npm - @lumiapassport/ui-kit - Versions diffs - 1.7.0 → 1.8.0 - Mend

@lumiapassport/ui-kit 1.7.0 → 1.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/README.md CHANGED Viewed

@@ -399,19 +399,38 @@ function SignatureExample() {
 }
 ```
-**Important Notes:**
-- The signature is created by the **owner address** (EOA), not the smart account address
-- In production, always use your actual `verifyingContract` address (not zero address!)
+**Important Notes about ERC-4337 Smart Accounts:**
+In Account Abstraction (ERC-4337), there are **two addresses**:
+1. **Owner Address (EOA)** - The address that signs messages/transactions
+2. **Smart Account Address** - The contract wallet address
+⚠️ **Critical:** The signature is created by the **owner address** (EOA), NOT the smart account address!
+**Compatibility with existing protocols:**
+- ✅ **Works:** Protocols that verify signatures off-chain (e.g., your backend verifies the owner EOA signature)
+- ⚠️ **May not work:** Protocols designed for EOA wallets that store and verify against `msg.sender` or wallet address
+  - Example: Uniswap Permit2, some NFT marketplaces
+  - These protocols expect the signer address to match the wallet address
+  - With smart accounts: signer = owner EOA, wallet = smart account contract
+  - **Solution:** Use ERC-1271 signature validation in your smart contracts (allows contracts to validate signatures)
+**Domain Configuration:**
+- In production, use your actual `verifyingContract` address (not zero address!)
 - The `domain` parameters must match exactly between frontend and smart contract
+- The `chainId` should match the network you're deploying to
+**Technical Details:**
 - Shows a MetaMask-like confirmation modal with structured message preview
 - All BigInt values are supported in the message
-**Common Use Cases:**
-- NFT marketplace orders (OpenSea-style)
-- ERC-20 Permit signatures (gasless approvals)
-- Meta-transactions and gasless operations
-- DAO voting signatures
-- Any off-chain signature verification
+- Signature can be verified using `viem.recoverTypedDataAddress()` - will return owner EOA address
+**When to use signTypedData:**
+- ✅ Custom backend signature verification (you control the verification logic)
+- ✅ Gasless transactions with meta-transaction relayers
+- ✅ DAO voting and governance (off-chain signatures)
+- ✅ Custom smart contracts with ERC-1271 support
+- ⚠️ Be cautious with protocols designed exclusively for EOA wallets
 ### prepareUserOperation - Prepare for Backend Submission

package/dist/iframe/index.html CHANGED Viewed

@@ -15,7 +15,7 @@
     <meta http-equiv="X-Content-Type-Options" content="nosniff" />
     <meta http-equiv="Referrer-Policy" content="strict-origin-when-cross-origin" />
-    <title>Lumia Passport Secure Wallet - iframe version 1.7.0</title>
+    <title>Lumia Passport Secure Wallet - iframe version 1.8.0</title>
     <!-- Styles will be injected by build process -->
     <style>

package/dist/iframe/main.js CHANGED Viewed

@@ -1085,6 +1085,7 @@ async function uploadShareToVault(encryptedShare, accessToken) {
       "Authorization": `Bearer ${token}`,
       "Idempotency-Key": idempotencyKey
     },
+    credentials: "include",
     body: JSON.stringify(encryptedShare)
   });
   if (!response.ok) {
@@ -1109,7 +1110,8 @@ async function downloadShareFromVault(accessToken) {
       "Authorization": `Bearer ${token}`,
       "X-Client-Device-Id": "lumia-ui-kit",
       "X-Client-Device-Name": "Lumia UI Kit"
-    }
+    },
+    credentials: "include"
   });
   if (!response.ok) {
     if (response.status === 404) {
@@ -2629,7 +2631,9 @@ var SigningManager = class extends TokenRefreshApiClient {
       return cached.data;
     }
     try {
-      const response = await fetch(`${this.METADATA_API_URL}/${projectId}/metadata`);
+      const response = await fetch(`${this.METADATA_API_URL}/${projectId}/metadata`, {
+        credentials: "include"
+      });
       if (!response.ok) {
         console.warn(`[iframe][Sign] Failed to fetch project metadata: ${response.status}`);
         return null;
@@ -3187,7 +3191,9 @@ var AuthorizationManager = class {
       return cached.data;
     }
     try {
-      const response = await fetch(`${this.METADATA_API_URL}/${projectId}/metadata`);
+      const response = await fetch(`${this.METADATA_API_URL}/${projectId}/metadata`, {
+        credentials: "include"
+      });
       if (!response.ok) {
         console.warn(`[iframe][Auth] Failed to fetch project metadata: ${response.status}`);
         return null;
@@ -3607,7 +3613,8 @@ var GoogleDriveProvider = class {
     const searchResponse = await fetch(
       `https://www.googleapis.com/drive/v3/files?q=name='${folderName}' and mimeType='application/vnd.google-apps.folder' and trashed=false`,
       {
-        headers: { Authorization: `Bearer ${this.accessToken}` }
+        headers: { Authorization: `Bearer ${this.accessToken}` },
+        credentials: "include"
       }
     );
     if (!searchResponse.ok) {
@@ -3623,6 +3630,7 @@ var GoogleDriveProvider = class {
         Authorization: `Bearer ${this.accessToken}`,
         "Content-Type": "application/json"
       },
+      credentials: "include",
       body: JSON.stringify({
         name: folderName,
         mimeType: "application/vnd.google-apps.folder"
@@ -3646,6 +3654,7 @@ var GoogleDriveProvider = class {
         headers: {
           Authorization: `Bearer ${this.accessToken}`
         },
+        credentials: "include",
         body: form
       }
     );
@@ -3921,7 +3930,7 @@ var BackupManager = class {
 };
 // src/iframe/main.ts
-var IFRAME_VERSION = "1.7.0";
+var IFRAME_VERSION = "1.8.0";
 var IframeWallet = class {
   constructor() {
     console.log("=".repeat(60));