc,EACd,cAAc,EACd,wBAAwB,EACxB,aAAa,EACb,iBAAiB,EACjB,qBAAqB,EACrB,sBAAsB,EACtB,YAAY,EACZ,mBAAmB,EACnB,uBAAuB,EACvB,yBAAyB,EACzB,mBAAmB,EACnB,gBAAgB,EAChB,UAAU,EACV,gBAAgB,EAChB,eAAe,EACf,kBAAkB,EAClB,kBAAkB,EAClB,mBAAmB,EACnB,qBAAqB,EACrB,qBAAqB,EACrB,eAAe,EACf,cAAc,EACd,UAAU,EACV,oBAAoB,GACrB,MAAM,YAAY,CAAC"}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Permission request normalization utilities.
|
|
3
|
+
*
|
|
4
|
+
* Converts simplified `ProtocolRequest` entries (just a protocol definition
|
|
5
|
+
* or `{ definition, permissions }`) into agent-level `ConnectPermissionRequest`
|
|
6
|
+
* objects used by connect handlers.
|
|
7
|
+
*
|
|
8
|
+
* @module
|
|
9
|
+
* @internal
|
|
10
|
+
*/
|
|
11
|
+
import type { ConnectPermissionRequest } from '@enbox/agent';
|
|
12
|
+
import type { ProtocolRequest } from './types.js';
|
|
13
|
+
/**
|
|
14
|
+
* Normalize simplified `ProtocolRequest[]` into agent-level
|
|
15
|
+
* `ConnectPermissionRequest[]`.
|
|
16
|
+
*/
|
|
17
|
+
export declare function normalizeProtocolRequests(protocols: ProtocolRequest[] | undefined): ConnectPermissionRequest[];
|
|
18
|
+
//# sourceMappingURL=permissions.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"permissions.d.ts","sourceRoot":"","sources":["../../src/permissions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,wBAAwB,EAAyB,MAAM,cAAc,CAAC;AAEpF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAKlD;;;GAGG;AACH,wBAAgB,yBAAyB,CACvC,SAAS,EAAE,eAAe,EAAE,GAAG,SAAS,GACvC,wBAAwB,EAAE,CAuB5B"}
|
package/dist/types/types.d.ts
CHANGED
|
@@ -2,7 +2,8 @@
|
|
|
2
2
|
* @module @enbox/auth
|
|
3
3
|
* Public types for the authentication and identity management SDK.
|
|
4
4
|
*/
|
|
5
|
-
import type {
|
|
5
|
+
import type { PortableDid } from '@enbox/dids';
|
|
6
|
+
import type { ConnectPermissionRequest, DwnDataEncodedRecordsWriteMessage, DwnProtocolDefinition, EnboxUserAgent, HdIdentityVault, LocalDwnStrategy, PortableIdentity } from '@enbox/agent';
|
|
6
7
|
import type { PasswordProvider } from './password-provider.js';
|
|
7
8
|
export type { ConnectPermissionRequest, HdIdentityVault, IdentityVaultBackup, LocalDwnStrategy, PortableIdentity } from '@enbox/agent';
|
|
8
9
|
export type { EnboxUserAgent } from '@enbox/agent';
|
|
@@ -172,6 +173,49 @@ export interface RegistrationOptions {
|
|
|
172
173
|
*/
|
|
173
174
|
persistTokens?: boolean;
|
|
174
175
|
}
|
|
176
|
+
/**
|
|
177
|
+
* Result of a successful connect handler invocation.
|
|
178
|
+
*
|
|
179
|
+
* Contains the delegated credentials returned by the wallet.
|
|
180
|
+
* All connect handlers (browser popup, relay, CLI, etc.) must
|
|
181
|
+
* return this shape on success.
|
|
182
|
+
*/
|
|
183
|
+
export interface ConnectResult {
|
|
184
|
+
/** The portable delegate DID (includes private keys). */
|
|
185
|
+
delegatePortableDid: PortableDid;
|
|
186
|
+
/** Permission grants for the requested protocols. */
|
|
187
|
+
delegateGrants: DwnDataEncodedRecordsWriteMessage[];
|
|
188
|
+
/** The DID of the identity the user approved (the wallet owner's DID). */
|
|
189
|
+
connectedDid: string;
|
|
190
|
+
}
|
|
191
|
+
/**
|
|
192
|
+
* A connect handler obtains delegated credentials from a wallet.
|
|
193
|
+
*
|
|
194
|
+
* Different environments provide different implementations:
|
|
195
|
+
* - **Browser**: popup + postMessage (`BrowserConnectHandler` from `@enbox/browser`)
|
|
196
|
+
* - **Relay**: QR/PIN relay flow (`WalletConnect.initClient` from `@enbox/auth`)
|
|
197
|
+
* - **CLI**: terminal QR/URL + polling (custom handler)
|
|
198
|
+
* - **Desktop**: native window management (custom handler)
|
|
199
|
+
*
|
|
200
|
+
* @example
|
|
201
|
+
* ```ts
|
|
202
|
+
* import { BrowserConnectHandler } from '@enbox/browser';
|
|
203
|
+
* const auth = await AuthManager.create({
|
|
204
|
+
* connectHandler: BrowserConnectHandler(),
|
|
205
|
+
* });
|
|
206
|
+
* ```
|
|
207
|
+
*/
|
|
208
|
+
export interface ConnectHandler {
|
|
209
|
+
/**
|
|
210
|
+
* Obtain delegated credentials from a wallet.
|
|
211
|
+
*
|
|
212
|
+
* @param params.permissionRequests - Agent-level permission requests.
|
|
213
|
+
* @returns The delegate credentials, or `undefined` if the user denied.
|
|
214
|
+
*/
|
|
215
|
+
requestAccess(params: {
|
|
216
|
+
permissionRequests: ConnectPermissionRequest[];
|
|
217
|
+
}): Promise<ConnectResult | undefined>;
|
|
218
|
+
}
|
|
175
219
|
/** Options for {@link AuthManager.create}. */
|
|
176
220
|
export interface AuthManagerOptions {
|
|
177
221
|
/**
|
|
@@ -251,6 +295,25 @@ export interface AuthManagerOptions {
|
|
|
251
295
|
dwnEndpoints?: string[];
|
|
252
296
|
/** DWN registration configuration. */
|
|
253
297
|
registration?: RegistrationOptions;
|
|
298
|
+
/**
|
|
299
|
+
* Default connect handler for delegated connect flows.
|
|
300
|
+
*
|
|
301
|
+
* Used by `connect()` when the caller provides `protocols` (or other
|
|
302
|
+
* non-local-connect options) but does not pass a per-call handler.
|
|
303
|
+
*
|
|
304
|
+
* @example
|
|
305
|
+
* ```ts
|
|
306
|
+
* import { BrowserConnectHandler } from '@enbox/browser';
|
|
307
|
+
*
|
|
308
|
+
* const auth = await AuthManager.create({
|
|
309
|
+
* connectHandler: BrowserConnectHandler(),
|
|
310
|
+
* });
|
|
311
|
+
*
|
|
312
|
+
* // Later — uses the default handler automatically
|
|
313
|
+
* const session = await auth.connect({ protocols: [NotesProtocol] });
|
|
314
|
+
* ```
|
|
315
|
+
*/
|
|
316
|
+
connectHandler?: ConnectHandler;
|
|
254
317
|
}
|
|
255
318
|
/** Options for {@link AuthManager.connect}. */
|
|
256
319
|
export interface LocalConnectOptions {
|
|
@@ -266,7 +329,91 @@ export interface LocalConnectOptions {
|
|
|
266
329
|
metadata?: {
|
|
267
330
|
name?: string;
|
|
268
331
|
};
|
|
332
|
+
/**
|
|
333
|
+
* Whether to create a default identity if none exist.
|
|
334
|
+
*
|
|
335
|
+
* - `false` (default) — Skip automatic identity creation. The session is
|
|
336
|
+
* returned with the **agent DID** as the connected DID and no identity
|
|
337
|
+
* metadata. Use this when the app manages identity creation separately
|
|
338
|
+
* (e.g. a web wallet with an explicit "Create Identity" flow after
|
|
339
|
+
* vault setup).
|
|
340
|
+
*
|
|
341
|
+
* - `true` — If no identities exist after vault initialisation, a new
|
|
342
|
+
* `did:dht` identity is created automatically. Use this when vault
|
|
343
|
+
* setup and identity creation are combined into a single step (e.g.
|
|
344
|
+
* Electrobun's create wizard).
|
|
345
|
+
*
|
|
346
|
+
* @default false
|
|
347
|
+
*/
|
|
348
|
+
createIdentity?: boolean;
|
|
269
349
|
}
|
|
350
|
+
/**
|
|
351
|
+
* A protocol permission request in simplified form.
|
|
352
|
+
*
|
|
353
|
+
* Dapp developers can pass just a protocol definition (default permissions:
|
|
354
|
+
* `['read', 'write', 'query', 'subscribe']`), or an object with explicit
|
|
355
|
+
* permissions.
|
|
356
|
+
*/
|
|
357
|
+
export type ProtocolRequest = DwnProtocolDefinition | {
|
|
358
|
+
definition: DwnProtocolDefinition;
|
|
359
|
+
permissions: Permission[];
|
|
360
|
+
};
|
|
361
|
+
/** Shorthand permission names for DWN protocol scopes. */
|
|
362
|
+
export type Permission = 'write' | 'read' | 'delete' | 'query' | 'subscribe' | 'configure';
|
|
363
|
+
/** Default permissions granted when only a protocol definition is provided. */
|
|
364
|
+
export declare const DEFAULT_PERMISSIONS: Permission[];
|
|
365
|
+
/**
|
|
366
|
+
* Options for a handler-based (delegated) connect flow.
|
|
367
|
+
*
|
|
368
|
+
* Used when `connect()` delegates credential acquisition to a
|
|
369
|
+
* {@link ConnectHandler}. The handler is responsible for the
|
|
370
|
+
* environment-specific transport (popup, relay, CLI, etc.).
|
|
371
|
+
*/
|
|
372
|
+
export interface HandlerConnectOptions {
|
|
373
|
+
/**
|
|
374
|
+
* Protocols to request access to.
|
|
375
|
+
*
|
|
376
|
+
* Each entry can be either a protocol definition (uses default permissions)
|
|
377
|
+
* or an object with `{ definition, permissions }` for explicit control.
|
|
378
|
+
*
|
|
379
|
+
* @example
|
|
380
|
+
* ```ts
|
|
381
|
+
* // Default permissions (read, write, query, subscribe)
|
|
382
|
+
* protocols: [NotesProtocol]
|
|
383
|
+
*
|
|
384
|
+
* // Explicit permissions
|
|
385
|
+
* protocols: [
|
|
386
|
+
* { definition: NotesProtocol, permissions: ['read', 'write'] },
|
|
387
|
+
* { definition: PhotosProtocol, permissions: ['read'] },
|
|
388
|
+
* ]
|
|
389
|
+
* ```
|
|
390
|
+
*/
|
|
391
|
+
protocols?: ProtocolRequest[];
|
|
392
|
+
/**
|
|
393
|
+
* Connect handler for this call. Overrides the default handler set
|
|
394
|
+
* on `AuthManager.create()`.
|
|
395
|
+
*/
|
|
396
|
+
connectHandler?: ConnectHandler;
|
|
397
|
+
/** Override manager default sync interval. */
|
|
398
|
+
sync?: SyncOption;
|
|
399
|
+
}
|
|
400
|
+
/**
|
|
401
|
+
* Unified options for {@link AuthManager.connect}.
|
|
402
|
+
*
|
|
403
|
+
* `connect()` routes to the appropriate flow based on the options:
|
|
404
|
+
*
|
|
405
|
+
* - **Handler-based connect** (dapps): triggered when `protocols` or
|
|
406
|
+
* `connectHandler` is provided. Delegates to the connect handler
|
|
407
|
+
* for credential acquisition.
|
|
408
|
+
*
|
|
409
|
+
* - **Local connect** (wallets / CLI): triggered when `password`,
|
|
410
|
+
* `createIdentity`, or `recoveryPhrase` is provided.
|
|
411
|
+
*
|
|
412
|
+
* In both cases, `connect()` first attempts to restore a previous session
|
|
413
|
+
* from storage. If a valid session exists, it is returned immediately
|
|
414
|
+
* without any user interaction.
|
|
415
|
+
*/
|
|
416
|
+
export type ConnectOptions = HandlerConnectOptions | LocalConnectOptions;
|
|
270
417
|
/** Options for {@link AuthManager.walletConnect}. */
|
|
271
418
|
export interface WalletConnectOptions {
|
|
272
419
|
/** Display name shown in the wallet during the connect flow. */
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,wBAAwB,EAAE,cAAc,EAAE,eAAe,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,KAAK,EAAE,wBAAwB,EAAE,iCAAiC,EAAE,qBAAqB,EAAE,cAAc,EAAE,eAAe,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAE5L,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAG/D,YAAY,EAAE,wBAAwB,EAAE,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGvI,YAAY,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAInD;;;;;;;GAOG;AACH,MAAM,MAAM,UAAU,GAAG,KAAK,GAAG,GAAG,MAAM,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,EAAE,CAAC;AAI/D;;;;;;;;;GASG;AACH,MAAM,MAAM,SAAS,GACjB,eAAe,GACf,QAAQ,GACR,UAAU,GACV,WAAW,CAAC;AAIhB,mDAAmD;AACnD,MAAM,MAAM,SAAS,GACjB,cAAc,GACd,eAAe,GACf,aAAa,GACb,gBAAgB,GAChB,kBAAkB,GAClB,cAAc,GACd,gBAAgB,GAChB,qBAAqB,GACrB,uBAAuB,CAAC;AAE5B,wDAAwD;AACxD,MAAM,WAAW,YAAY;IAC3B,cAAc,EAAE;QAAE,QAAQ,EAAE,SAAS,CAAC;QAAC,OAAO,EAAE,SAAS,CAAA;KAAE,CAAC;IAC5D,eAAe,EAAE;QAAE,OAAO,EAAE,eAAe,CAAA;KAAE,CAAC;IAC9C,aAAa,EAAE;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;IAC/B,gBAAgB,EAAE;QAAE,QAAQ,EAAE,YAAY,CAAA;KAAE,CAAC;IAC7C,kBAAkB,EAAE;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IACvC,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IACtC,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IACxC,mEAAmE;IACnE,qBAAqB,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC;IAC5C,6GAA6G;IAC7G,uBAAuB,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;CAChD;AAED,sDAAsD;AACtD,MAAM,MAAM,gBAAgB,CAAC,CAAC,SAAS,SAAS,GAAG,SAAS,IAC1D,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC;AAIrC,oDAAoD;AACpD,MAAM,WAAW,YAAY;IAC3B,qCAAqC;IACrC,MAAM,EAAE,MAAM,CAAC;IAEf,2BAA2B;IAC3B,IAAI,EAAE,MAAM,CAAC;IAEb;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,+DAA+D;AAC/D,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,YAAY,CAAC;CACxB;AAID,gEAAgE;AAChE,MAAM,WAAW,kBAAkB;IACjC,+EAA+E;IAC/E,YAAY,EAAE,MAAM,CAAC;IACrB,6DAA6D;IAC7D,WAAW,EAAE,MAAM,CAAC;IACpB,4EAA4E;IAC5E,KAAK,EAAE,MAAM,CAAC;CACf;AAED,yEAAyE;AACzE,MAAM,WAAW,kBAAkB;IACjC,uDAAuD;IACvD,IAAI,EAAE,MAAM,CAAC;IACb,sEAAsE;IACtE,KAAK,EAAE,MAAM,CAAC;CACf;AAED,4DAA4D;AAC5D,MAAM,WAAW,qBAAqB;IACpC,wDAAwD;IACxD,iBAAiB,EAAE,MAAM,CAAC;IAC1B,2DAA2D;IAC3D,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,6EAA6E;IAC7E,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gEAAgE;IAChE,QAAQ,EAAE,MAAM,CAAC;IACjB,yDAAyD;IACzD,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAID;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,mBAAmB;IAClC,+DAA+D;IAC/D,SAAS,EAAE,MAAM,IAAI,CAAC;IAEtB,8CAA8C;IAC9C,SAAS,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,IAAI,CAAC;IAEpC;;;;;;OAMG;IACH,sBAAsB,CAAC,EAAE,CAAC,MAAM,EAAE,kBAAkB,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAErF;;;;;;;OAOG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC;IAE3D;;;;;;;;OAQG;IACH,oBAAoB,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,qBAAqB,CAAC,KAAK,IAAI,CAAC;IAE/E;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAID;;;;;;GAMG;AACH,MAAM,WAAW,aAAa;IAC5B,yDAAyD;IACzD,mBAAmB,EAAE,WAAW,CAAC;IAEjC,qDAAqD;IACrD,cAAc,EAAE,iCAAiC,EAAE,CAAC;IAEpD,0EAA0E;IAC1E,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,WAAW,cAAc;IAC7B;;;;;OAKG;IACH,aAAa,CAAC,MAAM,EAAE;QACpB,kBAAkB,EAAE,wBAAwB,EAAE,CAAC;KAChD,GAAG,OAAO,CAAC,aAAa,GAAG,SAAS,CAAC,CAAC;CACxC;AAED,8CAA8C;AAC9C,MAAM,WAAW,kBAAkB;IACjC;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,EAAE,cAAc,CAAC;IAEvB;;;;OAIG;IACH,UAAU,CAAC,EAAE,eAAe,CAAC;IAE7B;;;;;OAKG;IACH,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IAEpC;;;;;;OAMG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,8EAA8E;IAC9E,OAAO,CAAC,EAAE,cAAc,CAAC;IAEzB;;;;;;OAMG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;;;;;;;;;;;;;;;;;OAmBG;IACH,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IAEpC;;;;;OAKG;IACH,IAAI,CAAC,EAAE,UAAU,CAAC;IAElB,gDAAgD;IAChD,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IAExB,sCAAsC;IACtC,YAAY,CAAC,EAAE,mBAAmB,CAAC;IAEnC;;;;;;;;;;;;;;;;;OAiBG;IACH,cAAc,CAAC,EAAE,cAAc,CAAC;CACjC;AAED,+CAA+C;AAC/C,MAAM,WAAW,mBAAmB;IAClC,kDAAkD;IAClD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,kEAAkE;IAClE,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB,8CAA8C;IAC9C,IAAI,CAAC,EAAE,UAAU,CAAC;IAElB,8CAA8C;IAC9C,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IAExB,yBAAyB;IACzB,QAAQ,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAE7B;;;;;;;;;;;;;;;OAeG;IACH,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAID;;;;;;GAMG;AACH,MAAM,MAAM,eAAe,GACvB,qBAAqB,GACrB;IAAE,UAAU,EAAE,qBAAqB,CAAC;IAAC,WAAW,EAAE,UAAU,EAAE,CAAA;CAAE,CAAC;AAErE,0DAA0D;AAC1D,MAAM,MAAM,UAAU,GAAG,OAAO,GAAG,MAAM,GAAG,QAAQ,GAAG,OAAO,GAAG,WAAW,GAAG,WAAW,CAAC;AAE3F,+EAA+E;AAC/E,eAAO,MAAM,mBAAmB,EAAE,UAAU,EAAyD,CAAC;AAEtG;;;;;;GAMG;AACH,MAAM,WAAW,qBAAqB;IACpC;;;;;;;;;;;;;;;;;OAiBG;IACH,SAAS,CAAC,EAAE,eAAe,EAAE,CAAC;IAE9B;;;OAGG;IACH,cAAc,CAAC,EAAE,cAAc,CAAC;IAEhC,8CAA8C;IAC9C,IAAI,CAAC,EAAE,UAAU,CAAC;CACnB;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,MAAM,cAAc,GAAG,qBAAqB,GAAG,mBAAmB,CAAC;AAEzE,qDAAqD;AACrD,MAAM,WAAW,oBAAoB;IACnC,gEAAgE;IAChE,WAAW,EAAE,MAAM,CAAC;IAEpB,uCAAuC;IACvC,gBAAgB,EAAE,MAAM,CAAC;IAEzB,yDAAyD;IACzD,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;;;;;OAOG;IACH,kBAAkB,EAAE,wBAAwB,EAAE,CAAC;IAE/C,+DAA+D;IAC/D,gBAAgB,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;IAExC,+CAA+C;IAC/C,WAAW,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnC,8CAA8C;IAC9C,IAAI,CAAC,EAAE,UAAU,CAAC;CACnB;AAED,wDAAwD;AACxD,MAAM,WAAW,uBAAuB;IACtC,kCAAkC;IAClC,cAAc,EAAE,MAAM,CAAC;IAEvB,qCAAqC;IACrC,QAAQ,EAAE,MAAM,CAAC;IAEjB,8CAA8C;IAC9C,IAAI,CAAC,EAAE,UAAU,CAAC;IAElB,8CAA8C;IAC9C,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAED,0DAA0D;AAC1D,MAAM,WAAW,yBAAyB;IACxC,4CAA4C;IAC5C,gBAAgB,EAAE,gBAAgB,CAAC;IAEnC,8CAA8C;IAC9C,IAAI,CAAC,EAAE,UAAU,CAAC;CACnB;AAED,sDAAsD;AACtD,MAAM,WAAW,qBAAqB;IACpC,gEAAgE;IAChE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;;;;;;;;;;;;;;;;OAkBG;IACH,kBAAkB,CAAC,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;CAC5C;AAED,uDAAuD;AACvD,MAAM,WAAW,sBAAsB;IACrC,kDAAkD;IAClD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,gDAAgD;AAChD,MAAM,WAAW,eAAe;IAC9B;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,kDAAkD;AAClD,MAAM,WAAW,iBAAiB;IAChC;;;;OAIG;IACH,YAAY,CAAC,EAAE,OAAO,CAAC;IAEvB;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAID;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,uDAAuD;IACvD,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAEzC,4BAA4B;IAC5B,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE/C,oBAAoB;IACpB,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEnC,6BAA6B;IAC7B,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAEvB;;;;;;OAMG;IACH,KAAK,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACzB;AAID,gEAAgE;AAChE,eAAO,MAAM,yBAAyB,2BAA2B,CAAC;AAElE,yEAAyE;AACzE,eAAO,MAAM,qBAAqB,UAAgC,CAAC;AAEnE;;;GAGG;AACH,eAAO,MAAM,YAAY;IACvB,oDAAoD;;IAGpD,+CAA+C;;IAG/C,4DAA4D;;IAG5D,yDAAyD;;IAGzD;;;;;;OAMG;;IAGH;;;;;;OAMG;;CAEK,CAAC"}
|
|
@@ -52,10 +52,7 @@ export type WalletConnectClientOptions = {
|
|
|
52
52
|
*/
|
|
53
53
|
validatePin: () => Promise<string>;
|
|
54
54
|
};
|
|
55
|
-
|
|
56
|
-
* Shorthand for the types of permissions that can be requested.
|
|
57
|
-
*/
|
|
58
|
-
export type Permission = 'write' | 'read' | 'delete' | 'query' | 'subscribe' | 'configure';
|
|
55
|
+
import type { Permission } from './types.js';
|
|
59
56
|
/**
|
|
60
57
|
* The options for creating a permission request for a given protocol.
|
|
61
58
|
*/
|
|
@@ -77,8 +74,10 @@ declare function initClient({ displayName, connectServerUrl, walletUri, permissi
|
|
|
77
74
|
/**
|
|
78
75
|
* Creates a set of Dwn Permission Scopes to request for a given protocol.
|
|
79
76
|
*
|
|
80
|
-
* If no permissions are provided, the default
|
|
81
|
-
*
|
|
77
|
+
* If no permissions are provided, the default permissions from
|
|
78
|
+
* {@link DEFAULT_PERMISSIONS} are used (read, write, query, subscribe, configure).
|
|
79
|
+
* The 'configure' permission is included because dapps using the TypedEnbox API
|
|
80
|
+
* need it to auto-install the protocol on their local DWN via _autoConfigureOnce().
|
|
82
81
|
*/
|
|
83
82
|
declare function createPermissionRequestForProtocol({ definition, permissions }: ProtocolPermissionOptions): ConnectPermissionRequest;
|
|
84
83
|
export declare const WalletConnect: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"wallet-connect-client.d.ts","sourceRoot":"","sources":["../../src/wallet-connect-client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,wBAAwB,EAAsB,qBAAqB,EAAE,MAAM,cAAc,CAAC;AACxG,OAAO,KAAK,EAAyB,oBAAoB,EAAE,MAAM,cAAc,CAAC;AAQhF;;;;;;GAMG;AACH,MAAM,MAAM,0BAA0B,GAAG;IACvC,6EAA6E;IAC7E,WAAW,EAAE,MAAM,CAAC;IAEpB,sFAAsF;IACtF,gBAAgB,EAAE,MAAM,CAAC;IAEzB;;;;OAIG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;;;OAIG;IACH,kBAAkB,EAAE,wBAAwB,EAAE,CAAC;IAE/C;;;;;OAKG;IACH,gBAAgB,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;IAExC;;;;;OAKG;IACH,WAAW,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;CACpC,CAAC;AAEF
|
|
1
|
+
{"version":3,"file":"wallet-connect-client.d.ts","sourceRoot":"","sources":["../../src/wallet-connect-client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,wBAAwB,EAAsB,qBAAqB,EAAE,MAAM,cAAc,CAAC;AACxG,OAAO,KAAK,EAAyB,oBAAoB,EAAE,MAAM,cAAc,CAAC;AAQhF;;;;;;GAMG;AACH,MAAM,MAAM,0BAA0B,GAAG;IACvC,6EAA6E;IAC7E,WAAW,EAAE,MAAM,CAAC;IAEpB,sFAAsF;IACtF,gBAAgB,EAAE,MAAM,CAAC;IAEzB;;;;OAIG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;;;OAIG;IACH,kBAAkB,EAAE,wBAAwB,EAAE,CAAC;IAE/C;;;;;OAKG;IACH,gBAAgB,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;IAExC;;;;;OAKG;IACH,WAAW,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;CACpC,CAAC;AAEF,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAE7C;;GAEG;AACH,MAAM,MAAM,yBAAyB,GAAG;IACtC,+DAA+D;IAC/D,UAAU,EAAE,qBAAqB,CAAC;IAElC,uDAAuD;IACvD,WAAW,EAAE,UAAU,EAAE,CAAC;CAC3B,CAAC;AAEF;;;GAGG;AACH,iBAAe,UAAU,CAAC,EACxB,WAAW,EACX,gBAAgB,EAChB,SAAS,EACT,kBAAkB,EAClB,gBAAgB,EAChB,WAAW,GACZ,EAAE,0BAA0B,GAAG,OAAO,CAAC;IACtC,cAAc,EAAE,oBAAoB,CAAC,gBAAgB,CAAC,CAAC;IACvD,mBAAmB,EAAE,oBAAoB,CAAC,qBAAqB,CAAC,CAAC;IACjE,YAAY,EAAE,MAAM,CAAC;CACtB,GAAG,SAAS,CAAC,CAkGb;AAED;;;;;;;GAOG;AACH,iBAAS,kCAAkC,CAAC,EAAE,UAAU,EAAE,WAAW,EAAE,EAAE,yBAAyB,GAAG,wBAAwB,CAsE5H;AAED,eAAO,MAAM,aAAa;;;CAAqD,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@enbox/auth",
|
|
3
|
-
"version": "0.6.
|
|
3
|
+
"version": "0.6.2",
|
|
4
4
|
"description": "Headless authentication and identity management SDK for Enbox",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/esm/index.js",
|
|
@@ -56,11 +56,11 @@
|
|
|
56
56
|
"bun": ">=1.0.0"
|
|
57
57
|
},
|
|
58
58
|
"dependencies": {
|
|
59
|
-
"@enbox/agent": "0.5.
|
|
59
|
+
"@enbox/agent": "0.5.1",
|
|
60
60
|
"@enbox/common": "0.1.0",
|
|
61
61
|
"@enbox/crypto": "0.1.0",
|
|
62
62
|
"@enbox/dids": "0.1.0",
|
|
63
|
-
"@enbox/dwn-clients": "0.2.
|
|
63
|
+
"@enbox/dwn-clients": "0.2.1",
|
|
64
64
|
"@enbox/dwn-sdk-js": "0.2.0",
|
|
65
65
|
"level": "8.0.1"
|
|
66
66
|
},
|
package/src/auth-manager.ts
CHANGED
|
@@ -15,7 +15,10 @@ import type {
|
|
|
15
15
|
AuthEventHandler,
|
|
16
16
|
AuthManagerOptions,
|
|
17
17
|
AuthState,
|
|
18
|
+
ConnectHandler,
|
|
19
|
+
ConnectOptions,
|
|
18
20
|
DisconnectOptions,
|
|
21
|
+
HandlerConnectOptions,
|
|
19
22
|
HeadlessConnectOptions,
|
|
20
23
|
IdentityInfo,
|
|
21
24
|
ImportFromPhraseOptions,
|
|
@@ -36,10 +39,11 @@ import { AuthSession } from './identity-session.js';
|
|
|
36
39
|
import { createDefaultStorage } from './storage/storage.js';
|
|
37
40
|
import { discoverLocalDwn } from './discovery.js';
|
|
38
41
|
import { localConnect } from './connect/local.js';
|
|
42
|
+
import { normalizeProtocolRequests } from './permissions.js';
|
|
39
43
|
import { restoreSession } from './connect/restore.js';
|
|
40
44
|
import { STORAGE_KEYS } from './types.js';
|
|
41
45
|
import { walletConnect } from './connect/wallet.js';
|
|
42
|
-
import { ensureVaultReady, resolveIdentityDids, startSyncIfEnabled } from './connect/lifecycle.js';
|
|
46
|
+
import { ensureVaultReady, finalizeDelegateSession, importDelegateAndSetupSync, resolveIdentityDids, resolvePassword, startSyncIfEnabled } from './connect/lifecycle.js';
|
|
43
47
|
import { importFromPhrase, importFromPortable } from './connect/import.js';
|
|
44
48
|
|
|
45
49
|
/**
|
|
@@ -90,6 +94,7 @@ export class AuthManager {
|
|
|
90
94
|
private _defaultSync?: SyncOption;
|
|
91
95
|
private _defaultDwnEndpoints?: string[];
|
|
92
96
|
private _registration?: RegistrationOptions;
|
|
97
|
+
private _connectHandler?: ConnectHandler;
|
|
93
98
|
|
|
94
99
|
/**
|
|
95
100
|
* The local DWN server endpoint discovered during `create()`, if any.
|
|
@@ -109,6 +114,7 @@ export class AuthManager {
|
|
|
109
114
|
defaultDwnEndpoints?: string[];
|
|
110
115
|
registration?: RegistrationOptions;
|
|
111
116
|
localDwnEndpoint?: string;
|
|
117
|
+
connectHandler?: ConnectHandler;
|
|
112
118
|
}) {
|
|
113
119
|
this._userAgent = params.userAgent;
|
|
114
120
|
this._emitter = params.emitter;
|
|
@@ -119,6 +125,7 @@ export class AuthManager {
|
|
|
119
125
|
this._defaultDwnEndpoints = params.defaultDwnEndpoints;
|
|
120
126
|
this._registration = params.registration;
|
|
121
127
|
this._localDwnEndpoint = params.localDwnEndpoint;
|
|
128
|
+
this._connectHandler = params.connectHandler;
|
|
122
129
|
}
|
|
123
130
|
|
|
124
131
|
/**
|
|
@@ -168,6 +175,7 @@ export class AuthManager {
|
|
|
168
175
|
defaultDwnEndpoints : options.dwnEndpoints,
|
|
169
176
|
registration : options.registration,
|
|
170
177
|
localDwnEndpoint,
|
|
178
|
+
connectHandler : options.connectHandler,
|
|
171
179
|
});
|
|
172
180
|
|
|
173
181
|
// Determine initial state.
|
|
@@ -183,16 +191,74 @@ export class AuthManager {
|
|
|
183
191
|
// ─── Connection flows ──────────────────────────────────────────
|
|
184
192
|
|
|
185
193
|
/**
|
|
186
|
-
*
|
|
194
|
+
* Connect to a wallet or create a local session.
|
|
187
195
|
*
|
|
188
|
-
*
|
|
189
|
-
*
|
|
196
|
+
* This is the primary entry point for dapps. It routes to the
|
|
197
|
+
* appropriate flow based on the options:
|
|
190
198
|
*
|
|
191
|
-
*
|
|
199
|
+
* **Handler-based connect** (dapps): Delegates credential acquisition
|
|
200
|
+
* to a {@link ConnectHandler}. Triggered when `protocols` or
|
|
201
|
+
* `connectHandler` is provided.
|
|
202
|
+
*
|
|
203
|
+
* **Local connect** (wallets / CLI): Creates or unlocks a local vault.
|
|
204
|
+
* Triggered when `password`, `createIdentity`, or `recoveryPhrase`
|
|
205
|
+
* is provided.
|
|
206
|
+
*
|
|
207
|
+
* In both cases, `connect()` first attempts to restore a previous
|
|
208
|
+
* session. If a valid session exists, it is returned immediately
|
|
209
|
+
* without any user interaction.
|
|
210
|
+
*
|
|
211
|
+
* @example Dapp (browser)
|
|
212
|
+
* ```ts
|
|
213
|
+
* import { BrowserConnectHandler } from '@enbox/browser';
|
|
214
|
+
*
|
|
215
|
+
* const auth = await AuthManager.create({
|
|
216
|
+
* connectHandler: BrowserConnectHandler(),
|
|
217
|
+
* });
|
|
218
|
+
* const session = await auth.connect({
|
|
219
|
+
* protocols: [NotesProtocol],
|
|
220
|
+
* });
|
|
221
|
+
* ```
|
|
222
|
+
*
|
|
223
|
+
* @example Wallet / CLI
|
|
224
|
+
* ```ts
|
|
225
|
+
* const session = await auth.connect({
|
|
226
|
+
* password: userPin,
|
|
227
|
+
* createIdentity: true,
|
|
228
|
+
* });
|
|
229
|
+
* ```
|
|
230
|
+
*
|
|
231
|
+
* @param options - Connection options. The shape determines the flow.
|
|
192
232
|
* @returns An active AuthSession.
|
|
193
233
|
* @throws If a connection attempt is already in progress.
|
|
234
|
+
* @throws If handler-based connect is attempted without a handler.
|
|
194
235
|
*/
|
|
195
|
-
async connect(options?:
|
|
236
|
+
async connect(options?: ConnectOptions): Promise<AuthSession> {
|
|
237
|
+
return this._withConnect(async () => {
|
|
238
|
+
// 1. Try to restore a previous session first.
|
|
239
|
+
const restored = await restoreSession(this._flowContext());
|
|
240
|
+
if (restored) { return restored; }
|
|
241
|
+
|
|
242
|
+
// 2. Route to the appropriate flow.
|
|
243
|
+
if (this._isLocalConnect(options)) {
|
|
244
|
+
return localConnect(this._flowContext(), options as LocalConnectOptions);
|
|
245
|
+
}
|
|
246
|
+
|
|
247
|
+
return this._handlerConnect(options as HandlerConnectOptions | undefined);
|
|
248
|
+
});
|
|
249
|
+
}
|
|
250
|
+
|
|
251
|
+
/**
|
|
252
|
+
* Create or reconnect a local identity (explicit local connect).
|
|
253
|
+
*
|
|
254
|
+
* Use this when you explicitly want the local vault flow, bypassing
|
|
255
|
+
* auto-detection. This is the preferred method for wallet apps.
|
|
256
|
+
*
|
|
257
|
+
* @param options - Local connect options.
|
|
258
|
+
* @returns An active AuthSession.
|
|
259
|
+
* @throws If a connection attempt is already in progress.
|
|
260
|
+
*/
|
|
261
|
+
async connectLocal(options?: LocalConnectOptions): Promise<AuthSession> {
|
|
196
262
|
return this._withConnect(() => localConnect(this._flowContext(), options));
|
|
197
263
|
}
|
|
198
264
|
|
|
@@ -691,6 +757,101 @@ export class AuthManager {
|
|
|
691
757
|
|
|
692
758
|
// ─── Private helpers ───────────────────────────────────────────
|
|
693
759
|
|
|
760
|
+
/**
|
|
761
|
+
* Determine whether the given options indicate a local connect flow.
|
|
762
|
+
*
|
|
763
|
+
* Local connect is indicated by the presence of `password`,
|
|
764
|
+
* `createIdentity`, or `recoveryPhrase` — signals that the caller
|
|
765
|
+
* is managing its own vault/identity lifecycle. In non-browser
|
|
766
|
+
* environments, local connect is the fallback.
|
|
767
|
+
*/
|
|
768
|
+
private _isLocalConnect(options?: ConnectOptions): boolean {
|
|
769
|
+
const o = (options ?? {}) as Record<string, unknown>;
|
|
770
|
+
|
|
771
|
+
// If any local-connect-specific keys are present, it's definitely local.
|
|
772
|
+
const hasLocalSignals = (
|
|
773
|
+
o.password !== undefined ||
|
|
774
|
+
o.createIdentity !== undefined ||
|
|
775
|
+
o.recoveryPhrase !== undefined ||
|
|
776
|
+
o.dwnEndpoints !== undefined ||
|
|
777
|
+
o.metadata !== undefined
|
|
778
|
+
);
|
|
779
|
+
if (hasLocalSignals) { return true; }
|
|
780
|
+
|
|
781
|
+
// If any handler-connect signals are present, use the handler flow.
|
|
782
|
+
const hasHandlerSignals = (
|
|
783
|
+
o.protocols !== undefined ||
|
|
784
|
+
o.connectHandler !== undefined
|
|
785
|
+
);
|
|
786
|
+
if (hasHandlerSignals) { return false; }
|
|
787
|
+
|
|
788
|
+
// No explicit signals → default to local connect.
|
|
789
|
+
// Callers that want handler-based connect must provide protocols
|
|
790
|
+
// or a connectHandler.
|
|
791
|
+
return true;
|
|
792
|
+
}
|
|
793
|
+
|
|
794
|
+
/**
|
|
795
|
+
* Run a handler-based (delegated) connect flow.
|
|
796
|
+
*
|
|
797
|
+
* 1. Initialize the vault (agent-only, no identity).
|
|
798
|
+
* 2. Normalize protocol permission requests.
|
|
799
|
+
* 3. Delegate to the connect handler for credential acquisition.
|
|
800
|
+
* 4. Import the delegate DID, process grants, set up sync.
|
|
801
|
+
* 5. Finalize and return the AuthSession.
|
|
802
|
+
*/
|
|
803
|
+
private async _handlerConnect(
|
|
804
|
+
options?: HandlerConnectOptions,
|
|
805
|
+
): Promise<AuthSession> {
|
|
806
|
+
const ctx = this._flowContext();
|
|
807
|
+
const { userAgent, emitter, storage } = ctx;
|
|
808
|
+
const sync = options?.sync ?? ctx.defaultSync;
|
|
809
|
+
|
|
810
|
+
if (sync === 'off') {
|
|
811
|
+
throw new Error(
|
|
812
|
+
'[@enbox/auth] Sync must be enabled for delegated connect. ' +
|
|
813
|
+
'Remove sync: "off" or set an interval like "15s".'
|
|
814
|
+
);
|
|
815
|
+
}
|
|
816
|
+
|
|
817
|
+
// 1. Initialize vault (agent-only, no identity).
|
|
818
|
+
const isFirstLaunch = await userAgent.firstLaunch();
|
|
819
|
+
const password = await resolvePassword(ctx, undefined, isFirstLaunch);
|
|
820
|
+
await ensureVaultReady({ userAgent, emitter, password, isFirstLaunch });
|
|
821
|
+
|
|
822
|
+
// 2. Normalize protocol requests.
|
|
823
|
+
const permissionRequests = normalizeProtocolRequests(options?.protocols);
|
|
824
|
+
|
|
825
|
+
// 3. Resolve the handler.
|
|
826
|
+
const handler = options?.connectHandler ?? this._connectHandler;
|
|
827
|
+
if (!handler) {
|
|
828
|
+
throw new Error(
|
|
829
|
+
'[@enbox/auth] No connect handler provided. ' +
|
|
830
|
+
'Install @enbox/browser and pass BrowserConnectHandler(), ' +
|
|
831
|
+
'or provide a custom ConnectHandler.'
|
|
832
|
+
);
|
|
833
|
+
}
|
|
834
|
+
|
|
835
|
+
// 4. Delegate to the handler.
|
|
836
|
+
const result = await handler.requestAccess({ permissionRequests });
|
|
837
|
+
if (!result) {
|
|
838
|
+
throw new Error('[@enbox/auth] Connect was denied or cancelled by the user.');
|
|
839
|
+
}
|
|
840
|
+
|
|
841
|
+
// 5. Import delegate DID, process grants, set up sync.
|
|
842
|
+
const { delegatePortableDid, connectedDid, delegateGrants } = result;
|
|
843
|
+
const identity = await importDelegateAndSetupSync({
|
|
844
|
+
userAgent, delegatePortableDid, connectedDid, delegateGrants,
|
|
845
|
+
flowName: 'Connect',
|
|
846
|
+
});
|
|
847
|
+
|
|
848
|
+
// 6. Finalize session.
|
|
849
|
+
return finalizeDelegateSession({
|
|
850
|
+
userAgent, emitter, storage, identity,
|
|
851
|
+
connectedDid, delegateDid: delegatePortableDid.uri, sync,
|
|
852
|
+
});
|
|
853
|
+
}
|
|
854
|
+
|
|
694
855
|
/**
|
|
695
856
|
* Build a `FlowContext` from the manager's current state.
|
|
696
857
|
*
|