npm - @metamask-previews/profile-sync-controller - Versions diffs - 26.0.0-preview-d41a7f35 → 26.0.0-preview-ee982ebe - Mend

@metamask-previews/profile-sync-controller 26.0.0-preview-d41a7f35 → 26.0.0-preview-ee982ebe

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
+### Changed
+- Add rate limit (429) handling with automatic retry in authentication flow ([#6993](https://github.com/MetaMask/core/pull/6993))
+  - Update authentication services to throw `RateLimitedError` when encountering 429 responses.
+  - Improve Authentication errors by adding the HTTP code in Error messages.
+  - Add rate limit retry logic to `SRPJwtBearerAuth` with configurable cooldown via `rateLimitRetry.cooldownDefaultMs` option (defaults to 10 seconds).
+  - Non-429 errors are thrown immediately without retry, delegating retry logic to consumers.
 ## [26.0.0]
 ### Changed

package/dist/sdk/authentication-jwt-bearer/flow-srp.cjs CHANGED Viewed

@@ -1,4 +1,27 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
 var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
     if (kind === "m") throw new TypeError("Private method is not writable");
     if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
@@ -10,10 +33,11 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
     if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
     return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
 };
-var _SRPJwtBearerAuth_instances, _SRPJwtBearerAuth_config, _SRPJwtBearerAuth_options, _SRPJwtBearerAuth_metametrics, _SRPJwtBearerAuth_ongoingLogins, _SRPJwtBearerAuth_customProvider, _SRPJwtBearerAuth_getAuthSession, _SRPJwtBearerAuth_login, _SRPJwtBearerAuth_performLogin, _SRPJwtBearerAuth_deferredLogin, _SRPJwtBearerAuth_createSrpLoginRawMessage;
+var _SRPJwtBearerAuth_instances, _SRPJwtBearerAuth_config, _SRPJwtBearerAuth_options, _SRPJwtBearerAuth_metametrics, _SRPJwtBearerAuth_ongoingLogins, _SRPJwtBearerAuth_cooldownDefaultMs, _SRPJwtBearerAuth_customProvider, _SRPJwtBearerAuth_getAuthSession, _SRPJwtBearerAuth_login, _SRPJwtBearerAuth_performLogin, _SRPJwtBearerAuth_deferredLogin, _SRPJwtBearerAuth_loginWithRetry, _SRPJwtBearerAuth_createSrpLoginRawMessage;
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.SRPJwtBearerAuth = void 0;
 const services_1 = require("./services.cjs");
+const timeUtils = __importStar(require("./utils/time.cjs"));
 const errors_1 = require("../errors.cjs");
 const eip_6963_metamask_provider_1 = require("../utils/eip-6963-metamask-provider.cjs");
 const messaging_signing_snap_requests_1 = require("../utils/messaging-signing-snap-requests.cjs");
@@ -44,6 +68,8 @@ class SRPJwtBearerAuth {
         _SRPJwtBearerAuth_metametrics.set(this, void 0);
         // Map to store ongoing login promises by entropySourceId
         _SRPJwtBearerAuth_ongoingLogins.set(this, new Map());
+        // Default cooldown when 429 has no Retry-After header
+        _SRPJwtBearerAuth_cooldownDefaultMs.set(this, void 0);
         _SRPJwtBearerAuth_customProvider.set(this, void 0);
         __classPrivateFieldSet(this, _SRPJwtBearerAuth_config, config, "f");
         __classPrivateFieldSet(this, _SRPJwtBearerAuth_customProvider, options.customProvider, "f");
@@ -53,6 +79,8 @@ class SRPJwtBearerAuth {
                 getDefaultEIP6963SigningOptions(__classPrivateFieldGet(this, _SRPJwtBearerAuth_customProvider, "f")),
         }, "f");
         __classPrivateFieldSet(this, _SRPJwtBearerAuth_metametrics, options.metametrics, "f");
+        // Apply rate limit retry config if provided
+        __classPrivateFieldSet(this, _SRPJwtBearerAuth_cooldownDefaultMs, options.rateLimitRetry?.cooldownDefaultMs ?? 10000, "f");
     }
     setCustomProvider(provider) {
         __classPrivateFieldSet(this, _SRPJwtBearerAuth_customProvider, provider, "f");
@@ -100,7 +128,7 @@ class SRPJwtBearerAuth {
     }
 }
 exports.SRPJwtBearerAuth = SRPJwtBearerAuth;
-_SRPJwtBearerAuth_config = new WeakMap(), _SRPJwtBearerAuth_options = new WeakMap(), _SRPJwtBearerAuth_metametrics = new WeakMap(), _SRPJwtBearerAuth_ongoingLogins = new WeakMap(), _SRPJwtBearerAuth_customProvider = new WeakMap(), _SRPJwtBearerAuth_instances = new WeakSet(), _SRPJwtBearerAuth_getAuthSession =
+_SRPJwtBearerAuth_config = new WeakMap(), _SRPJwtBearerAuth_options = new WeakMap(), _SRPJwtBearerAuth_metametrics = new WeakMap(), _SRPJwtBearerAuth_ongoingLogins = new WeakMap(), _SRPJwtBearerAuth_cooldownDefaultMs = new WeakMap(), _SRPJwtBearerAuth_customProvider = new WeakMap(), _SRPJwtBearerAuth_instances = new WeakSet(), _SRPJwtBearerAuth_getAuthSession =
 // convert expiresIn from seconds to milliseconds and use 90% of expiresIn
 async function _SRPJwtBearerAuth_getAuthSession(entropySourceId) {
     const auth = await __classPrivateFieldGet(this, _SRPJwtBearerAuth_options, "f").storage.getLoginResponse(entropySourceId);
@@ -143,7 +171,7 @@ async function _SRPJwtBearerAuth_getAuthSession(entropySourceId) {
         return existingLogin;
     }
     // Create a new login promise
-    const loginPromise = __classPrivateFieldGet(this, _SRPJwtBearerAuth_instances, "m", _SRPJwtBearerAuth_performLogin).call(this, entropySourceId);
+    const loginPromise = __classPrivateFieldGet(this, _SRPJwtBearerAuth_instances, "m", _SRPJwtBearerAuth_loginWithRetry).call(this, entropySourceId);
     // Store the promise in the map
     __classPrivateFieldGet(this, _SRPJwtBearerAuth_ongoingLogins, "f").set(loginKey, loginPromise);
     try {
@@ -155,6 +183,29 @@ async function _SRPJwtBearerAuth_getAuthSession(entropySourceId) {
         // Always clean up the ongoing login promise when done
         __classPrivateFieldGet(this, _SRPJwtBearerAuth_ongoingLogins, "f").delete(loginKey);
     }
+}, _SRPJwtBearerAuth_loginWithRetry = async function _SRPJwtBearerAuth_loginWithRetry(entropySourceId) {
+    // Allow max 2 attempts: initial + one retry on 429
+    for (let attempt = 0; attempt < 2; attempt += 1) {
+        try {
+            return await __classPrivateFieldGet(this, _SRPJwtBearerAuth_instances, "m", _SRPJwtBearerAuth_performLogin).call(this, entropySourceId);
+        }
+        catch (e) {
+            // Only retry on rate-limit (429) errors
+            if (!errors_1.RateLimitedError.isRateLimitError(e)) {
+                throw e;
+            }
+            // If we've exhausted attempts (>= 1 retry), rethrow
+            if (attempt >= 1) {
+                throw e;
+            }
+            // Wait for Retry-After or default cooldown
+            const waitMs = e.retryAfterMs ?? __classPrivateFieldGet(this, _SRPJwtBearerAuth_cooldownDefaultMs, "f");
+            await timeUtils.delay(waitMs);
+            // Loop continues to retry
+        }
+    }
+    // Should never reach here due to loop logic, but TypeScript needs a return
+    throw new Error('Unexpected: login loop exhausted without result');
 }, _SRPJwtBearerAuth_createSrpLoginRawMessage = function _SRPJwtBearerAuth_createSrpLoginRawMessage(nonce, publicKey) {
     return `metamask:${nonce}:${publicKey}`;
 };

package/dist/sdk/authentication-jwt-bearer/flow-srp.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"flow-srp.cjs","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/flow-srp.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAEA,6CAKoB;AAYpB,0CAA4C;AAC5C,wFAAiF;AACjF,kGAKkD;AAClD,kFAAyE;AAOzE,MAAM,yBAAyB,GAAG,KAAK,IAAI,EAAE;IAC3C,MAAM,QAAQ,GAAG,MAAM,IAAA,uDAA0B,GAAE,CAAC;IACpD,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,IAAI,wBAAe,CAAC,8BAA8B,CAAC,CAAC;KAC3D;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC,CAAC;AAEF,MAAM,+BAA+B,GAAG,CACtC,cAAgC,EACZ,EAAE,CAAC,CAAC;IACxB,aAAa,EAAE,KAAK,EAAE,eAAwB,EAAmB,EAAE;QACjE,MAAM,QAAQ,GAAG,cAAc,IAAI,CAAC,MAAM,yBAAyB,EAAE,CAAC,CAAC;QACvE,OAAO,MAAM,sDAAoB,CAAC,YAAY,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;IAC5E,CAAC;IACD,WAAW,EAAE,KAAK,EAChB,OAAe,EACf,eAAwB,EACP,EAAE;QACnB,MAAM,QAAQ,GAAG,cAAc,IAAI,CAAC,MAAM,yBAAyB,EAAE,CAAC,CAAC;QACvE,IAAA,iEAA+B,EAAC,OAAO,CAAC,CAAC;QACzC,OAAO,MAAM,sDAAoB,CAAC,WAAW,CAC3C,QAAQ,EACR,OAAO,EACP,eAAe,CAChB,CAAC;IACJ,CAAC;CACF,CAAC,CAAC;AAEH,MAAa,gBAAgB;IAY3B,YACE,MAA2C,EAC3C,OAGC;;QAhBM,2CAAoB;QAEpB,4CAA8C;QAE9C,gDAA+B;QAExC,yDAAyD;QAChD,0CAAiB,IAAI,GAAG,EAAkC,EAAC;QAEpE,mDAAkC;QAShC,uBAAA,IAAI,4BAAW,MAAM,MAAA,CAAC;QACtB,uBAAA,IAAI,oCAAmB,OAAO,CAAC,cAAc,MAAA,CAAC;QAC9C,uBAAA,IAAI,6BAAY;YACd,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,OAAO,EACL,OAAO,CAAC,OAAO;gBACf,+BAA+B,CAAC,uBAAA,IAAI,wCAAgB,CAAC;SACxD,MAAA,CAAC;QACF,uBAAA,IAAI,iCAAgB,OAAO,CAAC,WAAW,MAAA,CAAC;IAC1C,CAAC;IAED,iBAAiB,CAAC,QAAyB;QACzC,uBAAA,IAAI,oCAAmB,QAAQ,MAAA,CAAC;QAChC,uBAAA,IAAI,iCAAS,CAAC,OAAO,GAAG,+BAA+B,CAAC,QAAQ,CAAC,CAAC;IACpE,CAAC;IAED,0HAA0H;IAC1H,KAAK,CAAC,cAAc,CAAC,eAAwB;QAC3C,MAAM,OAAO,GAAG,MAAM,uBAAA,IAAI,qEAAgB,MAApB,IAAI,EAAiB,eAAe,CAAC,CAAC;QAC5D,IAAI,OAAO,EAAE;YACX,OAAO,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC;SAClC;QAED,MAAM,aAAa,GAAG,MAAM,uBAAA,IAAI,4DAAO,MAAX,IAAI,EAAQ,eAAe,CAAC,CAAC;QACzD,OAAO,aAAa,CAAC,KAAK,CAAC,WAAW,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,eAAwB;QAC3C,MAAM,OAAO,GAAG,MAAM,uBAAA,IAAI,qEAAgB,MAApB,IAAI,EAAiB,eAAe,CAAC,CAAC;QAC5D,IAAI,OAAO,EAAE;YACX,OAAO,OAAO,CAAC,OAAO,CAAC;SACxB;QAED,MAAM,aAAa,GAAG,MAAM,uBAAA,IAAI,4DAAO,MAAX,IAAI,EAAQ,eAAe,CAAC,CAAC;QACzD,OAAO,aAAa,CAAC,OAAO,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,eAAwB;QAC1C,OAAO,MAAM,uBAAA,IAAI,iCAAS,CAAC,OAAO,CAAC,aAAa,CAAC,eAAe,CAAC,CAAC;IACpE,CAAC;IAED,KAAK,CAAC,qBAAqB;QACzB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAChD,OAAO,MAAM,IAAA,gCAAqB,EAAC,uBAAA,IAAI,gCAAQ,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IACpE,CAAC;IAED,KAAK,CAAC,WAAW,CACf,OAAe,EACf,eAAwB;QAExB,OAAO,MAAM,uBAAA,IAAI,iCAAS,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;IAC3E,CAAC;IAED,KAAK,CAAC,eAAe;QACnB,MAAM,QAAQ,GACZ,uBAAA,IAAI,wCAAgB,IAAI,CAAC,MAAM,yBAAyB,EAAE,CAAC,CAAC;QAC9D,IAAI,CAAC,QAAQ,EAAE;YACb,OAAO,KAAK,CAAC;SACd;QAED,MAAM,WAAW,GAAG,MAAM,IAAA,iDAAe,EAAC,QAAQ,CAAC,CAAC;QACpD,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,WAAW;QACf,MAAM,QAAQ,GACZ,uBAAA,IAAI,wCAAgB,IAAI,CAAC,MAAM,yBAAyB,EAAE,CAAC,CAAC;QAE9D,MAAM,GAAG,GAAG,MAAM,IAAA,6CAAW,EAAC,QAAQ,CAAC,CAAC;QACxC,OAAO,GAAG,CAAC;IACb,CAAC;CAgGF;AAzLD,4CAyLC;;AA9FC,0EAA0E;AAC1E,KAAK,2CACH,eAAwB;IAExB,MAAM,IAAI,GAAG,MAAM,uBAAA,IAAI,iCAAS,CAAC,OAAO,CAAC,gBAAgB,CAAC,eAAe,CAAC,CAAC;IAC3E,IAAI,CAAC,IAAA,+CAAqB,EAAC,IAAI,CAAC,EAAE;QAChC,OAAO,IAAI,CAAC;KACb;IAED,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC/B,MAAM,UAAU,GAAG,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC;IACvD,MAAM,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,IAAI,GAAG,GAAG,CAAC;IAE3D,IAAI,UAAU,GAAG,gBAAgB,EAAE;QACjC,OAAO,IAAI,CAAC;KACb;IACD,OAAO,IAAI,CAAC;AACd,CAAC,4BAED,KAAK,kCAAQ,eAAwB;IACnC,gDAAgD;IAChD,OAAO,MAAM,uBAAA,IAAI,oEAAe,MAAnB,IAAI,EAAgB,eAAe,CAAC,CAAC;AACpD,CAAC,mCAED,KAAK,yCAAe,eAAwB;IAC1C,QAAQ;IACR,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,eAAe,CAAC,CAAC;IAC5D,MAAM,QAAQ,GAAG,MAAM,IAAA,mBAAQ,EAAC,SAAS,EAAE,uBAAA,IAAI,gCAAQ,CAAC,GAAG,CAAC,CAAC;IAE7D,MAAM,UAAU,GAAG,uBAAA,IAAI,+EAA0B,MAA9B,IAAI,EACrB,QAAQ,CAAC,KAAK,EACd,SAAS,CACV,CAAC;IACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,eAAe,CAAC,CAAC;IAEtE,eAAe;IACf,MAAM,YAAY,GAAG,MAAM,IAAA,uBAAY,EACrC,UAAU,EACV,SAAS,EACT,uBAAA,IAAI,gCAAQ,CAAC,IAAI,EACjB,uBAAA,IAAI,gCAAQ,CAAC,GAAG,EAChB,uBAAA,IAAI,qCAAa,CAClB,CAAC;IAEF,YAAY;IACZ,MAAM,aAAa,GAAG,MAAM,IAAA,wBAAa,EACvC,YAAY,CAAC,KAAK,EAClB,uBAAA,IAAI,gCAAQ,CAAC,GAAG,EAChB,uBAAA,IAAI,gCAAQ,CAAC,QAAQ,CACtB,CAAC;IAEF,OAAO;IACP,MAAM,MAAM,GAAkB;QAC5B,OAAO,EAAE,YAAY,CAAC,OAAO;QAC7B,KAAK,EAAE,aAAa;KACrB,CAAC;IAEF,MAAM,uBAAA,IAAI,iCAAS,CAAC,OAAO,CAAC,gBAAgB,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IAEtE,OAAO,MAAM,CAAC;AAChB,CAAC,oCAED,KAAK,0CAAgB,eAAwB;IAC3C,wDAAwD;IACxD,MAAM,QAAQ,GAAG,eAAe,IAAI,aAAa,CAAC;IAElD,qEAAqE;IACrE,MAAM,aAAa,GAAG,uBAAA,IAAI,uCAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACxD,IAAI,aAAa,EAAE;QACjB,OAAO,aAAa,CAAC;KACtB;IAED,6BAA6B;IAC7B,MAAM,YAAY,GAAG,uBAAA,IAAI,mEAAc,MAAlB,IAAI,EAAe,eAAe,CAAC,CAAC;IAEzD,+BAA+B;IAC/B,uBAAA,IAAI,uCAAe,CAAC,GAAG,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IAEhD,IAAI;QACF,iCAAiC;QACjC,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC;QAClC,OAAO,MAAM,CAAC;KACf;YAAS;QACR,sDAAsD;QACtD,uBAAA,IAAI,uCAAe,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;KACtC;AACH,CAAC,mGAGC,KAAa,EACb,SAAiB;IAEjB,OAAO,YAAY,KAAK,IAAI,SAAS,EAAW,CAAC;AACnD,CAAC","sourcesContent":["import type { Eip1193Provider } from 'ethers';\n\nimport {\n authenticate,\n authorizeOIDC,\n getNonce,\n getUserProfileLineage,\n} from './services';\nimport type {\n AuthConfig,\n AuthSigningOptions,\n AuthStorageOptions,\n AuthType,\n IBaseAuth,\n LoginResponse,\n UserProfile,\n UserProfileLineage,\n} from './types';\nimport type { MetaMetricsAuth } from '../../shared/types/services';\nimport { ValidationError } from '../errors';\nimport { getMetaMaskProviderEIP6963 } from '../utils/eip-6963-metamask-provider';\nimport {\n MESSAGE_SIGNING_SNAP,\n assertMessageStartsWithMetamask,\n connectSnap,\n isSnapConnected,\n} from '../utils/messaging-signing-snap-requests';\nimport { validateLoginResponse } from '../utils/validate-login-response';\n\ntype JwtBearerAuth_SRP_Options = {\n storage: AuthStorageOptions;\n signing?: AuthSigningOptions;\n};\n\nconst getDefaultEIP6963Provider = async () => {\n const provider = await getMetaMaskProviderEIP6963();\n if (!provider) {\n throw new ValidationError('No MetaMask wallet connected');\n }\n return provider;\n};\n\nconst getDefaultEIP6963SigningOptions = (\n customProvider?: Eip1193Provider,\n): AuthSigningOptions => ({\n getIdentifier: async (entropySourceId?: string): Promise<string> => {\n const provider = customProvider ?? (await getDefaultEIP6963Provider());\n return await MESSAGE_SIGNING_SNAP.getPublicKey(provider, entropySourceId);\n },\n signMessage: async (\n message: string,\n entropySourceId?: string,\n ): Promise<string> => {\n const provider = customProvider ?? (await getDefaultEIP6963Provider());\n assertMessageStartsWithMetamask(message);\n return await MESSAGE_SIGNING_SNAP.signMessage(\n provider,\n message,\n entropySourceId,\n );\n },\n});\n\nexport class SRPJwtBearerAuth implements IBaseAuth {\n readonly #config: AuthConfig;\n\n readonly #options: Required<JwtBearerAuth_SRP_Options>;\n\n readonly #metametrics?: MetaMetricsAuth;\n\n // Map to store ongoing login promises by entropySourceId\n readonly #ongoingLogins = new Map<string, Promise<LoginResponse>>();\n\n #customProvider?: Eip1193Provider;\n\n constructor(\n config: AuthConfig & { type: AuthType.SRP },\n options: JwtBearerAuth_SRP_Options & {\n customProvider?: Eip1193Provider;\n metametrics?: MetaMetricsAuth;\n },\n ) {\n this.#config = config;\n this.#customProvider = options.customProvider;\n this.#options = {\n storage: options.storage,\n signing:\n options.signing ??\n getDefaultEIP6963SigningOptions(this.#customProvider),\n };\n this.#metametrics = options.metametrics;\n }\n\n setCustomProvider(provider: Eip1193Provider) {\n this.#customProvider = provider;\n this.#options.signing = getDefaultEIP6963SigningOptions(provider);\n }\n\n // TODO: might be easier to keep entropySourceId as a class param and use multiple SRPJwtBearerAuth instances where needed\n async getAccessToken(entropySourceId?: string): Promise<string> {\n const session = await this.#getAuthSession(entropySourceId);\n if (session) {\n return session.token.accessToken;\n }\n\n const loginResponse = await this.#login(entropySourceId);\n return loginResponse.token.accessToken;\n }\n\n async getUserProfile(entropySourceId?: string): Promise<UserProfile> {\n const session = await this.#getAuthSession(entropySourceId);\n if (session) {\n return session.profile;\n }\n\n const loginResponse = await this.#login(entropySourceId);\n return loginResponse.profile;\n }\n\n async getIdentifier(entropySourceId?: string): Promise<string> {\n return await this.#options.signing.getIdentifier(entropySourceId);\n }\n\n async getUserProfileLineage(): Promise<UserProfileLineage> {\n const accessToken = await this.getAccessToken();\n return await getUserProfileLineage(this.#config.env, accessToken);\n }\n\n async signMessage(\n message: string,\n entropySourceId?: string,\n ): Promise<string> {\n return await this.#options.signing.signMessage(message, entropySourceId);\n }\n\n async isSnapConnected(): Promise<boolean> {\n const provider =\n this.#customProvider ?? (await getDefaultEIP6963Provider());\n if (!provider) {\n return false;\n }\n\n const isConnected = await isSnapConnected(provider);\n return isConnected;\n }\n\n async connectSnap(): Promise<string> {\n const provider =\n this.#customProvider ?? (await getDefaultEIP6963Provider());\n\n const res = await connectSnap(provider);\n return res;\n }\n\n // convert expiresIn from seconds to milliseconds and use 90% of expiresIn\n async #getAuthSession(\n entropySourceId?: string,\n ): Promise<LoginResponse \| null> {\n const auth = await this.#options.storage.getLoginResponse(entropySourceId);\n if (!validateLoginResponse(auth)) {\n return null;\n }\n\n const currentTime = Date.now();\n const sessionAge = currentTime - auth.token.obtainedAt;\n const refreshThreshold = auth.token.expiresIn * 1000 * 0.9;\n\n if (sessionAge < refreshThreshold) {\n return auth;\n }\n return null;\n }\n\n async #login(entropySourceId?: string): Promise<LoginResponse> {\n // Use a deferred login to avoid race conditions\n return await this.#deferredLogin(entropySourceId);\n }\n\n async #performLogin(entropySourceId?: string): Promise<LoginResponse> {\n // Nonce\n const publicKey = await this.getIdentifier(entropySourceId);\n const nonceRes = await getNonce(publicKey, this.#config.env);\n\n const rawMessage = this.#createSrpLoginRawMessage(\n nonceRes.nonce,\n publicKey,\n );\n const signature = await this.signMessage(rawMessage, entropySourceId);\n\n // Authenticate\n const authResponse = await authenticate(\n rawMessage,\n signature,\n this.#config.type,\n this.#config.env,\n this.#metametrics,\n );\n\n // Authorize\n const tokenResponse = await authorizeOIDC(\n authResponse.token,\n this.#config.env,\n this.#config.platform,\n );\n\n // Save\n const result: LoginResponse = {\n profile: authResponse.profile,\n token: tokenResponse,\n };\n\n await this.#options.storage.setLoginResponse(result, entropySourceId);\n\n return result;\n }\n\n async #deferredLogin(entropySourceId?: string): Promise<LoginResponse> {\n // Use a key that accounts for undefined entropySourceId\n const loginKey = entropySourceId ?? '__default__';\n\n // Check if there's already an ongoing login for this entropySourceId\n const existingLogin = this.#ongoingLogins.get(loginKey);\n if (existingLogin) {\n return existingLogin;\n }\n\n // Create a new login promise\n const loginPromise = this.#performLogin(entropySourceId);\n\n // Store the promise in the map\n this.#ongoingLogins.set(loginKey, loginPromise);\n\n try {\n // Wait for the login to complete\n const result = await loginPromise;\n return result;\n } finally {\n // Always clean up the ongoing login promise when done\n this.#ongoingLogins.delete(loginKey);\n }\n }\n\n #createSrpLoginRawMessage(\n nonce: string,\n publicKey: string,\n ): `metamask:${string}:${string}` {\n return `metamask:${nonce}:${publicKey}` as const;\n }\n}\n"]}
1	+ {"version":3,"file":"flow-srp.cjs","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/flow-srp.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,6CAKoB;AAWpB,4DAA0C;AAE1C,0CAA8D;AAC9D,wFAAiF;AACjF,kGAKkD;AAClD,kFAAyE;AAUzE,MAAM,yBAAyB,GAAG,KAAK,IAAI,EAAE;IAC3C,MAAM,QAAQ,GAAG,MAAM,IAAA,uDAA0B,GAAE,CAAC;IACpD,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,IAAI,wBAAe,CAAC,8BAA8B,CAAC,CAAC;KAC3D;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC,CAAC;AAEF,MAAM,+BAA+B,GAAG,CACtC,cAAgC,EACZ,EAAE,CAAC,CAAC;IACxB,aAAa,EAAE,KAAK,EAAE,eAAwB,EAAmB,EAAE;QACjE,MAAM,QAAQ,GAAG,cAAc,IAAI,CAAC,MAAM,yBAAyB,EAAE,CAAC,CAAC;QACvE,OAAO,MAAM,sDAAoB,CAAC,YAAY,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;IAC5E,CAAC;IACD,WAAW,EAAE,KAAK,EAChB,OAAe,EACf,eAAwB,EACP,EAAE;QACnB,MAAM,QAAQ,GAAG,cAAc,IAAI,CAAC,MAAM,yBAAyB,EAAE,CAAC,CAAC;QACvE,IAAA,iEAA+B,EAAC,OAAO,CAAC,CAAC;QACzC,OAAO,MAAM,sDAAoB,CAAC,WAAW,CAC3C,QAAQ,EACR,OAAO,EACP,eAAe,CAChB,CAAC;IACJ,CAAC;CACF,CAAC,CAAC;AAEH,MAAa,gBAAgB;IAkB3B,YACE,MAA2C,EAC3C,OAGC;;QAtBM,2CAAoB;QAEpB,4CAGP;QAEO,gDAA+B;QAExC,yDAAyD;QAChD,0CAAiB,IAAI,GAAG,EAAkC,EAAC;QAEpE,sDAAsD;QAC7C,sDAA2B;QAEpC,mDAAkC;QAShC,uBAAA,IAAI,4BAAW,MAAM,MAAA,CAAC;QACtB,uBAAA,IAAI,oCAAmB,OAAO,CAAC,cAAc,MAAA,CAAC;QAC9C,uBAAA,IAAI,6BAAY;YACd,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,OAAO,EACL,OAAO,CAAC,OAAO;gBACf,+BAA+B,CAAC,uBAAA,IAAI,wCAAgB,CAAC;SACxD,MAAA,CAAC;QACF,uBAAA,IAAI,iCAAgB,OAAO,CAAC,WAAW,MAAA,CAAC;QAExC,4CAA4C;QAC5C,uBAAA,IAAI,uCACF,OAAO,CAAC,cAAc,EAAE,iBAAiB,IAAI,KAAK,MAAA,CAAC;IACvD,CAAC;IAED,iBAAiB,CAAC,QAAyB;QACzC,uBAAA,IAAI,oCAAmB,QAAQ,MAAA,CAAC;QAChC,uBAAA,IAAI,iCAAS,CAAC,OAAO,GAAG,+BAA+B,CAAC,QAAQ,CAAC,CAAC;IACpE,CAAC;IAED,0HAA0H;IAC1H,KAAK,CAAC,cAAc,CAAC,eAAwB;QAC3C,MAAM,OAAO,GAAG,MAAM,uBAAA,IAAI,qEAAgB,MAApB,IAAI,EAAiB,eAAe,CAAC,CAAC;QAC5D,IAAI,OAAO,EAAE;YACX,OAAO,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC;SAClC;QAED,MAAM,aAAa,GAAG,MAAM,uBAAA,IAAI,4DAAO,MAAX,IAAI,EAAQ,eAAe,CAAC,CAAC;QACzD,OAAO,aAAa,CAAC,KAAK,CAAC,WAAW,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,eAAwB;QAC3C,MAAM,OAAO,GAAG,MAAM,uBAAA,IAAI,qEAAgB,MAApB,IAAI,EAAiB,eAAe,CAAC,CAAC;QAC5D,IAAI,OAAO,EAAE;YACX,OAAO,OAAO,CAAC,OAAO,CAAC;SACxB;QAED,MAAM,aAAa,GAAG,MAAM,uBAAA,IAAI,4DAAO,MAAX,IAAI,EAAQ,eAAe,CAAC,CAAC;QACzD,OAAO,aAAa,CAAC,OAAO,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,eAAwB;QAC1C,OAAO,MAAM,uBAAA,IAAI,iCAAS,CAAC,OAAO,CAAC,aAAa,CAAC,eAAe,CAAC,CAAC;IACpE,CAAC;IAED,KAAK,CAAC,qBAAqB;QACzB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAChD,OAAO,MAAM,IAAA,gCAAqB,EAAC,uBAAA,IAAI,gCAAQ,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IACpE,CAAC;IAED,KAAK,CAAC,WAAW,CACf,OAAe,EACf,eAAwB;QAExB,OAAO,MAAM,uBAAA,IAAI,iCAAS,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;IAC3E,CAAC;IAED,KAAK,CAAC,eAAe;QACnB,MAAM,QAAQ,GACZ,uBAAA,IAAI,wCAAgB,IAAI,CAAC,MAAM,yBAAyB,EAAE,CAAC,CAAC;QAC9D,IAAI,CAAC,QAAQ,EAAE;YACb,OAAO,KAAK,CAAC;SACd;QAED,MAAM,WAAW,GAAG,MAAM,IAAA,iDAAe,EAAC,QAAQ,CAAC,CAAC;QACpD,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,WAAW;QACf,MAAM,QAAQ,GACZ,uBAAA,IAAI,wCAAgB,IAAI,CAAC,MAAM,yBAAyB,EAAE,CAAC,CAAC;QAE9D,MAAM,GAAG,GAAG,MAAM,IAAA,6CAAW,EAAC,QAAQ,CAAC,CAAC;QACxC,OAAO,GAAG,CAAC;IACb,CAAC;CA6HF;AAhOD,4CAgOC;;AA3HC,0EAA0E;AAC1E,KAAK,2CACH,eAAwB;IAExB,MAAM,IAAI,GAAG,MAAM,uBAAA,IAAI,iCAAS,CAAC,OAAO,CAAC,gBAAgB,CAAC,eAAe,CAAC,CAAC;IAC3E,IAAI,CAAC,IAAA,+CAAqB,EAAC,IAAI,CAAC,EAAE;QAChC,OAAO,IAAI,CAAC;KACb;IAED,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC/B,MAAM,UAAU,GAAG,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC;IACvD,MAAM,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,IAAI,GAAG,GAAG,CAAC;IAE3D,IAAI,UAAU,GAAG,gBAAgB,EAAE;QACjC,OAAO,IAAI,CAAC;KACb;IACD,OAAO,IAAI,CAAC;AACd,CAAC,4BAED,KAAK,kCAAQ,eAAwB;IACnC,gDAAgD;IAChD,OAAO,MAAM,uBAAA,IAAI,oEAAe,MAAnB,IAAI,EAAgB,eAAe,CAAC,CAAC;AACpD,CAAC,mCAED,KAAK,yCAAe,eAAwB;IAC1C,QAAQ;IACR,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,eAAe,CAAC,CAAC;IAC5D,MAAM,QAAQ,GAAG,MAAM,IAAA,mBAAQ,EAAC,SAAS,EAAE,uBAAA,IAAI,gCAAQ,CAAC,GAAG,CAAC,CAAC;IAE7D,MAAM,UAAU,GAAG,uBAAA,IAAI,+EAA0B,MAA9B,IAAI,EACrB,QAAQ,CAAC,KAAK,EACd,SAAS,CACV,CAAC;IACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,eAAe,CAAC,CAAC;IAEtE,eAAe;IACf,MAAM,YAAY,GAAG,MAAM,IAAA,uBAAY,EACrC,UAAU,EACV,SAAS,EACT,uBAAA,IAAI,gCAAQ,CAAC,IAAI,EACjB,uBAAA,IAAI,gCAAQ,CAAC,GAAG,EAChB,uBAAA,IAAI,qCAAa,CAClB,CAAC;IAEF,YAAY;IACZ,MAAM,aAAa,GAAG,MAAM,IAAA,wBAAa,EACvC,YAAY,CAAC,KAAK,EAClB,uBAAA,IAAI,gCAAQ,CAAC,GAAG,EAChB,uBAAA,IAAI,gCAAQ,CAAC,QAAQ,CACtB,CAAC;IAEF,OAAO;IACP,MAAM,MAAM,GAAkB;QAC5B,OAAO,EAAE,YAAY,CAAC,OAAO;QAC7B,KAAK,EAAE,aAAa;KACrB,CAAC;IAEF,MAAM,uBAAA,IAAI,iCAAS,CAAC,OAAO,CAAC,gBAAgB,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IAEtE,OAAO,MAAM,CAAC;AAChB,CAAC,oCAED,KAAK,0CAAgB,eAAwB;IAC3C,wDAAwD;IACxD,MAAM,QAAQ,GAAG,eAAe,IAAI,aAAa,CAAC;IAElD,qEAAqE;IACrE,MAAM,aAAa,GAAG,uBAAA,IAAI,uCAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACxD,IAAI,aAAa,EAAE;QACjB,OAAO,aAAa,CAAC;KACtB;IAED,6BAA6B;IAC7B,MAAM,YAAY,GAAG,uBAAA,IAAI,qEAAgB,MAApB,IAAI,EAAiB,eAAe,CAAC,CAAC;IAE3D,+BAA+B;IAC/B,uBAAA,IAAI,uCAAe,CAAC,GAAG,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IAEhD,IAAI;QACF,iCAAiC;QACjC,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC;QAClC,OAAO,MAAM,CAAC;KACf;YAAS;QACR,sDAAsD;QACtD,uBAAA,IAAI,uCAAe,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;KACtC;AACH,CAAC,qCAED,KAAK,2CAAiB,eAAwB;IAC5C,mDAAmD;IACnD,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,CAAC,EAAE,OAAO,IAAI,CAAC,EAAE;QAC/C,IAAI;YACF,OAAO,MAAM,uBAAA,IAAI,mEAAc,MAAlB,IAAI,EAAe,eAAe,CAAC,CAAC;SAClD;QAAC,OAAO,CAAC,EAAE;YACV,wCAAwC;YACxC,IAAI,CAAC,yBAAgB,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE;gBACzC,MAAM,CAAC,CAAC;aACT;YAED,oDAAoD;YACpD,IAAI,OAAO,IAAI,CAAC,EAAE;gBAChB,MAAM,CAAC,CAAC;aACT;YAED,2CAA2C;YAC3C,MAAM,MAAM,GACT,CAAsB,CAAC,YAAY,IAAI,uBAAA,IAAI,2CAAmB,CAAC;YAClE,MAAM,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAE9B,0BAA0B;SAC3B;KACF;IAED,2EAA2E;IAC3E,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;AACrE,CAAC,mGAGC,KAAa,EACb,SAAiB;IAEjB,OAAO,YAAY,KAAK,IAAI,SAAS,EAAW,CAAC;AACnD,CAAC","sourcesContent":["import type { Eip1193Provider } from 'ethers';\n\nimport {\n authenticate,\n authorizeOIDC,\n getNonce,\n getUserProfileLineage,\n} from './services';\nimport type {\n AuthConfig,\n AuthSigningOptions,\n AuthStorageOptions,\n AuthType,\n IBaseAuth,\n LoginResponse,\n UserProfile,\n UserProfileLineage,\n} from './types';\nimport * as timeUtils from './utils/time';\nimport type { MetaMetricsAuth } from '../../shared/types/services';\nimport { ValidationError, RateLimitedError } from '../errors';\nimport { getMetaMaskProviderEIP6963 } from '../utils/eip-6963-metamask-provider';\nimport {\n MESSAGE_SIGNING_SNAP,\n assertMessageStartsWithMetamask,\n connectSnap,\n isSnapConnected,\n} from '../utils/messaging-signing-snap-requests';\nimport { validateLoginResponse } from '../utils/validate-login-response';\n\ntype JwtBearerAuth_SRP_Options = {\n storage: AuthStorageOptions;\n signing?: AuthSigningOptions;\n rateLimitRetry?: {\n cooldownDefaultMs?: number; // default cooldown when 429 has no Retry-After\n };\n};\n\nconst getDefaultEIP6963Provider = async () => {\n const provider = await getMetaMaskProviderEIP6963();\n if (!provider) {\n throw new ValidationError('No MetaMask wallet connected');\n }\n return provider;\n};\n\nconst getDefaultEIP6963SigningOptions = (\n customProvider?: Eip1193Provider,\n): AuthSigningOptions => ({\n getIdentifier: async (entropySourceId?: string): Promise<string> => {\n const provider = customProvider ?? (await getDefaultEIP6963Provider());\n return await MESSAGE_SIGNING_SNAP.getPublicKey(provider, entropySourceId);\n },\n signMessage: async (\n message: string,\n entropySourceId?: string,\n ): Promise<string> => {\n const provider = customProvider ?? (await getDefaultEIP6963Provider());\n assertMessageStartsWithMetamask(message);\n return await MESSAGE_SIGNING_SNAP.signMessage(\n provider,\n message,\n entropySourceId,\n );\n },\n});\n\nexport class SRPJwtBearerAuth implements IBaseAuth {\n readonly #config: AuthConfig;\n\n readonly #options: {\n storage: AuthStorageOptions;\n signing: AuthSigningOptions;\n };\n\n readonly #metametrics?: MetaMetricsAuth;\n\n // Map to store ongoing login promises by entropySourceId\n readonly #ongoingLogins = new Map<string, Promise<LoginResponse>>();\n\n // Default cooldown when 429 has no Retry-After header\n readonly #cooldownDefaultMs: number;\n\n #customProvider?: Eip1193Provider;\n\n constructor(\n config: AuthConfig & { type: AuthType.SRP },\n options: JwtBearerAuth_SRP_Options & {\n customProvider?: Eip1193Provider;\n metametrics?: MetaMetricsAuth;\n },\n ) {\n this.#config = config;\n this.#customProvider = options.customProvider;\n this.#options = {\n storage: options.storage,\n signing:\n options.signing ??\n getDefaultEIP6963SigningOptions(this.#customProvider),\n };\n this.#metametrics = options.metametrics;\n\n // Apply rate limit retry config if provided\n this.#cooldownDefaultMs =\n options.rateLimitRetry?.cooldownDefaultMs ?? 10000;\n }\n\n setCustomProvider(provider: Eip1193Provider) {\n this.#customProvider = provider;\n this.#options.signing = getDefaultEIP6963SigningOptions(provider);\n }\n\n // TODO: might be easier to keep entropySourceId as a class param and use multiple SRPJwtBearerAuth instances where needed\n async getAccessToken(entropySourceId?: string): Promise<string> {\n const session = await this.#getAuthSession(entropySourceId);\n if (session) {\n return session.token.accessToken;\n }\n\n const loginResponse = await this.#login(entropySourceId);\n return loginResponse.token.accessToken;\n }\n\n async getUserProfile(entropySourceId?: string): Promise<UserProfile> {\n const session = await this.#getAuthSession(entropySourceId);\n if (session) {\n return session.profile;\n }\n\n const loginResponse = await this.#login(entropySourceId);\n return loginResponse.profile;\n }\n\n async getIdentifier(entropySourceId?: string): Promise<string> {\n return await this.#options.signing.getIdentifier(entropySourceId);\n }\n\n async getUserProfileLineage(): Promise<UserProfileLineage> {\n const accessToken = await this.getAccessToken();\n return await getUserProfileLineage(this.#config.env, accessToken);\n }\n\n async signMessage(\n message: string,\n entropySourceId?: string,\n ): Promise<string> {\n return await this.#options.signing.signMessage(message, entropySourceId);\n }\n\n async isSnapConnected(): Promise<boolean> {\n const provider =\n this.#customProvider ?? (await getDefaultEIP6963Provider());\n if (!provider) {\n return false;\n }\n\n const isConnected = await isSnapConnected(provider);\n return isConnected;\n }\n\n async connectSnap(): Promise<string> {\n const provider =\n this.#customProvider ?? (await getDefaultEIP6963Provider());\n\n const res = await connectSnap(provider);\n return res;\n }\n\n // convert expiresIn from seconds to milliseconds and use 90% of expiresIn\n async #getAuthSession(\n entropySourceId?: string,\n ): Promise<LoginResponse \| null> {\n const auth = await this.#options.storage.getLoginResponse(entropySourceId);\n if (!validateLoginResponse(auth)) {\n return null;\n }\n\n const currentTime = Date.now();\n const sessionAge = currentTime - auth.token.obtainedAt;\n const refreshThreshold = auth.token.expiresIn * 1000 * 0.9;\n\n if (sessionAge < refreshThreshold) {\n return auth;\n }\n return null;\n }\n\n async #login(entropySourceId?: string): Promise<LoginResponse> {\n // Use a deferred login to avoid race conditions\n return await this.#deferredLogin(entropySourceId);\n }\n\n async #performLogin(entropySourceId?: string): Promise<LoginResponse> {\n // Nonce\n const publicKey = await this.getIdentifier(entropySourceId);\n const nonceRes = await getNonce(publicKey, this.#config.env);\n\n const rawMessage = this.#createSrpLoginRawMessage(\n nonceRes.nonce,\n publicKey,\n );\n const signature = await this.signMessage(rawMessage, entropySourceId);\n\n // Authenticate\n const authResponse = await authenticate(\n rawMessage,\n signature,\n this.#config.type,\n this.#config.env,\n this.#metametrics,\n );\n\n // Authorize\n const tokenResponse = await authorizeOIDC(\n authResponse.token,\n this.#config.env,\n this.#config.platform,\n );\n\n // Save\n const result: LoginResponse = {\n profile: authResponse.profile,\n token: tokenResponse,\n };\n\n await this.#options.storage.setLoginResponse(result, entropySourceId);\n\n return result;\n }\n\n async #deferredLogin(entropySourceId?: string): Promise<LoginResponse> {\n // Use a key that accounts for undefined entropySourceId\n const loginKey = entropySourceId ?? '__default__';\n\n // Check if there's already an ongoing login for this entropySourceId\n const existingLogin = this.#ongoingLogins.get(loginKey);\n if (existingLogin) {\n return existingLogin;\n }\n\n // Create a new login promise\n const loginPromise = this.#loginWithRetry(entropySourceId);\n\n // Store the promise in the map\n this.#ongoingLogins.set(loginKey, loginPromise);\n\n try {\n // Wait for the login to complete\n const result = await loginPromise;\n return result;\n } finally {\n // Always clean up the ongoing login promise when done\n this.#ongoingLogins.delete(loginKey);\n }\n }\n\n async #loginWithRetry(entropySourceId?: string): Promise<LoginResponse> {\n // Allow max 2 attempts: initial + one retry on 429\n for (let attempt = 0; attempt < 2; attempt += 1) {\n try {\n return await this.#performLogin(entropySourceId);\n } catch (e) {\n // Only retry on rate-limit (429) errors\n if (!RateLimitedError.isRateLimitError(e)) {\n throw e;\n }\n\n // If we've exhausted attempts (>= 1 retry), rethrow\n if (attempt >= 1) {\n throw e;\n }\n\n // Wait for Retry-After or default cooldown\n const waitMs =\n (e as RateLimitedError).retryAfterMs ?? this.#cooldownDefaultMs;\n await timeUtils.delay(waitMs);\n\n // Loop continues to retry\n }\n }\n\n // Should never reach here due to loop logic, but TypeScript needs a return\n throw new Error('Unexpected: login loop exhausted without result');\n }\n\n #createSrpLoginRawMessage(\n nonce: string,\n publicKey: string,\n ): `metamask:${string}:${string}` {\n return `metamask:${nonce}:${publicKey}` as const;\n }\n}\n"]}

package/dist/sdk/authentication-jwt-bearer/flow-srp.d.cts CHANGED Viewed

@@ -4,6 +4,9 @@ import type { MetaMetricsAuth } from "../../shared/types/services.cjs";
 type JwtBearerAuth_SRP_Options = {
     storage: AuthStorageOptions;
     signing?: AuthSigningOptions;
+    rateLimitRetry?: {
+        cooldownDefaultMs?: number;
+    };
 };
 export declare class SRPJwtBearerAuth implements IBaseAuth {
     #private;

package/dist/sdk/authentication-jwt-bearer/flow-srp.d.cts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"flow-srp.d.cts","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/flow-srp.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,eAAe;AAQ9C,OAAO,KAAK,EACV,UAAU,EACV,kBAAkB,EAClB,kBAAkB,EAClB,QAAQ,EACR,SAAS,EAET,WAAW,EACX,kBAAkB,EACnB,oBAAgB;~~AACjB~~,OAAO,KAAK,EAAE,eAAe,EAAE,wCAAoC;AAWnE,KAAK,yBAAyB,GAAG;IAC/B,OAAO,EAAE,kBAAkB,CAAC;IAC5B,OAAO,CAAC,EAAE,kBAAkB,CAAC;~~CAC9B~~,CAAC;AA+BF,qBAAa,gBAAiB,YAAW,SAAS;;~~gBAa9C~~,MAAM,EAAE,UAAU,GAAG;QAAE,IAAI,EAAE,QAAQ,CAAC,GAAG,CAAA;KAAE,EAC3C,OAAO,EAAE,yBAAyB,GAAG;QACnC,cAAc,CAAC,EAAE,eAAe,CAAC;QACjC,WAAW,CAAC,EAAE,eAAe,CAAC;KAC/B;~~IAaH~~,iBAAiB,CAAC,QAAQ,EAAE,eAAe;IAMrC,cAAc,CAAC,eAAe,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAUzD,cAAc,CAAC,eAAe,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAU9D,aAAa,CAAC,eAAe,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAIxD,qBAAqB,IAAI,OAAO,CAAC,kBAAkB,CAAC;IAKpD,WAAW,CACf,OAAO,EAAE,MAAM,EACf,eAAe,CAAC,EAAE,MAAM,GACvB,OAAO,CAAC,MAAM,CAAC;IAIZ,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC;IAWnC,WAAW,IAAI,OAAO,CAAC,MAAM,CAAC;~~CAsGrC~~"}
1	+ {"version":3,"file":"flow-srp.d.cts","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/flow-srp.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,eAAe;AAQ9C,OAAO,KAAK,EACV,UAAU,EACV,kBAAkB,EAClB,kBAAkB,EAClB,QAAQ,EACR,SAAS,EAET,WAAW,EACX,kBAAkB,EACnB,oBAAgB;AAEjB,OAAO,KAAK,EAAE,eAAe,EAAE,wCAAoC;AAWnE,KAAK,yBAAyB,GAAG;IAC/B,OAAO,EAAE,kBAAkB,CAAC;IAC5B,OAAO,CAAC,EAAE,kBAAkB,CAAC;IAC7B,cAAc,CAAC,EAAE;QACf,iBAAiB,CAAC,EAAE,MAAM,CAAC;KAC5B,CAAC;CACH,CAAC;AA+BF,qBAAa,gBAAiB,YAAW,SAAS;;gBAmB9C,MAAM,EAAE,UAAU,GAAG;QAAE,IAAI,EAAE,QAAQ,CAAC,GAAG,CAAA;KAAE,EAC3C,OAAO,EAAE,yBAAyB,GAAG;QACnC,cAAc,CAAC,EAAE,eAAe,CAAC;QACjC,WAAW,CAAC,EAAE,eAAe,CAAC;KAC/B;IAiBH,iBAAiB,CAAC,QAAQ,EAAE,eAAe;IAMrC,cAAc,CAAC,eAAe,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAUzD,cAAc,CAAC,eAAe,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAU9D,aAAa,CAAC,eAAe,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAIxD,qBAAqB,IAAI,OAAO,CAAC,kBAAkB,CAAC;IAKpD,WAAW,CACf,OAAO,EAAE,MAAM,EACf,eAAe,CAAC,EAAE,MAAM,GACvB,OAAO,CAAC,MAAM,CAAC;IAIZ,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC;IAWnC,WAAW,IAAI,OAAO,CAAC,MAAM,CAAC;CAmIrC"}

package/dist/sdk/authentication-jwt-bearer/flow-srp.d.mts CHANGED Viewed

@@ -4,6 +4,9 @@ import type { MetaMetricsAuth } from "../../shared/types/services.mjs";
 type JwtBearerAuth_SRP_Options = {
     storage: AuthStorageOptions;
     signing?: AuthSigningOptions;
+    rateLimitRetry?: {
+        cooldownDefaultMs?: number;
+    };
 };
 export declare class SRPJwtBearerAuth implements IBaseAuth {
     #private;

package/dist/sdk/authentication-jwt-bearer/flow-srp.d.mts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"flow-srp.d.mts","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/flow-srp.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,eAAe;AAQ9C,OAAO,KAAK,EACV,UAAU,EACV,kBAAkB,EAClB,kBAAkB,EAClB,QAAQ,EACR,SAAS,EAET,WAAW,EACX,kBAAkB,EACnB,oBAAgB;~~AACjB~~,OAAO,KAAK,EAAE,eAAe,EAAE,wCAAoC;AAWnE,KAAK,yBAAyB,GAAG;IAC/B,OAAO,EAAE,kBAAkB,CAAC;IAC5B,OAAO,CAAC,EAAE,kBAAkB,CAAC;~~CAC9B~~,CAAC;AA+BF,qBAAa,gBAAiB,YAAW,SAAS;;~~gBAa9C~~,MAAM,EAAE,UAAU,GAAG;QAAE,IAAI,EAAE,QAAQ,CAAC,GAAG,CAAA;KAAE,EAC3C,OAAO,EAAE,yBAAyB,GAAG;QACnC,cAAc,CAAC,EAAE,eAAe,CAAC;QACjC,WAAW,CAAC,EAAE,eAAe,CAAC;KAC/B;~~IAaH~~,iBAAiB,CAAC,QAAQ,EAAE,eAAe;IAMrC,cAAc,CAAC,eAAe,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAUzD,cAAc,CAAC,eAAe,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAU9D,aAAa,CAAC,eAAe,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAIxD,qBAAqB,IAAI,OAAO,CAAC,kBAAkB,CAAC;IAKpD,WAAW,CACf,OAAO,EAAE,MAAM,EACf,eAAe,CAAC,EAAE,MAAM,GACvB,OAAO,CAAC,MAAM,CAAC;IAIZ,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC;IAWnC,WAAW,IAAI,OAAO,CAAC,MAAM,CAAC;~~CAsGrC~~"}
1	+ {"version":3,"file":"flow-srp.d.mts","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/flow-srp.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,eAAe;AAQ9C,OAAO,KAAK,EACV,UAAU,EACV,kBAAkB,EAClB,kBAAkB,EAClB,QAAQ,EACR,SAAS,EAET,WAAW,EACX,kBAAkB,EACnB,oBAAgB;AAEjB,OAAO,KAAK,EAAE,eAAe,EAAE,wCAAoC;AAWnE,KAAK,yBAAyB,GAAG;IAC/B,OAAO,EAAE,kBAAkB,CAAC;IAC5B,OAAO,CAAC,EAAE,kBAAkB,CAAC;IAC7B,cAAc,CAAC,EAAE;QACf,iBAAiB,CAAC,EAAE,MAAM,CAAC;KAC5B,CAAC;CACH,CAAC;AA+BF,qBAAa,gBAAiB,YAAW,SAAS;;gBAmB9C,MAAM,EAAE,UAAU,GAAG;QAAE,IAAI,EAAE,QAAQ,CAAC,GAAG,CAAA;KAAE,EAC3C,OAAO,EAAE,yBAAyB,GAAG;QACnC,cAAc,CAAC,EAAE,eAAe,CAAC;QACjC,WAAW,CAAC,EAAE,eAAe,CAAC;KAC/B;IAiBH,iBAAiB,CAAC,QAAQ,EAAE,eAAe;IAMrC,cAAc,CAAC,eAAe,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAUzD,cAAc,CAAC,eAAe,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAU9D,aAAa,CAAC,eAAe,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAIxD,qBAAqB,IAAI,OAAO,CAAC,kBAAkB,CAAC;IAKpD,WAAW,CACf,OAAO,EAAE,MAAM,EACf,eAAe,CAAC,EAAE,MAAM,GACvB,OAAO,CAAC,MAAM,CAAC;IAIZ,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC;IAWnC,WAAW,IAAI,OAAO,CAAC,MAAM,CAAC;CAmIrC"}

package/dist/sdk/authentication-jwt-bearer/flow-srp.mjs CHANGED Viewed

@@ -9,9 +9,10 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
     if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
     return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
 };
-var _SRPJwtBearerAuth_instances, _SRPJwtBearerAuth_config, _SRPJwtBearerAuth_options, _SRPJwtBearerAuth_metametrics, _SRPJwtBearerAuth_ongoingLogins, _SRPJwtBearerAuth_customProvider, _SRPJwtBearerAuth_getAuthSession, _SRPJwtBearerAuth_login, _SRPJwtBearerAuth_performLogin, _SRPJwtBearerAuth_deferredLogin, _SRPJwtBearerAuth_createSrpLoginRawMessage;
+var _SRPJwtBearerAuth_instances, _SRPJwtBearerAuth_config, _SRPJwtBearerAuth_options, _SRPJwtBearerAuth_metametrics, _SRPJwtBearerAuth_ongoingLogins, _SRPJwtBearerAuth_cooldownDefaultMs, _SRPJwtBearerAuth_customProvider, _SRPJwtBearerAuth_getAuthSession, _SRPJwtBearerAuth_login, _SRPJwtBearerAuth_performLogin, _SRPJwtBearerAuth_deferredLogin, _SRPJwtBearerAuth_loginWithRetry, _SRPJwtBearerAuth_createSrpLoginRawMessage;
 import { authenticate, authorizeOIDC, getNonce, getUserProfileLineage } from "./services.mjs";
-import { ValidationError } from "../errors.mjs";
+import * as timeUtils from "./utils/time.mjs";
+import { ValidationError, RateLimitedError } from "../errors.mjs";
 import { getMetaMaskProviderEIP6963 } from "../utils/eip-6963-metamask-provider.mjs";
 import { MESSAGE_SIGNING_SNAP, assertMessageStartsWithMetamask, connectSnap, isSnapConnected } from "../utils/messaging-signing-snap-requests.mjs";
 import { validateLoginResponse } from "../utils/validate-login-response.mjs";
@@ -41,6 +42,8 @@ export class SRPJwtBearerAuth {
         _SRPJwtBearerAuth_metametrics.set(this, void 0);
         // Map to store ongoing login promises by entropySourceId
         _SRPJwtBearerAuth_ongoingLogins.set(this, new Map());
+        // Default cooldown when 429 has no Retry-After header
+        _SRPJwtBearerAuth_cooldownDefaultMs.set(this, void 0);
         _SRPJwtBearerAuth_customProvider.set(this, void 0);
         __classPrivateFieldSet(this, _SRPJwtBearerAuth_config, config, "f");
         __classPrivateFieldSet(this, _SRPJwtBearerAuth_customProvider, options.customProvider, "f");
@@ -50,6 +53,8 @@ export class SRPJwtBearerAuth {
                 getDefaultEIP6963SigningOptions(__classPrivateFieldGet(this, _SRPJwtBearerAuth_customProvider, "f")),
         }, "f");
         __classPrivateFieldSet(this, _SRPJwtBearerAuth_metametrics, options.metametrics, "f");
+        // Apply rate limit retry config if provided
+        __classPrivateFieldSet(this, _SRPJwtBearerAuth_cooldownDefaultMs, options.rateLimitRetry?.cooldownDefaultMs ?? 10000, "f");
     }
     setCustomProvider(provider) {
         __classPrivateFieldSet(this, _SRPJwtBearerAuth_customProvider, provider, "f");
@@ -96,7 +101,7 @@ export class SRPJwtBearerAuth {
         return res;
     }
 }
-_SRPJwtBearerAuth_config = new WeakMap(), _SRPJwtBearerAuth_options = new WeakMap(), _SRPJwtBearerAuth_metametrics = new WeakMap(), _SRPJwtBearerAuth_ongoingLogins = new WeakMap(), _SRPJwtBearerAuth_customProvider = new WeakMap(), _SRPJwtBearerAuth_instances = new WeakSet(), _SRPJwtBearerAuth_getAuthSession =
+_SRPJwtBearerAuth_config = new WeakMap(), _SRPJwtBearerAuth_options = new WeakMap(), _SRPJwtBearerAuth_metametrics = new WeakMap(), _SRPJwtBearerAuth_ongoingLogins = new WeakMap(), _SRPJwtBearerAuth_cooldownDefaultMs = new WeakMap(), _SRPJwtBearerAuth_customProvider = new WeakMap(), _SRPJwtBearerAuth_instances = new WeakSet(), _SRPJwtBearerAuth_getAuthSession =
 // convert expiresIn from seconds to milliseconds and use 90% of expiresIn
 async function _SRPJwtBearerAuth_getAuthSession(entropySourceId) {
     const auth = await __classPrivateFieldGet(this, _SRPJwtBearerAuth_options, "f").storage.getLoginResponse(entropySourceId);
@@ -139,7 +144,7 @@ async function _SRPJwtBearerAuth_getAuthSession(entropySourceId) {
         return existingLogin;
     }
     // Create a new login promise
-    const loginPromise = __classPrivateFieldGet(this, _SRPJwtBearerAuth_instances, "m", _SRPJwtBearerAuth_performLogin).call(this, entropySourceId);
+    const loginPromise = __classPrivateFieldGet(this, _SRPJwtBearerAuth_instances, "m", _SRPJwtBearerAuth_loginWithRetry).call(this, entropySourceId);
     // Store the promise in the map
     __classPrivateFieldGet(this, _SRPJwtBearerAuth_ongoingLogins, "f").set(loginKey, loginPromise);
     try {
@@ -151,6 +156,29 @@ async function _SRPJwtBearerAuth_getAuthSession(entropySourceId) {
         // Always clean up the ongoing login promise when done
         __classPrivateFieldGet(this, _SRPJwtBearerAuth_ongoingLogins, "f").delete(loginKey);
     }
+}, _SRPJwtBearerAuth_loginWithRetry = async function _SRPJwtBearerAuth_loginWithRetry(entropySourceId) {
+    // Allow max 2 attempts: initial + one retry on 429
+    for (let attempt = 0; attempt < 2; attempt += 1) {
+        try {
+            return await __classPrivateFieldGet(this, _SRPJwtBearerAuth_instances, "m", _SRPJwtBearerAuth_performLogin).call(this, entropySourceId);
+        }
+        catch (e) {
+            // Only retry on rate-limit (429) errors
+            if (!RateLimitedError.isRateLimitError(e)) {
+                throw e;
+            }
+            // If we've exhausted attempts (>= 1 retry), rethrow
+            if (attempt >= 1) {
+                throw e;
+            }
+            // Wait for Retry-After or default cooldown
+            const waitMs = e.retryAfterMs ?? __classPrivateFieldGet(this, _SRPJwtBearerAuth_cooldownDefaultMs, "f");
+            await timeUtils.delay(waitMs);
+            // Loop continues to retry
+        }
+    }
+    // Should never reach here due to loop logic, but TypeScript needs a return
+    throw new Error('Unexpected: login loop exhausted without result');
 }, _SRPJwtBearerAuth_createSrpLoginRawMessage = function _SRPJwtBearerAuth_createSrpLoginRawMessage(nonce, publicKey) {
     return `metamask:${nonce}:${publicKey}`;
 };

package/dist/sdk/authentication-jwt-bearer/flow-srp.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"flow-srp.mjs","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/flow-srp.ts"],"names":[],"mappings":";;;;;;;;;;;;AAEA,OAAO,EACL,YAAY,EACZ,aAAa,EACb,QAAQ,EACR,qBAAqB,EACtB,uBAAmB;AAYpB,OAAO,EAAE,eAAe,EAAE,sBAAkB;AAC5C,OAAO,EAAE,0BAA0B,EAAE,gDAA4C;AACjF,OAAO,EACL,oBAAoB,EACpB,+BAA+B,EAC/B,WAAW,EACX,eAAe,EAChB,qDAAiD;AAClD,OAAO,EAAE,qBAAqB,EAAE,6CAAyC;AAOzE,MAAM,yBAAyB,GAAG,KAAK,IAAI,EAAE;IAC3C,MAAM,QAAQ,GAAG,MAAM,0BAA0B,EAAE,CAAC;IACpD,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,IAAI,eAAe,CAAC,8BAA8B,CAAC,CAAC;KAC3D;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC,CAAC;AAEF,MAAM,+BAA+B,GAAG,CACtC,cAAgC,EACZ,EAAE,CAAC,CAAC;IACxB,aAAa,EAAE,KAAK,EAAE,eAAwB,EAAmB,EAAE;QACjE,MAAM,QAAQ,GAAG,cAAc,IAAI,CAAC,MAAM,yBAAyB,EAAE,CAAC,CAAC;QACvE,OAAO,MAAM,oBAAoB,CAAC,YAAY,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;IAC5E,CAAC;IACD,WAAW,EAAE,KAAK,EAChB,OAAe,EACf,eAAwB,EACP,EAAE;QACnB,MAAM,QAAQ,GAAG,cAAc,IAAI,CAAC,MAAM,yBAAyB,EAAE,CAAC,CAAC;QACvE,+BAA+B,CAAC,OAAO,CAAC,CAAC;QACzC,OAAO,MAAM,oBAAoB,CAAC,WAAW,CAC3C,QAAQ,EACR,OAAO,EACP,eAAe,CAChB,CAAC;IACJ,CAAC;CACF,CAAC,CAAC;AAEH,MAAM,OAAO,gBAAgB;IAY3B,YACE,MAA2C,EAC3C,OAGC;;QAhBM,2CAAoB;QAEpB,4CAA8C;QAE9C,gDAA+B;QAExC,yDAAyD;QAChD,0CAAiB,IAAI,GAAG,EAAkC,EAAC;QAEpE,mDAAkC;QAShC,uBAAA,IAAI,4BAAW,MAAM,MAAA,CAAC;QACtB,uBAAA,IAAI,oCAAmB,OAAO,CAAC,cAAc,MAAA,CAAC;QAC9C,uBAAA,IAAI,6BAAY;YACd,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,OAAO,EACL,OAAO,CAAC,OAAO;gBACf,+BAA+B,CAAC,uBAAA,IAAI,wCAAgB,CAAC;SACxD,MAAA,CAAC;QACF,uBAAA,IAAI,iCAAgB,OAAO,CAAC,WAAW,MAAA,CAAC;IAC1C,CAAC;IAED,iBAAiB,CAAC,QAAyB;QACzC,uBAAA,IAAI,oCAAmB,QAAQ,MAAA,CAAC;QAChC,uBAAA,IAAI,iCAAS,CAAC,OAAO,GAAG,+BAA+B,CAAC,QAAQ,CAAC,CAAC;IACpE,CAAC;IAED,0HAA0H;IAC1H,KAAK,CAAC,cAAc,CAAC,eAAwB;QAC3C,MAAM,OAAO,GAAG,MAAM,uBAAA,IAAI,qEAAgB,MAApB,IAAI,EAAiB,eAAe,CAAC,CAAC;QAC5D,IAAI,OAAO,EAAE;YACX,OAAO,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC;SAClC;QAED,MAAM,aAAa,GAAG,MAAM,uBAAA,IAAI,4DAAO,MAAX,IAAI,EAAQ,eAAe,CAAC,CAAC;QACzD,OAAO,aAAa,CAAC,KAAK,CAAC,WAAW,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,eAAwB;QAC3C,MAAM,OAAO,GAAG,MAAM,uBAAA,IAAI,qEAAgB,MAApB,IAAI,EAAiB,eAAe,CAAC,CAAC;QAC5D,IAAI,OAAO,EAAE;YACX,OAAO,OAAO,CAAC,OAAO,CAAC;SACxB;QAED,MAAM,aAAa,GAAG,MAAM,uBAAA,IAAI,4DAAO,MAAX,IAAI,EAAQ,eAAe,CAAC,CAAC;QACzD,OAAO,aAAa,CAAC,OAAO,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,eAAwB;QAC1C,OAAO,MAAM,uBAAA,IAAI,iCAAS,CAAC,OAAO,CAAC,aAAa,CAAC,eAAe,CAAC,CAAC;IACpE,CAAC;IAED,KAAK,CAAC,qBAAqB;QACzB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAChD,OAAO,MAAM,qBAAqB,CAAC,uBAAA,IAAI,gCAAQ,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IACpE,CAAC;IAED,KAAK,CAAC,WAAW,CACf,OAAe,EACf,eAAwB;QAExB,OAAO,MAAM,uBAAA,IAAI,iCAAS,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;IAC3E,CAAC;IAED,KAAK,CAAC,eAAe;QACnB,MAAM,QAAQ,GACZ,uBAAA,IAAI,wCAAgB,IAAI,CAAC,MAAM,yBAAyB,EAAE,CAAC,CAAC;QAC9D,IAAI,CAAC,QAAQ,EAAE;YACb,OAAO,KAAK,CAAC;SACd;QAED,MAAM,WAAW,GAAG,MAAM,eAAe,CAAC,QAAQ,CAAC,CAAC;QACpD,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,WAAW;QACf,MAAM,QAAQ,GACZ,uBAAA,IAAI,wCAAgB,IAAI,CAAC,MAAM,yBAAyB,EAAE,CAAC,CAAC;QAE9D,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,CAAC;QACxC,OAAO,GAAG,CAAC;IACb,CAAC;CAgGF;;AA9FC,0EAA0E;AAC1E,KAAK,2CACH,eAAwB;IAExB,MAAM,IAAI,GAAG,MAAM,uBAAA,IAAI,iCAAS,CAAC,OAAO,CAAC,gBAAgB,CAAC,eAAe,CAAC,CAAC;IAC3E,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE;QAChC,OAAO,IAAI,CAAC;KACb;IAED,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC/B,MAAM,UAAU,GAAG,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC;IACvD,MAAM,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,IAAI,GAAG,GAAG,CAAC;IAE3D,IAAI,UAAU,GAAG,gBAAgB,EAAE;QACjC,OAAO,IAAI,CAAC;KACb;IACD,OAAO,IAAI,CAAC;AACd,CAAC,4BAED,KAAK,kCAAQ,eAAwB;IACnC,gDAAgD;IAChD,OAAO,MAAM,uBAAA,IAAI,oEAAe,MAAnB,IAAI,EAAgB,eAAe,CAAC,CAAC;AACpD,CAAC,mCAED,KAAK,yCAAe,eAAwB;IAC1C,QAAQ;IACR,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,eAAe,CAAC,CAAC;IAC5D,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,SAAS,EAAE,uBAAA,IAAI,gCAAQ,CAAC,GAAG,CAAC,CAAC;IAE7D,MAAM,UAAU,GAAG,uBAAA,IAAI,+EAA0B,MAA9B,IAAI,EACrB,QAAQ,CAAC,KAAK,EACd,SAAS,CACV,CAAC;IACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,eAAe,CAAC,CAAC;IAEtE,eAAe;IACf,MAAM,YAAY,GAAG,MAAM,YAAY,CACrC,UAAU,EACV,SAAS,EACT,uBAAA,IAAI,gCAAQ,CAAC,IAAI,EACjB,uBAAA,IAAI,gCAAQ,CAAC,GAAG,EAChB,uBAAA,IAAI,qCAAa,CAClB,CAAC;IAEF,YAAY;IACZ,MAAM,aAAa,GAAG,MAAM,aAAa,CACvC,YAAY,CAAC,KAAK,EAClB,uBAAA,IAAI,gCAAQ,CAAC,GAAG,EAChB,uBAAA,IAAI,gCAAQ,CAAC,QAAQ,CACtB,CAAC;IAEF,OAAO;IACP,MAAM,MAAM,GAAkB;QAC5B,OAAO,EAAE,YAAY,CAAC,OAAO;QAC7B,KAAK,EAAE,aAAa;KACrB,CAAC;IAEF,MAAM,uBAAA,IAAI,iCAAS,CAAC,OAAO,CAAC,gBAAgB,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IAEtE,OAAO,MAAM,CAAC;AAChB,CAAC,oCAED,KAAK,0CAAgB,eAAwB;IAC3C,wDAAwD;IACxD,MAAM,QAAQ,GAAG,eAAe,IAAI,aAAa,CAAC;IAElD,qEAAqE;IACrE,MAAM,aAAa,GAAG,uBAAA,IAAI,uCAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACxD,IAAI,aAAa,EAAE;QACjB,OAAO,aAAa,CAAC;KACtB;IAED,6BAA6B;IAC7B,MAAM,YAAY,GAAG,uBAAA,IAAI,mEAAc,MAAlB,IAAI,EAAe,eAAe,CAAC,CAAC;IAEzD,+BAA+B;IAC/B,uBAAA,IAAI,uCAAe,CAAC,GAAG,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IAEhD,IAAI;QACF,iCAAiC;QACjC,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC;QAClC,OAAO,MAAM,CAAC;KACf;YAAS;QACR,sDAAsD;QACtD,uBAAA,IAAI,uCAAe,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;KACtC;AACH,CAAC,mGAGC,KAAa,EACb,SAAiB;IAEjB,OAAO,YAAY,KAAK,IAAI,SAAS,EAAW,CAAC;AACnD,CAAC","sourcesContent":["import type { Eip1193Provider } from 'ethers';\n\nimport {\n authenticate,\n authorizeOIDC,\n getNonce,\n getUserProfileLineage,\n} from './services';\nimport type {\n AuthConfig,\n AuthSigningOptions,\n AuthStorageOptions,\n AuthType,\n IBaseAuth,\n LoginResponse,\n UserProfile,\n UserProfileLineage,\n} from './types';\nimport type { MetaMetricsAuth } from '../../shared/types/services';\nimport { ValidationError } from '../errors';\nimport { getMetaMaskProviderEIP6963 } from '../utils/eip-6963-metamask-provider';\nimport {\n MESSAGE_SIGNING_SNAP,\n assertMessageStartsWithMetamask,\n connectSnap,\n isSnapConnected,\n} from '../utils/messaging-signing-snap-requests';\nimport { validateLoginResponse } from '../utils/validate-login-response';\n\ntype JwtBearerAuth_SRP_Options = {\n storage: AuthStorageOptions;\n signing?: AuthSigningOptions;\n};\n\nconst getDefaultEIP6963Provider = async () => {\n const provider = await getMetaMaskProviderEIP6963();\n if (!provider) {\n throw new ValidationError('No MetaMask wallet connected');\n }\n return provider;\n};\n\nconst getDefaultEIP6963SigningOptions = (\n customProvider?: Eip1193Provider,\n): AuthSigningOptions => ({\n getIdentifier: async (entropySourceId?: string): Promise<string> => {\n const provider = customProvider ?? (await getDefaultEIP6963Provider());\n return await MESSAGE_SIGNING_SNAP.getPublicKey(provider, entropySourceId);\n },\n signMessage: async (\n message: string,\n entropySourceId?: string,\n ): Promise<string> => {\n const provider = customProvider ?? (await getDefaultEIP6963Provider());\n assertMessageStartsWithMetamask(message);\n return await MESSAGE_SIGNING_SNAP.signMessage(\n provider,\n message,\n entropySourceId,\n );\n },\n});\n\nexport class SRPJwtBearerAuth implements IBaseAuth {\n readonly #config: AuthConfig;\n\n readonly #options: Required<JwtBearerAuth_SRP_Options>;\n\n readonly #metametrics?: MetaMetricsAuth;\n\n // Map to store ongoing login promises by entropySourceId\n readonly #ongoingLogins = new Map<string, Promise<LoginResponse>>();\n\n #customProvider?: Eip1193Provider;\n\n constructor(\n config: AuthConfig & { type: AuthType.SRP },\n options: JwtBearerAuth_SRP_Options & {\n customProvider?: Eip1193Provider;\n metametrics?: MetaMetricsAuth;\n },\n ) {\n this.#config = config;\n this.#customProvider = options.customProvider;\n this.#options = {\n storage: options.storage,\n signing:\n options.signing ??\n getDefaultEIP6963SigningOptions(this.#customProvider),\n };\n this.#metametrics = options.metametrics;\n }\n\n setCustomProvider(provider: Eip1193Provider) {\n this.#customProvider = provider;\n this.#options.signing = getDefaultEIP6963SigningOptions(provider);\n }\n\n // TODO: might be easier to keep entropySourceId as a class param and use multiple SRPJwtBearerAuth instances where needed\n async getAccessToken(entropySourceId?: string): Promise<string> {\n const session = await this.#getAuthSession(entropySourceId);\n if (session) {\n return session.token.accessToken;\n }\n\n const loginResponse = await this.#login(entropySourceId);\n return loginResponse.token.accessToken;\n }\n\n async getUserProfile(entropySourceId?: string): Promise<UserProfile> {\n const session = await this.#getAuthSession(entropySourceId);\n if (session) {\n return session.profile;\n }\n\n const loginResponse = await this.#login(entropySourceId);\n return loginResponse.profile;\n }\n\n async getIdentifier(entropySourceId?: string): Promise<string> {\n return await this.#options.signing.getIdentifier(entropySourceId);\n }\n\n async getUserProfileLineage(): Promise<UserProfileLineage> {\n const accessToken = await this.getAccessToken();\n return await getUserProfileLineage(this.#config.env, accessToken);\n }\n\n async signMessage(\n message: string,\n entropySourceId?: string,\n ): Promise<string> {\n return await this.#options.signing.signMessage(message, entropySourceId);\n }\n\n async isSnapConnected(): Promise<boolean> {\n const provider =\n this.#customProvider ?? (await getDefaultEIP6963Provider());\n if (!provider) {\n return false;\n }\n\n const isConnected = await isSnapConnected(provider);\n return isConnected;\n }\n\n async connectSnap(): Promise<string> {\n const provider =\n this.#customProvider ?? (await getDefaultEIP6963Provider());\n\n const res = await connectSnap(provider);\n return res;\n }\n\n // convert expiresIn from seconds to milliseconds and use 90% of expiresIn\n async #getAuthSession(\n entropySourceId?: string,\n ): Promise<LoginResponse \| null> {\n const auth = await this.#options.storage.getLoginResponse(entropySourceId);\n if (!validateLoginResponse(auth)) {\n return null;\n }\n\n const currentTime = Date.now();\n const sessionAge = currentTime - auth.token.obtainedAt;\n const refreshThreshold = auth.token.expiresIn * 1000 * 0.9;\n\n if (sessionAge < refreshThreshold) {\n return auth;\n }\n return null;\n }\n\n async #login(entropySourceId?: string): Promise<LoginResponse> {\n // Use a deferred login to avoid race conditions\n return await this.#deferredLogin(entropySourceId);\n }\n\n async #performLogin(entropySourceId?: string): Promise<LoginResponse> {\n // Nonce\n const publicKey = await this.getIdentifier(entropySourceId);\n const nonceRes = await getNonce(publicKey, this.#config.env);\n\n const rawMessage = this.#createSrpLoginRawMessage(\n nonceRes.nonce,\n publicKey,\n );\n const signature = await this.signMessage(rawMessage, entropySourceId);\n\n // Authenticate\n const authResponse = await authenticate(\n rawMessage,\n signature,\n this.#config.type,\n this.#config.env,\n this.#metametrics,\n );\n\n // Authorize\n const tokenResponse = await authorizeOIDC(\n authResponse.token,\n this.#config.env,\n this.#config.platform,\n );\n\n // Save\n const result: LoginResponse = {\n profile: authResponse.profile,\n token: tokenResponse,\n };\n\n await this.#options.storage.setLoginResponse(result, entropySourceId);\n\n return result;\n }\n\n async #deferredLogin(entropySourceId?: string): Promise<LoginResponse> {\n // Use a key that accounts for undefined entropySourceId\n const loginKey = entropySourceId ?? '__default__';\n\n // Check if there's already an ongoing login for this entropySourceId\n const existingLogin = this.#ongoingLogins.get(loginKey);\n if (existingLogin) {\n return existingLogin;\n }\n\n // Create a new login promise\n const loginPromise = this.#performLogin(entropySourceId);\n\n // Store the promise in the map\n this.#ongoingLogins.set(loginKey, loginPromise);\n\n try {\n // Wait for the login to complete\n const result = await loginPromise;\n return result;\n } finally {\n // Always clean up the ongoing login promise when done\n this.#ongoingLogins.delete(loginKey);\n }\n }\n\n #createSrpLoginRawMessage(\n nonce: string,\n publicKey: string,\n ): `metamask:${string}:${string}` {\n return `metamask:${nonce}:${publicKey}` as const;\n }\n}\n"]}
1	+ {"version":3,"file":"flow-srp.mjs","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/flow-srp.ts"],"names":[],"mappings":";;;;;;;;;;;;AAEA,OAAO,EACL,YAAY,EACZ,aAAa,EACb,QAAQ,EACR,qBAAqB,EACtB,uBAAmB;AAWpB,OAAO,KAAK,SAAS,yBAAqB;AAE1C,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,sBAAkB;AAC9D,OAAO,EAAE,0BAA0B,EAAE,gDAA4C;AACjF,OAAO,EACL,oBAAoB,EACpB,+BAA+B,EAC/B,WAAW,EACX,eAAe,EAChB,qDAAiD;AAClD,OAAO,EAAE,qBAAqB,EAAE,6CAAyC;AAUzE,MAAM,yBAAyB,GAAG,KAAK,IAAI,EAAE;IAC3C,MAAM,QAAQ,GAAG,MAAM,0BAA0B,EAAE,CAAC;IACpD,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,IAAI,eAAe,CAAC,8BAA8B,CAAC,CAAC;KAC3D;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC,CAAC;AAEF,MAAM,+BAA+B,GAAG,CACtC,cAAgC,EACZ,EAAE,CAAC,CAAC;IACxB,aAAa,EAAE,KAAK,EAAE,eAAwB,EAAmB,EAAE;QACjE,MAAM,QAAQ,GAAG,cAAc,IAAI,CAAC,MAAM,yBAAyB,EAAE,CAAC,CAAC;QACvE,OAAO,MAAM,oBAAoB,CAAC,YAAY,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;IAC5E,CAAC;IACD,WAAW,EAAE,KAAK,EAChB,OAAe,EACf,eAAwB,EACP,EAAE;QACnB,MAAM,QAAQ,GAAG,cAAc,IAAI,CAAC,MAAM,yBAAyB,EAAE,CAAC,CAAC;QACvE,+BAA+B,CAAC,OAAO,CAAC,CAAC;QACzC,OAAO,MAAM,oBAAoB,CAAC,WAAW,CAC3C,QAAQ,EACR,OAAO,EACP,eAAe,CAChB,CAAC;IACJ,CAAC;CACF,CAAC,CAAC;AAEH,MAAM,OAAO,gBAAgB;IAkB3B,YACE,MAA2C,EAC3C,OAGC;;QAtBM,2CAAoB;QAEpB,4CAGP;QAEO,gDAA+B;QAExC,yDAAyD;QAChD,0CAAiB,IAAI,GAAG,EAAkC,EAAC;QAEpE,sDAAsD;QAC7C,sDAA2B;QAEpC,mDAAkC;QAShC,uBAAA,IAAI,4BAAW,MAAM,MAAA,CAAC;QACtB,uBAAA,IAAI,oCAAmB,OAAO,CAAC,cAAc,MAAA,CAAC;QAC9C,uBAAA,IAAI,6BAAY;YACd,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,OAAO,EACL,OAAO,CAAC,OAAO;gBACf,+BAA+B,CAAC,uBAAA,IAAI,wCAAgB,CAAC;SACxD,MAAA,CAAC;QACF,uBAAA,IAAI,iCAAgB,OAAO,CAAC,WAAW,MAAA,CAAC;QAExC,4CAA4C;QAC5C,uBAAA,IAAI,uCACF,OAAO,CAAC,cAAc,EAAE,iBAAiB,IAAI,KAAK,MAAA,CAAC;IACvD,CAAC;IAED,iBAAiB,CAAC,QAAyB;QACzC,uBAAA,IAAI,oCAAmB,QAAQ,MAAA,CAAC;QAChC,uBAAA,IAAI,iCAAS,CAAC,OAAO,GAAG,+BAA+B,CAAC,QAAQ,CAAC,CAAC;IACpE,CAAC;IAED,0HAA0H;IAC1H,KAAK,CAAC,cAAc,CAAC,eAAwB;QAC3C,MAAM,OAAO,GAAG,MAAM,uBAAA,IAAI,qEAAgB,MAApB,IAAI,EAAiB,eAAe,CAAC,CAAC;QAC5D,IAAI,OAAO,EAAE;YACX,OAAO,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC;SAClC;QAED,MAAM,aAAa,GAAG,MAAM,uBAAA,IAAI,4DAAO,MAAX,IAAI,EAAQ,eAAe,CAAC,CAAC;QACzD,OAAO,aAAa,CAAC,KAAK,CAAC,WAAW,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,eAAwB;QAC3C,MAAM,OAAO,GAAG,MAAM,uBAAA,IAAI,qEAAgB,MAApB,IAAI,EAAiB,eAAe,CAAC,CAAC;QAC5D,IAAI,OAAO,EAAE;YACX,OAAO,OAAO,CAAC,OAAO,CAAC;SACxB;QAED,MAAM,aAAa,GAAG,MAAM,uBAAA,IAAI,4DAAO,MAAX,IAAI,EAAQ,eAAe,CAAC,CAAC;QACzD,OAAO,aAAa,CAAC,OAAO,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,eAAwB;QAC1C,OAAO,MAAM,uBAAA,IAAI,iCAAS,CAAC,OAAO,CAAC,aAAa,CAAC,eAAe,CAAC,CAAC;IACpE,CAAC;IAED,KAAK,CAAC,qBAAqB;QACzB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAChD,OAAO,MAAM,qBAAqB,CAAC,uBAAA,IAAI,gCAAQ,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IACpE,CAAC;IAED,KAAK,CAAC,WAAW,CACf,OAAe,EACf,eAAwB;QAExB,OAAO,MAAM,uBAAA,IAAI,iCAAS,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;IAC3E,CAAC;IAED,KAAK,CAAC,eAAe;QACnB,MAAM,QAAQ,GACZ,uBAAA,IAAI,wCAAgB,IAAI,CAAC,MAAM,yBAAyB,EAAE,CAAC,CAAC;QAC9D,IAAI,CAAC,QAAQ,EAAE;YACb,OAAO,KAAK,CAAC;SACd;QAED,MAAM,WAAW,GAAG,MAAM,eAAe,CAAC,QAAQ,CAAC,CAAC;QACpD,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,WAAW;QACf,MAAM,QAAQ,GACZ,uBAAA,IAAI,wCAAgB,IAAI,CAAC,MAAM,yBAAyB,EAAE,CAAC,CAAC;QAE9D,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,CAAC;QACxC,OAAO,GAAG,CAAC;IACb,CAAC;CA6HF;;AA3HC,0EAA0E;AAC1E,KAAK,2CACH,eAAwB;IAExB,MAAM,IAAI,GAAG,MAAM,uBAAA,IAAI,iCAAS,CAAC,OAAO,CAAC,gBAAgB,CAAC,eAAe,CAAC,CAAC;IAC3E,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE;QAChC,OAAO,IAAI,CAAC;KACb;IAED,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC/B,MAAM,UAAU,GAAG,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC;IACvD,MAAM,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,IAAI,GAAG,GAAG,CAAC;IAE3D,IAAI,UAAU,GAAG,gBAAgB,EAAE;QACjC,OAAO,IAAI,CAAC;KACb;IACD,OAAO,IAAI,CAAC;AACd,CAAC,4BAED,KAAK,kCAAQ,eAAwB;IACnC,gDAAgD;IAChD,OAAO,MAAM,uBAAA,IAAI,oEAAe,MAAnB,IAAI,EAAgB,eAAe,CAAC,CAAC;AACpD,CAAC,mCAED,KAAK,yCAAe,eAAwB;IAC1C,QAAQ;IACR,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,eAAe,CAAC,CAAC;IAC5D,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,SAAS,EAAE,uBAAA,IAAI,gCAAQ,CAAC,GAAG,CAAC,CAAC;IAE7D,MAAM,UAAU,GAAG,uBAAA,IAAI,+EAA0B,MAA9B,IAAI,EACrB,QAAQ,CAAC,KAAK,EACd,SAAS,CACV,CAAC;IACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,eAAe,CAAC,CAAC;IAEtE,eAAe;IACf,MAAM,YAAY,GAAG,MAAM,YAAY,CACrC,UAAU,EACV,SAAS,EACT,uBAAA,IAAI,gCAAQ,CAAC,IAAI,EACjB,uBAAA,IAAI,gCAAQ,CAAC,GAAG,EAChB,uBAAA,IAAI,qCAAa,CAClB,CAAC;IAEF,YAAY;IACZ,MAAM,aAAa,GAAG,MAAM,aAAa,CACvC,YAAY,CAAC,KAAK,EAClB,uBAAA,IAAI,gCAAQ,CAAC,GAAG,EAChB,uBAAA,IAAI,gCAAQ,CAAC,QAAQ,CACtB,CAAC;IAEF,OAAO;IACP,MAAM,MAAM,GAAkB;QAC5B,OAAO,EAAE,YAAY,CAAC,OAAO;QAC7B,KAAK,EAAE,aAAa;KACrB,CAAC;IAEF,MAAM,uBAAA,IAAI,iCAAS,CAAC,OAAO,CAAC,gBAAgB,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IAEtE,OAAO,MAAM,CAAC;AAChB,CAAC,oCAED,KAAK,0CAAgB,eAAwB;IAC3C,wDAAwD;IACxD,MAAM,QAAQ,GAAG,eAAe,IAAI,aAAa,CAAC;IAElD,qEAAqE;IACrE,MAAM,aAAa,GAAG,uBAAA,IAAI,uCAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACxD,IAAI,aAAa,EAAE;QACjB,OAAO,aAAa,CAAC;KACtB;IAED,6BAA6B;IAC7B,MAAM,YAAY,GAAG,uBAAA,IAAI,qEAAgB,MAApB,IAAI,EAAiB,eAAe,CAAC,CAAC;IAE3D,+BAA+B;IAC/B,uBAAA,IAAI,uCAAe,CAAC,GAAG,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IAEhD,IAAI;QACF,iCAAiC;QACjC,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC;QAClC,OAAO,MAAM,CAAC;KACf;YAAS;QACR,sDAAsD;QACtD,uBAAA,IAAI,uCAAe,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;KACtC;AACH,CAAC,qCAED,KAAK,2CAAiB,eAAwB;IAC5C,mDAAmD;IACnD,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,CAAC,EAAE,OAAO,IAAI,CAAC,EAAE;QAC/C,IAAI;YACF,OAAO,MAAM,uBAAA,IAAI,mEAAc,MAAlB,IAAI,EAAe,eAAe,CAAC,CAAC;SAClD;QAAC,OAAO,CAAC,EAAE;YACV,wCAAwC;YACxC,IAAI,CAAC,gBAAgB,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE;gBACzC,MAAM,CAAC,CAAC;aACT;YAED,oDAAoD;YACpD,IAAI,OAAO,IAAI,CAAC,EAAE;gBAChB,MAAM,CAAC,CAAC;aACT;YAED,2CAA2C;YAC3C,MAAM,MAAM,GACT,CAAsB,CAAC,YAAY,IAAI,uBAAA,IAAI,2CAAmB,CAAC;YAClE,MAAM,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAE9B,0BAA0B;SAC3B;KACF;IAED,2EAA2E;IAC3E,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;AACrE,CAAC,mGAGC,KAAa,EACb,SAAiB;IAEjB,OAAO,YAAY,KAAK,IAAI,SAAS,EAAW,CAAC;AACnD,CAAC","sourcesContent":["import type { Eip1193Provider } from 'ethers';\n\nimport {\n authenticate,\n authorizeOIDC,\n getNonce,\n getUserProfileLineage,\n} from './services';\nimport type {\n AuthConfig,\n AuthSigningOptions,\n AuthStorageOptions,\n AuthType,\n IBaseAuth,\n LoginResponse,\n UserProfile,\n UserProfileLineage,\n} from './types';\nimport * as timeUtils from './utils/time';\nimport type { MetaMetricsAuth } from '../../shared/types/services';\nimport { ValidationError, RateLimitedError } from '../errors';\nimport { getMetaMaskProviderEIP6963 } from '../utils/eip-6963-metamask-provider';\nimport {\n MESSAGE_SIGNING_SNAP,\n assertMessageStartsWithMetamask,\n connectSnap,\n isSnapConnected,\n} from '../utils/messaging-signing-snap-requests';\nimport { validateLoginResponse } from '../utils/validate-login-response';\n\ntype JwtBearerAuth_SRP_Options = {\n storage: AuthStorageOptions;\n signing?: AuthSigningOptions;\n rateLimitRetry?: {\n cooldownDefaultMs?: number; // default cooldown when 429 has no Retry-After\n };\n};\n\nconst getDefaultEIP6963Provider = async () => {\n const provider = await getMetaMaskProviderEIP6963();\n if (!provider) {\n throw new ValidationError('No MetaMask wallet connected');\n }\n return provider;\n};\n\nconst getDefaultEIP6963SigningOptions = (\n customProvider?: Eip1193Provider,\n): AuthSigningOptions => ({\n getIdentifier: async (entropySourceId?: string): Promise<string> => {\n const provider = customProvider ?? (await getDefaultEIP6963Provider());\n return await MESSAGE_SIGNING_SNAP.getPublicKey(provider, entropySourceId);\n },\n signMessage: async (\n message: string,\n entropySourceId?: string,\n ): Promise<string> => {\n const provider = customProvider ?? (await getDefaultEIP6963Provider());\n assertMessageStartsWithMetamask(message);\n return await MESSAGE_SIGNING_SNAP.signMessage(\n provider,\n message,\n entropySourceId,\n );\n },\n});\n\nexport class SRPJwtBearerAuth implements IBaseAuth {\n readonly #config: AuthConfig;\n\n readonly #options: {\n storage: AuthStorageOptions;\n signing: AuthSigningOptions;\n };\n\n readonly #metametrics?: MetaMetricsAuth;\n\n // Map to store ongoing login promises by entropySourceId\n readonly #ongoingLogins = new Map<string, Promise<LoginResponse>>();\n\n // Default cooldown when 429 has no Retry-After header\n readonly #cooldownDefaultMs: number;\n\n #customProvider?: Eip1193Provider;\n\n constructor(\n config: AuthConfig & { type: AuthType.SRP },\n options: JwtBearerAuth_SRP_Options & {\n customProvider?: Eip1193Provider;\n metametrics?: MetaMetricsAuth;\n },\n ) {\n this.#config = config;\n this.#customProvider = options.customProvider;\n this.#options = {\n storage: options.storage,\n signing:\n options.signing ??\n getDefaultEIP6963SigningOptions(this.#customProvider),\n };\n this.#metametrics = options.metametrics;\n\n // Apply rate limit retry config if provided\n this.#cooldownDefaultMs =\n options.rateLimitRetry?.cooldownDefaultMs ?? 10000;\n }\n\n setCustomProvider(provider: Eip1193Provider) {\n this.#customProvider = provider;\n this.#options.signing = getDefaultEIP6963SigningOptions(provider);\n }\n\n // TODO: might be easier to keep entropySourceId as a class param and use multiple SRPJwtBearerAuth instances where needed\n async getAccessToken(entropySourceId?: string): Promise<string> {\n const session = await this.#getAuthSession(entropySourceId);\n if (session) {\n return session.token.accessToken;\n }\n\n const loginResponse = await this.#login(entropySourceId);\n return loginResponse.token.accessToken;\n }\n\n async getUserProfile(entropySourceId?: string): Promise<UserProfile> {\n const session = await this.#getAuthSession(entropySourceId);\n if (session) {\n return session.profile;\n }\n\n const loginResponse = await this.#login(entropySourceId);\n return loginResponse.profile;\n }\n\n async getIdentifier(entropySourceId?: string): Promise<string> {\n return await this.#options.signing.getIdentifier(entropySourceId);\n }\n\n async getUserProfileLineage(): Promise<UserProfileLineage> {\n const accessToken = await this.getAccessToken();\n return await getUserProfileLineage(this.#config.env, accessToken);\n }\n\n async signMessage(\n message: string,\n entropySourceId?: string,\n ): Promise<string> {\n return await this.#options.signing.signMessage(message, entropySourceId);\n }\n\n async isSnapConnected(): Promise<boolean> {\n const provider =\n this.#customProvider ?? (await getDefaultEIP6963Provider());\n if (!provider) {\n return false;\n }\n\n const isConnected = await isSnapConnected(provider);\n return isConnected;\n }\n\n async connectSnap(): Promise<string> {\n const provider =\n this.#customProvider ?? (await getDefaultEIP6963Provider());\n\n const res = await connectSnap(provider);\n return res;\n }\n\n // convert expiresIn from seconds to milliseconds and use 90% of expiresIn\n async #getAuthSession(\n entropySourceId?: string,\n ): Promise<LoginResponse \| null> {\n const auth = await this.#options.storage.getLoginResponse(entropySourceId);\n if (!validateLoginResponse(auth)) {\n return null;\n }\n\n const currentTime = Date.now();\n const sessionAge = currentTime - auth.token.obtainedAt;\n const refreshThreshold = auth.token.expiresIn * 1000 * 0.9;\n\n if (sessionAge < refreshThreshold) {\n return auth;\n }\n return null;\n }\n\n async #login(entropySourceId?: string): Promise<LoginResponse> {\n // Use a deferred login to avoid race conditions\n return await this.#deferredLogin(entropySourceId);\n }\n\n async #performLogin(entropySourceId?: string): Promise<LoginResponse> {\n // Nonce\n const publicKey = await this.getIdentifier(entropySourceId);\n const nonceRes = await getNonce(publicKey, this.#config.env);\n\n const rawMessage = this.#createSrpLoginRawMessage(\n nonceRes.nonce,\n publicKey,\n );\n const signature = await this.signMessage(rawMessage, entropySourceId);\n\n // Authenticate\n const authResponse = await authenticate(\n rawMessage,\n signature,\n this.#config.type,\n this.#config.env,\n this.#metametrics,\n );\n\n // Authorize\n const tokenResponse = await authorizeOIDC(\n authResponse.token,\n this.#config.env,\n this.#config.platform,\n );\n\n // Save\n const result: LoginResponse = {\n profile: authResponse.profile,\n token: tokenResponse,\n };\n\n await this.#options.storage.setLoginResponse(result, entropySourceId);\n\n return result;\n }\n\n async #deferredLogin(entropySourceId?: string): Promise<LoginResponse> {\n // Use a key that accounts for undefined entropySourceId\n const loginKey = entropySourceId ?? '__default__';\n\n // Check if there's already an ongoing login for this entropySourceId\n const existingLogin = this.#ongoingLogins.get(loginKey);\n if (existingLogin) {\n return existingLogin;\n }\n\n // Create a new login promise\n const loginPromise = this.#loginWithRetry(entropySourceId);\n\n // Store the promise in the map\n this.#ongoingLogins.set(loginKey, loginPromise);\n\n try {\n // Wait for the login to complete\n const result = await loginPromise;\n return result;\n } finally {\n // Always clean up the ongoing login promise when done\n this.#ongoingLogins.delete(loginKey);\n }\n }\n\n async #loginWithRetry(entropySourceId?: string): Promise<LoginResponse> {\n // Allow max 2 attempts: initial + one retry on 429\n for (let attempt = 0; attempt < 2; attempt += 1) {\n try {\n return await this.#performLogin(entropySourceId);\n } catch (e) {\n // Only retry on rate-limit (429) errors\n if (!RateLimitedError.isRateLimitError(e)) {\n throw e;\n }\n\n // If we've exhausted attempts (>= 1 retry), rethrow\n if (attempt >= 1) {\n throw e;\n }\n\n // Wait for Retry-After or default cooldown\n const waitMs =\n (e as RateLimitedError).retryAfterMs ?? this.#cooldownDefaultMs;\n await timeUtils.delay(waitMs);\n\n // Loop continues to retry\n }\n }\n\n // Should never reach here due to loop logic, but TypeScript needs a return\n throw new Error('Unexpected: login loop exhausted without result');\n }\n\n #createSrpLoginRawMessage(\n nonce: string,\n publicKey: string,\n ): `metamask:${string}:${string}` {\n return `metamask:${nonce}:${publicKey}` as const;\n }\n}\n"]}

package/dist/sdk/authentication-jwt-bearer/services.cjs CHANGED Viewed

@@ -4,6 +4,51 @@ exports.getUserProfileLineage = exports.authenticate = exports.authorizeOIDC = e
 const types_1 = require("./types.cjs");
 const env_1 = require("../../shared/env.cjs");
 const errors_1 = require("../errors.cjs");
+/**
+ * Parse Retry-After header into milliseconds if possible.
+ * Supports seconds or HTTP-date formats.
+ *
+ * @param retryAfterHeader - The Retry-After header value (seconds or HTTP-date)
+ * @returns The retry delay in milliseconds, or null if parsing fails
+ */
+function parseRetryAfter(retryAfterHeader) {
+    if (!retryAfterHeader) {
+        return null;
+    }
+    const seconds = Number(retryAfterHeader);
+    if (!Number.isNaN(seconds)) {
+        return seconds * 1000;
+    }
+    const date = Date.parse(retryAfterHeader);
+    if (!Number.isNaN(date)) {
+        const diff = date - Date.now();
+        return diff > 0 ? diff : null;
+    }
+    return null;
+}
+/**
+ * Handle HTTP error responses with rate limiting support.
+ *
+ * @param response - The HTTP response object
+ * @param errorPrefix - Optional prefix for the error message
+ * @throws RateLimitedError for 429 responses
+ * @throws Error for other error responses
+ */
+async function handleErrorResponse(response, errorPrefix) {
+    const { status } = response;
+    const retryAfterHeader = response.headers.get('Retry-After');
+    const retryAfterMs = parseRetryAfter(retryAfterHeader);
+    const responseBody = (await response.json());
+    const message = 'message' in responseBody
+        ? responseBody.message
+        : responseBody.error_description;
+    const { error } = responseBody;
+    if (status === 429) {
+        throw new errors_1.RateLimitedError(`HTTP 429: ${message} (error: ${error})`, retryAfterMs ?? undefined);
+    }
+    const prefix = errorPrefix ? `${errorPrefix} ` : '';
+    throw new Error(`${prefix}HTTP ${status} error: ${message}, error: ${error}`);
+}
 const NONCE_URL = (env) => `${(0, env_1.getEnvUrls)(env).authApiUrl}/api/v2/nonce`;
 exports.NONCE_URL = NONCE_URL;
 const PAIR_IDENTIFIERS = (env) => `${(0, env_1.getEnvUrls)(env).authApiUrl}/api/v2/identifiers/pair`;
@@ -51,11 +96,14 @@ async function pairIdentifiers(nonce, logins, accessToken, env) {
             }),
         });
         if (!response.ok) {
-            const responseBody = (await response.json());
-            throw new Error(`HTTP error message: ${responseBody.message}, error: ${responseBody.error}`);
+            await handleErrorResponse(response);
         }
     }
     catch (e) {
+        // Re-throw RateLimitedError to preserve 429 status and retry metadata
+        if (errors_1.RateLimitedError.isRateLimitError(e)) {
+            throw e;
+        }
         /* istanbul ignore next */
         const errorMessage = e instanceof Error ? e.message : JSON.stringify(e ?? '');
         throw new errors_1.PairError(`unable to pair identifiers: ${errorMessage}`);
@@ -75,8 +123,7 @@ async function getNonce(id, env) {
     try {
         const nonceResponse = await fetch(nonceUrl.toString());
         if (!nonceResponse.ok) {
-            const responseBody = (await nonceResponse.json());
-            throw new Error(`HTTP error message: ${responseBody.message}, error: ${responseBody.error}`);
+            await handleErrorResponse(nonceResponse);
         }
         const nonceJson = await nonceResponse.json();
         return {
@@ -86,6 +133,10 @@ async function getNonce(id, env) {
         };
     }
     catch (e) {
+        // Re-throw RateLimitedError to preserve 429 status and retry metadata
+        if (errors_1.RateLimitedError.isRateLimitError(e)) {
+            throw e;
+        }
         /* istanbul ignore next */
         const errorMessage = e instanceof Error ? e.message : JSON.stringify(e ?? '');
         throw new errors_1.NonceRetrievalError(`failed to generate nonce: ${errorMessage}`);
@@ -116,8 +167,7 @@ async function authorizeOIDC(jwtToken, env, platform) {
             body: urlEncodedBody.toString(),
         });
         if (!response.ok) {
-            const responseBody = (await response.json());
-            throw new Error(`HTTP error: ${responseBody.error_description}, error code: ${responseBody.error}`);
+            await handleErrorResponse(response);
         }
         const accessTokenResponse = await response.json();
         return {
@@ -127,6 +177,10 @@ async function authorizeOIDC(jwtToken, env, platform) {
         };
     }
     catch (e) {
+        // Re-throw RateLimitedError to preserve 429 status and retry metadata
+        if (errors_1.RateLimitedError.isRateLimitError(e)) {
+            throw e;
+        }
         /* istanbul ignore next */
         const errorMessage = e instanceof Error ? e.message : JSON.stringify(e ?? '');
         throw new errors_1.SignInError(`unable to get access token: ${errorMessage}`);
@@ -165,8 +219,7 @@ async function authenticate(rawMessage, signature, authType, env, metametrics) {
             }),
         });
         if (!response.ok) {
-            const responseBody = (await response.json());
-            throw new Error(`${authType} login HTTP error: ${responseBody.message}, error code: ${responseBody.error}`);
+            await handleErrorResponse(response, `${authType} login`);
         }
         const loginResponse = await response.json();
         return {
@@ -180,6 +233,10 @@ async function authenticate(rawMessage, signature, authType, env, metametrics) {
         };
     }
     catch (e) {
+        // Re-throw RateLimitedError to preserve 429 status and retry metadata
+        if (errors_1.RateLimitedError.isRateLimitError(e)) {
+            throw e;
+        }
         /* istanbul ignore next */
         const errorMessage = e instanceof Error ? e.message : JSON.stringify(e ?? '');
         throw new errors_1.SignInError(`unable to perform SRP login: ${errorMessage}`);
@@ -203,13 +260,16 @@ async function getUserProfileLineage(env, accessToken) {
             },
         });
         if (!response.ok) {
-            const responseBody = (await response.json());
-            throw new Error(`HTTP error message: ${responseBody.message}, error: ${responseBody.error}`);
+            await handleErrorResponse(response, 'profile lineage');
         }
         const profileJson = await response.json();
         return profileJson;
     }
     catch (e) {
+        // Re-throw RateLimitedError to preserve 429 status and retry metadata
+        if (errors_1.RateLimitedError.isRateLimitError(e)) {
+            throw e;
+        }
         /* istanbul ignore next */
         const errorMessage = e instanceof Error ? e.message : JSON.stringify(e ?? '');
         throw new errors_1.SignInError(`failed to get profile lineage: ${errorMessage}`);

package/dist/sdk/authentication-jwt-bearer/services.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"services.cjs","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/services.ts"],"names":[],"mappings":";;;AAMA,uCAAmC;AAEnC,8CAA+D;AAE/D,0CAKmB;AAEZ,MAAM,SAAS,GAAG,CAAC,GAAQ,EAAE,EAAE,CACpC,GAAG,IAAA,gBAAU,EAAC,GAAG,CAAC,CAAC,UAAU,eAAe,CAAC;AADlC,QAAA,SAAS,aACyB;AAExC,MAAM,gBAAgB,GAAG,CAAC,GAAQ,EAAE,EAAE,CAC3C,GAAG,IAAA,gBAAU,EAAC,GAAG,CAAC,CAAC,UAAU,0BAA0B,CAAC;AAD7C,QAAA,gBAAgB,oBAC6B;AAEnD,MAAM,cAAc,GAAG,CAAC,GAAQ,EAAE,EAAE,CACzC,GAAG,IAAA,gBAAU,EAAC,GAAG,CAAC,CAAC,UAAU,eAAe,CAAC;AADlC,QAAA,cAAc,kBACoB;AAExC,MAAM,aAAa,GAAG,CAAC,GAAQ,EAAE,EAAE,CACxC,GAAG,IAAA,gBAAU,EAAC,GAAG,CAAC,CAAC,UAAU,mBAAmB,CAAC;AADtC,QAAA,aAAa,iBACyB;AAE5C,MAAM,cAAc,GAAG,CAAC,GAAQ,EAAE,EAAE,CACzC,GAAG,IAAA,gBAAU,EAAC,GAAG,CAAC,CAAC,UAAU,oBAAoB,CAAC;AADvC,QAAA,cAAc,kBACyB;AAE7C,MAAM,mBAAmB,GAAG,CAAC,GAAQ,EAAE,EAAE,CAC9C,GAAG,IAAA,gBAAU,EAAC,GAAG,CAAC,CAAC,UAAU,yBAAyB,CAAC;AAD5C,QAAA,mBAAmB,uBACyB;AAEzD,MAAM,oBAAoB,GAAG,CAAC,QAAkB,EAAE,GAAQ,EAAU,EAAE;IACpE,QAAQ,QAAQ,EAAE;QAChB,KAAK,gBAAQ,CAAC,GAAG;YACf,OAAO,IAAA,qBAAa,EAAC,GAAG,CAAC,CAAC;QAC5B,KAAK,gBAAQ,CAAC,IAAI;YAChB,OAAO,IAAA,sBAAc,EAAC,GAAG,CAAC,CAAC;QAC7B,0BAA0B;QAC1B;YACE,MAAM,IAAI,wBAAe,CACvB,qBAAqB,QAAkB,8BAA8B,CACtE,CAAC;KACL;AACH,CAAC,CAAC;AAeF;;;;;;;;GAQG;AACI,KAAK,UAAU,eAAe,CACnC,KAAa,EACb,MAAqB,EACrB,WAAmB,EACnB,GAAQ;IAER,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,IAAA,wBAAgB,EAAC,GAAG,CAAC,CAAC,CAAC;IAE/C,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,EAAE;YACpC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,aAAa,EAAE,UAAU,WAAW,EAAE;aACvC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,KAAK;gBACL,MAAM;aACP,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;YAChB,MAAM,YAAY,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAiB,CAAC;YAC7D,MAAM,IAAI,KAAK,CACb,uBAAuB,YAAY,CAAC,OAAO,YAAY,YAAY,CAAC,KAAK,EAAE,CAC5E,CAAC;SACH;KACF;IAAC,OAAO,CAAC,EAAE;QACV,0BAA0B;QAC1B,MAAM,YAAY,GAChB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3D,MAAM,IAAI,kBAAS,CAAC,+BAA+B,YAAY,EAAE,CAAC,CAAC;KACpE;AACH,CAAC;AAjCD,0CAiCC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,QAAQ,CAAC,EAAU,EAAE,GAAQ;IACjD,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,IAAA,iBAAS,EAAC,GAAG,CAAC,CAAC,CAAC;IACzC,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;IAE5C,IAAI;QACF,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC;QACvD,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE;YACrB,MAAM,YAAY,GAAG,CAAC,MAAM,aAAa,CAAC,IAAI,EAAE,CAAiB,CAAC;YAClE,MAAM,IAAI,KAAK,CACb,uBAAuB,YAAY,CAAC,OAAO,YAAY,YAAY,CAAC,KAAK,EAAE,CAC5E,CAAC;SACH;QAED,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAC;QAC7C,OAAO;YACL,KAAK,EAAE,SAAS,CAAC,KAAK;YACtB,UAAU,EAAE,SAAS,CAAC,UAAU;YAChC,SAAS,EAAE,SAAS,CAAC,UAAU;SAChC,CAAC;KACH;IAAC,OAAO,CAAC,EAAE;QACV,0BAA0B;QAC1B,MAAM,YAAY,GAChB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3D,MAAM,IAAI,4BAAmB,CAAC,6BAA6B,YAAY,EAAE,CAAC,CAAC;KAC5E;AACH,CAAC;AAzBD,4BAyBC;AAED;;;;;;;GAOG;AACI,KAAK,UAAU,aAAa,CACjC,QAAgB,EAChB,GAAQ,EACR,QAAkB;IAElB,MAAM,SAAS,GAAG,6CAA6C,CAAC;IAChE,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC;QAC1B,cAAc,EAAE,mCAAmC;KACpD,CAAC,CAAC;IAEH,MAAM,cAAc,GAAG,IAAI,eAAe,EAAE,CAAC;IAC7C,cAAc,CAAC,MAAM,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;IAC/C,cAAc,CAAC,MAAM,CAAC,WAAW,EAAE,IAAA,qBAAe,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC;IACnE,cAAc,CAAC,MAAM,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAE7C,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAA,sBAAc,EAAC,GAAG,CAAC,EAAE;YAChD,MAAM,EAAE,MAAM;YACd,OAAO;YACP,IAAI,EAAE,cAAc,CAAC,QAAQ,EAAE;SAChC,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;YAChB,MAAM,YAAY,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAG1C,CAAC;YACF,MAAM,IAAI,KAAK,CACb,eAAe,YAAY,CAAC,iBAAiB,iBAAiB,YAAY,CAAC,KAAK,EAAE,CACnF,CAAC;SACH;QAED,MAAM,mBAAmB,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAClD,OAAO;YACL,WAAW,EAAE,mBAAmB,CAAC,YAAY;YAC7C,SAAS,EAAE,mBAAmB,CAAC,UAAU;YACzC,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;SACvB,CAAC;KACH;IAAC,OAAO,CAAC,EAAE;QACV,0BAA0B;QAC1B,MAAM,YAAY,GAChB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3D,MAAM,IAAI,oBAAW,CAAC,+BAA+B,YAAY,EAAE,CAAC,CAAC;KACtE;AACH,CAAC;AA5CD,sCA4CC;AAOD;;;;;;;;;GASG;AACI,KAAK,UAAU,YAAY,CAChC,UAAkB,EAClB,SAAiB,EACjB,QAAkB,EAClB,GAAQ,EACR,WAA6B;IAE7B,MAAM,iBAAiB,GAAG,oBAAoB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IAE9D,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,iBAAiB,EAAE;YAC9C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,SAAS;gBACT,WAAW,EAAE,UAAU;gBACvB,GAAG,CAAC,WAAW;oBACb,CAAC,CAAC;wBACE,WAAW,EAAE;4BACX,cAAc,EAAE,MAAM,WAAW,CAAC,gBAAgB,EAAE;4BACpD,KAAK,EAAE,WAAW,CAAC,KAAK;yBACzB;qBACF;oBACH,CAAC,CAAC,EAAE,CAAC;aACR,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;YAChB,MAAM,YAAY,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAiB,CAAC;YAC7D,MAAM,IAAI,KAAK,CACb,GAAG,QAAQ,sBAAsB,YAAY,CAAC,OAAO,iBAAiB,YAAY,CAAC,KAAK,EAAE,CAC3F,CAAC;SACH;QAED,MAAM,aAAa,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC5C,OAAO;YACL,KAAK,EAAE,aAAa,CAAC,KAAK;YAC1B,SAAS,EAAE,aAAa,CAAC,UAAU;YACnC,OAAO,EAAE;gBACP,YAAY,EAAE,aAAa,CAAC,OAAO,CAAC,aAAa;gBACjD,aAAa,EAAE,aAAa,CAAC,OAAO,CAAC,cAAc;gBACnD,SAAS,EAAE,aAAa,CAAC,OAAO,CAAC,UAAU;aAC5C;SACF,CAAC;KACH;IAAC,OAAO,CAAC,EAAE;QACV,0BAA0B;QAC1B,MAAM,YAAY,GAChB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3D,MAAM,IAAI,oBAAW,CAAC,gCAAgC,YAAY,EAAE,CAAC,CAAC;KACvE;AACH,CAAC;AApDD,oCAoDC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,qBAAqB,CACzC,GAAQ,EACR,WAAmB;IAEnB,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,IAAA,2BAAmB,EAAC,GAAG,CAAC,CAAC,CAAC;IAE5D,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,iBAAiB,EAAE;YAC9C,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,WAAW,EAAE;aACvC;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;YAChB,MAAM,YAAY,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAiB,CAAC;YAC7D,MAAM,IAAI,KAAK,CACb,uBAAuB,YAAY,CAAC,OAAO,YAAY,YAAY,CAAC,KAAK,EAAE,CAC5E,CAAC;SACH;QAED,MAAM,WAAW,GAAuB,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAE9D,OAAO,WAAW,CAAC;KACpB;IAAC,OAAO,CAAC,EAAE;QACV,0BAA0B;QAC1B,MAAM,YAAY,GAChB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3D,MAAM,IAAI,oBAAW,CAAC,kCAAkC,YAAY,EAAE,CAAC,CAAC;KACzE;AACH,CAAC;AA9BD,sDA8BC","sourcesContent":["import type {\n AccessToken,\n ErrorMessage,\n UserProfile,\n UserProfileLineage,\n} from './types';\nimport { AuthType } from './types';\nimport type { Env, Platform } from '../../shared/env';\nimport { getEnvUrls, getOidcClientId } from '../../shared/env';\nimport type { MetaMetricsAuth } from '../../shared/types/services';\nimport {\n NonceRetrievalError,\n PairError,\n SignInError,\n ValidationError,\n} from '../errors';\n\nexport const NONCE_URL = (env: Env) =>\n `${getEnvUrls(env).authApiUrl}/api/v2/nonce`;\n\nexport const PAIR_IDENTIFIERS = (env: Env) =>\n `${getEnvUrls(env).authApiUrl}/api/v2/identifiers/pair`;\n\nexport const OIDC_TOKEN_URL = (env: Env) =>\n `${getEnvUrls(env).oidcApiUrl}/oauth2/token`;\n\nexport const SRP_LOGIN_URL = (env: Env) =>\n `${getEnvUrls(env).authApiUrl}/api/v2/srp/login`;\n\nexport const SIWE_LOGIN_URL = (env: Env) =>\n `${getEnvUrls(env).authApiUrl}/api/v2/siwe/login`;\n\nexport const PROFILE_LINEAGE_URL = (env: Env) =>\n `${getEnvUrls(env).authApiUrl}/api/v2/profile/lineage`;\n\nconst getAuthenticationUrl = (authType: AuthType, env: Env): string => {\n switch (authType) {\n case AuthType.SRP:\n return SRP_LOGIN_URL(env);\n case AuthType.SiWE:\n return SIWE_LOGIN_URL(env);\n /* istanbul ignore next /\n default:\n throw new ValidationError(\n `Invalid AuthType: ${authType as number} - unable to create Auth URL`,\n );\n }\n};\n\ntype NonceResponse = {\n nonce: string;\n identifier: string;\n expiresIn: number;\n};\n\ntype PairRequest = {\n signature: string;\n raw_message: string;\n encrypted_storage_key: string;\n identifier_type: 'SIWE' \| 'SRP';\n};\n\n/\n Pair multiple identifiers under a single profile\n \n @param nonce - session nonce\n * @param logins - pairing request payload\n * @param accessToken - JWT access token used to access protected resources\n * @param env - server environment\n * @returns void.\n /\nexport async function pairIdentifiers(\n nonce: string,\n logins: PairRequest[],\n accessToken: string,\n env: Env,\n): Promise<void> {\n const pairUrl = new URL(PAIR_IDENTIFIERS(env));\n\n try {\n const response = await fetch(pairUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Authorization: `Bearer ${accessToken}`,\n },\n body: JSON.stringify({\n nonce,\n logins,\n }),\n });\n\n if (!response.ok) {\n const responseBody = (await response.json()) as ErrorMessage;\n throw new Error(\n `HTTP error message: ${responseBody.message}, error: ${responseBody.error}`,\n );\n }\n } catch (e) {\n / istanbul ignore next /\n const errorMessage =\n e instanceof Error ? e.message : JSON.stringify(e ?? '');\n throw new PairError(`unable to pair identifiers: ${errorMessage}`);\n }\n}\n\n/\n Service to Get Nonce for JWT Bearer Flow\n \n @param id - identifier ID\n * @param env - server environment\n * @returns the nonce.\n /\nexport async function getNonce(id: string, env: Env): Promise<NonceResponse> {\n const nonceUrl = new URL(NONCE_URL(env));\n nonceUrl.searchParams.set('identifier', id);\n\n try {\n const nonceResponse = await fetch(nonceUrl.toString());\n if (!nonceResponse.ok) {\n const responseBody = (await nonceResponse.json()) as ErrorMessage;\n throw new Error(\n `HTTP error message: ${responseBody.message}, error: ${responseBody.error}`,\n );\n }\n\n const nonceJson = await nonceResponse.json();\n return {\n nonce: nonceJson.nonce,\n identifier: nonceJson.identifier,\n expiresIn: nonceJson.expires_in,\n };\n } catch (e) {\n / istanbul ignore next /\n const errorMessage =\n e instanceof Error ? e.message : JSON.stringify(e ?? '');\n throw new NonceRetrievalError(`failed to generate nonce: ${errorMessage}`);\n }\n}\n\n/\n Service to Authorize And perform OIDC Flow to get the Access Token\n \n @param jwtToken - The original token received from Authentication. This is traded for the Access Token. (the authentication token is single-use)\n * @param env - server environment\n * @param platform - SDK platform\n * @returns Access Token from Authorization server\n /\nexport async function authorizeOIDC(\n jwtToken: string,\n env: Env,\n platform: Platform,\n): Promise<AccessToken> {\n const grantType = 'urn:ietf:params:oauth:grant-type:jwt-bearer';\n const headers = new Headers({\n 'Content-Type': 'application/x-www-form-urlencoded',\n });\n\n const urlEncodedBody = new URLSearchParams();\n urlEncodedBody.append('grant_type', grantType);\n urlEncodedBody.append('client_id', getOidcClientId(env, platform));\n urlEncodedBody.append('assertion', jwtToken);\n\n try {\n const response = await fetch(OIDC_TOKEN_URL(env), {\n method: 'POST',\n headers,\n body: urlEncodedBody.toString(),\n });\n\n if (!response.ok) {\n const responseBody = (await response.json()) as {\n error_description: string;\n error: string;\n };\n throw new Error(\n `HTTP error: ${responseBody.error_description}, error code: ${responseBody.error}`,\n );\n }\n\n const accessTokenResponse = await response.json();\n return {\n accessToken: accessTokenResponse.access_token,\n expiresIn: accessTokenResponse.expires_in,\n obtainedAt: Date.now(),\n };\n } catch (e) {\n / istanbul ignore next /\n const errorMessage =\n e instanceof Error ? e.message : JSON.stringify(e ?? '');\n throw new SignInError(`unable to get access token: ${errorMessage}`);\n }\n}\n\ntype Authentication = {\n token: string;\n expiresIn: number;\n profile: UserProfile;\n};\n/\n Service to Authenticate/Login a user via SIWE or SRP derived key.\n \n @param rawMessage - raw message for validation when authenticating\n * @param signature - signed raw message\n * @param authType - authentication type/flow used\n * @param env - server environment\n * @param metametrics - optional metametrics\n * @returns Authentication Token\n /\nexport async function authenticate(\n rawMessage: string,\n signature: string,\n authType: AuthType,\n env: Env,\n metametrics?: MetaMetricsAuth,\n): Promise<Authentication> {\n const authenticationUrl = getAuthenticationUrl(authType, env);\n\n try {\n const response = await fetch(authenticationUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify({\n signature,\n raw_message: rawMessage,\n ...(metametrics\n ? {\n metametrics: {\n metametrics_id: await metametrics.getMetaMetricsId(),\n agent: metametrics.agent,\n },\n }\n : {}),\n }),\n });\n\n if (!response.ok) {\n const responseBody = (await response.json()) as ErrorMessage;\n throw new Error(\n `${authType} login HTTP error: ${responseBody.message}, error code: ${responseBody.error}`,\n );\n }\n\n const loginResponse = await response.json();\n return {\n token: loginResponse.token,\n expiresIn: loginResponse.expires_in,\n profile: {\n identifierId: loginResponse.profile.identifier_id,\n metaMetricsId: loginResponse.profile.metametrics_id,\n profileId: loginResponse.profile.profile_id,\n },\n };\n } catch (e) {\n / istanbul ignore next /\n const errorMessage =\n e instanceof Error ? e.message : JSON.stringify(e ?? '');\n throw new SignInError(`unable to perform SRP login: ${errorMessage}`);\n }\n}\n\n/\n Service to get the Profile Lineage\n \n @param env - server environment\n * @param accessToken - JWT access token used to access protected resources\n * @returns Profile Lineage information.\n /\nexport async function getUserProfileLineage(\n env: Env,\n accessToken: string,\n): Promise<UserProfileLineage> {\n const profileLineageUrl = new URL(PROFILE_LINEAGE_URL(env));\n\n try {\n const response = await fetch(profileLineageUrl, {\n method: 'GET',\n headers: {\n Authorization: `Bearer ${accessToken}`,\n },\n });\n\n if (!response.ok) {\n const responseBody = (await response.json()) as ErrorMessage;\n throw new Error(\n `HTTP error message: ${responseBody.message}, error: ${responseBody.error}`,\n );\n }\n\n const profileJson: UserProfileLineage = await response.json();\n\n return profileJson;\n } catch (e) {\n / istanbul ignore next */\n const errorMessage =\n e instanceof Error ? e.message : JSON.stringify(e ?? '');\n throw new SignInError(`failed to get profile lineage: ${errorMessage}`);\n }\n}\n"]}
1	+ {"version":3,"file":"services.cjs","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/services.ts"],"names":[],"mappings":";;;AAMA,uCAAmC;AAEnC,8CAA+D;AAE/D,0CAMmB;AAEnB;;;;;;GAMG;AACH,SAAS,eAAe,CAAC,gBAA+B;IACtD,IAAI,CAAC,gBAAgB,EAAE;QACrB,OAAO,IAAI,CAAC;KACb;IACD,MAAM,OAAO,GAAG,MAAM,CAAC,gBAAgB,CAAC,CAAC;IACzC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE;QAC1B,OAAO,OAAO,GAAG,IAAI,CAAC;KACvB;IACD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAC1C,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE;QACvB,MAAM,IAAI,GAAG,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC/B,OAAO,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;KAC/B;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;GAOG;AACH,KAAK,UAAU,mBAAmB,CAChC,QAAkB,EAClB,WAAoB;IAEpB,MAAM,EAAE,MAAM,EAAE,GAAG,QAAQ,CAAC;IAC5B,MAAM,gBAAgB,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IAC7D,MAAM,YAAY,GAAG,eAAe,CAAC,gBAAgB,CAAC,CAAC;IAEvD,MAAM,YAAY,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAEK,CAAC;IAEjD,MAAM,OAAO,GACX,SAAS,IAAI,YAAY;QACvB,CAAC,CAAC,YAAY,CAAC,OAAO;QACtB,CAAC,CAAC,YAAY,CAAC,iBAAiB,CAAC;IACrC,MAAM,EAAE,KAAK,EAAE,GAAG,YAAY,CAAC;IAE/B,IAAI,MAAM,KAAK,GAAG,EAAE;QAClB,MAAM,IAAI,yBAAgB,CACxB,aAAa,OAAO,YAAY,KAAK,GAAG,EACxC,YAAY,IAAI,SAAS,CAC1B,CAAC;KACH;IAED,MAAM,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,GAAG,WAAW,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IACpD,MAAM,IAAI,KAAK,CAAC,GAAG,MAAM,QAAQ,MAAM,WAAW,OAAO,YAAY,KAAK,EAAE,CAAC,CAAC;AAChF,CAAC;AAEM,MAAM,SAAS,GAAG,CAAC,GAAQ,EAAE,EAAE,CACpC,GAAG,IAAA,gBAAU,EAAC,GAAG,CAAC,CAAC,UAAU,eAAe,CAAC;AADlC,QAAA,SAAS,aACyB;AAExC,MAAM,gBAAgB,GAAG,CAAC,GAAQ,EAAE,EAAE,CAC3C,GAAG,IAAA,gBAAU,EAAC,GAAG,CAAC,CAAC,UAAU,0BAA0B,CAAC;AAD7C,QAAA,gBAAgB,oBAC6B;AAEnD,MAAM,cAAc,GAAG,CAAC,GAAQ,EAAE,EAAE,CACzC,GAAG,IAAA,gBAAU,EAAC,GAAG,CAAC,CAAC,UAAU,eAAe,CAAC;AADlC,QAAA,cAAc,kBACoB;AAExC,MAAM,aAAa,GAAG,CAAC,GAAQ,EAAE,EAAE,CACxC,GAAG,IAAA,gBAAU,EAAC,GAAG,CAAC,CAAC,UAAU,mBAAmB,CAAC;AADtC,QAAA,aAAa,iBACyB;AAE5C,MAAM,cAAc,GAAG,CAAC,GAAQ,EAAE,EAAE,CACzC,GAAG,IAAA,gBAAU,EAAC,GAAG,CAAC,CAAC,UAAU,oBAAoB,CAAC;AADvC,QAAA,cAAc,kBACyB;AAE7C,MAAM,mBAAmB,GAAG,CAAC,GAAQ,EAAE,EAAE,CAC9C,GAAG,IAAA,gBAAU,EAAC,GAAG,CAAC,CAAC,UAAU,yBAAyB,CAAC;AAD5C,QAAA,mBAAmB,uBACyB;AAEzD,MAAM,oBAAoB,GAAG,CAAC,QAAkB,EAAE,GAAQ,EAAU,EAAE;IACpE,QAAQ,QAAQ,EAAE;QAChB,KAAK,gBAAQ,CAAC,GAAG;YACf,OAAO,IAAA,qBAAa,EAAC,GAAG,CAAC,CAAC;QAC5B,KAAK,gBAAQ,CAAC,IAAI;YAChB,OAAO,IAAA,sBAAc,EAAC,GAAG,CAAC,CAAC;QAC7B,0BAA0B;QAC1B;YACE,MAAM,IAAI,wBAAe,CACvB,qBAAqB,QAAkB,8BAA8B,CACtE,CAAC;KACL;AACH,CAAC,CAAC;AAeF;;;;;;;;GAQG;AACI,KAAK,UAAU,eAAe,CACnC,KAAa,EACb,MAAqB,EACrB,WAAmB,EACnB,GAAQ;IAER,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,IAAA,wBAAgB,EAAC,GAAG,CAAC,CAAC,CAAC;IAE/C,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,EAAE;YACpC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,aAAa,EAAE,UAAU,WAAW,EAAE;aACvC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,KAAK;gBACL,MAAM;aACP,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;YAChB,MAAM,mBAAmB,CAAC,QAAQ,CAAC,CAAC;SACrC;KACF;IAAC,OAAO,CAAC,EAAE;QACV,sEAAsE;QACtE,IAAI,yBAAgB,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE;YACxC,MAAM,CAAC,CAAC;SACT;QACD,0BAA0B;QAC1B,MAAM,YAAY,GAChB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3D,MAAM,IAAI,kBAAS,CAAC,+BAA+B,YAAY,EAAE,CAAC,CAAC;KACpE;AACH,CAAC;AAlCD,0CAkCC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,QAAQ,CAAC,EAAU,EAAE,GAAQ;IACjD,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,IAAA,iBAAS,EAAC,GAAG,CAAC,CAAC,CAAC;IACzC,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;IAE5C,IAAI;QACF,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC;QACvD,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE;YACrB,MAAM,mBAAmB,CAAC,aAAa,CAAC,CAAC;SAC1C;QAED,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAC;QAC7C,OAAO;YACL,KAAK,EAAE,SAAS,CAAC,KAAK;YACtB,UAAU,EAAE,SAAS,CAAC,UAAU;YAChC,SAAS,EAAE,SAAS,CAAC,UAAU;SAChC,CAAC;KACH;IAAC,OAAO,CAAC,EAAE;QACV,sEAAsE;QACtE,IAAI,yBAAgB,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE;YACxC,MAAM,CAAC,CAAC;SACT;QACD,0BAA0B;QAC1B,MAAM,YAAY,GAChB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3D,MAAM,IAAI,4BAAmB,CAAC,6BAA6B,YAAY,EAAE,CAAC,CAAC;KAC5E;AACH,CAAC;AA1BD,4BA0BC;AAED;;;;;;;GAOG;AACI,KAAK,UAAU,aAAa,CACjC,QAAgB,EAChB,GAAQ,EACR,QAAkB;IAElB,MAAM,SAAS,GAAG,6CAA6C,CAAC;IAChE,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC;QAC1B,cAAc,EAAE,mCAAmC;KACpD,CAAC,CAAC;IAEH,MAAM,cAAc,GAAG,IAAI,eAAe,EAAE,CAAC;IAC7C,cAAc,CAAC,MAAM,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;IAC/C,cAAc,CAAC,MAAM,CAAC,WAAW,EAAE,IAAA,qBAAe,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC;IACnE,cAAc,CAAC,MAAM,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAE7C,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAA,sBAAc,EAAC,GAAG,CAAC,EAAE;YAChD,MAAM,EAAE,MAAM;YACd,OAAO;YACP,IAAI,EAAE,cAAc,CAAC,QAAQ,EAAE;SAChC,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;YAChB,MAAM,mBAAmB,CAAC,QAAQ,CAAC,CAAC;SACrC;QAED,MAAM,mBAAmB,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAClD,OAAO;YACL,WAAW,EAAE,mBAAmB,CAAC,YAAY;YAC7C,SAAS,EAAE,mBAAmB,CAAC,UAAU;YACzC,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;SACvB,CAAC;KACH;IAAC,OAAO,CAAC,EAAE;QACV,sEAAsE;QACtE,IAAI,yBAAgB,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE;YACxC,MAAM,CAAC,CAAC;SACT;QACD,0BAA0B;QAC1B,MAAM,YAAY,GAChB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3D,MAAM,IAAI,oBAAW,CAAC,+BAA+B,YAAY,EAAE,CAAC,CAAC;KACtE;AACH,CAAC;AA1CD,sCA0CC;AAOD;;;;;;;;;GASG;AACI,KAAK,UAAU,YAAY,CAChC,UAAkB,EAClB,SAAiB,EACjB,QAAkB,EAClB,GAAQ,EACR,WAA6B;IAE7B,MAAM,iBAAiB,GAAG,oBAAoB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IAE9D,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,iBAAiB,EAAE;YAC9C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,SAAS;gBACT,WAAW,EAAE,UAAU;gBACvB,GAAG,CAAC,WAAW;oBACb,CAAC,CAAC;wBACE,WAAW,EAAE;4BACX,cAAc,EAAE,MAAM,WAAW,CAAC,gBAAgB,EAAE;4BACpD,KAAK,EAAE,WAAW,CAAC,KAAK;yBACzB;qBACF;oBACH,CAAC,CAAC,EAAE,CAAC;aACR,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;YAChB,MAAM,mBAAmB,CAAC,QAAQ,EAAE,GAAG,QAAQ,QAAQ,CAAC,CAAC;SAC1D;QAED,MAAM,aAAa,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC5C,OAAO;YACL,KAAK,EAAE,aAAa,CAAC,KAAK;YAC1B,SAAS,EAAE,aAAa,CAAC,UAAU;YACnC,OAAO,EAAE;gBACP,YAAY,EAAE,aAAa,CAAC,OAAO,CAAC,aAAa;gBACjD,aAAa,EAAE,aAAa,CAAC,OAAO,CAAC,cAAc;gBACnD,SAAS,EAAE,aAAa,CAAC,OAAO,CAAC,UAAU;aAC5C;SACF,CAAC;KACH;IAAC,OAAO,CAAC,EAAE;QACV,sEAAsE;QACtE,IAAI,yBAAgB,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE;YACxC,MAAM,CAAC,CAAC;SACT;QACD,0BAA0B;QAC1B,MAAM,YAAY,GAChB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3D,MAAM,IAAI,oBAAW,CAAC,gCAAgC,YAAY,EAAE,CAAC,CAAC;KACvE;AACH,CAAC;AArDD,oCAqDC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,qBAAqB,CACzC,GAAQ,EACR,WAAmB;IAEnB,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,IAAA,2BAAmB,EAAC,GAAG,CAAC,CAAC,CAAC;IAE5D,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,iBAAiB,EAAE;YAC9C,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,WAAW,EAAE;aACvC;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;YAChB,MAAM,mBAAmB,CAAC,QAAQ,EAAE,iBAAiB,CAAC,CAAC;SACxD;QAED,MAAM,WAAW,GAAuB,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAE9D,OAAO,WAAW,CAAC;KACpB;IAAC,OAAO,CAAC,EAAE;QACV,sEAAsE;QACtE,IAAI,yBAAgB,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE;YACxC,MAAM,CAAC,CAAC;SACT;QACD,0BAA0B;QAC1B,MAAM,YAAY,GAChB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3D,MAAM,IAAI,oBAAW,CAAC,kCAAkC,YAAY,EAAE,CAAC,CAAC;KACzE;AACH,CAAC;AA/BD,sDA+BC","sourcesContent":["import type {\n AccessToken,\n ErrorMessage,\n UserProfile,\n UserProfileLineage,\n} from './types';\nimport { AuthType } from './types';\nimport type { Env, Platform } from '../../shared/env';\nimport { getEnvUrls, getOidcClientId } from '../../shared/env';\nimport type { MetaMetricsAuth } from '../../shared/types/services';\nimport {\n NonceRetrievalError,\n PairError,\n SignInError,\n ValidationError,\n RateLimitedError,\n} from '../errors';\n\n/*\n Parse Retry-After header into milliseconds if possible.\n * Supports seconds or HTTP-date formats.\n \n @param retryAfterHeader - The Retry-After header value (seconds or HTTP-date)\n * @returns The retry delay in milliseconds, or null if parsing fails\n /\nfunction parseRetryAfter(retryAfterHeader: string \| null): number \| null {\n if (!retryAfterHeader) {\n return null;\n }\n const seconds = Number(retryAfterHeader);\n if (!Number.isNaN(seconds)) {\n return seconds 1000;\n }\n const date = Date.parse(retryAfterHeader);\n if (!Number.isNaN(date)) {\n const diff = date - Date.now();\n return diff > 0 ? diff : null;\n }\n return null;\n}\n\n/*\n Handle HTTP error responses with rate limiting support.\n \n @param response - The HTTP response object\n * @param errorPrefix - Optional prefix for the error message\n * @throws RateLimitedError for 429 responses\n * @throws Error for other error responses\n /\nasync function handleErrorResponse(\n response: Response,\n errorPrefix?: string,\n): Promise<never> {\n const { status } = response;\n const retryAfterHeader = response.headers.get('Retry-After');\n const retryAfterMs = parseRetryAfter(retryAfterHeader);\n\n const responseBody = (await response.json()) as\n \| ErrorMessage\n \| { error_description: string; error: string };\n\n const message =\n 'message' in responseBody\n ? responseBody.message\n : responseBody.error_description;\n const { error } = responseBody;\n\n if (status === 429) {\n throw new RateLimitedError(\n `HTTP 429: ${message} (error: ${error})`,\n retryAfterMs ?? undefined,\n );\n }\n\n const prefix = errorPrefix ? `${errorPrefix} ` : '';\n throw new Error(`${prefix}HTTP ${status} error: ${message}, error: ${error}`);\n}\n\nexport const NONCE_URL = (env: Env) =>\n `${getEnvUrls(env).authApiUrl}/api/v2/nonce`;\n\nexport const PAIR_IDENTIFIERS = (env: Env) =>\n `${getEnvUrls(env).authApiUrl}/api/v2/identifiers/pair`;\n\nexport const OIDC_TOKEN_URL = (env: Env) =>\n `${getEnvUrls(env).oidcApiUrl}/oauth2/token`;\n\nexport const SRP_LOGIN_URL = (env: Env) =>\n `${getEnvUrls(env).authApiUrl}/api/v2/srp/login`;\n\nexport const SIWE_LOGIN_URL = (env: Env) =>\n `${getEnvUrls(env).authApiUrl}/api/v2/siwe/login`;\n\nexport const PROFILE_LINEAGE_URL = (env: Env) =>\n `${getEnvUrls(env).authApiUrl}/api/v2/profile/lineage`;\n\nconst getAuthenticationUrl = (authType: AuthType, env: Env): string => {\n switch (authType) {\n case AuthType.SRP:\n return SRP_LOGIN_URL(env);\n case AuthType.SiWE:\n return SIWE_LOGIN_URL(env);\n / istanbul ignore next /\n default:\n throw new ValidationError(\n `Invalid AuthType: ${authType as number} - unable to create Auth URL`,\n );\n }\n};\n\ntype NonceResponse = {\n nonce: string;\n identifier: string;\n expiresIn: number;\n};\n\ntype PairRequest = {\n signature: string;\n raw_message: string;\n encrypted_storage_key: string;\n identifier_type: 'SIWE' \| 'SRP';\n};\n\n/\n Pair multiple identifiers under a single profile\n \n @param nonce - session nonce\n * @param logins - pairing request payload\n * @param accessToken - JWT access token used to access protected resources\n * @param env - server environment\n * @returns void.\n /\nexport async function pairIdentifiers(\n nonce: string,\n logins: PairRequest[],\n accessToken: string,\n env: Env,\n): Promise<void> {\n const pairUrl = new URL(PAIR_IDENTIFIERS(env));\n\n try {\n const response = await fetch(pairUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Authorization: `Bearer ${accessToken}`,\n },\n body: JSON.stringify({\n nonce,\n logins,\n }),\n });\n\n if (!response.ok) {\n await handleErrorResponse(response);\n }\n } catch (e) {\n // Re-throw RateLimitedError to preserve 429 status and retry metadata\n if (RateLimitedError.isRateLimitError(e)) {\n throw e;\n }\n / istanbul ignore next /\n const errorMessage =\n e instanceof Error ? e.message : JSON.stringify(e ?? '');\n throw new PairError(`unable to pair identifiers: ${errorMessage}`);\n }\n}\n\n/\n Service to Get Nonce for JWT Bearer Flow\n \n @param id - identifier ID\n * @param env - server environment\n * @returns the nonce.\n /\nexport async function getNonce(id: string, env: Env): Promise<NonceResponse> {\n const nonceUrl = new URL(NONCE_URL(env));\n nonceUrl.searchParams.set('identifier', id);\n\n try {\n const nonceResponse = await fetch(nonceUrl.toString());\n if (!nonceResponse.ok) {\n await handleErrorResponse(nonceResponse);\n }\n\n const nonceJson = await nonceResponse.json();\n return {\n nonce: nonceJson.nonce,\n identifier: nonceJson.identifier,\n expiresIn: nonceJson.expires_in,\n };\n } catch (e) {\n // Re-throw RateLimitedError to preserve 429 status and retry metadata\n if (RateLimitedError.isRateLimitError(e)) {\n throw e;\n }\n / istanbul ignore next /\n const errorMessage =\n e instanceof Error ? e.message : JSON.stringify(e ?? '');\n throw new NonceRetrievalError(`failed to generate nonce: ${errorMessage}`);\n }\n}\n\n/\n Service to Authorize And perform OIDC Flow to get the Access Token\n \n @param jwtToken - The original token received from Authentication. This is traded for the Access Token. (the authentication token is single-use)\n * @param env - server environment\n * @param platform - SDK platform\n * @returns Access Token from Authorization server\n /\nexport async function authorizeOIDC(\n jwtToken: string,\n env: Env,\n platform: Platform,\n): Promise<AccessToken> {\n const grantType = 'urn:ietf:params:oauth:grant-type:jwt-bearer';\n const headers = new Headers({\n 'Content-Type': 'application/x-www-form-urlencoded',\n });\n\n const urlEncodedBody = new URLSearchParams();\n urlEncodedBody.append('grant_type', grantType);\n urlEncodedBody.append('client_id', getOidcClientId(env, platform));\n urlEncodedBody.append('assertion', jwtToken);\n\n try {\n const response = await fetch(OIDC_TOKEN_URL(env), {\n method: 'POST',\n headers,\n body: urlEncodedBody.toString(),\n });\n\n if (!response.ok) {\n await handleErrorResponse(response);\n }\n\n const accessTokenResponse = await response.json();\n return {\n accessToken: accessTokenResponse.access_token,\n expiresIn: accessTokenResponse.expires_in,\n obtainedAt: Date.now(),\n };\n } catch (e) {\n // Re-throw RateLimitedError to preserve 429 status and retry metadata\n if (RateLimitedError.isRateLimitError(e)) {\n throw e;\n }\n / istanbul ignore next /\n const errorMessage =\n e instanceof Error ? e.message : JSON.stringify(e ?? '');\n throw new SignInError(`unable to get access token: ${errorMessage}`);\n }\n}\n\ntype Authentication = {\n token: string;\n expiresIn: number;\n profile: UserProfile;\n};\n/\n Service to Authenticate/Login a user via SIWE or SRP derived key.\n \n @param rawMessage - raw message for validation when authenticating\n * @param signature - signed raw message\n * @param authType - authentication type/flow used\n * @param env - server environment\n * @param metametrics - optional metametrics\n * @returns Authentication Token\n /\nexport async function authenticate(\n rawMessage: string,\n signature: string,\n authType: AuthType,\n env: Env,\n metametrics?: MetaMetricsAuth,\n): Promise<Authentication> {\n const authenticationUrl = getAuthenticationUrl(authType, env);\n\n try {\n const response = await fetch(authenticationUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify({\n signature,\n raw_message: rawMessage,\n ...(metametrics\n ? {\n metametrics: {\n metametrics_id: await metametrics.getMetaMetricsId(),\n agent: metametrics.agent,\n },\n }\n : {}),\n }),\n });\n\n if (!response.ok) {\n await handleErrorResponse(response, `${authType} login`);\n }\n\n const loginResponse = await response.json();\n return {\n token: loginResponse.token,\n expiresIn: loginResponse.expires_in,\n profile: {\n identifierId: loginResponse.profile.identifier_id,\n metaMetricsId: loginResponse.profile.metametrics_id,\n profileId: loginResponse.profile.profile_id,\n },\n };\n } catch (e) {\n // Re-throw RateLimitedError to preserve 429 status and retry metadata\n if (RateLimitedError.isRateLimitError(e)) {\n throw e;\n }\n / istanbul ignore next /\n const errorMessage =\n e instanceof Error ? e.message : JSON.stringify(e ?? '');\n throw new SignInError(`unable to perform SRP login: ${errorMessage}`);\n }\n}\n\n/\n Service to get the Profile Lineage\n \n @param env - server environment\n * @param accessToken - JWT access token used to access protected resources\n * @returns Profile Lineage information.\n /\nexport async function getUserProfileLineage(\n env: Env,\n accessToken: string,\n): Promise<UserProfileLineage> {\n const profileLineageUrl = new URL(PROFILE_LINEAGE_URL(env));\n\n try {\n const response = await fetch(profileLineageUrl, {\n method: 'GET',\n headers: {\n Authorization: `Bearer ${accessToken}`,\n },\n });\n\n if (!response.ok) {\n await handleErrorResponse(response, 'profile lineage');\n }\n\n const profileJson: UserProfileLineage = await response.json();\n\n return profileJson;\n } catch (e) {\n // Re-throw RateLimitedError to preserve 429 status and retry metadata\n if (RateLimitedError.isRateLimitError(e)) {\n throw e;\n }\n / istanbul ignore next */\n const errorMessage =\n e instanceof Error ? e.message : JSON.stringify(e ?? '');\n throw new SignInError(`failed to get profile lineage: ${errorMessage}`);\n }\n}\n"]}

package/dist/sdk/authentication-jwt-bearer/services.d.cts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"services.d.cts","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/services.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,WAAW,EAEX,WAAW,EACX,kBAAkB,EACnB,oBAAgB;AACjB,OAAO,EAAE,QAAQ,EAAE,oBAAgB;AACnC,OAAO,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAE,6BAAyB;AAEtD,OAAO,KAAK,EAAE,eAAe,EAAE,wCAAoC;~~AAQnE~~,eAAO,MAAM,SAAS,QAAS,GAAG,WACY,CAAC;AAE/C,eAAO,MAAM,gBAAgB,QAAS,GAAG,WACgB,CAAC;AAE1D,eAAO,MAAM,cAAc,QAAS,GAAG,WACO,CAAC;AAE/C,eAAO,MAAM,aAAa,QAAS,GAAG,WACY,CAAC;AAEnD,eAAO,MAAM,cAAc,QAAS,GAAG,WACY,CAAC;AAEpD,eAAO,MAAM,mBAAmB,QAAS,GAAG,WACY,CAAC;AAgBzD,KAAK,aAAa,GAAG;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,KAAK,WAAW,GAAG;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,eAAe,EAAE,MAAM,GAAG,KAAK,CAAC;CACjC,CAAC;AAEF;;;;;;;;GAQG;AACH,wBAAsB,eAAe,CACnC,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,WAAW,EAAE,EACrB,WAAW,EAAE,MAAM,EACnB,GAAG,EAAE,GAAG,GACP,OAAO,CAAC,IAAI,CAAC,~~CA4Bf~~;AAED;;;;;;GAMG;AACH,wBAAsB,QAAQ,CAAC,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,aAAa,CAAC,~~CAyB3E~~;AAED;;;;;;;GAOG;AACH,wBAAsB,aAAa,CACjC,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,GAAG,EACR,QAAQ,EAAE,QAAQ,GACjB,OAAO,CAAC,WAAW,CAAC,~~CAwCtB~~;AAED,KAAK,cAAc,GAAG;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,WAAW,CAAC;CACtB,CAAC;AACF;;;;;;;;;GASG;AACH,wBAAsB,YAAY,CAChC,UAAU,EAAE,MAAM,EAClB,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,QAAQ,EAClB,GAAG,EAAE,GAAG,EACR,WAAW,CAAC,EAAE,eAAe,GAC5B,OAAO,CAAC,cAAc,CAAC,~~CA8CzB~~;AAED;;;;;;GAMG;AACH,wBAAsB,qBAAqB,CACzC,GAAG,EAAE,GAAG,EACR,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,kBAAkB,CAAC,~~CA2B7B~~"}
1	+ {"version":3,"file":"services.d.cts","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/services.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,WAAW,EAEX,WAAW,EACX,kBAAkB,EACnB,oBAAgB;AACjB,OAAO,EAAE,QAAQ,EAAE,oBAAgB;AACnC,OAAO,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAE,6BAAyB;AAEtD,OAAO,KAAK,EAAE,eAAe,EAAE,wCAAoC;AAqEnE,eAAO,MAAM,SAAS,QAAS,GAAG,WACY,CAAC;AAE/C,eAAO,MAAM,gBAAgB,QAAS,GAAG,WACgB,CAAC;AAE1D,eAAO,MAAM,cAAc,QAAS,GAAG,WACO,CAAC;AAE/C,eAAO,MAAM,aAAa,QAAS,GAAG,WACY,CAAC;AAEnD,eAAO,MAAM,cAAc,QAAS,GAAG,WACY,CAAC;AAEpD,eAAO,MAAM,mBAAmB,QAAS,GAAG,WACY,CAAC;AAgBzD,KAAK,aAAa,GAAG;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,KAAK,WAAW,GAAG;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,eAAe,EAAE,MAAM,GAAG,KAAK,CAAC;CACjC,CAAC;AAEF;;;;;;;;GAQG;AACH,wBAAsB,eAAe,CACnC,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,WAAW,EAAE,EACrB,WAAW,EAAE,MAAM,EACnB,GAAG,EAAE,GAAG,GACP,OAAO,CAAC,IAAI,CAAC,CA6Bf;AAED;;;;;;GAMG;AACH,wBAAsB,QAAQ,CAAC,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,aAAa,CAAC,CA0B3E;AAED;;;;;;;GAOG;AACH,wBAAsB,aAAa,CACjC,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,GAAG,EACR,QAAQ,EAAE,QAAQ,GACjB,OAAO,CAAC,WAAW,CAAC,CAsCtB;AAED,KAAK,cAAc,GAAG;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,WAAW,CAAC;CACtB,CAAC;AACF;;;;;;;;;GASG;AACH,wBAAsB,YAAY,CAChC,UAAU,EAAE,MAAM,EAClB,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,QAAQ,EAClB,GAAG,EAAE,GAAG,EACR,WAAW,CAAC,EAAE,eAAe,GAC5B,OAAO,CAAC,cAAc,CAAC,CA+CzB;AAED;;;;;;GAMG;AACH,wBAAsB,qBAAqB,CACzC,GAAG,EAAE,GAAG,EACR,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,kBAAkB,CAAC,CA4B7B"}

package/dist/sdk/authentication-jwt-bearer/services.d.mts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"services.d.mts","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/services.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,WAAW,EAEX,WAAW,EACX,kBAAkB,EACnB,oBAAgB;AACjB,OAAO,EAAE,QAAQ,EAAE,oBAAgB;AACnC,OAAO,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAE,6BAAyB;AAEtD,OAAO,KAAK,EAAE,eAAe,EAAE,wCAAoC;~~AAQnE~~,eAAO,MAAM,SAAS,QAAS,GAAG,WACY,CAAC;AAE/C,eAAO,MAAM,gBAAgB,QAAS,GAAG,WACgB,CAAC;AAE1D,eAAO,MAAM,cAAc,QAAS,GAAG,WACO,CAAC;AAE/C,eAAO,MAAM,aAAa,QAAS,GAAG,WACY,CAAC;AAEnD,eAAO,MAAM,cAAc,QAAS,GAAG,WACY,CAAC;AAEpD,eAAO,MAAM,mBAAmB,QAAS,GAAG,WACY,CAAC;AAgBzD,KAAK,aAAa,GAAG;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,KAAK,WAAW,GAAG;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,eAAe,EAAE,MAAM,GAAG,KAAK,CAAC;CACjC,CAAC;AAEF;;;;;;;;GAQG;AACH,wBAAsB,eAAe,CACnC,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,WAAW,EAAE,EACrB,WAAW,EAAE,MAAM,EACnB,GAAG,EAAE,GAAG,GACP,OAAO,CAAC,IAAI,CAAC,~~CA4Bf~~;AAED;;;;;;GAMG;AACH,wBAAsB,QAAQ,CAAC,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,aAAa,CAAC,~~CAyB3E~~;AAED;;;;;;;GAOG;AACH,wBAAsB,aAAa,CACjC,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,GAAG,EACR,QAAQ,EAAE,QAAQ,GACjB,OAAO,CAAC,WAAW,CAAC,~~CAwCtB~~;AAED,KAAK,cAAc,GAAG;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,WAAW,CAAC;CACtB,CAAC;AACF;;;;;;;;;GASG;AACH,wBAAsB,YAAY,CAChC,UAAU,EAAE,MAAM,EAClB,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,QAAQ,EAClB,GAAG,EAAE,GAAG,EACR,WAAW,CAAC,EAAE,eAAe,GAC5B,OAAO,CAAC,cAAc,CAAC,~~CA8CzB~~;AAED;;;;;;GAMG;AACH,wBAAsB,qBAAqB,CACzC,GAAG,EAAE,GAAG,EACR,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,kBAAkB,CAAC,~~CA2B7B~~"}
1	+ {"version":3,"file":"services.d.mts","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/services.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,WAAW,EAEX,WAAW,EACX,kBAAkB,EACnB,oBAAgB;AACjB,OAAO,EAAE,QAAQ,EAAE,oBAAgB;AACnC,OAAO,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAE,6BAAyB;AAEtD,OAAO,KAAK,EAAE,eAAe,EAAE,wCAAoC;AAqEnE,eAAO,MAAM,SAAS,QAAS,GAAG,WACY,CAAC;AAE/C,eAAO,MAAM,gBAAgB,QAAS,GAAG,WACgB,CAAC;AAE1D,eAAO,MAAM,cAAc,QAAS,GAAG,WACO,CAAC;AAE/C,eAAO,MAAM,aAAa,QAAS,GAAG,WACY,CAAC;AAEnD,eAAO,MAAM,cAAc,QAAS,GAAG,WACY,CAAC;AAEpD,eAAO,MAAM,mBAAmB,QAAS,GAAG,WACY,CAAC;AAgBzD,KAAK,aAAa,GAAG;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,KAAK,WAAW,GAAG;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,eAAe,EAAE,MAAM,GAAG,KAAK,CAAC;CACjC,CAAC;AAEF;;;;;;;;GAQG;AACH,wBAAsB,eAAe,CACnC,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,WAAW,EAAE,EACrB,WAAW,EAAE,MAAM,EACnB,GAAG,EAAE,GAAG,GACP,OAAO,CAAC,IAAI,CAAC,CA6Bf;AAED;;;;;;GAMG;AACH,wBAAsB,QAAQ,CAAC,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,aAAa,CAAC,CA0B3E;AAED;;;;;;;GAOG;AACH,wBAAsB,aAAa,CACjC,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,GAAG,EACR,QAAQ,EAAE,QAAQ,GACjB,OAAO,CAAC,WAAW,CAAC,CAsCtB;AAED,KAAK,cAAc,GAAG;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,WAAW,CAAC;CACtB,CAAC;AACF;;;;;;;;;GASG;AACH,wBAAsB,YAAY,CAChC,UAAU,EAAE,MAAM,EAClB,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,QAAQ,EAClB,GAAG,EAAE,GAAG,EACR,WAAW,CAAC,EAAE,eAAe,GAC5B,OAAO,CAAC,cAAc,CAAC,CA+CzB;AAED;;;;;;GAMG;AACH,wBAAsB,qBAAqB,CACzC,GAAG,EAAE,GAAG,EACR,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,kBAAkB,CAAC,CA4B7B"}

package/dist/sdk/authentication-jwt-bearer/services.mjs CHANGED Viewed

@@ -1,6 +1,51 @@
 import { AuthType } from "./types.mjs";
 import { getEnvUrls, getOidcClientId } from "../../shared/env.mjs";
-import { NonceRetrievalError, PairError, SignInError, ValidationError } from "../errors.mjs";
+import { NonceRetrievalError, PairError, SignInError, ValidationError, RateLimitedError } from "../errors.mjs";
+/**
+ * Parse Retry-After header into milliseconds if possible.
+ * Supports seconds or HTTP-date formats.
+ *
+ * @param retryAfterHeader - The Retry-After header value (seconds or HTTP-date)
+ * @returns The retry delay in milliseconds, or null if parsing fails
+ */
+function parseRetryAfter(retryAfterHeader) {
+    if (!retryAfterHeader) {
+        return null;
+    }
+    const seconds = Number(retryAfterHeader);
+    if (!Number.isNaN(seconds)) {
+        return seconds * 1000;
+    }
+    const date = Date.parse(retryAfterHeader);
+    if (!Number.isNaN(date)) {
+        const diff = date - Date.now();
+        return diff > 0 ? diff : null;
+    }
+    return null;
+}
+/**
+ * Handle HTTP error responses with rate limiting support.
+ *
+ * @param response - The HTTP response object
+ * @param errorPrefix - Optional prefix for the error message
+ * @throws RateLimitedError for 429 responses
+ * @throws Error for other error responses
+ */
+async function handleErrorResponse(response, errorPrefix) {
+    const { status } = response;
+    const retryAfterHeader = response.headers.get('Retry-After');
+    const retryAfterMs = parseRetryAfter(retryAfterHeader);
+    const responseBody = (await response.json());
+    const message = 'message' in responseBody
+        ? responseBody.message
+        : responseBody.error_description;
+    const { error } = responseBody;
+    if (status === 429) {
+        throw new RateLimitedError(`HTTP 429: ${message} (error: ${error})`, retryAfterMs ?? undefined);
+    }
+    const prefix = errorPrefix ? `${errorPrefix} ` : '';
+    throw new Error(`${prefix}HTTP ${status} error: ${message}, error: ${error}`);
+}
 export const NONCE_URL = (env) => `${getEnvUrls(env).authApiUrl}/api/v2/nonce`;
 export const PAIR_IDENTIFIERS = (env) => `${getEnvUrls(env).authApiUrl}/api/v2/identifiers/pair`;
 export const OIDC_TOKEN_URL = (env) => `${getEnvUrls(env).oidcApiUrl}/oauth2/token`;
@@ -42,11 +87,14 @@ export async function pairIdentifiers(nonce, logins, accessToken, env) {
             }),
         });
         if (!response.ok) {
-            const responseBody = (await response.json());
-            throw new Error(`HTTP error message: ${responseBody.message}, error: ${responseBody.error}`);
+            await handleErrorResponse(response);
         }
     }
     catch (e) {
+        // Re-throw RateLimitedError to preserve 429 status and retry metadata
+        if (RateLimitedError.isRateLimitError(e)) {
+            throw e;
+        }
         /* istanbul ignore next */
         const errorMessage = e instanceof Error ? e.message : JSON.stringify(e ?? '');
         throw new PairError(`unable to pair identifiers: ${errorMessage}`);
@@ -65,8 +113,7 @@ export async function getNonce(id, env) {
     try {
         const nonceResponse = await fetch(nonceUrl.toString());
         if (!nonceResponse.ok) {
-            const responseBody = (await nonceResponse.json());
-            throw new Error(`HTTP error message: ${responseBody.message}, error: ${responseBody.error}`);
+            await handleErrorResponse(nonceResponse);
         }
         const nonceJson = await nonceResponse.json();
         return {
@@ -76,6 +123,10 @@ export async function getNonce(id, env) {
         };
     }
     catch (e) {
+        // Re-throw RateLimitedError to preserve 429 status and retry metadata
+        if (RateLimitedError.isRateLimitError(e)) {
+            throw e;
+        }
         /* istanbul ignore next */
         const errorMessage = e instanceof Error ? e.message : JSON.stringify(e ?? '');
         throw new NonceRetrievalError(`failed to generate nonce: ${errorMessage}`);
@@ -105,8 +156,7 @@ export async function authorizeOIDC(jwtToken, env, platform) {
             body: urlEncodedBody.toString(),
         });
         if (!response.ok) {
-            const responseBody = (await response.json());
-            throw new Error(`HTTP error: ${responseBody.error_description}, error code: ${responseBody.error}`);
+            await handleErrorResponse(response);
         }
         const accessTokenResponse = await response.json();
         return {
@@ -116,6 +166,10 @@ export async function authorizeOIDC(jwtToken, env, platform) {
         };
     }
     catch (e) {
+        // Re-throw RateLimitedError to preserve 429 status and retry metadata
+        if (RateLimitedError.isRateLimitError(e)) {
+            throw e;
+        }
         /* istanbul ignore next */
         const errorMessage = e instanceof Error ? e.message : JSON.stringify(e ?? '');
         throw new SignInError(`unable to get access token: ${errorMessage}`);
@@ -153,8 +207,7 @@ export async function authenticate(rawMessage, signature, authType, env, metamet
             }),
         });
         if (!response.ok) {
-            const responseBody = (await response.json());
-            throw new Error(`${authType} login HTTP error: ${responseBody.message}, error code: ${responseBody.error}`);
+            await handleErrorResponse(response, `${authType} login`);
         }
         const loginResponse = await response.json();
         return {
@@ -168,6 +221,10 @@ export async function authenticate(rawMessage, signature, authType, env, metamet
         };
     }
     catch (e) {
+        // Re-throw RateLimitedError to preserve 429 status and retry metadata
+        if (RateLimitedError.isRateLimitError(e)) {
+            throw e;
+        }
         /* istanbul ignore next */
         const errorMessage = e instanceof Error ? e.message : JSON.stringify(e ?? '');
         throw new SignInError(`unable to perform SRP login: ${errorMessage}`);
@@ -190,13 +247,16 @@ export async function getUserProfileLineage(env, accessToken) {
             },
         });
         if (!response.ok) {
-            const responseBody = (await response.json());
-            throw new Error(`HTTP error message: ${responseBody.message}, error: ${responseBody.error}`);
+            await handleErrorResponse(response, 'profile lineage');
         }
         const profileJson = await response.json();
         return profileJson;
     }
     catch (e) {
+        // Re-throw RateLimitedError to preserve 429 status and retry metadata
+        if (RateLimitedError.isRateLimitError(e)) {
+            throw e;
+        }
         /* istanbul ignore next */
         const errorMessage = e instanceof Error ? e.message : JSON.stringify(e ?? '');
         throw new SignInError(`failed to get profile lineage: ${errorMessage}`);

package/dist/sdk/authentication-jwt-bearer/services.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"services.mjs","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/services.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,QAAQ,EAAE,oBAAgB;AAEnC,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,6BAAyB;AAE/D,OAAO,EACL,mBAAmB,EACnB,SAAS,EACT,WAAW,EACX,eAAe,EAChB,sBAAkB;AAEnB,MAAM,CAAC,MAAM,SAAS,GAAG,CAAC,GAAQ,EAAE,EAAE,CACpC,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,UAAU,eAAe,CAAC;AAE/C,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,GAAQ,EAAE,EAAE,CAC3C,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,UAAU,0BAA0B,CAAC;AAE1D,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,GAAQ,EAAE,EAAE,CACzC,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,UAAU,eAAe,CAAC;AAE/C,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,GAAQ,EAAE,EAAE,CACxC,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,UAAU,mBAAmB,CAAC;AAEnD,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,GAAQ,EAAE,EAAE,CACzC,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,UAAU,oBAAoB,CAAC;AAEpD,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,GAAQ,EAAE,EAAE,CAC9C,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,UAAU,yBAAyB,CAAC;AAEzD,MAAM,oBAAoB,GAAG,CAAC,QAAkB,EAAE,GAAQ,EAAU,EAAE;IACpE,QAAQ,QAAQ,EAAE;QAChB,KAAK,QAAQ,CAAC,GAAG;YACf,OAAO,aAAa,CAAC,GAAG,CAAC,CAAC;QAC5B,KAAK,QAAQ,CAAC,IAAI;YAChB,OAAO,cAAc,CAAC,GAAG,CAAC,CAAC;QAC7B,0BAA0B;QAC1B;YACE,MAAM,IAAI,eAAe,CACvB,qBAAqB,QAAkB,8BAA8B,CACtE,CAAC;KACL;AACH,CAAC,CAAC;AAeF;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,KAAa,EACb,MAAqB,EACrB,WAAmB,EACnB,GAAQ;IAER,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC;IAE/C,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,EAAE;YACpC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,aAAa,EAAE,UAAU,WAAW,EAAE;aACvC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,KAAK;gBACL,MAAM;aACP,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;YAChB,MAAM,YAAY,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAiB,CAAC;YAC7D,MAAM,IAAI,KAAK,CACb,uBAAuB,YAAY,CAAC,OAAO,YAAY,YAAY,CAAC,KAAK,EAAE,CAC5E,CAAC;SACH;KACF;IAAC,OAAO,CAAC,EAAE;QACV,0BAA0B;QAC1B,MAAM,YAAY,GAChB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3D,MAAM,IAAI,SAAS,CAAC,+BAA+B,YAAY,EAAE,CAAC,CAAC;KACpE;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,EAAU,EAAE,GAAQ;IACjD,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;IACzC,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;IAE5C,IAAI;QACF,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC;QACvD,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE;YACrB,MAAM,YAAY,GAAG,CAAC,MAAM,aAAa,CAAC,IAAI,EAAE,CAAiB,CAAC;YAClE,MAAM,IAAI,KAAK,CACb,uBAAuB,YAAY,CAAC,OAAO,YAAY,YAAY,CAAC,KAAK,EAAE,CAC5E,CAAC;SACH;QAED,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAC;QAC7C,OAAO;YACL,KAAK,EAAE,SAAS,CAAC,KAAK;YACtB,UAAU,EAAE,SAAS,CAAC,UAAU;YAChC,SAAS,EAAE,SAAS,CAAC,UAAU;SAChC,CAAC;KACH;IAAC,OAAO,CAAC,EAAE;QACV,0BAA0B;QAC1B,MAAM,YAAY,GAChB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3D,MAAM,IAAI,mBAAmB,CAAC,6BAA6B,YAAY,EAAE,CAAC,CAAC;KAC5E;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,QAAgB,EAChB,GAAQ,EACR,QAAkB;IAElB,MAAM,SAAS,GAAG,6CAA6C,CAAC;IAChE,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC;QAC1B,cAAc,EAAE,mCAAmC;KACpD,CAAC,CAAC;IAEH,MAAM,cAAc,GAAG,IAAI,eAAe,EAAE,CAAC;IAC7C,cAAc,CAAC,MAAM,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;IAC/C,cAAc,CAAC,MAAM,CAAC,WAAW,EAAE,eAAe,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC;IACnE,cAAc,CAAC,MAAM,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAE7C,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,cAAc,CAAC,GAAG,CAAC,EAAE;YAChD,MAAM,EAAE,MAAM;YACd,OAAO;YACP,IAAI,EAAE,cAAc,CAAC,QAAQ,EAAE;SAChC,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;YAChB,MAAM,YAAY,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAG1C,CAAC;YACF,MAAM,IAAI,KAAK,CACb,eAAe,YAAY,CAAC,iBAAiB,iBAAiB,YAAY,CAAC,KAAK,EAAE,CACnF,CAAC;SACH;QAED,MAAM,mBAAmB,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAClD,OAAO;YACL,WAAW,EAAE,mBAAmB,CAAC,YAAY;YAC7C,SAAS,EAAE,mBAAmB,CAAC,UAAU;YACzC,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;SACvB,CAAC;KACH;IAAC,OAAO,CAAC,EAAE;QACV,0BAA0B;QAC1B,MAAM,YAAY,GAChB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3D,MAAM,IAAI,WAAW,CAAC,+BAA+B,YAAY,EAAE,CAAC,CAAC;KACtE;AACH,CAAC;AAOD;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,UAAkB,EAClB,SAAiB,EACjB,QAAkB,EAClB,GAAQ,EACR,WAA6B;IAE7B,MAAM,iBAAiB,GAAG,oBAAoB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IAE9D,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,iBAAiB,EAAE;YAC9C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,SAAS;gBACT,WAAW,EAAE,UAAU;gBACvB,GAAG,CAAC,WAAW;oBACb,CAAC,CAAC;wBACE,WAAW,EAAE;4BACX,cAAc,EAAE,MAAM,WAAW,CAAC,gBAAgB,EAAE;4BACpD,KAAK,EAAE,WAAW,CAAC,KAAK;yBACzB;qBACF;oBACH,CAAC,CAAC,EAAE,CAAC;aACR,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;YAChB,MAAM,YAAY,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAiB,CAAC;YAC7D,MAAM,IAAI,KAAK,CACb,GAAG,QAAQ,sBAAsB,YAAY,CAAC,OAAO,iBAAiB,YAAY,CAAC,KAAK,EAAE,CAC3F,CAAC;SACH;QAED,MAAM,aAAa,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC5C,OAAO;YACL,KAAK,EAAE,aAAa,CAAC,KAAK;YAC1B,SAAS,EAAE,aAAa,CAAC,UAAU;YACnC,OAAO,EAAE;gBACP,YAAY,EAAE,aAAa,CAAC,OAAO,CAAC,aAAa;gBACjD,aAAa,EAAE,aAAa,CAAC,OAAO,CAAC,cAAc;gBACnD,SAAS,EAAE,aAAa,CAAC,OAAO,CAAC,UAAU;aAC5C;SACF,CAAC;KACH;IAAC,OAAO,CAAC,EAAE;QACV,0BAA0B;QAC1B,MAAM,YAAY,GAChB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3D,MAAM,IAAI,WAAW,CAAC,gCAAgC,YAAY,EAAE,CAAC,CAAC;KACvE;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,GAAQ,EACR,WAAmB;IAEnB,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC;IAE5D,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,iBAAiB,EAAE;YAC9C,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,WAAW,EAAE;aACvC;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;YAChB,MAAM,YAAY,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAiB,CAAC;YAC7D,MAAM,IAAI,KAAK,CACb,uBAAuB,YAAY,CAAC,OAAO,YAAY,YAAY,CAAC,KAAK,EAAE,CAC5E,CAAC;SACH;QAED,MAAM,WAAW,GAAuB,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAE9D,OAAO,WAAW,CAAC;KACpB;IAAC,OAAO,CAAC,EAAE;QACV,0BAA0B;QAC1B,MAAM,YAAY,GAChB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3D,MAAM,IAAI,WAAW,CAAC,kCAAkC,YAAY,EAAE,CAAC,CAAC;KACzE;AACH,CAAC","sourcesContent":["import type {\n AccessToken,\n ErrorMessage,\n UserProfile,\n UserProfileLineage,\n} from './types';\nimport { AuthType } from './types';\nimport type { Env, Platform } from '../../shared/env';\nimport { getEnvUrls, getOidcClientId } from '../../shared/env';\nimport type { MetaMetricsAuth } from '../../shared/types/services';\nimport {\n NonceRetrievalError,\n PairError,\n SignInError,\n ValidationError,\n} from '../errors';\n\nexport const NONCE_URL = (env: Env) =>\n `${getEnvUrls(env).authApiUrl}/api/v2/nonce`;\n\nexport const PAIR_IDENTIFIERS = (env: Env) =>\n `${getEnvUrls(env).authApiUrl}/api/v2/identifiers/pair`;\n\nexport const OIDC_TOKEN_URL = (env: Env) =>\n `${getEnvUrls(env).oidcApiUrl}/oauth2/token`;\n\nexport const SRP_LOGIN_URL = (env: Env) =>\n `${getEnvUrls(env).authApiUrl}/api/v2/srp/login`;\n\nexport const SIWE_LOGIN_URL = (env: Env) =>\n `${getEnvUrls(env).authApiUrl}/api/v2/siwe/login`;\n\nexport const PROFILE_LINEAGE_URL = (env: Env) =>\n `${getEnvUrls(env).authApiUrl}/api/v2/profile/lineage`;\n\nconst getAuthenticationUrl = (authType: AuthType, env: Env): string => {\n switch (authType) {\n case AuthType.SRP:\n return SRP_LOGIN_URL(env);\n case AuthType.SiWE:\n return SIWE_LOGIN_URL(env);\n /* istanbul ignore next /\n default:\n throw new ValidationError(\n `Invalid AuthType: ${authType as number} - unable to create Auth URL`,\n );\n }\n};\n\ntype NonceResponse = {\n nonce: string;\n identifier: string;\n expiresIn: number;\n};\n\ntype PairRequest = {\n signature: string;\n raw_message: string;\n encrypted_storage_key: string;\n identifier_type: 'SIWE' \| 'SRP';\n};\n\n/\n Pair multiple identifiers under a single profile\n \n @param nonce - session nonce\n * @param logins - pairing request payload\n * @param accessToken - JWT access token used to access protected resources\n * @param env - server environment\n * @returns void.\n /\nexport async function pairIdentifiers(\n nonce: string,\n logins: PairRequest[],\n accessToken: string,\n env: Env,\n): Promise<void> {\n const pairUrl = new URL(PAIR_IDENTIFIERS(env));\n\n try {\n const response = await fetch(pairUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Authorization: `Bearer ${accessToken}`,\n },\n body: JSON.stringify({\n nonce,\n logins,\n }),\n });\n\n if (!response.ok) {\n const responseBody = (await response.json()) as ErrorMessage;\n throw new Error(\n `HTTP error message: ${responseBody.message}, error: ${responseBody.error}`,\n );\n }\n } catch (e) {\n / istanbul ignore next /\n const errorMessage =\n e instanceof Error ? e.message : JSON.stringify(e ?? '');\n throw new PairError(`unable to pair identifiers: ${errorMessage}`);\n }\n}\n\n/\n Service to Get Nonce for JWT Bearer Flow\n \n @param id - identifier ID\n * @param env - server environment\n * @returns the nonce.\n /\nexport async function getNonce(id: string, env: Env): Promise<NonceResponse> {\n const nonceUrl = new URL(NONCE_URL(env));\n nonceUrl.searchParams.set('identifier', id);\n\n try {\n const nonceResponse = await fetch(nonceUrl.toString());\n if (!nonceResponse.ok) {\n const responseBody = (await nonceResponse.json()) as ErrorMessage;\n throw new Error(\n `HTTP error message: ${responseBody.message}, error: ${responseBody.error}`,\n );\n }\n\n const nonceJson = await nonceResponse.json();\n return {\n nonce: nonceJson.nonce,\n identifier: nonceJson.identifier,\n expiresIn: nonceJson.expires_in,\n };\n } catch (e) {\n / istanbul ignore next /\n const errorMessage =\n e instanceof Error ? e.message : JSON.stringify(e ?? '');\n throw new NonceRetrievalError(`failed to generate nonce: ${errorMessage}`);\n }\n}\n\n/\n Service to Authorize And perform OIDC Flow to get the Access Token\n \n @param jwtToken - The original token received from Authentication. This is traded for the Access Token. (the authentication token is single-use)\n * @param env - server environment\n * @param platform - SDK platform\n * @returns Access Token from Authorization server\n /\nexport async function authorizeOIDC(\n jwtToken: string,\n env: Env,\n platform: Platform,\n): Promise<AccessToken> {\n const grantType = 'urn:ietf:params:oauth:grant-type:jwt-bearer';\n const headers = new Headers({\n 'Content-Type': 'application/x-www-form-urlencoded',\n });\n\n const urlEncodedBody = new URLSearchParams();\n urlEncodedBody.append('grant_type', grantType);\n urlEncodedBody.append('client_id', getOidcClientId(env, platform));\n urlEncodedBody.append('assertion', jwtToken);\n\n try {\n const response = await fetch(OIDC_TOKEN_URL(env), {\n method: 'POST',\n headers,\n body: urlEncodedBody.toString(),\n });\n\n if (!response.ok) {\n const responseBody = (await response.json()) as {\n error_description: string;\n error: string;\n };\n throw new Error(\n `HTTP error: ${responseBody.error_description}, error code: ${responseBody.error}`,\n );\n }\n\n const accessTokenResponse = await response.json();\n return {\n accessToken: accessTokenResponse.access_token,\n expiresIn: accessTokenResponse.expires_in,\n obtainedAt: Date.now(),\n };\n } catch (e) {\n / istanbul ignore next /\n const errorMessage =\n e instanceof Error ? e.message : JSON.stringify(e ?? '');\n throw new SignInError(`unable to get access token: ${errorMessage}`);\n }\n}\n\ntype Authentication = {\n token: string;\n expiresIn: number;\n profile: UserProfile;\n};\n/\n Service to Authenticate/Login a user via SIWE or SRP derived key.\n \n @param rawMessage - raw message for validation when authenticating\n * @param signature - signed raw message\n * @param authType - authentication type/flow used\n * @param env - server environment\n * @param metametrics - optional metametrics\n * @returns Authentication Token\n /\nexport async function authenticate(\n rawMessage: string,\n signature: string,\n authType: AuthType,\n env: Env,\n metametrics?: MetaMetricsAuth,\n): Promise<Authentication> {\n const authenticationUrl = getAuthenticationUrl(authType, env);\n\n try {\n const response = await fetch(authenticationUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify({\n signature,\n raw_message: rawMessage,\n ...(metametrics\n ? {\n metametrics: {\n metametrics_id: await metametrics.getMetaMetricsId(),\n agent: metametrics.agent,\n },\n }\n : {}),\n }),\n });\n\n if (!response.ok) {\n const responseBody = (await response.json()) as ErrorMessage;\n throw new Error(\n `${authType} login HTTP error: ${responseBody.message}, error code: ${responseBody.error}`,\n );\n }\n\n const loginResponse = await response.json();\n return {\n token: loginResponse.token,\n expiresIn: loginResponse.expires_in,\n profile: {\n identifierId: loginResponse.profile.identifier_id,\n metaMetricsId: loginResponse.profile.metametrics_id,\n profileId: loginResponse.profile.profile_id,\n },\n };\n } catch (e) {\n / istanbul ignore next /\n const errorMessage =\n e instanceof Error ? e.message : JSON.stringify(e ?? '');\n throw new SignInError(`unable to perform SRP login: ${errorMessage}`);\n }\n}\n\n/\n Service to get the Profile Lineage\n \n @param env - server environment\n * @param accessToken - JWT access token used to access protected resources\n * @returns Profile Lineage information.\n /\nexport async function getUserProfileLineage(\n env: Env,\n accessToken: string,\n): Promise<UserProfileLineage> {\n const profileLineageUrl = new URL(PROFILE_LINEAGE_URL(env));\n\n try {\n const response = await fetch(profileLineageUrl, {\n method: 'GET',\n headers: {\n Authorization: `Bearer ${accessToken}`,\n },\n });\n\n if (!response.ok) {\n const responseBody = (await response.json()) as ErrorMessage;\n throw new Error(\n `HTTP error message: ${responseBody.message}, error: ${responseBody.error}`,\n );\n }\n\n const profileJson: UserProfileLineage = await response.json();\n\n return profileJson;\n } catch (e) {\n / istanbul ignore next */\n const errorMessage =\n e instanceof Error ? e.message : JSON.stringify(e ?? '');\n throw new SignInError(`failed to get profile lineage: ${errorMessage}`);\n }\n}\n"]}
1	+ {"version":3,"file":"services.mjs","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/services.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,QAAQ,EAAE,oBAAgB;AAEnC,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,6BAAyB;AAE/D,OAAO,EACL,mBAAmB,EACnB,SAAS,EACT,WAAW,EACX,eAAe,EACf,gBAAgB,EACjB,sBAAkB;AAEnB;;;;;;GAMG;AACH,SAAS,eAAe,CAAC,gBAA+B;IACtD,IAAI,CAAC,gBAAgB,EAAE;QACrB,OAAO,IAAI,CAAC;KACb;IACD,MAAM,OAAO,GAAG,MAAM,CAAC,gBAAgB,CAAC,CAAC;IACzC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE;QAC1B,OAAO,OAAO,GAAG,IAAI,CAAC;KACvB;IACD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAC1C,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE;QACvB,MAAM,IAAI,GAAG,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC/B,OAAO,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;KAC/B;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;GAOG;AACH,KAAK,UAAU,mBAAmB,CAChC,QAAkB,EAClB,WAAoB;IAEpB,MAAM,EAAE,MAAM,EAAE,GAAG,QAAQ,CAAC;IAC5B,MAAM,gBAAgB,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IAC7D,MAAM,YAAY,GAAG,eAAe,CAAC,gBAAgB,CAAC,CAAC;IAEvD,MAAM,YAAY,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAEK,CAAC;IAEjD,MAAM,OAAO,GACX,SAAS,IAAI,YAAY;QACvB,CAAC,CAAC,YAAY,CAAC,OAAO;QACtB,CAAC,CAAC,YAAY,CAAC,iBAAiB,CAAC;IACrC,MAAM,EAAE,KAAK,EAAE,GAAG,YAAY,CAAC;IAE/B,IAAI,MAAM,KAAK,GAAG,EAAE;QAClB,MAAM,IAAI,gBAAgB,CACxB,aAAa,OAAO,YAAY,KAAK,GAAG,EACxC,YAAY,IAAI,SAAS,CAC1B,CAAC;KACH;IAED,MAAM,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,GAAG,WAAW,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IACpD,MAAM,IAAI,KAAK,CAAC,GAAG,MAAM,QAAQ,MAAM,WAAW,OAAO,YAAY,KAAK,EAAE,CAAC,CAAC;AAChF,CAAC;AAED,MAAM,CAAC,MAAM,SAAS,GAAG,CAAC,GAAQ,EAAE,EAAE,CACpC,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,UAAU,eAAe,CAAC;AAE/C,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,GAAQ,EAAE,EAAE,CAC3C,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,UAAU,0BAA0B,CAAC;AAE1D,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,GAAQ,EAAE,EAAE,CACzC,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,UAAU,eAAe,CAAC;AAE/C,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,GAAQ,EAAE,EAAE,CACxC,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,UAAU,mBAAmB,CAAC;AAEnD,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,GAAQ,EAAE,EAAE,CACzC,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,UAAU,oBAAoB,CAAC;AAEpD,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,GAAQ,EAAE,EAAE,CAC9C,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,UAAU,yBAAyB,CAAC;AAEzD,MAAM,oBAAoB,GAAG,CAAC,QAAkB,EAAE,GAAQ,EAAU,EAAE;IACpE,QAAQ,QAAQ,EAAE;QAChB,KAAK,QAAQ,CAAC,GAAG;YACf,OAAO,aAAa,CAAC,GAAG,CAAC,CAAC;QAC5B,KAAK,QAAQ,CAAC,IAAI;YAChB,OAAO,cAAc,CAAC,GAAG,CAAC,CAAC;QAC7B,0BAA0B;QAC1B;YACE,MAAM,IAAI,eAAe,CACvB,qBAAqB,QAAkB,8BAA8B,CACtE,CAAC;KACL;AACH,CAAC,CAAC;AAeF;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,KAAa,EACb,MAAqB,EACrB,WAAmB,EACnB,GAAQ;IAER,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC;IAE/C,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,EAAE;YACpC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,aAAa,EAAE,UAAU,WAAW,EAAE;aACvC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,KAAK;gBACL,MAAM;aACP,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;YAChB,MAAM,mBAAmB,CAAC,QAAQ,CAAC,CAAC;SACrC;KACF;IAAC,OAAO,CAAC,EAAE;QACV,sEAAsE;QACtE,IAAI,gBAAgB,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE;YACxC,MAAM,CAAC,CAAC;SACT;QACD,0BAA0B;QAC1B,MAAM,YAAY,GAChB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3D,MAAM,IAAI,SAAS,CAAC,+BAA+B,YAAY,EAAE,CAAC,CAAC;KACpE;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,EAAU,EAAE,GAAQ;IACjD,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;IACzC,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;IAE5C,IAAI;QACF,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC;QACvD,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE;YACrB,MAAM,mBAAmB,CAAC,aAAa,CAAC,CAAC;SAC1C;QAED,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAC;QAC7C,OAAO;YACL,KAAK,EAAE,SAAS,CAAC,KAAK;YACtB,UAAU,EAAE,SAAS,CAAC,UAAU;YAChC,SAAS,EAAE,SAAS,CAAC,UAAU;SAChC,CAAC;KACH;IAAC,OAAO,CAAC,EAAE;QACV,sEAAsE;QACtE,IAAI,gBAAgB,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE;YACxC,MAAM,CAAC,CAAC;SACT;QACD,0BAA0B;QAC1B,MAAM,YAAY,GAChB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3D,MAAM,IAAI,mBAAmB,CAAC,6BAA6B,YAAY,EAAE,CAAC,CAAC;KAC5E;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,QAAgB,EAChB,GAAQ,EACR,QAAkB;IAElB,MAAM,SAAS,GAAG,6CAA6C,CAAC;IAChE,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC;QAC1B,cAAc,EAAE,mCAAmC;KACpD,CAAC,CAAC;IAEH,MAAM,cAAc,GAAG,IAAI,eAAe,EAAE,CAAC;IAC7C,cAAc,CAAC,MAAM,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;IAC/C,cAAc,CAAC,MAAM,CAAC,WAAW,EAAE,eAAe,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC;IACnE,cAAc,CAAC,MAAM,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAE7C,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,cAAc,CAAC,GAAG,CAAC,EAAE;YAChD,MAAM,EAAE,MAAM;YACd,OAAO;YACP,IAAI,EAAE,cAAc,CAAC,QAAQ,EAAE;SAChC,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;YAChB,MAAM,mBAAmB,CAAC,QAAQ,CAAC,CAAC;SACrC;QAED,MAAM,mBAAmB,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAClD,OAAO;YACL,WAAW,EAAE,mBAAmB,CAAC,YAAY;YAC7C,SAAS,EAAE,mBAAmB,CAAC,UAAU;YACzC,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;SACvB,CAAC;KACH;IAAC,OAAO,CAAC,EAAE;QACV,sEAAsE;QACtE,IAAI,gBAAgB,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE;YACxC,MAAM,CAAC,CAAC;SACT;QACD,0BAA0B;QAC1B,MAAM,YAAY,GAChB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3D,MAAM,IAAI,WAAW,CAAC,+BAA+B,YAAY,EAAE,CAAC,CAAC;KACtE;AACH,CAAC;AAOD;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,UAAkB,EAClB,SAAiB,EACjB,QAAkB,EAClB,GAAQ,EACR,WAA6B;IAE7B,MAAM,iBAAiB,GAAG,oBAAoB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IAE9D,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,iBAAiB,EAAE;YAC9C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,SAAS;gBACT,WAAW,EAAE,UAAU;gBACvB,GAAG,CAAC,WAAW;oBACb,CAAC,CAAC;wBACE,WAAW,EAAE;4BACX,cAAc,EAAE,MAAM,WAAW,CAAC,gBAAgB,EAAE;4BACpD,KAAK,EAAE,WAAW,CAAC,KAAK;yBACzB;qBACF;oBACH,CAAC,CAAC,EAAE,CAAC;aACR,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;YAChB,MAAM,mBAAmB,CAAC,QAAQ,EAAE,GAAG,QAAQ,QAAQ,CAAC,CAAC;SAC1D;QAED,MAAM,aAAa,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC5C,OAAO;YACL,KAAK,EAAE,aAAa,CAAC,KAAK;YAC1B,SAAS,EAAE,aAAa,CAAC,UAAU;YACnC,OAAO,EAAE;gBACP,YAAY,EAAE,aAAa,CAAC,OAAO,CAAC,aAAa;gBACjD,aAAa,EAAE,aAAa,CAAC,OAAO,CAAC,cAAc;gBACnD,SAAS,EAAE,aAAa,CAAC,OAAO,CAAC,UAAU;aAC5C;SACF,CAAC;KACH;IAAC,OAAO,CAAC,EAAE;QACV,sEAAsE;QACtE,IAAI,gBAAgB,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE;YACxC,MAAM,CAAC,CAAC;SACT;QACD,0BAA0B;QAC1B,MAAM,YAAY,GAChB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3D,MAAM,IAAI,WAAW,CAAC,gCAAgC,YAAY,EAAE,CAAC,CAAC;KACvE;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,GAAQ,EACR,WAAmB;IAEnB,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC;IAE5D,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,iBAAiB,EAAE;YAC9C,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,WAAW,EAAE;aACvC;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;YAChB,MAAM,mBAAmB,CAAC,QAAQ,EAAE,iBAAiB,CAAC,CAAC;SACxD;QAED,MAAM,WAAW,GAAuB,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAE9D,OAAO,WAAW,CAAC;KACpB;IAAC,OAAO,CAAC,EAAE;QACV,sEAAsE;QACtE,IAAI,gBAAgB,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE;YACxC,MAAM,CAAC,CAAC;SACT;QACD,0BAA0B;QAC1B,MAAM,YAAY,GAChB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3D,MAAM,IAAI,WAAW,CAAC,kCAAkC,YAAY,EAAE,CAAC,CAAC;KACzE;AACH,CAAC","sourcesContent":["import type {\n AccessToken,\n ErrorMessage,\n UserProfile,\n UserProfileLineage,\n} from './types';\nimport { AuthType } from './types';\nimport type { Env, Platform } from '../../shared/env';\nimport { getEnvUrls, getOidcClientId } from '../../shared/env';\nimport type { MetaMetricsAuth } from '../../shared/types/services';\nimport {\n NonceRetrievalError,\n PairError,\n SignInError,\n ValidationError,\n RateLimitedError,\n} from '../errors';\n\n/*\n Parse Retry-After header into milliseconds if possible.\n * Supports seconds or HTTP-date formats.\n \n @param retryAfterHeader - The Retry-After header value (seconds or HTTP-date)\n * @returns The retry delay in milliseconds, or null if parsing fails\n /\nfunction parseRetryAfter(retryAfterHeader: string \| null): number \| null {\n if (!retryAfterHeader) {\n return null;\n }\n const seconds = Number(retryAfterHeader);\n if (!Number.isNaN(seconds)) {\n return seconds 1000;\n }\n const date = Date.parse(retryAfterHeader);\n if (!Number.isNaN(date)) {\n const diff = date - Date.now();\n return diff > 0 ? diff : null;\n }\n return null;\n}\n\n/*\n Handle HTTP error responses with rate limiting support.\n \n @param response - The HTTP response object\n * @param errorPrefix - Optional prefix for the error message\n * @throws RateLimitedError for 429 responses\n * @throws Error for other error responses\n /\nasync function handleErrorResponse(\n response: Response,\n errorPrefix?: string,\n): Promise<never> {\n const { status } = response;\n const retryAfterHeader = response.headers.get('Retry-After');\n const retryAfterMs = parseRetryAfter(retryAfterHeader);\n\n const responseBody = (await response.json()) as\n \| ErrorMessage\n \| { error_description: string; error: string };\n\n const message =\n 'message' in responseBody\n ? responseBody.message\n : responseBody.error_description;\n const { error } = responseBody;\n\n if (status === 429) {\n throw new RateLimitedError(\n `HTTP 429: ${message} (error: ${error})`,\n retryAfterMs ?? undefined,\n );\n }\n\n const prefix = errorPrefix ? `${errorPrefix} ` : '';\n throw new Error(`${prefix}HTTP ${status} error: ${message}, error: ${error}`);\n}\n\nexport const NONCE_URL = (env: Env) =>\n `${getEnvUrls(env).authApiUrl}/api/v2/nonce`;\n\nexport const PAIR_IDENTIFIERS = (env: Env) =>\n `${getEnvUrls(env).authApiUrl}/api/v2/identifiers/pair`;\n\nexport const OIDC_TOKEN_URL = (env: Env) =>\n `${getEnvUrls(env).oidcApiUrl}/oauth2/token`;\n\nexport const SRP_LOGIN_URL = (env: Env) =>\n `${getEnvUrls(env).authApiUrl}/api/v2/srp/login`;\n\nexport const SIWE_LOGIN_URL = (env: Env) =>\n `${getEnvUrls(env).authApiUrl}/api/v2/siwe/login`;\n\nexport const PROFILE_LINEAGE_URL = (env: Env) =>\n `${getEnvUrls(env).authApiUrl}/api/v2/profile/lineage`;\n\nconst getAuthenticationUrl = (authType: AuthType, env: Env): string => {\n switch (authType) {\n case AuthType.SRP:\n return SRP_LOGIN_URL(env);\n case AuthType.SiWE:\n return SIWE_LOGIN_URL(env);\n / istanbul ignore next /\n default:\n throw new ValidationError(\n `Invalid AuthType: ${authType as number} - unable to create Auth URL`,\n );\n }\n};\n\ntype NonceResponse = {\n nonce: string;\n identifier: string;\n expiresIn: number;\n};\n\ntype PairRequest = {\n signature: string;\n raw_message: string;\n encrypted_storage_key: string;\n identifier_type: 'SIWE' \| 'SRP';\n};\n\n/\n Pair multiple identifiers under a single profile\n \n @param nonce - session nonce\n * @param logins - pairing request payload\n * @param accessToken - JWT access token used to access protected resources\n * @param env - server environment\n * @returns void.\n /\nexport async function pairIdentifiers(\n nonce: string,\n logins: PairRequest[],\n accessToken: string,\n env: Env,\n): Promise<void> {\n const pairUrl = new URL(PAIR_IDENTIFIERS(env));\n\n try {\n const response = await fetch(pairUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Authorization: `Bearer ${accessToken}`,\n },\n body: JSON.stringify({\n nonce,\n logins,\n }),\n });\n\n if (!response.ok) {\n await handleErrorResponse(response);\n }\n } catch (e) {\n // Re-throw RateLimitedError to preserve 429 status and retry metadata\n if (RateLimitedError.isRateLimitError(e)) {\n throw e;\n }\n / istanbul ignore next /\n const errorMessage =\n e instanceof Error ? e.message : JSON.stringify(e ?? '');\n throw new PairError(`unable to pair identifiers: ${errorMessage}`);\n }\n}\n\n/\n Service to Get Nonce for JWT Bearer Flow\n \n @param id - identifier ID\n * @param env - server environment\n * @returns the nonce.\n /\nexport async function getNonce(id: string, env: Env): Promise<NonceResponse> {\n const nonceUrl = new URL(NONCE_URL(env));\n nonceUrl.searchParams.set('identifier', id);\n\n try {\n const nonceResponse = await fetch(nonceUrl.toString());\n if (!nonceResponse.ok) {\n await handleErrorResponse(nonceResponse);\n }\n\n const nonceJson = await nonceResponse.json();\n return {\n nonce: nonceJson.nonce,\n identifier: nonceJson.identifier,\n expiresIn: nonceJson.expires_in,\n };\n } catch (e) {\n // Re-throw RateLimitedError to preserve 429 status and retry metadata\n if (RateLimitedError.isRateLimitError(e)) {\n throw e;\n }\n / istanbul ignore next /\n const errorMessage =\n e instanceof Error ? e.message : JSON.stringify(e ?? '');\n throw new NonceRetrievalError(`failed to generate nonce: ${errorMessage}`);\n }\n}\n\n/\n Service to Authorize And perform OIDC Flow to get the Access Token\n \n @param jwtToken - The original token received from Authentication. This is traded for the Access Token. (the authentication token is single-use)\n * @param env - server environment\n * @param platform - SDK platform\n * @returns Access Token from Authorization server\n /\nexport async function authorizeOIDC(\n jwtToken: string,\n env: Env,\n platform: Platform,\n): Promise<AccessToken> {\n const grantType = 'urn:ietf:params:oauth:grant-type:jwt-bearer';\n const headers = new Headers({\n 'Content-Type': 'application/x-www-form-urlencoded',\n });\n\n const urlEncodedBody = new URLSearchParams();\n urlEncodedBody.append('grant_type', grantType);\n urlEncodedBody.append('client_id', getOidcClientId(env, platform));\n urlEncodedBody.append('assertion', jwtToken);\n\n try {\n const response = await fetch(OIDC_TOKEN_URL(env), {\n method: 'POST',\n headers,\n body: urlEncodedBody.toString(),\n });\n\n if (!response.ok) {\n await handleErrorResponse(response);\n }\n\n const accessTokenResponse = await response.json();\n return {\n accessToken: accessTokenResponse.access_token,\n expiresIn: accessTokenResponse.expires_in,\n obtainedAt: Date.now(),\n };\n } catch (e) {\n // Re-throw RateLimitedError to preserve 429 status and retry metadata\n if (RateLimitedError.isRateLimitError(e)) {\n throw e;\n }\n / istanbul ignore next /\n const errorMessage =\n e instanceof Error ? e.message : JSON.stringify(e ?? '');\n throw new SignInError(`unable to get access token: ${errorMessage}`);\n }\n}\n\ntype Authentication = {\n token: string;\n expiresIn: number;\n profile: UserProfile;\n};\n/\n Service to Authenticate/Login a user via SIWE or SRP derived key.\n \n @param rawMessage - raw message for validation when authenticating\n * @param signature - signed raw message\n * @param authType - authentication type/flow used\n * @param env - server environment\n * @param metametrics - optional metametrics\n * @returns Authentication Token\n /\nexport async function authenticate(\n rawMessage: string,\n signature: string,\n authType: AuthType,\n env: Env,\n metametrics?: MetaMetricsAuth,\n): Promise<Authentication> {\n const authenticationUrl = getAuthenticationUrl(authType, env);\n\n try {\n const response = await fetch(authenticationUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify({\n signature,\n raw_message: rawMessage,\n ...(metametrics\n ? {\n metametrics: {\n metametrics_id: await metametrics.getMetaMetricsId(),\n agent: metametrics.agent,\n },\n }\n : {}),\n }),\n });\n\n if (!response.ok) {\n await handleErrorResponse(response, `${authType} login`);\n }\n\n const loginResponse = await response.json();\n return {\n token: loginResponse.token,\n expiresIn: loginResponse.expires_in,\n profile: {\n identifierId: loginResponse.profile.identifier_id,\n metaMetricsId: loginResponse.profile.metametrics_id,\n profileId: loginResponse.profile.profile_id,\n },\n };\n } catch (e) {\n // Re-throw RateLimitedError to preserve 429 status and retry metadata\n if (RateLimitedError.isRateLimitError(e)) {\n throw e;\n }\n / istanbul ignore next /\n const errorMessage =\n e instanceof Error ? e.message : JSON.stringify(e ?? '');\n throw new SignInError(`unable to perform SRP login: ${errorMessage}`);\n }\n}\n\n/\n Service to get the Profile Lineage\n \n @param env - server environment\n * @param accessToken - JWT access token used to access protected resources\n * @returns Profile Lineage information.\n /\nexport async function getUserProfileLineage(\n env: Env,\n accessToken: string,\n): Promise<UserProfileLineage> {\n const profileLineageUrl = new URL(PROFILE_LINEAGE_URL(env));\n\n try {\n const response = await fetch(profileLineageUrl, {\n method: 'GET',\n headers: {\n Authorization: `Bearer ${accessToken}`,\n },\n });\n\n if (!response.ok) {\n await handleErrorResponse(response, 'profile lineage');\n }\n\n const profileJson: UserProfileLineage = await response.json();\n\n return profileJson;\n } catch (e) {\n // Re-throw RateLimitedError to preserve 429 status and retry metadata\n if (RateLimitedError.isRateLimitError(e)) {\n throw e;\n }\n / istanbul ignore next */\n const errorMessage =\n e instanceof Error ? e.message : JSON.stringify(e ?? '');\n throw new SignInError(`failed to get profile lineage: ${errorMessage}`);\n }\n}\n"]}

package/dist/sdk/authentication-jwt-bearer/utils/time.cjs ADDED Viewed

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.delay = void 0;
+/**
+ * Delays execution for the specified number of milliseconds.
+ *
+ * @param ms - Number of milliseconds to delay
+ * @returns Promise that resolves after the delay
+ */
+async function delay(ms) {
+    if (ms <= 0) {
+        return;
+    }
+    await new Promise((resolve) => setTimeout(resolve, ms));
+}
+exports.delay = delay;
+//# sourceMappingURL=time.cjs.map

package/dist/sdk/authentication-jwt-bearer/utils/time.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"time.cjs","sourceRoot":"","sources":["../../../../src/sdk/authentication-jwt-bearer/utils/time.ts"],"names":[],"mappings":";;;AAAA;;;;;GAKG;AACI,KAAK,UAAU,KAAK,CAAC,EAAU;IACpC,IAAI,EAAE,IAAI,CAAC,EAAE;QACX,OAAO;KACR;IACD,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC1D,CAAC;AALD,sBAKC","sourcesContent":["/**\n * Delays execution for the specified number of milliseconds.\n *\n * @param ms - Number of milliseconds to delay\n * @returns Promise that resolves after the delay\n */\nexport async function delay(ms: number): Promise<void> {\n if (ms <= 0) {\n return;\n }\n await new Promise((resolve) => setTimeout(resolve, ms));\n}\n"]}

package/dist/sdk/authentication-jwt-bearer/utils/time.d.cts ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * Delays execution for the specified number of milliseconds.
+ *
+ * @param ms - Number of milliseconds to delay
+ * @returns Promise that resolves after the delay
+ */
+export declare function delay(ms: number): Promise<void>;
+//# sourceMappingURL=time.d.cts.map

package/dist/sdk/authentication-jwt-bearer/utils/time.d.cts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"time.d.cts","sourceRoot":"","sources":["../../../../src/sdk/authentication-jwt-bearer/utils/time.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,wBAAsB,KAAK,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAKrD"}

package/dist/sdk/authentication-jwt-bearer/utils/time.d.mts ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * Delays execution for the specified number of milliseconds.
+ *
+ * @param ms - Number of milliseconds to delay
+ * @returns Promise that resolves after the delay
+ */
+export declare function delay(ms: number): Promise<void>;
+//# sourceMappingURL=time.d.mts.map

package/dist/sdk/authentication-jwt-bearer/utils/time.d.mts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"time.d.mts","sourceRoot":"","sources":["../../../../src/sdk/authentication-jwt-bearer/utils/time.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,wBAAsB,KAAK,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAKrD"}

package/dist/sdk/authentication-jwt-bearer/utils/time.mjs ADDED Viewed

@@ -0,0 +1,13 @@
+/**
+ * Delays execution for the specified number of milliseconds.
+ *
+ * @param ms - Number of milliseconds to delay
+ * @returns Promise that resolves after the delay
+ */
+export async function delay(ms) {
+    if (ms <= 0) {
+        return;
+    }
+    await new Promise((resolve) => setTimeout(resolve, ms));
+}
+//# sourceMappingURL=time.mjs.map

package/dist/sdk/authentication-jwt-bearer/utils/time.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"time.mjs","sourceRoot":"","sources":["../../../../src/sdk/authentication-jwt-bearer/utils/time.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,KAAK,CAAC,EAAU;IACpC,IAAI,EAAE,IAAI,CAAC,EAAE;QACX,OAAO;KACR;IACD,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC1D,CAAC","sourcesContent":["/**\n * Delays execution for the specified number of milliseconds.\n *\n * @param ms - Number of milliseconds to delay\n * @returns Promise that resolves after the delay\n */\nexport async function delay(ms: number): Promise<void> {\n if (ms <= 0) {\n return;\n }\n await new Promise((resolve) => setTimeout(resolve, ms));\n}\n"]}

package/dist/sdk/errors.cjs CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.NotFoundError = exports.UnsupportedAuthTypeError = exports.ValidationError = exports.UserStorageError = exports.PairError = exports.SignInError = exports.NonceRetrievalError = void 0;
+exports.RateLimitedError = exports.NotFoundError = exports.UnsupportedAuthTypeError = exports.ValidationError = exports.UserStorageError = exports.PairError = exports.SignInError = exports.NonceRetrievalError = void 0;
 class NonceRetrievalError extends Error {
     constructor(message) {
         super(message);
@@ -50,4 +50,26 @@ class NotFoundError extends Error {
     }
 }
 exports.NotFoundError = NotFoundError;
+class RateLimitedError extends Error {
+    constructor(message, retryAfterMs) {
+        super(message);
+        this.status = 429;
+        this.name = 'RateLimitedError';
+        this.retryAfterMs = retryAfterMs;
+    }
+    /**
+     * Check if an unknown error is a rate limit error (429 status).
+     *
+     * @param e - The error to check
+     * @returns True if the error is a rate limit error
+     */
+    static isRateLimitError(e) {
+        return (e instanceof RateLimitedError ||
+            (typeof e === 'object' &&
+                e !== null &&
+                'status' in e &&
+                e.status === 429));
+    }
+}
+exports.RateLimitedError = RateLimitedError;
 //# sourceMappingURL=errors.cjs.map

package/dist/sdk/errors.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"errors.cjs","sourceRoot":"","sources":["../../src/sdk/errors.ts"],"names":[],"mappings":";;;AAAA,MAAa,mBAAoB,SAAQ,KAAK;IAC5C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;IACpC,CAAC;CACF;AALD,kDAKC;AAED,MAAa,WAAY,SAAQ,KAAK;IACpC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,aAAa,CAAC;IAC5B,CAAC;CACF;AALD,kCAKC;AAED,MAAa,SAAU,SAAQ,KAAK;IAClC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;IAC1B,CAAC;CACF;AALD,8BAKC;AAED,MAAa,gBAAiB,SAAQ,KAAK;IACzC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;IACjC,CAAC;CACF;AALD,4CAKC;AAED,MAAa,eAAgB,SAAQ,KAAK;IACxC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;IAChC,CAAC;CACF;AALD,0CAKC;AAED,MAAa,wBAAyB,SAAQ,KAAK;IACjD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,0BAA0B,CAAC;IACzC,CAAC;CACF;AALD,4DAKC;AAED,MAAa,aAAc,SAAQ,KAAK;IACtC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,eAAe,CAAC;IAC9B,CAAC;CACF;AALD,sCAKC","sourcesContent":["export class NonceRetrievalError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'NonceRetrievalError';\n }\n}\n\nexport class SignInError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'SignInError';\n }\n}\n\nexport class PairError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'PairError';\n }\n}\n\nexport class UserStorageError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'UserStorageError';\n }\n}\n\nexport class ValidationError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'ValidationError';\n }\n}\n\nexport class UnsupportedAuthTypeError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'UnsupportedAuthTypeError';\n }\n}\n\nexport class NotFoundError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'NotFoundError';\n }\n}\n"]}
1	+ {"version":3,"file":"errors.cjs","sourceRoot":"","sources":["../../src/sdk/errors.ts"],"names":[],"mappings":";;;AAAA,MAAa,mBAAoB,SAAQ,KAAK;IAC5C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;IACpC,CAAC;CACF;AALD,kDAKC;AAED,MAAa,WAAY,SAAQ,KAAK;IACpC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,aAAa,CAAC;IAC5B,CAAC;CACF;AALD,kCAKC;AAED,MAAa,SAAU,SAAQ,KAAK;IAClC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;IAC1B,CAAC;CACF;AALD,8BAKC;AAED,MAAa,gBAAiB,SAAQ,KAAK;IACzC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;IACjC,CAAC;CACF;AALD,4CAKC;AAED,MAAa,eAAgB,SAAQ,KAAK;IACxC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;IAChC,CAAC;CACF;AALD,0CAKC;AAED,MAAa,wBAAyB,SAAQ,KAAK;IACjD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,0BAA0B,CAAC;IACzC,CAAC;CACF;AALD,4DAKC;AAED,MAAa,aAAc,SAAQ,KAAK;IACtC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,eAAe,CAAC;IAC9B,CAAC;CACF;AALD,sCAKC;AAED,MAAa,gBAAiB,SAAQ,KAAK;IAKzC,YAAY,OAAe,EAAE,YAAqB;QAChD,KAAK,CAAC,OAAO,CAAC,CAAC;QALR,WAAM,GAAG,GAAG,CAAC;QAMpB,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;QAC/B,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;IACnC,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,gBAAgB,CAAC,CAAU;QAChC,OAAO,CACL,CAAC,YAAY,gBAAgB;YAC7B,CAAC,OAAO,CAAC,KAAK,QAAQ;gBACpB,CAAC,KAAK,IAAI;gBACV,QAAQ,IAAI,CAAC;gBACZ,CAAwB,CAAC,MAAM,KAAK,GAAG,CAAC,CAC5C,CAAC;IACJ,CAAC;CACF;AA1BD,4CA0BC","sourcesContent":["export class NonceRetrievalError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'NonceRetrievalError';\n }\n}\n\nexport class SignInError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'SignInError';\n }\n}\n\nexport class PairError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'PairError';\n }\n}\n\nexport class UserStorageError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'UserStorageError';\n }\n}\n\nexport class ValidationError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'ValidationError';\n }\n}\n\nexport class UnsupportedAuthTypeError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'UnsupportedAuthTypeError';\n }\n}\n\nexport class NotFoundError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'NotFoundError';\n }\n}\n\nexport class RateLimitedError extends Error {\n readonly status = 429;\n\n readonly retryAfterMs?: number;\n\n constructor(message: string, retryAfterMs?: number) {\n super(message);\n this.name = 'RateLimitedError';\n this.retryAfterMs = retryAfterMs;\n }\n\n /*\n Check if an unknown error is a rate limit error (429 status).\n \n @param e - The error to check\n * @returns True if the error is a rate limit error\n */\n static isRateLimitError(e: unknown): e is RateLimitedError {\n return (\n e instanceof RateLimitedError \|\|\n (typeof e === 'object' &&\n e !== null &&\n 'status' in e &&\n (e as { status: number }).status === 429)\n );\n }\n}\n"]}

package/dist/sdk/errors.d.cts CHANGED Viewed

@@ -19,4 +19,16 @@ export declare class UnsupportedAuthTypeError extends Error {
 export declare class NotFoundError extends Error {
     constructor(message: string);
 }
+export declare class RateLimitedError extends Error {
+    readonly status = 429;
+    readonly retryAfterMs?: number;
+    constructor(message: string, retryAfterMs?: number);
+    /**
+     * Check if an unknown error is a rate limit error (429 status).
+     *
+     * @param e - The error to check
+     * @returns True if the error is a rate limit error
+     */
+    static isRateLimitError(e: unknown): e is RateLimitedError;
+}
 //# sourceMappingURL=errors.d.cts.map

package/dist/sdk/errors.d.cts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"errors.d.cts","sourceRoot":"","sources":["../../src/sdk/errors.ts"],"names":[],"mappings":"AAAA,qBAAa,mBAAoB,SAAQ,KAAK;gBAChC,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,WAAY,SAAQ,KAAK;gBACxB,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,SAAU,SAAQ,KAAK;gBACtB,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,gBAAiB,SAAQ,KAAK;gBAC7B,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,eAAgB,SAAQ,KAAK;gBAC5B,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,wBAAyB,SAAQ,KAAK;gBACrC,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,aAAc,SAAQ,KAAK;gBAC1B,OAAO,EAAE,MAAM;CAI5B"}
1	+ {"version":3,"file":"errors.d.cts","sourceRoot":"","sources":["../../src/sdk/errors.ts"],"names":[],"mappings":"AAAA,qBAAa,mBAAoB,SAAQ,KAAK;gBAChC,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,WAAY,SAAQ,KAAK;gBACxB,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,SAAU,SAAQ,KAAK;gBACtB,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,gBAAiB,SAAQ,KAAK;gBAC7B,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,eAAgB,SAAQ,KAAK;gBAC5B,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,wBAAyB,SAAQ,KAAK;gBACrC,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,aAAc,SAAQ,KAAK;gBAC1B,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,gBAAiB,SAAQ,KAAK;IACzC,QAAQ,CAAC,MAAM,OAAO;IAEtB,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;gBAEnB,OAAO,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM;IAMlD;;;;;OAKG;IACH,MAAM,CAAC,gBAAgB,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,gBAAgB;CAS3D"}

package/dist/sdk/errors.d.mts CHANGED Viewed

@@ -19,4 +19,16 @@ export declare class UnsupportedAuthTypeError extends Error {
 export declare class NotFoundError extends Error {
     constructor(message: string);
 }
+export declare class RateLimitedError extends Error {
+    readonly status = 429;
+    readonly retryAfterMs?: number;
+    constructor(message: string, retryAfterMs?: number);
+    /**
+     * Check if an unknown error is a rate limit error (429 status).
+     *
+     * @param e - The error to check
+     * @returns True if the error is a rate limit error
+     */
+    static isRateLimitError(e: unknown): e is RateLimitedError;
+}
 //# sourceMappingURL=errors.d.mts.map

package/dist/sdk/errors.d.mts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"errors.d.mts","sourceRoot":"","sources":["../../src/sdk/errors.ts"],"names":[],"mappings":"AAAA,qBAAa,mBAAoB,SAAQ,KAAK;gBAChC,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,WAAY,SAAQ,KAAK;gBACxB,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,SAAU,SAAQ,KAAK;gBACtB,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,gBAAiB,SAAQ,KAAK;gBAC7B,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,eAAgB,SAAQ,KAAK;gBAC5B,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,wBAAyB,SAAQ,KAAK;gBACrC,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,aAAc,SAAQ,KAAK;gBAC1B,OAAO,EAAE,MAAM;CAI5B"}
1	+ {"version":3,"file":"errors.d.mts","sourceRoot":"","sources":["../../src/sdk/errors.ts"],"names":[],"mappings":"AAAA,qBAAa,mBAAoB,SAAQ,KAAK;gBAChC,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,WAAY,SAAQ,KAAK;gBACxB,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,SAAU,SAAQ,KAAK;gBACtB,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,gBAAiB,SAAQ,KAAK;gBAC7B,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,eAAgB,SAAQ,KAAK;gBAC5B,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,wBAAyB,SAAQ,KAAK;gBACrC,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,aAAc,SAAQ,KAAK;gBAC1B,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,gBAAiB,SAAQ,KAAK;IACzC,QAAQ,CAAC,MAAM,OAAO;IAEtB,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;gBAEnB,OAAO,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM;IAMlD;;;;;OAKG;IACH,MAAM,CAAC,gBAAgB,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,gBAAgB;CAS3D"}

package/dist/sdk/errors.mjs CHANGED Viewed

@@ -40,4 +40,25 @@ export class NotFoundError extends Error {
         this.name = 'NotFoundError';
     }
 }
+export class RateLimitedError extends Error {
+    constructor(message, retryAfterMs) {
+        super(message);
+        this.status = 429;
+        this.name = 'RateLimitedError';
+        this.retryAfterMs = retryAfterMs;
+    }
+    /**
+     * Check if an unknown error is a rate limit error (429 status).
+     *
+     * @param e - The error to check
+     * @returns True if the error is a rate limit error
+     */
+    static isRateLimitError(e) {
+        return (e instanceof RateLimitedError ||
+            (typeof e === 'object' &&
+                e !== null &&
+                'status' in e &&
+                e.status === 429));
+    }
+}
 //# sourceMappingURL=errors.mjs.map

package/dist/sdk/errors.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"errors.mjs","sourceRoot":"","sources":["../../src/sdk/errors.ts"],"names":[],"mappings":"AAAA,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IAC5C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;IACpC,CAAC;CACF;AAED,MAAM,OAAO,WAAY,SAAQ,KAAK;IACpC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,aAAa,CAAC;IAC5B,CAAC;CACF;AAED,MAAM,OAAO,SAAU,SAAQ,KAAK;IAClC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;IAC1B,CAAC;CACF;AAED,MAAM,OAAO,gBAAiB,SAAQ,KAAK;IACzC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;IACjC,CAAC;CACF;AAED,MAAM,OAAO,eAAgB,SAAQ,KAAK;IACxC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;IAChC,CAAC;CACF;AAED,MAAM,OAAO,wBAAyB,SAAQ,KAAK;IACjD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,0BAA0B,CAAC;IACzC,CAAC;CACF;AAED,MAAM,OAAO,aAAc,SAAQ,KAAK;IACtC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,eAAe,CAAC;IAC9B,CAAC;CACF","sourcesContent":["export class NonceRetrievalError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'NonceRetrievalError';\n }\n}\n\nexport class SignInError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'SignInError';\n }\n}\n\nexport class PairError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'PairError';\n }\n}\n\nexport class UserStorageError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'UserStorageError';\n }\n}\n\nexport class ValidationError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'ValidationError';\n }\n}\n\nexport class UnsupportedAuthTypeError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'UnsupportedAuthTypeError';\n }\n}\n\nexport class NotFoundError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'NotFoundError';\n }\n}\n"]}
1	+ {"version":3,"file":"errors.mjs","sourceRoot":"","sources":["../../src/sdk/errors.ts"],"names":[],"mappings":"AAAA,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IAC5C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;IACpC,CAAC;CACF;AAED,MAAM,OAAO,WAAY,SAAQ,KAAK;IACpC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,aAAa,CAAC;IAC5B,CAAC;CACF;AAED,MAAM,OAAO,SAAU,SAAQ,KAAK;IAClC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;IAC1B,CAAC;CACF;AAED,MAAM,OAAO,gBAAiB,SAAQ,KAAK;IACzC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;IACjC,CAAC;CACF;AAED,MAAM,OAAO,eAAgB,SAAQ,KAAK;IACxC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;IAChC,CAAC;CACF;AAED,MAAM,OAAO,wBAAyB,SAAQ,KAAK;IACjD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,0BAA0B,CAAC;IACzC,CAAC;CACF;AAED,MAAM,OAAO,aAAc,SAAQ,KAAK;IACtC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,eAAe,CAAC;IAC9B,CAAC;CACF;AAED,MAAM,OAAO,gBAAiB,SAAQ,KAAK;IAKzC,YAAY,OAAe,EAAE,YAAqB;QAChD,KAAK,CAAC,OAAO,CAAC,CAAC;QALR,WAAM,GAAG,GAAG,CAAC;QAMpB,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;QAC/B,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;IACnC,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,gBAAgB,CAAC,CAAU;QAChC,OAAO,CACL,CAAC,YAAY,gBAAgB;YAC7B,CAAC,OAAO,CAAC,KAAK,QAAQ;gBACpB,CAAC,KAAK,IAAI;gBACV,QAAQ,IAAI,CAAC;gBACZ,CAAwB,CAAC,MAAM,KAAK,GAAG,CAAC,CAC5C,CAAC;IACJ,CAAC;CACF","sourcesContent":["export class NonceRetrievalError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'NonceRetrievalError';\n }\n}\n\nexport class SignInError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'SignInError';\n }\n}\n\nexport class PairError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'PairError';\n }\n}\n\nexport class UserStorageError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'UserStorageError';\n }\n}\n\nexport class ValidationError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'ValidationError';\n }\n}\n\nexport class UnsupportedAuthTypeError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'UnsupportedAuthTypeError';\n }\n}\n\nexport class NotFoundError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'NotFoundError';\n }\n}\n\nexport class RateLimitedError extends Error {\n readonly status = 429;\n\n readonly retryAfterMs?: number;\n\n constructor(message: string, retryAfterMs?: number) {\n super(message);\n this.name = 'RateLimitedError';\n this.retryAfterMs = retryAfterMs;\n }\n\n /*\n Check if an unknown error is a rate limit error (429 status).\n \n @param e - The error to check\n * @returns True if the error is a rate limit error\n */\n static isRateLimitError(e: unknown): e is RateLimitedError {\n return (\n e instanceof RateLimitedError \|\|\n (typeof e === 'object' &&\n e !== null &&\n 'status' in e &&\n (e as { status: number }).status === 429)\n );\n }\n}\n"]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@metamask-previews/profile-sync-controller",
-  "version": "26.0.0-preview-d41a7f35",
+  "version": "26.0.0-preview-ee982ebe",
   "description": "The profile sync helps developers synchronize data across multiple clients and devices in a privacy-preserving way. All data saved in the user storage database is encrypted client-side to preserve privacy. The user storage provides a modular design, giving developers the flexibility to construct and manage their storage spaces in a way that best suits their needs",
   "keywords": [
     "MetaMask",