@lit-protocol/vincent-app-sdk 0.0.7-mma → 0.0.9-mma

package/README.md

@@ -51,7 +51,7 @@ const vincentAppClient = getWebAuthClient({ appId: MY_APP_ID });
 // ... In your app logic:
 if (vincentAppClient.uriContainsVincentJWT()) {
   // Handle app logic for the user has just logged in
-  const { decoded, jwt } = vincentAppClient.decodeVincentJWT(window.location.origin);
+  const { decoded, jwt } = vincentAppClient.decodeVincentJWTFromUri(window.location.origin);
   // Store `jwt` for later usage; the user is now logged in.
 } else {
   // Handle app logic for the user is _already logged in_ (check for stored & unexpired JWT)

package/dist/README.md

@@ -51,7 +51,7 @@ const vincentAppClient = getWebAuthClient({ appId: MY_APP_ID });
 // ... In your app logic:
 if (vincentAppClient.uriContainsVincentJWT()) {
   // Handle app logic for the user has just logged in
-  const { decoded, jwt } = vincentAppClient.decodeVincentJWT(window.location.origin);
+  const { decoded, jwt } = vincentAppClient.decodeVincentJWTFromUri(window.location.origin);
   // Store `jwt` for later usage; the user is now logged in.
 } else {
   // Handle app logic for the user is _already logged in_ (check for stored & unexpired JWT)

package/dist/package.json

@@ -55,10 +55,9 @@
     "@lit-protocol/auth-helpers": "^7.0.9",
     "@lit-protocol/constants": "^7.0.8",
     "@lit-protocol/lit-node-client": "^7.0.8",
-    "@lit-protocol/vincent-contracts-sdk": "workspace:*",
     "@lit-protocol/vincent-ability-sdk": "workspace:*",
+    "@lit-protocol/vincent-contracts-sdk": "workspace:*",
     "@noble/secp256k1": "^2.2.3",
-    "did-jwt": "^8.0.8",
     "ethers": "5.8.0",
     "tslib": "^2.8.1",
     "zod": "3.25.64"

package/dist/src/expressMiddleware/express.js

@@ -105,7 +105,16 @@ function getAuthenticateUserExpressHandler({ allowedAudience, requiredAppId, use
             return;
         }
         try {
-            const decodedJWT = (0, jwt_1.verify)({ jwt: rawJWT, expectedAudience: allowedAudience, requiredAppId });
+            const decodedJWT = requiredAppId != null
+                ? await (0, jwt_1.verifyVincentAppUserJWT)({
+                    jwt: rawJWT,
+                    expectedAudience: allowedAudience,
+                    requiredAppId,
+                })
+                : await (0, jwt_1.verifyVincentPlatformJWT)({
+                    jwt: rawJWT,
+                    expectedAudience: allowedAudience,
+                });
             if (!decodedJWT) {
                 res.status(401).json({ error: 'Invalid token' });
                 return;

package/dist/src/expressMiddleware/express.js.map

@@ -1 +1 @@
-{"version":3,"file":"express.js","sourceRoot":"","sources":["../../../src/expressMiddleware/express.ts"],"names":[],"mappings":";;AA8EA,kEASC;AAnFD,gCAAgC;AAChC,6CAAoD;AAEpD,SAAS,0BAA0B,CACjC,GAAY,EACZ,OAAgB;IAEhB,qCAAqC;IACrC,IAAI,CAAC,CAAC,OAAO,IAAI,GAAG,CAAC,IAAI,OAAO,GAAG,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3E,MAAM,IAAI,KAAK,CAAC,4EAA4E,CAAC,CAAC;IAChG,CAAC;IAED,6BAA6B;IAC7B,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAA4B,CAAC;IAErD,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IAEpC,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,IAAA,uBAAe,EAAC,UAAU,CAAC,EAAE,CAAC;QAC/D,MAAM,IAAI,KAAK,CAAC,mEAAmE,CAAC,CAAC;IACvF,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmDG;AACH,SAAgB,2BAA2B,CAA+B,MAIzE;IACC,OAAO;QACL,UAAU,EAAE,iCAAiC,CAAC,MAAM,CAAC;QACrD,OAAO,EAAE,2BAA2B,CAAC,MAAM,CAAC,OAAO,CAAC;KACrD,CAAC;AACJ,CAAC;AAED,SAAS,2BAA2B,CAA+B,OAAgB;IACjF,OAAO,UAAU,OAA6C;QAC5D,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;YACzD,IAAI,CAAC;gBACH,0BAA0B,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;gBACzC,OAAO,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;YACjC,CAAC;YAAC,WAAM,CAAC;gBACP,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,CAAC;YACvD,CAAC;QACH,CAAC,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AAED,qCAAqC;AACrC,SAAS,iCAAiC,CAA+B,EACvE,eAAe,EACf,aAAa,EACb,OAAO,GAKR;IACC,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;QAC/D,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;QAC7C,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,CAAC;YACrD,OAAO;QACT,CAAC;QAED,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACpC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,0DAA0D,EAAE,CAAC,CAAC;YAC5F,OAAO;QACT,CAAC;QAED,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,KAAK,CAAC;QAC/B,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YAC9B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,kCAAkC,MAAM,GAAG,EAAE,CAAC,CAAC;YAC7E,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,IAAA,YAAM,EAAC,EAAE,GAAG,EAAE,MAAM,EAAE,gBAAgB,EAAE,eAAe,EAAE,aAAa,EAAE,CAAC,CAAC;YAC7F,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;gBACjD,OAAO;YACT,CAAC;YAEA,GAAiD,CAAC,OAAO,CAAC,GAAG;gBAC5D,UAAU;gBACV,MAAM;aACW,CAAC;YAEpB,IAAI,EAAE,CAAC;QACT,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,kBAAmB,CAAW,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AACD,wCAAwC"}
+{"version":3,"file":"express.js","sourceRoot":"","sources":["../../../src/expressMiddleware/express.ts"],"names":[],"mappings":";;AA8EA,kEASC;AAnFD,gCAA2E;AAC3E,6CAAoD;AAEpD,SAAS,0BAA0B,CACjC,GAAY,EACZ,OAAgB;IAEhB,qCAAqC;IACrC,IAAI,CAAC,CAAC,OAAO,IAAI,GAAG,CAAC,IAAI,OAAO,GAAG,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3E,MAAM,IAAI,KAAK,CAAC,4EAA4E,CAAC,CAAC;IAChG,CAAC;IAED,6BAA6B;IAC7B,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAA4B,CAAC;IAErD,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IAEpC,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,IAAA,uBAAe,EAAC,UAAU,CAAC,EAAE,CAAC;QAC/D,MAAM,IAAI,KAAK,CAAC,mEAAmE,CAAC,CAAC;IACvF,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmDG;AACH,SAAgB,2BAA2B,CAA+B,MAIzE;IACC,OAAO;QACL,UAAU,EAAE,iCAAiC,CAAC,MAAM,CAAC;QACrD,OAAO,EAAE,2BAA2B,CAAC,MAAM,CAAC,OAAO,CAAC;KACrD,CAAC;AACJ,CAAC;AAED,SAAS,2BAA2B,CAA+B,OAAgB;IACjF,OAAO,UAAU,OAA6C;QAC5D,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;YACzD,IAAI,CAAC;gBACH,0BAA0B,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;gBACzC,OAAO,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;YACjC,CAAC;YAAC,WAAM,CAAC;gBACP,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,CAAC;YACvD,CAAC;QACH,CAAC,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AAED,qCAAqC;AACrC,SAAS,iCAAiC,CAA+B,EACvE,eAAe,EACf,aAAa,EACb,OAAO,GAKR;IACC,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;QAC/D,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;QAC7C,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,CAAC;YACrD,OAAO;QACT,CAAC;QAED,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACpC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,0DAA0D,EAAE,CAAC,CAAC;YAC5F,OAAO;QACT,CAAC;QAED,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,KAAK,CAAC;QAC/B,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YAC9B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,kCAAkC,MAAM,GAAG,EAAE,CAAC,CAAC;YAC7E,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,UAAU,GACd,aAAa,IAAI,IAAI;gBACnB,CAAC,CAAC,MAAM,IAAA,6BAAuB,EAAC;oBAC5B,GAAG,EAAE,MAAM;oBACX,gBAAgB,EAAE,eAAe;oBACjC,aAAa;iBACd,CAAC;gBACJ,CAAC,CAAC,MAAM,IAAA,8BAAwB,EAAC;oBAC7B,GAAG,EAAE,MAAM;oBACX,gBAAgB,EAAE,eAAe;iBAClC,CAAC,CAAC;YAET,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;gBACjD,OAAO;YACT,CAAC;YAEA,GAAiD,CAAC,OAAO,CAAC,GAAG;gBAC5D,UAAU;gBACV,MAAM;aACW,CAAC;YAEpB,IAAI,EAAE,CAAC;QACT,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,kBAAmB,CAAW,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AACD,wCAAwC"}

package/dist/src/expressMiddleware/types.d.ts

@@ -1,5 +1,5 @@
 import type { NextFunction, Request, RequestHandler, Response } from 'express';
-import type { VincentJWT } from '../jwt/types';
+import type { VincentJWTAppUser, VincentJWTPlatformUser } from '../jwt/types';
 /** Extract the params type from the original Express.js RequestHandler
  *
  * You probably don't need this type; see { @link createVincentUserMiddleware } for details
@@ -16,7 +16,7 @@ export type ExtractRequestHandlerParams<T> = T extends RequestHandler<infer P, i
  * */
 export type AuthenticatedRequestHandler<UserKey extends string, P = ExtractRequestHandlerParams<RequestHandler>[0], ResBody = ExtractRequestHandlerParams<RequestHandler>[1], ReqBody = ExtractRequestHandlerParams<RequestHandler>[2], ReqQuery = ExtractRequestHandlerParams<RequestHandler>[3], Locals extends Record<string, any> = ExtractRequestHandlerParams<RequestHandler>[4]> = (req: AuthenticatedRequest<UserKey, P, ResBody, ReqBody, ReqQuery>, res: Response<ResBody, Locals>, next: NextFunction) => void | Promise<void>;
 export interface VincentJWTData {
-    decodedJWT: VincentJWT;
+    decodedJWT: VincentJWTPlatformUser | VincentJWTAppUser;
     rawJWT: string;
 }
 /** An interface that extends the Express.js Request interface to include authenticated user data

package/dist/src/expressMiddleware/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/expressMiddleware/types.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAE/E,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAE/C;;;;;KAKK;AACL,MAAM,MAAM,2BAA2B,CAAC,CAAC,IACvC,CAAC,SAAS,cAAc,CAAC,MAAM,CAAC,EAAE,MAAM,OAAO,EAAE,MAAM,OAAO,EAAE,MAAM,QAAQ,EAAE,MAAM,MAAM,CAAC,GACzF,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,GACvC,KAAK,CAAC;AAEZ;;;;;;KAMK;AACL,MAAM,MAAM,2BAA2B,CACrC,OAAO,SAAS,MAAM,EACtB,CAAC,GAAG,2BAA2B,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,EAClD,OAAO,GAAG,2BAA2B,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,EACxD,OAAO,GAAG,2BAA2B,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,EACxD,QAAQ,GAAG,2BAA2B,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,EACzD,MAAM,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,2BAA2B,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,IACjF,CACF,GAAG,EAAE,oBAAoB,CAAC,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,CAAC,EACjE,GAAG,EAAE,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC,EAC9B,IAAI,EAAE,YAAY,KACf,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAE1B,MAAM,WAAW,cAAc;IAC7B,UAAU,EAAE,UAAU,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;;;;KAKK;AACL,MAAM,MAAM,oBAAoB,CAC9B,OAAO,SAAS,MAAM,EACtB,CAAC,GAAG,GAAG,EACP,OAAO,GAAG,GAAG,EACb,OAAO,GAAG,GAAG,EACb,QAAQ,GAAG,GAAG,IACZ,OAAO,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,CAAC,GAAG;KAC1C,CAAC,IAAI,OAAO,GAAG,cAAc;CAC/B,CAAC"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/expressMiddleware/types.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAE/E,OAAO,KAAK,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AAE9E;;;;;KAKK;AACL,MAAM,MAAM,2BAA2B,CAAC,CAAC,IACvC,CAAC,SAAS,cAAc,CAAC,MAAM,CAAC,EAAE,MAAM,OAAO,EAAE,MAAM,OAAO,EAAE,MAAM,QAAQ,EAAE,MAAM,MAAM,CAAC,GACzF,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,GACvC,KAAK,CAAC;AAEZ;;;;;;KAMK;AACL,MAAM,MAAM,2BAA2B,CACrC,OAAO,SAAS,MAAM,EACtB,CAAC,GAAG,2BAA2B,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,EAClD,OAAO,GAAG,2BAA2B,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,EACxD,OAAO,GAAG,2BAA2B,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,EACxD,QAAQ,GAAG,2BAA2B,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,EACzD,MAAM,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,2BAA2B,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,IACjF,CACF,GAAG,EAAE,oBAAoB,CAAC,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,CAAC,EACjE,GAAG,EAAE,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC,EAC9B,IAAI,EAAE,YAAY,KACf,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAE1B,MAAM,WAAW,cAAc;IAC7B,UAAU,EAAE,sBAAsB,GAAG,iBAAiB,CAAC;IACvD,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;;;;KAKK;AACL,MAAM,MAAM,oBAAoB,CAC9B,OAAO,SAAS,MAAM,EACtB,CAAC,GAAG,GAAG,EACP,OAAO,GAAG,GAAG,EACb,OAAO,GAAG,GAAG,EACb,QAAQ,GAAG,GAAG,IACZ,OAAO,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,CAAC,GAAG;KAC1C,CAAC,IAAI,OAAO,GAAG,cAAc;CAC/B,CAAC"}

package/dist/src/jwt/accessors.d.ts

@@ -1,8 +1,41 @@
 import type { IRelayPKP } from '@lit-protocol/types';
-import type { VincentJWT, VincentJWTAppSpecific } from './types';
-export declare function getAppInfo(decodedJWT: VincentJWTAppSpecific): {
+import type { VincentJWTPlatformUser, VincentJWTAppUser, AnyVincentJWT, VincentJWTDelegatee } from './types';
+/**
+ * @category API > Accessors
+ */
+export declare function getAppInfo(decodedJWT: VincentJWTAppUser): {
     appId: number;
     version: number;
 };
-export declare function getPKPInfo(decodedJWT: VincentJWT): IRelayPKP;
+/**
+ * @category API > Accessors
+ */
+export declare function getPKPInfo(decodedJWT: VincentJWTPlatformUser | VincentJWTAppUser): IRelayPKP;
+/**
+ * @category API > Accessors
+ */
+export declare function getRole(decodedJWT: AnyVincentJWT): string;
+/**
+ * @category API > Accessors
+ */
+export declare function getAuthentication(decodedJWT: VincentJWTPlatformUser | VincentJWTAppUser): {
+    type: string;
+    value?: string;
+};
+/**
+ * @category API > Accessors
+ */
+export declare function getPublicKey(decodedJWT: AnyVincentJWT): string;
+/**
+ * @category API > Accessors
+ */
+export declare function getIssuerAddress(decodedJWT: AnyVincentJWT): string | undefined;
+/**
+ * @category API > Accessors
+ */
+export declare function getSubjectAddress(decodedJWT: VincentJWTDelegatee): string;
+/**
+ * @category API > Accessors
+ */
+export declare function getAudience(decodedJWT: AnyVincentJWT): string[];
 //# sourceMappingURL=accessors.d.ts.map

package/dist/src/jwt/accessors.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"accessors.d.ts","sourceRoot":"","sources":["../../../src/jwt/accessors.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAErD,OAAO,KAAK,EAAE,UAAU,EAAE,qBAAqB,EAAE,MAAM,SAAS,CAAC;AAIjE,wBAAgB,UAAU,CAAC,UAAU,EAAE,qBAAqB,GAAG;IAC7D,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB,CAMA;AAED,wBAAgB,UAAU,CAAC,UAAU,EAAE,UAAU,GAAG,SAAS,CAE5D"}
+{"version":3,"file":"accessors.d.ts","sourceRoot":"","sources":["../../../src/jwt/accessors.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAErD,OAAO,KAAK,EACV,sBAAsB,EACtB,iBAAiB,EACjB,aAAa,EACb,mBAAmB,EACpB,MAAM,SAAS,CAAC;AAKjB;;GAEG;AACH,wBAAgB,UAAU,CAAC,UAAU,EAAE,iBAAiB,GAAG;IACzD,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB,CAMA;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,UAAU,EAAE,sBAAsB,GAAG,iBAAiB,GAAG,SAAS,CAG5F;AAED;;GAEG;AACH,wBAAgB,OAAO,CAAC,UAAU,EAAE,aAAa,GAAG,MAAM,CAEzD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,sBAAsB,GAAG,iBAAiB,GAAG;IACzF,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAGA;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,UAAU,EAAE,aAAa,GAAG,MAAM,CAE9D;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,aAAa,GAAG,MAAM,GAAG,SAAS,CAE9E;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,mBAAmB,GAAG,MAAM,CAKzE;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,UAAU,EAAE,aAAa,GAAG,MAAM,EAAE,CAQ/D"}

package/dist/src/jwt/accessors.js

@@ -2,14 +2,72 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getAppInfo = getAppInfo;
 exports.getPKPInfo = getPKPInfo;
+exports.getRole = getRole;
+exports.getAuthentication = getAuthentication;
+exports.getPublicKey = getPublicKey;
+exports.getIssuerAddress = getIssuerAddress;
+exports.getSubjectAddress = getSubjectAddress;
+exports.getAudience = getAudience;
+const constants_1 = require("./constants");
 const typeGuards_1 = require("./typeGuards");
+/**
+ * @category API > Accessors
+ */
 function getAppInfo(decodedJWT) {
-    if (!(0, typeGuards_1.isAppSpecificJWT)(decodedJWT)) {
+    if (!(0, typeGuards_1.isAppUser)(decodedJWT)) {
         throw new Error('JWT is not app specific');
     }
     return { appId: decodedJWT.payload.app.id, version: decodedJWT.payload.app.version };
 }
+/**
+ * @category API > Accessors
+ */
 function getPKPInfo(decodedJWT) {
-    return decodedJWT.payload.pkp;
+    (0, typeGuards_1.assertIsPKPSignedVincentJWT)(decodedJWT);
+    return decodedJWT.payload.pkpInfo;
+}
+/**
+ * @category API > Accessors
+ */
+function getRole(decodedJWT) {
+    return decodedJWT.payload.role;
+}
+/**
+ * @category API > Accessors
+ */
+function getAuthentication(decodedJWT) {
+    (0, typeGuards_1.assertIsPKPSignedVincentJWT)(decodedJWT);
+    return decodedJWT.payload.authentication;
+}
+/**
+ * @category API > Accessors
+ */
+function getPublicKey(decodedJWT) {
+    return decodedJWT.payload.publicKey;
+}
+/**
+ * @category API > Accessors
+ */
+function getIssuerAddress(decodedJWT) {
+    return decodedJWT.payload.iss;
+}
+/**
+ * @category API > Accessors
+ */
+function getSubjectAddress(decodedJWT) {
+    if (!decodedJWT.payload.sub) {
+        throw new Error(constants_1.JWT_ERROR.INVALID_JWT + ' - Missing subject address');
+    }
+    return decodedJWT.payload.sub;
+}
+/**
+ * @category API > Accessors
+ */
+function getAudience(decodedJWT) {
+    const aud = decodedJWT.payload.aud;
+    if (!aud) {
+        throw new Error(constants_1.JWT_ERROR.INVALID_AUDIENCE + ' - Missing audience');
+    }
+    return Array.isArray(aud) ? aud : [aud];
 }
 //# sourceMappingURL=accessors.js.map

package/dist/src/jwt/accessors.js.map

@@ -1 +1 @@
-{"version":3,"file":"accessors.js","sourceRoot":"","sources":["../../../src/jwt/accessors.ts"],"names":[],"mappings":";;AAMA,gCASC;AAED,gCAEC;AAfD,6CAAgD;AAEhD,SAAgB,UAAU,CAAC,UAAiC;IAI1D,IAAI,CAAC,IAAA,6BAAgB,EAAC,UAAU,CAAC,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC7C,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,OAAO,EAAE,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;AACvF,CAAC;AAED,SAAgB,UAAU,CAAC,UAAsB;IAC/C,OAAO,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC;AAChC,CAAC"}
+{"version":3,"file":"accessors.js","sourceRoot":"","sources":["../../../src/jwt/accessors.ts"],"names":[],"mappings":";;AAeA,gCASC;AAKD,gCAGC;AAKD,0BAEC;AAKD,8CAMC;AAKD,oCAEC;AAKD,4CAEC;AAKD,8CAKC;AAKD,kCAQC;AA9ED,2CAAwC;AACxC,6CAAsE;AAEtE;;GAEG;AACH,SAAgB,UAAU,CAAC,UAA6B;IAItD,IAAI,CAAC,IAAA,sBAAS,EAAC,UAAU,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC7C,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,OAAO,EAAE,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;AACvF,CAAC;AAED;;GAEG;AACH,SAAgB,UAAU,CAAC,UAAsD;IAC/E,IAAA,wCAA2B,EAAC,UAAU,CAAC,CAAC;IACxC,OAAO,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC;AACpC,CAAC;AAED;;GAEG;AACH,SAAgB,OAAO,CAAC,UAAyB;IAC/C,OAAO,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC;AACjC,CAAC;AAED;;GAEG;AACH,SAAgB,iBAAiB,CAAC,UAAsD;IAItF,IAAA,wCAA2B,EAAC,UAAU,CAAC,CAAC;IACxC,OAAO,UAAU,CAAC,OAAO,CAAC,cAAc,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,SAAgB,YAAY,CAAC,UAAyB;IACpD,OAAO,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC;AACtC,CAAC;AAED;;GAEG;AACH,SAAgB,gBAAgB,CAAC,UAAyB;IACxD,OAAO,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC;AAChC,CAAC;AAED;;GAEG;AACH,SAAgB,iBAAiB,CAAC,UAA+B;IAC/D,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,qBAAS,CAAC,WAAW,GAAG,4BAA4B,CAAC,CAAC;IACxE,CAAC;IACD,OAAO,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC;AAChC,CAAC;AAED;;GAEG;AACH,SAAgB,WAAW,CAAC,UAAyB;IACnD,MAAM,GAAG,GAAG,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC;IAEnC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,qBAAS,CAAC,gBAAgB,GAAG,qBAAqB,CAAC,CAAC;IACtE,CAAC;IAED,OAAO,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;AAC1C,CAAC"}

package/dist/src/jwt/constants.d.ts

@@ -0,0 +1,33 @@
+export declare const JWT_ERROR: {
+    /**
+     * Thrown when a JWT payload schema is unexpected or when validity period does not match
+     */
+    INVALID_JWT: string;
+    /**
+     * Thrown when the verifier audience does not match the one set in the JWT payload
+     */
+    INVALID_AUDIENCE: string;
+    /**
+     * Thrown when none of the public keys of the issuer match the signature of the JWT.
+     *
+     * This is equivalent to `NO_SUITABLE_KEYS` when the `proofPurpose` is NOT specified.
+     */
+    INVALID_SIGNATURE: string;
+    /**
+     * Thrown when the DID document of the issuer does not have any keys that match the signature for the given
+     * `proofPurpose`.
+     *
+     * This is equivalent to `invalid_signature`, when a `proofPurpose` is specified.
+     */
+    NO_SUITABLE_KEYS: string;
+    /**
+     * Thrown when the `alg` of the JWT or the encoding of the key is not supported
+     */
+    NOT_SUPPORTED: string;
+    /**
+     * Thrown when the DID resolver is unable to resolve the issuer DID.
+     */
+    RESOLVER_ERROR: string;
+};
+export declare const VINCENT_JWT_API_VERSION = 1;
+//# sourceMappingURL=constants.d.ts.map

package/dist/src/jwt/constants.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../src/jwt/constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,SAAS;IACpB;;OAEG;;IAEH;;OAEG;;IAEH;;;;OAIG;;IAEH;;;;;OAKG;;IAEH;;OAEG;;IAEH;;OAEG;;CAEJ,CAAC;AAEF,eAAO,MAAM,uBAAuB,IAAI,CAAC"}

package/dist/src/jwt/constants.js

@@ -0,0 +1,36 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VINCENT_JWT_API_VERSION = exports.JWT_ERROR = void 0;
+exports.JWT_ERROR = {
+    /**
+     * Thrown when a JWT payload schema is unexpected or when validity period does not match
+     */
+    INVALID_JWT: 'invalid_jwt',
+    /**
+     * Thrown when the verifier audience does not match the one set in the JWT payload
+     */
+    INVALID_AUDIENCE: 'invalid_config',
+    /**
+     * Thrown when none of the public keys of the issuer match the signature of the JWT.
+     *
+     * This is equivalent to `NO_SUITABLE_KEYS` when the `proofPurpose` is NOT specified.
+     */
+    INVALID_SIGNATURE: 'invalid_signature',
+    /**
+     * Thrown when the DID document of the issuer does not have any keys that match the signature for the given
+     * `proofPurpose`.
+     *
+     * This is equivalent to `invalid_signature`, when a `proofPurpose` is specified.
+     */
+    NO_SUITABLE_KEYS: 'no_suitable_keys',
+    /**
+     * Thrown when the `alg` of the JWT or the encoding of the key is not supported
+     */
+    NOT_SUPPORTED: 'not_supported',
+    /**
+     * Thrown when the DID resolver is unable to resolve the issuer DID.
+     */
+    RESOLVER_ERROR: 'resolver_error',
+};
+exports.VINCENT_JWT_API_VERSION = 1;
+//# sourceMappingURL=constants.js.map

package/dist/src/jwt/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../../src/jwt/constants.ts"],"names":[],"mappings":";;;AAAa,QAAA,SAAS,GAAG;IACvB;;OAEG;IACH,WAAW,EAAE,aAAa;IAC1B;;OAEG;IACH,gBAAgB,EAAE,gBAAgB;IAClC;;;;OAIG;IACH,iBAAiB,EAAE,mBAAmB;IACtC;;;;;OAKG;IACH,gBAAgB,EAAE,kBAAkB;IACpC;;OAEG;IACH,aAAa,EAAE,eAAe;IAC9B;;OAEG;IACH,cAAc,EAAE,gBAAgB;CACjC,CAAC;AAEW,QAAA,uBAAuB,GAAG,CAAC,CAAC"}

package/dist/src/jwt/core/create.d.ts

@@ -1,24 +1,19 @@
-import type { JWTConfig } from '../types';
+import type { CreateAppUserJWTParams, CreateDelegateeJWTParams, CreatePlatformUserJWTParams } from '../types';
 /**
- * Creates a JWT signed by a PKP wallet using the ES256K algorithm
+ * Create JWT for a platform user
+ * @category API > Create
+ * */
+export declare function createPlatformUserJWT(config: CreatePlatformUserJWTParams): Promise<string>;
+/** Create JWT for an app-scoped user
+ * @category API > Create
+ * */
+export declare function createAppUserJWT(config: CreateAppUserJWTParams): Promise<string>;
+/**
+ * Creates a JWT for an app delegatee (Ethereum account that may act on behalf of a user).
  *
- * This function creates a JWT with the provided payload, adding standard claims
- * like iat (issued at), exp (expiration), and iss (issuer). It also includes the
- * PKP public key in the payload, which is used for verification.
+ * You must provide a valid `subjectAddress`, which must be a valid delegator for your Delegatee address.
  *
- * @param config - Configuration object containing all parameters for JWT creation
- * @returns A promise that resolves to the signed JWT string
- * @hidden
- * @example
- * ```typescript
- * const jwt = await createPKPSignedJWT({
- *   pkpWallet: pkpWallet,
- *   pkp: pkpInfo,
- *   payload: { name: "Lit Protocol User", customField: "value" },
- *   expiresInMinutes: 30, // expires in 30 minutes
- *   audience: "example.com" // audience domain
- * });
- * ```
+ * @category API > Create
  */
-export declare function create(config: JWTConfig): Promise<string>;
+export declare function createDelegateeJWT(config: CreateDelegateeJWTParams): Promise<string>;
 //# sourceMappingURL=create.d.ts.map

package/dist/src/jwt/core/create.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"create.d.ts","sourceRoot":"","sources":["../../../../src/jwt/core/create.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,SAAS,EAAyB,MAAM,UAAU,CAAC;AA8CjE;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAsB,MAAM,CAAC,MAAM,EAAE,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,CAoC/D"}
+{"version":3,"file":"create.d.ts","sourceRoot":"","sources":["../../../../src/jwt/core/create.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,sBAAsB,EACtB,wBAAwB,EACxB,2BAA2B,EAI5B,MAAM,UAAU,CAAC;AAuDlB;;;KAGK;AACL,wBAAsB,qBAAqB,CAAC,MAAM,EAAE,2BAA2B,GAAG,OAAO,CAAC,MAAM,CAAC,CAYhG;AAED;;KAEK;AACL,wBAAsB,gBAAgB,CAAC,MAAM,EAAE,sBAAsB,GAAG,OAAO,CAAC,MAAM,CAAC,CAqBtF;AAED;;;;;;GAMG;AACH,wBAAsB,kBAAkB,CAAC,MAAM,EAAE,wBAAwB,GAAG,OAAO,CAAC,MAAM,CAAC,CAQ1F"}

package/dist/src/jwt/core/create.js

@@ -1,95 +1,95 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.create = create;
-const tslib_1 = require("tslib");
-const didJWT = tslib_1.__importStar(require("did-jwt"));
-const ethers_1 = require("ethers");
+exports.createPlatformUserJWT = createPlatformUserJWT;
+exports.createAppUserJWT = createAppUserJWT;
+exports.createDelegateeJWT = createDelegateeJWT;
 const utils_1 = require("ethers/lib/utils");
+const constants_1 = require("../constants");
 const base64_1 = require("./utils/base64");
-/**
- * Creates a signer function compatible with did-jwt that uses a PKP wallet for signing
- *
- * This function returns a signing function that conforms to the did-jwt library's
- * signer interface. When called, it signs data using the PKP wallet, formatting
- * the signature according to ES256K requirements (without recovery parameter).
- *
- * @param pkpWallet - The PKP Ethers wallet instance that will be used for signing
- * @returns A signing function that takes data and returns a base64url-encoded signature
- * @private
- * @example
- * ```typescript
- * const pkpWallet = new PKPEthersWallet({ ... });
- * const signer = createPKPSigner(pkpWallet);
- * const signature = await signer('data to sign');
- * ```
- */
-function createPKPSigner(pkpWallet) {
-    /**
-     * The actual signer function conforming to the did-jwt signer interface
-     *
-     * @param data - The data to sign, either as a string or Uint8Array
-     * @returns A promise that resolves to the base64url-encoded signature
-     */
+const ensureHex = (s) => (0, utils_1.hexlify)(s, { allowMissingPrefix: true });
+function createES256KSigner(wallet) {
     return async (data) => {
-        const dataBytes = typeof data === 'string' ? Uint8Array.from(Buffer.from(data, 'utf8')) : data;
-        const sig = await pkpWallet.signMessage(dataBytes);
-        const { r, s } = ethers_1.ethers.utils.splitSignature(sig);
-        const rBytes = (0, utils_1.arrayify)(r);
-        const sBytes = (0, utils_1.arrayify)(s);
-        // ES256K signature is r and s concatenated (64 bytes total)
+        const messageBytes = typeof data === 'string' ? (0, utils_1.toUtf8Bytes)(data) : data;
+        const sig = await wallet.signMessage(messageBytes);
+        const { r, s } = (0, utils_1.splitSignature)(sig);
         const sigBytes = new Uint8Array(64);
-        sigBytes.set(rBytes, 0);
-        sigBytes.set(sBytes, 32);
+        sigBytes.set((0, utils_1.arrayify)(r), 0);
+        sigBytes.set((0, utils_1.arrayify)(s), 32);
         return (0, base64_1.toBase64Url)(sigBytes);
     };
 }
-/**
- * Creates a JWT signed by a PKP wallet using the ES256K algorithm
- *
- * This function creates a JWT with the provided payload, adding standard claims
- * like iat (issued at), exp (expiration), and iss (issuer). It also includes the
- * PKP public key in the payload, which is used for verification.
- *
- * @param config - Configuration object containing all parameters for JWT creation
- * @returns A promise that resolves to the signed JWT string
- * @hidden
- * @example
- * ```typescript
- * const jwt = await createPKPSignedJWT({
- *   pkpWallet: pkpWallet,
- *   pkp: pkpInfo,
- *   payload: { name: "Lit Protocol User", customField: "value" },
- *   expiresInMinutes: 30, // expires in 30 minutes
- *   audience: "example.com" // audience domain
- * });
- * ```
- */
-async function create(config) {
-    const { app, pkpWallet, pkp, payload, expiresInMinutes, audience, authentication } = config;
-    const signer = createPKPSigner(pkpWallet);
-    // iat and exp are expressed in seconds https://datatracker.ietf.org/doc/html/rfc7519
+async function createJWS({ payload, wallet, config }) {
+    const { expiresInMinutes, audience, subjectAddress, role } = config;
     const iat = Math.floor(Date.now() / 1000);
-    const exp = iat + expiresInMinutes * 60;
-    const walletAddress = await pkpWallet.getAddress();
-    const fullPayload = {
+    const exp = (payload.nbf || Math.floor(Date.now() / 1000) + expiresInMinutes * 60);
+    const header = { alg: 'ES256K', typ: 'JWT' };
+    const iss = ensureHex(await wallet.getAddress());
+    const publicKey = ensureHex(wallet.publicKey);
+    const _payload = {
         ...payload,
-        aud: audience,
         iat,
         exp,
-        iss: `did:ethr:${walletAddress}`,
-        pkp,
-        app,
-        authentication: {
-            type: authentication.type,
-            ...(authentication.value ? { value: authentication.value } : {}),
-        },
+        iss,
+        publicKey,
+        aud: audience,
+        role,
+        ...(subjectAddress ? { sub: subjectAddress } : {}),
+        __vincentJWTApiVersion: constants_1.VINCENT_JWT_API_VERSION,
     };
-    const jwt = await didJWT.createJWT(fullPayload, {
-        issuer: `did:ethr:${walletAddress}`,
-        signer,
-    }, {
-        alg: 'ES256K',
+    const signingInput = [
+        (0, base64_1.toBase64Url)((0, utils_1.toUtf8Bytes)(JSON.stringify(header))),
+        (0, base64_1.toBase64Url)((0, utils_1.toUtf8Bytes)(JSON.stringify(_payload))),
+    ].join('.');
+    const signature = await createES256KSigner(wallet)(signingInput);
+    // JWS Compact Serialization
+    // https://www.rfc-editor.org/rfc/rfc7515#section-7.1
+    return [signingInput, signature].join('.');
+}
+/**
+ * Create JWT for a platform user
+ * @category API > Create
+ * */
+async function createPlatformUserJWT(config) {
+    const { pkpWallet, pkpInfo, authentication, audience, expiresInMinutes, payload = {} } = config;
+    return createJWS({
+        payload: {
+            ...payload,
+            pkpInfo,
+            authentication,
+        },
+        wallet: pkpWallet,
+        config: { audience, expiresInMinutes, role: 'platform-user' },
+    });
+}
+/** Create JWT for an app-scoped user
+ * @category API > Create
+ * */
+async function createAppUserJWT(config) {
+    const { app, pkpWallet, pkpInfo, authentication, audience, expiresInMinutes, payload = {}, } = config;
+    return createJWS({
+        payload: {
+            ...payload,
+            pkpInfo,
+            app,
+            authentication,
+        },
+        wallet: pkpWallet,
+        config: { audience, expiresInMinutes, role: 'app-user' },
+    });
+}
+/**
+ * Creates a JWT for an app delegatee (Ethereum account that may act on behalf of a user).
+ *
+ * You must provide a valid `subjectAddress`, which must be a valid delegator for your Delegatee address.
+ *
+ * @category API > Create
+ */
+async function createDelegateeJWT(config) {
+    const { ethersWallet, subjectAddress, audience, expiresInMinutes, payload = {} } = config;
+    return createJWS({
+        payload,
+        wallet: ethersWallet,
+        config: { audience, expiresInMinutes, subjectAddress, role: 'app-delegatee' },
     });
-    return jwt;
 }
 //# sourceMappingURL=create.js.map

package/dist/src/jwt/core/create.js.map

@@ -1 +1 @@
-{"version":3,"file":"create.js","sourceRoot":"","sources":["../../../../src/jwt/core/create.ts"],"names":[],"mappings":";;AAyEA,wBAoCC;;AA7GD,wDAAkC;AAClC,mCAAgC;AAChC,4CAA4C;AAM5C,2CAA6C;AAE7C;;;;;;;;;;;;;;;;GAgBG;AACH,SAAS,eAAe,CAAC,SAA0B;IACjD;;;;;OAKG;IACH,OAAO,KAAK,EAAE,IAAyB,EAAmB,EAAE;QAC1D,MAAM,SAAS,GAAG,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAE/F,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QACnD,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,eAAM,CAAC,KAAK,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;QAElD,MAAM,MAAM,GAAG,IAAA,gBAAQ,EAAC,CAAC,CAAC,CAAC;QAC3B,MAAM,MAAM,GAAG,IAAA,gBAAQ,EAAC,CAAC,CAAC,CAAC;QAE3B,4DAA4D;QAC5D,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;QACpC,QAAQ,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QACxB,QAAQ,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAEzB,OAAO,IAAA,oBAAW,EAAC,QAAQ,CAAC,CAAC;IAC/B,CAAC,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACI,KAAK,UAAU,MAAM,CAAC,MAAiB;IAC5C,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,EAAE,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,cAAc,EAAE,GAAG,MAAM,CAAC;IAC5F,MAAM,MAAM,GAAG,eAAe,CAAC,SAAS,CAAC,CAAC;IAE1C,qFAAqF;IACrF,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,GAAG,GAAG,gBAAgB,GAAG,EAAE,CAAC;IAExC,MAAM,aAAa,GAAG,MAAM,SAAS,CAAC,UAAU,EAAE,CAAC;IAEnD,MAAM,WAAW,GAA0B;QACzC,GAAG,OAAO;QACV,GAAG,EAAE,QAAQ;QACb,GAAG;QACH,GAAG;QACH,GAAG,EAAE,YAAY,aAAa,EAAE;QAChC,GAAG;QACH,GAAG;QACH,cAAc,EAAE;YACd,IAAI,EAAE,cAAc,CAAC,IAAI;YACzB,GAAG,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,cAAc,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACjE;KACF,CAAC;IAEF,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,SAAS,CAChC,WAAW,EACX;QACE,MAAM,EAAE,YAAY,aAAa,EAAE;QACnC,MAAM;KACP,EACD;QACE,GAAG,EAAE,QAAQ;KACd,CACF,CAAC;IAEF,OAAO,GAAG,CAAC;AACb,CAAC"}
+{"version":3,"file":"create.js","sourceRoot":"","sources":["../../../../src/jwt/core/create.ts"],"names":[],"mappings":";;AAoEA,sDAYC;AAKD,4CAqBC;AASD,gDAQC;AA3HD,4CAAkF;AAWlF,4CAAuD;AACvD,2CAA6C;AAE7C,MAAM,SAAS,GAAG,CAAC,CAAS,EAAiB,EAAE,CAC7C,IAAA,eAAO,EAAC,CAAC,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAkB,CAAC;AAE5D,SAAS,kBAAkB,CAAC,MAAuB;IACjD,OAAO,KAAK,EAAE,IAAyB,EAAmB,EAAE;QAC1D,MAAM,YAAY,GAAG,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAA,mBAAW,EAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACzE,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;QACnD,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,IAAA,sBAAc,EAAC,GAAG,CAAC,CAAC;QACrC,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;QACpC,QAAQ,CAAC,GAAG,CAAC,IAAA,gBAAQ,EAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC7B,QAAQ,CAAC,GAAG,CAAC,IAAA,gBAAQ,EAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC9B,OAAO,IAAA,oBAAW,EAAC,QAAQ,CAAC,CAAC;IAC/B,CAAC,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAmB;IACnE,MAAM,EAAE,gBAAgB,EAAE,QAAQ,EAAE,cAAc,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC;IAEpE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAW,CAAC,OAAO,CAAC,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,gBAAgB,GAAG,EAAE,CAAC,CAAC;IAC3F,MAAM,MAAM,GAAG,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;IAE7C,MAAM,GAAG,GAAG,SAAS,CAAC,MAAM,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC;IACjD,MAAM,SAAS,GAAG,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAE9C,MAAM,QAAQ,GAAe;QAC3B,GAAG,OAAO;QACV,GAAG;QACH,GAAG;QACH,GAAG;QACH,SAAS;QACT,GAAG,EAAE,QAAQ;QACb,IAAI;QACJ,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAElD,sBAAsB,EAAE,mCAAuB;KAChD,CAAC;IAEF,MAAM,YAAY,GAAG;QACnB,IAAA,oBAAW,EAAC,IAAA,mBAAW,EAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;QAChD,IAAA,oBAAW,EAAC,IAAA,mBAAW,EAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;KACnD,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAEZ,MAAM,SAAS,GAAG,MAAM,kBAAkB,CAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;IAEjE,4BAA4B;IAC5B,qDAAqD;IACrD,OAAO,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7C,CAAC;AAED;;;KAGK;AACE,KAAK,UAAU,qBAAqB,CAAC,MAAmC;IAC7E,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,gBAAgB,EAAE,OAAO,GAAG,EAAE,EAAE,GAAG,MAAM,CAAC;IAEhG,OAAO,SAAS,CAAC;QACf,OAAO,EAAE;YACP,GAAG,OAAO;YACV,OAAO;YACP,cAAc;SACf;QACD,MAAM,EAAE,SAAS;QACjB,MAAM,EAAE,EAAE,QAAQ,EAAE,gBAAgB,EAAE,IAAI,EAAE,eAAe,EAAE;KAC9D,CAAC,CAAC;AACL,CAAC;AAED;;KAEK;AACE,KAAK,UAAU,gBAAgB,CAAC,MAA8B;IACnE,MAAM,EACJ,GAAG,EACH,SAAS,EACT,OAAO,EACP,cAAc,EACd,QAAQ,EACR,gBAAgB,EAChB,OAAO,GAAG,EAAE,GACb,GAAG,MAAM,CAAC;IAEX,OAAO,SAAS,CAAC;QACf,OAAO,EAAE;YACP,GAAG,OAAO;YACV,OAAO;YACP,GAAG;YACH,cAAc;SACf;QACD,MAAM,EAAE,SAAS;QACjB,MAAM,EAAE,EAAE,QAAQ,EAAE,gBAAgB,EAAE,IAAI,EAAE,UAAU,EAAE;KACzD,CAAC,CAAC;AACL,CAAC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,kBAAkB,CAAC,MAAgC;IACvE,MAAM,EAAE,YAAY,EAAE,cAAc,EAAE,QAAQ,EAAE,gBAAgB,EAAE,OAAO,GAAG,EAAE,EAAE,GAAG,MAAM,CAAC;IAE1F,OAAO,SAAS,CAAC;QACf,OAAO;QACP,MAAM,EAAE,YAAY;QACpB,MAAM,EAAE,EAAE,QAAQ,EAAE,gBAAgB,EAAE,cAAc,EAAE,IAAI,EAAE,eAAe,EAAE;KAC9E,CAAC,CAAC;AACL,CAAC"}

package/dist/src/jwt/core/decode.d.ts

@@ -0,0 +1,3 @@
+import type { AnyVincentJWT } from '../types';
+export declare function decodeVincentJWT(jwt: string): AnyVincentJWT;
+//# sourceMappingURL=decode.d.ts.map

package/dist/src/jwt/core/decode.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"decode.d.ts","sourceRoot":"","sources":["../../../../src/jwt/core/decode.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAIV,aAAa,EACd,MAAM,UAAU,CAAC;AAMlB,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,aAAa,CAsB3D"}

package/dist/src/jwt/core/decode.js

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.decodeVincentJWT = decodeVincentJWT;
+const constants_1 = require("../constants");
+const typeGuards_1 = require("../typeGuards");
+const decodeJWTStr_1 = require("./utils/decodeJWTStr");
+function decodeVincentJWT(jwt) {
+    var _a;
+    const decoded = (0, decodeJWTStr_1.decodeJWT)(jwt);
+    if (!decoded || typeof decoded !== 'object') {
+        throw new Error(`${constants_1.JWT_ERROR.INVALID_JWT}: Could not decode JWT`);
+    }
+    const role = (_a = decoded.payload) === null || _a === void 0 ? void 0 : _a.role;
+    switch (role) {
+        case 'platform-user':
+            (0, typeGuards_1.assertIsPKPSignedVincentJWT)(decoded);
+            return decoded;
+        case 'app-user':
+            (0, typeGuards_1.assertIsPKPSignedVincentJWT)(decoded);
+            return decoded;
+        case 'app-delegatee':
+            return decoded;
+        default:
+            throw new Error(`${constants_1.JWT_ERROR.INVALID_JWT}: Unrecognized role: ${role}`);
+    }
+}
+//# sourceMappingURL=decode.js.map

package/dist/src/jwt/core/decode.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"decode.js","sourceRoot":"","sources":["../../../../src/jwt/core/decode.ts"],"names":[],"mappings":";;AAWA,4CAsBC;AA1BD,4CAAyC;AACzC,8CAA4D;AAC5D,uDAAiD;AAEjD,SAAgB,gBAAgB,CAAC,GAAW;;IAC1C,MAAM,OAAO,GAAG,IAAA,wBAAS,EAAC,GAAG,CAAC,CAAC;IAE/B,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CAAC,GAAG,qBAAS,CAAC,WAAW,wBAAwB,CAAC,CAAC;IACpE,CAAC;IAED,MAAM,IAAI,GAAG,MAAA,OAAO,CAAC,OAAO,0CAAE,IAAI,CAAC;IAEnC,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,eAAe;YAClB,IAAA,wCAA2B,EAAC,OAAO,CAAC,CAAC;YACrC,OAAO,OAAiC,CAAC;QAC3C,KAAK,UAAU;YACb,IAAA,wCAA2B,EAAC,OAAO,CAAC,CAAC;YACrC,OAAO,OAA4B,CAAC;QACtC,KAAK,eAAe;YAClB,OAAO,OAA8B,CAAC;QAExC;YACE,MAAM,IAAI,KAAK,CAAC,GAAG,qBAAS,CAAC,WAAW,wBAAwB,IAAI,EAAE,CAAC,CAAC;IAC5E,CAAC;AACH,CAAC"}

package/dist/src/jwt/core/isExpired.d.ts

@@ -1,9 +1,9 @@
-import type { VincentJWT } from '../types';
+import type { AnyVincentJWT } from '../types';
 /** Checks if a JWT is expired based on its 'exp' claim
  *
  * @returns true if expired, false otherwise
  * @param decodedJWT
- * @category API
+ * @category API > Verify
  */
-export declare function isExpired(decodedJWT: VincentJWT): boolean;
+export declare function isExpired(decodedJWT: AnyVincentJWT): boolean;
 //# sourceMappingURL=isExpired.d.ts.map

package/dist/src/jwt/core/isExpired.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"isExpired.d.ts","sourceRoot":"","sources":["../../../../src/jwt/core/isExpired.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAE3C;;;;;GAKG;AACH,wBAAgB,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO,CAWzD"}
+{"version":3,"file":"isExpired.d.ts","sourceRoot":"","sources":["../../../../src/jwt/core/isExpired.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAE9C;;;;;GAKG;AACH,wBAAgB,SAAS,CAAC,UAAU,EAAE,aAAa,GAAG,OAAO,CAW5D"}

package/dist/src/jwt/core/isExpired.js

@@ -5,7 +5,7 @@ exports.isExpired = isExpired;
  *
  * @returns true if expired, false otherwise
  * @param decodedJWT
- * @category API
+ * @category API > Verify
  */
 function isExpired(decodedJWT) {
     const { payload } = decodedJWT;

package/dist/src/jwt/core/isExpired.js.map

@@ -1 +1 @@
-{"version":3,"file":"isExpired.js","sourceRoot":"","sources":["../../../../src/jwt/core/isExpired.ts"],"names":[],"mappings":";;AAQA,8BAWC;AAjBD;;;;;GAKG;AACH,SAAgB,SAAS,CAAC,UAAsB;IAC9C,MAAM,EAAE,OAAO,EAAE,GAAG,UAAU,CAAC;IAE/B,gEAAgE;IAChE,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,uDAAuD;IACvD,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAClD,OAAO,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC;AACpC,CAAC"}
+{"version":3,"file":"isExpired.js","sourceRoot":"","sources":["../../../../src/jwt/core/isExpired.ts"],"names":[],"mappings":";;AAQA,8BAWC;AAjBD;;;;;GAKG;AACH,SAAgB,SAAS,CAAC,UAAyB;IACjD,MAAM,EAAE,OAAO,EAAE,GAAG,UAAU,CAAC;IAE/B,gEAAgE;IAChE,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,uDAAuD;IACvD,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAClD,OAAO,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC;AACpC,CAAC"}

package/dist/src/jwt/core/utils/base64.d.ts

@@ -8,6 +8,7 @@ export declare function fromBase64(base64: string): Uint8Array;
 /**
  * Converts a Uint8Array to a base64url-encoded string.
  * Works in all JS environments (Node.js, Deno, browser, Web Workers).
+ *
  * No Buffer polyfill requirement.
  */
 export declare function toBase64Url(bytes: Uint8Array): string;