@enbox/auth 0.6.33 → 0.6.35
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/esm/auth-manager.js +34 -16
- package/dist/esm/auth-manager.js.map +1 -1
- package/dist/esm/connect/import.js +52 -24
- package/dist/esm/connect/import.js.map +1 -1
- package/dist/esm/connect/lifecycle.js +2 -2
- package/dist/esm/connect/recovery.js +105 -0
- package/dist/esm/connect/recovery.js.map +1 -0
- package/dist/esm/connect/{local.js → vault.js} +49 -12
- package/dist/esm/connect/vault.js.map +1 -0
- package/dist/esm/index.js +1 -1
- package/dist/esm/types.js.map +1 -1
- package/dist/types/auth-manager.d.ts +26 -12
- package/dist/types/auth-manager.d.ts.map +1 -1
- package/dist/types/connect/import.d.ts +3 -1
- package/dist/types/connect/import.d.ts.map +1 -1
- package/dist/types/connect/lifecycle.d.ts +3 -3
- package/dist/types/connect/recovery.d.ts +50 -0
- package/dist/types/connect/recovery.d.ts.map +1 -0
- package/dist/types/connect/{local.d.ts → vault.d.ts} +12 -6
- package/dist/types/connect/vault.d.ts.map +1 -0
- package/dist/types/index.d.ts +2 -2
- package/dist/types/index.d.ts.map +1 -1
- package/dist/types/types.d.ts +7 -5
- package/dist/types/types.d.ts.map +1 -1
- package/package.json +2 -2
- package/src/auth-manager.ts +35 -18
- package/src/connect/import.ts +58 -28
- package/src/connect/lifecycle.ts +3 -3
- package/src/connect/recovery.ts +111 -0
- package/src/connect/{local.ts → vault.ts} +54 -14
- package/src/index.ts +2 -1
- package/src/types.ts +8 -5
- package/dist/esm/connect/local.js.map +0 -1
- package/dist/types/connect/local.d.ts.map +0 -1
|
@@ -14,7 +14,7 @@
|
|
|
14
14
|
* @module
|
|
15
15
|
*/
|
|
16
16
|
import type { AgentSessionIdentity, HdIdentityVault, PortableIdentity } from '@enbox/agent';
|
|
17
|
-
import type { AuthEvent, AuthEventHandler, AuthManagerOptions, AuthState, ConnectOptions, DisconnectOptions, HeadlessConnectOptions, ImportFromPhraseOptions, ImportFromPortableOptions,
|
|
17
|
+
import type { AuthEvent, AuthEventHandler, AuthManagerOptions, AuthState, ConnectOptions, DisconnectOptions, HeadlessConnectOptions, ImportFromPhraseOptions, ImportFromPortableOptions, RestoreSessionOptions, ShutdownOptions, VaultConnectOptions, WalletConnectOptions } from './types.js';
|
|
18
18
|
import { EnboxUserAgent } from '@enbox/agent';
|
|
19
19
|
import { AuthSession } from './identity-session.js';
|
|
20
20
|
/**
|
|
@@ -128,16 +128,29 @@ export declare class AuthManager {
|
|
|
128
128
|
*/
|
|
129
129
|
connect(options?: ConnectOptions): Promise<AuthSession>;
|
|
130
130
|
/**
|
|
131
|
-
* Create or reconnect a local identity (explicit
|
|
131
|
+
* Create or reconnect a local identity (explicit vault connect).
|
|
132
132
|
*
|
|
133
|
-
* Use this when you explicitly want the
|
|
133
|
+
* Use this when you explicitly want the vault flow, bypassing
|
|
134
134
|
* auto-detection. This is the preferred method for wallet apps.
|
|
135
135
|
*
|
|
136
|
-
* @param options -
|
|
136
|
+
* @param options - Vault connect options.
|
|
137
137
|
* @returns An active AuthSession.
|
|
138
138
|
* @throws If a connection attempt is already in progress.
|
|
139
|
+
* @deprecated Use {@link connectVault} instead. Will be removed in 1.0.
|
|
139
140
|
*/
|
|
140
|
-
connectLocal(options?:
|
|
141
|
+
connectLocal(options?: VaultConnectOptions): Promise<AuthSession>;
|
|
142
|
+
/**
|
|
143
|
+
* Create or reconnect an identity via the local HD vault.
|
|
144
|
+
*
|
|
145
|
+
* Use this when you explicitly want the vault flow, bypassing
|
|
146
|
+
* auto-detection. This is the preferred method for wallet apps
|
|
147
|
+
* and CLI tools that own the identity vault directly.
|
|
148
|
+
*
|
|
149
|
+
* @param options - Vault connect options.
|
|
150
|
+
* @returns An active AuthSession.
|
|
151
|
+
* @throws If a connection attempt is already in progress.
|
|
152
|
+
*/
|
|
153
|
+
connectVault(options?: VaultConnectOptions): Promise<AuthSession>;
|
|
141
154
|
/**
|
|
142
155
|
* Connect to an external wallet via the Enbox Connect relay protocol.
|
|
143
156
|
*
|
|
@@ -303,21 +316,22 @@ export declare class AuthManager {
|
|
|
303
316
|
*/
|
|
304
317
|
get localDwnEndpoint(): string | undefined;
|
|
305
318
|
/**
|
|
306
|
-
* Determine whether the given options indicate a
|
|
319
|
+
* Determine whether the given options indicate a vault connect flow.
|
|
307
320
|
*
|
|
308
321
|
* Handler intent is asserted by the presence of a non-empty `protocols`
|
|
309
322
|
* array OR a non-null `connectHandler`; everything else (including the
|
|
310
323
|
* no-options case, an empty `protocols: []`, and `null` values from JS
|
|
311
|
-
* callers) routes to
|
|
312
|
-
* NOT a handler signal — it carries no permission scopes
|
|
313
|
-
* to authorize, so treating it as handler-flow would
|
|
314
|
-
* "connected" session indistinguishable from a
|
|
324
|
+
* callers) routes to vault connect. An empty `protocols` array is
|
|
325
|
+
* intentionally NOT a handler signal — it carries no permission scopes
|
|
326
|
+
* for the handler to authorize, so treating it as handler-flow would
|
|
327
|
+
* produce a zero-grant "connected" session indistinguishable from a
|
|
328
|
+
* denied connect.
|
|
315
329
|
*
|
|
316
330
|
* Acts as a TypeScript type guard: a `true` return narrows `options` to
|
|
317
|
-
* `
|
|
331
|
+
* `VaultConnectOptions | undefined` at call sites, so the routing in
|
|
318
332
|
* {@link AuthManager.connect} can dispatch without unsafe casts.
|
|
319
333
|
*/
|
|
320
|
-
private
|
|
334
|
+
private _isVaultConnect;
|
|
321
335
|
/**
|
|
322
336
|
* Run a handler-based (delegated) connect flow.
|
|
323
337
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-manager.d.ts","sourceRoot":"","sources":["../../src/auth-manager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAGH,OAAO,KAAK,EAAE,oBAAoB,EAAqD,eAAe,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAI/I,OAAO,KAAK,EACV,SAAS,EACT,gBAAgB,EAChB,kBAAkB,EAClB,SAAS,EAET,cAAc,EACd,iBAAiB,EAEjB,sBAAsB,EACtB,uBAAuB,EACvB,yBAAyB,
|
|
1
|
+
{"version":3,"file":"auth-manager.d.ts","sourceRoot":"","sources":["../../src/auth-manager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAGH,OAAO,KAAK,EAAE,oBAAoB,EAAqD,eAAe,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAI/I,OAAO,KAAK,EACV,SAAS,EACT,gBAAgB,EAChB,kBAAkB,EAClB,SAAS,EAET,cAAc,EACd,iBAAiB,EAEjB,sBAAsB,EACtB,uBAAuB,EACvB,yBAAyB,EAEzB,qBAAqB,EACrB,eAAe,EAGf,mBAAmB,EACnB,oBAAoB,EACrB,MAAM,YAAY,CAAC;AAIpB,OAAO,EAAoC,cAAc,EAAE,MAAM,cAAc,CAAC;AAGhF,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAWpD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAiB;IAC5C,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAmB;IAC5C,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAiB;IAC1C,OAAO,CAAC,QAAQ,CAA0B;IAC1C,OAAO,CAAC,MAAM,CAA8B;IAC5C,OAAO,CAAC,aAAa,CAAS;IAC9B,OAAO,CAAC,WAAW,CAAS;IAG5B,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAS;IAC3C,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAmB;IACtD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAa;IAC3C,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAW;IACjD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAsB;IACrD,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAiB;IAElD;;;;;OAKG;IACH,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAS;IAE5C,OAAO;IAwBP;;;;;;;;;OASG;WACU,MAAM,CAAC,OAAO,GAAE,kBAAuB,GAAG,OAAO,CAAC,WAAW,CAAC;IAoD3E;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA0CG;IACG,OAAO,CAAC,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,WAAW,CAAC;IAiB7D;;;;;;;;;;OAUG;IACG,YAAY,CAAC,OAAO,CAAC,EAAE,mBAAmB,GAAG,OAAO,CAAC,WAAW,CAAC;IAIvE;;;;;;;;;;OAUG;IACG,YAAY,CAAC,OAAO,CAAC,EAAE,mBAAmB,GAAG,OAAO,CAAC,WAAW,CAAC;IAIvE;;;;;;;;;;OAUG;IACG,aAAa,CAAC,OAAO,EAAE,oBAAoB,GAAG,OAAO,CAAC,WAAW,CAAC;IAIxE;;;;;OAKG;IACG,gBAAgB,CAAC,OAAO,EAAE,uBAAuB,GAAG,OAAO,CAAC,WAAW,CAAC;IAI9E;;;;OAIG;IACG,kBAAkB,CAAC,OAAO,EAAE,yBAAyB,GAAG,OAAO,CAAC,WAAW,CAAC;IAIlF;;;;;OAKG;IACG,cAAc,CAAC,OAAO,CAAC,EAAE,qBAAqB,GAAG,OAAO,CAAC,WAAW,GAAG,SAAS,CAAC;IAkBvF;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACG,eAAe,CAAC,OAAO,CAAC,EAAE,sBAAsB,GAAG,OAAO,CAAC,WAAW,CAAC;IA+D7E,mEAAmE;IACnE,IAAI,OAAO,IAAI,WAAW,GAAG,SAAS,CAErC;IAED;;;;;;;;;;;;OAYG;IACG,IAAI,CAAC,OAAO,GAAE;QAAE,OAAO,CAAC,EAAE,MAAM,CAAA;KAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAuB7D;;;;;;;OAOG;IACG,UAAU,CAAC,OAAO,GAAE,iBAAsB,GAAG,OAAO,CAAC,IAAI,CAAC;IAiQhE;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACG,QAAQ,CAAC,OAAO,GAAE,eAAoB,GAAG,OAAO,CAAC,IAAI,CAAC;IAsD5D;;;;;OAKG;IACG,cAAc,IAAI,OAAO,CAAC,oBAAoB,EAAE,CAAC;IASvD;;;;;OAKG;IACG,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAkD1D;;;;;;OAMG;IACG,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA0BnD;;;;;OAKG;IACG,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAM/D,8EAA8E;IAC9E,IAAI,KAAK,IAAI,eAAe,CAE3B;IAID;;;;;;OAMG;IACH,EAAE,CAAC,CAAC,SAAS,SAAS,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,gBAAgB,CAAC,CAAC,CAAC,GAAG,MAAM,IAAI;IAM3E,8BAA8B;IAC9B,IAAI,KAAK,IAAI,SAAS,CAErB;IAED,wCAAwC;IACxC,IAAI,WAAW,IAAI,OAAO,CAEzB;IAED,6CAA6C;IAC7C,IAAI,QAAQ,IAAI,OAAO,CAEtB;IAED,mDAAmD;IACnD,IAAI,YAAY,IAAI,OAAO,CAE1B;IAED,0DAA0D;IAC1D,IAAI,KAAK,IAAI,cAAc,CAE1B;IAED;;;;;;OAMG;IACH,IAAI,gBAAgB,IAAI,MAAM,GAAG,SAAS,CAEzC;IAID;;;;;;;;;;;;;;;OAeG;IACH,OAAO,CAAC,eAAe;IAOvB;;;;;;;;;;;;OAYG;YACW,eAAe;IA6D7B;;;;;;OAMG;IACH,OAAO,CAAC,YAAY;IAapB;;;;;;;;;;OAUG;YACW,YAAY;IA4B1B;;;;;;;;;;;OAWG;YACW,0BAA0B;IAIxC;;;;;OAKG;YACW,6BAA6B;IAkB3C;;;;;OAKG;YACW,uBAAuB;IA2BrC,OAAO,CAAC,SAAS;IAOjB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,cAAc;CAQvB"}
|
|
@@ -12,7 +12,9 @@ import type { ImportFromPhraseOptions, ImportFromPortableOptions } from '../type
|
|
|
12
12
|
* Import (or recover) an identity from a BIP-39 recovery phrase.
|
|
13
13
|
*
|
|
14
14
|
* This re-initializes the vault with the given phrase and password,
|
|
15
|
-
* recovering the agent DID and all derived keys.
|
|
15
|
+
* recovering the agent DID and all derived keys. If the recovery phrase
|
|
16
|
+
* was previously used to create identities, they are pulled from the
|
|
17
|
+
* remote DWN. Otherwise a new default identity is created.
|
|
16
18
|
*/
|
|
17
19
|
export declare function importFromPhrase(ctx: FlowContext, options: ImportFromPhraseOptions): Promise<AuthSession>;
|
|
18
20
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"import.d.ts","sourceRoot":"","sources":["../../../src/connect/import.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,KAAK,EAAE,uBAAuB,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"import.d.ts","sourceRoot":"","sources":["../../../src/connect/import.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,KAAK,EAAE,uBAAuB,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAC;AAOtF;;;;;;;GAOG;AACH,wBAAsB,gBAAgB,CACpC,GAAG,EAAE,WAAW,EAChB,OAAO,EAAE,uBAAuB,GAC/B,OAAO,CAAC,WAAW,CAAC,CAiGtB;AAED;;;;;GAKG;AACH,wBAAsB,kBAAkB,CACtC,GAAG,EAAE,WAAW,EAChB,OAAO,EAAE,yBAAyB,GACjC,OAAO,CAAC,WAAW,CAAC,CA8CtB"}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Shared helpers for connect flows.
|
|
3
3
|
*
|
|
4
|
-
* Consolidates duplicated logic across `
|
|
4
|
+
* Consolidates duplicated logic across `vault-connect`, `session-restore`,
|
|
5
5
|
* `wallet-connect`, and `import-identity` flows:
|
|
6
6
|
*
|
|
7
7
|
* - Password resolution chain
|
|
@@ -23,7 +23,7 @@ import { AuthSession } from '../identity-session.js';
|
|
|
23
23
|
/**
|
|
24
24
|
* Unified context passed from `AuthManager` to every connect flow.
|
|
25
25
|
*
|
|
26
|
-
* Replaces the per-flow `
|
|
26
|
+
* Replaces the per-flow `VaultConnectContext`, `SessionRestoreContext`,
|
|
27
27
|
* `WalletConnectContext`, and `ImportContext` interfaces. All fields are
|
|
28
28
|
* optional beyond the core triple (`userAgent`, `emitter`, `storage`) so
|
|
29
29
|
* flows only consume what they need.
|
|
@@ -95,7 +95,7 @@ export declare function startSyncIfEnabled(userAgent: EnboxUserAgent, sync: Sync
|
|
|
95
95
|
* encryption keys, and a DWN service endpoint.
|
|
96
96
|
*
|
|
97
97
|
* This consolidates the identical identity creation block that was
|
|
98
|
-
* duplicated in `
|
|
98
|
+
* duplicated in `vaultConnect` and `importFromPhrase`.
|
|
99
99
|
*
|
|
100
100
|
* @internal
|
|
101
101
|
*/
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Seed phrase recovery helpers.
|
|
3
|
+
*
|
|
4
|
+
* When a vault is re-derived from a recovery phrase on a new device,
|
|
5
|
+
* the local DWN is empty. This module provides the building blocks
|
|
6
|
+
* for pulling identity metadata, keys, and user data from the remote
|
|
7
|
+
* DWN in a controlled two-phase sequence.
|
|
8
|
+
*
|
|
9
|
+
* @module
|
|
10
|
+
* @internal
|
|
11
|
+
*/
|
|
12
|
+
import type { BearerIdentity, EnboxUserAgent } from '@enbox/agent';
|
|
13
|
+
import type { RegistrationOptions, StorageAdapter } from '../types.js';
|
|
14
|
+
/**
|
|
15
|
+
* Internal protocols that store recovery-critical data in the agent DID's DWN.
|
|
16
|
+
* Syncing these ensures that seed phrase recovery can pull identity metadata,
|
|
17
|
+
* portable DIDs, and encrypted private keys from the remote.
|
|
18
|
+
*/
|
|
19
|
+
export declare const AGENT_DID_SYNC_PROTOCOLS: [string, ...string[]];
|
|
20
|
+
/**
|
|
21
|
+
* Register the agent DID for sync with the recovery-critical protocols.
|
|
22
|
+
*
|
|
23
|
+
* This is a prerequisite for both normal operation (pushing identity
|
|
24
|
+
* metadata to the remote) and seed phrase recovery (pulling it back).
|
|
25
|
+
* Silently succeeds if the agent DID is already registered.
|
|
26
|
+
*/
|
|
27
|
+
export declare function registerAgentDidForSync(userAgent: EnboxUserAgent): Promise<void>;
|
|
28
|
+
/**
|
|
29
|
+
* Recover identities and their data from remote DWN endpoints.
|
|
30
|
+
*
|
|
31
|
+
* Assumes the agent DID is already registered for sync (via
|
|
32
|
+
* {@link registerAgentDidForSync}) and as a DWN tenant.
|
|
33
|
+
*
|
|
34
|
+
* Phase 1 — pull identity metadata and DID private keys stored in the
|
|
35
|
+
* agent DID's DWN.
|
|
36
|
+
*
|
|
37
|
+
* Phase 2 — register each recovered identity DID as a tenant and for
|
|
38
|
+
* sync, then pull their profile data, protocol configurations, and
|
|
39
|
+
* records.
|
|
40
|
+
*
|
|
41
|
+
* Returns the recovered identities, or an empty array if the remote
|
|
42
|
+
* had nothing (e.g. first-ever setup with a pre-generated phrase).
|
|
43
|
+
*/
|
|
44
|
+
export declare function recoverIdentitiesFromRemote(params: {
|
|
45
|
+
userAgent: EnboxUserAgent;
|
|
46
|
+
dwnEndpoints: string[];
|
|
47
|
+
registration?: RegistrationOptions;
|
|
48
|
+
storage: StorageAdapter;
|
|
49
|
+
}): Promise<BearerIdentity[]>;
|
|
50
|
+
//# sourceMappingURL=recovery.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"recovery.d.ts","sourceRoot":"","sources":["../../../src/connect/recovery.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAInE,OAAO,KAAK,EAAE,mBAAmB,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAIvE;;;;GAIG;AACH,eAAO,MAAM,wBAAwB,EAAE,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAG1D,CAAC;AAEF;;;;;;GAMG;AACH,wBAAsB,uBAAuB,CAAC,SAAS,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CAStF;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAsB,2BAA2B,CAAC,MAAM,EAAE;IACxD,SAAS,EAAE,cAAc,CAAC;IAC1B,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,YAAY,CAAC,EAAE,mBAAmB,CAAC;IACnC,OAAO,EAAE,cAAc,CAAC;CACzB,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC,CAyC5B"}
|
|
@@ -1,23 +1,29 @@
|
|
|
1
1
|
/**
|
|
2
|
-
*
|
|
2
|
+
* Vault connect flow.
|
|
3
3
|
*
|
|
4
4
|
* Creates or reconnects a local identity with vault-protected keys.
|
|
5
|
-
*
|
|
5
|
+
* Used by wallets and CLI tools that own the HD identity vault directly
|
|
6
|
+
* (as opposed to handler-based connect, which delegates credential
|
|
7
|
+
* acquisition to an external wallet).
|
|
8
|
+
*
|
|
6
9
|
* @module
|
|
7
10
|
*/
|
|
8
11
|
import type { AuthSession } from '../identity-session.js';
|
|
9
12
|
import type { FlowContext } from './lifecycle.js';
|
|
10
|
-
import type {
|
|
13
|
+
import type { VaultConnectOptions } from '../types.js';
|
|
11
14
|
/**
|
|
12
|
-
* Execute the
|
|
15
|
+
* Execute the vault connect flow.
|
|
13
16
|
*
|
|
14
17
|
* - On first launch: initializes the vault. Identity creation is opt-in via
|
|
15
18
|
* `options.createIdentity: true`.
|
|
16
19
|
* - On subsequent launches: unlocks the vault and reconnects to the existing identity.
|
|
20
|
+
* - On recovery: when `recoveryPhrase` is provided on a fresh vault, pulls
|
|
21
|
+
* identities and their data from the remote DWN before falling back to
|
|
22
|
+
* identity creation.
|
|
17
23
|
*
|
|
18
24
|
* When no identities exist and `createIdentity` is not `true`, the session
|
|
19
25
|
* is returned with the **agent DID** as the connected DID. This allows apps to
|
|
20
26
|
* manage identity creation separately from vault setup.
|
|
21
27
|
*/
|
|
22
|
-
export declare function
|
|
23
|
-
//# sourceMappingURL=
|
|
28
|
+
export declare function vaultConnect(ctx: FlowContext, options?: VaultConnectOptions): Promise<AuthSession>;
|
|
29
|
+
//# sourceMappingURL=vault.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"vault.d.ts","sourceRoot":"","sources":["../../../src/connect/vault.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAQvD;;;;;;;;;;;;;GAaG;AACH,wBAAsB,YAAY,CAChC,GAAG,EAAE,WAAW,EAChB,OAAO,GAAE,mBAAwB,GAChC,OAAO,CAAC,WAAW,CAAC,CAsHtB"}
|
package/dist/types/index.d.ts
CHANGED
|
@@ -10,7 +10,7 @@
|
|
|
10
10
|
* import { AuthManager } from '@enbox/auth';
|
|
11
11
|
*
|
|
12
12
|
* const auth = await AuthManager.create({ sync: '15s' });
|
|
13
|
-
* const session = await auth.
|
|
13
|
+
* const session = await auth.connectVault({ password: userPin });
|
|
14
14
|
* ```
|
|
15
15
|
*
|
|
16
16
|
* @example Dapp with browser connect handler
|
|
@@ -41,5 +41,5 @@ export { applyLocalDwnDiscovery, checkUrlForDwnDiscoveryPayload, clearLocalDwnEn
|
|
|
41
41
|
export { BrowserStorage, LevelStorage, MemoryStorage, createDefaultStorage } from './storage/storage.js';
|
|
42
42
|
export { retryOrphanedRevocations } from './connect/restore.js';
|
|
43
43
|
export { STORAGE_KEYS } from './types.js';
|
|
44
|
-
export type { AuthEvent, AuthEventHandler, AuthEventMap, AuthManagerOptions, AuthSessionInfo, AuthState, ConnectHandler, ConnectOptions, ConnectPermissionRequest, ConnectResult, DisconnectOptions, HandlerConnectOptions, HeadlessConnectOptions, IdentityInfo, IdentityVaultBackup, ImportFromPhraseOptions, ImportFromPortableOptions, LocalConnectOptions, LocalDwnStrategy, Permission, PortableIdentity, ProtocolRequest, ProviderAuthParams, ProviderAuthResult, RegistrationOptions, RegistrationTokenData, RestoreSessionOptions, ShutdownOptions, StorageAdapter, SyncOption, WalletConnectOptions, } from './types.js';
|
|
44
|
+
export type { AuthEvent, AuthEventHandler, AuthEventMap, AuthManagerOptions, AuthSessionInfo, AuthState, ConnectHandler, ConnectOptions, ConnectPermissionRequest, ConnectResult, DisconnectOptions, HandlerConnectOptions, HeadlessConnectOptions, IdentityInfo, IdentityVaultBackup, ImportFromPhraseOptions, ImportFromPortableOptions, LocalConnectOptions, LocalDwnStrategy, VaultConnectOptions, Permission, PortableIdentity, ProtocolRequest, ProviderAuthParams, ProviderAuthResult, RegistrationOptions, RegistrationTokenData, RestoreSessionOptions, ShutdownOptions, StorageAdapter, SyncOption, WalletConnectOptions, } from './types.js';
|
|
45
45
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAGH,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAG/C,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,YAAY,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAI9D,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAG/D,OAAO,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAC7D,OAAO,EAAE,yBAAyB,EAAE,MAAM,kBAAkB,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAC3D,YAAY,EAAE,yBAAyB,EAAE,0BAA0B,EAAE,MAAM,4BAA4B,CAAC;AAGxG,OAAO,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAG/E,OAAO,EACL,sBAAsB,EACtB,8BAA8B,EAC9B,qBAAqB,EACrB,gBAAgB,EAChB,uBAAuB,EACvB,wBAAwB,EACxB,uBAAuB,GACxB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAGzG,OAAO,EAAE,wBAAwB,EAAE,MAAM,sBAAsB,CAAC;AAGhE,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAG1C,YAAY,EACV,SAAS,EACT,gBAAgB,EAChB,YAAY,EACZ,kBAAkB,EAClB,eAAe,EACf,SAAS,EACT,cAAc,EACd,cAAc,EACd,wBAAwB,EACxB,aAAa,EACb,iBAAiB,EACjB,qBAAqB,EACrB,sBAAsB,EACtB,YAAY,EACZ,mBAAmB,EACnB,uBAAuB,EACvB,yBAAyB,EACzB,mBAAmB,EACnB,gBAAgB,EAChB,UAAU,EACV,gBAAgB,EAChB,eAAe,EACf,kBAAkB,EAClB,kBAAkB,EAClB,mBAAmB,EACnB,qBAAqB,EACrB,qBAAqB,EACrB,eAAe,EACf,cAAc,EACd,UAAU,EACV,oBAAoB,GACrB,MAAM,YAAY,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAGH,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAG/C,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,YAAY,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAI9D,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAG/D,OAAO,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAC7D,OAAO,EAAE,yBAAyB,EAAE,MAAM,kBAAkB,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAC3D,YAAY,EAAE,yBAAyB,EAAE,0BAA0B,EAAE,MAAM,4BAA4B,CAAC;AAGxG,OAAO,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAG/E,OAAO,EACL,sBAAsB,EACtB,8BAA8B,EAC9B,qBAAqB,EACrB,gBAAgB,EAChB,uBAAuB,EACvB,wBAAwB,EACxB,uBAAuB,GACxB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAGzG,OAAO,EAAE,wBAAwB,EAAE,MAAM,sBAAsB,CAAC;AAGhE,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAG1C,YAAY,EACV,SAAS,EACT,gBAAgB,EAChB,YAAY,EACZ,kBAAkB,EAClB,eAAe,EACf,SAAS,EACT,cAAc,EACd,cAAc,EACd,wBAAwB,EACxB,aAAa,EACb,iBAAiB,EACjB,qBAAqB,EACrB,sBAAsB,EACtB,YAAY,EACZ,mBAAmB,EACnB,uBAAuB,EACvB,yBAAyB,EACzB,mBAAmB,EACnB,gBAAgB,EAChB,mBAAmB,EACnB,UAAU,EACV,gBAAgB,EAChB,eAAe,EACf,kBAAkB,EAClB,kBAAkB,EAClB,mBAAmB,EACnB,qBAAqB,EACrB,qBAAqB,EACrB,eAAe,EACf,cAAc,EACd,UAAU,EACV,oBAAoB,GACrB,MAAM,YAAY,CAAC"}
|
package/dist/types/types.d.ts
CHANGED
|
@@ -328,7 +328,7 @@ export interface AuthManagerOptions {
|
|
|
328
328
|
* Default connect handler for delegated connect flows.
|
|
329
329
|
*
|
|
330
330
|
* Used by `connect()` when the caller provides `protocols` (or other
|
|
331
|
-
* non-
|
|
331
|
+
* non-vault-connect options) but does not pass a per-call handler.
|
|
332
332
|
*
|
|
333
333
|
* @example
|
|
334
334
|
* ```ts
|
|
@@ -344,8 +344,8 @@ export interface AuthManagerOptions {
|
|
|
344
344
|
*/
|
|
345
345
|
connectHandler?: ConnectHandler;
|
|
346
346
|
}
|
|
347
|
-
/** Options for {@link AuthManager.
|
|
348
|
-
export interface
|
|
347
|
+
/** Options for {@link AuthManager.connectVault}. */
|
|
348
|
+
export interface VaultConnectOptions {
|
|
349
349
|
/** Vault password (overrides manager default). */
|
|
350
350
|
password?: string;
|
|
351
351
|
/** Re-derive identity from an existing BIP-39 recovery phrase. */
|
|
@@ -376,6 +376,8 @@ export interface LocalConnectOptions {
|
|
|
376
376
|
*/
|
|
377
377
|
createIdentity?: boolean;
|
|
378
378
|
}
|
|
379
|
+
/** @deprecated Use {@link VaultConnectOptions} instead. */
|
|
380
|
+
export type LocalConnectOptions = VaultConnectOptions;
|
|
379
381
|
/**
|
|
380
382
|
* A protocol permission request in simplified form.
|
|
381
383
|
*
|
|
@@ -443,14 +445,14 @@ export interface HandlerConnectOptions {
|
|
|
443
445
|
* `connectHandler` is provided. Delegates to the connect handler
|
|
444
446
|
* for credential acquisition.
|
|
445
447
|
*
|
|
446
|
-
* - **
|
|
448
|
+
* - **Vault connect** (wallets / CLI): triggered when `password`,
|
|
447
449
|
* `createIdentity`, or `recoveryPhrase` is provided.
|
|
448
450
|
*
|
|
449
451
|
* In both cases, `connect()` first attempts to restore a previous session
|
|
450
452
|
* from storage. If a valid session exists, it is returned immediately
|
|
451
453
|
* without any user interaction.
|
|
452
454
|
*/
|
|
453
|
-
export type ConnectOptions = HandlerConnectOptions |
|
|
455
|
+
export type ConnectOptions = HandlerConnectOptions | VaultConnectOptions;
|
|
454
456
|
/** Options for {@link AuthManager.walletConnect}. */
|
|
455
457
|
export interface WalletConnectOptions {
|
|
456
458
|
/** Display name shown in the wallet during the connect flow. */
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,KAAK,EAAE,oBAAoB,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,iCAAiC,EAAE,qBAAqB,EAAE,cAAc,EAAE,eAAe,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAE7P,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAG/D,YAAY,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGlL,YAAY,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAInD;;;;;;;GAOG;AACH,MAAM,MAAM,UAAU,GAAG,KAAK,GAAG,GAAG,MAAM,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,EAAE,CAAC;AAI/D;;;;;;;;;GASG;AACH,MAAM,MAAM,SAAS,GACjB,eAAe,GACf,QAAQ,GACR,UAAU,GACV,WAAW,CAAC;AAIhB,mDAAmD;AACnD,MAAM,MAAM,SAAS,GACjB,cAAc,GACd,eAAe,GACf,aAAa,GACb,gBAAgB,GAChB,kBAAkB,GAClB,cAAc,GACd,gBAAgB,GAChB,qBAAqB,GACrB,uBAAuB,CAAC;AAE5B,wDAAwD;AACxD,MAAM,WAAW,YAAY;IAC3B,cAAc,EAAE;QAAE,QAAQ,EAAE,SAAS,CAAC;QAAC,OAAO,EAAE,SAAS,CAAA;KAAE,CAAC;IAC5D,eAAe,EAAE;QAAE,OAAO,EAAE,eAAe,CAAA;KAAE,CAAC;IAC9C,aAAa,EAAE;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;IAC/B,gBAAgB,EAAE;QAAE,QAAQ,EAAE,YAAY,CAAA;KAAE,CAAC;IAC7C,kBAAkB,EAAE;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IACvC,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IACtC,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IACxC,mEAAmE;IACnE,qBAAqB,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC;IAC5C,6GAA6G;IAC7G,uBAAuB,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;CAChD;AAED,sDAAsD;AACtD,MAAM,MAAM,gBAAgB,CAAC,CAAC,SAAS,SAAS,GAAG,SAAS,IAC1D,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC;AAIrC;;;;;;;GAOG;AACH,MAAM,MAAM,YAAY,GAAG,oBAAoB,CAAC;AAEhD,+DAA+D;AAC/D,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,YAAY,CAAC;CACxB;AAID,gEAAgE;AAChE,MAAM,WAAW,kBAAkB;IACjC,+EAA+E;IAC/E,YAAY,EAAE,MAAM,CAAC;IACrB,6DAA6D;IAC7D,WAAW,EAAE,MAAM,CAAC;IACpB,4EAA4E;IAC5E,KAAK,EAAE,MAAM,CAAC;CACf;AAED,yEAAyE;AACzE,MAAM,WAAW,kBAAkB;IACjC,uDAAuD;IACvD,IAAI,EAAE,MAAM,CAAC;IACb,sEAAsE;IACtE,KAAK,EAAE,MAAM,CAAC;CACf;AAED,4DAA4D;AAC5D,MAAM,WAAW,qBAAqB;IACpC,wDAAwD;IACxD,iBAAiB,EAAE,MAAM,CAAC;IAC1B,2DAA2D;IAC3D,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,6EAA6E;IAC7E,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gEAAgE;IAChE,QAAQ,EAAE,MAAM,CAAC;IACjB,yDAAyD;IACzD,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAID;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,mBAAmB;IAClC,+DAA+D;IAC/D,SAAS,EAAE,MAAM,IAAI,CAAC;IAEtB,8CAA8C;IAC9C,SAAS,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,IAAI,CAAC;IAEpC;;;;;;OAMG;IACH,sBAAsB,CAAC,EAAE,CAAC,MAAM,EAAE,kBAAkB,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAErF;;;;;;;;OAQG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC;IAE3D;;;;;;;;;;OAUG;IACH,oBAAoB,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,qBAAqB,CAAC,KAAK,IAAI,CAAC;IAE/E;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACH,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAID;;;;;;GAMG;AACH,MAAM,WAAW,aAAa;IAC5B,yDAAyD;IACzD,mBAAmB,EAAE,WAAW,CAAC;IAEjC,qDAAqD;IACrD,cAAc,EAAE,iCAAiC,EAAE,CAAC;IAEpD,0EAA0E;IAC1E,YAAY,EAAE,MAAM,CAAC;IAErB;;;;;;OAMG;IACH,sBAAsB,CAAC,EAAE,qBAAqB,EAAE,CAAC;IAEjD;;;OAGG;IACH,mBAAmB,CAAC,EAAE,kBAAkB,EAAE,CAAC;IAE3C;;;OAGG;IACH,2BAA2B,CAAC,EAAE,MAAM,EAAE,CAAC;IAEvC,qFAAqF;IACrF,kBAAkB,CAAC,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;CACvE;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,WAAW,cAAc;IAC7B;;;;;OAKG;IACH,aAAa,CAAC,MAAM,EAAE;QACpB,kBAAkB,EAAE,wBAAwB,EAAE,CAAC;KAChD,GAAG,OAAO,CAAC,aAAa,GAAG,SAAS,CAAC,CAAC;CACxC;AAED,8CAA8C;AAC9C,MAAM,WAAW,kBAAkB;IACjC;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,EAAE,cAAc,CAAC;IAEvB;;;;OAIG;IACH,UAAU,CAAC,EAAE,eAAe,CAAC;IAE7B;;;;;OAKG;IACH,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IAEpC;;;;;;OAMG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,8EAA8E;IAC9E,OAAO,CAAC,EAAE,cAAc,CAAC;IAEzB;;;;;;OAMG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;;;;;;;;;;;;;;;;;OAmBG;IACH,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IAEpC;;;;;OAKG;IACH,IAAI,CAAC,EAAE,UAAU,CAAC;IAElB,gDAAgD;IAChD,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IAExB,sCAAsC;IACtC,YAAY,CAAC,EAAE,mBAAmB,CAAC;IAEnC;;;;;;;;;;;;;;;;;OAiBG;IACH,cAAc,CAAC,EAAE,cAAc,CAAC;CACjC;AAED
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,KAAK,EAAE,oBAAoB,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,iCAAiC,EAAE,qBAAqB,EAAE,cAAc,EAAE,eAAe,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAE7P,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAG/D,YAAY,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGlL,YAAY,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAInD;;;;;;;GAOG;AACH,MAAM,MAAM,UAAU,GAAG,KAAK,GAAG,GAAG,MAAM,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,EAAE,CAAC;AAI/D;;;;;;;;;GASG;AACH,MAAM,MAAM,SAAS,GACjB,eAAe,GACf,QAAQ,GACR,UAAU,GACV,WAAW,CAAC;AAIhB,mDAAmD;AACnD,MAAM,MAAM,SAAS,GACjB,cAAc,GACd,eAAe,GACf,aAAa,GACb,gBAAgB,GAChB,kBAAkB,GAClB,cAAc,GACd,gBAAgB,GAChB,qBAAqB,GACrB,uBAAuB,CAAC;AAE5B,wDAAwD;AACxD,MAAM,WAAW,YAAY;IAC3B,cAAc,EAAE;QAAE,QAAQ,EAAE,SAAS,CAAC;QAAC,OAAO,EAAE,SAAS,CAAA;KAAE,CAAC;IAC5D,eAAe,EAAE;QAAE,OAAO,EAAE,eAAe,CAAA;KAAE,CAAC;IAC9C,aAAa,EAAE;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;IAC/B,gBAAgB,EAAE;QAAE,QAAQ,EAAE,YAAY,CAAA;KAAE,CAAC;IAC7C,kBAAkB,EAAE;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IACvC,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IACtC,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IACxC,mEAAmE;IACnE,qBAAqB,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC;IAC5C,6GAA6G;IAC7G,uBAAuB,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;CAChD;AAED,sDAAsD;AACtD,MAAM,MAAM,gBAAgB,CAAC,CAAC,SAAS,SAAS,GAAG,SAAS,IAC1D,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC;AAIrC;;;;;;;GAOG;AACH,MAAM,MAAM,YAAY,GAAG,oBAAoB,CAAC;AAEhD,+DAA+D;AAC/D,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,YAAY,CAAC;CACxB;AAID,gEAAgE;AAChE,MAAM,WAAW,kBAAkB;IACjC,+EAA+E;IAC/E,YAAY,EAAE,MAAM,CAAC;IACrB,6DAA6D;IAC7D,WAAW,EAAE,MAAM,CAAC;IACpB,4EAA4E;IAC5E,KAAK,EAAE,MAAM,CAAC;CACf;AAED,yEAAyE;AACzE,MAAM,WAAW,kBAAkB;IACjC,uDAAuD;IACvD,IAAI,EAAE,MAAM,CAAC;IACb,sEAAsE;IACtE,KAAK,EAAE,MAAM,CAAC;CACf;AAED,4DAA4D;AAC5D,MAAM,WAAW,qBAAqB;IACpC,wDAAwD;IACxD,iBAAiB,EAAE,MAAM,CAAC;IAC1B,2DAA2D;IAC3D,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,6EAA6E;IAC7E,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gEAAgE;IAChE,QAAQ,EAAE,MAAM,CAAC;IACjB,yDAAyD;IACzD,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAID;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,mBAAmB;IAClC,+DAA+D;IAC/D,SAAS,EAAE,MAAM,IAAI,CAAC;IAEtB,8CAA8C;IAC9C,SAAS,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,IAAI,CAAC;IAEpC;;;;;;OAMG;IACH,sBAAsB,CAAC,EAAE,CAAC,MAAM,EAAE,kBAAkB,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAErF;;;;;;;;OAQG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC;IAE3D;;;;;;;;;;OAUG;IACH,oBAAoB,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,qBAAqB,CAAC,KAAK,IAAI,CAAC;IAE/E;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACH,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAID;;;;;;GAMG;AACH,MAAM,WAAW,aAAa;IAC5B,yDAAyD;IACzD,mBAAmB,EAAE,WAAW,CAAC;IAEjC,qDAAqD;IACrD,cAAc,EAAE,iCAAiC,EAAE,CAAC;IAEpD,0EAA0E;IAC1E,YAAY,EAAE,MAAM,CAAC;IAErB;;;;;;OAMG;IACH,sBAAsB,CAAC,EAAE,qBAAqB,EAAE,CAAC;IAEjD;;;OAGG;IACH,mBAAmB,CAAC,EAAE,kBAAkB,EAAE,CAAC;IAE3C;;;OAGG;IACH,2BAA2B,CAAC,EAAE,MAAM,EAAE,CAAC;IAEvC,qFAAqF;IACrF,kBAAkB,CAAC,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;CACvE;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,WAAW,cAAc;IAC7B;;;;;OAKG;IACH,aAAa,CAAC,MAAM,EAAE;QACpB,kBAAkB,EAAE,wBAAwB,EAAE,CAAC;KAChD,GAAG,OAAO,CAAC,aAAa,GAAG,SAAS,CAAC,CAAC;CACxC;AAED,8CAA8C;AAC9C,MAAM,WAAW,kBAAkB;IACjC;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,EAAE,cAAc,CAAC;IAEvB;;;;OAIG;IACH,UAAU,CAAC,EAAE,eAAe,CAAC;IAE7B;;;;;OAKG;IACH,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IAEpC;;;;;;OAMG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,8EAA8E;IAC9E,OAAO,CAAC,EAAE,cAAc,CAAC;IAEzB;;;;;;OAMG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;;;;;;;;;;;;;;;;;OAmBG;IACH,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IAEpC;;;;;OAKG;IACH,IAAI,CAAC,EAAE,UAAU,CAAC;IAElB,gDAAgD;IAChD,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IAExB,sCAAsC;IACtC,YAAY,CAAC,EAAE,mBAAmB,CAAC;IAEnC;;;;;;;;;;;;;;;;;OAiBG;IACH,cAAc,CAAC,EAAE,cAAc,CAAC;CACjC;AAED,oDAAoD;AACpD,MAAM,WAAW,mBAAmB;IAClC,kDAAkD;IAClD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,kEAAkE;IAClE,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB,8CAA8C;IAC9C,IAAI,CAAC,EAAE,UAAU,CAAC;IAElB,8CAA8C;IAC9C,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IAExB,yBAAyB;IACzB,QAAQ,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAE7B;;;;;;;;;;;;;;;OAeG;IACH,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED,2DAA2D;AAC3D,MAAM,MAAM,mBAAmB,GAAG,mBAAmB,CAAC;AAItD;;;;;;GAMG;AACH,MAAM,MAAM,eAAe,GACvB,qBAAqB,GACrB;IAAE,UAAU,EAAE,qBAAqB,CAAC;IAAC,WAAW,EAAE,UAAU,EAAE,CAAA;CAAE,CAAC;AAErE,0DAA0D;AAC1D,MAAM,MAAM,UAAU,GAAG,OAAO,GAAG,MAAM,GAAG,QAAQ,GAAG,OAAO,GAAG,WAAW,GAAG,WAAW,CAAC;AAE3F,+EAA+E;AAC/E,eAAO,MAAM,mBAAmB,EAAE,UAAU,EAAmE,CAAC;AAEhH;;;;;;GAMG;AACH,MAAM,WAAW,qBAAqB;IACpC;;;;;;;;;;;;;;;;;OAiBG;IACH,SAAS,CAAC,EAAE,eAAe,EAAE,CAAC;IAE9B;;;OAGG;IACH,cAAc,CAAC,EAAE,cAAc,CAAC;IAEhC;;;;;;OAMG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,8CAA8C;IAC9C,IAAI,CAAC,EAAE,UAAU,CAAC;CACnB;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,MAAM,cAAc,GAAG,qBAAqB,GAAG,mBAAmB,CAAC;AAEzE,qDAAqD;AACrD,MAAM,WAAW,oBAAoB;IACnC,gEAAgE;IAChE,WAAW,EAAE,MAAM,CAAC;IAEpB,uCAAuC;IACvC,gBAAgB,EAAE,MAAM,CAAC;IAEzB,yDAAyD;IACzD,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;;;;;OAOG;IACH,kBAAkB,EAAE,wBAAwB,EAAE,CAAC;IAE/C,+DAA+D;IAC/D,gBAAgB,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;IAExC,+CAA+C;IAC/C,WAAW,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnC,8CAA8C;IAC9C,IAAI,CAAC,EAAE,UAAU,CAAC;CACnB;AAED,wDAAwD;AACxD,MAAM,WAAW,uBAAuB;IACtC,kCAAkC;IAClC,cAAc,EAAE,MAAM,CAAC;IAEvB,qCAAqC;IACrC,QAAQ,EAAE,MAAM,CAAC;IAEjB,8CAA8C;IAC9C,IAAI,CAAC,EAAE,UAAU,CAAC;IAElB,8CAA8C;IAC9C,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAED,0DAA0D;AAC1D,MAAM,WAAW,yBAAyB;IACxC,4CAA4C;IAC5C,gBAAgB,EAAE,gBAAgB,CAAC;IAEnC,8CAA8C;IAC9C,IAAI,CAAC,EAAE,UAAU,CAAC;CACnB;AAED,sDAAsD;AACtD,MAAM,WAAW,qBAAqB;IACpC,gEAAgE;IAChE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;;;;;;;;;;;;;;;;OAkBG;IACH,kBAAkB,CAAC,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;CAC5C;AAED,uDAAuD;AACvD,MAAM,WAAW,sBAAsB;IACrC,kDAAkD;IAClD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,gDAAgD;AAChD,MAAM,WAAW,eAAe;IAC9B;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,kDAAkD;AAClD,MAAM,WAAW,iBAAiB;IAChC;;;;OAIG;IACH,YAAY,CAAC,EAAE,OAAO,CAAC;IAEvB;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAID;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,uDAAuD;IACvD,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAEzC,4BAA4B;IAC5B,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE/C,oBAAoB;IACpB,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEnC,6BAA6B;IAC7B,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAEvB;;;;;;OAMG;IACH,KAAK,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACzB;AAID,gEAAgE;AAChE,eAAO,MAAM,yBAAyB,2BAA2B,CAAC;AAElE,yEAAyE;AACzE,eAAO,MAAM,qBAAqB,UAAgC,CAAC;AAEnE;;;GAGG;AACH,eAAO,MAAM,YAAY;IACvB,oDAAoD;;IAGpD,+CAA+C;;IAG/C,4DAA4D;;IAG5D,yDAAyD;;IAGzD;;;;OAIG;;IAGH;;;OAGG;;IAGH;;;;OAIG;;IAGH;;;;;;OAMG;;IAGH;;;;;;OAMG;;IAGH;;;OAGG;;IAGH;;;;;;;OAOG;;CAEK,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@enbox/auth",
|
|
3
|
-
"version": "0.6.
|
|
3
|
+
"version": "0.6.35",
|
|
4
4
|
"description": "Headless authentication and identity management SDK for Enbox",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/esm/index.js",
|
|
@@ -60,7 +60,7 @@
|
|
|
60
60
|
"bun": ">=1.0.0"
|
|
61
61
|
},
|
|
62
62
|
"dependencies": {
|
|
63
|
-
"@enbox/agent": "0.7.
|
|
63
|
+
"@enbox/agent": "0.7.2",
|
|
64
64
|
"@enbox/common": "0.1.1",
|
|
65
65
|
"@enbox/crypto": "0.1.1",
|
|
66
66
|
"@enbox/dids": "0.1.1",
|
package/src/auth-manager.ts
CHANGED
|
@@ -31,12 +31,12 @@ import type {
|
|
|
31
31
|
HeadlessConnectOptions,
|
|
32
32
|
ImportFromPhraseOptions,
|
|
33
33
|
ImportFromPortableOptions,
|
|
34
|
-
LocalConnectOptions,
|
|
35
34
|
RegistrationOptions,
|
|
36
35
|
RestoreSessionOptions,
|
|
37
36
|
ShutdownOptions,
|
|
38
37
|
StorageAdapter,
|
|
39
38
|
SyncOption,
|
|
39
|
+
VaultConnectOptions,
|
|
40
40
|
WalletConnectOptions,
|
|
41
41
|
} from './types.js';
|
|
42
42
|
|
|
@@ -48,10 +48,10 @@ import { AuthEventEmitter } from './events.js';
|
|
|
48
48
|
import { AuthSession } from './identity-session.js';
|
|
49
49
|
import { createDefaultStorage } from './storage/storage.js';
|
|
50
50
|
import { discoverLocalDwn } from './discovery.js';
|
|
51
|
-
import { localConnect } from './connect/local.js';
|
|
52
51
|
import { normalizeProtocolRequests } from './permissions.js';
|
|
53
52
|
import { restoreSession } from './connect/restore.js';
|
|
54
53
|
import { STORAGE_KEYS } from './types.js';
|
|
54
|
+
import { vaultConnect } from './connect/vault.js';
|
|
55
55
|
import { walletConnect } from './connect/wallet.js';
|
|
56
56
|
import { deriveActiveSyncScope, ensureVaultReady, finalizeDelegateSession, importDelegateAndSetupSync, resolveIdentityDids, resolvePassword, startSyncIfEnabled, toSyncIdentityProtocols } from './connect/lifecycle.js';
|
|
57
57
|
import { importFromPhrase, importFromPortable } from './connect/import.js';
|
|
@@ -249,11 +249,11 @@ export class AuthManager {
|
|
|
249
249
|
const restored = await restoreSession(this._flowContext());
|
|
250
250
|
if (restored) { return restored; }
|
|
251
251
|
|
|
252
|
-
// 2. Route to the appropriate flow. `
|
|
252
|
+
// 2. Route to the appropriate flow. `_isVaultConnect` is a type guard
|
|
253
253
|
// so the two branches receive correctly narrowed `options` types
|
|
254
254
|
// without casts.
|
|
255
|
-
if (this.
|
|
256
|
-
return
|
|
255
|
+
if (this._isVaultConnect(options)) {
|
|
256
|
+
return vaultConnect(this._flowContext(), options);
|
|
257
257
|
}
|
|
258
258
|
|
|
259
259
|
return this._handlerConnect(options);
|
|
@@ -261,17 +261,33 @@ export class AuthManager {
|
|
|
261
261
|
}
|
|
262
262
|
|
|
263
263
|
/**
|
|
264
|
-
* Create or reconnect a local identity (explicit
|
|
264
|
+
* Create or reconnect a local identity (explicit vault connect).
|
|
265
265
|
*
|
|
266
|
-
* Use this when you explicitly want the
|
|
266
|
+
* Use this when you explicitly want the vault flow, bypassing
|
|
267
267
|
* auto-detection. This is the preferred method for wallet apps.
|
|
268
268
|
*
|
|
269
|
-
* @param options -
|
|
269
|
+
* @param options - Vault connect options.
|
|
270
270
|
* @returns An active AuthSession.
|
|
271
271
|
* @throws If a connection attempt is already in progress.
|
|
272
|
+
* @deprecated Use {@link connectVault} instead. Will be removed in 1.0.
|
|
272
273
|
*/
|
|
273
|
-
async connectLocal(options?:
|
|
274
|
-
return this.
|
|
274
|
+
async connectLocal(options?: VaultConnectOptions): Promise<AuthSession> {
|
|
275
|
+
return this.connectVault(options);
|
|
276
|
+
}
|
|
277
|
+
|
|
278
|
+
/**
|
|
279
|
+
* Create or reconnect an identity via the local HD vault.
|
|
280
|
+
*
|
|
281
|
+
* Use this when you explicitly want the vault flow, bypassing
|
|
282
|
+
* auto-detection. This is the preferred method for wallet apps
|
|
283
|
+
* and CLI tools that own the identity vault directly.
|
|
284
|
+
*
|
|
285
|
+
* @param options - Vault connect options.
|
|
286
|
+
* @returns An active AuthSession.
|
|
287
|
+
* @throws If a connection attempt is already in progress.
|
|
288
|
+
*/
|
|
289
|
+
async connectVault(options?: VaultConnectOptions): Promise<AuthSession> {
|
|
290
|
+
return this._withConnect(() => vaultConnect(this._flowContext(), options));
|
|
275
291
|
}
|
|
276
292
|
|
|
277
293
|
/**
|
|
@@ -976,21 +992,22 @@ export class AuthManager {
|
|
|
976
992
|
// ─── Private helpers ───────────────────────────────────────────
|
|
977
993
|
|
|
978
994
|
/**
|
|
979
|
-
* Determine whether the given options indicate a
|
|
995
|
+
* Determine whether the given options indicate a vault connect flow.
|
|
980
996
|
*
|
|
981
997
|
* Handler intent is asserted by the presence of a non-empty `protocols`
|
|
982
998
|
* array OR a non-null `connectHandler`; everything else (including the
|
|
983
999
|
* no-options case, an empty `protocols: []`, and `null` values from JS
|
|
984
|
-
* callers) routes to
|
|
985
|
-
* NOT a handler signal — it carries no permission scopes
|
|
986
|
-
* to authorize, so treating it as handler-flow would
|
|
987
|
-
* "connected" session indistinguishable from a
|
|
1000
|
+
* callers) routes to vault connect. An empty `protocols` array is
|
|
1001
|
+
* intentionally NOT a handler signal — it carries no permission scopes
|
|
1002
|
+
* for the handler to authorize, so treating it as handler-flow would
|
|
1003
|
+
* produce a zero-grant "connected" session indistinguishable from a
|
|
1004
|
+
* denied connect.
|
|
988
1005
|
*
|
|
989
1006
|
* Acts as a TypeScript type guard: a `true` return narrows `options` to
|
|
990
|
-
* `
|
|
1007
|
+
* `VaultConnectOptions | undefined` at call sites, so the routing in
|
|
991
1008
|
* {@link AuthManager.connect} can dispatch without unsafe casts.
|
|
992
1009
|
*/
|
|
993
|
-
private
|
|
1010
|
+
private _isVaultConnect(options?: ConnectOptions): options is VaultConnectOptions | undefined {
|
|
994
1011
|
if (options === undefined || options === null) { return true; }
|
|
995
1012
|
if ('protocols' in options && Array.isArray(options.protocols) && options.protocols.length > 0) { return false; }
|
|
996
1013
|
if ('connectHandler' in options && options.connectHandler !== undefined && options.connectHandler !== null) { return false; }
|
|
@@ -1030,7 +1047,7 @@ export class AuthManager {
|
|
|
1030
1047
|
|
|
1031
1048
|
// 2. Initialize vault (agent-only, no identity). The per-call password
|
|
1032
1049
|
// (when supplied via `HandlerConnectOptions.password`) wins over the
|
|
1033
|
-
// manager default, matching the behavior of the
|
|
1050
|
+
// manager default, matching the behavior of the vault-connect flow.
|
|
1034
1051
|
const isFirstLaunch = await userAgent.firstLaunch();
|
|
1035
1052
|
const password = await resolvePassword(ctx, options?.password, isFirstLaunch);
|
|
1036
1053
|
await ensureVaultReady({ userAgent, emitter, password, isFirstLaunch });
|
package/src/connect/import.ts
CHANGED
|
@@ -13,12 +13,15 @@ import type { ImportFromPhraseOptions, ImportFromPortableOptions } from '../type
|
|
|
13
13
|
import { DEFAULT_DWN_ENDPOINTS } from '../types.js';
|
|
14
14
|
import { registerWithDwnEndpoints } from '../registration.js';
|
|
15
15
|
import { createDefaultIdentity, ensureVaultReady, finalizeSession, registerSyncScopeForIdentity, resolveIdentityDids, startSyncIfEnabled } from './lifecycle.js';
|
|
16
|
+
import { recoverIdentitiesFromRemote, registerAgentDidForSync } from './recovery.js';
|
|
16
17
|
|
|
17
18
|
/**
|
|
18
19
|
* Import (or recover) an identity from a BIP-39 recovery phrase.
|
|
19
20
|
*
|
|
20
21
|
* This re-initializes the vault with the given phrase and password,
|
|
21
|
-
* recovering the agent DID and all derived keys.
|
|
22
|
+
* recovering the agent DID and all derived keys. If the recovery phrase
|
|
23
|
+
* was previously used to create identities, they are pulled from the
|
|
24
|
+
* remote DWN. Otherwise a new default identity is created.
|
|
22
25
|
*/
|
|
23
26
|
export async function importFromPhrase(
|
|
24
27
|
ctx: FlowContext,
|
|
@@ -40,12 +43,39 @@ export async function importFromPhrase(
|
|
|
40
43
|
dwnEndpoints,
|
|
41
44
|
});
|
|
42
45
|
|
|
43
|
-
//
|
|
44
|
-
|
|
45
|
-
|
|
46
|
+
// Register agent DID as tenant and for sync — prerequisites for recovery.
|
|
47
|
+
if (ctx.registration) {
|
|
48
|
+
await registerWithDwnEndpoints(
|
|
49
|
+
{
|
|
50
|
+
userAgent,
|
|
51
|
+
dwnEndpoints,
|
|
52
|
+
agentDid : userAgent.agentDid.uri,
|
|
53
|
+
connectedDid : userAgent.agentDid.uri,
|
|
54
|
+
secretStore : userAgent.secrets,
|
|
55
|
+
storage,
|
|
56
|
+
},
|
|
57
|
+
ctx.registration,
|
|
58
|
+
);
|
|
59
|
+
}
|
|
60
|
+
if (sync !== 'off') {
|
|
61
|
+
await registerAgentDidForSync(userAgent);
|
|
62
|
+
}
|
|
63
|
+
|
|
64
|
+
// Try to recover identities from the remote DWN before falling back
|
|
65
|
+
// to creating a new one.
|
|
66
|
+
let identities = await userAgent.identity.list();
|
|
46
67
|
let identity = identities[0];
|
|
47
68
|
let isNewIdentity = false;
|
|
48
69
|
|
|
70
|
+
if (!identity && sync !== 'off') {
|
|
71
|
+
try {
|
|
72
|
+
identities = await recoverIdentitiesFromRemote({ userAgent, dwnEndpoints, registration: ctx.registration, storage });
|
|
73
|
+
identity = identities[0];
|
|
74
|
+
} catch (err) {
|
|
75
|
+
console.warn('[@enbox/auth] Seed phrase recovery failed:', err);
|
|
76
|
+
}
|
|
77
|
+
}
|
|
78
|
+
|
|
49
79
|
if (!identity) {
|
|
50
80
|
isNewIdentity = true;
|
|
51
81
|
identity = await createDefaultIdentity(userAgent, dwnEndpoints);
|
|
@@ -53,31 +83,31 @@ export async function importFromPhrase(
|
|
|
53
83
|
|
|
54
84
|
const { connectedDid, delegateDid } = resolveIdentityDids(identity);
|
|
55
85
|
|
|
56
|
-
// Register
|
|
57
|
-
if (
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
if (delegateDid) {
|
|
86
|
+
// Register sync for the identity DID.
|
|
87
|
+
if (isNewIdentity) {
|
|
88
|
+
// New identity: register as tenant first, then for sync.
|
|
89
|
+
if (ctx.registration) {
|
|
90
|
+
await registerWithDwnEndpoints(
|
|
91
|
+
{
|
|
92
|
+
userAgent,
|
|
93
|
+
dwnEndpoints,
|
|
94
|
+
agentDid : userAgent.agentDid.uri,
|
|
95
|
+
connectedDid,
|
|
96
|
+
secretStore : userAgent.secrets,
|
|
97
|
+
storage,
|
|
98
|
+
},
|
|
99
|
+
ctx.registration,
|
|
100
|
+
);
|
|
101
|
+
}
|
|
102
|
+
if (delegateDid) {
|
|
103
|
+
await registerSyncScopeForIdentity({ userAgent, connectedDid, delegateDid });
|
|
104
|
+
} else if (sync !== 'off') {
|
|
105
|
+
await registerSyncScopeForIdentity({ userAgent, connectedDid });
|
|
106
|
+
}
|
|
107
|
+
} else if (delegateDid) {
|
|
108
|
+
// Pre-existing delegate identity: repair sync scope so revoked
|
|
109
|
+
// grants don't remain in a stale registration.
|
|
78
110
|
await registerSyncScopeForIdentity({ userAgent, connectedDid, delegateDid });
|
|
79
|
-
} else if (isNewIdentity && sync !== 'off') {
|
|
80
|
-
await registerSyncScopeForIdentity({ userAgent, connectedDid });
|
|
81
111
|
}
|
|
82
112
|
|
|
83
113
|
// Start sync.
|
package/src/connect/lifecycle.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Shared helpers for connect flows.
|
|
3
3
|
*
|
|
4
|
-
* Consolidates duplicated logic across `
|
|
4
|
+
* Consolidates duplicated logic across `vault-connect`, `session-restore`,
|
|
5
5
|
* `wallet-connect`, and `import-identity` flows:
|
|
6
6
|
*
|
|
7
7
|
* - Password resolution chain
|
|
@@ -35,7 +35,7 @@ import { DEFAULT_DWN_ENDPOINTS, INSECURE_DEFAULT_PASSWORD, STORAGE_KEYS } from '
|
|
|
35
35
|
/**
|
|
36
36
|
* Unified context passed from `AuthManager` to every connect flow.
|
|
37
37
|
*
|
|
38
|
-
* Replaces the per-flow `
|
|
38
|
+
* Replaces the per-flow `VaultConnectContext`, `SessionRestoreContext`,
|
|
39
39
|
* `WalletConnectContext`, and `ImportContext` interfaces. All fields are
|
|
40
40
|
* optional beyond the core triple (`userAgent`, `emitter`, `storage`) so
|
|
41
41
|
* flows only consume what they need.
|
|
@@ -184,7 +184,7 @@ export async function startSyncIfEnabled(
|
|
|
184
184
|
* encryption keys, and a DWN service endpoint.
|
|
185
185
|
*
|
|
186
186
|
* This consolidates the identical identity creation block that was
|
|
187
|
-
* duplicated in `
|
|
187
|
+
* duplicated in `vaultConnect` and `importFromPhrase`.
|
|
188
188
|
*
|
|
189
189
|
* @internal
|
|
190
190
|
*/
|