@fourt/sdk 1.4.1 → 1.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +174 -333
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +59 -148
- package/dist/index.d.ts +59 -148
- package/dist/index.js +174 -333
- package/dist/index.js.map +1 -1
- package/dist/types/index.d.cts +13 -1
- package/dist/types/index.d.ts +13 -1
- package/package.json +6 -6
- package/dist/index-Cy_WMhHm.d.cts +0 -19
- package/dist/index-Cy_WMhHm.d.ts +0 -19
package/dist/index.cjs
CHANGED
|
@@ -34,168 +34,38 @@ __export(index_exports, {
|
|
|
34
34
|
});
|
|
35
35
|
module.exports = __toCommonJS(index_exports);
|
|
36
36
|
|
|
37
|
-
// src/
|
|
38
|
-
var
|
|
39
|
-
var import_middleware = require("zustand/middleware");
|
|
40
|
-
var SessionStore = class {
|
|
41
|
-
_store;
|
|
42
|
-
constructor() {
|
|
43
|
-
this._store = (0, import_zustand.createStore)()(
|
|
44
|
-
(0, import_middleware.persist)(this._getInitialState, {
|
|
45
|
-
name: "fourt-session",
|
|
46
|
-
storage: (0, import_middleware.createJSONStorage)(() => localStorage),
|
|
47
|
-
// persist only these in localStorage
|
|
48
|
-
partialize: (state) => ({
|
|
49
|
-
bundle: state.bundle,
|
|
50
|
-
type: state.type,
|
|
51
|
-
otpId: state.otpId
|
|
52
|
-
})
|
|
53
|
-
})
|
|
54
|
-
);
|
|
55
|
-
}
|
|
56
|
-
get type() {
|
|
57
|
-
return this._store.getState().type;
|
|
58
|
-
}
|
|
59
|
-
set type(type) {
|
|
60
|
-
this._store.setState({ type });
|
|
61
|
-
}
|
|
62
|
-
get token() {
|
|
63
|
-
return this._store.getState().token;
|
|
64
|
-
}
|
|
65
|
-
set token(token) {
|
|
66
|
-
this._store.setState({ token });
|
|
67
|
-
}
|
|
68
|
-
get csrfToken() {
|
|
69
|
-
return this._store.getState().csrfToken;
|
|
70
|
-
}
|
|
71
|
-
set csrfToken(csrfToken) {
|
|
72
|
-
this._store.setState({ csrfToken });
|
|
73
|
-
}
|
|
74
|
-
get bundle() {
|
|
75
|
-
return this._store.getState().bundle;
|
|
76
|
-
}
|
|
77
|
-
set bundle(bundle) {
|
|
78
|
-
this._store.setState({ bundle });
|
|
79
|
-
}
|
|
80
|
-
get user() {
|
|
81
|
-
return this._store.getState().user;
|
|
82
|
-
}
|
|
83
|
-
set user(user) {
|
|
84
|
-
this._store.setState({ ...this._store.getState(), user });
|
|
85
|
-
}
|
|
86
|
-
get otpId() {
|
|
87
|
-
return this._store.getState().otpId;
|
|
88
|
-
}
|
|
89
|
-
set otpId(otpId) {
|
|
90
|
-
this._store.setState({ otpId });
|
|
91
|
-
}
|
|
92
|
-
clearUser() {
|
|
93
|
-
this._store.setState({ ...this._store.getState(), user: void 0 });
|
|
94
|
-
}
|
|
95
|
-
clearBundle() {
|
|
96
|
-
this._store.setState({ ...this._store.getState(), bundle: void 0 });
|
|
97
|
-
}
|
|
98
|
-
clearType() {
|
|
99
|
-
this._store.setState({ ...this._store.getState(), type: void 0 });
|
|
100
|
-
}
|
|
101
|
-
clearToken() {
|
|
102
|
-
this._store.setState({ ...this._store.getState(), token: void 0 });
|
|
103
|
-
}
|
|
104
|
-
clearOtpId() {
|
|
105
|
-
this._store.setState({ ...this._store.getState(), otpId: void 0 });
|
|
106
|
-
}
|
|
107
|
-
clearAll() {
|
|
108
|
-
this.clearToken();
|
|
109
|
-
this.clearUser();
|
|
110
|
-
this.clearBundle();
|
|
111
|
-
this.clearType();
|
|
112
|
-
this.clearOtpId();
|
|
113
|
-
}
|
|
114
|
-
_getInitialState() {
|
|
115
|
-
return {
|
|
116
|
-
type: void 0,
|
|
117
|
-
user: void 0,
|
|
118
|
-
bundle: void 0,
|
|
119
|
-
token: void 0,
|
|
120
|
-
csrfToken: void 0,
|
|
121
|
-
otpId: void 0
|
|
122
|
-
};
|
|
123
|
-
}
|
|
124
|
-
};
|
|
125
|
-
|
|
126
|
-
// src/modules/auth/email/magicLink.ts
|
|
127
|
-
var MagicLinkModule = class {
|
|
37
|
+
// src/modules/auth/email.ts
|
|
38
|
+
var EmailModule = class {
|
|
128
39
|
constructor(_webSignerClient) {
|
|
129
40
|
this._webSignerClient = _webSignerClient;
|
|
130
41
|
}
|
|
131
42
|
/**
|
|
132
|
-
*
|
|
43
|
+
* Initialize user authentication process using email.
|
|
133
44
|
*
|
|
134
|
-
* @param params {
|
|
135
|
-
* @returns {Promise<void>} promise that
|
|
45
|
+
* @param params {InitEmailAuthParams} params to initialize the user authentication process.
|
|
46
|
+
* @returns {Promise<void>} promise that resolves when the initialization is complete.
|
|
136
47
|
*/
|
|
137
|
-
async
|
|
138
|
-
return this._webSignerClient.
|
|
139
|
-
...params,
|
|
140
|
-
sessionType: "email" /* Email */
|
|
141
|
-
});
|
|
142
|
-
}
|
|
143
|
-
};
|
|
144
|
-
|
|
145
|
-
// src/modules/auth/email/otp.ts
|
|
146
|
-
var OtpModule = class {
|
|
147
|
-
constructor(_webSignerClient) {
|
|
148
|
-
this._webSignerClient = _webSignerClient;
|
|
48
|
+
async initialize(params) {
|
|
49
|
+
return this._webSignerClient.initEmailAuth(params);
|
|
149
50
|
}
|
|
150
51
|
/**
|
|
151
|
-
* Completes authentication with OTP code
|
|
52
|
+
* Completes email authentication with OTP code.
|
|
152
53
|
*
|
|
153
|
-
* @param params {
|
|
54
|
+
* @param params {CompleteEmailAuthParams} params to complete the authentication process.
|
|
154
55
|
* @returns {Promise<void>} promise that completes the authentication process.
|
|
155
56
|
*/
|
|
156
57
|
async complete(params) {
|
|
157
|
-
|
|
158
|
-
return this._webSignerClient.completeAuthWithBundle({
|
|
159
|
-
bundle,
|
|
160
|
-
subOrgId,
|
|
161
|
-
sessionType: "email" /* Email */
|
|
162
|
-
});
|
|
163
|
-
}
|
|
164
|
-
};
|
|
165
|
-
|
|
166
|
-
// src/modules/auth/email.ts
|
|
167
|
-
var EmailModule = class {
|
|
168
|
-
constructor(_webSignerClient) {
|
|
169
|
-
this._webSignerClient = _webSignerClient;
|
|
170
|
-
this._magicLinkModule = new MagicLinkModule(this._webSignerClient);
|
|
171
|
-
this._otpModule = new OtpModule(this._webSignerClient);
|
|
172
|
-
}
|
|
173
|
-
_magicLinkModule;
|
|
174
|
-
_otpModule;
|
|
175
|
-
/**
|
|
176
|
-
* Initialize user authentication process using email.
|
|
177
|
-
*
|
|
178
|
-
* @param params {EmailInitializeAuthParams} params to initialize the user authentication process.
|
|
179
|
-
* @returns {Promise<void>} promise that resolves to the result of the authentication process.
|
|
180
|
-
*/
|
|
181
|
-
async initialize(params) {
|
|
182
|
-
return this._webSignerClient.emailAuth(params);
|
|
58
|
+
await this._webSignerClient.completeEmailAuth(params);
|
|
183
59
|
}
|
|
184
60
|
/**
|
|
185
61
|
* Get the email authentication method of the app, that was chosen in fourt.io dashboard.
|
|
186
62
|
* It can be either `magiclink` or `otp`.
|
|
187
63
|
*
|
|
188
|
-
* @returns {Promise<
|
|
64
|
+
* @returns {Promise<'otp' | 'magiclink'>} promise that resolves to the email authentication method.
|
|
189
65
|
*/
|
|
190
66
|
async getAuthMethod() {
|
|
191
67
|
return this._webSignerClient.getEmailAuthMethod();
|
|
192
68
|
}
|
|
193
|
-
get magicLink() {
|
|
194
|
-
return this._magicLinkModule;
|
|
195
|
-
}
|
|
196
|
-
get otp() {
|
|
197
|
-
return this._otpModule;
|
|
198
|
-
}
|
|
199
69
|
};
|
|
200
70
|
|
|
201
71
|
// src/modules/auth/passkeys.ts
|
|
@@ -206,10 +76,10 @@ var PasskeysModule = class {
|
|
|
206
76
|
/**
|
|
207
77
|
* Signs in a user using Passkeys.
|
|
208
78
|
*
|
|
209
|
-
* @param params {
|
|
79
|
+
* @param params {WebAuthnSignInParams} params for the sign-in process.
|
|
210
80
|
*/
|
|
211
81
|
async signIn(params) {
|
|
212
|
-
return this._webSignerClient.
|
|
82
|
+
return this._webSignerClient.webAuthnSignIn(params);
|
|
213
83
|
}
|
|
214
84
|
};
|
|
215
85
|
|
|
@@ -253,11 +123,8 @@ var GoogleModule = class {
|
|
|
253
123
|
constructor(_webSignerClient) {
|
|
254
124
|
this._webSignerClient = _webSignerClient;
|
|
255
125
|
}
|
|
256
|
-
/**
|
|
257
|
-
*
|
|
258
|
-
* @returns
|
|
259
|
-
*/
|
|
260
126
|
async init() {
|
|
127
|
+
await this._webSignerClient.resetKeyPair();
|
|
261
128
|
const initUrl = await this._webSignerClient.getOAuthInitUrl("google");
|
|
262
129
|
const url = new URL(initUrl);
|
|
263
130
|
const internalUrl = new URL(
|
|
@@ -265,7 +132,7 @@ var GoogleModule = class {
|
|
|
265
132
|
this._webSignerClient.configuration.apiUrl
|
|
266
133
|
).href;
|
|
267
134
|
url.searchParams.set("redirect_uri", internalUrl);
|
|
268
|
-
const publicKey = await this._webSignerClient.
|
|
135
|
+
const publicKey = await this._webSignerClient.getPublicKey();
|
|
269
136
|
const nonce = await LibSha256.sha256Hex(publicKey);
|
|
270
137
|
url.searchParams.set("nonce", nonce);
|
|
271
138
|
const state = new jose.UnsecuredJWT({
|
|
@@ -295,7 +162,8 @@ var FacebookModule = class {
|
|
|
295
162
|
this._webSignerClient = _webSignerClient;
|
|
296
163
|
}
|
|
297
164
|
async init() {
|
|
298
|
-
|
|
165
|
+
await this._webSignerClient.resetKeyPair();
|
|
166
|
+
const publicKey = await this._webSignerClient.getPublicKey();
|
|
299
167
|
const internalUrl = new URL(
|
|
300
168
|
"v1/oauth/facebook",
|
|
301
169
|
this._webSignerClient.configuration.apiUrl
|
|
@@ -333,11 +201,8 @@ var AppleModule = class {
|
|
|
333
201
|
constructor(_webSignerClient) {
|
|
334
202
|
this._webSignerClient = _webSignerClient;
|
|
335
203
|
}
|
|
336
|
-
/**
|
|
337
|
-
*
|
|
338
|
-
* @returns
|
|
339
|
-
*/
|
|
340
204
|
async init() {
|
|
205
|
+
await this._webSignerClient.resetKeyPair();
|
|
341
206
|
const initUrl = await this._webSignerClient.getOAuthInitUrl("apple");
|
|
342
207
|
const url = new URL(initUrl);
|
|
343
208
|
const internalUrl = new URL(
|
|
@@ -345,7 +210,7 @@ var AppleModule = class {
|
|
|
345
210
|
this._webSignerClient.configuration.apiUrl
|
|
346
211
|
).href;
|
|
347
212
|
url.searchParams.set("redirect_uri", internalUrl);
|
|
348
|
-
const publicKey = await this._webSignerClient.
|
|
213
|
+
const publicKey = await this._webSignerClient.getPublicKey();
|
|
349
214
|
const nonce = await LibSha256.sha256Hex(publicKey);
|
|
350
215
|
url.searchParams.set("nonce", nonce);
|
|
351
216
|
const state = new jose3.UnsecuredJWT({
|
|
@@ -380,12 +245,7 @@ var OAuthModule = class {
|
|
|
380
245
|
get apple() {
|
|
381
246
|
return this._appleModule;
|
|
382
247
|
}
|
|
383
|
-
async complete({
|
|
384
|
-
await this._webSignerClient.completeAuthWithBundle({
|
|
385
|
-
bundle,
|
|
386
|
-
subOrgId,
|
|
387
|
-
sessionType: "oauth" /* OAuth */
|
|
388
|
-
});
|
|
248
|
+
async complete({ subOrgId }) {
|
|
389
249
|
}
|
|
390
250
|
};
|
|
391
251
|
|
|
@@ -462,7 +322,6 @@ var UserModule = class {
|
|
|
462
322
|
|
|
463
323
|
// src/signer/web.ts
|
|
464
324
|
var import_http2 = require("@turnkey/http");
|
|
465
|
-
var import_iframe_stamper = require("@turnkey/iframe-stamper");
|
|
466
325
|
var import_webauthn_stamper = require("@turnkey/webauthn-stamper");
|
|
467
326
|
|
|
468
327
|
// src/lib/base64.ts
|
|
@@ -507,6 +366,98 @@ var LibBytes = class {
|
|
|
507
366
|
};
|
|
508
367
|
};
|
|
509
368
|
|
|
369
|
+
// src/session/index.ts
|
|
370
|
+
var import_zustand = require("zustand");
|
|
371
|
+
var import_middleware = require("zustand/middleware");
|
|
372
|
+
var SessionStore = class {
|
|
373
|
+
_store;
|
|
374
|
+
constructor() {
|
|
375
|
+
this._store = (0, import_zustand.createStore)()(
|
|
376
|
+
(0, import_middleware.persist)(this._getInitialState, {
|
|
377
|
+
name: "fourt-session",
|
|
378
|
+
storage: (0, import_middleware.createJSONStorage)(() => localStorage),
|
|
379
|
+
// persist only these in localStorage
|
|
380
|
+
partialize: (state) => ({
|
|
381
|
+
bundle: state.bundle,
|
|
382
|
+
type: state.type,
|
|
383
|
+
otpId: state.otpId
|
|
384
|
+
})
|
|
385
|
+
})
|
|
386
|
+
);
|
|
387
|
+
}
|
|
388
|
+
get type() {
|
|
389
|
+
return this._store.getState().type;
|
|
390
|
+
}
|
|
391
|
+
set type(type) {
|
|
392
|
+
this._store.setState({ type });
|
|
393
|
+
}
|
|
394
|
+
get token() {
|
|
395
|
+
return this._store.getState().token;
|
|
396
|
+
}
|
|
397
|
+
set token(token) {
|
|
398
|
+
this._store.setState({ token });
|
|
399
|
+
}
|
|
400
|
+
get csrfToken() {
|
|
401
|
+
return this._store.getState().csrfToken;
|
|
402
|
+
}
|
|
403
|
+
set csrfToken(csrfToken) {
|
|
404
|
+
this._store.setState({ csrfToken });
|
|
405
|
+
}
|
|
406
|
+
get bundle() {
|
|
407
|
+
return this._store.getState().bundle;
|
|
408
|
+
}
|
|
409
|
+
set bundle(bundle) {
|
|
410
|
+
this._store.setState({ bundle });
|
|
411
|
+
}
|
|
412
|
+
get user() {
|
|
413
|
+
return this._store.getState().user;
|
|
414
|
+
}
|
|
415
|
+
set user(user) {
|
|
416
|
+
this._store.setState({ ...this._store.getState(), user });
|
|
417
|
+
}
|
|
418
|
+
get otpId() {
|
|
419
|
+
return this._store.getState().otpId;
|
|
420
|
+
}
|
|
421
|
+
set otpId(otpId) {
|
|
422
|
+
this._store.setState({ otpId });
|
|
423
|
+
}
|
|
424
|
+
clearUser() {
|
|
425
|
+
this._store.setState({ ...this._store.getState(), user: void 0 });
|
|
426
|
+
}
|
|
427
|
+
clearBundle() {
|
|
428
|
+
this._store.setState({ ...this._store.getState(), bundle: void 0 });
|
|
429
|
+
}
|
|
430
|
+
clearType() {
|
|
431
|
+
this._store.setState({ ...this._store.getState(), type: void 0 });
|
|
432
|
+
}
|
|
433
|
+
clearToken() {
|
|
434
|
+
this._store.setState({ ...this._store.getState(), token: void 0 });
|
|
435
|
+
}
|
|
436
|
+
clearCsrfToken() {
|
|
437
|
+
this._store.setState({ ...this._store.getState(), csrfToken: void 0 });
|
|
438
|
+
}
|
|
439
|
+
clearOtpId() {
|
|
440
|
+
this._store.setState({ ...this._store.getState(), otpId: void 0 });
|
|
441
|
+
}
|
|
442
|
+
clearAll() {
|
|
443
|
+
this.clearToken();
|
|
444
|
+
this.clearUser();
|
|
445
|
+
this.clearBundle();
|
|
446
|
+
this.clearType();
|
|
447
|
+
this.clearOtpId();
|
|
448
|
+
}
|
|
449
|
+
_getInitialState() {
|
|
450
|
+
return {
|
|
451
|
+
type: void 0,
|
|
452
|
+
user: void 0,
|
|
453
|
+
bundle: void 0,
|
|
454
|
+
token: void 0,
|
|
455
|
+
csrfToken: void 0,
|
|
456
|
+
otpId: void 0
|
|
457
|
+
};
|
|
458
|
+
}
|
|
459
|
+
};
|
|
460
|
+
|
|
510
461
|
// src/signer/index.ts
|
|
511
462
|
var import_http = require("@turnkey/http");
|
|
512
463
|
|
|
@@ -666,7 +617,7 @@ var SignerClient = class {
|
|
|
666
617
|
throw error;
|
|
667
618
|
}
|
|
668
619
|
}
|
|
669
|
-
async
|
|
620
|
+
async signIn(subOrgId) {
|
|
670
621
|
const orgId = subOrgId || this._sessionStore.user?.subOrgId;
|
|
671
622
|
if (!orgId) throw new BadRequestError("No orgId provided");
|
|
672
623
|
const stampedRequest = await this._turnkeyClient.stampGetWhoami({
|
|
@@ -695,7 +646,8 @@ var SignerClient = class {
|
|
|
695
646
|
this._scheduleRefresh(token);
|
|
696
647
|
}
|
|
697
648
|
async request(route, method, body) {
|
|
698
|
-
const url = new URL(
|
|
649
|
+
const url = new URL(this._configuration.apiUrl);
|
|
650
|
+
url.pathname = url.pathname + route;
|
|
699
651
|
const token = this._sessionStore.token;
|
|
700
652
|
const csrfToken = this._sessionStore.csrfToken;
|
|
701
653
|
const headers = {
|
|
@@ -785,7 +737,9 @@ var SignerClient = class {
|
|
|
785
737
|
} catch (error) {
|
|
786
738
|
if (error instanceof UnauthorizedError) {
|
|
787
739
|
try {
|
|
788
|
-
this._sessionStore.
|
|
740
|
+
this._sessionStore.clearToken();
|
|
741
|
+
this._sessionStore.clearCsrfToken();
|
|
742
|
+
this._sessionStore.clearUser();
|
|
789
743
|
} catch {
|
|
790
744
|
}
|
|
791
745
|
throw error;
|
|
@@ -820,10 +774,10 @@ var SignerClient = class {
|
|
|
820
774
|
};
|
|
821
775
|
|
|
822
776
|
// src/signer/web.ts
|
|
777
|
+
var import_indexed_db_stamper = require("@turnkey/indexed-db-stamper");
|
|
823
778
|
var WebSignerClient = class extends SignerClient {
|
|
824
|
-
|
|
779
|
+
indexedDbStamper;
|
|
825
780
|
webauthnStamper;
|
|
826
|
-
iframeConfig;
|
|
827
781
|
oauthConfiguration;
|
|
828
782
|
/**
|
|
829
783
|
* Initializes a new instance of the `WebSignerClient` class.
|
|
@@ -833,44 +787,20 @@ var WebSignerClient = class extends SignerClient {
|
|
|
833
787
|
constructor({
|
|
834
788
|
configuration,
|
|
835
789
|
webauthn,
|
|
836
|
-
iframe,
|
|
837
790
|
oauth
|
|
838
791
|
}) {
|
|
839
|
-
const
|
|
840
|
-
iframeElementId: iframe?.iframeElementId ?? "turnkey-iframe",
|
|
841
|
-
iframeContainerId: iframe?.iframeContainerId ?? "signer-iframe-container"
|
|
842
|
-
};
|
|
843
|
-
const iframeContainer = document.createElement("div");
|
|
844
|
-
iframeContainer.id = iframeConfig.iframeContainerId;
|
|
845
|
-
iframeContainer.style.display = "none";
|
|
846
|
-
document.body.appendChild(iframeContainer);
|
|
847
|
-
const iframeStamper = new import_iframe_stamper.IframeStamper({
|
|
848
|
-
iframeUrl: "https://auth.turnkey.com",
|
|
849
|
-
iframeElementId: iframeConfig.iframeElementId,
|
|
850
|
-
iframeContainer: document.getElementById(iframeConfig.iframeContainerId)
|
|
851
|
-
});
|
|
792
|
+
const indexedDbStamper = new import_indexed_db_stamper.IndexedDbStamper();
|
|
852
793
|
super({
|
|
853
|
-
stamper:
|
|
854
|
-
// Initialized to iframeStamper; can be either webauthnStamper or iframeStamper
|
|
794
|
+
stamper: indexedDbStamper,
|
|
855
795
|
configuration
|
|
856
796
|
});
|
|
857
|
-
this.
|
|
858
|
-
this.iframeConfig = iframeConfig;
|
|
797
|
+
this.indexedDbStamper = indexedDbStamper;
|
|
859
798
|
this.webauthnStamper = new import_webauthn_stamper.WebauthnStamper({ rpId: webauthn.rpId });
|
|
860
799
|
this.oauthConfiguration = oauth;
|
|
861
800
|
}
|
|
862
801
|
async logout() {
|
|
863
802
|
super.logout();
|
|
864
|
-
this.
|
|
865
|
-
const stamper = new import_iframe_stamper.IframeStamper({
|
|
866
|
-
iframeUrl: "https://auth.turnkey.com",
|
|
867
|
-
iframeElementId: this.iframeConfig.iframeElementId,
|
|
868
|
-
iframeContainer: document.getElementById(
|
|
869
|
-
this.iframeConfig.iframeContainerId
|
|
870
|
-
)
|
|
871
|
-
});
|
|
872
|
-
this.iframeStamper = stamper;
|
|
873
|
-
await this._initIframeStamper();
|
|
803
|
+
this.indexedDbStamper.clear();
|
|
874
804
|
}
|
|
875
805
|
async signRawMessage(msg) {
|
|
876
806
|
await this._updateStamper();
|
|
@@ -890,15 +820,15 @@ var WebSignerClient = class extends SignerClient {
|
|
|
890
820
|
/**
|
|
891
821
|
* Signs in a user with webauthn.
|
|
892
822
|
*
|
|
893
|
-
* @param {
|
|
823
|
+
* @param {WebAuthnSignInParams} params params for the sign in
|
|
894
824
|
*/
|
|
895
|
-
async
|
|
825
|
+
async webAuthnSignIn({ email }) {
|
|
896
826
|
const existingUserSubOrgId = await this.lookUpUser(email);
|
|
897
827
|
if (!existingUserSubOrgId) {
|
|
898
|
-
await this.
|
|
828
|
+
await this._createWebAuthnAccount({ email });
|
|
899
829
|
} else {
|
|
900
830
|
this.stamper = this.webauthnStamper;
|
|
901
|
-
await this.
|
|
831
|
+
await this.signIn(existingUserSubOrgId);
|
|
902
832
|
this._sessionStore.type = "passkeys" /* Passkeys */;
|
|
903
833
|
if (!this._sessionStore.user || !this._sessionStore.user.credentialId) {
|
|
904
834
|
return;
|
|
@@ -915,127 +845,67 @@ var WebSignerClient = class extends SignerClient {
|
|
|
915
845
|
/**
|
|
916
846
|
* Handles auth user process with email according to the method of the used app.
|
|
917
847
|
*
|
|
918
|
-
* @param {
|
|
848
|
+
* @param {InitEmailAuthParams} params params needed for the initialization of the auth process
|
|
919
849
|
*/
|
|
920
|
-
async
|
|
921
|
-
|
|
922
|
-
|
|
923
|
-
|
|
924
|
-
|
|
925
|
-
await this._createAccount({ method: "email", ...params });
|
|
926
|
-
} else {
|
|
927
|
-
await this._initMagicLinkAuth(params);
|
|
928
|
-
}
|
|
929
|
-
} else if (method === "otp") {
|
|
930
|
-
const { otpId } = await this._initOtpAuth({ email: params.email });
|
|
931
|
-
if (!otpId) throw new NotFoundError("No OTP init response returned.");
|
|
932
|
-
this._sessionStore.otpId = otpId;
|
|
933
|
-
} else {
|
|
934
|
-
throw new Error("Invalid email authentication method.");
|
|
935
|
-
}
|
|
936
|
-
return { method };
|
|
850
|
+
async initEmailAuth(params) {
|
|
851
|
+
await this.indexedDbStamper.resetKeyPair();
|
|
852
|
+
const { otpId } = await this._initEmailAuth(params);
|
|
853
|
+
if (!otpId) throw new NotFoundError("No OTP init response returned.");
|
|
854
|
+
this._sessionStore.otpId = otpId;
|
|
937
855
|
}
|
|
938
|
-
async
|
|
939
|
-
|
|
856
|
+
async getPublicKey() {
|
|
857
|
+
await this._initIndexedDbStamper();
|
|
858
|
+
return this.indexedDbStamper.getPublicKey();
|
|
859
|
+
}
|
|
860
|
+
async resetKeyPair() {
|
|
861
|
+
await this._initIndexedDbStamper();
|
|
862
|
+
await this.indexedDbStamper.resetKeyPair();
|
|
940
863
|
}
|
|
941
864
|
/**
|
|
942
865
|
* Verifies the provided otp code.
|
|
943
866
|
*
|
|
944
|
-
* @param {
|
|
867
|
+
* @param {CompleteEmailAuthParams} params params needed for otp code verification
|
|
945
868
|
*/
|
|
946
|
-
async
|
|
947
|
-
|
|
948
|
-
|
|
949
|
-
"
|
|
950
|
-
|
|
951
|
-
|
|
952
|
-
|
|
953
|
-
|
|
954
|
-
|
|
955
|
-
|
|
956
|
-
);
|
|
957
|
-
if (!credentialBundle || !subOrgId)
|
|
869
|
+
async completeEmailAuth(params) {
|
|
870
|
+
await this._initIndexedDbStamper();
|
|
871
|
+
if (!this._sessionStore.otpId)
|
|
872
|
+
throw new NotFoundError("No OTP ID found in session store.");
|
|
873
|
+
const { subOrgId } = await this.request("/v1/email/complete", "POST", {
|
|
874
|
+
otpId: this._sessionStore.otpId,
|
|
875
|
+
otpCode: params.otpCode,
|
|
876
|
+
publicKey: await this.getPublicKey()
|
|
877
|
+
});
|
|
878
|
+
if (!subOrgId)
|
|
958
879
|
throw new NotFoundError("No OTP authentication response returned.");
|
|
959
|
-
|
|
960
|
-
|
|
961
|
-
|
|
962
|
-
};
|
|
880
|
+
await this.signIn(subOrgId);
|
|
881
|
+
this._sessionStore.type = "email" /* Email */;
|
|
882
|
+
this._sessionStore.clearOtpId();
|
|
963
883
|
}
|
|
964
884
|
/**
|
|
965
885
|
* Gets the email authentication method of the app.
|
|
966
886
|
*/
|
|
967
887
|
async getEmailAuthMethod() {
|
|
968
|
-
const { method } = await this.request("/v1/email
|
|
888
|
+
const { method } = await this.request("/v1/email/method", "GET");
|
|
969
889
|
return method;
|
|
970
890
|
}
|
|
971
|
-
/**
|
|
972
|
-
* Starts email authentication process via otp.
|
|
973
|
-
*/
|
|
974
|
-
async _initOtpAuth(params) {
|
|
975
|
-
return this.request("/v1/otp-auth", "POST", { email: params.email });
|
|
976
|
-
}
|
|
977
|
-
/**
|
|
978
|
-
* Completes the authentication process with a credential bundle.
|
|
979
|
-
*
|
|
980
|
-
* @param {CompleteAuthWithBundleParams} params params for the completion of the auth process
|
|
981
|
-
*/
|
|
982
|
-
async completeAuthWithBundle({
|
|
983
|
-
bundle,
|
|
984
|
-
subOrgId,
|
|
985
|
-
sessionType
|
|
986
|
-
}) {
|
|
987
|
-
await this._initIframeStamper();
|
|
988
|
-
const result = await this.iframeStamper.injectCredentialBundle(bundle);
|
|
989
|
-
if (!result) {
|
|
990
|
-
throw new Error("Failed to inject credential bundle");
|
|
991
|
-
}
|
|
992
|
-
await this.whoAmI(subOrgId);
|
|
993
|
-
this._sessionStore.type = sessionType;
|
|
994
|
-
this._sessionStore.bundle = bundle;
|
|
995
|
-
}
|
|
996
891
|
/**
|
|
997
892
|
* Checks for an existing session and if exists, updates the stamper accordingly.
|
|
998
893
|
*/
|
|
999
894
|
async _updateStamper() {
|
|
1000
|
-
if (this._sessionStore.type === void 0 &&
|
|
895
|
+
if (this._sessionStore.type === void 0 && this._sessionStore.token === void 0)
|
|
1001
896
|
return;
|
|
1002
897
|
if (this._sessionStore.type === "passkeys" /* Passkeys */) {
|
|
1003
898
|
this.stamper = this.webauthnStamper;
|
|
1004
899
|
} else {
|
|
1005
|
-
this.stamper = this.
|
|
1006
|
-
await this.completeAuthWithBundle({
|
|
1007
|
-
bundle: this._sessionStore.bundle,
|
|
1008
|
-
subOrgId: this._sessionStore.user?.subOrgId,
|
|
1009
|
-
sessionType: this._sessionStore.type
|
|
1010
|
-
});
|
|
1011
|
-
}
|
|
1012
|
-
}
|
|
1013
|
-
/**
|
|
1014
|
-
* Init authentication with magic link email.
|
|
1015
|
-
*
|
|
1016
|
-
* @param {EmailInitializeAuthParams} params params for the sign in
|
|
1017
|
-
*/
|
|
1018
|
-
async _initMagicLinkAuth({
|
|
1019
|
-
email,
|
|
1020
|
-
expirationSeconds,
|
|
1021
|
-
redirectUrl
|
|
1022
|
-
}) {
|
|
1023
|
-
if (!redirectUrl) {
|
|
1024
|
-
throw new Error("redirectUrl is required for magic link authentication.");
|
|
900
|
+
this.stamper = this.indexedDbStamper;
|
|
1025
901
|
}
|
|
1026
|
-
return this.request("/v1/email-auth", "POST", {
|
|
1027
|
-
email,
|
|
1028
|
-
targetPublicKey: await this.getIframePublicKey(),
|
|
1029
|
-
expirationSeconds,
|
|
1030
|
-
redirectUrl: redirectUrl.toString()
|
|
1031
|
-
});
|
|
1032
902
|
}
|
|
1033
903
|
/**
|
|
1034
904
|
* Creates a passkey account using the webauthn stamper.
|
|
1035
905
|
*
|
|
1036
|
-
* @param {
|
|
906
|
+
* @param {WebAuthnSignInParams} params params for the creation of the account
|
|
1037
907
|
*/
|
|
1038
|
-
async
|
|
908
|
+
async _createWebAuthnAccount(params) {
|
|
1039
909
|
const { challenge, attestation } = await this._webauthnGenerateAttestation(
|
|
1040
910
|
params.email
|
|
1041
911
|
);
|
|
@@ -1043,11 +913,9 @@ var WebSignerClient = class extends SignerClient {
|
|
|
1043
913
|
"/v1/signup",
|
|
1044
914
|
"POST",
|
|
1045
915
|
{
|
|
1046
|
-
|
|
1047
|
-
|
|
1048
|
-
|
|
1049
|
-
},
|
|
1050
|
-
email: params.email
|
|
916
|
+
email: params.email,
|
|
917
|
+
challenge: LibBase64.fromBuffer(challenge),
|
|
918
|
+
attestation
|
|
1051
919
|
}
|
|
1052
920
|
);
|
|
1053
921
|
this._sessionStore.user = {
|
|
@@ -1060,42 +928,17 @@ var WebSignerClient = class extends SignerClient {
|
|
|
1060
928
|
this._scheduleRefresh(token);
|
|
1061
929
|
}
|
|
1062
930
|
/**
|
|
1063
|
-
*
|
|
931
|
+
* Init account creation with email.
|
|
1064
932
|
*
|
|
1065
|
-
* @param {
|
|
933
|
+
* @param {InitEmailAuthParams} params params for the creation of the account
|
|
1066
934
|
*/
|
|
1067
|
-
async
|
|
1068
|
-
const
|
|
1069
|
-
|
|
1070
|
-
|
|
1071
|
-
}
|
|
1072
|
-
const response = await this.request("/v1/signup", "POST", {
|
|
1073
|
-
email,
|
|
1074
|
-
iframe: {
|
|
1075
|
-
targetPublicKey: await this.getIframePublicKey(),
|
|
1076
|
-
expirationSeconds,
|
|
1077
|
-
redirectUrl: redirectUrl.toString()
|
|
1078
|
-
}
|
|
935
|
+
async _initEmailAuth(params) {
|
|
936
|
+
const response = await this.request("/v1/email/init", "POST", {
|
|
937
|
+
email: params.email,
|
|
938
|
+
redirectUrl: params.redirectUrl ? params.redirectUrl.toString() : void 0
|
|
1079
939
|
});
|
|
1080
940
|
return response;
|
|
1081
941
|
}
|
|
1082
|
-
/**
|
|
1083
|
-
* Handle the account creation process.
|
|
1084
|
-
*
|
|
1085
|
-
* @param {CreateAccountParams} params params to create an account
|
|
1086
|
-
*/
|
|
1087
|
-
async _createAccount(params) {
|
|
1088
|
-
switch (params.method) {
|
|
1089
|
-
case "webauthn": {
|
|
1090
|
-
await this._createWebauthnAccount(params);
|
|
1091
|
-
break;
|
|
1092
|
-
}
|
|
1093
|
-
case "email": {
|
|
1094
|
-
await this._createEmailAccount(params);
|
|
1095
|
-
break;
|
|
1096
|
-
}
|
|
1097
|
-
}
|
|
1098
|
-
}
|
|
1099
942
|
async _webauthnGenerateAttestation(email) {
|
|
1100
943
|
const challenge = LibBytes.generateRandomBuffer();
|
|
1101
944
|
const authenticatorUserId = LibBytes.generateRandomBuffer();
|
|
@@ -1130,12 +973,11 @@ var WebSignerClient = class extends SignerClient {
|
|
|
1130
973
|
});
|
|
1131
974
|
return { challenge, attestation, authenticatorUserId };
|
|
1132
975
|
}
|
|
1133
|
-
async
|
|
1134
|
-
if (!this.
|
|
1135
|
-
await this.
|
|
976
|
+
async _initIndexedDbStamper() {
|
|
977
|
+
if (!this.indexedDbStamper.getPublicKey()) {
|
|
978
|
+
await this.indexedDbStamper.init();
|
|
1136
979
|
}
|
|
1137
|
-
this.stamper = this.
|
|
1138
|
-
return this.iframeStamper.publicKey();
|
|
980
|
+
this.stamper = this.indexedDbStamper;
|
|
1139
981
|
}
|
|
1140
982
|
};
|
|
1141
983
|
|
|
@@ -1240,12 +1082,11 @@ var FourtWebSigner = class {
|
|
|
1240
1082
|
*/
|
|
1241
1083
|
constructor({
|
|
1242
1084
|
configuration,
|
|
1243
|
-
auth: { webauthn,
|
|
1085
|
+
auth: { webauthn, oauth }
|
|
1244
1086
|
}) {
|
|
1245
1087
|
this._webSignerClient = new WebSignerClient({
|
|
1246
1088
|
configuration,
|
|
1247
1089
|
webauthn,
|
|
1248
|
-
iframe,
|
|
1249
1090
|
oauth
|
|
1250
1091
|
});
|
|
1251
1092
|
this._modules = {
|