@lit-protocol/vincent-app-sdk 0.0.7-mma → 0.0.9-mma

package/dist/src/jwt/core/utils/base64.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"base64.d.ts","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/base64.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU,CAuBrD;AAED;;;;GAIG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAkBrD"}
+{"version":3,"file":"base64.d.ts","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/base64.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU,CAuBrD;AAED;;;;;GAKG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAkBrD"}

package/dist/src/jwt/core/utils/base64.js

@@ -32,6 +32,7 @@ function fromBase64(base64) {
 /**
  * Converts a Uint8Array to a base64url-encoded string.
  * Works in all JS environments (Node.js, Deno, browser, Web Workers).
+ *
  * No Buffer polyfill requirement.
  */
 function toBase64Url(bytes) {

package/dist/src/jwt/core/utils/base64.js.map

@@ -1 +1 @@
-{"version":3,"file":"base64.js","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/base64.ts"],"names":[],"mappings":";;AAMA,gCAuBC;AAOD,kCAkBC;AAtDD;;;;;GAKG;AACH,SAAgB,UAAU,CAAC,MAAc;IACvC,+BAA+B;IAC/B,MAAM,UAAU,GAAG,MAAM;SACtB,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC;SAClB,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC;SAClB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC;IAEjD,UAAU;IACV,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,OAAO,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QACvE,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC;IAC3D,CAAC;IAED,8BAA8B;IAC9B,IAAI,OAAO,IAAI,KAAK,WAAW,EAAE,CAAC;QAChC,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;QAChC,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACvC,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAClC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;AAC9E,CAAC;AAED;;;;GAIG;AACH,SAAgB,WAAW,CAAC,KAAiB;IAC3C,UAAU;IACV,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,OAAO,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QACvE,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC;aACtB,QAAQ,CAAC,QAAQ,CAAC;aAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;aACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;aACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACxB,CAAC;IAED,8BAA8B;IAC9B,IAAI,OAAO,IAAI,KAAK,WAAW,EAAE,CAAC;QAChC,MAAM,SAAS,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC;QAChD,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC;QAC/B,OAAO,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAC3E,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;AAC9E,CAAC"}
+{"version":3,"file":"base64.js","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/base64.ts"],"names":[],"mappings":";;AAMA,gCAuBC;AAQD,kCAkBC;AAvDD;;;;;GAKG;AACH,SAAgB,UAAU,CAAC,MAAc;IACvC,+BAA+B;IAC/B,MAAM,UAAU,GAAG,MAAM;SACtB,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC;SAClB,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC;SAClB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC;IAEjD,UAAU;IACV,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,OAAO,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QACvE,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC;IAC3D,CAAC;IAED,8BAA8B;IAC9B,IAAI,OAAO,IAAI,KAAK,WAAW,EAAE,CAAC;QAChC,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;QAChC,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACvC,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAClC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;AAC9E,CAAC;AAED;;;;;GAKG;AACH,SAAgB,WAAW,CAAC,KAAiB;IAC3C,UAAU;IACV,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,OAAO,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QACvE,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC;aACtB,QAAQ,CAAC,QAAQ,CAAC;aAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;aACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;aACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACxB,CAAC;IAED,8BAA8B;IAC9B,IAAI,OAAO,IAAI,KAAK,WAAW,EAAE,CAAC;QAChC,MAAM,SAAS,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC;QAChD,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC;QAC/B,OAAO,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAC3E,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;AAC9E,CAAC"}

package/dist/src/jwt/core/utils/decodeJWTStr.d.ts

@@ -0,0 +1,3 @@
+import type { DecodedJWT } from '../../types';
+export declare function decodeJWT(jws: string): DecodedJWT;
+//# sourceMappingURL=decodeJWTStr.d.ts.map

package/dist/src/jwt/core/utils/decodeJWTStr.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"decodeJWTStr.d.ts","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/decodeJWTStr.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAK9C,wBAAgB,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAejD"}

package/dist/src/jwt/core/utils/decodeJWTStr.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.decodeJWT = decodeJWT;
+const utils_1 = require("ethers/lib/utils");
+const typeGuards_1 = require("../../typeGuards");
+const base64_1 = require("./base64");
+function decodeJWT(jws) {
+    const parts = jws.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);
+    if (parts) {
+        const payload = JSON.parse((0, utils_1.toUtf8String)((0, base64_1.fromBase64)(parts[2])));
+        (0, typeGuards_1.assertJWTAPIVersion)(payload.__vincentJWTApiVersion);
+        return {
+            header: JSON.parse((0, utils_1.toUtf8String)((0, base64_1.fromBase64)(parts[1]))),
+            payload,
+            signature: parts[3],
+            data: `${parts[1]}.${parts[2]}`,
+        };
+    }
+    throw new Error('invalid_argument: Incorrect format JWS');
+}
+//# sourceMappingURL=decodeJWTStr.js.map

package/dist/src/jwt/core/utils/decodeJWTStr.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"decodeJWTStr.js","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/decodeJWTStr.ts"],"names":[],"mappings":";;AAOA,8BAeC;AAtBD,4CAAgD;AAIhD,iDAAuD;AACvD,qCAAsC;AAEtC,SAAgB,SAAS,CAAC,GAAW;IACnC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAC;IAClF,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,oBAAY,EAAC,IAAA,mBAAU,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/D,IAAA,gCAAmB,EAAC,OAAO,CAAC,sBAAsB,CAAC,CAAC;QAEpD,OAAO;YACL,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,IAAA,oBAAY,EAAC,IAAA,mBAAU,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACtD,OAAO;YACP,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC;YACnB,IAAI,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE;SAChC,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;AAC5D,CAAC"}

package/dist/src/jwt/core/utils/index.d.ts

@@ -1,5 +1,5 @@
 export { isDefinedObject } from './definedObject';
 export { validateJWTTime } from './validateJWTTime';
-export { splitJWT } from './splitJWT';
-export { processJWTSignature } from './processJWTSignature';
+export { fromBase64, toBase64Url } from './base64';
+export { verifyES256KSignature } from './verifyES256KSignature';
 //# sourceMappingURL=index.d.ts.map

package/dist/src/jwt/core/utils/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AACtC,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACnD,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC"}

package/dist/src/jwt/core/utils/index.js

@@ -1,12 +1,13 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.processJWTSignature = exports.splitJWT = exports.validateJWTTime = exports.isDefinedObject = void 0;
+exports.verifyES256KSignature = exports.toBase64Url = exports.fromBase64 = exports.validateJWTTime = exports.isDefinedObject = void 0;
 var definedObject_1 = require("./definedObject");
 Object.defineProperty(exports, "isDefinedObject", { enumerable: true, get: function () { return definedObject_1.isDefinedObject; } });
 var validateJWTTime_1 = require("./validateJWTTime");
 Object.defineProperty(exports, "validateJWTTime", { enumerable: true, get: function () { return validateJWTTime_1.validateJWTTime; } });
-var splitJWT_1 = require("./splitJWT");
-Object.defineProperty(exports, "splitJWT", { enumerable: true, get: function () { return splitJWT_1.splitJWT; } });
-var processJWTSignature_1 = require("./processJWTSignature");
-Object.defineProperty(exports, "processJWTSignature", { enumerable: true, get: function () { return processJWTSignature_1.processJWTSignature; } });
+var base64_1 = require("./base64");
+Object.defineProperty(exports, "fromBase64", { enumerable: true, get: function () { return base64_1.fromBase64; } });
+Object.defineProperty(exports, "toBase64Url", { enumerable: true, get: function () { return base64_1.toBase64Url; } });
+var verifyES256KSignature_1 = require("./verifyES256KSignature");
+Object.defineProperty(exports, "verifyES256KSignature", { enumerable: true, get: function () { return verifyES256KSignature_1.verifyES256KSignature; } });
 //# sourceMappingURL=index.js.map

package/dist/src/jwt/core/utils/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/index.ts"],"names":[],"mappings":";;;AAAA,iDAAkD;AAAzC,gHAAA,eAAe,OAAA;AACxB,qDAAoD;AAA3C,kHAAA,eAAe,OAAA;AACxB,uCAAsC;AAA7B,oGAAA,QAAQ,OAAA;AACjB,6DAA4D;AAAnD,0HAAA,mBAAmB,OAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/index.ts"],"names":[],"mappings":";;;AAAA,iDAAkD;AAAzC,gHAAA,eAAe,OAAA;AACxB,qDAAoD;AAA3C,kHAAA,eAAe,OAAA;AACxB,mCAAmD;AAA1C,oGAAA,UAAU,OAAA;AAAE,qGAAA,WAAW,OAAA;AAChC,iEAAgE;AAAvD,8HAAA,qBAAqB,OAAA"}

package/dist/src/jwt/core/utils/validateJWTTime.js

@@ -1,7 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.validateJWTTime = validateJWTTime;
-const did_jwt_1 = require("did-jwt");
+const constants_1 = require("../../constants");
 /** Validates JWT time claims (iat and nbf)
  * @ignore
  *
@@ -12,12 +12,12 @@ const did_jwt_1 = require("did-jwt");
 function validateJWTTime(payload, currentTime) {
     // Check 'not before' claim if present
     if (payload.nbf && currentTime < payload.nbf) {
-        throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_JWT}: Token not yet valid (nbf claim is in the future)`);
+        throw new Error(`${constants_1.JWT_ERROR.INVALID_JWT}: Token not yet valid (nbf claim is in the future)`);
     }
     // Check 'issued at' claim if present
     // Allow a small leeway (30 seconds) for clock skew
     if (payload.iat && currentTime < payload.iat - 30) {
-        throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_JWT}: Token issued in the future (iat claim is ahead of current time)`);
+        throw new Error(`${constants_1.JWT_ERROR.INVALID_JWT}: Token issued in the future (iat claim is ahead of current time)`);
     }
     return true;
 }

package/dist/src/jwt/core/utils/validateJWTTime.js.map

@@ -1 +1 @@
-{"version":3,"file":"validateJWTTime.js","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/validateJWTTime.ts"],"names":[],"mappings":";;AASA,0CAkBC;AA3BD,qCAAoC;AAEpC;;;;;;GAMG;AACH,SAAgB,eAAe,CAC7B,OAAuC,EACvC,WAAmB;IAEnB,sCAAsC;IACtC,IAAI,OAAO,CAAC,GAAG,IAAI,WAAW,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;QAC7C,MAAM,IAAI,KAAK,CAAC,GAAG,mBAAS,CAAC,WAAW,oDAAoD,CAAC,CAAC;IAChG,CAAC;IAED,qCAAqC;IACrC,mDAAmD;IACnD,IAAI,OAAO,CAAC,GAAG,IAAI,WAAW,GAAG,OAAO,CAAC,GAAG,GAAG,EAAE,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CACb,GAAG,mBAAS,CAAC,WAAW,mEAAmE,CAC5F,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}
+{"version":3,"file":"validateJWTTime.js","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/validateJWTTime.ts"],"names":[],"mappings":";;AASA,0CAkBC;AA3BD,+CAA4C;AAE5C;;;;;;GAMG;AACH,SAAgB,eAAe,CAC7B,OAAuC,EACvC,WAAmB;IAEnB,sCAAsC;IACtC,IAAI,OAAO,CAAC,GAAG,IAAI,WAAW,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;QAC7C,MAAM,IAAI,KAAK,CAAC,GAAG,qBAAS,CAAC,WAAW,oDAAoD,CAAC,CAAC;IAChG,CAAC;IAED,qCAAqC;IACrC,mDAAmD;IACnD,IAAI,OAAO,CAAC,GAAG,IAAI,WAAW,GAAG,OAAO,CAAC,GAAG,GAAG,EAAE,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CACb,GAAG,qBAAS,CAAC,WAAW,mEAAmE,CAC5F,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/src/jwt/core/utils/verifyES256KSignature.d.ts

@@ -0,0 +1,5 @@
+import type { AnyVincentJWT } from '../../types';
+export declare function verifyES256KSignature({ decoded }: {
+    decoded: AnyVincentJWT;
+}): Promise<void>;
+//# sourceMappingURL=verifyES256KSignature.d.ts.map

package/dist/src/jwt/core/utils/verifyES256KSignature.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verifyES256KSignature.d.ts","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/verifyES256KSignature.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAKjD,wBAAsB,qBAAqB,CAAC,EAAE,OAAO,EAAE,EAAE;IAAE,OAAO,EAAE,aAAa,CAAA;CAAE,iBA8BlF"}

package/dist/src/jwt/core/utils/verifyES256KSignature.js

@@ -0,0 +1,33 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyES256KSignature = verifyES256KSignature;
+const tslib_1 = require("tslib");
+const secp256k1 = tslib_1.__importStar(require("@noble/secp256k1"));
+const ethers_1 = require("ethers");
+const utils_1 = require("ethers/lib/utils");
+const constants_1 = require("../../constants");
+const base64_1 = require("./base64");
+async function verifyES256KSignature({ decoded }) {
+    try {
+        const { data, signature } = decoded;
+        // Process signature from base64url to binary
+        const signatureBytes = (0, base64_1.fromBase64)(signature);
+        // Extract r and s values from the signature
+        const r = signatureBytes.slice(0, 32);
+        const s = signatureBytes.slice(32, 64);
+        const publicKeyBytes = (0, utils_1.arrayify)(decoded.payload.publicKey, { allowMissingPrefix: true });
+        // PKPEthersWallet.signMessage() adds Ethereum prefix, so we need to add it here too
+        const ethPrefixedMessage = '\x19Ethereum Signed Message:\n' + data.length + data;
+        const messageHashBytes = (0, utils_1.arrayify)(ethers_1.ethers.utils.keccak256((0, utils_1.toUtf8Bytes)(ethPrefixedMessage)));
+        const signatureForSecp = new Uint8Array([...r, ...s]);
+        // Verify the signature against the public key
+        const isVerified = secp256k1.verify(signatureForSecp, messageHashBytes, publicKeyBytes);
+        if (!isVerified) {
+            throw new Error(`Signature verify() did not pass for ${signature}`);
+        }
+    }
+    catch (error) {
+        throw new Error(`${constants_1.JWT_ERROR.INVALID_SIGNATURE}: Invalid signature: ${error.message}`);
+    }
+}
+//# sourceMappingURL=verifyES256KSignature.js.map

package/dist/src/jwt/core/utils/verifyES256KSignature.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verifyES256KSignature.js","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/verifyES256KSignature.ts"],"names":[],"mappings":";;AASA,sDA8BC;;AAvCD,oEAA8C;AAC9C,mCAAgC;AAChC,4CAAyD;AAIzD,+CAA4C;AAC5C,qCAAsC;AAE/B,KAAK,UAAU,qBAAqB,CAAC,EAAE,OAAO,EAA8B;IACjF,IAAI,CAAC;QACH,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;QAEpC,6CAA6C;QAC7C,MAAM,cAAc,GAAG,IAAA,mBAAU,EAAC,SAAS,CAAC,CAAC;QAE7C,4CAA4C;QAC5C,MAAM,CAAC,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACtC,MAAM,CAAC,GAAG,cAAc,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAEvC,MAAM,cAAc,GAAG,IAAA,gBAAQ,EAAC,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,CAAC;QAEzF,oFAAoF;QACpF,MAAM,kBAAkB,GAAG,gCAAgC,GAAG,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACjF,MAAM,gBAAgB,GAAG,IAAA,gBAAQ,EAAC,eAAM,CAAC,KAAK,CAAC,SAAS,CAAC,IAAA,mBAAW,EAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC;QAE3F,MAAM,gBAAgB,GAAG,IAAI,UAAU,CAAC,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;QAEtD,8CAA8C;QAC9C,MAAM,UAAU,GAAG,SAAS,CAAC,MAAM,CAAC,gBAAgB,EAAE,gBAAgB,EAAE,cAAc,CAAC,CAAC;QAExF,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,uCAAuC,SAAS,EAAE,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CACb,GAAG,qBAAS,CAAC,iBAAiB,wBAAyB,KAAe,CAAC,OAAO,EAAE,CACjF,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/src/jwt/core/verify.d.ts

@@ -0,0 +1,27 @@
+import type { VincentJWTAppUser, VincentJWTPlatformUser, VincentJWTDelegatee } from '../types';
+/** Verify a JWT that must decode to a VincentAppUserJWT
+ *
+ * @category API > Verify
+ */
+export declare function verifyVincentAppUserJWT({ jwt, expectedAudience, requiredAppId, }: {
+    jwt: string;
+    expectedAudience: string;
+    requiredAppId: number;
+}): Promise<VincentJWTAppUser>;
+/**
+ *
+ * @category API > Verify
+ */
+export declare function verifyVincentPlatformJWT({ jwt, expectedAudience, }: {
+    jwt: string;
+    expectedAudience: string;
+}): Promise<VincentJWTPlatformUser>;
+/**
+ *
+ * @category API > Verify
+ */
+export declare function verifyVincentDelegateeJWT({ jwt, expectedAudience, }: {
+    jwt: string;
+    expectedAudience: string;
+}): Promise<VincentJWTDelegatee>;
+//# sourceMappingURL=verify.d.ts.map

package/dist/src/jwt/core/verify.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../../../../src/jwt/core/verify.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,iBAAiB,EAEjB,sBAAsB,EACtB,mBAAmB,EACpB,MAAM,UAAU,CAAC;AA6DlB;;;GAGG;AACH,wBAAsB,uBAAuB,CAAC,EAC5C,GAAG,EACH,gBAAgB,EAChB,aAAa,GACd,EAAE;IACD,GAAG,EAAE,MAAM,CAAC;IACZ,gBAAgB,EAAE,MAAM,CAAC;IACzB,aAAa,EAAE,MAAM,CAAC;CACvB,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAgB7B;AAED;;;GAGG;AACH,wBAAsB,wBAAwB,CAAC,EAC7C,GAAG,EACH,gBAAgB,GACjB,EAAE;IACD,GAAG,EAAE,MAAM,CAAC;IACZ,gBAAgB,EAAE,MAAM,CAAC;CAC1B,GAAG,OAAO,CAAC,sBAAsB,CAAC,CAQlC;AAED;;;GAGG;AACH,wBAAsB,yBAAyB,CAAC,EAC9C,GAAG,EACH,gBAAgB,GACjB,EAAE;IACD,GAAG,EAAE,MAAM,CAAC;IACZ,gBAAgB,EAAE,MAAM,CAAC;CAC1B,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAQ/B"}

package/dist/src/jwt/core/verify.js

@@ -0,0 +1,84 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyVincentAppUserJWT = verifyVincentAppUserJWT;
+exports.verifyVincentPlatformJWT = verifyVincentPlatformJWT;
+exports.verifyVincentDelegateeJWT = verifyVincentDelegateeJWT;
+const accessors_1 = require("../accessors");
+const constants_1 = require("../constants");
+const typeGuards_1 = require("../typeGuards");
+const decode_1 = require("./decode");
+const isExpired_1 = require("./isExpired");
+const utils_1 = require("./utils");
+const verifyES256KSignature_1 = require("./utils/verifyES256KSignature");
+/**
+ * Verifies a Vincent JWT's:
+ * - signature using `publicKey`
+ * - expiration, not-before, issued-at
+ * - audience against `expectedAudience`
+ *
+ * This method is called internally from the type-specific JWT verify methods and is not end-user facing
+ *
+ * @internal
+ */
+async function verifyAnyVincentJWT({ jwt, expectedAudience, }) {
+    if (!expectedAudience) {
+        throw new Error(`You must provide an expectedAudience`);
+    }
+    const decoded = (0, decode_1.decodeVincentJWT)(jwt);
+    const { payload } = decoded;
+    const { exp, publicKey } = payload;
+    if (!exp) {
+        throw new Error(`${constants_1.JWT_ERROR.INVALID_JWT}: Missing expiration (exp)`);
+    }
+    if ((0, isExpired_1.isExpired)(decoded)) {
+        throw new Error(`${constants_1.JWT_ERROR.INVALID_JWT}: JWT expired at ${exp}`);
+    }
+    (0, utils_1.validateJWTTime)(payload, Math.floor(Date.now() / 1000));
+    const audiences = (0, accessors_1.getAudience)(decoded);
+    if (!audiences.includes(expectedAudience)) {
+        throw new Error(`${constants_1.JWT_ERROR.INVALID_AUDIENCE}: Expected audience ${expectedAudience} not found in aud claim`);
+    }
+    if (!publicKey) {
+        throw new Error(`${constants_1.JWT_ERROR.INVALID_JWT}: Missing publicKey in payload`);
+    }
+    await (0, verifyES256KSignature_1.verifyES256KSignature)({ decoded });
+    return decoded;
+}
+/** Verify a JWT that must decode to a VincentAppUserJWT
+ *
+ * @category API > Verify
+ */
+async function verifyVincentAppUserJWT({ jwt, expectedAudience, requiredAppId, }) {
+    const decoded = await verifyAnyVincentJWT({ jwt, expectedAudience });
+    if (!(0, typeGuards_1.isAppUser)(decoded)) {
+        throw new Error(`${constants_1.JWT_ERROR.INVALID_JWT}: JWT is not an app-user token`);
+    }
+    const { app } = decoded.payload;
+    if (!app || app.id !== requiredAppId) {
+        throw new Error(`${constants_1.JWT_ERROR.INVALID_JWT}: appId mismatch; expected ${requiredAppId}, got ${app === null || app === void 0 ? void 0 : app.id}`);
+    }
+    return decoded;
+}
+/**
+ *
+ * @category API > Verify
+ */
+async function verifyVincentPlatformJWT({ jwt, expectedAudience, }) {
+    const decoded = await verifyAnyVincentJWT({ jwt, expectedAudience });
+    if (!(0, typeGuards_1.isPlatformUser)(decoded)) {
+        throw new Error(`${constants_1.JWT_ERROR.INVALID_JWT}: JWT is not a platform token`);
+    }
+    return decoded;
+}
+/**
+ *
+ * @category API > Verify
+ */
+async function verifyVincentDelegateeJWT({ jwt, expectedAudience, }) {
+    const decoded = await verifyAnyVincentJWT({ jwt, expectedAudience });
+    if (!(0, typeGuards_1.isDelegatee)(decoded)) {
+        throw new Error(`${constants_1.JWT_ERROR.INVALID_JWT}: JWT is not a delegatee token`);
+    }
+    return decoded;
+}
+//# sourceMappingURL=verify.js.map

package/dist/src/jwt/core/verify.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.js","sourceRoot":"","sources":["../../../../src/jwt/core/verify.ts"],"names":[],"mappings":";;AAsEA,0DAwBC;AAMD,4DAcC;AAMD,8DAcC;AA/HD,4CAA2C;AAC3C,4CAAyC;AACzC,8CAAuE;AACvE,qCAA4C;AAC5C,2CAAwC;AACxC,mCAA0C;AAC1C,yEAAsE;AAEtE;;;;;;;;;GASG;AAEH,KAAK,UAAU,mBAAmB,CAAC,EACjC,GAAG,EACH,gBAAgB,GAIjB;IACC,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,OAAO,GAAG,IAAA,yBAAgB,EAAC,GAAG,CAAC,CAAC;IACtC,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IAC5B,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;IAEnC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,GAAG,qBAAS,CAAC,WAAW,4BAA4B,CAAC,CAAC;IACxE,CAAC;IAED,IAAI,IAAA,qBAAS,EAAC,OAAO,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,GAAG,qBAAS,CAAC,WAAW,oBAAoB,GAAG,EAAE,CAAC,CAAC;IACrE,CAAC;IAED,IAAA,uBAAe,EAAC,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC;IAExD,MAAM,SAAS,GAAG,IAAA,uBAAW,EAAC,OAAO,CAAC,CAAC;IACvC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CACb,GAAG,qBAAS,CAAC,gBAAgB,uBAAuB,gBAAgB,yBAAyB,CAC9F,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,GAAG,qBAAS,CAAC,WAAW,gCAAgC,CAAC,CAAC;IAC5E,CAAC;IAED,MAAM,IAAA,6CAAqB,EAAC,EAAE,OAAO,EAAE,CAAC,CAAC;IACzC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,uBAAuB,CAAC,EAC5C,GAAG,EACH,gBAAgB,EAChB,aAAa,GAKd;IACC,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC,EAAE,GAAG,EAAE,gBAAgB,EAAE,CAAC,CAAC;IAErE,IAAI,CAAC,IAAA,sBAAS,EAAC,OAAO,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,GAAG,qBAAS,CAAC,WAAW,gCAAgC,CAAC,CAAC;IAC5E,CAAC;IAED,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAEhC,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,EAAE,KAAK,aAAa,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CACb,GAAG,qBAAS,CAAC,WAAW,8BAA8B,aAAa,SAAS,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,EAAE,EAAE,CACtF,CAAC;IACJ,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,wBAAwB,CAAC,EAC7C,GAAG,EACH,gBAAgB,GAIjB;IACC,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC,EAAE,GAAG,EAAE,gBAAgB,EAAE,CAAC,CAAC;IAErE,IAAI,CAAC,IAAA,2BAAc,EAAC,OAAO,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,GAAG,qBAAS,CAAC,WAAW,+BAA+B,CAAC,CAAC;IAC3E,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,yBAAyB,CAAC,EAC9C,GAAG,EACH,gBAAgB,GAIjB;IACC,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC,EAAE,GAAG,EAAE,gBAAgB,EAAE,CAAC,CAAC;IAErE,IAAI,CAAC,IAAA,wBAAW,EAAC,OAAO,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,qBAAS,CAAC,WAAW,gCAAgC,CAAC,CAAC;IAC5E,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/src/jwt/index.d.ts

@@ -1,7 +1,7 @@
 /** The `jwt` module provides helper methods that allow you to decode and validate Vincent-specific JWTs.
  *
- * Vincent JWTs are composed using the `did-jwt` library, but have a custom `alg` of `ES256K`, and are signed using
- * PKP ethereum keys.
+ * Vincent JWTs are signed using `alg: ES256K`.  The signed data is EIP191 compliant.
+ *
  *
  * Vincent JWTs are issued by the Vincent Dashboard when a user provides delegation permission for your app to their agent PKP.
  * They are passed to your web app using a redirectUri which you configure on your app.
@@ -12,10 +12,10 @@
  * @packageDocumentation
  *
  */
-export { create } from './core/create';
+export { createPlatformUserJWT, createDelegateeJWT, createAppUserJWT } from './core/create';
 export { isExpired } from './core/isExpired';
-export { decode, verify } from './core/validate';
-export { isGeneralJWT, isAppSpecificJWT, assertIsVincentJWT } from './typeGuards';
-export type { JWTConfig, VincentJWT, VincentJWTAppSpecific } from './types';
-export { getAppInfo, getPKPInfo } from './accessors';
+export { verifyVincentAppUserJWT, verifyVincentPlatformJWT, verifyVincentDelegateeJWT, } from './core/verify';
+export { isAppUser, isPlatformUser, isAnyVincentJWT, isDelegatee } from './typeGuards';
+export type { DecodedJWT, AnyVincentJWT, VincentJWTPlatformUser, VincentJWTAppUser, VincentJWTDelegatee, VincentJWTRole, CreatePlatformUserJWTParams, CreateAppUserJWTParams, CreateDelegateeJWTParams, PKPAuthenticationMethod, PayloadWithoutInternallySetKeys, InternallySetPayloadKeys, } from './types';
+export { getAppInfo, getPKPInfo, getRole, getSubjectAddress, getIssuerAddress, getAudience, getPublicKey, getAuthentication, } from './accessors';
 //# sourceMappingURL=index.d.ts.map

package/dist/src/jwt/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/jwt/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AACH,OAAO,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AACvC,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,YAAY,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAElF,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,qBAAqB,EAAE,MAAM,SAAS,CAAC;AAC5E,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/jwt/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AACH,OAAO,EAAE,qBAAqB,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAC5F,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,EACL,uBAAuB,EACvB,wBAAwB,EACxB,yBAAyB,GAC1B,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,SAAS,EAAE,cAAc,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAEvF,YAAY,EACV,UAAU,EACV,aAAa,EACb,sBAAsB,EACtB,iBAAiB,EACjB,mBAAmB,EACnB,cAAc,EACd,2BAA2B,EAC3B,sBAAsB,EACtB,wBAAwB,EACxB,uBAAuB,EACvB,+BAA+B,EAC/B,wBAAwB,GACzB,MAAM,SAAS,CAAC;AACjB,OAAO,EACL,UAAU,EACV,UAAU,EACV,OAAO,EACP,iBAAiB,EACjB,gBAAgB,EAChB,WAAW,EACX,YAAY,EACZ,iBAAiB,GAClB,MAAM,aAAa,CAAC"}

package/dist/src/jwt/index.js

@@ -1,10 +1,10 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getPKPInfo = exports.getAppInfo = exports.assertIsVincentJWT = exports.isAppSpecificJWT = exports.isGeneralJWT = exports.verify = exports.decode = exports.isExpired = exports.create = void 0;
+exports.getAuthentication = exports.getPublicKey = exports.getAudience = exports.getIssuerAddress = exports.getSubjectAddress = exports.getRole = exports.getPKPInfo = exports.getAppInfo = exports.isDelegatee = exports.isAnyVincentJWT = exports.isPlatformUser = exports.isAppUser = exports.verifyVincentDelegateeJWT = exports.verifyVincentPlatformJWT = exports.verifyVincentAppUserJWT = exports.isExpired = exports.createAppUserJWT = exports.createDelegateeJWT = exports.createPlatformUserJWT = void 0;
 /** The `jwt` module provides helper methods that allow you to decode and validate Vincent-specific JWTs.
  *
- * Vincent JWTs are composed using the `did-jwt` library, but have a custom `alg` of `ES256K`, and are signed using
- * PKP ethereum keys.
+ * Vincent JWTs are signed using `alg: ES256K`.  The signed data is EIP191 compliant.
+ *
  *
  * Vincent JWTs are issued by the Vincent Dashboard when a user provides delegation permission for your app to their agent PKP.
  * They are passed to your web app using a redirectUri which you configure on your app.
@@ -16,17 +16,27 @@ exports.getPKPInfo = exports.getAppInfo = exports.assertIsVincentJWT = exports.i
  *
  */
 var create_1 = require("./core/create");
-Object.defineProperty(exports, "create", { enumerable: true, get: function () { return create_1.create; } });
+Object.defineProperty(exports, "createPlatformUserJWT", { enumerable: true, get: function () { return create_1.createPlatformUserJWT; } });
+Object.defineProperty(exports, "createDelegateeJWT", { enumerable: true, get: function () { return create_1.createDelegateeJWT; } });
+Object.defineProperty(exports, "createAppUserJWT", { enumerable: true, get: function () { return create_1.createAppUserJWT; } });
 var isExpired_1 = require("./core/isExpired");
 Object.defineProperty(exports, "isExpired", { enumerable: true, get: function () { return isExpired_1.isExpired; } });
-var validate_1 = require("./core/validate");
-Object.defineProperty(exports, "decode", { enumerable: true, get: function () { return validate_1.decode; } });
-Object.defineProperty(exports, "verify", { enumerable: true, get: function () { return validate_1.verify; } });
+var verify_1 = require("./core/verify");
+Object.defineProperty(exports, "verifyVincentAppUserJWT", { enumerable: true, get: function () { return verify_1.verifyVincentAppUserJWT; } });
+Object.defineProperty(exports, "verifyVincentPlatformJWT", { enumerable: true, get: function () { return verify_1.verifyVincentPlatformJWT; } });
+Object.defineProperty(exports, "verifyVincentDelegateeJWT", { enumerable: true, get: function () { return verify_1.verifyVincentDelegateeJWT; } });
 var typeGuards_1 = require("./typeGuards");
-Object.defineProperty(exports, "isGeneralJWT", { enumerable: true, get: function () { return typeGuards_1.isGeneralJWT; } });
-Object.defineProperty(exports, "isAppSpecificJWT", { enumerable: true, get: function () { return typeGuards_1.isAppSpecificJWT; } });
-Object.defineProperty(exports, "assertIsVincentJWT", { enumerable: true, get: function () { return typeGuards_1.assertIsVincentJWT; } });
+Object.defineProperty(exports, "isAppUser", { enumerable: true, get: function () { return typeGuards_1.isAppUser; } });
+Object.defineProperty(exports, "isPlatformUser", { enumerable: true, get: function () { return typeGuards_1.isPlatformUser; } });
+Object.defineProperty(exports, "isAnyVincentJWT", { enumerable: true, get: function () { return typeGuards_1.isAnyVincentJWT; } });
+Object.defineProperty(exports, "isDelegatee", { enumerable: true, get: function () { return typeGuards_1.isDelegatee; } });
 var accessors_1 = require("./accessors");
 Object.defineProperty(exports, "getAppInfo", { enumerable: true, get: function () { return accessors_1.getAppInfo; } });
 Object.defineProperty(exports, "getPKPInfo", { enumerable: true, get: function () { return accessors_1.getPKPInfo; } });
+Object.defineProperty(exports, "getRole", { enumerable: true, get: function () { return accessors_1.getRole; } });
+Object.defineProperty(exports, "getSubjectAddress", { enumerable: true, get: function () { return accessors_1.getSubjectAddress; } });
+Object.defineProperty(exports, "getIssuerAddress", { enumerable: true, get: function () { return accessors_1.getIssuerAddress; } });
+Object.defineProperty(exports, "getAudience", { enumerable: true, get: function () { return accessors_1.getAudience; } });
+Object.defineProperty(exports, "getPublicKey", { enumerable: true, get: function () { return accessors_1.getPublicKey; } });
+Object.defineProperty(exports, "getAuthentication", { enumerable: true, get: function () { return accessors_1.getAuthentication; } });
 //# sourceMappingURL=index.js.map

package/dist/src/jwt/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/jwt/index.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;;;;;GAaG;AACH,wCAAuC;AAA9B,gGAAA,MAAM,OAAA;AACf,8CAA6C;AAApC,sGAAA,SAAS,OAAA;AAClB,4CAAiD;AAAxC,kGAAA,MAAM,OAAA;AAAE,kGAAA,MAAM,OAAA;AACvB,2CAAkF;AAAzE,0GAAA,YAAY,OAAA;AAAE,8GAAA,gBAAgB,OAAA;AAAE,gHAAA,kBAAkB,OAAA;AAG3D,yCAAqD;AAA5C,uGAAA,UAAU,OAAA;AAAE,uGAAA,UAAU,OAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/jwt/index.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;;;;;GAaG;AACH,wCAA4F;AAAnF,+GAAA,qBAAqB,OAAA;AAAE,4GAAA,kBAAkB,OAAA;AAAE,0GAAA,gBAAgB,OAAA;AACpE,8CAA6C;AAApC,sGAAA,SAAS,OAAA;AAClB,wCAIuB;AAHrB,iHAAA,uBAAuB,OAAA;AACvB,kHAAA,wBAAwB,OAAA;AACxB,mHAAA,yBAAyB,OAAA;AAE3B,2CAAuF;AAA9E,uGAAA,SAAS,OAAA;AAAE,4GAAA,cAAc,OAAA;AAAE,6GAAA,eAAe,OAAA;AAAE,yGAAA,WAAW,OAAA;AAgBhE,yCASqB;AARnB,uGAAA,UAAU,OAAA;AACV,uGAAA,UAAU,OAAA;AACV,oGAAA,OAAO,OAAA;AACP,8GAAA,iBAAiB,OAAA;AACjB,6GAAA,gBAAgB,OAAA;AAChB,wGAAA,WAAW,OAAA;AACX,yGAAA,YAAY,OAAA;AACZ,8GAAA,iBAAiB,OAAA"}

package/dist/src/jwt/typeGuards.d.ts

@@ -1,14 +1,31 @@
-import type { JWTDecoded, VincentJWT, VincentJWTAppSpecific } from './types';
-/** Use this typeguard function to identify if the JWT is appId specific and make subsequent type-safe
- * references into the payload of the JWT
- */
-export declare function isAppSpecificJWT(decodedJWT: VincentJWT): decodedJWT is VincentJWTAppSpecific;
-/** Use this typeguard function to identify if the JWT is a general authentication JWT that has no specific app target */
-export declare function isGeneralJWT(decodedJWT: VincentJWT): decodedJWT is VincentJWT;
-/** This assert function is used internally to throw if decoding a JWT that is expected to be a VincentJWT gives a malformed response.
- * You probably don't need it -- use `decode()` and `verify()`
+import type { VincentJWTPlatformUser, VincentJWTAppUser, VincentJWTDelegatee, AnyVincentJWT, DecodedJWT } from './types';
+/**
+ * Check if a decoded JWT is an app-specific JWT (role === 'app-user')
+ *
+ * @category API > Type Guards
+ * */
+export declare function isAppUser(decodedJWT: DecodedJWT): decodedJWT is VincentJWTAppUser;
+/** Check if a decoded JWT is a general platform-user JWT
+ *
+ * @category API > Type Guards
+ * */
+export declare function isPlatformUser(decodedJWT: DecodedJWT): decodedJWT is VincentJWTPlatformUser;
+/** Check if a decoded JWT is a delegatee token (role === 'app-delegatee')
+ *
+ * @category API > Type Guards
+ * */
+export declare function isDelegatee(decodedJWT: DecodedJWT): decodedJWT is VincentJWTDelegatee;
+/** Check if the decoded JWT matches any known Vincent JWT variant
+ *
+ * @category API > Type Guards
+ * */
+export declare function isAnyVincentJWT(decodedJWT: DecodedJWT): decodedJWT is AnyVincentJWT;
+/**
+ * Assert that the JWT contains expected fields for a PKP-authenticated JWT.
+ * Used to validate `VincentJWT` and `VincentJWTAppSpecific` before accessing `.payload.pkp` or `.authentication`.
  *
- * @hidden
+ * @internal
  */
-export declare function assertIsVincentJWT(decodedJWT: JWTDecoded): asserts decodedJWT is VincentJWT | VincentJWTAppSpecific;
+export declare function assertIsPKPSignedVincentJWT(decodedJWT: DecodedJWT): asserts decodedJWT is VincentJWTPlatformUser | VincentJWTAppUser;
+export declare function assertJWTAPIVersion(apiVersion: number): void;
 //# sourceMappingURL=typeGuards.d.ts.map

package/dist/src/jwt/typeGuards.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"typeGuards.d.ts","sourceRoot":"","sources":["../../../src/jwt/typeGuards.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE,qBAAqB,EAAE,MAAM,SAAS,CAAC;AAI7E;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,UAAU,GAAG,UAAU,IAAI,qBAAqB,CAE5F;AAED,yHAAyH;AACzH,wBAAgB,YAAY,CAAC,UAAU,EAAE,UAAU,GAAG,UAAU,IAAI,UAAU,CAE7E;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAChC,UAAU,EAAE,UAAU,GACrB,OAAO,CAAC,UAAU,IAAI,UAAU,GAAG,qBAAqB,CAU1D"}
+{"version":3,"file":"typeGuards.d.ts","sourceRoot":"","sources":["../../../src/jwt/typeGuards.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,sBAAsB,EACtB,iBAAiB,EACjB,mBAAmB,EACnB,aAAa,EACb,UAAU,EACX,MAAM,SAAS,CAAC;AAKjB;;;;KAIK;AACL,wBAAgB,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,UAAU,IAAI,iBAAiB,CAEjF;AAED;;;KAGK;AACL,wBAAgB,cAAc,CAAC,UAAU,EAAE,UAAU,GAAG,UAAU,IAAI,sBAAsB,CAE3F;AAED;;;KAGK;AACL,wBAAgB,WAAW,CAAC,UAAU,EAAE,UAAU,GAAG,UAAU,IAAI,mBAAmB,CAErF;AAED;;;KAGK;AACL,wBAAgB,eAAe,CAAC,UAAU,EAAE,UAAU,GAAG,UAAU,IAAI,aAAa,CAEnF;AAED;;;;;GAKG;AACH,wBAAgB,2BAA2B,CACzC,UAAU,EAAE,UAAU,GACrB,OAAO,CAAC,UAAU,IAAI,sBAAsB,GAAG,iBAAiB,CAUlE;AAED,wBAAgB,mBAAmB,CAAC,UAAU,EAAE,MAAM,QAMrD"}

package/dist/src/jwt/typeGuards.js

@@ -1,32 +1,63 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.isAppSpecificJWT = isAppSpecificJWT;
-exports.isGeneralJWT = isGeneralJWT;
-exports.assertIsVincentJWT = assertIsVincentJWT;
-const did_jwt_1 = require("did-jwt");
+exports.isAppUser = isAppUser;
+exports.isPlatformUser = isPlatformUser;
+exports.isDelegatee = isDelegatee;
+exports.isAnyVincentJWT = isAnyVincentJWT;
+exports.assertIsPKPSignedVincentJWT = assertIsPKPSignedVincentJWT;
+exports.assertJWTAPIVersion = assertJWTAPIVersion;
+const constants_1 = require("./constants");
 const index_1 = require("./core/utils/index");
-/** Use this typeguard function to identify if the JWT is appId specific and make subsequent type-safe
- * references into the payload of the JWT
- */
-function isAppSpecificJWT(decodedJWT) {
-    return decodedJWT.payload.app && decodedJWT.payload.app.id;
+/**
+ * Check if a decoded JWT is an app-specific JWT (role === 'app-user')
+ *
+ * @category API > Type Guards
+ * */
+function isAppUser(decodedJWT) {
+    var _a;
+    return ((_a = decodedJWT.payload) === null || _a === void 0 ? void 0 : _a.role) === 'app-user';
 }
-/** Use this typeguard function to identify if the JWT is a general authentication JWT that has no specific app target */
-function isGeneralJWT(decodedJWT) {
-    return !isAppSpecificJWT(decodedJWT);
+/** Check if a decoded JWT is a general platform-user JWT
+ *
+ * @category API > Type Guards
+ * */
+function isPlatformUser(decodedJWT) {
+    var _a;
+    return ((_a = decodedJWT.payload) === null || _a === void 0 ? void 0 : _a.role) === 'platform-user';
+}
+/** Check if a decoded JWT is a delegatee token (role === 'app-delegatee')
+ *
+ * @category API > Type Guards
+ * */
+function isDelegatee(decodedJWT) {
+    var _a;
+    return ((_a = decodedJWT.payload) === null || _a === void 0 ? void 0 : _a.role) === 'app-delegatee';
 }
-/** This assert function is used internally to throw if decoding a JWT that is expected to be a VincentJWT gives a malformed response.
- * You probably don't need it -- use `decode()` and `verify()`
+/** Check if the decoded JWT matches any known Vincent JWT variant
  *
- * @hidden
+ * @category API > Type Guards
+ * */
+function isAnyVincentJWT(decodedJWT) {
+    return isPlatformUser(decodedJWT) || isAppUser(decodedJWT) || isDelegatee(decodedJWT);
+}
+/**
+ * Assert that the JWT contains expected fields for a PKP-authenticated JWT.
+ * Used to validate `VincentJWT` and `VincentJWTAppSpecific` before accessing `.payload.pkp` or `.authentication`.
+ *
+ * @internal
  */
-function assertIsVincentJWT(decodedJWT) {
-    const { authentication, pkp } = decodedJWT.payload;
+function assertIsPKPSignedVincentJWT(decodedJWT) {
+    const { authentication, pkpInfo } = decodedJWT.payload;
     if (!(0, index_1.isDefinedObject)(authentication)) {
-        throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_JWT}: Missing "authentication" field in JWT payload.`);
+        throw new Error(`${constants_1.JWT_ERROR.INVALID_JWT}: Missing "authentication" field in JWT payload.`);
     }
-    if (!(0, index_1.isDefinedObject)(pkp)) {
-        throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_JWT}: Missing "pkp" field in JWT payload.`);
+    if (!(0, index_1.isDefinedObject)(pkpInfo)) {
+        throw new Error(`${constants_1.JWT_ERROR.INVALID_JWT}: Missing "pkpInfo" field in JWT payload.`);
+    }
+}
+function assertJWTAPIVersion(apiVersion) {
+    if (constants_1.VINCENT_JWT_API_VERSION !== apiVersion) {
+        throw new Error(`Invalid JWT API version. Expected ${constants_1.VINCENT_JWT_API_VERSION}, got ${apiVersion}`);
     }
 }
 //# sourceMappingURL=typeGuards.js.map

package/dist/src/jwt/typeGuards.js.map

@@ -1 +1 @@
-{"version":3,"file":"typeGuards.js","sourceRoot":"","sources":["../../../src/jwt/typeGuards.ts"],"names":[],"mappings":";;AASA,4CAEC;AAGD,oCAEC;AAOD,gDAYC;AAnCD,qCAAoC;AAIpC,8CAAqD;AAErD;;GAEG;AACH,SAAgB,gBAAgB,CAAC,UAAsB;IACrD,OAAO,UAAU,CAAC,OAAO,CAAC,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;AAC7D,CAAC;AAED,yHAAyH;AACzH,SAAgB,YAAY,CAAC,UAAsB;IACjD,OAAO,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC;AACvC,CAAC;AAED;;;;GAIG;AACH,SAAgB,kBAAkB,CAChC,UAAsB;IAEtB,MAAM,EAAE,cAAc,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC,OAAO,CAAC;IAEnD,IAAI,CAAC,IAAA,uBAAe,EAAC,cAAc,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CAAC,GAAG,mBAAS,CAAC,WAAW,kDAAkD,CAAC,CAAC;IAC9F,CAAC;IAED,IAAI,CAAC,IAAA,uBAAe,EAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,mBAAS,CAAC,WAAW,uCAAuC,CAAC,CAAC;IACnF,CAAC;AACH,CAAC"}
+{"version":3,"file":"typeGuards.js","sourceRoot":"","sources":["../../../src/jwt/typeGuards.ts"],"names":[],"mappings":";;AAgBA,8BAEC;AAMD,wCAEC;AAMD,kCAEC;AAMD,0CAEC;AAQD,kEAYC;AAED,kDAMC;AA9DD,2CAAiE;AACjE,8CAAqD;AAErD;;;;KAIK;AACL,SAAgB,SAAS,CAAC,UAAsB;;IAC9C,OAAO,CAAA,MAAA,UAAU,CAAC,OAAO,0CAAE,IAAI,MAAK,UAAU,CAAC;AACjD,CAAC;AAED;;;KAGK;AACL,SAAgB,cAAc,CAAC,UAAsB;;IACnD,OAAO,CAAA,MAAA,UAAU,CAAC,OAAO,0CAAE,IAAI,MAAK,eAAe,CAAC;AACtD,CAAC;AAED;;;KAGK;AACL,SAAgB,WAAW,CAAC,UAAsB;;IAChD,OAAO,CAAA,MAAA,UAAU,CAAC,OAAO,0CAAE,IAAI,MAAK,eAAe,CAAC;AACtD,CAAC;AAED;;;KAGK;AACL,SAAgB,eAAe,CAAC,UAAsB;IACpD,OAAO,cAAc,CAAC,UAAU,CAAC,IAAI,SAAS,CAAC,UAAU,CAAC,IAAI,WAAW,CAAC,UAAU,CAAC,CAAC;AACxF,CAAC;AAED;;;;;GAKG;AACH,SAAgB,2BAA2B,CACzC,UAAsB;IAEtB,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,GAAG,UAAU,CAAC,OAAO,CAAC;IAEvD,IAAI,CAAC,IAAA,uBAAe,EAAC,cAAc,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CAAC,GAAG,qBAAS,CAAC,WAAW,kDAAkD,CAAC,CAAC;IAC9F,CAAC;IAED,IAAI,CAAC,IAAA,uBAAe,EAAC,OAAO,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,GAAG,qBAAS,CAAC,WAAW,2CAA2C,CAAC,CAAC;IACvF,CAAC;AACH,CAAC;AAED,SAAgB,mBAAmB,CAAC,UAAkB;IACpD,IAAI,mCAAuB,KAAK,UAAU,EAAE,CAAC;QAC3C,MAAM,IAAI,KAAK,CACb,qCAAqC,mCAAuB,SAAS,UAAU,EAAE,CAClF,CAAC;IACJ,CAAC;AACH,CAAC"}