@fourt/sdk 1.4.1 → 1.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +174 -333
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +59 -148
- package/dist/index.d.ts +59 -148
- package/dist/index.js +174 -333
- package/dist/index.js.map +1 -1
- package/dist/types/index.d.cts +13 -1
- package/dist/types/index.d.ts +13 -1
- package/package.json +6 -6
- package/dist/index-Cy_WMhHm.d.cts +0 -19
- package/dist/index-Cy_WMhHm.d.ts +0 -19
package/dist/index.js
CHANGED
|
@@ -5,168 +5,38 @@ var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require
|
|
|
5
5
|
throw Error('Dynamic require of "' + x + '" is not supported');
|
|
6
6
|
});
|
|
7
7
|
|
|
8
|
-
// src/
|
|
9
|
-
|
|
10
|
-
import { persist, createJSONStorage } from "zustand/middleware";
|
|
11
|
-
var SessionStore = class {
|
|
12
|
-
_store;
|
|
13
|
-
constructor() {
|
|
14
|
-
this._store = createStore()(
|
|
15
|
-
persist(this._getInitialState, {
|
|
16
|
-
name: "fourt-session",
|
|
17
|
-
storage: createJSONStorage(() => localStorage),
|
|
18
|
-
// persist only these in localStorage
|
|
19
|
-
partialize: (state) => ({
|
|
20
|
-
bundle: state.bundle,
|
|
21
|
-
type: state.type,
|
|
22
|
-
otpId: state.otpId
|
|
23
|
-
})
|
|
24
|
-
})
|
|
25
|
-
);
|
|
26
|
-
}
|
|
27
|
-
get type() {
|
|
28
|
-
return this._store.getState().type;
|
|
29
|
-
}
|
|
30
|
-
set type(type) {
|
|
31
|
-
this._store.setState({ type });
|
|
32
|
-
}
|
|
33
|
-
get token() {
|
|
34
|
-
return this._store.getState().token;
|
|
35
|
-
}
|
|
36
|
-
set token(token) {
|
|
37
|
-
this._store.setState({ token });
|
|
38
|
-
}
|
|
39
|
-
get csrfToken() {
|
|
40
|
-
return this._store.getState().csrfToken;
|
|
41
|
-
}
|
|
42
|
-
set csrfToken(csrfToken) {
|
|
43
|
-
this._store.setState({ csrfToken });
|
|
44
|
-
}
|
|
45
|
-
get bundle() {
|
|
46
|
-
return this._store.getState().bundle;
|
|
47
|
-
}
|
|
48
|
-
set bundle(bundle) {
|
|
49
|
-
this._store.setState({ bundle });
|
|
50
|
-
}
|
|
51
|
-
get user() {
|
|
52
|
-
return this._store.getState().user;
|
|
53
|
-
}
|
|
54
|
-
set user(user) {
|
|
55
|
-
this._store.setState({ ...this._store.getState(), user });
|
|
56
|
-
}
|
|
57
|
-
get otpId() {
|
|
58
|
-
return this._store.getState().otpId;
|
|
59
|
-
}
|
|
60
|
-
set otpId(otpId) {
|
|
61
|
-
this._store.setState({ otpId });
|
|
62
|
-
}
|
|
63
|
-
clearUser() {
|
|
64
|
-
this._store.setState({ ...this._store.getState(), user: void 0 });
|
|
65
|
-
}
|
|
66
|
-
clearBundle() {
|
|
67
|
-
this._store.setState({ ...this._store.getState(), bundle: void 0 });
|
|
68
|
-
}
|
|
69
|
-
clearType() {
|
|
70
|
-
this._store.setState({ ...this._store.getState(), type: void 0 });
|
|
71
|
-
}
|
|
72
|
-
clearToken() {
|
|
73
|
-
this._store.setState({ ...this._store.getState(), token: void 0 });
|
|
74
|
-
}
|
|
75
|
-
clearOtpId() {
|
|
76
|
-
this._store.setState({ ...this._store.getState(), otpId: void 0 });
|
|
77
|
-
}
|
|
78
|
-
clearAll() {
|
|
79
|
-
this.clearToken();
|
|
80
|
-
this.clearUser();
|
|
81
|
-
this.clearBundle();
|
|
82
|
-
this.clearType();
|
|
83
|
-
this.clearOtpId();
|
|
84
|
-
}
|
|
85
|
-
_getInitialState() {
|
|
86
|
-
return {
|
|
87
|
-
type: void 0,
|
|
88
|
-
user: void 0,
|
|
89
|
-
bundle: void 0,
|
|
90
|
-
token: void 0,
|
|
91
|
-
csrfToken: void 0,
|
|
92
|
-
otpId: void 0
|
|
93
|
-
};
|
|
94
|
-
}
|
|
95
|
-
};
|
|
96
|
-
|
|
97
|
-
// src/modules/auth/email/magicLink.ts
|
|
98
|
-
var MagicLinkModule = class {
|
|
8
|
+
// src/modules/auth/email.ts
|
|
9
|
+
var EmailModule = class {
|
|
99
10
|
constructor(_webSignerClient) {
|
|
100
11
|
this._webSignerClient = _webSignerClient;
|
|
101
12
|
}
|
|
102
13
|
/**
|
|
103
|
-
*
|
|
14
|
+
* Initialize user authentication process using email.
|
|
104
15
|
*
|
|
105
|
-
* @param params {
|
|
106
|
-
* @returns {Promise<void>} promise that
|
|
16
|
+
* @param params {InitEmailAuthParams} params to initialize the user authentication process.
|
|
17
|
+
* @returns {Promise<void>} promise that resolves when the initialization is complete.
|
|
107
18
|
*/
|
|
108
|
-
async
|
|
109
|
-
return this._webSignerClient.
|
|
110
|
-
...params,
|
|
111
|
-
sessionType: "email" /* Email */
|
|
112
|
-
});
|
|
113
|
-
}
|
|
114
|
-
};
|
|
115
|
-
|
|
116
|
-
// src/modules/auth/email/otp.ts
|
|
117
|
-
var OtpModule = class {
|
|
118
|
-
constructor(_webSignerClient) {
|
|
119
|
-
this._webSignerClient = _webSignerClient;
|
|
19
|
+
async initialize(params) {
|
|
20
|
+
return this._webSignerClient.initEmailAuth(params);
|
|
120
21
|
}
|
|
121
22
|
/**
|
|
122
|
-
* Completes authentication with OTP code
|
|
23
|
+
* Completes email authentication with OTP code.
|
|
123
24
|
*
|
|
124
|
-
* @param params {
|
|
25
|
+
* @param params {CompleteEmailAuthParams} params to complete the authentication process.
|
|
125
26
|
* @returns {Promise<void>} promise that completes the authentication process.
|
|
126
27
|
*/
|
|
127
28
|
async complete(params) {
|
|
128
|
-
|
|
129
|
-
return this._webSignerClient.completeAuthWithBundle({
|
|
130
|
-
bundle,
|
|
131
|
-
subOrgId,
|
|
132
|
-
sessionType: "email" /* Email */
|
|
133
|
-
});
|
|
134
|
-
}
|
|
135
|
-
};
|
|
136
|
-
|
|
137
|
-
// src/modules/auth/email.ts
|
|
138
|
-
var EmailModule = class {
|
|
139
|
-
constructor(_webSignerClient) {
|
|
140
|
-
this._webSignerClient = _webSignerClient;
|
|
141
|
-
this._magicLinkModule = new MagicLinkModule(this._webSignerClient);
|
|
142
|
-
this._otpModule = new OtpModule(this._webSignerClient);
|
|
143
|
-
}
|
|
144
|
-
_magicLinkModule;
|
|
145
|
-
_otpModule;
|
|
146
|
-
/**
|
|
147
|
-
* Initialize user authentication process using email.
|
|
148
|
-
*
|
|
149
|
-
* @param params {EmailInitializeAuthParams} params to initialize the user authentication process.
|
|
150
|
-
* @returns {Promise<void>} promise that resolves to the result of the authentication process.
|
|
151
|
-
*/
|
|
152
|
-
async initialize(params) {
|
|
153
|
-
return this._webSignerClient.emailAuth(params);
|
|
29
|
+
await this._webSignerClient.completeEmailAuth(params);
|
|
154
30
|
}
|
|
155
31
|
/**
|
|
156
32
|
* Get the email authentication method of the app, that was chosen in fourt.io dashboard.
|
|
157
33
|
* It can be either `magiclink` or `otp`.
|
|
158
34
|
*
|
|
159
|
-
* @returns {Promise<
|
|
35
|
+
* @returns {Promise<'otp' | 'magiclink'>} promise that resolves to the email authentication method.
|
|
160
36
|
*/
|
|
161
37
|
async getAuthMethod() {
|
|
162
38
|
return this._webSignerClient.getEmailAuthMethod();
|
|
163
39
|
}
|
|
164
|
-
get magicLink() {
|
|
165
|
-
return this._magicLinkModule;
|
|
166
|
-
}
|
|
167
|
-
get otp() {
|
|
168
|
-
return this._otpModule;
|
|
169
|
-
}
|
|
170
40
|
};
|
|
171
41
|
|
|
172
42
|
// src/modules/auth/passkeys.ts
|
|
@@ -177,10 +47,10 @@ var PasskeysModule = class {
|
|
|
177
47
|
/**
|
|
178
48
|
* Signs in a user using Passkeys.
|
|
179
49
|
*
|
|
180
|
-
* @param params {
|
|
50
|
+
* @param params {WebAuthnSignInParams} params for the sign-in process.
|
|
181
51
|
*/
|
|
182
52
|
async signIn(params) {
|
|
183
|
-
return this._webSignerClient.
|
|
53
|
+
return this._webSignerClient.webAuthnSignIn(params);
|
|
184
54
|
}
|
|
185
55
|
};
|
|
186
56
|
|
|
@@ -224,11 +94,8 @@ var GoogleModule = class {
|
|
|
224
94
|
constructor(_webSignerClient) {
|
|
225
95
|
this._webSignerClient = _webSignerClient;
|
|
226
96
|
}
|
|
227
|
-
/**
|
|
228
|
-
*
|
|
229
|
-
* @returns
|
|
230
|
-
*/
|
|
231
97
|
async init() {
|
|
98
|
+
await this._webSignerClient.resetKeyPair();
|
|
232
99
|
const initUrl = await this._webSignerClient.getOAuthInitUrl("google");
|
|
233
100
|
const url = new URL(initUrl);
|
|
234
101
|
const internalUrl = new URL(
|
|
@@ -236,7 +103,7 @@ var GoogleModule = class {
|
|
|
236
103
|
this._webSignerClient.configuration.apiUrl
|
|
237
104
|
).href;
|
|
238
105
|
url.searchParams.set("redirect_uri", internalUrl);
|
|
239
|
-
const publicKey = await this._webSignerClient.
|
|
106
|
+
const publicKey = await this._webSignerClient.getPublicKey();
|
|
240
107
|
const nonce = await LibSha256.sha256Hex(publicKey);
|
|
241
108
|
url.searchParams.set("nonce", nonce);
|
|
242
109
|
const state = new jose.UnsecuredJWT({
|
|
@@ -266,7 +133,8 @@ var FacebookModule = class {
|
|
|
266
133
|
this._webSignerClient = _webSignerClient;
|
|
267
134
|
}
|
|
268
135
|
async init() {
|
|
269
|
-
|
|
136
|
+
await this._webSignerClient.resetKeyPair();
|
|
137
|
+
const publicKey = await this._webSignerClient.getPublicKey();
|
|
270
138
|
const internalUrl = new URL(
|
|
271
139
|
"v1/oauth/facebook",
|
|
272
140
|
this._webSignerClient.configuration.apiUrl
|
|
@@ -304,11 +172,8 @@ var AppleModule = class {
|
|
|
304
172
|
constructor(_webSignerClient) {
|
|
305
173
|
this._webSignerClient = _webSignerClient;
|
|
306
174
|
}
|
|
307
|
-
/**
|
|
308
|
-
*
|
|
309
|
-
* @returns
|
|
310
|
-
*/
|
|
311
175
|
async init() {
|
|
176
|
+
await this._webSignerClient.resetKeyPair();
|
|
312
177
|
const initUrl = await this._webSignerClient.getOAuthInitUrl("apple");
|
|
313
178
|
const url = new URL(initUrl);
|
|
314
179
|
const internalUrl = new URL(
|
|
@@ -316,7 +181,7 @@ var AppleModule = class {
|
|
|
316
181
|
this._webSignerClient.configuration.apiUrl
|
|
317
182
|
).href;
|
|
318
183
|
url.searchParams.set("redirect_uri", internalUrl);
|
|
319
|
-
const publicKey = await this._webSignerClient.
|
|
184
|
+
const publicKey = await this._webSignerClient.getPublicKey();
|
|
320
185
|
const nonce = await LibSha256.sha256Hex(publicKey);
|
|
321
186
|
url.searchParams.set("nonce", nonce);
|
|
322
187
|
const state = new jose3.UnsecuredJWT({
|
|
@@ -351,12 +216,7 @@ var OAuthModule = class {
|
|
|
351
216
|
get apple() {
|
|
352
217
|
return this._appleModule;
|
|
353
218
|
}
|
|
354
|
-
async complete({
|
|
355
|
-
await this._webSignerClient.completeAuthWithBundle({
|
|
356
|
-
bundle,
|
|
357
|
-
subOrgId,
|
|
358
|
-
sessionType: "oauth" /* OAuth */
|
|
359
|
-
});
|
|
219
|
+
async complete({ subOrgId }) {
|
|
360
220
|
}
|
|
361
221
|
};
|
|
362
222
|
|
|
@@ -433,7 +293,6 @@ var UserModule = class {
|
|
|
433
293
|
|
|
434
294
|
// src/signer/web.ts
|
|
435
295
|
import { getWebAuthnAttestation } from "@turnkey/http";
|
|
436
|
-
import { IframeStamper } from "@turnkey/iframe-stamper";
|
|
437
296
|
import { WebauthnStamper } from "@turnkey/webauthn-stamper";
|
|
438
297
|
|
|
439
298
|
// src/lib/base64.ts
|
|
@@ -478,6 +337,98 @@ var LibBytes = class {
|
|
|
478
337
|
};
|
|
479
338
|
};
|
|
480
339
|
|
|
340
|
+
// src/session/index.ts
|
|
341
|
+
import { createStore } from "zustand";
|
|
342
|
+
import { persist, createJSONStorage } from "zustand/middleware";
|
|
343
|
+
var SessionStore = class {
|
|
344
|
+
_store;
|
|
345
|
+
constructor() {
|
|
346
|
+
this._store = createStore()(
|
|
347
|
+
persist(this._getInitialState, {
|
|
348
|
+
name: "fourt-session",
|
|
349
|
+
storage: createJSONStorage(() => localStorage),
|
|
350
|
+
// persist only these in localStorage
|
|
351
|
+
partialize: (state) => ({
|
|
352
|
+
bundle: state.bundle,
|
|
353
|
+
type: state.type,
|
|
354
|
+
otpId: state.otpId
|
|
355
|
+
})
|
|
356
|
+
})
|
|
357
|
+
);
|
|
358
|
+
}
|
|
359
|
+
get type() {
|
|
360
|
+
return this._store.getState().type;
|
|
361
|
+
}
|
|
362
|
+
set type(type) {
|
|
363
|
+
this._store.setState({ type });
|
|
364
|
+
}
|
|
365
|
+
get token() {
|
|
366
|
+
return this._store.getState().token;
|
|
367
|
+
}
|
|
368
|
+
set token(token) {
|
|
369
|
+
this._store.setState({ token });
|
|
370
|
+
}
|
|
371
|
+
get csrfToken() {
|
|
372
|
+
return this._store.getState().csrfToken;
|
|
373
|
+
}
|
|
374
|
+
set csrfToken(csrfToken) {
|
|
375
|
+
this._store.setState({ csrfToken });
|
|
376
|
+
}
|
|
377
|
+
get bundle() {
|
|
378
|
+
return this._store.getState().bundle;
|
|
379
|
+
}
|
|
380
|
+
set bundle(bundle) {
|
|
381
|
+
this._store.setState({ bundle });
|
|
382
|
+
}
|
|
383
|
+
get user() {
|
|
384
|
+
return this._store.getState().user;
|
|
385
|
+
}
|
|
386
|
+
set user(user) {
|
|
387
|
+
this._store.setState({ ...this._store.getState(), user });
|
|
388
|
+
}
|
|
389
|
+
get otpId() {
|
|
390
|
+
return this._store.getState().otpId;
|
|
391
|
+
}
|
|
392
|
+
set otpId(otpId) {
|
|
393
|
+
this._store.setState({ otpId });
|
|
394
|
+
}
|
|
395
|
+
clearUser() {
|
|
396
|
+
this._store.setState({ ...this._store.getState(), user: void 0 });
|
|
397
|
+
}
|
|
398
|
+
clearBundle() {
|
|
399
|
+
this._store.setState({ ...this._store.getState(), bundle: void 0 });
|
|
400
|
+
}
|
|
401
|
+
clearType() {
|
|
402
|
+
this._store.setState({ ...this._store.getState(), type: void 0 });
|
|
403
|
+
}
|
|
404
|
+
clearToken() {
|
|
405
|
+
this._store.setState({ ...this._store.getState(), token: void 0 });
|
|
406
|
+
}
|
|
407
|
+
clearCsrfToken() {
|
|
408
|
+
this._store.setState({ ...this._store.getState(), csrfToken: void 0 });
|
|
409
|
+
}
|
|
410
|
+
clearOtpId() {
|
|
411
|
+
this._store.setState({ ...this._store.getState(), otpId: void 0 });
|
|
412
|
+
}
|
|
413
|
+
clearAll() {
|
|
414
|
+
this.clearToken();
|
|
415
|
+
this.clearUser();
|
|
416
|
+
this.clearBundle();
|
|
417
|
+
this.clearType();
|
|
418
|
+
this.clearOtpId();
|
|
419
|
+
}
|
|
420
|
+
_getInitialState() {
|
|
421
|
+
return {
|
|
422
|
+
type: void 0,
|
|
423
|
+
user: void 0,
|
|
424
|
+
bundle: void 0,
|
|
425
|
+
token: void 0,
|
|
426
|
+
csrfToken: void 0,
|
|
427
|
+
otpId: void 0
|
|
428
|
+
};
|
|
429
|
+
}
|
|
430
|
+
};
|
|
431
|
+
|
|
481
432
|
// src/signer/index.ts
|
|
482
433
|
import { TurnkeyClient } from "@turnkey/http";
|
|
483
434
|
|
|
@@ -637,7 +588,7 @@ var SignerClient = class {
|
|
|
637
588
|
throw error;
|
|
638
589
|
}
|
|
639
590
|
}
|
|
640
|
-
async
|
|
591
|
+
async signIn(subOrgId) {
|
|
641
592
|
const orgId = subOrgId || this._sessionStore.user?.subOrgId;
|
|
642
593
|
if (!orgId) throw new BadRequestError("No orgId provided");
|
|
643
594
|
const stampedRequest = await this._turnkeyClient.stampGetWhoami({
|
|
@@ -666,7 +617,8 @@ var SignerClient = class {
|
|
|
666
617
|
this._scheduleRefresh(token);
|
|
667
618
|
}
|
|
668
619
|
async request(route, method, body) {
|
|
669
|
-
const url = new URL(
|
|
620
|
+
const url = new URL(this._configuration.apiUrl);
|
|
621
|
+
url.pathname = url.pathname + route;
|
|
670
622
|
const token = this._sessionStore.token;
|
|
671
623
|
const csrfToken = this._sessionStore.csrfToken;
|
|
672
624
|
const headers = {
|
|
@@ -756,7 +708,9 @@ var SignerClient = class {
|
|
|
756
708
|
} catch (error) {
|
|
757
709
|
if (error instanceof UnauthorizedError) {
|
|
758
710
|
try {
|
|
759
|
-
this._sessionStore.
|
|
711
|
+
this._sessionStore.clearToken();
|
|
712
|
+
this._sessionStore.clearCsrfToken();
|
|
713
|
+
this._sessionStore.clearUser();
|
|
760
714
|
} catch {
|
|
761
715
|
}
|
|
762
716
|
throw error;
|
|
@@ -791,10 +745,10 @@ var SignerClient = class {
|
|
|
791
745
|
};
|
|
792
746
|
|
|
793
747
|
// src/signer/web.ts
|
|
748
|
+
import { IndexedDbStamper } from "@turnkey/indexed-db-stamper";
|
|
794
749
|
var WebSignerClient = class extends SignerClient {
|
|
795
|
-
|
|
750
|
+
indexedDbStamper;
|
|
796
751
|
webauthnStamper;
|
|
797
|
-
iframeConfig;
|
|
798
752
|
oauthConfiguration;
|
|
799
753
|
/**
|
|
800
754
|
* Initializes a new instance of the `WebSignerClient` class.
|
|
@@ -804,44 +758,20 @@ var WebSignerClient = class extends SignerClient {
|
|
|
804
758
|
constructor({
|
|
805
759
|
configuration,
|
|
806
760
|
webauthn,
|
|
807
|
-
iframe,
|
|
808
761
|
oauth
|
|
809
762
|
}) {
|
|
810
|
-
const
|
|
811
|
-
iframeElementId: iframe?.iframeElementId ?? "turnkey-iframe",
|
|
812
|
-
iframeContainerId: iframe?.iframeContainerId ?? "signer-iframe-container"
|
|
813
|
-
};
|
|
814
|
-
const iframeContainer = document.createElement("div");
|
|
815
|
-
iframeContainer.id = iframeConfig.iframeContainerId;
|
|
816
|
-
iframeContainer.style.display = "none";
|
|
817
|
-
document.body.appendChild(iframeContainer);
|
|
818
|
-
const iframeStamper = new IframeStamper({
|
|
819
|
-
iframeUrl: "https://auth.turnkey.com",
|
|
820
|
-
iframeElementId: iframeConfig.iframeElementId,
|
|
821
|
-
iframeContainer: document.getElementById(iframeConfig.iframeContainerId)
|
|
822
|
-
});
|
|
763
|
+
const indexedDbStamper = new IndexedDbStamper();
|
|
823
764
|
super({
|
|
824
|
-
stamper:
|
|
825
|
-
// Initialized to iframeStamper; can be either webauthnStamper or iframeStamper
|
|
765
|
+
stamper: indexedDbStamper,
|
|
826
766
|
configuration
|
|
827
767
|
});
|
|
828
|
-
this.
|
|
829
|
-
this.iframeConfig = iframeConfig;
|
|
768
|
+
this.indexedDbStamper = indexedDbStamper;
|
|
830
769
|
this.webauthnStamper = new WebauthnStamper({ rpId: webauthn.rpId });
|
|
831
770
|
this.oauthConfiguration = oauth;
|
|
832
771
|
}
|
|
833
772
|
async logout() {
|
|
834
773
|
super.logout();
|
|
835
|
-
this.
|
|
836
|
-
const stamper = new IframeStamper({
|
|
837
|
-
iframeUrl: "https://auth.turnkey.com",
|
|
838
|
-
iframeElementId: this.iframeConfig.iframeElementId,
|
|
839
|
-
iframeContainer: document.getElementById(
|
|
840
|
-
this.iframeConfig.iframeContainerId
|
|
841
|
-
)
|
|
842
|
-
});
|
|
843
|
-
this.iframeStamper = stamper;
|
|
844
|
-
await this._initIframeStamper();
|
|
774
|
+
this.indexedDbStamper.clear();
|
|
845
775
|
}
|
|
846
776
|
async signRawMessage(msg) {
|
|
847
777
|
await this._updateStamper();
|
|
@@ -861,15 +791,15 @@ var WebSignerClient = class extends SignerClient {
|
|
|
861
791
|
/**
|
|
862
792
|
* Signs in a user with webauthn.
|
|
863
793
|
*
|
|
864
|
-
* @param {
|
|
794
|
+
* @param {WebAuthnSignInParams} params params for the sign in
|
|
865
795
|
*/
|
|
866
|
-
async
|
|
796
|
+
async webAuthnSignIn({ email }) {
|
|
867
797
|
const existingUserSubOrgId = await this.lookUpUser(email);
|
|
868
798
|
if (!existingUserSubOrgId) {
|
|
869
|
-
await this.
|
|
799
|
+
await this._createWebAuthnAccount({ email });
|
|
870
800
|
} else {
|
|
871
801
|
this.stamper = this.webauthnStamper;
|
|
872
|
-
await this.
|
|
802
|
+
await this.signIn(existingUserSubOrgId);
|
|
873
803
|
this._sessionStore.type = "passkeys" /* Passkeys */;
|
|
874
804
|
if (!this._sessionStore.user || !this._sessionStore.user.credentialId) {
|
|
875
805
|
return;
|
|
@@ -886,127 +816,67 @@ var WebSignerClient = class extends SignerClient {
|
|
|
886
816
|
/**
|
|
887
817
|
* Handles auth user process with email according to the method of the used app.
|
|
888
818
|
*
|
|
889
|
-
* @param {
|
|
819
|
+
* @param {InitEmailAuthParams} params params needed for the initialization of the auth process
|
|
890
820
|
*/
|
|
891
|
-
async
|
|
892
|
-
|
|
893
|
-
|
|
894
|
-
|
|
895
|
-
|
|
896
|
-
await this._createAccount({ method: "email", ...params });
|
|
897
|
-
} else {
|
|
898
|
-
await this._initMagicLinkAuth(params);
|
|
899
|
-
}
|
|
900
|
-
} else if (method === "otp") {
|
|
901
|
-
const { otpId } = await this._initOtpAuth({ email: params.email });
|
|
902
|
-
if (!otpId) throw new NotFoundError("No OTP init response returned.");
|
|
903
|
-
this._sessionStore.otpId = otpId;
|
|
904
|
-
} else {
|
|
905
|
-
throw new Error("Invalid email authentication method.");
|
|
906
|
-
}
|
|
907
|
-
return { method };
|
|
821
|
+
async initEmailAuth(params) {
|
|
822
|
+
await this.indexedDbStamper.resetKeyPair();
|
|
823
|
+
const { otpId } = await this._initEmailAuth(params);
|
|
824
|
+
if (!otpId) throw new NotFoundError("No OTP init response returned.");
|
|
825
|
+
this._sessionStore.otpId = otpId;
|
|
908
826
|
}
|
|
909
|
-
async
|
|
910
|
-
|
|
827
|
+
async getPublicKey() {
|
|
828
|
+
await this._initIndexedDbStamper();
|
|
829
|
+
return this.indexedDbStamper.getPublicKey();
|
|
830
|
+
}
|
|
831
|
+
async resetKeyPair() {
|
|
832
|
+
await this._initIndexedDbStamper();
|
|
833
|
+
await this.indexedDbStamper.resetKeyPair();
|
|
911
834
|
}
|
|
912
835
|
/**
|
|
913
836
|
* Verifies the provided otp code.
|
|
914
837
|
*
|
|
915
|
-
* @param {
|
|
838
|
+
* @param {CompleteEmailAuthParams} params params needed for otp code verification
|
|
916
839
|
*/
|
|
917
|
-
async
|
|
918
|
-
|
|
919
|
-
|
|
920
|
-
"
|
|
921
|
-
|
|
922
|
-
|
|
923
|
-
|
|
924
|
-
|
|
925
|
-
|
|
926
|
-
|
|
927
|
-
);
|
|
928
|
-
if (!credentialBundle || !subOrgId)
|
|
840
|
+
async completeEmailAuth(params) {
|
|
841
|
+
await this._initIndexedDbStamper();
|
|
842
|
+
if (!this._sessionStore.otpId)
|
|
843
|
+
throw new NotFoundError("No OTP ID found in session store.");
|
|
844
|
+
const { subOrgId } = await this.request("/v1/email/complete", "POST", {
|
|
845
|
+
otpId: this._sessionStore.otpId,
|
|
846
|
+
otpCode: params.otpCode,
|
|
847
|
+
publicKey: await this.getPublicKey()
|
|
848
|
+
});
|
|
849
|
+
if (!subOrgId)
|
|
929
850
|
throw new NotFoundError("No OTP authentication response returned.");
|
|
930
|
-
|
|
931
|
-
|
|
932
|
-
|
|
933
|
-
};
|
|
851
|
+
await this.signIn(subOrgId);
|
|
852
|
+
this._sessionStore.type = "email" /* Email */;
|
|
853
|
+
this._sessionStore.clearOtpId();
|
|
934
854
|
}
|
|
935
855
|
/**
|
|
936
856
|
* Gets the email authentication method of the app.
|
|
937
857
|
*/
|
|
938
858
|
async getEmailAuthMethod() {
|
|
939
|
-
const { method } = await this.request("/v1/email
|
|
859
|
+
const { method } = await this.request("/v1/email/method", "GET");
|
|
940
860
|
return method;
|
|
941
861
|
}
|
|
942
|
-
/**
|
|
943
|
-
* Starts email authentication process via otp.
|
|
944
|
-
*/
|
|
945
|
-
async _initOtpAuth(params) {
|
|
946
|
-
return this.request("/v1/otp-auth", "POST", { email: params.email });
|
|
947
|
-
}
|
|
948
|
-
/**
|
|
949
|
-
* Completes the authentication process with a credential bundle.
|
|
950
|
-
*
|
|
951
|
-
* @param {CompleteAuthWithBundleParams} params params for the completion of the auth process
|
|
952
|
-
*/
|
|
953
|
-
async completeAuthWithBundle({
|
|
954
|
-
bundle,
|
|
955
|
-
subOrgId,
|
|
956
|
-
sessionType
|
|
957
|
-
}) {
|
|
958
|
-
await this._initIframeStamper();
|
|
959
|
-
const result = await this.iframeStamper.injectCredentialBundle(bundle);
|
|
960
|
-
if (!result) {
|
|
961
|
-
throw new Error("Failed to inject credential bundle");
|
|
962
|
-
}
|
|
963
|
-
await this.whoAmI(subOrgId);
|
|
964
|
-
this._sessionStore.type = sessionType;
|
|
965
|
-
this._sessionStore.bundle = bundle;
|
|
966
|
-
}
|
|
967
862
|
/**
|
|
968
863
|
* Checks for an existing session and if exists, updates the stamper accordingly.
|
|
969
864
|
*/
|
|
970
865
|
async _updateStamper() {
|
|
971
|
-
if (this._sessionStore.type === void 0 &&
|
|
866
|
+
if (this._sessionStore.type === void 0 && this._sessionStore.token === void 0)
|
|
972
867
|
return;
|
|
973
868
|
if (this._sessionStore.type === "passkeys" /* Passkeys */) {
|
|
974
869
|
this.stamper = this.webauthnStamper;
|
|
975
870
|
} else {
|
|
976
|
-
this.stamper = this.
|
|
977
|
-
await this.completeAuthWithBundle({
|
|
978
|
-
bundle: this._sessionStore.bundle,
|
|
979
|
-
subOrgId: this._sessionStore.user?.subOrgId,
|
|
980
|
-
sessionType: this._sessionStore.type
|
|
981
|
-
});
|
|
982
|
-
}
|
|
983
|
-
}
|
|
984
|
-
/**
|
|
985
|
-
* Init authentication with magic link email.
|
|
986
|
-
*
|
|
987
|
-
* @param {EmailInitializeAuthParams} params params for the sign in
|
|
988
|
-
*/
|
|
989
|
-
async _initMagicLinkAuth({
|
|
990
|
-
email,
|
|
991
|
-
expirationSeconds,
|
|
992
|
-
redirectUrl
|
|
993
|
-
}) {
|
|
994
|
-
if (!redirectUrl) {
|
|
995
|
-
throw new Error("redirectUrl is required for magic link authentication.");
|
|
871
|
+
this.stamper = this.indexedDbStamper;
|
|
996
872
|
}
|
|
997
|
-
return this.request("/v1/email-auth", "POST", {
|
|
998
|
-
email,
|
|
999
|
-
targetPublicKey: await this.getIframePublicKey(),
|
|
1000
|
-
expirationSeconds,
|
|
1001
|
-
redirectUrl: redirectUrl.toString()
|
|
1002
|
-
});
|
|
1003
873
|
}
|
|
1004
874
|
/**
|
|
1005
875
|
* Creates a passkey account using the webauthn stamper.
|
|
1006
876
|
*
|
|
1007
|
-
* @param {
|
|
877
|
+
* @param {WebAuthnSignInParams} params params for the creation of the account
|
|
1008
878
|
*/
|
|
1009
|
-
async
|
|
879
|
+
async _createWebAuthnAccount(params) {
|
|
1010
880
|
const { challenge, attestation } = await this._webauthnGenerateAttestation(
|
|
1011
881
|
params.email
|
|
1012
882
|
);
|
|
@@ -1014,11 +884,9 @@ var WebSignerClient = class extends SignerClient {
|
|
|
1014
884
|
"/v1/signup",
|
|
1015
885
|
"POST",
|
|
1016
886
|
{
|
|
1017
|
-
|
|
1018
|
-
|
|
1019
|
-
|
|
1020
|
-
},
|
|
1021
|
-
email: params.email
|
|
887
|
+
email: params.email,
|
|
888
|
+
challenge: LibBase64.fromBuffer(challenge),
|
|
889
|
+
attestation
|
|
1022
890
|
}
|
|
1023
891
|
);
|
|
1024
892
|
this._sessionStore.user = {
|
|
@@ -1031,42 +899,17 @@ var WebSignerClient = class extends SignerClient {
|
|
|
1031
899
|
this._scheduleRefresh(token);
|
|
1032
900
|
}
|
|
1033
901
|
/**
|
|
1034
|
-
*
|
|
902
|
+
* Init account creation with email.
|
|
1035
903
|
*
|
|
1036
|
-
* @param {
|
|
904
|
+
* @param {InitEmailAuthParams} params params for the creation of the account
|
|
1037
905
|
*/
|
|
1038
|
-
async
|
|
1039
|
-
const
|
|
1040
|
-
|
|
1041
|
-
|
|
1042
|
-
}
|
|
1043
|
-
const response = await this.request("/v1/signup", "POST", {
|
|
1044
|
-
email,
|
|
1045
|
-
iframe: {
|
|
1046
|
-
targetPublicKey: await this.getIframePublicKey(),
|
|
1047
|
-
expirationSeconds,
|
|
1048
|
-
redirectUrl: redirectUrl.toString()
|
|
1049
|
-
}
|
|
906
|
+
async _initEmailAuth(params) {
|
|
907
|
+
const response = await this.request("/v1/email/init", "POST", {
|
|
908
|
+
email: params.email,
|
|
909
|
+
redirectUrl: params.redirectUrl ? params.redirectUrl.toString() : void 0
|
|
1050
910
|
});
|
|
1051
911
|
return response;
|
|
1052
912
|
}
|
|
1053
|
-
/**
|
|
1054
|
-
* Handle the account creation process.
|
|
1055
|
-
*
|
|
1056
|
-
* @param {CreateAccountParams} params params to create an account
|
|
1057
|
-
*/
|
|
1058
|
-
async _createAccount(params) {
|
|
1059
|
-
switch (params.method) {
|
|
1060
|
-
case "webauthn": {
|
|
1061
|
-
await this._createWebauthnAccount(params);
|
|
1062
|
-
break;
|
|
1063
|
-
}
|
|
1064
|
-
case "email": {
|
|
1065
|
-
await this._createEmailAccount(params);
|
|
1066
|
-
break;
|
|
1067
|
-
}
|
|
1068
|
-
}
|
|
1069
|
-
}
|
|
1070
913
|
async _webauthnGenerateAttestation(email) {
|
|
1071
914
|
const challenge = LibBytes.generateRandomBuffer();
|
|
1072
915
|
const authenticatorUserId = LibBytes.generateRandomBuffer();
|
|
@@ -1101,12 +944,11 @@ var WebSignerClient = class extends SignerClient {
|
|
|
1101
944
|
});
|
|
1102
945
|
return { challenge, attestation, authenticatorUserId };
|
|
1103
946
|
}
|
|
1104
|
-
async
|
|
1105
|
-
if (!this.
|
|
1106
|
-
await this.
|
|
947
|
+
async _initIndexedDbStamper() {
|
|
948
|
+
if (!this.indexedDbStamper.getPublicKey()) {
|
|
949
|
+
await this.indexedDbStamper.init();
|
|
1107
950
|
}
|
|
1108
|
-
this.stamper = this.
|
|
1109
|
-
return this.iframeStamper.publicKey();
|
|
951
|
+
this.stamper = this.indexedDbStamper;
|
|
1110
952
|
}
|
|
1111
953
|
};
|
|
1112
954
|
|
|
@@ -1221,12 +1063,11 @@ var FourtWebSigner = class {
|
|
|
1221
1063
|
*/
|
|
1222
1064
|
constructor({
|
|
1223
1065
|
configuration,
|
|
1224
|
-
auth: { webauthn,
|
|
1066
|
+
auth: { webauthn, oauth }
|
|
1225
1067
|
}) {
|
|
1226
1068
|
this._webSignerClient = new WebSignerClient({
|
|
1227
1069
|
configuration,
|
|
1228
1070
|
webauthn,
|
|
1229
|
-
iframe,
|
|
1230
1071
|
oauth
|
|
1231
1072
|
});
|
|
1232
1073
|
this._modules = {
|