@lit-protocol/vincent-app-sdk 1.0.2 → 1.0.3-beta.1

package/dist/src/webAuthClient/app.js

@@ -0,0 +1,39 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getWebAuthClient = void 0;
+const constants_1 = require("./constants");
+const internal_1 = require("./internal");
+const { isLoginUri, composeDelegationAuthUrl, removeSearchParam, decodeVincentJWTFromUri } = internal_1.uriHelpers;
+const redirectToDelegationAuthPage = ({ appId, redirectUri, delegationAuthPageUrl, }) => window.open(composeDelegationAuthUrl(appId, redirectUri, delegationAuthPageUrl).toString(), '_self');
+/** Create a new {@link WebAuthClient} instance.
+ *
+ * - `appId` is the numeric app ID displayed for your app on the Vincent Dashboard
+ * */
+const getWebAuthClient = (appClientConfig) => {
+    const { appId } = appClientConfig;
+    return {
+        redirectToDelegationAuthPage: (redirectDelegationAuthPageConfig) => {
+            const { delegationAuthPageUrl, redirectUri } = redirectDelegationAuthPageConfig;
+            redirectToDelegationAuthPage({
+                appId,
+                delegationAuthPageUrl,
+                redirectUri,
+            });
+        },
+        isLogin: () => isLoginUri(window.location.href),
+        decodeVincentLoginJWT: (expectedAudience) => decodeVincentJWTFromUri({
+            uri: window.location.href,
+            expectedAudience: expectedAudience,
+            requiredAppId: appId,
+        }),
+        removeLoginJWTFromURI: () => {
+            const urlWithoutJWTSearchParam = removeSearchParam({
+                paramName: constants_1.JWT_URL_KEY,
+                uri: window.location.href,
+            });
+            window.history.replaceState({}, document.title, urlWithoutJWTSearchParam);
+        },
+    };
+};
+exports.getWebAuthClient = getWebAuthClient;
+//# sourceMappingURL=app.js.map

package/dist/src/webAuthClient/app.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"app.js","sourceRoot":"","sources":["../../../src/webAuthClient/app.ts"],"names":[],"mappings":";;;AAMA,2CAA0C;AAC1C,yCAAwC;AAExC,MAAM,EAAE,UAAU,EAAE,wBAAwB,EAAE,iBAAiB,EAAE,uBAAuB,EAAE,GACxF,qBAAU,CAAC;AAEb,MAAM,4BAA4B,GAAG,CAAC,EACpC,KAAK,EACL,WAAW,EACX,qBAAqB,GAKtB,EAAE,EAAE,CACH,MAAM,CAAC,IAAI,CACT,wBAAwB,CAAC,KAAK,EAAE,WAAW,EAAE,qBAAqB,CAAC,CAAC,QAAQ,EAAE,EAC9E,OAAO,CACR,CAAC;AAEJ;;;KAGK;AACE,MAAM,gBAAgB,GAAG,CAAC,eAAoC,EAAiB,EAAE;IACtF,MAAM,EAAE,KAAK,EAAE,GAAG,eAAe,CAAC;IAElC,OAAO;QACL,4BAA4B,EAAE,CAC5B,gCAAuE,EACvE,EAAE;YACF,MAAM,EAAE,qBAAqB,EAAE,WAAW,EAAE,GAAG,gCAAgC,CAAC;YAChF,4BAA4B,CAAC;gBAC3B,KAAK;gBACL,qBAAqB;gBACrB,WAAW;aACZ,CAAC,CAAC;QACL,CAAC;QACD,OAAO,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;QAC/C,qBAAqB,EAAE,CAAC,gBAAwB,EAAE,EAAE,CAClD,uBAAuB,CAAC;YACtB,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC,IAAI;YACzB,gBAAgB,EAAE,gBAAgB;YAClC,aAAa,EAAE,KAAK;SACrB,CAAC;QACJ,qBAAqB,EAAE,GAAG,EAAE;YAC1B,MAAM,wBAAwB,GAAG,iBAAiB,CAAC;gBACjD,SAAS,EAAE,uBAAW;gBACtB,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC,IAAI;aAC1B,CAAC,CAAC;YACH,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,QAAQ,CAAC,KAAK,EAAE,wBAAwB,CAAC,CAAC;QAC5E,CAAC;KACF,CAAC;AACJ,CAAC,CAAC;AA7BW,QAAA,gBAAgB,oBA6B3B"}

package/dist/src/webAuthClient/constants.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../src/webAuthClient/constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,gCAAgC,qCAAqC,CAAC;AACnF,eAAO,MAAM,WAAW,QAAQ,CAAC"}

package/dist/src/webAuthClient/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../../src/webAuthClient/constants.ts"],"names":[],"mappings":";;;AAAa,QAAA,gCAAgC,GAAG,kCAAkC,CAAC;AACtE,QAAA,WAAW,GAAG,KAAK,CAAC"}

package/dist/src/webAuthClient/index.d.ts

@@ -0,0 +1,13 @@
+/** The webAuthClient module contains methods and types that are used to implement authentication in Vincent web apps
+ * Authentication is handled via redirects to the Vincent dashboard portal that return JWTs with authentication information
+ * that can be used to secure your backend Vincent app UI.
+ *
+ * ```typescript
+ * import { getWebAuthClient } from '@lit-protocol/vincent-app-sdk/webAuthClient';
+ * ```
+ * @packageDocumentation
+ */
+import { getWebAuthClient } from './app';
+export { getWebAuthClient };
+export type { WebAuthClient, WebAuthClientConfig, RedirectToVincentDelegationPageParams, } from './types';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/webAuthClient/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/webAuthClient/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AACH,OAAO,EAAE,gBAAgB,EAAE,MAAM,OAAO,CAAC;AAEzC,OAAO,EAAE,gBAAgB,EAAE,CAAC;AAE5B,YAAY,EACV,aAAa,EACb,mBAAmB,EACnB,qCAAqC,GACtC,MAAM,SAAS,CAAC"}

package/dist/src/webAuthClient/index.js

@@ -0,0 +1,15 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getWebAuthClient = void 0;
+/** The webAuthClient module contains methods and types that are used to implement authentication in Vincent web apps
+ * Authentication is handled via redirects to the Vincent dashboard portal that return JWTs with authentication information
+ * that can be used to secure your backend Vincent app UI.
+ *
+ * ```typescript
+ * import { getWebAuthClient } from '@lit-protocol/vincent-app-sdk/webAuthClient';
+ * ```
+ * @packageDocumentation
+ */
+const app_1 = require("./app");
+Object.defineProperty(exports, "getWebAuthClient", { enumerable: true, get: function () { return app_1.getWebAuthClient; } });
+//# sourceMappingURL=index.js.map

package/dist/src/webAuthClient/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/webAuthClient/index.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;GAQG;AACH,+BAAyC;AAEhC,iGAFA,sBAAgB,OAEA"}

package/dist/src/webAuthClient/internal/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/webAuthClient/internal/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,UAAU,MAAM,cAAc,CAAC;AAE3C,OAAO,EAAE,UAAU,EAAE,CAAC"}

package/dist/src/webAuthClient/internal/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/webAuthClient/internal/index.ts"],"names":[],"mappings":";;;;AAAA,iEAA2C;AAElC,gCAAU"}

package/dist/src/webAuthClient/internal/uriHelpers.d.ts

@@ -0,0 +1,15 @@
+export declare const decodeVincentJWTFromUri: ({ uri, expectedAudience, requiredAppId, }: {
+    uri: string;
+    expectedAudience: string;
+    requiredAppId: number;
+}) => {
+    decodedJWT: import("../../jwt").VincentJWTAppSpecific;
+    jwtStr: string;
+} | null;
+export declare const isLoginUri: (uri: string) => boolean;
+export declare function composeDelegationAuthUrl(appId: number, redirectUri: string, delegationAuthPageUrl?: string): URL;
+export declare const removeSearchParam: ({ paramName, uri, }: {
+    paramName: string;
+    uri: string;
+}) => string;
+//# sourceMappingURL=uriHelpers.d.ts.map

package/dist/src/webAuthClient/internal/uriHelpers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"uriHelpers.d.ts","sourceRoot":"","sources":["../../../../src/webAuthClient/internal/uriHelpers.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,uBAAuB,GAAI,2CAIrC;IACD,GAAG,EAAE,MAAM,CAAC;IACZ,gBAAgB,EAAE,MAAM,CAAC;IACzB,aAAa,EAAE,MAAM,CAAC;CACvB;;;QAcA,CAAC;AAEF,eAAO,MAAM,UAAU,GAAI,KAAK,MAAM,YAKrC,CAAC;AAEF,wBAAgB,wBAAwB,CACtC,KAAK,EAAE,MAAM,EACb,WAAW,EAAE,MAAM,EACnB,qBAAqB,CAAC,EAAE,MAAM,OAM/B;AAED,eAAO,MAAM,iBAAiB,GAAI,qBAG/B;IACD,SAAS,EAAE,MAAM,CAAC;IAClB,GAAG,EAAE,MAAM,CAAC;CACb,KAAG,MAKH,CAAC"}

package/dist/src/{app → webAuthClient}/internal/uriHelpers.js

@@ -1,16 +1,22 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.removeSearchParam = exports.isLoginUri = exports.decodeVincentJWTFromUri = void 0;
-exports.composeConsentUrl = composeConsentUrl;
-const constants_1 = require("../constants");
+exports.composeDelegationAuthUrl = composeDelegationAuthUrl;
 const validate_1 = require("../../jwt/core/validate");
-const decodeVincentJWTFromUri = (uri, expectedAudience) => {
+const constants_1 = require("../constants");
+const decodeVincentJWTFromUri = ({ uri, expectedAudience, requiredAppId, }) => {
     const url = new URL(uri);
     const jwt = url.searchParams.get(constants_1.JWT_URL_KEY);
     if (!jwt) {
         return null;
     }
-    return { decodedJWT: (0, validate_1.verifyJWT)(jwt, expectedAudience), jwtStr: jwt };
+    try {
+        return { decodedJWT: (0, validate_1.verify)({ jwt, expectedAudience, requiredAppId }), jwtStr: jwt };
+    }
+    catch (error) {
+        // Explicitly throw if the JWT doesn't contain the required appId
+        throw new Error(`Failed to decode JWT: ${error.message}`);
+    }
 };
 exports.decodeVincentJWTFromUri = decodeVincentJWTFromUri;
 const isLoginUri = (uri) => {
@@ -19,8 +25,8 @@ const isLoginUri = (uri) => {
     return !!loginJwt;
 };
 exports.isLoginUri = isLoginUri;
-function composeConsentUrl(appId, redirectUri, consentPageUrl) {
-    return new URL(`/appId/${appId}/consent?redirectUri=${redirectUri}`, consentPageUrl || constants_1.PRODUCTION_VINCENT_DASHBOARD_URL);
+function composeDelegationAuthUrl(appId, redirectUri, delegationAuthPageUrl) {
+    return new URL(`/user/consent/appId/${String(appId)}?redirectUri=${redirectUri}`, delegationAuthPageUrl || constants_1.PRODUCTION_VINCENT_DASHBOARD_URL);
 }
 const removeSearchParam = ({ paramName, uri, }) => {
     const url = new URL(uri);

package/dist/src/webAuthClient/internal/uriHelpers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"uriHelpers.js","sourceRoot":"","sources":["../../../../src/webAuthClient/internal/uriHelpers.ts"],"names":[],"mappings":";;;AAkCA,4DASC;AA3CD,sDAAiD;AACjD,4CAA6E;AAEtE,MAAM,uBAAuB,GAAG,CAAC,EACtC,GAAG,EACH,gBAAgB,EAChB,aAAa,GAKd,EAAE,EAAE;IACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IACzB,MAAM,GAAG,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAW,CAAC,CAAC;IAE9C,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,OAAO,EAAE,UAAU,EAAE,IAAA,iBAAM,EAAC,EAAE,GAAG,EAAE,gBAAgB,EAAE,aAAa,EAAE,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;IACvF,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,iEAAiE;QACjE,MAAM,IAAI,KAAK,CAAC,yBAA0B,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;IACvE,CAAC;AACH,CAAC,CAAC;AAtBW,QAAA,uBAAuB,2BAsBlC;AAEK,MAAM,UAAU,GAAG,CAAC,GAAW,EAAE,EAAE;IACxC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IACzB,MAAM,QAAQ,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAW,CAAC,CAAC;IAEnD,OAAO,CAAC,CAAC,QAAQ,CAAC;AACpB,CAAC,CAAC;AALW,QAAA,UAAU,cAKrB;AAEF,SAAgB,wBAAwB,CACtC,KAAa,EACb,WAAmB,EACnB,qBAA8B;IAE9B,OAAO,IAAI,GAAG,CACZ,uBAAuB,MAAM,CAAC,KAAK,CAAC,gBAAgB,WAAW,EAAE,EACjE,qBAAqB,IAAI,4CAAgC,CAC1D,CAAC;AACJ,CAAC;AAEM,MAAM,iBAAiB,GAAG,CAAC,EAChC,SAAS,EACT,GAAG,GAIJ,EAAU,EAAE;IACX,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IACzB,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACnC,0DAA0D;IAC1D,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;AACxB,CAAC,CAAC;AAXW,QAAA,iBAAiB,qBAW5B"}

package/dist/src/{app → webAuthClient}/types.d.ts

@@ -1,69 +1,61 @@
-import { VincentJWT } from '../jwt/types';
-/**
- * @category Interfaces
- */
-export interface VincentAppClientConfig {
-    appId: string;
+import type { VincentJWTAppSpecific } from '../jwt/types';
+export interface WebAuthClientConfig {
+    appId: number;
 }
-/**
- * @category Interfaces
- */
-export interface RedirectToVincentConsentPageParams {
+export interface RedirectToVincentDelegationPageParams {
     redirectUri: string;
     /** This only needs to be provided for local development with the entire stack
      * @hidden
      * */
-    consentPageUrl?: string;
+    delegationAuthPageUrl?: string;
 }
 /**
  * The Vincent Web Application Client is used in web apps to handle interactions with the Vincent app portal.
  *
- * - Consent page redirection
+ * - Delegation authorization page redirection
  * - Authentication helpers that are browser specific
  *
- * @category Interfaces
  */
-export interface VincentWebAppClient {
+export interface WebAuthClient {
     /**
-     * Redirects the user to the Vincent consent page.
+     * Redirects the user to the Vincent delegation auth page.
      *
      * If the user approves your app permissions, they will be redirected back to the `redirectUri`.
      *
-     * Use {@link VincentWebAppClient.isLogin} to detect if a user has just opened your app via the consent page
+     * Use {@link WebAuthClient.isLogin} to detect if a user has just opened your app via the delegation auth page
      *
-     * Use {@link VincentWebAppClient.decodeVincentLoginJWT} to decode and verify the {@link VincentJWT} from the page URI, and store it for later usage
+     * Use {@link WebAuthClient.decodeVincentLoginJWT} to decode and verify the {@link VincentJWT} from the page URI, and store it for later usage
      *
      * NOTE: You must register the `redirectUri` on your Vincent app for it to be considered a valid redirect target
      *
      * @example
      * ```typescript
-     *   import { getVincentWebAppClient } from '@lit-protocol/vincent-app-sdk';
-     *
-     *   const vincentAppClient = getVincentWebAppClient({ appId: MY_APP_ID });
-     *   // ... In your app logic:
-     *   if(vincentAppClient.isLogin()) {
-     *     // Handle app logic for the user has just logged in
-     *     const { decoded, jwt } = vincentAppClient.decodeVincentLoginJWT(EXPECTED_AUDIENCE);
-     *     // Store `jwt` for later usage; the user is now logged in.
-     *   } else {
-     *     // Handle app logic for the user is already logged in (check for stored & unexpired JWT)
-     *     // ...
-     *
-     *     // Handle app logic for the user is not yet logged in
-     *    vincentAppClient.redirectToConsentPage({ redirectUri: window.location.href });
-     *   }
+     * import { getWebAuthClient } from '@lit-protocol/vincent-app-sdk/webAuthClient';
+     *
+     * const vincentAppClient = getWebAuthClient({ appId: MY_APP_ID });
+     * // ... In your app logic:
+     * if(vincentAppClient.isLogin()) {
+     *   // Handle app logic for the user has just logged in
+     *   const { decoded, jwtStr } = vincentAppClient.decodeVincentLoginJWT(EXPECTED_AUDIENCE);
+     *   // Store `jwtStr` for later usage; the user is now logged in.
+     * } else {
+     *   // Handle app logic for the user is already logged in (check for stored & unexpired JWT)
+     *   // ...
+     *    *   // Handle app logic for the user is not yet logged in
+     *  vincentAppClient.redirectToDelegationAuthPage({ redirectUri: window.location.href });
+     * }
      * ```
      * @function
      * @inline
      */
-    redirectToConsentPage: (redirectConfig: RedirectToVincentConsentPageParams) => void;
+    redirectToDelegationAuthPage: (redirectConfig: RedirectToVincentDelegationPageParams) => void;
     /**
      * Determines whether the current window location is a login URI associated with Vincent
   
      * You can use this to detect if a user is loading your app as a result of approving permissions
-     * on the Vincent consent page -- e.g. they just logged in
+     * on the Vincent delegation auth page -- e.g. they just logged in
      *
-     * See: {@link VincentWebAppClient.redirectToConsentPage} for example usage
+     * See: {@link WebAuthClient.redirectToDelegationAuthPage} for example usage
      *
      * @function
      * @inline
@@ -75,16 +67,16 @@ export interface VincentWebAppClient {
      *
      * The token is verified as part of this process; if the token is invalid or expired, this method will throw.
      *
-     * See: {@link VincentWebAppClient.redirectToConsentPage} for example usage
+     * See: {@link WebAuthClient.redirectToDelegationAuthPage} for example usage
      *
-     * @param { string } expectedAudience Provide a valid `redirectUri` for your app; this is typically your app's origin
+     * @param expectedAudience Provide a valid `redirectUri` for your app; this is typically your app's origin
      * @function
      * @inline
-     * @returns {decodedJWT: VincentJWT; jwtStr: string | null} `null` if no JWT is found, otherwise both the decoded jwt and the original JWT string is returned
+     * @returns {decodedJWT: VincentJWTAppSpecific; jwtStr: string | null} `null` if no JWT is found, otherwise both the decoded jwt and the original JWT string is returned
      * @throws {Error} If there was a JWT in the page URL, but it was invalid / could not be verified
      */
     decodeVincentLoginJWT: (expectedAudience: string) => {
-        decodedJWT: VincentJWT;
+        decodedJWT: VincentJWTAppSpecific;
         jwtStr: string;
     } | null;
     /**
@@ -96,9 +88,9 @@ export interface VincentWebAppClient {
      *
      * @example
      * ```typescript
-     * import { getVincentWebAppClient } from '@lit-protocol/vincent-app-sdk';
+     * import { getWebAuthClient } from '@lit-protocol/vincent-app-sdk/webAuthClient';
      *
-     * const vincentAppClient = getVincentWebAppClient({ appId: MY_APP_ID });
+     * const vincentAppClient = getWebAuthClient({ appId: MY_APP_ID });
      *
      * if (vincentAppClient.isLogin()) {
      *   const { decodedJWT, jwtStr } = vincentAppClient.decodeVincentLoginJWT();

package/dist/src/webAuthClient/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/webAuthClient/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAc,qBAAqB,EAAE,MAAM,cAAc,CAAC;AAEtE,MAAM,WAAW,mBAAmB;IAClC,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,qCAAqC;IACpD,WAAW,EAAE,MAAM,CAAC;IACpB;;SAEK;IACL,qBAAqB,CAAC,EAAE,MAAM,CAAC;CAChC;AAED;;;;;;GAMG;AACH,MAAM,WAAW,aAAa;IAC5B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA8BG;IACH,4BAA4B,EAAE,CAAC,cAAc,EAAE,qCAAqC,KAAK,IAAI,CAAC;IAE9F;;;;;;;;;;;OAWG;IACH,OAAO,EAAE,MAAM,OAAO,CAAC;IAEvB;;;;;;;;;;;;OAYG;IACH,qBAAqB,EAAE,CACrB,gBAAgB,EAAE,MAAM,KACrB;QAAE,UAAU,EAAE,qBAAqB,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC;IAElE;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACH,qBAAqB,EAAE,MAAM,IAAI,CAAC;CACnC"}

package/dist/src/{types.js.map → webAuthClient/types.js.map}

@@ -1 +1 @@
-{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":""}
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/webAuthClient/types.ts"],"names":[],"mappings":""}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lit-protocol/vincent-app-sdk",
-  "version": "1.0.2",
+  "version": "1.0.3-beta.1",
   "description": "Vincent SDK for browser and backend",
   "author": "Lit Protocol",
   "license": "ISC",
@@ -12,8 +12,34 @@
     "node": "^20.11.1",
     "pnpm": "10.7.0"
   },
-  "main": "./dist/src/index.js",
-  "types": "./dist/src/index.d.ts",
+  "exports": {
+    "./package.json": "./package.json",
+    "./jwt": {
+      "import": "./dist/src/jwt/index.js",
+      "require": "./dist/src/jwt/index.js",
+      "types": "./dist/src/jwt/index.d.ts"
+    },
+    "./toolClient": {
+      "import": "./dist/src/toolClient/index.js",
+      "require": "./dist/src/toolClient/index.js",
+      "types": "./dist/src/toolClient/index.d.ts"
+    },
+    "./webAuthClient": {
+      "import": "./dist/src/webAuthClient/index.js",
+      "require": "./dist/src/webAuthClient/index.js",
+      "types": "./dist/src/webAuthClient/index.d.ts"
+    },
+    "./expressMiddleware": {
+      "import": "./dist/src/expressMiddleware/index.js",
+      "require": "./dist/src/expressMiddleware/index.js",
+      "types": "./dist/src/expressMiddleware/index.d.ts"
+    },
+    "./utils": {
+      "import": "./dist/src/utils/index.js",
+      "require": "./dist/src/utils/index.js",
+      "types": "./dist/src/utils/index.d.ts"
+    }
+  },
   "keywords": [
     "jwt",
     "authentication",
@@ -28,6 +54,7 @@
     "ethers": "5.8.0",
     "tslib": "^2.8.1",
     "zod": "3.25.64",
+    "@lit-protocol/vincent-contracts-sdk": "1.0.0-4",
     "@lit-protocol/vincent-tool-sdk": "1.0.2"
   },
   "sideEffects": false,

package/dist/src/app/app.d.ts

@@ -1,9 +0,0 @@
-import { VincentAppClientConfig, VincentWebAppClient } from './types';
-/** Create a new {@link VincentWebAppClient} instance.
- *
- * - `appId` is the numeric app ID displayed for your app on the Vincent Dashboard
- *
- * @category API Methods
- * */
-export declare const getVincentWebAppClient: (appClientConfig: VincentAppClientConfig) => VincentWebAppClient;
-//# sourceMappingURL=app.d.ts.map

package/dist/src/app/app.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"app.d.ts","sourceRoot":"","sources":["../../../src/app/app.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,sBAAsB,EACtB,mBAAmB,EACpB,MAAM,SAAS,CAAC;AAgBjB;;;;;KAKK;AACL,eAAO,MAAM,sBAAsB,GACjC,iBAAiB,sBAAsB,KACtC,mBAmBF,CAAC"}

package/dist/src/app/app.js

@@ -1,33 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getVincentWebAppClient = void 0;
-const internal_1 = require("./internal");
-const constants_1 = require("./constants");
-const { isLoginUri, composeConsentUrl, removeSearchParam, decodeVincentJWTFromUri } = internal_1.uriHelpers;
-const redirectToConsentPage = ({ appId, redirectUri, consentPageUrl, }) => window.open(composeConsentUrl(appId, redirectUri, consentPageUrl).toString(), '_self');
-/** Create a new {@link VincentWebAppClient} instance.
- *
- * - `appId` is the numeric app ID displayed for your app on the Vincent Dashboard
- *
- * @category API Methods
- * */
-const getVincentWebAppClient = (appClientConfig) => {
-    const { appId } = appClientConfig;
-    return {
-        redirectToConsentPage: (redirectConsentPageConfig) => {
-            const { consentPageUrl, redirectUri } = redirectConsentPageConfig;
-            redirectToConsentPage({ appId, consentPageUrl, redirectUri });
-        },
-        isLogin: () => isLoginUri(window.location.href),
-        decodeVincentLoginJWT: (expectedAudience) => decodeVincentJWTFromUri(window.location.href, expectedAudience),
-        removeLoginJWTFromURI: () => {
-            const urlWithoutJWTSearchParam = removeSearchParam({
-                paramName: constants_1.JWT_URL_KEY,
-                uri: window.location.href,
-            });
-            window.history.replaceState({}, document.title, urlWithoutJWTSearchParam);
-        },
-    };
-};
-exports.getVincentWebAppClient = getVincentWebAppClient;
-//# sourceMappingURL=app.js.map

package/dist/src/app/app.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"app.js","sourceRoot":"","sources":["../../../src/app/app.ts"],"names":[],"mappings":";;;AAKA,yCAAwC;AACxC,2CAA0C;AAE1C,MAAM,EAAE,UAAU,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,uBAAuB,EAAE,GAAG,qBAAU,CAAC;AAEjG,MAAM,qBAAqB,GAAG,CAAC,EAC7B,KAAK,EACL,WAAW,EACX,cAAc,GAKf,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,WAAW,EAAE,cAAc,CAAC,CAAC,QAAQ,EAAE,EAAE,OAAO,CAAC,CAAC;AAE7F;;;;;KAKK;AACE,MAAM,sBAAsB,GAAG,CACpC,eAAuC,EAClB,EAAE;IACvB,MAAM,EAAE,KAAK,EAAE,GAAG,eAAe,CAAC;IAElC,OAAO;QACL,qBAAqB,EAAE,CAAC,yBAA6D,EAAE,EAAE;YACvF,MAAM,EAAE,cAAc,EAAE,WAAW,EAAE,GAAG,yBAAyB,CAAC;YAClE,qBAAqB,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;QAChE,CAAC;QACD,OAAO,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;QAC/C,qBAAqB,EAAE,CAAC,gBAAwB,EAAE,EAAE,CAClD,uBAAuB,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,gBAAgB,CAAC;QACjE,qBAAqB,EAAE,GAAG,EAAE;YAC1B,MAAM,wBAAwB,GAAG,iBAAiB,CAAC;gBACjD,SAAS,EAAE,uBAAW;gBACtB,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC,IAAI;aAC1B,CAAC,CAAC;YACH,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,QAAQ,CAAC,KAAK,EAAE,wBAAwB,CAAC,CAAC;QAC5E,CAAC;KACF,CAAC;AACJ,CAAC,CAAC;AArBW,QAAA,sBAAsB,0BAqBjC"}

package/dist/src/app/constants.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../src/app/constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,gCAAgC,qCAAqC,CAAC;AACnF,eAAO,MAAM,WAAW,QAAQ,CAAC"}

package/dist/src/app/constants.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../../src/app/constants.ts"],"names":[],"mappings":";;;AAAa,QAAA,gCAAgC,GAAG,kCAAkC,CAAC;AACtE,QAAA,WAAW,GAAG,KAAK,CAAC"}

package/dist/src/app/index.d.ts

@@ -1,3 +0,0 @@
-import { getVincentWebAppClient } from './app';
-export { getVincentWebAppClient };
-//# sourceMappingURL=index.d.ts.map

package/dist/src/app/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/app/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAE,MAAM,OAAO,CAAC;AAE/C,OAAO,EAAE,sBAAsB,EAAE,CAAC"}

package/dist/src/app/index.js

@@ -1,6 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getVincentWebAppClient = void 0;
-const app_1 = require("./app");
-Object.defineProperty(exports, "getVincentWebAppClient", { enumerable: true, get: function () { return app_1.getVincentWebAppClient; } });
-//# sourceMappingURL=index.js.map

package/dist/src/app/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/app/index.ts"],"names":[],"mappings":";;;AAAA,+BAA+C;AAEtC,uGAFA,4BAAsB,OAEA"}

package/dist/src/app/internal/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/app/internal/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,UAAU,MAAM,cAAc,CAAC;AAE3C,OAAO,EAAE,UAAU,EAAE,CAAC"}

package/dist/src/app/internal/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/app/internal/index.ts"],"names":[],"mappings":";;;;AAAA,iEAA2C;AAElC,gCAAU"}

package/dist/src/app/internal/uriHelpers.d.ts

@@ -1,11 +0,0 @@
-export declare const decodeVincentJWTFromUri: (uri: string, expectedAudience: string) => {
-    decodedJWT: import("../..").VincentJWT;
-    jwtStr: string;
-} | null;
-export declare const isLoginUri: (uri: string) => boolean;
-export declare function composeConsentUrl(appId: string, redirectUri: string, consentPageUrl?: string): URL;
-export declare const removeSearchParam: ({ paramName, uri, }: {
-    paramName: string;
-    uri: string;
-}) => string;
-//# sourceMappingURL=uriHelpers.d.ts.map

package/dist/src/app/internal/uriHelpers.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"uriHelpers.d.ts","sourceRoot":"","sources":["../../../../src/app/internal/uriHelpers.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,uBAAuB,GAAI,KAAK,MAAM,EAAE,kBAAkB,MAAM;;;QAS5E,CAAC;AAEF,eAAO,MAAM,UAAU,GAAI,KAAK,MAAM,YAKrC,CAAC;AAEF,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,cAAc,CAAC,EAAE,MAAM,OAK5F;AAED,eAAO,MAAM,iBAAiB,GAAI,qBAG/B;IACD,SAAS,EAAE,MAAM,CAAC;IAClB,GAAG,EAAE,MAAM,CAAC;CACb,KAAG,MAKH,CAAC"}

package/dist/src/app/internal/uriHelpers.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"uriHelpers.js","sourceRoot":"","sources":["../../../../src/app/internal/uriHelpers.ts"],"names":[],"mappings":";;;AAqBA,8CAKC;AA1BD,4CAA6E;AAC7E,sDAAoD;AAE7C,MAAM,uBAAuB,GAAG,CAAC,GAAW,EAAE,gBAAwB,EAAE,EAAE;IAC/E,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IACzB,MAAM,GAAG,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAW,CAAC,CAAC;IAE9C,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,IAAA,oBAAS,EAAC,GAAG,EAAE,gBAAgB,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;AACvE,CAAC,CAAC;AATW,QAAA,uBAAuB,2BASlC;AAEK,MAAM,UAAU,GAAG,CAAC,GAAW,EAAE,EAAE;IACxC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IACzB,MAAM,QAAQ,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAW,CAAC,CAAC;IAEnD,OAAO,CAAC,CAAC,QAAQ,CAAC;AACpB,CAAC,CAAC;AALW,QAAA,UAAU,cAKrB;AAEF,SAAgB,iBAAiB,CAAC,KAAa,EAAE,WAAmB,EAAE,cAAuB;IAC3F,OAAO,IAAI,GAAG,CACZ,UAAU,KAAK,wBAAwB,WAAW,EAAE,EACpD,cAAc,IAAI,4CAAgC,CACnD,CAAC;AACJ,CAAC;AAEM,MAAM,iBAAiB,GAAG,CAAC,EAChC,SAAS,EACT,GAAG,GAIJ,EAAU,EAAE;IACX,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IACzB,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACnC,0DAA0D;IAC1D,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;AACxB,CAAC,CAAC;AAXW,QAAA,iBAAiB,qBAW5B"}

package/dist/src/app/types.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/app/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAE1C;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,kCAAkC;IACjD,WAAW,EAAE,MAAM,CAAC;IACpB;;SAEK;IACL,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,mBAAmB;IAClC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA+BG;IACH,qBAAqB,EAAE,CAAC,cAAc,EAAE,kCAAkC,KAAK,IAAI,CAAC;IAEpF;;;;;;;;;;;OAWG;IACH,OAAO,EAAE,MAAM,OAAO,CAAC;IAEvB;;;;;;;;;;;;OAYG;IACH,qBAAqB,EAAE,CACrB,gBAAgB,EAAE,MAAM,KACrB;QAAE,UAAU,EAAE,UAAU,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC;IAEvD;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACH,qBAAqB,EAAE,MAAM,IAAI,CAAC;CACnC"}

package/dist/src/express-authentication-middleware/express.d.ts

@@ -1,79 +0,0 @@
-import type { NextFunction, Request, Response } from 'express';
-import { AuthenticatedRequestHandler } from './types';
-/**
- * Higher-order helper function to enforce authentication on a request handler and assert the type of `Request` that is
- * passed into your authenticated Express routes.
- *
- * This function takes an `AuthenticatedRequestHandler` and returns a new request handler
- * that verifies that the request has a 'user' property with the correct shape on it before calling the original handler.
- * If the `req.user` property isn't the correct shape, it sends a `401 Unauthorized` response to the client.
- *
- * NOTE: This does not verify signatures or any other content -- use `getAuthenticateUserExpressHandler` to create a
- * middleware that does those things and ensure that your routes use it.
- *
- * See [express.js documentation](https://expressjs.com/en/guide/writing-middleware.html) for details on writing your route handler
- * @example
- * ```typescript
- * import { expressAuthHelpers } from '@lit-protocol/vincent-app-sdk';
- * const { authenticatedRequestHandler, getAuthenticateUserExpressHandler } = expressAuthHelpers;
- *
- * import type { ExpressAuthHelpers } from '@lit-protocol/vincent-app-sdk';
- *
- * // Define an authenticated route handler
- * const getUserProfile = async (req: ExpressAuthHelpers['AuthenticatedRequest'], res: Response) => {
- *   // Access authenticated user information
- *   const { pkpAddress } = req.user;
- *
- *   // Fetch and return user data
- *   const userData = await userRepository.findByAddress(pkpAddress);
- *   res.json(userData);
- * };
- *
- * // Use in Express route with authentication
- * app.get('/profile', authenticateUser, authenticatedRequestHandler(getUserProfile));
- * ```
- */
-export declare const authenticatedRequestHandler: (handler: AuthenticatedRequestHandler) => (req: Request, res: Response, next: NextFunction) => void | Promise<void>;
-/**
- * Creates an Express middleware function to authenticate a user using a JWT token.
- *
- * This middleware checks the `Authorization` header for a Bearer token, verifies the token, and checks its audience.
- * If the token is valid, it attaches the user information (decoded JWT, raw token, and PKP address) to the request object as `req.user`.
- * If the token is missing or invalid, it returns a 401 Unauthorized response with an error message.
- *
- * NOTE: Wrap your route handler functions with `authenticatedRequestHandler()` to assert the type of `Request` and to
- * ensure that `req.user` was correctly set before your route handler is run.
- *
- * See [express.js documentation](https://expressjs.com/en/guide/writing-middleware.html) for details on writing your route handler
- *
- * @example
- * ```typescript
- * import { expressAuthHelpers } from '@lit-protocol/vincent-app-sdk';
- * const { authenticatedRequestHandler, getAuthenticateUserExpressHandler } = expressAuthHelpers;
- *
- * import type { ExpressAuthHelpers } from '@lit-protocol/vincent-app-sdk';
- *
- * // In your environment configuration
- * const ALLOWED_AUDIENCE = 'https://yourapp.example.com';
- *
- * // Create the authentication middleware
- * const authenticateUser = getAuthenticateUserExpressHandler(ALLOWED_AUDIENCE);
- *
- * // Define a handler that requires authentication
- * const getProtectedResource = (req: ExpressAuthHelpers['AuthenticatedRequest'], res: Response) => {
- *   // The request is now authenticated
- *   // No need for type casting as the handler is properly typed
- *   const { pkpAddress } = req.user;
- *   res.json({ message: `Hello, user with PKP address ${pkpAddress}` });
- * };
- *
- * // Apply to routes that require authentication by using authenticatedRequestHandler
- * app.get('/protected-resource', authenticateUser, authenticatedRequestHandler(getProtectedResource));
- * ```
- *
- * You can see the source for `getAuthenticateUserExpressHandler()` below; use this as a reference to implement
- * your own midddleware/authentication for other frameworks! Pull requests are welcome.
- * {@includeCode ./express.ts#expressHandlerTSDocExample}
- */
-export declare const getAuthenticateUserExpressHandler: (allowedAudience: string) => (req: Request, res: Response, next: NextFunction) => Promise<void>;
-//# sourceMappingURL=express.d.ts.map

package/dist/src/express-authentication-middleware/express.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"express.d.ts","sourceRoot":"","sources":["../../../src/express-authentication-middleware/express.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAK/D,OAAO,EAAwB,2BAA2B,EAAE,MAAM,SAAS,CAAC;AAsB5E;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AACH,eAAO,MAAM,2BAA2B,GACrC,SAAS,2BAA2B,MAAM,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,yBAOzF,CAAC;AAEJ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAEH,eAAO,MAAM,iCAAiC,GAC3C,iBAAiB,MAAM,MAAY,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,kBAmClF,CAAC"}