@enbox/auth 0.6.28 → 0.6.29
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/esm/auth-manager.js +82 -46
- package/dist/esm/auth-manager.js.map +1 -1
- package/dist/esm/connect/import.js +20 -13
- package/dist/esm/connect/import.js.map +1 -1
- package/dist/esm/connect/lifecycle.js +356 -68
- package/dist/esm/connect/lifecycle.js.map +1 -1
- package/dist/esm/connect/local.js +2 -1
- package/dist/esm/connect/local.js.map +1 -1
- package/dist/esm/connect/restore.js +87 -64
- package/dist/esm/connect/restore.js.map +1 -1
- package/dist/esm/connect/wallet.js +1 -0
- package/dist/esm/connect/wallet.js.map +1 -1
- package/dist/esm/discovery.js +2 -1
- package/dist/esm/discovery.js.map +1 -1
- package/dist/esm/events.js.map +1 -1
- package/dist/esm/registration.js +70 -12
- package/dist/esm/registration.js.map +1 -1
- package/dist/esm/types.js.map +1 -1
- package/dist/types/auth-manager.d.ts +26 -15
- package/dist/types/auth-manager.d.ts.map +1 -1
- package/dist/types/connect/import.d.ts.map +1 -1
- package/dist/types/connect/lifecycle.d.ts +60 -1
- package/dist/types/connect/lifecycle.d.ts.map +1 -1
- package/dist/types/connect/local.d.ts.map +1 -1
- package/dist/types/connect/restore.d.ts +8 -0
- package/dist/types/connect/restore.d.ts.map +1 -1
- package/dist/types/connect/wallet.d.ts.map +1 -1
- package/dist/types/events.d.ts +1 -1
- package/dist/types/events.d.ts.map +1 -1
- package/dist/types/registration.d.ts +28 -3
- package/dist/types/registration.d.ts.map +1 -1
- package/dist/types/types.d.ts +18 -9
- package/dist/types/types.d.ts.map +1 -1
- package/package.json +2 -2
- package/src/auth-manager.ts +100 -63
- package/src/connect/import.ts +24 -19
- package/src/connect/lifecycle.ts +360 -74
- package/src/connect/local.ts +5 -4
- package/src/connect/restore.ts +79 -66
- package/src/connect/wallet.ts +2 -1
- package/src/discovery.ts +1 -1
- package/src/events.ts +1 -1
- package/src/registration.ts +82 -15
- package/src/types.ts +18 -9
|
@@ -18,6 +18,7 @@ import type { BearerIdentity, DelegateContextKey, DelegateDecryptionKey, DwnData
|
|
|
18
18
|
import type { AuthEventEmitter } from '../events.js';
|
|
19
19
|
import type { PasswordProvider } from '../password-provider.js';
|
|
20
20
|
import type { RegistrationOptions, StorageAdapter, SyncOption } from '../types.js';
|
|
21
|
+
import { DwnPermissionGrant } from '@enbox/agent';
|
|
21
22
|
import { AuthSession } from '../identity-session.js';
|
|
22
23
|
/**
|
|
23
24
|
* Unified context passed from `AuthManager` to every connect flow.
|
|
@@ -119,6 +120,64 @@ export declare function resolveIdentityDids(identity: BearerIdentity, storedDele
|
|
|
119
120
|
connectedDid: string;
|
|
120
121
|
delegateDid: string | undefined;
|
|
121
122
|
};
|
|
123
|
+
/**
|
|
124
|
+
* Derive the sync protocol scope from a set of parsed permission grants.
|
|
125
|
+
*
|
|
126
|
+
* Only `Messages.Read` grants authorize sync operations. Other grant types
|
|
127
|
+
* (Records.Write, Protocols.Query, etc.) are ignored even if they contain a
|
|
128
|
+
* `protocol` field — they do not authorize `MessagesSync`.
|
|
129
|
+
*
|
|
130
|
+
* - Unscoped `Messages.Read` (no `protocol`) → `'all'` (full replica)
|
|
131
|
+
* - Scoped `Messages.Read` grants → collected protocol URIs
|
|
132
|
+
* - No sync-relevant grants → `[]` (caller should unregister)
|
|
133
|
+
*
|
|
134
|
+
* Expired grants are excluded.
|
|
135
|
+
*
|
|
136
|
+
* @internal
|
|
137
|
+
*/
|
|
138
|
+
export declare function deriveSyncScopeFromGrants(grants: DwnPermissionGrant[]): 'all' | string[];
|
|
139
|
+
/**
|
|
140
|
+
* Query the delegate's stored grants and revocations, filter out revoked
|
|
141
|
+
* and expired grants, and derive the sync protocol scope.
|
|
142
|
+
*
|
|
143
|
+
* Used by both `restoreSession()` and `switchIdentity()` to compute the
|
|
144
|
+
* correct sync registration from persisted grant state.
|
|
145
|
+
*
|
|
146
|
+
* @internal
|
|
147
|
+
*/
|
|
148
|
+
export declare function deriveActiveSyncScope(userAgent: EnboxUserAgent, delegateDid: string): Promise<'all' | string[]>;
|
|
149
|
+
/**
|
|
150
|
+
* Narrow a derived sync scope (`'all' | string[]`) to the form required by
|
|
151
|
+
* `SyncIdentityOptions.protocols` (`'all' | [string, ...string[]]`).
|
|
152
|
+
*
|
|
153
|
+
* Returns `undefined` when the scope is an empty array, signalling the
|
|
154
|
+
* caller should unregister the identity rather than register it.
|
|
155
|
+
*
|
|
156
|
+
* @internal
|
|
157
|
+
*/
|
|
158
|
+
export declare function toSyncIdentityProtocols(scope: 'all' | string[]): 'all' | [string, ...string[]] | undefined;
|
|
159
|
+
/**
|
|
160
|
+
* Register (or update, or clear) the sync registration for an identity based on
|
|
161
|
+
* its derived protocol scope.
|
|
162
|
+
*
|
|
163
|
+
* - For a **delegate session**: queries the delegate's active grants via
|
|
164
|
+
* {@link deriveActiveSyncScope}, then registers with `protocols: 'all'` or a
|
|
165
|
+
* scoped list when grants are present, or unregisters the identity when no
|
|
166
|
+
* sync-relevant grants remain (so revoked protocols stop syncing). The
|
|
167
|
+
* "is not registered" error from unregister is silently tolerated;
|
|
168
|
+
* `"already registered"` from register falls back to `updateIdentityOptions`.
|
|
169
|
+
*
|
|
170
|
+
* - For a **local session** (no `delegateDid`): registers with
|
|
171
|
+
* `protocols: 'all'` (a local identity is a full replica of its own DWN).
|
|
172
|
+
* The `"already registered"` error falls back to `updateIdentityOptions`.
|
|
173
|
+
*
|
|
174
|
+
* @internal
|
|
175
|
+
*/
|
|
176
|
+
export declare function registerSyncScopeForIdentity(params: {
|
|
177
|
+
userAgent: EnboxUserAgent;
|
|
178
|
+
connectedDid: string;
|
|
179
|
+
delegateDid?: string;
|
|
180
|
+
}): Promise<void>;
|
|
122
181
|
/**
|
|
123
182
|
* Process connected grants by storing them in the local DWN as the owner.
|
|
124
183
|
*
|
|
@@ -133,7 +192,7 @@ export declare function processConnectedGrants(params: {
|
|
|
133
192
|
connectedDid: string;
|
|
134
193
|
delegateDid: string;
|
|
135
194
|
grants: DwnDataEncodedRecordsWriteMessage[];
|
|
136
|
-
}): Promise<string[]>;
|
|
195
|
+
}): Promise<'all' | string[]>;
|
|
137
196
|
/**
|
|
138
197
|
* Import a delegated DID, process its grants, register sync, and pull.
|
|
139
198
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"lifecycle.d.ts","sourceRoot":"","sources":["../../../src/connect/lifecycle.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,KAAK,EAAE,cAAc,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,iCAAiC,
|
|
1
|
+
{"version":3,"file":"lifecycle.d.ts","sourceRoot":"","sources":["../../../src/connect/lifecycle.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,KAAK,EAAE,cAAc,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,iCAAiC,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAEjJ,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AACrD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,KAAK,EAAgB,mBAAmB,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAMjG,OAAO,EAAgB,kBAAkB,EAAiC,MAAM,cAAc,CAAC;AAE/F,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAKrD;;;;;;;;;GASG;AACH,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,cAAc,CAAC;IAC1B,OAAO,EAAE,gBAAgB,CAAC;IAC1B,OAAO,EAAE,cAAc,CAAC;IACxB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IACpC,WAAW,CAAC,EAAE,UAAU,CAAC;IACzB,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,YAAY,CAAC,EAAE,mBAAmB,CAAC;CACpC;AAID;;;;;;;;;;;;GAYG;AACH,wBAAsB,eAAe,CACnC,GAAG,EAAE,IAAI,CAAC,WAAW,EAAE,iBAAiB,GAAG,kBAAkB,CAAC,EAC9D,QAAQ,EAAE,MAAM,GAAG,SAAS,EAC5B,aAAa,EAAE,OAAO,GACrB,OAAO,CAAC,MAAM,CAAC,CA4BjB;AAID;;;;;;;;;;;;;GAaG;AACH,wBAAsB,gBAAgB,CAAC,MAAM,EAAE;IAC7C,SAAS,EAAE,cAAc,CAAC;IAC1B,OAAO,EAAE,gBAAgB,CAAC;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,OAAO,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAgB9B;AAID;;;;;;;;;;;;GAYG;AACH,wBAAsB,kBAAkB,CACtC,SAAS,EAAE,cAAc,EACzB,IAAI,EAAE,UAAU,GAAG,SAAS,GAC3B,OAAO,CAAC,IAAI,CAAC,CAUf;AAID;;;;;;;;GAQG;AACH,wBAAsB,qBAAqB,CACzC,SAAS,EAAE,cAAc,EACzB,YAAY,GAAE,MAAM,EAA0B,EAC9C,IAAI,SAAY,GACf,OAAO,CAAC,cAAc,CAAC,CA0BzB;AAID;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,cAAc,EACxB,iBAAiB,CAAC,EAAE,MAAM,GACzB;IACD,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,GAAG,SAAS,CAAC;CACjC,CAMA;AAID;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,yBAAyB,CAAC,MAAM,EAAE,kBAAkB,EAAE,GAAG,KAAK,GAAG,MAAM,EAAE,CA4BxF;AAED;;;;;;;;GAQG;AACH,wBAAsB,qBAAqB,CACzC,SAAS,EAAE,cAAc,EACzB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,KAAK,GAAG,MAAM,EAAE,CAAC,CAsC3B;AAID;;;;;;;;GAQG;AACH,wBAAgB,uBAAuB,CACrC,KAAK,EAAE,KAAK,GAAG,MAAM,EAAE,GACtB,KAAK,GAAG,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,GAAG,SAAS,CAI3C;AAID;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAsB,4BAA4B,CAAC,MAAM,EAAE;IACzD,SAAS,EAAE,cAAc,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,GAAG,OAAO,CAAC,IAAI,CAAC,CA0ChB;AAID;;;;;;;;GAQG;AACH,wBAAsB,sBAAsB,CAAC,MAAM,EAAE;IACnD,KAAK,EAAE,cAAc,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,iCAAiC,EAAE,CAAC;CAC7C,GAAG,OAAO,CAAC,KAAK,GAAG,MAAM,EAAE,CAAC,CAoH5B;AAID;;;;;;;;GAQG;AACH,wBAAsB,0BAA0B,CAAC,MAAM,EAAE;IACvD,SAAS,EAAE,cAAc,CAAC;IAC1B,mBAAmB,EAAE,WAAW,CAAC;IACjC,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,iCAAiC,EAAE,CAAC;IACpD,sBAAsB,CAAC,EAAE,qBAAqB,EAAE,CAAC;IACjD,mBAAmB,CAAC,EAAE,kBAAkB,EAAE,CAAC;IAC3C,2BAA2B,CAAC,EAAE,MAAM,EAAE,CAAC;IACvC,kBAAkB,CAAC,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IACtE,QAAQ,EAAE,MAAM,CAAC;CAClB,GAAG,OAAO,CAAC,cAAc,CAAC,CAgI1B;AAID;;;;;;GAMG;AACH,wBAAsB,uBAAuB,CAAC,MAAM,EAAE;IACpD,SAAS,EAAE,cAAc,CAAC;IAC1B,OAAO,EAAE,gBAAgB,CAAC;IAC1B,OAAO,EAAE,cAAc,CAAC;IACxB,QAAQ,EAAE,cAAc,CAAC;IACzB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,UAAU,GAAG,SAAS,CAAC;CAC9B,GAAG,OAAO,CAAC,WAAW,CAAC,CAyCvB;AAID;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAsB,eAAe,CAAC,MAAM,EAAE;IAC5C,SAAS,EAAE,cAAc,CAAC;IAC1B,OAAO,EAAE,gBAAgB,CAAC;IAC1B,OAAO,EAAE,cAAc,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC3C,GAAG,OAAO,CAAC,WAAW,CAAC,CAmDvB"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"local.d.ts","sourceRoot":"","sources":["../../../src/connect/local.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAOvD;;;;;;;;;;GAUG;AACH,wBAAsB,YAAY,CAChC,GAAG,EAAE,WAAW,EAChB,OAAO,GAAE,mBAAwB,GAChC,OAAO,CAAC,WAAW,CAAC,
|
|
1
|
+
{"version":3,"file":"local.d.ts","sourceRoot":"","sources":["../../../src/connect/local.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAOvD;;;;;;;;;;GAUG;AACH,wBAAsB,YAAY,CAChC,GAAG,EAAE,WAAW,EAChB,OAAO,GAAE,mBAAwB,GAChC,OAAO,CAAC,WAAW,CAAC,CAqFtB"}
|
|
@@ -31,4 +31,12 @@ export declare function restoreSession(ctx: FlowContext, options?: RestoreSessio
|
|
|
31
31
|
* disconnected and the retry is purely a background cleanup.
|
|
32
32
|
*/
|
|
33
33
|
export declare function retryOrphanedRevocations(userAgent: EnboxUserAgent, storage: StorageAdapter): Promise<void>;
|
|
34
|
+
/**
|
|
35
|
+
* Derive the protocol list for a delegate's sync scope by querying
|
|
36
|
+
* stored grant records and extracting their `scope.protocol` fields.
|
|
37
|
+
*
|
|
38
|
+
* Returns a deduplicated array of protocol URIs, excluding the DWN
|
|
39
|
+
* permissions protocol itself (permission records are already included
|
|
40
|
+
* in each protocol's sync stream via `constructAdditionalMessageFilter`).
|
|
41
|
+
*/
|
|
34
42
|
//# sourceMappingURL=restore.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"restore.d.ts","sourceRoot":"","sources":["../../../src/connect/restore.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAEzD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAElD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"restore.d.ts","sourceRoot":"","sources":["../../../src/connect/restore.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAEzD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAElD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAsEnD;;;;;;;;;;GAUG;AACH,wBAAsB,cAAc,CAClC,GAAG,EAAE,WAAW,EAChB,OAAO,GAAE,qBAA0B,GAClC,OAAO,CAAC,WAAW,GAAG,SAAS,CAAC,CA2NlC;AA4LD;;;;;;;GAOG;AACH,wBAAsB,wBAAwB,CAC5C,SAAS,EAAE,cAAc,EACzB,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,IAAI,CAAC,CA6Cf;AAID;;;;;;;GAOG"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"wallet.d.ts","sourceRoot":"","sources":["../../../src/connect/wallet.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAQxD,OAAO,EAAE,sBAAsB,EAAE,MAAM,gBAAgB,CAAC;AAExD;;;;;;GAMG;AACH,wBAAsB,aAAa,CACjC,GAAG,EAAE,WAAW,EAChB,OAAO,EAAE,oBAAoB,GAC5B,OAAO,CAAC,WAAW,CAAC,
|
|
1
|
+
{"version":3,"file":"wallet.d.ts","sourceRoot":"","sources":["../../../src/connect/wallet.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAQxD,OAAO,EAAE,sBAAsB,EAAE,MAAM,gBAAgB,CAAC;AAExD;;;;;;GAMG;AACH,wBAAsB,aAAa,CACjC,GAAG,EAAE,WAAW,EAChB,OAAO,EAAE,oBAAoB,GAC5B,OAAO,CAAC,WAAW,CAAC,CAwDtB"}
|
package/dist/types/events.d.ts
CHANGED
|
@@ -17,7 +17,7 @@ import type { AuthEvent, AuthEventHandler, AuthEventMap } from './types.js';
|
|
|
17
17
|
* ```
|
|
18
18
|
*/
|
|
19
19
|
export declare class AuthEventEmitter {
|
|
20
|
-
private _listeners;
|
|
20
|
+
private readonly _listeners;
|
|
21
21
|
/**
|
|
22
22
|
* Subscribe to an event. Returns an unsubscribe function.
|
|
23
23
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"events.d.ts","sourceRoot":"","sources":["../../src/events.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE5E;;;;;;;;;;;;GAYG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,UAAU,CAA0D;
|
|
1
|
+
{"version":3,"file":"events.d.ts","sourceRoot":"","sources":["../../src/events.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE5E;;;;;;;;;;;;GAYG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAA0D;IAErF;;OAEG;IACH,EAAE,CAAC,CAAC,SAAS,SAAS,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,gBAAgB,CAAC,CAAC,CAAC,GAAG,MAAM,IAAI;IAgB3E;;;OAGG;IACH,IAAI,CAAC,CAAC,SAAS,SAAS,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC,CAAC,GAAG,IAAI;IAYnE;;;OAGG;IACH,kBAAkB,IAAI,IAAI;CAG3B"}
|
|
@@ -10,7 +10,7 @@
|
|
|
10
10
|
* standalone, reusable function.
|
|
11
11
|
* @module
|
|
12
12
|
*/
|
|
13
|
-
import type { EnboxUserAgent } from '@enbox/agent';
|
|
13
|
+
import type { EnboxUserAgent, SecretStore } from '@enbox/agent';
|
|
14
14
|
import type { RegistrationOptions, RegistrationTokenData, StorageAdapter } from './types.js';
|
|
15
15
|
/** @internal */
|
|
16
16
|
export interface RegistrationContext {
|
|
@@ -23,8 +23,19 @@ export interface RegistrationContext {
|
|
|
23
23
|
/** The connected DID URI (the identity's DID). */
|
|
24
24
|
connectedDid: string;
|
|
25
25
|
/**
|
|
26
|
-
*
|
|
27
|
-
*
|
|
26
|
+
* Vault-backed secret store for encrypted token persistence.
|
|
27
|
+
*
|
|
28
|
+
* When provided **and** the vault is unlocked, registration tokens are
|
|
29
|
+
* stored here instead of in the plaintext `StorageAdapter`, keeping
|
|
30
|
+
* bearer credentials out of `localStorage`.
|
|
31
|
+
*/
|
|
32
|
+
secretStore?: SecretStore;
|
|
33
|
+
/**
|
|
34
|
+
* Plaintext storage adapter for automatic token persistence.
|
|
35
|
+
*
|
|
36
|
+
* @deprecated Prefer {@link secretStore} when the vault is available.
|
|
37
|
+
* This field is retained for backwards compatibility with
|
|
38
|
+
* callers that have not yet migrated.
|
|
28
39
|
*/
|
|
29
40
|
storage?: StorageAdapter;
|
|
30
41
|
}
|
|
@@ -55,4 +66,18 @@ export declare function loadTokensFromStorage(storage: StorageAdapter): Promise<
|
|
|
55
66
|
* @internal
|
|
56
67
|
*/
|
|
57
68
|
export declare function saveTokensToStorage(storage: StorageAdapter, tokens: Record<string, RegistrationTokenData>): Promise<void>;
|
|
69
|
+
/**
|
|
70
|
+
* Load registration tokens from the vault-backed {@link SecretStore}.
|
|
71
|
+
*
|
|
72
|
+
* Returns an empty record if no tokens are stored, the stored value is
|
|
73
|
+
* corrupt, or the vault is locked (best-effort — never throws).
|
|
74
|
+
*
|
|
75
|
+
* @internal
|
|
76
|
+
*/
|
|
77
|
+
export declare function loadTokensFromSecretStore(secretStore: SecretStore): Promise<Record<string, RegistrationTokenData>>;
|
|
78
|
+
/**
|
|
79
|
+
* Save registration tokens to the vault-backed {@link SecretStore}.
|
|
80
|
+
* @internal
|
|
81
|
+
*/
|
|
82
|
+
export declare function saveTokensToSecretStore(secretStore: SecretStore, tokens: Record<string, RegistrationTokenData>): Promise<void>;
|
|
58
83
|
//# sourceMappingURL=registration.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"registration.d.ts","sourceRoot":"","sources":["../../src/registration.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"registration.d.ts","sourceRoot":"","sources":["../../src/registration.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAOhE,OAAO,KAAK,EACV,mBAAmB,EACnB,qBAAqB,EACrB,cAAc,EACf,MAAM,YAAY,CAAC;AAEpB,gBAAgB;AAChB,MAAM,WAAW,mBAAmB;IAClC,0DAA0D;IAC1D,SAAS,EAAE,cAAc,CAAC;IAE1B,sCAAsC;IACtC,YAAY,EAAE,MAAM,EAAE,CAAC;IAEvB,yBAAyB;IACzB,QAAQ,EAAE,MAAM,CAAC;IAEjB,kDAAkD;IAClD,YAAY,EAAE,MAAM,CAAC;IAErB;;;;;;OAMG;IACH,WAAW,CAAC,EAAE,WAAW,CAAC;IAE1B;;;;;;OAMG;IACH,OAAO,CAAC,EAAE,cAAc,CAAC;CAC1B;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,wBAAwB,CAC5C,GAAG,EAAE,mBAAmB,EACxB,YAAY,EAAE,mBAAmB,GAChC,OAAO,CAAC,IAAI,CAAC,CAwIf;AAID;;;;;;;GAOG;AACH,wBAAsB,qBAAqB,CACzC,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC,CAQhD;AAED;;;GAGG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,cAAc,EACvB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,qBAAqB,CAAC,GAC5C,OAAO,CAAC,IAAI,CAAC,CAEf;AAID;;;;;;;GAOG;AACH,wBAAsB,yBAAyB,CAC7C,WAAW,EAAE,WAAW,GACvB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC,CAShD;AAED;;;GAGG;AACH,wBAAsB,uBAAuB,CAC3C,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,qBAAqB,CAAC,GAC5C,OAAO,CAAC,IAAI,CAAC,CAGf"}
|
package/dist/types/types.d.ts
CHANGED
|
@@ -136,7 +136,8 @@ export interface RegistrationOptions {
|
|
|
136
136
|
* endpoint, it is used directly without re-running the auth flow.
|
|
137
137
|
*
|
|
138
138
|
* When {@link persistTokens} is `true`, this field is ignored —
|
|
139
|
-
* tokens are loaded automatically from the
|
|
139
|
+
* tokens are loaded automatically from the agent's vault-backed
|
|
140
|
+
* `SecretStore` (preferred) or the legacy `StorageAdapter` (fallback).
|
|
140
141
|
*/
|
|
141
142
|
registrationTokens?: Record<string, RegistrationTokenData>;
|
|
142
143
|
/**
|
|
@@ -144,20 +145,28 @@ export interface RegistrationOptions {
|
|
|
144
145
|
* The app should persist these for future sessions.
|
|
145
146
|
*
|
|
146
147
|
* When {@link persistTokens} is `true`, tokens are saved automatically
|
|
147
|
-
* to the
|
|
148
|
-
*
|
|
149
|
-
*
|
|
148
|
+
* to the agent's vault-backed `SecretStore` (or the legacy
|
|
149
|
+
* `StorageAdapter` when no `SecretStore` is available). This callback
|
|
150
|
+
* is still invoked (if provided) **after** the automatic save, so
|
|
151
|
+
* consumers can observe token changes without handling persistence
|
|
152
|
+
* themselves.
|
|
150
153
|
*/
|
|
151
154
|
onRegistrationTokens?: (tokens: Record<string, RegistrationTokenData>) => void;
|
|
152
155
|
/**
|
|
153
|
-
* Automatically persist and restore registration tokens
|
|
154
|
-
* auth manager's `StorageAdapter`.
|
|
156
|
+
* Automatically persist and restore registration tokens.
|
|
155
157
|
*
|
|
156
|
-
* When `true`, tokens are loaded
|
|
157
|
-
*
|
|
158
|
-
*
|
|
158
|
+
* When `true`, tokens are loaded before registration and saved back
|
|
159
|
+
* after new or refreshed tokens are obtained, removing the need for
|
|
160
|
+
* consumers to implement their own token I/O via
|
|
159
161
|
* {@link registrationTokens} and {@link onRegistrationTokens}.
|
|
160
162
|
*
|
|
163
|
+
* **Storage preference:** tokens are stored in the agent's vault-backed
|
|
164
|
+
* `SecretStore` (encrypted at rest) when available. On the first run
|
|
165
|
+
* after an upgrade, any tokens left in the legacy plaintext
|
|
166
|
+
* `StorageAdapter` are migrated into the `SecretStore` and the
|
|
167
|
+
* plaintext copy is removed. If no `SecretStore` is provided, the
|
|
168
|
+
* `StorageAdapter` is used as a fallback.
|
|
169
|
+
*
|
|
161
170
|
* Defaults to `false` for backward compatibility.
|
|
162
171
|
*
|
|
163
172
|
* @example
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,KAAK,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,iCAAiC,EAAE,qBAAqB,EAAE,cAAc,EAAE,eAAe,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAEvO,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAG/D,YAAY,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGlL,YAAY,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAInD;;;;;;;GAOG;AACH,MAAM,MAAM,UAAU,GAAG,KAAK,GAAG,GAAG,MAAM,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,EAAE,CAAC;AAI/D;;;;;;;;;GASG;AACH,MAAM,MAAM,SAAS,GACjB,eAAe,GACf,QAAQ,GACR,UAAU,GACV,WAAW,CAAC;AAIhB,mDAAmD;AACnD,MAAM,MAAM,SAAS,GACjB,cAAc,GACd,eAAe,GACf,aAAa,GACb,gBAAgB,GAChB,kBAAkB,GAClB,cAAc,GACd,gBAAgB,GAChB,qBAAqB,GACrB,uBAAuB,CAAC;AAE5B,wDAAwD;AACxD,MAAM,WAAW,YAAY;IAC3B,cAAc,EAAE;QAAE,QAAQ,EAAE,SAAS,CAAC;QAAC,OAAO,EAAE,SAAS,CAAA;KAAE,CAAC;IAC5D,eAAe,EAAE;QAAE,OAAO,EAAE,eAAe,CAAA;KAAE,CAAC;IAC9C,aAAa,EAAE;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;IAC/B,gBAAgB,EAAE;QAAE,QAAQ,EAAE,YAAY,CAAA;KAAE,CAAC;IAC7C,kBAAkB,EAAE;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IACvC,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IACtC,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IACxC,mEAAmE;IACnE,qBAAqB,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC;IAC5C,6GAA6G;IAC7G,uBAAuB,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;CAChD;AAED,sDAAsD;AACtD,MAAM,MAAM,gBAAgB,CAAC,CAAC,SAAS,SAAS,GAAG,SAAS,IAC1D,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC;AAIrC,oDAAoD;AACpD,MAAM,WAAW,YAAY;IAC3B,qCAAqC;IACrC,MAAM,EAAE,MAAM,CAAC;IAEf,2BAA2B;IAC3B,IAAI,EAAE,MAAM,CAAC;IAEb;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,+DAA+D;AAC/D,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,YAAY,CAAC;CACxB;AAID,gEAAgE;AAChE,MAAM,WAAW,kBAAkB;IACjC,+EAA+E;IAC/E,YAAY,EAAE,MAAM,CAAC;IACrB,6DAA6D;IAC7D,WAAW,EAAE,MAAM,CAAC;IACpB,4EAA4E;IAC5E,KAAK,EAAE,MAAM,CAAC;CACf;AAED,yEAAyE;AACzE,MAAM,WAAW,kBAAkB;IACjC,uDAAuD;IACvD,IAAI,EAAE,MAAM,CAAC;IACb,sEAAsE;IACtE,KAAK,EAAE,MAAM,CAAC;CACf;AAED,4DAA4D;AAC5D,MAAM,WAAW,qBAAqB;IACpC,wDAAwD;IACxD,iBAAiB,EAAE,MAAM,CAAC;IAC1B,2DAA2D;IAC3D,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,6EAA6E;IAC7E,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gEAAgE;IAChE,QAAQ,EAAE,MAAM,CAAC;IACjB,yDAAyD;IACzD,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAID;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,mBAAmB;IAClC,+DAA+D;IAC/D,SAAS,EAAE,MAAM,IAAI,CAAC;IAEtB,8CAA8C;IAC9C,SAAS,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,IAAI,CAAC;IAEpC;;;;;;OAMG;IACH,sBAAsB,CAAC,EAAE,CAAC,MAAM,EAAE,kBAAkB,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAErF
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,KAAK,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,iCAAiC,EAAE,qBAAqB,EAAE,cAAc,EAAE,eAAe,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAEvO,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAG/D,YAAY,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGlL,YAAY,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAInD;;;;;;;GAOG;AACH,MAAM,MAAM,UAAU,GAAG,KAAK,GAAG,GAAG,MAAM,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,EAAE,CAAC;AAI/D;;;;;;;;;GASG;AACH,MAAM,MAAM,SAAS,GACjB,eAAe,GACf,QAAQ,GACR,UAAU,GACV,WAAW,CAAC;AAIhB,mDAAmD;AACnD,MAAM,MAAM,SAAS,GACjB,cAAc,GACd,eAAe,GACf,aAAa,GACb,gBAAgB,GAChB,kBAAkB,GAClB,cAAc,GACd,gBAAgB,GAChB,qBAAqB,GACrB,uBAAuB,CAAC;AAE5B,wDAAwD;AACxD,MAAM,WAAW,YAAY;IAC3B,cAAc,EAAE;QAAE,QAAQ,EAAE,SAAS,CAAC;QAAC,OAAO,EAAE,SAAS,CAAA;KAAE,CAAC;IAC5D,eAAe,EAAE;QAAE,OAAO,EAAE,eAAe,CAAA;KAAE,CAAC;IAC9C,aAAa,EAAE;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;IAC/B,gBAAgB,EAAE;QAAE,QAAQ,EAAE,YAAY,CAAA;KAAE,CAAC;IAC7C,kBAAkB,EAAE;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IACvC,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IACtC,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IACxC,mEAAmE;IACnE,qBAAqB,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC;IAC5C,6GAA6G;IAC7G,uBAAuB,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;CAChD;AAED,sDAAsD;AACtD,MAAM,MAAM,gBAAgB,CAAC,CAAC,SAAS,SAAS,GAAG,SAAS,IAC1D,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC;AAIrC,oDAAoD;AACpD,MAAM,WAAW,YAAY;IAC3B,qCAAqC;IACrC,MAAM,EAAE,MAAM,CAAC;IAEf,2BAA2B;IAC3B,IAAI,EAAE,MAAM,CAAC;IAEb;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,+DAA+D;AAC/D,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,YAAY,CAAC;CACxB;AAID,gEAAgE;AAChE,MAAM,WAAW,kBAAkB;IACjC,+EAA+E;IAC/E,YAAY,EAAE,MAAM,CAAC;IACrB,6DAA6D;IAC7D,WAAW,EAAE,MAAM,CAAC;IACpB,4EAA4E;IAC5E,KAAK,EAAE,MAAM,CAAC;CACf;AAED,yEAAyE;AACzE,MAAM,WAAW,kBAAkB;IACjC,uDAAuD;IACvD,IAAI,EAAE,MAAM,CAAC;IACb,sEAAsE;IACtE,KAAK,EAAE,MAAM,CAAC;CACf;AAED,4DAA4D;AAC5D,MAAM,WAAW,qBAAqB;IACpC,wDAAwD;IACxD,iBAAiB,EAAE,MAAM,CAAC;IAC1B,2DAA2D;IAC3D,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,6EAA6E;IAC7E,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gEAAgE;IAChE,QAAQ,EAAE,MAAM,CAAC;IACjB,yDAAyD;IACzD,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAID;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,mBAAmB;IAClC,+DAA+D;IAC/D,SAAS,EAAE,MAAM,IAAI,CAAC;IAEtB,8CAA8C;IAC9C,SAAS,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,IAAI,CAAC;IAEpC;;;;;;OAMG;IACH,sBAAsB,CAAC,EAAE,CAAC,MAAM,EAAE,kBAAkB,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAErF;;;;;;;;OAQG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC;IAE3D;;;;;;;;;;OAUG;IACH,oBAAoB,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,qBAAqB,CAAC,KAAK,IAAI,CAAC;IAE/E;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACH,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAID;;;;;;GAMG;AACH,MAAM,WAAW,aAAa;IAC5B,yDAAyD;IACzD,mBAAmB,EAAE,WAAW,CAAC;IAEjC,qDAAqD;IACrD,cAAc,EAAE,iCAAiC,EAAE,CAAC;IAEpD,0EAA0E;IAC1E,YAAY,EAAE,MAAM,CAAC;IAErB;;;;;;OAMG;IACH,sBAAsB,CAAC,EAAE,qBAAqB,EAAE,CAAC;IAEjD;;;OAGG;IACH,mBAAmB,CAAC,EAAE,kBAAkB,EAAE,CAAC;IAE3C;;;OAGG;IACH,2BAA2B,CAAC,EAAE,MAAM,EAAE,CAAC;IAEvC,qFAAqF;IACrF,kBAAkB,CAAC,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;CACvE;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,WAAW,cAAc;IAC7B;;;;;OAKG;IACH,aAAa,CAAC,MAAM,EAAE;QACpB,kBAAkB,EAAE,wBAAwB,EAAE,CAAC;KAChD,GAAG,OAAO,CAAC,aAAa,GAAG,SAAS,CAAC,CAAC;CACxC;AAED,8CAA8C;AAC9C,MAAM,WAAW,kBAAkB;IACjC;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,EAAE,cAAc,CAAC;IAEvB;;;;OAIG;IACH,UAAU,CAAC,EAAE,eAAe,CAAC;IAE7B;;;;;OAKG;IACH,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IAEpC;;;;;;OAMG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,8EAA8E;IAC9E,OAAO,CAAC,EAAE,cAAc,CAAC;IAEzB;;;;;;OAMG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;;;;;;;;;;;;;;;;;OAmBG;IACH,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IAEpC;;;;;OAKG;IACH,IAAI,CAAC,EAAE,UAAU,CAAC;IAElB,gDAAgD;IAChD,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IAExB,sCAAsC;IACtC,YAAY,CAAC,EAAE,mBAAmB,CAAC;IAEnC;;;;;;;;;;;;;;;;;OAiBG;IACH,cAAc,CAAC,EAAE,cAAc,CAAC;CACjC;AAED,+CAA+C;AAC/C,MAAM,WAAW,mBAAmB;IAClC,kDAAkD;IAClD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,kEAAkE;IAClE,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB,8CAA8C;IAC9C,IAAI,CAAC,EAAE,UAAU,CAAC;IAElB,8CAA8C;IAC9C,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IAExB,yBAAyB;IACzB,QAAQ,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAE7B;;;;;;;;;;;;;;;OAeG;IACH,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAID;;;;;;GAMG;AACH,MAAM,MAAM,eAAe,GACvB,qBAAqB,GACrB;IAAE,UAAU,EAAE,qBAAqB,CAAC;IAAC,WAAW,EAAE,UAAU,EAAE,CAAA;CAAE,CAAC;AAErE,0DAA0D;AAC1D,MAAM,MAAM,UAAU,GAAG,OAAO,GAAG,MAAM,GAAG,QAAQ,GAAG,OAAO,GAAG,WAAW,GAAG,WAAW,CAAC;AAE3F,+EAA+E;AAC/E,eAAO,MAAM,mBAAmB,EAAE,UAAU,EAAmE,CAAC;AAEhH;;;;;;GAMG;AACH,MAAM,WAAW,qBAAqB;IACpC;;;;;;;;;;;;;;;;;OAiBG;IACH,SAAS,CAAC,EAAE,eAAe,EAAE,CAAC;IAE9B;;;OAGG;IACH,cAAc,CAAC,EAAE,cAAc,CAAC;IAEhC,8CAA8C;IAC9C,IAAI,CAAC,EAAE,UAAU,CAAC;CACnB;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,MAAM,cAAc,GAAG,qBAAqB,GAAG,mBAAmB,CAAC;AAEzE,qDAAqD;AACrD,MAAM,WAAW,oBAAoB;IACnC,gEAAgE;IAChE,WAAW,EAAE,MAAM,CAAC;IAEpB,uCAAuC;IACvC,gBAAgB,EAAE,MAAM,CAAC;IAEzB,yDAAyD;IACzD,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;;;;;OAOG;IACH,kBAAkB,EAAE,wBAAwB,EAAE,CAAC;IAE/C,+DAA+D;IAC/D,gBAAgB,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;IAExC,+CAA+C;IAC/C,WAAW,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnC,8CAA8C;IAC9C,IAAI,CAAC,EAAE,UAAU,CAAC;CACnB;AAED,wDAAwD;AACxD,MAAM,WAAW,uBAAuB;IACtC,kCAAkC;IAClC,cAAc,EAAE,MAAM,CAAC;IAEvB,qCAAqC;IACrC,QAAQ,EAAE,MAAM,CAAC;IAEjB,8CAA8C;IAC9C,IAAI,CAAC,EAAE,UAAU,CAAC;IAElB,8CAA8C;IAC9C,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAED,0DAA0D;AAC1D,MAAM,WAAW,yBAAyB;IACxC,4CAA4C;IAC5C,gBAAgB,EAAE,gBAAgB,CAAC;IAEnC,8CAA8C;IAC9C,IAAI,CAAC,EAAE,UAAU,CAAC;CACnB;AAED,sDAAsD;AACtD,MAAM,WAAW,qBAAqB;IACpC,gEAAgE;IAChE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;;;;;;;;;;;;;;;;OAkBG;IACH,kBAAkB,CAAC,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;CAC5C;AAED,uDAAuD;AACvD,MAAM,WAAW,sBAAsB;IACrC,kDAAkD;IAClD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,gDAAgD;AAChD,MAAM,WAAW,eAAe;IAC9B;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,kDAAkD;AAClD,MAAM,WAAW,iBAAiB;IAChC;;;;OAIG;IACH,YAAY,CAAC,EAAE,OAAO,CAAC;IAEvB;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAID;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,uDAAuD;IACvD,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAEzC,4BAA4B;IAC5B,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE/C,oBAAoB;IACpB,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEnC,6BAA6B;IAC7B,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAEvB;;;;;;OAMG;IACH,KAAK,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACzB;AAID,gEAAgE;AAChE,eAAO,MAAM,yBAAyB,2BAA2B,CAAC;AAElE,yEAAyE;AACzE,eAAO,MAAM,qBAAqB,UAAgC,CAAC;AAEnE;;;GAGG;AACH,eAAO,MAAM,YAAY;IACvB,oDAAoD;;IAGpD,+CAA+C;;IAG/C,4DAA4D;;IAG5D,yDAAyD;;IAGzD;;;;OAIG;;IAGH;;;OAGG;;IAGH;;;;OAIG;;IAGH;;;;;;OAMG;;IAGH;;;;;;OAMG;;IAGH;;;OAGG;;IAGH;;;;;;;OAOG;;CAEK,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@enbox/auth",
|
|
3
|
-
"version": "0.6.
|
|
3
|
+
"version": "0.6.29",
|
|
4
4
|
"description": "Headless authentication and identity management SDK for Enbox",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/esm/index.js",
|
|
@@ -56,7 +56,7 @@
|
|
|
56
56
|
"bun": ">=1.0.0"
|
|
57
57
|
},
|
|
58
58
|
"dependencies": {
|
|
59
|
-
"@enbox/agent": "0.6.
|
|
59
|
+
"@enbox/agent": "0.6.6",
|
|
60
60
|
"@enbox/common": "0.1.0",
|
|
61
61
|
"@enbox/crypto": "0.1.0",
|
|
62
62
|
"@enbox/dids": "0.1.0",
|
package/src/auth-manager.ts
CHANGED
|
@@ -32,10 +32,8 @@ import type {
|
|
|
32
32
|
WalletConnectOptions,
|
|
33
33
|
} from './types.js';
|
|
34
34
|
|
|
35
|
-
import type { DwnDataEncodedRecordsWriteMessage } from '@enbox/agent';
|
|
36
|
-
|
|
37
35
|
import { Convert } from '@enbox/common';
|
|
38
|
-
import { DataStream
|
|
36
|
+
import { DataStream } from '@enbox/dwn-sdk-js';
|
|
39
37
|
import { DwnInterface, DwnPermissionGrant, EnboxUserAgent } from '@enbox/agent';
|
|
40
38
|
|
|
41
39
|
import { AuthEventEmitter } from './events.js';
|
|
@@ -47,7 +45,7 @@ import { normalizeProtocolRequests } from './permissions.js';
|
|
|
47
45
|
import { restoreSession } from './connect/restore.js';
|
|
48
46
|
import { STORAGE_KEYS } from './types.js';
|
|
49
47
|
import { walletConnect } from './connect/wallet.js';
|
|
50
|
-
import { ensureVaultReady, finalizeDelegateSession, importDelegateAndSetupSync, resolveIdentityDids, resolvePassword, startSyncIfEnabled } from './connect/lifecycle.js';
|
|
48
|
+
import { deriveActiveSyncScope, ensureVaultReady, finalizeDelegateSession, importDelegateAndSetupSync, resolveIdentityDids, resolvePassword, startSyncIfEnabled, toSyncIdentityProtocols } from './connect/lifecycle.js';
|
|
51
49
|
import { importFromPhrase, importFromPortable } from './connect/import.js';
|
|
52
50
|
|
|
53
51
|
/**
|
|
@@ -84,21 +82,21 @@ import { importFromPhrase, importFromPortable } from './connect/import.js';
|
|
|
84
82
|
* ```
|
|
85
83
|
*/
|
|
86
84
|
export class AuthManager {
|
|
87
|
-
private _userAgent: EnboxUserAgent;
|
|
88
|
-
private _emitter: AuthEventEmitter;
|
|
89
|
-
private _storage: StorageAdapter;
|
|
85
|
+
private readonly _userAgent: EnboxUserAgent;
|
|
86
|
+
private readonly _emitter: AuthEventEmitter;
|
|
87
|
+
private readonly _storage: StorageAdapter;
|
|
90
88
|
private _session: AuthSession | undefined;
|
|
91
89
|
private _state: AuthState = 'uninitialized';
|
|
92
90
|
private _isConnecting = false;
|
|
93
91
|
private _isShutDown = false;
|
|
94
92
|
|
|
95
93
|
// Default options from create()
|
|
96
|
-
private _defaultPassword?: string;
|
|
97
|
-
private _passwordProvider?: PasswordProvider;
|
|
98
|
-
private _defaultSync?: SyncOption;
|
|
99
|
-
private _defaultDwnEndpoints?: string[];
|
|
100
|
-
private _registration?: RegistrationOptions;
|
|
101
|
-
private _connectHandler?: ConnectHandler;
|
|
94
|
+
private readonly _defaultPassword?: string;
|
|
95
|
+
private readonly _passwordProvider?: PasswordProvider;
|
|
96
|
+
private readonly _defaultSync?: SyncOption;
|
|
97
|
+
private readonly _defaultDwnEndpoints?: string[];
|
|
98
|
+
private readonly _registration?: RegistrationOptions;
|
|
99
|
+
private readonly _connectHandler?: ConnectHandler;
|
|
102
100
|
|
|
103
101
|
/**
|
|
104
102
|
* The local DWN server endpoint discovered during `create()`, if any.
|
|
@@ -106,7 +104,7 @@ export class AuthManager {
|
|
|
106
104
|
* event listeners are attached, so consumers should check this property
|
|
107
105
|
* after `create()` returns rather than relying solely on events.
|
|
108
106
|
*/
|
|
109
|
-
private _localDwnEndpoint?: string;
|
|
107
|
+
private readonly _localDwnEndpoint?: string;
|
|
110
108
|
|
|
111
109
|
private constructor(params: {
|
|
112
110
|
userAgent: EnboxUserAgent;
|
|
@@ -563,7 +561,7 @@ export class AuthManager {
|
|
|
563
561
|
const sendReply = await this._userAgent.rpc.sendDwnRequest({
|
|
564
562
|
dwnUrl,
|
|
565
563
|
targetDid : connectedDid,
|
|
566
|
-
message : rawMessage
|
|
564
|
+
message : rawMessage,
|
|
567
565
|
data,
|
|
568
566
|
});
|
|
569
567
|
if (sendReply?.status?.code === 202 || sendReply?.status?.code === 409) {
|
|
@@ -604,6 +602,13 @@ export class AuthManager {
|
|
|
604
602
|
// Nuclear wipe: clear all persisted auth data.
|
|
605
603
|
await this._storage.clear();
|
|
606
604
|
|
|
605
|
+
// Wipe all secrets from the vault-backed SecretStore.
|
|
606
|
+
await Promise.all([
|
|
607
|
+
this._userAgent.secrets.delete(STORAGE_KEYS.DELEGATE_DECRYPTION_KEYS).catch(() => {}),
|
|
608
|
+
this._userAgent.secrets.delete(STORAGE_KEYS.DELEGATE_CONTEXT_KEYS).catch(() => {}),
|
|
609
|
+
this._userAgent.secrets.delete(STORAGE_KEYS.REGISTRATION_TOKENS).catch(() => {}),
|
|
610
|
+
]);
|
|
611
|
+
|
|
607
612
|
// Also clear non-prefixed localStorage and IndexedDB (browser).
|
|
608
613
|
if (typeof globalThis.localStorage !== 'undefined') {
|
|
609
614
|
globalThis.localStorage.clear();
|
|
@@ -623,14 +628,19 @@ export class AuthManager {
|
|
|
623
628
|
} else {
|
|
624
629
|
// Clean disconnect: ALWAYS clear all session markers regardless
|
|
625
630
|
// of revocation outcome. Retry context is independent (step below).
|
|
626
|
-
|
|
627
|
-
await
|
|
628
|
-
|
|
629
|
-
|
|
630
|
-
|
|
631
|
-
|
|
632
|
-
|
|
633
|
-
|
|
631
|
+
// Delegate keys are removed from both SecretStore and legacy StorageAdapter.
|
|
632
|
+
await Promise.all([
|
|
633
|
+
this._storage.remove(STORAGE_KEYS.PREVIOUSLY_CONNECTED),
|
|
634
|
+
this._storage.remove(STORAGE_KEYS.ACTIVE_IDENTITY),
|
|
635
|
+
this._storage.remove(STORAGE_KEYS.DELEGATE_DID),
|
|
636
|
+
this._storage.remove(STORAGE_KEYS.CONNECTED_DID),
|
|
637
|
+
this._storage.remove(STORAGE_KEYS.DELEGATE_DECRYPTION_KEYS),
|
|
638
|
+
this._storage.remove(STORAGE_KEYS.DELEGATE_CONTEXT_KEYS),
|
|
639
|
+
this._storage.remove(STORAGE_KEYS.DELEGATE_MULTI_PARTY_PROTOCOLS),
|
|
640
|
+
this._storage.remove(STORAGE_KEYS.SESSION_REVOCATIONS),
|
|
641
|
+
this._userAgent.secrets.delete(STORAGE_KEYS.DELEGATE_DECRYPTION_KEYS).catch(() => {}),
|
|
642
|
+
this._userAgent.secrets.delete(STORAGE_KEYS.DELEGATE_CONTEXT_KEYS).catch(() => {}),
|
|
643
|
+
]);
|
|
634
644
|
}
|
|
635
645
|
|
|
636
646
|
// Update retry context — but NOT after a nuclear wipe.
|
|
@@ -811,16 +821,16 @@ export class AuthManager {
|
|
|
811
821
|
connectedDid : identity.metadata.connectedDid,
|
|
812
822
|
};
|
|
813
823
|
|
|
814
|
-
//
|
|
815
|
-
|
|
816
|
-
|
|
817
|
-
|
|
818
|
-
|
|
819
|
-
|
|
824
|
+
// Always repair the sync registration regardless of sync state — a stale
|
|
825
|
+
// registration persists on disk and would take effect when sync is later
|
|
826
|
+
// enabled. This matches restoreSession()'s behavior.
|
|
827
|
+
const derivedProtocols = delegateDid
|
|
828
|
+
? await this._deriveProtocolsFromGrants(delegateDid)
|
|
829
|
+
: undefined;
|
|
820
830
|
|
|
821
|
-
|
|
822
|
-
|
|
823
|
-
|
|
831
|
+
await this._repairSyncRegistration(connectedDid, delegateDid, derivedProtocols);
|
|
832
|
+
|
|
833
|
+
await startSyncIfEnabled(this._userAgent, this._defaultSync);
|
|
824
834
|
|
|
825
835
|
this._session = new AuthSession({
|
|
826
836
|
agent : this._userAgent,
|
|
@@ -1065,8 +1075,21 @@ export class AuthManager {
|
|
|
1065
1075
|
this._guardConcurrency();
|
|
1066
1076
|
this._isConnecting = true;
|
|
1067
1077
|
|
|
1078
|
+
// Capture the previous session's delegate DID so we can clear only
|
|
1079
|
+
// its in-memory keys after the new connect succeeds.
|
|
1080
|
+
const previousDelegateDid = this._session?.delegateDid;
|
|
1081
|
+
|
|
1068
1082
|
try {
|
|
1069
1083
|
const session = await fn();
|
|
1084
|
+
|
|
1085
|
+
// Clear in-memory delegate caches scoped to the previous session
|
|
1086
|
+
// AFTER the new connect succeeds. Skip if the new session uses the
|
|
1087
|
+
// same delegate DID — the connect flow already loaded fresh keys and
|
|
1088
|
+
// clearing would wipe them.
|
|
1089
|
+
if (previousDelegateDid && previousDelegateDid !== session.delegateDid) {
|
|
1090
|
+
this._userAgent.dwn.clearDelegateDecryptionKeys(previousDelegateDid);
|
|
1091
|
+
}
|
|
1092
|
+
|
|
1070
1093
|
this._session = session;
|
|
1071
1094
|
this._setState('connected');
|
|
1072
1095
|
return session;
|
|
@@ -1076,38 +1099,19 @@ export class AuthManager {
|
|
|
1076
1099
|
}
|
|
1077
1100
|
|
|
1078
1101
|
/**
|
|
1079
|
-
* Derive the
|
|
1080
|
-
*
|
|
1102
|
+
* Derive the sync scope for a delegate by querying stored grants and
|
|
1103
|
+
* revocations.
|
|
1104
|
+
*
|
|
1105
|
+
* Returns `'all'` when any active `Messages.Read` grant is unscoped
|
|
1106
|
+
* (authorizing a full replica), otherwise a deduplicated array of
|
|
1107
|
+
* protocol URIs derived from scoped `Messages.Read` grants. The DWN
|
|
1108
|
+
* permissions protocol itself is excluded because grant records are
|
|
1109
|
+
* imported locally during connect rather than replicated via sync.
|
|
1081
1110
|
*
|
|
1082
|
-
*
|
|
1083
|
-
* permissions protocol itself (the delegate doesn't need to sync
|
|
1084
|
-
* grant records — they're imported locally during the connect flow).
|
|
1111
|
+
* Delegates to {@link deriveActiveSyncScope}.
|
|
1085
1112
|
*/
|
|
1086
|
-
private async _deriveProtocolsFromGrants(delegateDid: string): Promise<string[]> {
|
|
1087
|
-
|
|
1088
|
-
author : delegateDid,
|
|
1089
|
-
target : delegateDid,
|
|
1090
|
-
messageType : DwnInterface.RecordsQuery,
|
|
1091
|
-
messageParams : {
|
|
1092
|
-
filter: {
|
|
1093
|
-
protocol : PermissionsProtocol.uri,
|
|
1094
|
-
protocolPath : PermissionsProtocol.grantPath,
|
|
1095
|
-
},
|
|
1096
|
-
},
|
|
1097
|
-
});
|
|
1098
|
-
|
|
1099
|
-
const protocols: string[] = [];
|
|
1100
|
-
if (response.reply.status.code === 200 && response.reply.entries) {
|
|
1101
|
-
for (const entry of response.reply.entries as DwnDataEncodedRecordsWriteMessage[]) {
|
|
1102
|
-
const grant = DwnPermissionGrant.parse(entry);
|
|
1103
|
-
const scopeProtocol = (grant.scope as any).protocol as string | undefined;
|
|
1104
|
-
if (scopeProtocol && scopeProtocol !== PermissionsProtocol.uri) {
|
|
1105
|
-
protocols.push(scopeProtocol);
|
|
1106
|
-
}
|
|
1107
|
-
}
|
|
1108
|
-
}
|
|
1109
|
-
|
|
1110
|
-
return [...new Set(protocols)];
|
|
1113
|
+
private async _deriveProtocolsFromGrants(delegateDid: string): Promise<'all' | string[]> {
|
|
1114
|
+
return deriveActiveSyncScope(this._userAgent, delegateDid);
|
|
1111
1115
|
}
|
|
1112
1116
|
|
|
1113
1117
|
/**
|
|
@@ -1119,7 +1123,7 @@ export class AuthManager {
|
|
|
1119
1123
|
private async _registerOrUpdateSyncIdentity(
|
|
1120
1124
|
connectedDid: string,
|
|
1121
1125
|
delegateDid: string | undefined,
|
|
1122
|
-
protocols: string[],
|
|
1126
|
+
protocols: 'all' | [string, ...string[]],
|
|
1123
1127
|
): Promise<void> {
|
|
1124
1128
|
const options = { delegateDid, protocols };
|
|
1125
1129
|
try {
|
|
@@ -1134,6 +1138,39 @@ export class AuthManager {
|
|
|
1134
1138
|
}
|
|
1135
1139
|
}
|
|
1136
1140
|
|
|
1141
|
+
/**
|
|
1142
|
+
* Repair the sync registration for a connected DID based on derived protocols.
|
|
1143
|
+
* - `'all'` or non-empty list → register or update
|
|
1144
|
+
* - Empty list (zero grants) for a delegate → unregister stale registration
|
|
1145
|
+
* - Non-delegate with no derived protocols → register with `'all'`
|
|
1146
|
+
*/
|
|
1147
|
+
private async _repairSyncRegistration(
|
|
1148
|
+
connectedDid: string,
|
|
1149
|
+
delegateDid: string | undefined,
|
|
1150
|
+
derivedProtocols: 'all' | string[] | undefined,
|
|
1151
|
+
): Promise<void> {
|
|
1152
|
+
// Only delegates with an explicit zero-grant derivation should be
|
|
1153
|
+
// unregistered. A non-delegate identity defaults to `'all'` when no
|
|
1154
|
+
// derivation was performed.
|
|
1155
|
+
if (delegateDid && derivedProtocols !== undefined) {
|
|
1156
|
+
const narrowed = toSyncIdentityProtocols(derivedProtocols);
|
|
1157
|
+
if (narrowed === undefined) {
|
|
1158
|
+
try {
|
|
1159
|
+
await this._userAgent.sync.unregisterIdentity(connectedDid);
|
|
1160
|
+
} catch (error: unknown) {
|
|
1161
|
+
const msg = error instanceof Error ? error.message : '';
|
|
1162
|
+
if (!msg.includes('is not registered')) { throw error; }
|
|
1163
|
+
}
|
|
1164
|
+
return;
|
|
1165
|
+
}
|
|
1166
|
+
await this._registerOrUpdateSyncIdentity(connectedDid, delegateDid, narrowed);
|
|
1167
|
+
return;
|
|
1168
|
+
}
|
|
1169
|
+
|
|
1170
|
+
// Non-delegate identity: register with `'all'` (full-replica sync).
|
|
1171
|
+
await this._registerOrUpdateSyncIdentity(connectedDid, delegateDid, 'all');
|
|
1172
|
+
}
|
|
1173
|
+
|
|
1137
1174
|
private _setState(state: AuthState): void {
|
|
1138
1175
|
if (state === this._state) {return;}
|
|
1139
1176
|
const previous = this._state;
|
package/src/connect/import.ts
CHANGED
|
@@ -12,7 +12,7 @@ import type { ImportFromPhraseOptions, ImportFromPortableOptions } from '../type
|
|
|
12
12
|
|
|
13
13
|
import { DEFAULT_DWN_ENDPOINTS } from '../types.js';
|
|
14
14
|
import { registerWithDwnEndpoints } from '../registration.js';
|
|
15
|
-
import { createDefaultIdentity, ensureVaultReady, finalizeSession, resolveIdentityDids, startSyncIfEnabled } from './lifecycle.js';
|
|
15
|
+
import { createDefaultIdentity, ensureVaultReady, finalizeSession, registerSyncScopeForIdentity, resolveIdentityDids, startSyncIfEnabled } from './lifecycle.js';
|
|
16
16
|
|
|
17
17
|
/**
|
|
18
18
|
* Import (or recover) an identity from a BIP-39 recovery phrase.
|
|
@@ -57,22 +57,27 @@ export async function importFromPhrase(
|
|
|
57
57
|
if (ctx.registration) {
|
|
58
58
|
await registerWithDwnEndpoints(
|
|
59
59
|
{
|
|
60
|
-
userAgent
|
|
60
|
+
userAgent : userAgent,
|
|
61
61
|
dwnEndpoints,
|
|
62
|
-
agentDid
|
|
62
|
+
agentDid : userAgent.agentDid.uri,
|
|
63
63
|
connectedDid,
|
|
64
|
-
|
|
64
|
+
secretStore : userAgent.secrets,
|
|
65
|
+
storage : storage,
|
|
65
66
|
},
|
|
66
67
|
ctx.registration,
|
|
67
68
|
);
|
|
68
69
|
}
|
|
69
70
|
|
|
70
|
-
// Register sync
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
71
|
+
// Register sync. For delegate identities, always repair the registration
|
|
72
|
+
// (derive scope from active grants — revoked grants must not remain in a
|
|
73
|
+
// stale registration), regardless of whether the identity was just
|
|
74
|
+
// created or restored from storage. For local identities, register
|
|
75
|
+
// `protocols: 'all'` only on first creation; a pre-existing local
|
|
76
|
+
// identity was already registered during its initial flow.
|
|
77
|
+
if (delegateDid) {
|
|
78
|
+
await registerSyncScopeForIdentity({ userAgent, connectedDid, delegateDid });
|
|
79
|
+
} else if (isNewIdentity && sync !== 'off') {
|
|
80
|
+
await registerSyncScopeForIdentity({ userAgent, connectedDid });
|
|
76
81
|
}
|
|
77
82
|
|
|
78
83
|
// Start sync.
|
|
@@ -115,22 +120,22 @@ export async function importFromPortable(
|
|
|
115
120
|
const dwnEndpoints = ctx.defaultDwnEndpoints ?? DEFAULT_DWN_ENDPOINTS;
|
|
116
121
|
await registerWithDwnEndpoints(
|
|
117
122
|
{
|
|
118
|
-
userAgent
|
|
123
|
+
userAgent : userAgent,
|
|
119
124
|
dwnEndpoints,
|
|
120
|
-
agentDid
|
|
125
|
+
agentDid : userAgent.agentDid.uri,
|
|
121
126
|
connectedDid,
|
|
122
|
-
|
|
127
|
+
secretStore : userAgent.secrets,
|
|
128
|
+
storage : storage,
|
|
123
129
|
},
|
|
124
130
|
ctx.registration,
|
|
125
131
|
);
|
|
126
132
|
}
|
|
127
133
|
|
|
128
|
-
// Register
|
|
129
|
-
if (
|
|
130
|
-
await
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
});
|
|
134
|
+
// Register sync. For delegates, derive scope from grants (not 'all').
|
|
135
|
+
if (delegateDid) {
|
|
136
|
+
await registerSyncScopeForIdentity({ userAgent, connectedDid, delegateDid });
|
|
137
|
+
} else if (sync !== 'off') {
|
|
138
|
+
await registerSyncScopeForIdentity({ userAgent, connectedDid });
|
|
134
139
|
}
|
|
135
140
|
|
|
136
141
|
await startSyncIfEnabled(userAgent, sync);
|