@explorins/pers-sdk-react-native 1.5.25 → 1.5.27

package/dist/providers/PersSDKProvider.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"PersSDKProvider.d.ts","sourceRoot":"","sources":["../../src/providers/PersSDKProvider.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,EAAuC,SAAS,EAAuB,MAAM,OAAO,CAAC;AACnG,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAGpF,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAG3D,OAAO,KAAK,EACV,WAAW,EACX,WAAW,EACX,YAAY,EACZ,eAAe,EACf,eAAe,EACf,iBAAiB,EACjB,kBAAkB,EAClB,eAAe,EACf,aAAa,EACb,gBAAgB,EAChB,eAAe,EAChB,MAAM,0BAA0B,CAAC;AAGlC,YAAY,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AAE3D,MAAM,WAAW,cAAc;IAE7B,GAAG,EAAE,OAAO,GAAG,IAAI,CAAC;IAGpB,IAAI,EAAE,WAAW,GAAG,IAAI,CAAC;IACzB,KAAK,EAAE,WAAW,GAAG,IAAI,CAAC;IAC1B,MAAM,EAAE,YAAY,GAAG,IAAI,CAAC;IAC5B,UAAU,EAAE,eAAe,GAAG,IAAI,CAAC;IACnC,SAAS,EAAE,eAAe,GAAG,IAAI,CAAC;IAClC,WAAW,EAAE,iBAAiB,GAAG,IAAI,CAAC;IACtC,YAAY,EAAE,kBAAkB,GAAG,IAAI,CAAC;IACxC,SAAS,EAAE,eAAe,GAAG,IAAI,CAAC;IAClC,OAAO,EAAE,aAAa,GAAG,IAAI,CAAC;IAC9B,SAAS,EAAE,gBAAgB,GAAG,IAAI,CAAC;IACnC,SAAS,EAAE,eAAe,GAAG,IAAI,CAAC;IAGlC,QAAQ,EAAE,eAAe,GAAG,IAAI,CAAC;IAGjC,YAAY,EAAE,mBAAmB,GAAG,IAAI,CAAC;IAGzC,aAAa,EAAE,OAAO,CAAC;IACvB,eAAe,EAAE,OAAO,CAAC;IACzB,IAAI,EAAE,OAAO,GAAG,QAAQ,GAAG,IAAI,CAAC;IAChC,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAG9B,UAAU,EAAE,CAAC,MAAM,EAAE,UAAU,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAClD,sBAAsB,EAAE,CAAC,IAAI,EAAE,OAAO,GAAG,QAAQ,GAAG,IAAI,EAAE,cAAc,EAAE,MAAM,GAAG,IAAI,EAAE,eAAe,EAAE,OAAO,KAAK,IAAI,CAAC;IAC3H,eAAe,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CACtC;AAMD,eAAO,MAAM,eAAe,EAAE,KAAK,CAAC,EAAE,CAAC;IACrC,QAAQ,EAAE,SAAS,CAAC;CACrB,CAkHA,CAAC;AAGF,eAAO,MAAM,UAAU,QAAO,cAQ7B,CAAC"}
+{"version":3,"file":"PersSDKProvider.d.ts","sourceRoot":"","sources":["../../src/providers/PersSDKProvider.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,EAAuC,SAAS,EAAuB,MAAM,OAAO,CAAC;AAEnG,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,mBAAmB,EAAsB,MAAM,0BAA0B,CAAC;AAIxG,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAG3D,OAAO,KAAK,EACV,WAAW,EACX,WAAW,EACX,YAAY,EACZ,eAAe,EACf,eAAe,EACf,iBAAiB,EACjB,kBAAkB,EAClB,eAAe,EACf,aAAa,EACb,gBAAgB,EAChB,eAAe,EAChB,MAAM,0BAA0B,CAAC;AAGlC,YAAY,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AAE3D,MAAM,WAAW,cAAc;IAE7B,GAAG,EAAE,OAAO,GAAG,IAAI,CAAC;IAGpB,IAAI,EAAE,WAAW,GAAG,IAAI,CAAC;IACzB,KAAK,EAAE,WAAW,GAAG,IAAI,CAAC;IAC1B,MAAM,EAAE,YAAY,GAAG,IAAI,CAAC;IAC5B,UAAU,EAAE,eAAe,GAAG,IAAI,CAAC;IACnC,SAAS,EAAE,eAAe,GAAG,IAAI,CAAC;IAClC,WAAW,EAAE,iBAAiB,GAAG,IAAI,CAAC;IACtC,YAAY,EAAE,kBAAkB,GAAG,IAAI,CAAC;IACxC,SAAS,EAAE,eAAe,GAAG,IAAI,CAAC;IAClC,OAAO,EAAE,aAAa,GAAG,IAAI,CAAC;IAC9B,SAAS,EAAE,gBAAgB,GAAG,IAAI,CAAC;IACnC,SAAS,EAAE,eAAe,GAAG,IAAI,CAAC;IAGlC,QAAQ,EAAE,eAAe,GAAG,IAAI,CAAC;IAGjC,YAAY,EAAE,mBAAmB,GAAG,IAAI,CAAC;IAGzC,aAAa,EAAE,OAAO,CAAC;IACvB,eAAe,EAAE,OAAO,CAAC;IACzB,IAAI,EAAE,OAAO,GAAG,QAAQ,GAAG,IAAI,CAAC;IAChC,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAG9B,UAAU,EAAE,CAAC,MAAM,EAAE,UAAU,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAClD,sBAAsB,EAAE,CAAC,IAAI,EAAE,OAAO,GAAG,QAAQ,GAAG,IAAI,EAAE,cAAc,EAAE,MAAM,GAAG,IAAI,EAAE,eAAe,EAAE,OAAO,KAAK,IAAI,CAAC;IAC3H,eAAe,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CACtC;AAMD,eAAO,MAAM,eAAe,EAAE,KAAK,CAAC,EAAE,CAAC;IACrC,QAAQ,EAAE,SAAS,CAAC;CACrB,CA4HA,CAAC;AAGF,eAAO,MAAM,UAAU,QAAO,cAQ7B,CAAC"}

package/dist/providers/PersSDKProvider.js

@@ -1,8 +1,10 @@
 import { jsx as _jsx } from "react/jsx-runtime";
 import { createContext, useContext, useState, useCallback, useRef } from 'react';
+import { Platform } from 'react-native';
 import { PersSDK } from '@explorins/pers-sdk/core';
 import { ReactNativeHttpClient } from './react-native-http-client';
 import { createReactNativeAuthProvider } from './react-native-auth-provider';
+import { ReactNativeDPoPProvider } from './rn-dpop-provider';
 // Create the context
 const SDKContext = createContext(null);
 // Provider component
@@ -39,6 +41,15 @@ export const PersSDKProvider = ({ children }) => {
                 ...config,
                 authProvider
             };
+            // Inject Native DPoP Provider (crypto-based) for mobile platforms
+            // Web platforms use built-in WebCrypto provider by default
+            if (Platform.OS !== 'web' && (!config.dpop?.cryptoProvider)) {
+                sdkConfig.dpop = {
+                    ...(config.dpop || {}),
+                    enabled: config.dpop?.enabled ?? true,
+                    cryptoProvider: new ReactNativeDPoPProvider()
+                };
+            }
             // Initialize PersSDK with platform-aware auth provider
             const sdkInstance = new PersSDK(httpClient, sdkConfig);
             setAuthProvider(authProvider);

package/dist/providers/react-native-auth-provider.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"react-native-auth-provider.d.ts","sourceRoot":"","sources":["../../src/providers/react-native-auth-provider.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,mBAAmB,EAAW,QAAQ,EAA4B,MAAM,0BAA0B,CAAC;AAE5G,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAK7D;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,gCAAgC;IAChC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,2BAA2B;IAC3B,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,0CAA0C;IAC1C,aAAa,CAAC,EAAE,YAAY,CAAC;IAC7B,4CAA4C;IAC5C,QAAQ,CAAC,EAAE,QAAQ,CAAC;CACrB;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,6BAA6B,CAC3C,UAAU,EAAE,MAAM,EAClB,MAAM,GAAE,qBAA0B,GACjC,mBAAmB,CAyBrB"}
+{"version":3,"file":"react-native-auth-provider.d.ts","sourceRoot":"","sources":["../../src/providers/react-native-auth-provider.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,mBAAmB,EAAW,QAAQ,EAA4B,MAAM,0BAA0B,CAAC;AAG5G,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAK7D;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,gCAAgC;IAChC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,2BAA2B;IAC3B,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,0CAA0C;IAC1C,aAAa,CAAC,EAAE,YAAY,CAAC;IAC7B,4CAA4C;IAC5C,QAAQ,CAAC,EAAE,QAAQ,CAAC;CACrB;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,6BAA6B,CAC3C,UAAU,EAAE,MAAM,EAClB,MAAM,GAAE,qBAA0B,GACjC,mBAAmB,CAyBrB"}

package/dist/providers/react-native-auth-provider.js

@@ -7,7 +7,7 @@
  */
 import { Platform } from 'react-native';
 import { DefaultAuthProvider, LocalStorageTokenStorage } from '@explorins/pers-sdk/core';
-import { AsyncStorageTokenStorage } from '../storage/async-storage-token-storage';
+import { ReactNativeSecureStorage } from '../storage/rn-secure-storage';
 // Use React Native's built-in platform detection
 const isWebPlatform = Platform.OS === 'web';
 /**
@@ -29,7 +29,7 @@ export function createReactNativeAuthProvider(projectKey, config = {}) {
     // Platform-specific storage selection
     const tokenStorage = customStorage || (isWebPlatform
         ? new LocalStorageTokenStorage()
-        : new AsyncStorageTokenStorage(keyPrefix));
+        : new ReactNativeSecureStorage(keyPrefix));
     // Return DefaultAuthProvider configured with platform-appropriate storage
     return new DefaultAuthProvider({
         authType,

package/dist/providers/rn-dpop-provider.d.ts

@@ -0,0 +1,19 @@
+import { DPoPCryptoProvider, DPoPKeyPair } from '@explorins/pers-sdk/core';
+export declare class ReactNativeDPoPProvider implements DPoPCryptoProvider {
+    /**
+     * Generates a new key pair (ES256 recommended)
+     *
+     * Note: options.extractable is ignored because for React Native Keychain storage,
+     * we MUST export the keys as JWK/strings. We rely on the Keychain encryption
+     * for security at rest (High Security), making the key "Extractable" in memory
+     * but protected by hardware encryption when stored.
+     */
+    generateKeyPair(options?: {
+        extractable?: boolean;
+    }): Promise<DPoPKeyPair>;
+    signProof(payload: Record<string, any>, keyPair: DPoPKeyPair): Promise<string>;
+    hashAccessToken(accessToken: string): Promise<string>;
+    private base64Url;
+    private base64UrlBuffer;
+}
+//# sourceMappingURL=rn-dpop-provider.d.ts.map

package/dist/providers/rn-dpop-provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rn-dpop-provider.d.ts","sourceRoot":"","sources":["../../src/providers/rn-dpop-provider.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,kBAAkB,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAE3E,qBAAa,uBAAwB,YAAW,kBAAkB;IAChE;;;;;;;OAOG;IACG,eAAe,CAAC,OAAO,CAAC,EAAE;QAAE,WAAW,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,OAAO,CAAC,WAAW,CAAC;IAoB1E,SAAS,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAAE,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC;IAmC9E,eAAe,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAO3D,OAAO,CAAC,SAAS;IAIjB,OAAO,CAAC,eAAe;CAQxB"}

package/dist/providers/rn-dpop-provider.js

@@ -0,0 +1,76 @@
+import crypto from 'react-native-quick-crypto';
+import { Buffer } from 'buffer';
+export class ReactNativeDPoPProvider {
+    /**
+     * Generates a new key pair (ES256 recommended)
+     *
+     * Note: options.extractable is ignored because for React Native Keychain storage,
+     * we MUST export the keys as JWK/strings. We rely on the Keychain encryption
+     * for security at rest (High Security), making the key "Extractable" in memory
+     * but protected by hardware encryption when stored.
+     */
+    async generateKeyPair(options) {
+        // Generate P-256 Key Pair
+        return new Promise((resolve, reject) => {
+            crypto.generateKeyPair('ec', { namedCurve: 'P-256' }, (err, publicKey, privateKey) => {
+                if (err)
+                    return reject(err);
+                // Export to JWK for SDK Compatibility
+                // We use 'export' because supportsObjects=false in our storage forces the SDK
+                // to expect serializable keys.
+                const pubJwk = publicKey.export({ format: 'jwk' });
+                const privJwk = privateKey.export({ format: 'jwk' });
+                resolve({
+                    publicKey: pubJwk,
+                    privateKey: privJwk
+                });
+            });
+        });
+    }
+    async signProof(payload, keyPair) {
+        // 1. Construct Header
+        const header = {
+            typ: 'dpop+jwt',
+            alg: 'ES256',
+            jwk: keyPair.publicKey
+        };
+        // 2. Add Claims (iat/jti)
+        const finalPayload = {
+            ...payload,
+            iat: payload.iat || Math.floor(Date.now() / 1000),
+            jti: payload.jti || crypto.randomUUID()
+        };
+        // 3. Encode
+        const b64Header = this.base64Url(JSON.stringify(header));
+        const b64Payload = this.base64Url(JSON.stringify(finalPayload));
+        const signingInput = `${b64Header}.${b64Payload}`;
+        // 4. Sign
+        const sign = crypto.createSign('SHA256');
+        sign.update(signingInput);
+        // sign.end() is not required/available in quick-crypto as it doesn't strictly follow stream interface
+        // Import private key back from JWK to sign
+        // The keyPair.privateKey is a JsonWebKey object because we exported it earlier.
+        // quick-crypto createPrivateKey expects jwk object if format is jwk
+        const privateKeyObj = crypto.createPrivateKey({ key: keyPair.privateKey, format: 'jwk' });
+        const signature = sign.sign(privateKeyObj);
+        // signature is a Buffer in quick-crypto
+        return `${signingInput}.${this.base64UrlBuffer(signature)}`;
+    }
+    async hashAccessToken(accessToken) {
+        const hash = crypto.createHash('sha256').update(accessToken).digest();
+        // digest returns Buffer in quick-crypto
+        return this.base64UrlBuffer(hash);
+    }
+    // --- Helpers ---
+    base64Url(str) {
+        return this.base64UrlBuffer(Buffer.from(str));
+    }
+    base64UrlBuffer(buf) {
+        // Ensure we have a Buffer
+        const buffer = Buffer.isBuffer(buf) ? buf : Buffer.from(buf);
+        return buffer.toString('base64')
+            .replace(/=/g, '')
+            .replace(/\+/g, '-')
+            .replace(/\//g, '_');
+    }
+}

package/dist/storage/rn-secure-storage.d.ts

@@ -0,0 +1,18 @@
+import { TokenStorage } from '@explorins/pers-sdk/core';
+/**
+ * Secure Storage implementation for React Native
+ * Uses Keychain/Keystore for sensitive data and AsyncStorage for non-sensitive data.
+ */
+export declare class ReactNativeSecureStorage implements TokenStorage {
+    private keyPrefix;
+    readonly supportsObjects = false;
+    private readonly SECURE_KEYS;
+    constructor(keyPrefix?: string);
+    set(key: string, value: unknown): Promise<void>;
+    get(key: string): Promise<unknown | null>;
+    remove(key: string): Promise<void>;
+    clear(): Promise<void>;
+    private getKeyName;
+    private tryParse;
+}
+//# sourceMappingURL=rn-secure-storage.d.ts.map

package/dist/storage/rn-secure-storage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rn-secure-storage.d.ts","sourceRoot":"","sources":["../../src/storage/rn-secure-storage.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EAGb,MAAM,0BAA0B,CAAC;AAElC;;;GAGG;AACH,qBAAa,wBAAyB,YAAW,YAAY;IAY/C,OAAO,CAAC,SAAS;IAV7B,QAAQ,CAAC,eAAe,SAAS;IAGjC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAKzB;gBAEiB,SAAS,GAAE,MAAuB;IAEhD,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAgB/C,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAyBzC,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAUlC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAkB5B,OAAO,CAAC,UAAU;IAOlB,OAAO,CAAC,QAAQ;CAOjB"}

package/dist/storage/rn-secure-storage.js

@@ -0,0 +1,102 @@
+import * as Keychain from 'react-native-keychain';
+import AsyncStorage from '@react-native-async-storage/async-storage';
+import { DPOP_STORAGE_KEYS, AUTH_STORAGE_KEYS } from '@explorins/pers-sdk/core';
+/**
+ * Secure Storage implementation for React Native
+ * Uses Keychain/Keystore for sensitive data and AsyncStorage for non-sensitive data.
+ */
+export class ReactNativeSecureStorage {
+    constructor(keyPrefix = 'pers_tokens_') {
+        this.keyPrefix = keyPrefix;
+        // Set to false because Keychain stores strings, so we need extractable (serializable) keys
+        this.supportsObjects = false;
+        // Define which keys MUST go to secure hardware storage
+        this.SECURE_KEYS = new Set([
+            DPOP_STORAGE_KEYS.PRIVATE,
+            AUTH_STORAGE_KEYS.ACCESS_TOKEN,
+            AUTH_STORAGE_KEYS.REFRESH_TOKEN,
+            AUTH_STORAGE_KEYS.PROVIDER_TOKEN
+        ]);
+    }
+    async set(key, value) {
+        const prefixedKey = this.getKeyName(key);
+        const stringValue = typeof value === 'string' ? value : JSON.stringify(value);
+        // Cast key to any to bypass strict literal type checking of the Set.has method
+        // In runtime, 'key' is just a string, so this is safe.
+        if (this.SECURE_KEYS.has(key)) {
+            // Store in Keychain/Keystore
+            // Service name acts as the key identifier in simple usage
+            await Keychain.setGenericPassword(prefixedKey, stringValue, { service: prefixedKey });
+        }
+        else {
+            // Store standard config/metadata in AsyncStorage
+            await AsyncStorage.setItem(prefixedKey, stringValue);
+        }
+    }
+    async get(key) {
+        const prefixedKey = this.getKeyName(key);
+        if (this.SECURE_KEYS.has(key)) {
+            try {
+                const credentials = await Keychain.getGenericPassword({ service: prefixedKey });
+                if (credentials) {
+                    return this.tryParse(credentials.password);
+                }
+                return null;
+            }
+            catch (e) {
+                console.warn(`[ReactNativeSecureStorage] Failed to access keychain for ${key}`, e);
+                return null; // Key not found or access denied
+            }
+        }
+        else {
+            try {
+                const val = await AsyncStorage.getItem(prefixedKey);
+                return val ? this.tryParse(val) : null;
+            }
+            catch (e) {
+                console.warn(`[ReactNativeSecureStorage] Failed to access AsyncStorage for ${key}`, e);
+                return null;
+            }
+        }
+    }
+    async remove(key) {
+        const prefixedKey = this.getKeyName(key);
+        if (this.SECURE_KEYS.has(key)) {
+            await Keychain.resetGenericPassword({ service: prefixedKey });
+        }
+        else {
+            await AsyncStorage.removeItem(prefixedKey);
+        }
+    }
+    async clear() {
+        // Clear all known secure keys
+        for (const key of this.SECURE_KEYS) {
+            await Keychain.resetGenericPassword({ service: this.getKeyName(key) });
+        }
+        // Clear AsyncStorage keys related to PERS
+        try {
+            const allKeys = await AsyncStorage.getAllKeys();
+            const ourKeys = allKeys.filter(k => k.startsWith(this.keyPrefix));
+            if (ourKeys.length > 0) {
+                await AsyncStorage.multiRemove(ourKeys);
+            }
+        }
+        catch (e) {
+            console.warn('[ReactNativeSecureStorage] Failed to clear AsyncStorage', e);
+        }
+    }
+    getKeyName(key) {
+        // For Keychain, we might want to avoid prefixes if we want to share across apps, 
+        // but for simple isolation, prefix is fine to avoid collisions if multiple instances exist.
+        // However, Keychain services are global to the app bundle ID usually.
+        return `${this.keyPrefix}${key}`;
+    }
+    tryParse(val) {
+        try {
+            return JSON.parse(val);
+        }
+        catch {
+            return val;
+        }
+    }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@explorins/pers-sdk-react-native",
-  "version": "1.5.25",
+  "version": "1.5.27",
   "description": "React Native SDK for PERS Platform - Tourism Loyalty System with Blockchain Transaction Signing and WebAuthn Authentication",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -37,15 +37,16 @@
   "author": "eXplorins",
   "license": "MIT",
   "dependencies": {
-    "@explorins/pers-sdk": "^1.6.28",
-    "@explorins/pers-shared": "^2.1.44",
-    "@explorins/pers-signer": "^1.0.26",
+    "@explorins/pers-sdk": "file:.yalc/@explorins/pers-sdk",
+    "@explorins/pers-shared": "^2.1.52",
+    "@explorins/pers-signer": "^1.0.32",
     "@explorins/web3-ts": "^0.3.75",
     "buffer": "^6.0.3",
     "ethers": "^6.15.0",
     "react-native-get-random-values": "^2.0.0",
     "react-native-keychain": "^10.0.0",
-    "react-native-passkey": "^3.3.2"
+    "react-native-passkey": "^3.3.2",
+    "react-native-quick-crypto": "^1.0.6"
   },
   "browser": {
     "crypto": false,

package/src/hooks/useAnalytics.ts

@@ -1,81 +1,9 @@
 import { useCallback } from 'react';
 import { usePersSDK } from '../providers/PersSDKProvider';
-
-// Import analytics types directly from core SDK
-interface TransactionAnalyticsFilters {
-  status?: string;
-  tokenType?: string;
-  triggerProcessType?: string;
-  tenantId?: string;
-  chainId?: number;
-  type?: string;
-  [key: string]: any;
-}
-
-type TransactionAnalyticsGroupBy = 
-  | 'month' | 'week' | 'day' | 'year' | 'quarter'
-  | 'tokenType' | 'status' | 'chainId' | 'triggerProcessType' | 'type'
-  | 'senderAddress' | 'recipientAddress' | 'senderId' | 'recipientId' | 'senderOwnerType' | 'recipientOwnerType' | 'createdAt';
-
-type TransactionAnalyticsMetric = 
-  | 'count' | 'sum' | 'avg' | 'min' | 'max';
-
-interface TransactionAnalyticsGroupByExpression {
-  expression: string;
-  alias: string;
-}
-
-/**
- * Request DTO for transaction analytics
- * 
- * @interface TransactionAnalyticsRequestDTO
- */
-export interface TransactionAnalyticsRequestDTO {
-  filters?: TransactionAnalyticsFilters;
-  groupBy?: TransactionAnalyticsGroupBy[];
-  groupByExpressions?: TransactionAnalyticsGroupByExpression[];
-  metrics?: TransactionAnalyticsMetric[];
-  orderBy?: string;
-  orderDirection?: 'ASC' | 'DESC';
-  limit?: number;
-  startDate?: string;
-  endDate?: string;
-}
-
-interface TransactionAnalyticsResultItem {
-  [key: string]: string | number | Date | undefined;
-  count?: string;
-  sum?: number;
-  avg?: number;
-  min?: number;
-  max?: number;
-  tokentype?: string;
-  tokenType?: string;
-  year?: string;
-  month?: string;
-  type?: string;
-  senderaddress?: string;
-  senderAddress?: string;
-  recipientaddress?: string;
-  recipientAddress?: string;
-  triggerprocesstype?: string;
-  triggerProcessType?: string;
-  userid?: string;
-  userId?: string;
-}
-
-/**
- * Response DTO for transaction analytics
- * 
- * @interface TransactionAnalyticsResponseDTO
- */
-export interface TransactionAnalyticsResponseDTO {
-  results: TransactionAnalyticsResultItem[];
-  totalGroups: number;
-  metadata: {
-    executionTime: string;
-  };
-}
+import { 
+  TransactionAnalyticsRequestDTO, 
+  TransactionAnalyticsResponseDTO 
+} from '@explorins/pers-shared';
 
 /**
  * React hook for analytics operations in the PERS SDK

package/src/hooks/useTransactions.ts

@@ -5,9 +5,9 @@ import type {
   TransactionRequestDTO, 
   TransactionRequestResponseDTO, 
   TransactionDTO,
-  TransactionRole
+  TransactionRole,
+  TransactionPaginationRequestDTO
 } from '@explorins/pers-shared';
-import type { TransactionPaginationParams } from '@explorins/pers-sdk/transaction';
 
 /**
  * React hook for transaction operations in the PERS SDK
@@ -196,7 +196,7 @@ export const useTransactions = () => {
     }
   }, [sdk, isInitialized]);
 
-  const getPaginatedTransactions = useCallback(async (params: TransactionPaginationParams): Promise<any> => {
+  const getPaginatedTransactions = useCallback(async (params: TransactionPaginationRequestDTO): Promise<any> => {
     if (!isInitialized || !sdk) {
       throw new Error('SDK not initialized. Call initialize() first.');
     }

package/src/index.ts

@@ -68,6 +68,19 @@ export {
 // SECURE STORAGE
 // ==============================================================================
 
+/**
+ * Secure Token Storage with Keychain Integration
+ * 
+ * Implements the TokenStorage interface using React Native Keychain for sensitive data
+ * (Private Keys, Access Tokens) and AsyncStorage for configuration/public data.
+ * 
+ * - Encryption: Hardware-backed keystore
+ * - Persistence: Survives app uninstall (on iOS usually) or clears on uninstall (Android) if configured
+ * 
+ * @see {@link ReactNativeSecureStorage} - The implementation class
+ */
+export { ReactNativeSecureStorage } from './storage/rn-secure-storage';
+
 /**
  * Secure token storage using React Native AsyncStorage
  * 
@@ -75,11 +88,22 @@ export {
  * Integrates with React Native Keychain for enhanced security on supported devices.
  * 
  * @see {@link AsyncStorageTokenStorage} - Secure storage implementation
+ * @deprecated Use ReactNativeSecureStorage for better security (Keychain integration)
  */
 export {
   AsyncStorageTokenStorage,
 } from './storage/async-storage-token-storage';
 
+// ==============================================================================
+// DPoP PROVIDER
+// ==============================================================================
+
+/**
+ * React Native DPoP Crypto Provider
+ * implements DPoPCryptoProvider using react-native-quick-crypto
+ */
+export { ReactNativeDPoPProvider } from './providers/rn-dpop-provider';
+
 // ==============================================================================
 // CORE PROVIDER & CONTEXT
 // ==============================================================================

package/src/providers/PersSDKProvider.tsx

@@ -1,7 +1,9 @@
 import React, { createContext, useContext, useState, ReactNode, useCallback, useRef } from 'react';
-import { PersSDK, PersConfig, DefaultAuthProvider } from '@explorins/pers-sdk/core';
+import { Platform } from 'react-native';
+import { PersSDK, PersConfig, DefaultAuthProvider, DPoPCryptoProvider } from '@explorins/pers-sdk/core';
 import { ReactNativeHttpClient } from './react-native-http-client';
 import { createReactNativeAuthProvider } from './react-native-auth-provider';
+import { ReactNativeDPoPProvider } from './rn-dpop-provider';
 import { UserDTO, AdminDTO } from '@explorins/pers-shared';
 
 // Import manager types for TypeScript
@@ -102,6 +104,16 @@ export const PersSDKProvider: React.FC<{
         authProvider
       };
       
+      // Inject Native DPoP Provider (crypto-based) for mobile platforms
+      // Web platforms use built-in WebCrypto provider by default
+      if (Platform.OS !== 'web' && (!config.dpop?.cryptoProvider)) {
+        sdkConfig.dpop = {
+          ...(config.dpop || {}),
+          enabled: config.dpop?.enabled ?? true,
+          cryptoProvider: new ReactNativeDPoPProvider()
+        };
+      }
+      
       // Initialize PersSDK with platform-aware auth provider
       const sdkInstance = new PersSDK(httpClient, sdkConfig);
       

package/src/providers/react-native-auth-provider.ts

@@ -9,6 +9,7 @@
 import { Platform } from 'react-native';
 import { DefaultAuthProvider, AuthApi, AuthType, LocalStorageTokenStorage } from '@explorins/pers-sdk/core';
 import { AsyncStorageTokenStorage } from '../storage/async-storage-token-storage';
+import { ReactNativeSecureStorage } from '../storage/rn-secure-storage';
 import type { TokenStorage } from '@explorins/pers-sdk/core';
 
 // Use React Native's built-in platform detection
@@ -58,7 +59,7 @@ export function createReactNativeAuthProvider(
   const tokenStorage = customStorage || (
     isWebPlatform 
       ? new LocalStorageTokenStorage()
-      : new AsyncStorageTokenStorage(keyPrefix)
+      : new ReactNativeSecureStorage(keyPrefix)
   );
 
   // Return DefaultAuthProvider configured with platform-appropriate storage

package/src/providers/rn-dpop-provider.ts

@@ -0,0 +1,88 @@
+import crypto from 'react-native-quick-crypto';
+import { Buffer } from 'buffer';
+import { DPoPCryptoProvider, DPoPKeyPair } from '@explorins/pers-sdk/core';
+
+export class ReactNativeDPoPProvider implements DPoPCryptoProvider {
+  /**
+   * Generates a new key pair (ES256 recommended)
+   * 
+   * Note: options.extractable is ignored because for React Native Keychain storage,
+   * we MUST export the keys as JWK/strings. We rely on the Keychain encryption
+   * for security at rest (High Security), making the key "Extractable" in memory 
+   * but protected by hardware encryption when stored.
+   */
+  async generateKeyPair(options?: { extractable?: boolean }): Promise<DPoPKeyPair> {
+    // Generate P-256 Key Pair
+    return new Promise((resolve, reject) => {
+        crypto.generateKeyPair('ec', { namedCurve: 'P-256' }, (err: any, publicKey: any, privateKey: any) => {
+            if (err) return reject(err);
+            
+            // Export to JWK for SDK Compatibility
+            // We use 'export' because supportsObjects=false in our storage forces the SDK
+            // to expect serializable keys.
+            const pubJwk = publicKey.export({ format: 'jwk' });
+            const privJwk = privateKey.export({ format: 'jwk' });
+            
+            resolve({
+                publicKey: pubJwk,
+                privateKey: privJwk
+            });
+        });
+    });
+  }
+
+  async signProof(payload: Record<string, any>, keyPair: DPoPKeyPair): Promise<string> {
+    // 1. Construct Header
+    const header = {
+        typ: 'dpop+jwt',
+        alg: 'ES256',
+        jwk: keyPair.publicKey
+    };
+
+    // 2. Add Claims (iat/jti)
+    const finalPayload = {
+        ...payload,
+        iat: payload.iat || Math.floor(Date.now() / 1000),
+        jti: payload.jti || crypto.randomUUID()
+    };
+    
+    // 3. Encode
+    const b64Header = this.base64Url(JSON.stringify(header));
+    const b64Payload = this.base64Url(JSON.stringify(finalPayload));
+    const signingInput = `${b64Header}.${b64Payload}`;
+    
+    // 4. Sign
+    const sign = crypto.createSign('SHA256');
+    sign.update(signingInput);
+    // sign.end() is not required/available in quick-crypto as it doesn't strictly follow stream interface
+    
+    // Import private key back from JWK to sign
+    // The keyPair.privateKey is a JsonWebKey object because we exported it earlier.
+    // quick-crypto createPrivateKey expects jwk object if format is jwk
+    const privateKeyObj = crypto.createPrivateKey({ key: keyPair.privateKey as any, format: 'jwk' });
+    const signature = sign.sign(privateKeyObj); 
+    // signature is a Buffer in quick-crypto
+    
+    return `${signingInput}.${this.base64UrlBuffer(signature)}`;
+  }
+
+  async hashAccessToken(accessToken: string): Promise<string> {
+    const hash = crypto.createHash('sha256').update(accessToken).digest();
+    // digest returns Buffer in quick-crypto
+    return this.base64UrlBuffer(hash);
+  }
+
+  // --- Helpers ---
+  private base64Url(str: string): string {
+      return this.base64UrlBuffer(Buffer.from(str));
+  }
+
+  private base64UrlBuffer(buf: Buffer | Uint8Array): string {
+      // Ensure we have a Buffer
+      const buffer = Buffer.isBuffer(buf) ? buf : Buffer.from(buf);
+      return buffer.toString('base64')
+        .replace(/=/g, '')
+        .replace(/\+/g, '-')
+        .replace(/\//g, '_');
+  }
+}