@injectivelabs/wallet-turnkey 1.19.15 → 1.19.16

package/dist/cjs/index.cjs

@@ -44,6 +44,29 @@ var TurnkeyOtpWallet = class {
 			});
 		}
 	}
+	static async initSmsOTP(args) {
+		const { client, indexedDbClient, expirationSeconds } = args;
+		try {
+			await indexedDbClient.resetKeyPair();
+			const publicKey = await indexedDbClient.getPublicKey();
+			if (!publicKey) throw new __injectivelabs_exceptions.WalletException(/* @__PURE__ */ new Error("Public key not found"));
+			const response = await client.post(args.otpInitPath || TURNKEY_OTP_INIT_PATH, {
+				phone: args.phone,
+				isUsingIndexedDB: true,
+				suborgId: args.subOrgId,
+				targetPublicKey: publicKey,
+				invalidateExistingSessions: args.invalidateExistingSessions,
+				expirationSeconds: expirationSeconds || DEFAULT_TURNKEY_REFRESH_SECONDS
+			});
+			return response === null || response === void 0 ? void 0 : response.data;
+		} catch (e) {
+			throw new __injectivelabs_exceptions.WalletException(new Error(e.message), {
+				code: __injectivelabs_exceptions.UnspecifiedErrorCode,
+				type: __injectivelabs_exceptions.ErrorType.WalletError,
+				contextModule: "turnkey-init-sms-otp"
+			});
+		}
+	}
 	static async confirmEmailOTP(args) {
 		const { client, expirationSeconds, targetPublicKey } = args;
 		try {
@@ -114,6 +137,35 @@ var TurnkeyOauthWallet = class {
 
 //#endregion
 //#region src/utils.ts
+function generateBase64Url(byteLength) {
+	const bytes = new Uint8Array(byteLength);
+	crypto.getRandomValues(bytes);
+	return btoa(String.fromCharCode(...bytes)).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+}
+function sha256ToBase64Url(input) {
+	const hash = (0, __injectivelabs_sdk_ts_utils.sha256)(new TextEncoder().encode(input));
+	return btoa(String.fromCharCode(...hash)).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+}
+function generateTwitterPkce() {
+	const state = generateBase64Url(32);
+	const codeVerifier = generateBase64Url(32);
+	return {
+		state,
+		codeVerifier,
+		codeChallenge: sha256ToBase64Url(codeVerifier)
+	};
+}
+function generateTwitterUrl({ state, clientId, redirectUri, codeChallenge }) {
+	const url = new URL("https://twitter.com/i/oauth2/authorize");
+	url.searchParams.set("state", state);
+	url.searchParams.set("client_id", clientId);
+	url.searchParams.set("response_type", "code");
+	url.searchParams.set("redirect_uri", redirectUri);
+	url.searchParams.set("code_challenge", codeChallenge);
+	url.searchParams.set("code_challenge_method", "S256");
+	url.searchParams.set("scope", "tweet.read users.read users.email offline.access");
+	return url.toString();
+}
 function generateGoogleUrl({ nonce, clientId, redirectUri, scope = "openid profile email", prompt = "consent" }) {
 	if (!clientId) throw new Error("Google client ID not found");
 	return `https://accounts.google.com/o/oauth2/v2/auth?prompt=${prompt}&client_id=${clientId}&redirect_uri=${redirectUri}&response_type=id_token&scope=${scope}&nonce=${nonce}`;
@@ -173,9 +225,9 @@ var TurnkeyWallet = class {
 	constructor(metadata) {
 		_defineProperty(this, "otpId", void 0);
 		_defineProperty(this, "turnkey", void 0);
-		_defineProperty(this, "userOrganizationId", void 0);
 		_defineProperty(this, "client", void 0);
 		_defineProperty(this, "metadata", void 0);
+		_defineProperty(this, "userOrganizationId", void 0);
 		_defineProperty(this, "indexedDbClient", void 0);
 		_defineProperty(this, "accountMap", {});
 		this.metadata = metadata;
@@ -268,9 +320,9 @@ var TurnkeyWallet = class {
 	async initOTP(email) {
 		const indexedDbClient = await this.getIndexedDbClient();
 		const result = await TurnkeyOtpWallet.initEmailOTP({
-			client: this.client,
-			indexedDbClient,
 			email,
+			indexedDbClient,
+			client: this.client,
 			otpInitPath: this.metadata.otpInitPath || TURNKEY_OTP_INIT_PATH
 		});
 		if (!result || !result.otpId) throw new __injectivelabs_exceptions.WalletException(/* @__PURE__ */ new Error("Failed to initialize OTP"));
@@ -278,6 +330,19 @@ var TurnkeyWallet = class {
 		if (result === null || result === void 0 ? void 0 : result.otpId) this.otpId = result.otpId;
 		return result;
 	}
+	async initSms(phone) {
+		const indexedDbClient = await this.getIndexedDbClient();
+		const result = await TurnkeyOtpWallet.initSmsOTP({
+			phone,
+			indexedDbClient,
+			client: this.client,
+			otpInitPath: this.metadata.otpInitPath || TURNKEY_OTP_INIT_PATH
+		});
+		if (!result || !result.otpId) throw new __injectivelabs_exceptions.WalletException(/* @__PURE__ */ new Error("Failed to initialize SMS OTP"));
+		if (result === null || result === void 0 ? void 0 : result.organizationId) this.userOrganizationId = result.organizationId;
+		if (result === null || result === void 0 ? void 0 : result.otpId) this.otpId = result.otpId;
+		return result;
+	}
 	async confirmOTP(otpCode) {
 		const indexedDbClient = await this.getIndexedDbClient();
 		const targetPublicKey = await indexedDbClient.getPublicKey();
@@ -286,10 +351,10 @@ var TurnkeyWallet = class {
 		if (!this.userOrganizationId) throw new __injectivelabs_exceptions.WalletException(/* @__PURE__ */ new Error("Organization ID is required"));
 		const result = await TurnkeyOtpWallet.confirmEmailOTP({
 			otpCode,
+			targetPublicKey,
 			client: this.client,
 			emailOTPId: this.otpId,
 			organizationId: this.userOrganizationId,
-			targetPublicKey,
 			otpVerifyPath: this.metadata.otpVerifyPath || TURNKEY_OTP_VERIFY_PATH
 		});
 		if (!result || !result.session) throw new __injectivelabs_exceptions.WalletException(/* @__PURE__ */ new Error("Failed to confirm OTP"));
@@ -309,6 +374,30 @@ var TurnkeyWallet = class {
 			redirectUri: this.metadata.googleRedirectUri
 		});
 	}
+	async initOAuth2(provider) {
+		if (provider === __injectivelabs_wallet_base.TurnkeyProvider.Twitter) {
+			if (!this.metadata.twitterClientId || !this.metadata.twitterRedirectUri) throw new __injectivelabs_exceptions.WalletException(/* @__PURE__ */ new Error("twitterClientId and twitterRedirectUri are required"));
+			const indexedDbClient = await this.getIndexedDbClient();
+			await indexedDbClient.resetKeyPair();
+			const targetPublicKey = await indexedDbClient.getPublicKey();
+			if (!targetPublicKey) throw new __injectivelabs_exceptions.WalletException(/* @__PURE__ */ new Error("Target public key is missing. Please ensure your wallet is properly initialized."));
+			const { state, codeVerifier, codeChallenge } = generateTwitterPkce();
+			return {
+				pkce: {
+					state,
+					codeVerifier,
+					targetPublicKey
+				},
+				url: generateTwitterUrl({
+					state,
+					codeChallenge,
+					clientId: this.metadata.twitterClientId,
+					redirectUri: this.metadata.twitterRedirectUri
+				})
+			};
+		}
+		throw new __injectivelabs_exceptions.WalletException(/* @__PURE__ */ new Error(`${provider} is not supported for OAuth2`));
+	}
 	async confirmOAuth(provider, oidcToken) {
 		if (provider === __injectivelabs_wallet_base.TurnkeyProvider.Apple) throw new __injectivelabs_exceptions.WalletException(/* @__PURE__ */ new Error("Apple sign in option is currently not supported"));
 		const indexedDbClient = await this.getIndexedDbClient();
@@ -316,7 +405,7 @@ var TurnkeyWallet = class {
 			oidcToken,
 			indexedDbClient,
 			client: this.client,
-			providerName: provider.toString(),
+			providerName: provider,
 			oauthLoginPath: this.metadata.oauthLoginPath || TURNKEY_OAUTH_PATH
 		});
 		if (!oauthResult || !oauthResult.credentialBundle) throw new __injectivelabs_exceptions.WalletException(/* @__PURE__ */ new Error("Unexpected OAuth result"));
@@ -324,6 +413,25 @@ var TurnkeyWallet = class {
 		this.userOrganizationId = oauthResult.organizationId;
 		return oauthResult.credentialBundle;
 	}
+	async confirmOAuth2({ authCode, codeVerifier, providerName, targetPublicKey }) {
+		var _response$data, _response$data2;
+		const indexedDbClient = await this.getIndexedDbClient();
+		const path = this.metadata.oauth2ExchangePath || "turnkey/oauth2";
+		const response = await this.client.post(path, {
+			authCode,
+			codeVerifier,
+			targetPublicKey,
+			providerName
+		});
+		if (!(response === null || response === void 0 || (_response$data = response.data) === null || _response$data === void 0 ? void 0 : _response$data.credentialBundle) || !(response === null || response === void 0 || (_response$data2 = response.data) === null || _response$data2 === void 0 ? void 0 : _response$data2.organizationId)) throw new __injectivelabs_exceptions.WalletException(/* @__PURE__ */ new Error(`${providerName} OAuth2 exchange failed`));
+		const { credentialBundle, organizationId, email } = response.data;
+		await indexedDbClient.loginWithSession(credentialBundle);
+		this.userOrganizationId = organizationId;
+		return {
+			session: credentialBundle,
+			email
+		};
+	}
 	async refreshSession() {
 		var _session$session;
 		const session = await this.getSession();
@@ -368,8 +476,10 @@ const parseChainId = (chainId) => {
 	return parseInt(chainId, 10);
 };
 const getEip1193ProviderForTurnkey = async (account, chainId, params = {}) => {
+	var _account$sign;
 	return new CustomEip1193Provider({
 		chainId: parseChainId(chainId),
+		sign: (_account$sign = account.sign) === null || _account$sign === void 0 ? void 0 : _account$sign.bind(account),
 		signTypedData: account.signTypedData.bind(account),
 		signMessage: account.signMessage.bind(account),
 		signTransaction: account.signTransaction.bind(account),
@@ -383,6 +493,7 @@ var CustomEip1193Provider = class {
 	constructor(args) {
 		var _args$chainId;
 		_defineProperty(this, "chainId", void 0);
+		_defineProperty(this, "sign", void 0);
 		_defineProperty(this, "signTypedData", void 0);
 		_defineProperty(this, "signMessage", void 0);
 		_defineProperty(this, "signTransaction", void 0);
@@ -391,6 +502,7 @@ var CustomEip1193Provider = class {
 		_defineProperty(this, "account", void 0);
 		_defineProperty(this, "address", void 0);
 		this.chainId = (_args$chainId = args.chainId) !== null && _args$chainId !== void 0 ? _args$chainId : 1;
+		this.sign = args.sign;
 		this.signTypedData = args.signTypedData;
 		this.signMessage = args.signMessage;
 		this.account = args.account;
@@ -426,7 +538,20 @@ var CustomEip1193Provider = class {
 		if (args.method === "eth_requestAccounts") return this.requestAccounts();
 		if (args.method === "eth_signTypedData") {
 			if (!args.params) throw new Error("params is required");
-			return this.signTypedData(args.params[0]);
+			const typedData = args.params[0];
+			if (this.sign) {
+				const typedDataHash = (0, viem.hashTypedData)({
+					domain: {
+						...typedData.domain,
+						chainId: typedData.domain.chainId != null ? parseChainId(typedData.domain.chainId) : void 0
+					},
+					types: typedData.types,
+					primaryType: typedData.primaryType,
+					message: typedData.message
+				});
+				return this.sign({ hash: typedDataHash });
+			}
+			return this.signTypedData(typedData);
 		}
 		if (args.method === "eth_signMessage") {
 			if (!args.params) throw new Error("params is required");
@@ -630,7 +755,16 @@ var TurnkeyWalletStrategy = class extends __injectivelabs_wallet_base.BaseConcre
 			});
 		}
 		if (((_parsedData$domain = parsedData.domain) === null || _parsedData$domain === void 0 ? void 0 : _parsedData$domain.chainId) && typeof parsedData.domain.chainId === "string") parsedData.domain.chainId = Number(parsedData.domain.chainId);
-		return await account.signTypedData(parsedData);
+		if (account.sign) {
+			const typedDataHash = (0, viem.hashTypedData)({
+				types: parsedData.types,
+				domain: parsedData.domain,
+				message: parsedData.message,
+				primaryType: parsedData.primaryType
+			});
+			return account.sign({ hash: typedDataHash });
+		}
+		return account.signTypedData(parsedData);
 	}
 	async signCosmosTransaction(_transaction) {
 		throw new __injectivelabs_exceptions.WalletException(/* @__PURE__ */ new Error("This wallet does not support signing Cosmos transactions"), {

package/dist/cjs/index.d.cts

@@ -1,5 +1,5 @@
 import { HttpRestClient } from "@injectivelabs/utils";
-import { BaseConcreteStrategy, ConcreteEvmWalletStrategyArgs, ConcreteWalletStrategy, Eip1193Provider, SendTransactionOptions, StdSignDoc, TurnkeyMetadata, TurnkeyProvider, WalletDeviceType, WalletMetadata, WalletStrategyEvmOptions } from "@injectivelabs/wallet-base";
+import { BaseConcreteStrategy, ConcreteEvmWalletStrategyArgs, ConcreteWalletStrategy, Eip1193Provider, SendTransactionOptions, StdSignDoc, TurnkeyMetadata, TurnkeyOAuthProvider, WalletDeviceType, WalletMetadata, WalletStrategyEvmOptions } from "@injectivelabs/wallet-base";
 import { AccountAddress, EvmChainId } from "@injectivelabs/ts-types";
 import * as _turnkey_sdk_browser0 from "@turnkey/sdk-browser";
 import { Turnkey, TurnkeyIndexedDbClient } from "@turnkey/sdk-browser";
@@ -67,9 +67,9 @@ type TurnkeyConfirmEmailOTPResponse = {
 declare class TurnkeyWallet {
   private otpId?;
   protected turnkey?: Turnkey;
-  userOrganizationId?: string;
   protected client: HttpRestClient;
   private metadata;
+  userOrganizationId?: string;
   protected indexedDbClient?: TurnkeyIndexedDbClient;
   private accountMap;
   setMetadata(metadata: Partial<TurnkeyMetadata>): void;
@@ -87,9 +87,32 @@ declare class TurnkeyWallet {
   getAccounts(): Promise<string[]>;
   getOrCreateAndGetAccount(address: string): Promise<ReturnType<typeof createAccount>>;
   initOTP(email: string): Promise<TurnkeyOTPCredentialsResponse>;
+  initSms(phone: string): Promise<TurnkeyOTPCredentialsResponse>;
   confirmOTP(otpCode: string): Promise<TurnkeyConfirmEmailOTPResponse>;
-  initOAuth(provider: TurnkeyProvider): Promise<string>;
-  confirmOAuth(provider: TurnkeyProvider, oidcToken: string): Promise<string>;
+  initOAuth(provider: TurnkeyOAuthProvider): Promise<string>;
+  initOAuth2(provider: TurnkeyOAuthProvider): Promise<{
+    pkce: {
+      state: string;
+      codeVerifier: string;
+      targetPublicKey: string;
+    };
+    url: string;
+  }>;
+  confirmOAuth(provider: TurnkeyOAuthProvider, oidcToken: string): Promise<string>;
+  confirmOAuth2({
+    authCode,
+    codeVerifier,
+    providerName,
+    targetPublicKey
+  }: {
+    authCode: string;
+    codeVerifier: string;
+    targetPublicKey: string;
+    providerName: TurnkeyOAuthProvider;
+  }): Promise<{
+    session: string;
+    email: string | undefined;
+  }>;
   refreshSession(): Promise<string>;
   private initClient;
 }

package/dist/esm/index.d.ts

@@ -1,5 +1,5 @@
 import { HttpRestClient } from "@injectivelabs/utils";
-import { BaseConcreteStrategy, ConcreteEvmWalletStrategyArgs, ConcreteWalletStrategy, Eip1193Provider, SendTransactionOptions, StdSignDoc, TurnkeyMetadata, TurnkeyProvider, WalletDeviceType, WalletMetadata, WalletStrategyEvmOptions } from "@injectivelabs/wallet-base";
+import { BaseConcreteStrategy, ConcreteEvmWalletStrategyArgs, ConcreteWalletStrategy, Eip1193Provider, SendTransactionOptions, StdSignDoc, TurnkeyMetadata, TurnkeyOAuthProvider, WalletDeviceType, WalletMetadata, WalletStrategyEvmOptions } from "@injectivelabs/wallet-base";
 import { createAccount } from "@turnkey/viem";
 import * as _turnkey_sdk_browser0 from "@turnkey/sdk-browser";
 import { Turnkey, TurnkeyIndexedDbClient } from "@turnkey/sdk-browser";
@@ -67,9 +67,9 @@ type TurnkeyConfirmEmailOTPResponse = {
 declare class TurnkeyWallet {
   private otpId?;
   protected turnkey?: Turnkey;
-  userOrganizationId?: string;
   protected client: HttpRestClient;
   private metadata;
+  userOrganizationId?: string;
   protected indexedDbClient?: TurnkeyIndexedDbClient;
   private accountMap;
   setMetadata(metadata: Partial<TurnkeyMetadata>): void;
@@ -87,9 +87,32 @@ declare class TurnkeyWallet {
   getAccounts(): Promise<string[]>;
   getOrCreateAndGetAccount(address: string): Promise<ReturnType<typeof createAccount>>;
   initOTP(email: string): Promise<TurnkeyOTPCredentialsResponse>;
+  initSms(phone: string): Promise<TurnkeyOTPCredentialsResponse>;
   confirmOTP(otpCode: string): Promise<TurnkeyConfirmEmailOTPResponse>;
-  initOAuth(provider: TurnkeyProvider): Promise<string>;
-  confirmOAuth(provider: TurnkeyProvider, oidcToken: string): Promise<string>;
+  initOAuth(provider: TurnkeyOAuthProvider): Promise<string>;
+  initOAuth2(provider: TurnkeyOAuthProvider): Promise<{
+    pkce: {
+      state: string;
+      codeVerifier: string;
+      targetPublicKey: string;
+    };
+    url: string;
+  }>;
+  confirmOAuth(provider: TurnkeyOAuthProvider, oidcToken: string): Promise<string>;
+  confirmOAuth2({
+    authCode,
+    codeVerifier,
+    providerName,
+    targetPublicKey
+  }: {
+    authCode: string;
+    codeVerifier: string;
+    targetPublicKey: string;
+    providerName: TurnkeyOAuthProvider;
+  }): Promise<{
+    session: string;
+    email: string | undefined;
+  }>;
   refreshSession(): Promise<string>;
   private initClient;
 }

package/dist/esm/index.js

@@ -1,4 +1,4 @@
-import { getAddress } from "viem";
+import { getAddress, hashTypedData } from "viem";
 import { HttpRestClient } from "@injectivelabs/utils";
 import { TxGrpcApi } from "@injectivelabs/sdk-ts/core/tx";
 import { getEthereumAddress, getInjectiveAddress, sha256 } from "@injectivelabs/sdk-ts/utils";
@@ -44,6 +44,29 @@ var TurnkeyOtpWallet = class {
 			});
 		}
 	}
+	static async initSmsOTP(args) {
+		const { client, indexedDbClient, expirationSeconds } = args;
+		try {
+			await indexedDbClient.resetKeyPair();
+			const publicKey = await indexedDbClient.getPublicKey();
+			if (!publicKey) throw new WalletException(/* @__PURE__ */ new Error("Public key not found"));
+			const response = await client.post(args.otpInitPath || TURNKEY_OTP_INIT_PATH, {
+				phone: args.phone,
+				isUsingIndexedDB: true,
+				suborgId: args.subOrgId,
+				targetPublicKey: publicKey,
+				invalidateExistingSessions: args.invalidateExistingSessions,
+				expirationSeconds: expirationSeconds || DEFAULT_TURNKEY_REFRESH_SECONDS
+			});
+			return response === null || response === void 0 ? void 0 : response.data;
+		} catch (e) {
+			throw new WalletException(new Error(e.message), {
+				code: UnspecifiedErrorCode,
+				type: ErrorType.WalletError,
+				contextModule: "turnkey-init-sms-otp"
+			});
+		}
+	}
 	static async confirmEmailOTP(args) {
 		const { client, expirationSeconds, targetPublicKey } = args;
 		try {
@@ -114,6 +137,35 @@ var TurnkeyOauthWallet = class {
 
 //#endregion
 //#region src/utils.ts
+function generateBase64Url(byteLength) {
+	const bytes = new Uint8Array(byteLength);
+	crypto.getRandomValues(bytes);
+	return btoa(String.fromCharCode(...bytes)).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+}
+function sha256ToBase64Url(input) {
+	const hash = sha256(new TextEncoder().encode(input));
+	return btoa(String.fromCharCode(...hash)).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+}
+function generateTwitterPkce() {
+	const state = generateBase64Url(32);
+	const codeVerifier = generateBase64Url(32);
+	return {
+		state,
+		codeVerifier,
+		codeChallenge: sha256ToBase64Url(codeVerifier)
+	};
+}
+function generateTwitterUrl({ state, clientId, redirectUri, codeChallenge }) {
+	const url = new URL("https://twitter.com/i/oauth2/authorize");
+	url.searchParams.set("state", state);
+	url.searchParams.set("client_id", clientId);
+	url.searchParams.set("response_type", "code");
+	url.searchParams.set("redirect_uri", redirectUri);
+	url.searchParams.set("code_challenge", codeChallenge);
+	url.searchParams.set("code_challenge_method", "S256");
+	url.searchParams.set("scope", "tweet.read users.read users.email offline.access");
+	return url.toString();
+}
 function generateGoogleUrl({ nonce, clientId, redirectUri, scope = "openid profile email", prompt = "consent" }) {
 	if (!clientId) throw new Error("Google client ID not found");
 	return `https://accounts.google.com/o/oauth2/v2/auth?prompt=${prompt}&client_id=${clientId}&redirect_uri=${redirectUri}&response_type=id_token&scope=${scope}&nonce=${nonce}`;
@@ -173,9 +225,9 @@ var TurnkeyWallet = class {
 	constructor(metadata) {
 		_defineProperty(this, "otpId", void 0);
 		_defineProperty(this, "turnkey", void 0);
-		_defineProperty(this, "userOrganizationId", void 0);
 		_defineProperty(this, "client", void 0);
 		_defineProperty(this, "metadata", void 0);
+		_defineProperty(this, "userOrganizationId", void 0);
 		_defineProperty(this, "indexedDbClient", void 0);
 		_defineProperty(this, "accountMap", {});
 		this.metadata = metadata;
@@ -268,9 +320,9 @@ var TurnkeyWallet = class {
 	async initOTP(email) {
 		const indexedDbClient = await this.getIndexedDbClient();
 		const result = await TurnkeyOtpWallet.initEmailOTP({
-			client: this.client,
-			indexedDbClient,
 			email,
+			indexedDbClient,
+			client: this.client,
 			otpInitPath: this.metadata.otpInitPath || TURNKEY_OTP_INIT_PATH
 		});
 		if (!result || !result.otpId) throw new WalletException(/* @__PURE__ */ new Error("Failed to initialize OTP"));
@@ -278,6 +330,19 @@ var TurnkeyWallet = class {
 		if (result === null || result === void 0 ? void 0 : result.otpId) this.otpId = result.otpId;
 		return result;
 	}
+	async initSms(phone) {
+		const indexedDbClient = await this.getIndexedDbClient();
+		const result = await TurnkeyOtpWallet.initSmsOTP({
+			phone,
+			indexedDbClient,
+			client: this.client,
+			otpInitPath: this.metadata.otpInitPath || TURNKEY_OTP_INIT_PATH
+		});
+		if (!result || !result.otpId) throw new WalletException(/* @__PURE__ */ new Error("Failed to initialize SMS OTP"));
+		if (result === null || result === void 0 ? void 0 : result.organizationId) this.userOrganizationId = result.organizationId;
+		if (result === null || result === void 0 ? void 0 : result.otpId) this.otpId = result.otpId;
+		return result;
+	}
 	async confirmOTP(otpCode) {
 		const indexedDbClient = await this.getIndexedDbClient();
 		const targetPublicKey = await indexedDbClient.getPublicKey();
@@ -286,10 +351,10 @@ var TurnkeyWallet = class {
 		if (!this.userOrganizationId) throw new WalletException(/* @__PURE__ */ new Error("Organization ID is required"));
 		const result = await TurnkeyOtpWallet.confirmEmailOTP({
 			otpCode,
+			targetPublicKey,
 			client: this.client,
 			emailOTPId: this.otpId,
 			organizationId: this.userOrganizationId,
-			targetPublicKey,
 			otpVerifyPath: this.metadata.otpVerifyPath || TURNKEY_OTP_VERIFY_PATH
 		});
 		if (!result || !result.session) throw new WalletException(/* @__PURE__ */ new Error("Failed to confirm OTP"));
@@ -309,6 +374,30 @@ var TurnkeyWallet = class {
 			redirectUri: this.metadata.googleRedirectUri
 		});
 	}
+	async initOAuth2(provider) {
+		if (provider === TurnkeyProvider.Twitter) {
+			if (!this.metadata.twitterClientId || !this.metadata.twitterRedirectUri) throw new WalletException(/* @__PURE__ */ new Error("twitterClientId and twitterRedirectUri are required"));
+			const indexedDbClient = await this.getIndexedDbClient();
+			await indexedDbClient.resetKeyPair();
+			const targetPublicKey = await indexedDbClient.getPublicKey();
+			if (!targetPublicKey) throw new WalletException(/* @__PURE__ */ new Error("Target public key is missing. Please ensure your wallet is properly initialized."));
+			const { state, codeVerifier, codeChallenge } = generateTwitterPkce();
+			return {
+				pkce: {
+					state,
+					codeVerifier,
+					targetPublicKey
+				},
+				url: generateTwitterUrl({
+					state,
+					codeChallenge,
+					clientId: this.metadata.twitterClientId,
+					redirectUri: this.metadata.twitterRedirectUri
+				})
+			};
+		}
+		throw new WalletException(/* @__PURE__ */ new Error(`${provider} is not supported for OAuth2`));
+	}
 	async confirmOAuth(provider, oidcToken) {
 		if (provider === TurnkeyProvider.Apple) throw new WalletException(/* @__PURE__ */ new Error("Apple sign in option is currently not supported"));
 		const indexedDbClient = await this.getIndexedDbClient();
@@ -316,7 +405,7 @@ var TurnkeyWallet = class {
 			oidcToken,
 			indexedDbClient,
 			client: this.client,
-			providerName: provider.toString(),
+			providerName: provider,
 			oauthLoginPath: this.metadata.oauthLoginPath || TURNKEY_OAUTH_PATH
 		});
 		if (!oauthResult || !oauthResult.credentialBundle) throw new WalletException(/* @__PURE__ */ new Error("Unexpected OAuth result"));
@@ -324,6 +413,25 @@ var TurnkeyWallet = class {
 		this.userOrganizationId = oauthResult.organizationId;
 		return oauthResult.credentialBundle;
 	}
+	async confirmOAuth2({ authCode, codeVerifier, providerName, targetPublicKey }) {
+		var _response$data, _response$data2;
+		const indexedDbClient = await this.getIndexedDbClient();
+		const path = this.metadata.oauth2ExchangePath || "turnkey/oauth2";
+		const response = await this.client.post(path, {
+			authCode,
+			codeVerifier,
+			targetPublicKey,
+			providerName
+		});
+		if (!(response === null || response === void 0 || (_response$data = response.data) === null || _response$data === void 0 ? void 0 : _response$data.credentialBundle) || !(response === null || response === void 0 || (_response$data2 = response.data) === null || _response$data2 === void 0 ? void 0 : _response$data2.organizationId)) throw new WalletException(/* @__PURE__ */ new Error(`${providerName} OAuth2 exchange failed`));
+		const { credentialBundle, organizationId, email } = response.data;
+		await indexedDbClient.loginWithSession(credentialBundle);
+		this.userOrganizationId = organizationId;
+		return {
+			session: credentialBundle,
+			email
+		};
+	}
 	async refreshSession() {
 		var _session$session;
 		const session = await this.getSession();
@@ -368,8 +476,10 @@ const parseChainId = (chainId) => {
 	return parseInt(chainId, 10);
 };
 const getEip1193ProviderForTurnkey = async (account, chainId, params = {}) => {
+	var _account$sign;
 	return new CustomEip1193Provider({
 		chainId: parseChainId(chainId),
+		sign: (_account$sign = account.sign) === null || _account$sign === void 0 ? void 0 : _account$sign.bind(account),
 		signTypedData: account.signTypedData.bind(account),
 		signMessage: account.signMessage.bind(account),
 		signTransaction: account.signTransaction.bind(account),
@@ -383,6 +493,7 @@ var CustomEip1193Provider = class {
 	constructor(args) {
 		var _args$chainId;
 		_defineProperty(this, "chainId", void 0);
+		_defineProperty(this, "sign", void 0);
 		_defineProperty(this, "signTypedData", void 0);
 		_defineProperty(this, "signMessage", void 0);
 		_defineProperty(this, "signTransaction", void 0);
@@ -391,6 +502,7 @@ var CustomEip1193Provider = class {
 		_defineProperty(this, "account", void 0);
 		_defineProperty(this, "address", void 0);
 		this.chainId = (_args$chainId = args.chainId) !== null && _args$chainId !== void 0 ? _args$chainId : 1;
+		this.sign = args.sign;
 		this.signTypedData = args.signTypedData;
 		this.signMessage = args.signMessage;
 		this.account = args.account;
@@ -426,7 +538,20 @@ var CustomEip1193Provider = class {
 		if (args.method === "eth_requestAccounts") return this.requestAccounts();
 		if (args.method === "eth_signTypedData") {
 			if (!args.params) throw new Error("params is required");
-			return this.signTypedData(args.params[0]);
+			const typedData = args.params[0];
+			if (this.sign) {
+				const typedDataHash = hashTypedData({
+					domain: {
+						...typedData.domain,
+						chainId: typedData.domain.chainId != null ? parseChainId(typedData.domain.chainId) : void 0
+					},
+					types: typedData.types,
+					primaryType: typedData.primaryType,
+					message: typedData.message
+				});
+				return this.sign({ hash: typedDataHash });
+			}
+			return this.signTypedData(typedData);
 		}
 		if (args.method === "eth_signMessage") {
 			if (!args.params) throw new Error("params is required");
@@ -630,7 +755,16 @@ var TurnkeyWalletStrategy = class extends BaseConcreteStrategy {
 			});
 		}
 		if (((_parsedData$domain = parsedData.domain) === null || _parsedData$domain === void 0 ? void 0 : _parsedData$domain.chainId) && typeof parsedData.domain.chainId === "string") parsedData.domain.chainId = Number(parsedData.domain.chainId);
-		return await account.signTypedData(parsedData);
+		if (account.sign) {
+			const typedDataHash = hashTypedData({
+				types: parsedData.types,
+				domain: parsedData.domain,
+				message: parsedData.message,
+				primaryType: parsedData.primaryType
+			});
+			return account.sign({ hash: typedDataHash });
+		}
+		return account.signTypedData(parsedData);
 	}
 	async signCosmosTransaction(_transaction) {
 		throw new WalletException(/* @__PURE__ */ new Error("This wallet does not support signing Cosmos transactions"), {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@injectivelabs/wallet-turnkey",
-  "version": "1.19.15",
+  "version": "1.19.16",
   "description": "Turnkey wallet strategy for use with @injectivelabs/wallet-core.",
   "license": "Apache-2.0",
   "author": {
@@ -42,14 +42,14 @@
     "dist"
   ],
   "dependencies": {
-    "@turnkey/sdk-browser": "5.2.3",
-    "@turnkey/viem": "0.9.10",
+    "@turnkey/sdk-browser": "5.16.1",
+    "@turnkey/viem": "0.13.1",
     "viem": "^2.41.2",
-    "@injectivelabs/exceptions": "1.19.15",
-    "@injectivelabs/utils": "1.19.15",
-    "@injectivelabs/ts-types": "1.19.15",
-    "@injectivelabs/wallet-base": "1.19.15",
-    "@injectivelabs/sdk-ts": "1.19.15"
+    "@injectivelabs/exceptions": "1.19.16",
+    "@injectivelabs/sdk-ts": "1.19.16",
+    "@injectivelabs/wallet-base": "1.19.16",
+    "@injectivelabs/utils": "1.19.16",
+    "@injectivelabs/ts-types": "1.19.16"
   },
   "publishConfig": {
     "access": "public"