@metamask-previews/profile-sync-controller 28.2.0-preview-1590150f2 → 28.2.0-preview-1f6071cd8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +5 -0
- package/dist/controllers/authentication/AuthenticationController-method-action-types.cjs.map +1 -1
- package/dist/controllers/authentication/AuthenticationController-method-action-types.d.cts +16 -1
- package/dist/controllers/authentication/AuthenticationController-method-action-types.d.cts.map +1 -1
- package/dist/controllers/authentication/AuthenticationController-method-action-types.d.mts +16 -1
- package/dist/controllers/authentication/AuthenticationController-method-action-types.d.mts.map +1 -1
- package/dist/controllers/authentication/AuthenticationController-method-action-types.mjs.map +1 -1
- package/dist/controllers/authentication/AuthenticationController.cjs +17 -0
- package/dist/controllers/authentication/AuthenticationController.cjs.map +1 -1
- package/dist/controllers/authentication/AuthenticationController.d.cts +12 -0
- package/dist/controllers/authentication/AuthenticationController.d.cts.map +1 -1
- package/dist/controllers/authentication/AuthenticationController.d.mts +12 -0
- package/dist/controllers/authentication/AuthenticationController.d.mts.map +1 -1
- package/dist/controllers/authentication/AuthenticationController.mjs +17 -0
- package/dist/controllers/authentication/AuthenticationController.mjs.map +1 -1
- package/dist/controllers/authentication/mocks/mockResponses.cjs +10 -1
- package/dist/controllers/authentication/mocks/mockResponses.cjs.map +1 -1
- package/dist/controllers/authentication/mocks/mockResponses.d.cts +7 -0
- package/dist/controllers/authentication/mocks/mockResponses.d.cts.map +1 -1
- package/dist/controllers/authentication/mocks/mockResponses.d.mts +7 -0
- package/dist/controllers/authentication/mocks/mockResponses.d.mts.map +1 -1
- package/dist/controllers/authentication/mocks/mockResponses.mjs +9 -1
- package/dist/controllers/authentication/mocks/mockResponses.mjs.map +1 -1
- package/dist/sdk/authentication-jwt-bearer/flow-siwe.cjs +4 -0
- package/dist/sdk/authentication-jwt-bearer/flow-siwe.cjs.map +1 -1
- package/dist/sdk/authentication-jwt-bearer/flow-siwe.d.cts +1 -0
- package/dist/sdk/authentication-jwt-bearer/flow-siwe.d.cts.map +1 -1
- package/dist/sdk/authentication-jwt-bearer/flow-siwe.d.mts +1 -0
- package/dist/sdk/authentication-jwt-bearer/flow-siwe.d.mts.map +1 -1
- package/dist/sdk/authentication-jwt-bearer/flow-siwe.mjs +5 -1
- package/dist/sdk/authentication-jwt-bearer/flow-siwe.mjs.map +1 -1
- package/dist/sdk/authentication-jwt-bearer/flow-srp.cjs +4 -0
- package/dist/sdk/authentication-jwt-bearer/flow-srp.cjs.map +1 -1
- package/dist/sdk/authentication-jwt-bearer/flow-srp.d.cts +1 -0
- package/dist/sdk/authentication-jwt-bearer/flow-srp.d.cts.map +1 -1
- package/dist/sdk/authentication-jwt-bearer/flow-srp.d.mts +1 -0
- package/dist/sdk/authentication-jwt-bearer/flow-srp.d.mts.map +1 -1
- package/dist/sdk/authentication-jwt-bearer/flow-srp.mjs +5 -1
- package/dist/sdk/authentication-jwt-bearer/flow-srp.mjs.map +1 -1
- package/dist/sdk/authentication-jwt-bearer/services.cjs +37 -1
- package/dist/sdk/authentication-jwt-bearer/services.cjs.map +1 -1
- package/dist/sdk/authentication-jwt-bearer/services.d.cts +13 -0
- package/dist/sdk/authentication-jwt-bearer/services.d.cts.map +1 -1
- package/dist/sdk/authentication-jwt-bearer/services.d.mts +13 -0
- package/dist/sdk/authentication-jwt-bearer/services.d.mts.map +1 -1
- package/dist/sdk/authentication-jwt-bearer/services.mjs +34 -0
- package/dist/sdk/authentication-jwt-bearer/services.mjs.map +1 -1
- package/dist/sdk/authentication.cjs +3 -0
- package/dist/sdk/authentication.cjs.map +1 -1
- package/dist/sdk/authentication.d.cts +1 -0
- package/dist/sdk/authentication.d.cts.map +1 -1
- package/dist/sdk/authentication.d.mts +1 -0
- package/dist/sdk/authentication.d.mts.map +1 -1
- package/dist/sdk/authentication.mjs +3 -0
- package/dist/sdk/authentication.mjs.map +1 -1
- package/dist/sdk/mocks/auth.cjs +8 -1
- package/dist/sdk/mocks/auth.cjs.map +1 -1
- package/dist/sdk/mocks/auth.d.cts +7 -0
- package/dist/sdk/mocks/auth.d.cts.map +1 -1
- package/dist/sdk/mocks/auth.d.mts +7 -0
- package/dist/sdk/mocks/auth.d.mts.map +1 -1
- package/dist/sdk/mocks/auth.mjs +8 -1
- package/dist/sdk/mocks/auth.mjs.map +1 -1
- package/package.json +1 -1
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.getMockAuthAccessTokenResponse = exports.getMockAuthPairResponse = exports.MOCK_PAIR_PROFILES_RESPONSE = exports.getE2EIdentifierFromJwt = exports.MOCK_OATH_TOKEN_RESPONSE = exports.getMockAuthLoginResponse = exports.MOCK_LOGIN_RESPONSE = exports.getMockAuthNonceResponse = exports.MOCK_JWT = exports.MOCK_NONCE = exports.MOCK_NONCE_RESPONSE = void 0;
|
|
3
|
+
exports.getMockCustomerServiceTokenResponse = exports.MOCK_CUSTOMER_SERVICE_TOKEN_RESPONSE = exports.getMockAuthAccessTokenResponse = exports.getMockAuthPairResponse = exports.MOCK_PAIR_PROFILES_RESPONSE = exports.getE2EIdentifierFromJwt = exports.MOCK_OATH_TOKEN_RESPONSE = exports.getMockAuthLoginResponse = exports.MOCK_LOGIN_RESPONSE = exports.getMockAuthNonceResponse = exports.MOCK_JWT = exports.MOCK_NONCE = exports.MOCK_NONCE_RESPONSE = void 0;
|
|
4
4
|
const auth_1 = require("../../../sdk/mocks/auth.cjs");
|
|
5
5
|
exports.MOCK_NONCE_RESPONSE = auth_1.MOCK_NONCE_RESPONSE;
|
|
6
6
|
exports.MOCK_NONCE = exports.MOCK_NONCE_RESPONSE.nonce;
|
|
@@ -112,4 +112,13 @@ const getMockAuthAccessTokenResponse = () => {
|
|
|
112
112
|
};
|
|
113
113
|
};
|
|
114
114
|
exports.getMockAuthAccessTokenResponse = getMockAuthAccessTokenResponse;
|
|
115
|
+
exports.MOCK_CUSTOMER_SERVICE_TOKEN_RESPONSE = auth_1.MOCK_CUSTOMER_SERVICE_TOKEN_RESPONSE;
|
|
116
|
+
const getMockCustomerServiceTokenResponse = () => {
|
|
117
|
+
return {
|
|
118
|
+
url: auth_1.MOCK_CUSTOMER_SERVICE_TOKEN_URL,
|
|
119
|
+
requestMethod: 'POST',
|
|
120
|
+
response: exports.MOCK_CUSTOMER_SERVICE_TOKEN_RESPONSE,
|
|
121
|
+
};
|
|
122
|
+
};
|
|
123
|
+
exports.getMockCustomerServiceTokenResponse = getMockCustomerServiceTokenResponse;
|
|
115
124
|
//# sourceMappingURL=mockResponses.cjs.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mockResponses.cjs","sourceRoot":"","sources":["../../../../src/controllers/authentication/mocks/mockResponses.ts"],"names":[],"mappings":";;;AAAA,
|
|
1
|
+
{"version":3,"file":"mockResponses.cjs","sourceRoot":"","sources":["../../../../src/controllers/authentication/mocks/mockResponses.ts"],"names":[],"mappings":";;;AAAA,sDAYiC;AAQpB,QAAA,mBAAmB,GAAG,0BAAuB,CAAC;AAC9C,QAAA,UAAU,GAAG,2BAAmB,CAAC,KAAK,CAAC;AACvC,QAAA,QAAQ,GAAG,eAAY,CAAC;AAE9B,MAAM,wBAAwB,GAAG,GAAiB,EAAE;IACzD,OAAO;QACL,GAAG,EAAE,qBAAc;QACnB,aAAa,EAAE,KAAK;QACpB,QAAQ,EAAE,CACR,CAAW,EACX,IAAa,EACb,+BAA+D,EACnC,EAAE;YAC9B,2FAA2F;YAC3F,oEAAoE;YACpE,MAAM,UAAU,GAAG,IAAI,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC;YAClD,MAAM,aAAa,GAAG,+BAA+B,EAAE,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC;YAE1E,OAAO;gBACL,GAAG,2BAAmB;gBACtB,KAAK,EAAE,aAAa,IAAI,2BAAmB,CAAC,KAAK;gBACjD,UAAU,EAAE,2BAAmB,CAAC,UAAU;aAC3C,CAAC;QACJ,CAAC;KACqB,CAAC;AAC3B,CAAC,CAAC;AArBW,QAAA,wBAAwB,4BAqBnC;AAEW,QAAA,mBAAmB,GAAG,8BAA2B,CAAC;AAExD,MAAM,wBAAwB,GAAG,GAAiB,EAAE;IACzD,OAAO;QACL,GAAG,EAAE,yBAAkB;QACvB,aAAa,EAAE,MAAM;QACrB,mHAAmH;QACnH,+DAA+D;QAC/D,QAAQ,EAAE,CAAC,eAEV,EAA8B,EAAE;YAC/B,MAAM,kBAAkB,GAAG,eAAe,EAAE,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACnE,MAAM,aAAa,GAAG,kBAAkB,EAAE,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YAE1E,OAAO;gBACL,GAAG,2BAAmB;gBACtB,KAAK,EAAE,aAAa,IAAI,2BAAmB,CAAC,KAAK;gBACjD,OAAO,EAAE;oBACP,GAAG,2BAAmB,CAAC,OAAO;oBAC9B,UAAU,EAAE,aAAa,IAAI,2BAAmB,CAAC,OAAO,CAAC,UAAU;oBACnE,aAAa,EACX,aAAa,IAAI,2BAAmB,CAAC,OAAO,CAAC,aAAa;iBAC7D;aACF,CAAC;QACJ,CAAC;KACqB,CAAC;AAC3B,CAAC,CAAC;AAxBW,QAAA,wBAAwB,4BAwBnC;AAEW,QAAA,wBAAwB,GAAG,+BAA4B,CAAC;AAErE,MAAM,uBAAuB,GAAG,UAAU,CAAC,CAAC,aAAa;AAEzD;;;;;;;GAOG;AACH,MAAM,aAAa,GAAG,CAAC,UAAkB,EAAU,EAAE;IACnD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IACjE,MAAM,OAAO,GAAG,IAAI,CAClB,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,uBAAuB,EAAE,CAAC,CAClE,CAAC;IACF,OAAO,GAAG,MAAM,IAAI,OAAO,OAAO,CAAC;AACrC,CAAC,CAAC;AAEF;;;;;;;GAOG;AACI,MAAM,uBAAuB,GAAG,CAAC,KAAa,EAAU,EAAE;IAC/D,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3C,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC9C,OAAO,GAAG,CAAC;YACb,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,2BAA2B;IAC7B,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAbW,QAAA,uBAAuB,2BAalC;AAEW,QAAA,2BAA2B,GAAG,kCAA+B,CAAC;AAEpE,MAAM,uBAAuB,GAAG,GAAiB,EAAE;IACxD,OAAO;QACL,GAAG,EAAE,6BAAsB;QAC3B,aAAa,EAAE,MAAM;QACrB,QAAQ,EAAE,mCAA2B;KACf,CAAC;AAC3B,CAAC,CAAC;AANW,QAAA,uBAAuB,2BAMlC;AAEK,MAAM,8BAA8B,GAAG,GAAiB,EAAE;IAC/D,OAAO;QACL,GAAG,EAAE,0BAAmB;QACxB,aAAa,EAAE,MAAM;QACrB,QAAQ,EAAE,CAAC,eAAwB,EAAmC,EAAE;YACtE,2EAA2E;YAC3E,4EAA4E;YAC5E,MAAM,aAAa,GAAG,IAAI,eAAe,CAAC,eAAe,CAAC,CAAC,GAAG,CAC5D,WAAW,CACZ,CAAC;YAEF,OAAO;gBACL,GAAG,gCAAwB;gBAC3B,YAAY,EAAE,aAAa;oBACzB,CAAC,CAAC,aAAa,CAAC,aAAa,CAAC;oBAC9B,CAAC,CAAC,gCAAwB,CAAC,YAAY;aAC1C,CAAC;QACJ,CAAC;KACqB,CAAC;AAC3B,CAAC,CAAC;AAnBW,QAAA,8BAA8B,kCAmBzC;AAEW,QAAA,oCAAoC,GAC/C,2CAAwC,CAAC;AAEpC,MAAM,mCAAmC,GAAG,GAAiB,EAAE;IACpE,OAAO;QACL,GAAG,EAAE,sCAA+B;QACpC,aAAa,EAAE,MAAM;QACrB,QAAQ,EAAE,4CAAoC;KACxB,CAAC;AAC3B,CAAC,CAAC;AANW,QAAA,mCAAmC,uCAM9C","sourcesContent":["import {\n MOCK_NONCE_RESPONSE as SDK_MOCK_NONCE_RESPONSE,\n MOCK_JWT as SDK_MOCK_JWT,\n MOCK_SRP_LOGIN_RESPONSE as SDK_MOCK_SRP_LOGIN_RESPONSE,\n MOCK_OIDC_TOKEN_RESPONSE as SDK_MOCK_OIDC_TOKEN_RESPONSE,\n MOCK_PAIR_PROFILES_RESPONSE as SDK_MOCK_PAIR_PROFILES_RESPONSE,\n MOCK_CUSTOMER_SERVICE_TOKEN_RESPONSE as SDK_MOCK_CUSTOMER_SERVICE_TOKEN_RESPONSE,\n MOCK_NONCE_URL,\n MOCK_SRP_LOGIN_URL,\n MOCK_OIDC_TOKEN_URL,\n MOCK_PAIR_PROFILES_URL,\n MOCK_CUSTOMER_SERVICE_TOKEN_URL,\n} from '../../../sdk/mocks/auth';\n\ntype MockResponse = {\n url: string;\n requestMethod: 'GET' | 'POST' | 'PUT';\n response: unknown;\n};\n\nexport const MOCK_NONCE_RESPONSE = SDK_MOCK_NONCE_RESPONSE;\nexport const MOCK_NONCE = MOCK_NONCE_RESPONSE.nonce;\nexport const MOCK_JWT = SDK_MOCK_JWT;\n\nexport const getMockAuthNonceResponse = (): MockResponse => {\n return {\n url: MOCK_NONCE_URL,\n requestMethod: 'GET',\n response: (\n _?: unknown,\n path?: string,\n getE2ESrpIdentifierForPublicKey?: (publicKey: string) => string,\n ): typeof MOCK_NONCE_RESPONSE => {\n // The goal here is to have this identifier bubble all the way up to being the access token\n // That way, we can use it to segregate data in the test environment\n const identifier = path?.split('?identifier=')[1];\n const e2eIdentifier = getE2ESrpIdentifierForPublicKey?.(identifier ?? '');\n\n return {\n ...MOCK_NONCE_RESPONSE,\n nonce: e2eIdentifier ?? MOCK_NONCE_RESPONSE.nonce,\n identifier: MOCK_NONCE_RESPONSE.identifier,\n };\n },\n } satisfies MockResponse;\n};\n\nexport const MOCK_LOGIN_RESPONSE = SDK_MOCK_SRP_LOGIN_RESPONSE;\n\nexport const getMockAuthLoginResponse = (): MockResponse => {\n return {\n url: MOCK_SRP_LOGIN_URL,\n requestMethod: 'POST',\n // In case this mock is used in an E2E test, we populate token, profile_id and identifier_id with the e2eIdentifier\n // to make it easier to segregate data in the test environment.\n response: (requestJsonBody?: {\n raw_message: string;\n }): typeof MOCK_LOGIN_RESPONSE => {\n const splittedRawMessage = requestJsonBody?.raw_message.split(':');\n const e2eIdentifier = splittedRawMessage?.[splittedRawMessage.length - 2];\n\n return {\n ...MOCK_LOGIN_RESPONSE,\n token: e2eIdentifier ?? MOCK_LOGIN_RESPONSE.token,\n profile: {\n ...MOCK_LOGIN_RESPONSE.profile,\n profile_id: e2eIdentifier ?? MOCK_LOGIN_RESPONSE.profile.profile_id,\n identifier_id:\n e2eIdentifier ?? MOCK_LOGIN_RESPONSE.profile.identifier_id,\n },\n };\n },\n } satisfies MockResponse;\n};\n\nexport const MOCK_OATH_TOKEN_RESPONSE = SDK_MOCK_OIDC_TOKEN_RESPONSE;\n\nconst MOCK_JWT_FAR_FUTURE_EXP = 4102444800; // 2100-01-01\n\n/**\n * Wraps a plain-text identifier in a minimal JWT so that client-side\n * JWT validation (exp check) passes in E2E tests. The identifier is\n * stored in the `sub` claim and can be extracted via {@link getE2EIdentifierFromJwt}.\n *\n * @param identifier - The plain-text E2E identifier to wrap.\n * @returns A JWT-shaped string containing the identifier.\n */\nconst wrapInMockJwt = (identifier: string): string => {\n const header = btoa(JSON.stringify({ alg: 'none', typ: 'JWT' }));\n const payload = btoa(\n JSON.stringify({ sub: identifier, exp: MOCK_JWT_FAR_FUTURE_EXP }),\n );\n return `${header}.${payload}.mock`;\n};\n\n/**\n * Extracts the E2E identifier (`sub` claim) from a mock JWT created\n * by {@link wrapInMockJwt}. Falls back to returning the raw token if\n * decoding fails (backward compatibility with raw-identifier headers).\n *\n * @param token - A bearer token string (JWT or raw identifier).\n * @returns The decoded identifier, or the original token as-is.\n */\nexport const getE2EIdentifierFromJwt = (token: string): string => {\n try {\n const parts = token.split('.');\n if (parts.length === 3) {\n const { sub } = JSON.parse(atob(parts[1]));\n if (typeof sub === 'string' && sub.length > 0) {\n return sub;\n }\n }\n } catch {\n // not a JWT — fall through\n }\n return token;\n};\n\nexport const MOCK_PAIR_PROFILES_RESPONSE = SDK_MOCK_PAIR_PROFILES_RESPONSE;\n\nexport const getMockAuthPairResponse = (): MockResponse => {\n return {\n url: MOCK_PAIR_PROFILES_URL,\n requestMethod: 'POST',\n response: MOCK_PAIR_PROFILES_RESPONSE,\n } satisfies MockResponse;\n};\n\nexport const getMockAuthAccessTokenResponse = (): MockResponse => {\n return {\n url: MOCK_OIDC_TOKEN_URL,\n requestMethod: 'POST',\n response: (requestJsonBody?: string): typeof MOCK_OATH_TOKEN_RESPONSE => {\n // We wrap the e2eIdentifier in a JWT so client-side JWT validation passes.\n // The mock server extracts the identifier back via getE2EIdentifierFromJwt.\n const e2eIdentifier = new URLSearchParams(requestJsonBody).get(\n 'assertion',\n );\n\n return {\n ...MOCK_OATH_TOKEN_RESPONSE,\n access_token: e2eIdentifier\n ? wrapInMockJwt(e2eIdentifier)\n : MOCK_OATH_TOKEN_RESPONSE.access_token,\n };\n },\n } satisfies MockResponse;\n};\n\nexport const MOCK_CUSTOMER_SERVICE_TOKEN_RESPONSE =\n SDK_MOCK_CUSTOMER_SERVICE_TOKEN_RESPONSE;\n\nexport const getMockCustomerServiceTokenResponse = (): MockResponse => {\n return {\n url: MOCK_CUSTOMER_SERVICE_TOKEN_URL,\n requestMethod: 'POST',\n response: MOCK_CUSTOMER_SERVICE_TOKEN_RESPONSE,\n } satisfies MockResponse;\n};\n"]}
|
|
@@ -47,5 +47,12 @@ export declare const MOCK_PAIR_PROFILES_RESPONSE: {
|
|
|
47
47
|
};
|
|
48
48
|
export declare const getMockAuthPairResponse: () => MockResponse;
|
|
49
49
|
export declare const getMockAuthAccessTokenResponse: () => MockResponse;
|
|
50
|
+
export declare const MOCK_CUSTOMER_SERVICE_TOKEN_RESPONSE: {
|
|
51
|
+
access_token: string;
|
|
52
|
+
refresh_token: string;
|
|
53
|
+
expires_in: number;
|
|
54
|
+
token_type: string;
|
|
55
|
+
};
|
|
56
|
+
export declare const getMockCustomerServiceTokenResponse: () => MockResponse;
|
|
50
57
|
export {};
|
|
51
58
|
//# sourceMappingURL=mockResponses.d.cts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mockResponses.d.cts","sourceRoot":"","sources":["../../../../src/controllers/authentication/mocks/mockResponses.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"mockResponses.d.cts","sourceRoot":"","sources":["../../../../src/controllers/authentication/mocks/mockResponses.ts"],"names":[],"mappings":"AAcA,KAAK,YAAY,GAAG;IAClB,GAAG,EAAE,MAAM,CAAC;IACZ,aAAa,EAAE,KAAK,GAAG,MAAM,GAAG,KAAK,CAAC;IACtC,QAAQ,EAAE,OAAO,CAAC;CACnB,CAAC;AAEF,eAAO,MAAM,mBAAmB;;;;CAA0B,CAAC;AAC3D,eAAO,MAAM,UAAU,QAA4B,CAAC;AACpD,eAAO,MAAM,QAAQ,upBAAe,CAAC;AAErC,eAAO,MAAM,wBAAwB,QAAO,YAqB3C,CAAC;AAEF,eAAO,MAAM,mBAAmB;;;;;;;;;;;CAA8B,CAAC;AAE/D,eAAO,MAAM,wBAAwB,QAAO,YAwB3C,CAAC;AAEF,eAAO,MAAM,wBAAwB;;;CAA+B,CAAC;AAoBrE;;;;;;;GAOG;AACH,eAAO,MAAM,uBAAuB,UAAW,MAAM,KAAG,MAavD,CAAC;AAEF,eAAO,MAAM,2BAA2B;;;;;;;CAAkC,CAAC;AAE3E,eAAO,MAAM,uBAAuB,QAAO,YAM1C,CAAC;AAEF,eAAO,MAAM,8BAA8B,QAAO,YAmBjD,CAAC;AAEF,eAAO,MAAM,oCAAoC;;;;;CACP,CAAC;AAE3C,eAAO,MAAM,mCAAmC,QAAO,YAMtD,CAAC"}
|
|
@@ -47,5 +47,12 @@ export declare const MOCK_PAIR_PROFILES_RESPONSE: {
|
|
|
47
47
|
};
|
|
48
48
|
export declare const getMockAuthPairResponse: () => MockResponse;
|
|
49
49
|
export declare const getMockAuthAccessTokenResponse: () => MockResponse;
|
|
50
|
+
export declare const MOCK_CUSTOMER_SERVICE_TOKEN_RESPONSE: {
|
|
51
|
+
access_token: string;
|
|
52
|
+
refresh_token: string;
|
|
53
|
+
expires_in: number;
|
|
54
|
+
token_type: string;
|
|
55
|
+
};
|
|
56
|
+
export declare const getMockCustomerServiceTokenResponse: () => MockResponse;
|
|
50
57
|
export {};
|
|
51
58
|
//# sourceMappingURL=mockResponses.d.mts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mockResponses.d.mts","sourceRoot":"","sources":["../../../../src/controllers/authentication/mocks/mockResponses.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"mockResponses.d.mts","sourceRoot":"","sources":["../../../../src/controllers/authentication/mocks/mockResponses.ts"],"names":[],"mappings":"AAcA,KAAK,YAAY,GAAG;IAClB,GAAG,EAAE,MAAM,CAAC;IACZ,aAAa,EAAE,KAAK,GAAG,MAAM,GAAG,KAAK,CAAC;IACtC,QAAQ,EAAE,OAAO,CAAC;CACnB,CAAC;AAEF,eAAO,MAAM,mBAAmB;;;;CAA0B,CAAC;AAC3D,eAAO,MAAM,UAAU,QAA4B,CAAC;AACpD,eAAO,MAAM,QAAQ,upBAAe,CAAC;AAErC,eAAO,MAAM,wBAAwB,QAAO,YAqB3C,CAAC;AAEF,eAAO,MAAM,mBAAmB;;;;;;;;;;;CAA8B,CAAC;AAE/D,eAAO,MAAM,wBAAwB,QAAO,YAwB3C,CAAC;AAEF,eAAO,MAAM,wBAAwB;;;CAA+B,CAAC;AAoBrE;;;;;;;GAOG;AACH,eAAO,MAAM,uBAAuB,UAAW,MAAM,KAAG,MAavD,CAAC;AAEF,eAAO,MAAM,2BAA2B;;;;;;;CAAkC,CAAC;AAE3E,eAAO,MAAM,uBAAuB,QAAO,YAM1C,CAAC;AAEF,eAAO,MAAM,8BAA8B,QAAO,YAmBjD,CAAC;AAEF,eAAO,MAAM,oCAAoC;;;;;CACP,CAAC;AAE3C,eAAO,MAAM,mCAAmC,QAAO,YAMtD,CAAC"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { MOCK_NONCE_RESPONSE as SDK_MOCK_NONCE_RESPONSE, MOCK_JWT as SDK_MOCK_JWT, MOCK_SRP_LOGIN_RESPONSE as SDK_MOCK_SRP_LOGIN_RESPONSE, MOCK_OIDC_TOKEN_RESPONSE as SDK_MOCK_OIDC_TOKEN_RESPONSE, MOCK_PAIR_PROFILES_RESPONSE as SDK_MOCK_PAIR_PROFILES_RESPONSE, MOCK_NONCE_URL, MOCK_SRP_LOGIN_URL, MOCK_OIDC_TOKEN_URL, MOCK_PAIR_PROFILES_URL } from "../../../sdk/mocks/auth.mjs";
|
|
1
|
+
import { MOCK_NONCE_RESPONSE as SDK_MOCK_NONCE_RESPONSE, MOCK_JWT as SDK_MOCK_JWT, MOCK_SRP_LOGIN_RESPONSE as SDK_MOCK_SRP_LOGIN_RESPONSE, MOCK_OIDC_TOKEN_RESPONSE as SDK_MOCK_OIDC_TOKEN_RESPONSE, MOCK_PAIR_PROFILES_RESPONSE as SDK_MOCK_PAIR_PROFILES_RESPONSE, MOCK_CUSTOMER_SERVICE_TOKEN_RESPONSE as SDK_MOCK_CUSTOMER_SERVICE_TOKEN_RESPONSE, MOCK_NONCE_URL, MOCK_SRP_LOGIN_URL, MOCK_OIDC_TOKEN_URL, MOCK_PAIR_PROFILES_URL, MOCK_CUSTOMER_SERVICE_TOKEN_URL } from "../../../sdk/mocks/auth.mjs";
|
|
2
2
|
export const MOCK_NONCE_RESPONSE = SDK_MOCK_NONCE_RESPONSE;
|
|
3
3
|
export const MOCK_NONCE = MOCK_NONCE_RESPONSE.nonce;
|
|
4
4
|
export const MOCK_JWT = SDK_MOCK_JWT;
|
|
@@ -104,4 +104,12 @@ export const getMockAuthAccessTokenResponse = () => {
|
|
|
104
104
|
},
|
|
105
105
|
};
|
|
106
106
|
};
|
|
107
|
+
export const MOCK_CUSTOMER_SERVICE_TOKEN_RESPONSE = SDK_MOCK_CUSTOMER_SERVICE_TOKEN_RESPONSE;
|
|
108
|
+
export const getMockCustomerServiceTokenResponse = () => {
|
|
109
|
+
return {
|
|
110
|
+
url: MOCK_CUSTOMER_SERVICE_TOKEN_URL,
|
|
111
|
+
requestMethod: 'POST',
|
|
112
|
+
response: MOCK_CUSTOMER_SERVICE_TOKEN_RESPONSE,
|
|
113
|
+
};
|
|
114
|
+
};
|
|
107
115
|
//# sourceMappingURL=mockResponses.mjs.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mockResponses.mjs","sourceRoot":"","sources":["../../../../src/controllers/authentication/mocks/mockResponses.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,mBAAmB,IAAI,uBAAuB,EAC9C,QAAQ,IAAI,YAAY,EACxB,uBAAuB,IAAI,2BAA2B,EACtD,wBAAwB,IAAI,4BAA4B,EACxD,2BAA2B,IAAI,+BAA+B,EAC9D,cAAc,EACd,kBAAkB,EAClB,mBAAmB,EACnB,sBAAsB,
|
|
1
|
+
{"version":3,"file":"mockResponses.mjs","sourceRoot":"","sources":["../../../../src/controllers/authentication/mocks/mockResponses.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,mBAAmB,IAAI,uBAAuB,EAC9C,QAAQ,IAAI,YAAY,EACxB,uBAAuB,IAAI,2BAA2B,EACtD,wBAAwB,IAAI,4BAA4B,EACxD,2BAA2B,IAAI,+BAA+B,EAC9D,oCAAoC,IAAI,wCAAwC,EAChF,cAAc,EACd,kBAAkB,EAClB,mBAAmB,EACnB,sBAAsB,EACtB,+BAA+B,EAChC,oCAAgC;AAQjC,MAAM,CAAC,MAAM,mBAAmB,GAAG,uBAAuB,CAAC;AAC3D,MAAM,CAAC,MAAM,UAAU,GAAG,mBAAmB,CAAC,KAAK,CAAC;AACpD,MAAM,CAAC,MAAM,QAAQ,GAAG,YAAY,CAAC;AAErC,MAAM,CAAC,MAAM,wBAAwB,GAAG,GAAiB,EAAE;IACzD,OAAO;QACL,GAAG,EAAE,cAAc;QACnB,aAAa,EAAE,KAAK;QACpB,QAAQ,EAAE,CACR,CAAW,EACX,IAAa,EACb,+BAA+D,EACnC,EAAE;YAC9B,2FAA2F;YAC3F,oEAAoE;YACpE,MAAM,UAAU,GAAG,IAAI,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC;YAClD,MAAM,aAAa,GAAG,+BAA+B,EAAE,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC;YAE1E,OAAO;gBACL,GAAG,mBAAmB;gBACtB,KAAK,EAAE,aAAa,IAAI,mBAAmB,CAAC,KAAK;gBACjD,UAAU,EAAE,mBAAmB,CAAC,UAAU;aAC3C,CAAC;QACJ,CAAC;KACqB,CAAC;AAC3B,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,mBAAmB,GAAG,2BAA2B,CAAC;AAE/D,MAAM,CAAC,MAAM,wBAAwB,GAAG,GAAiB,EAAE;IACzD,OAAO;QACL,GAAG,EAAE,kBAAkB;QACvB,aAAa,EAAE,MAAM;QACrB,mHAAmH;QACnH,+DAA+D;QAC/D,QAAQ,EAAE,CAAC,eAEV,EAA8B,EAAE;YAC/B,MAAM,kBAAkB,GAAG,eAAe,EAAE,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACnE,MAAM,aAAa,GAAG,kBAAkB,EAAE,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YAE1E,OAAO;gBACL,GAAG,mBAAmB;gBACtB,KAAK,EAAE,aAAa,IAAI,mBAAmB,CAAC,KAAK;gBACjD,OAAO,EAAE;oBACP,GAAG,mBAAmB,CAAC,OAAO;oBAC9B,UAAU,EAAE,aAAa,IAAI,mBAAmB,CAAC,OAAO,CAAC,UAAU;oBACnE,aAAa,EACX,aAAa,IAAI,mBAAmB,CAAC,OAAO,CAAC,aAAa;iBAC7D;aACF,CAAC;QACJ,CAAC;KACqB,CAAC;AAC3B,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,wBAAwB,GAAG,4BAA4B,CAAC;AAErE,MAAM,uBAAuB,GAAG,UAAU,CAAC,CAAC,aAAa;AAEzD;;;;;;;GAOG;AACH,MAAM,aAAa,GAAG,CAAC,UAAkB,EAAU,EAAE;IACnD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IACjE,MAAM,OAAO,GAAG,IAAI,CAClB,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,uBAAuB,EAAE,CAAC,CAClE,CAAC;IACF,OAAO,GAAG,MAAM,IAAI,OAAO,OAAO,CAAC;AACrC,CAAC,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,KAAa,EAAU,EAAE;IAC/D,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3C,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC9C,OAAO,GAAG,CAAC;YACb,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,2BAA2B;IAC7B,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,2BAA2B,GAAG,+BAA+B,CAAC;AAE3E,MAAM,CAAC,MAAM,uBAAuB,GAAG,GAAiB,EAAE;IACxD,OAAO;QACL,GAAG,EAAE,sBAAsB;QAC3B,aAAa,EAAE,MAAM;QACrB,QAAQ,EAAE,2BAA2B;KACf,CAAC;AAC3B,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,8BAA8B,GAAG,GAAiB,EAAE;IAC/D,OAAO;QACL,GAAG,EAAE,mBAAmB;QACxB,aAAa,EAAE,MAAM;QACrB,QAAQ,EAAE,CAAC,eAAwB,EAAmC,EAAE;YACtE,2EAA2E;YAC3E,4EAA4E;YAC5E,MAAM,aAAa,GAAG,IAAI,eAAe,CAAC,eAAe,CAAC,CAAC,GAAG,CAC5D,WAAW,CACZ,CAAC;YAEF,OAAO;gBACL,GAAG,wBAAwB;gBAC3B,YAAY,EAAE,aAAa;oBACzB,CAAC,CAAC,aAAa,CAAC,aAAa,CAAC;oBAC9B,CAAC,CAAC,wBAAwB,CAAC,YAAY;aAC1C,CAAC;QACJ,CAAC;KACqB,CAAC;AAC3B,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,oCAAoC,GAC/C,wCAAwC,CAAC;AAE3C,MAAM,CAAC,MAAM,mCAAmC,GAAG,GAAiB,EAAE;IACpE,OAAO;QACL,GAAG,EAAE,+BAA+B;QACpC,aAAa,EAAE,MAAM;QACrB,QAAQ,EAAE,oCAAoC;KACxB,CAAC;AAC3B,CAAC,CAAC","sourcesContent":["import {\n MOCK_NONCE_RESPONSE as SDK_MOCK_NONCE_RESPONSE,\n MOCK_JWT as SDK_MOCK_JWT,\n MOCK_SRP_LOGIN_RESPONSE as SDK_MOCK_SRP_LOGIN_RESPONSE,\n MOCK_OIDC_TOKEN_RESPONSE as SDK_MOCK_OIDC_TOKEN_RESPONSE,\n MOCK_PAIR_PROFILES_RESPONSE as SDK_MOCK_PAIR_PROFILES_RESPONSE,\n MOCK_CUSTOMER_SERVICE_TOKEN_RESPONSE as SDK_MOCK_CUSTOMER_SERVICE_TOKEN_RESPONSE,\n MOCK_NONCE_URL,\n MOCK_SRP_LOGIN_URL,\n MOCK_OIDC_TOKEN_URL,\n MOCK_PAIR_PROFILES_URL,\n MOCK_CUSTOMER_SERVICE_TOKEN_URL,\n} from '../../../sdk/mocks/auth';\n\ntype MockResponse = {\n url: string;\n requestMethod: 'GET' | 'POST' | 'PUT';\n response: unknown;\n};\n\nexport const MOCK_NONCE_RESPONSE = SDK_MOCK_NONCE_RESPONSE;\nexport const MOCK_NONCE = MOCK_NONCE_RESPONSE.nonce;\nexport const MOCK_JWT = SDK_MOCK_JWT;\n\nexport const getMockAuthNonceResponse = (): MockResponse => {\n return {\n url: MOCK_NONCE_URL,\n requestMethod: 'GET',\n response: (\n _?: unknown,\n path?: string,\n getE2ESrpIdentifierForPublicKey?: (publicKey: string) => string,\n ): typeof MOCK_NONCE_RESPONSE => {\n // The goal here is to have this identifier bubble all the way up to being the access token\n // That way, we can use it to segregate data in the test environment\n const identifier = path?.split('?identifier=')[1];\n const e2eIdentifier = getE2ESrpIdentifierForPublicKey?.(identifier ?? '');\n\n return {\n ...MOCK_NONCE_RESPONSE,\n nonce: e2eIdentifier ?? MOCK_NONCE_RESPONSE.nonce,\n identifier: MOCK_NONCE_RESPONSE.identifier,\n };\n },\n } satisfies MockResponse;\n};\n\nexport const MOCK_LOGIN_RESPONSE = SDK_MOCK_SRP_LOGIN_RESPONSE;\n\nexport const getMockAuthLoginResponse = (): MockResponse => {\n return {\n url: MOCK_SRP_LOGIN_URL,\n requestMethod: 'POST',\n // In case this mock is used in an E2E test, we populate token, profile_id and identifier_id with the e2eIdentifier\n // to make it easier to segregate data in the test environment.\n response: (requestJsonBody?: {\n raw_message: string;\n }): typeof MOCK_LOGIN_RESPONSE => {\n const splittedRawMessage = requestJsonBody?.raw_message.split(':');\n const e2eIdentifier = splittedRawMessage?.[splittedRawMessage.length - 2];\n\n return {\n ...MOCK_LOGIN_RESPONSE,\n token: e2eIdentifier ?? MOCK_LOGIN_RESPONSE.token,\n profile: {\n ...MOCK_LOGIN_RESPONSE.profile,\n profile_id: e2eIdentifier ?? MOCK_LOGIN_RESPONSE.profile.profile_id,\n identifier_id:\n e2eIdentifier ?? MOCK_LOGIN_RESPONSE.profile.identifier_id,\n },\n };\n },\n } satisfies MockResponse;\n};\n\nexport const MOCK_OATH_TOKEN_RESPONSE = SDK_MOCK_OIDC_TOKEN_RESPONSE;\n\nconst MOCK_JWT_FAR_FUTURE_EXP = 4102444800; // 2100-01-01\n\n/**\n * Wraps a plain-text identifier in a minimal JWT so that client-side\n * JWT validation (exp check) passes in E2E tests. The identifier is\n * stored in the `sub` claim and can be extracted via {@link getE2EIdentifierFromJwt}.\n *\n * @param identifier - The plain-text E2E identifier to wrap.\n * @returns A JWT-shaped string containing the identifier.\n */\nconst wrapInMockJwt = (identifier: string): string => {\n const header = btoa(JSON.stringify({ alg: 'none', typ: 'JWT' }));\n const payload = btoa(\n JSON.stringify({ sub: identifier, exp: MOCK_JWT_FAR_FUTURE_EXP }),\n );\n return `${header}.${payload}.mock`;\n};\n\n/**\n * Extracts the E2E identifier (`sub` claim) from a mock JWT created\n * by {@link wrapInMockJwt}. Falls back to returning the raw token if\n * decoding fails (backward compatibility with raw-identifier headers).\n *\n * @param token - A bearer token string (JWT or raw identifier).\n * @returns The decoded identifier, or the original token as-is.\n */\nexport const getE2EIdentifierFromJwt = (token: string): string => {\n try {\n const parts = token.split('.');\n if (parts.length === 3) {\n const { sub } = JSON.parse(atob(parts[1]));\n if (typeof sub === 'string' && sub.length > 0) {\n return sub;\n }\n }\n } catch {\n // not a JWT — fall through\n }\n return token;\n};\n\nexport const MOCK_PAIR_PROFILES_RESPONSE = SDK_MOCK_PAIR_PROFILES_RESPONSE;\n\nexport const getMockAuthPairResponse = (): MockResponse => {\n return {\n url: MOCK_PAIR_PROFILES_URL,\n requestMethod: 'POST',\n response: MOCK_PAIR_PROFILES_RESPONSE,\n } satisfies MockResponse;\n};\n\nexport const getMockAuthAccessTokenResponse = (): MockResponse => {\n return {\n url: MOCK_OIDC_TOKEN_URL,\n requestMethod: 'POST',\n response: (requestJsonBody?: string): typeof MOCK_OATH_TOKEN_RESPONSE => {\n // We wrap the e2eIdentifier in a JWT so client-side JWT validation passes.\n // The mock server extracts the identifier back via getE2EIdentifierFromJwt.\n const e2eIdentifier = new URLSearchParams(requestJsonBody).get(\n 'assertion',\n );\n\n return {\n ...MOCK_OATH_TOKEN_RESPONSE,\n access_token: e2eIdentifier\n ? wrapInMockJwt(e2eIdentifier)\n : MOCK_OATH_TOKEN_RESPONSE.access_token,\n };\n },\n } satisfies MockResponse;\n};\n\nexport const MOCK_CUSTOMER_SERVICE_TOKEN_RESPONSE =\n SDK_MOCK_CUSTOMER_SERVICE_TOKEN_RESPONSE;\n\nexport const getMockCustomerServiceTokenResponse = (): MockResponse => {\n return {\n url: MOCK_CUSTOMER_SERVICE_TOKEN_URL,\n requestMethod: 'POST',\n response: MOCK_CUSTOMER_SERVICE_TOKEN_RESPONSE,\n } satisfies MockResponse;\n};\n"]}
|
|
@@ -50,6 +50,10 @@ class SIWEJwtBearerAuth {
|
|
|
50
50
|
const accessToken = await this.getAccessToken();
|
|
51
51
|
return await (0, services_1.getUserProfileLineage)(__classPrivateFieldGet(this, _SIWEJwtBearerAuth_config, "f").env, accessToken);
|
|
52
52
|
}
|
|
53
|
+
async getCustomerServiceToken() {
|
|
54
|
+
const accessToken = await this.getAccessToken();
|
|
55
|
+
return await (0, services_1.getCustomerServiceToken)(__classPrivateFieldGet(this, _SIWEJwtBearerAuth_config, "f").env, accessToken);
|
|
56
|
+
}
|
|
53
57
|
async signMessage(message) {
|
|
54
58
|
__classPrivateFieldGet(this, _SIWEJwtBearerAuth_instances, "m", _SIWEJwtBearerAuth_assertSigner).call(this, __classPrivateFieldGet(this, _SIWEJwtBearerAuth_signer, "f"));
|
|
55
59
|
return await __classPrivateFieldGet(this, _SIWEJwtBearerAuth_signer, "f").signMessage(message);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"flow-siwe.cjs","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/flow-siwe.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,+BAAmC;AAEnC,0CAA4C;AAC5C,kFAAyE;AACzE,
|
|
1
|
+
{"version":3,"file":"flow-siwe.cjs","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/flow-siwe.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,+BAAmC;AAEnC,0CAA4C;AAC5C,kFAAyE;AACzE,6CAOoB;AAsBpB,MAAa,iBAAiB;IAO5B,YACE,MAA4C,EAC5C,OAAmC;;QAR5B,4CAAoB;QAEpB,6CAAqC;QAE9C,4CAA+C;QAM7C,uBAAA,IAAI,6BAAW,MAAM,MAAA,CAAC;QACtB,uBAAA,IAAI,8BAAY,OAAO,MAAA,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,OAAO,GAAG,MAAM,uBAAA,IAAI,uEAAgB,MAApB,IAAI,CAAkB,CAAC;QAC7C,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC;QACnC,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,uBAAA,IAAI,8DAAO,MAAX,IAAI,CAAS,CAAC;QAC1C,OAAO,aAAa,CAAC,KAAK,CAAC,WAAW,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,OAAO,GAAG,MAAM,uBAAA,IAAI,uEAAgB,MAApB,IAAI,CAAkB,CAAC;QAC7C,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,OAAO,CAAC,OAAO,CAAC;QACzB,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,uBAAA,IAAI,8DAAO,MAAX,IAAI,CAAS,CAAC;QAC1C,OAAO,aAAa,CAAC,OAAO,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,uBAAA,IAAI,qEAAc,MAAlB,IAAI,EAAe,uBAAA,IAAI,iCAAQ,CAAC,CAAC;QACjC,OAAO,uBAAA,IAAI,iCAAQ,CAAC,OAAO,CAAC;IAC9B,CAAC;IAED,KAAK,CAAC,qBAAqB;QACzB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAChD,OAAO,MAAM,IAAA,gCAAqB,EAAC,uBAAA,IAAI,iCAAQ,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IACpE,CAAC;IAED,KAAK,CAAC,uBAAuB;QAC3B,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAChD,OAAO,MAAM,IAAA,kCAAuB,EAAC,uBAAA,IAAI,iCAAQ,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IACtE,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAe;QAC/B,uBAAA,IAAI,qEAAc,MAAlB,IAAI,EAAe,uBAAA,IAAI,iCAAQ,CAAC,CAAC;QACjC,OAAO,MAAM,uBAAA,IAAI,iCAAQ,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IACjD,CAAC;IAED,OAAO,CAAC,MAAiC;QACvC,uBAAA,IAAI,6BAAW,MAAM,MAAA,CAAC;IACxB,CAAC;CA2EF;AApID,8CAoIC;;AAzEC,0EAA0E;AAC1E,KAAK;IACH,MAAM,IAAI,GAAG,MAAM,uBAAA,IAAI,kCAAS,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC;IAC5D,IAAI,CAAC,IAAA,+CAAqB,EAAC,IAAI,CAAC,EAAE,CAAC;QACjC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC/B,MAAM,UAAU,GAAG,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC;IACvD,MAAM,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,IAAI,GAAG,GAAG,CAAC;IAE3D,IAAI,UAAU,GAAG,gBAAgB,EAAE,CAAC;QAClC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC,6BAED,KAAK;IACH,uBAAA,IAAI,qEAAc,MAAlB,IAAI,EAAe,uBAAA,IAAI,iCAAQ,CAAC,CAAC;IAEjC,QAAQ;IACR,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;IAC3C,MAAM,QAAQ,GAAG,MAAM,IAAA,mBAAQ,EAAC,OAAO,EAAE,uBAAA,IAAI,iCAAQ,CAAC,GAAG,CAAC,CAAC;IAC3D,MAAM,UAAU,GAAG,uBAAA,IAAI,kFAA2B,MAA/B,IAAI,EAA4B,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnE,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAErD,eAAe;IACf,MAAM,YAAY,GAAG,MAAM,IAAA,uBAAY,EACrC,UAAU,EACV,SAAS,EACT,uBAAA,IAAI,iCAAQ,CAAC,IAAI,EACjB,uBAAA,IAAI,iCAAQ,CAAC,GAAG,CACjB,CAAC;IAEF,YAAY;IACZ,MAAM,aAAa,GAAG,MAAM,IAAA,wBAAa,EACvC,YAAY,CAAC,KAAK,EAClB,uBAAA,IAAI,iCAAQ,CAAC,GAAG,EAChB,uBAAA,IAAI,iCAAQ,CAAC,QAAQ,CACtB,CAAC;IAEF,OAAO;IACP,MAAM,MAAM,GAAkB;QAC5B,OAAO,EAAE,YAAY,CAAC,OAAO;QAC7B,KAAK,EAAE,aAAa;KACrB,CAAC;IAEF,MAAM,uBAAA,IAAI,kCAAS,CAAC,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAErD,OAAO,MAAM,CAAC;AAChB,CAAC,uGAE0B,KAAa;IACtC,uBAAA,IAAI,qEAAc,MAAlB,IAAI,EAAe,uBAAA,IAAI,iCAAQ,CAAC,CAAC;IAEjC,OAAO,IAAI,kBAAW,CAAC;QACrB,MAAM,EAAE,uBAAA,IAAI,iCAAQ,EAAE,MAAM;QAC5B,OAAO,EAAE,uBAAA,IAAI,iCAAQ,EAAE,OAAO;QAC9B,GAAG,EAAE,IAAA,yBAAc,EAAC,uBAAA,IAAI,iCAAQ,CAAC,GAAG,CAAC;QACrC,OAAO,EAAE,GAAG;QACZ,OAAO,EAAE,uBAAA,IAAI,iCAAQ,EAAE,OAAO;QAC9B,KAAK;QACL,QAAQ,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACnC,CAAC,CAAC,cAAc,EAAE,CAAC;AACtB,CAAC,6EAGC,MAAkC;IAElC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,wBAAe,CAAC,6CAA6C,CAAC,CAAC;IAC3E,CAAC;AACH,CAAC","sourcesContent":["import { SiweMessage } from 'siwe';\n\nimport { ValidationError } from '../errors';\nimport { validateLoginResponse } from '../utils/validate-login-response';\nimport {\n SIWE_LOGIN_URL,\n authenticate,\n authorizeOIDC,\n getCustomerServiceToken,\n getNonce,\n getUserProfileLineage,\n} from './services';\nimport type {\n AuthConfig,\n AuthStorageOptions,\n AuthType,\n IBaseAuth,\n LoginResponse,\n UserProfile,\n UserProfileLineage,\n} from './types';\n\ntype JwtBearerAuth_SIWE_Options = {\n storage: AuthStorageOptions;\n};\n\ntype JwtBearerAuth_SIWE_Signer = {\n address: string;\n chainId: number;\n signMessage: (message: string) => Promise<string>;\n domain: string;\n};\n\nexport class SIWEJwtBearerAuth implements IBaseAuth {\n readonly #config: AuthConfig;\n\n readonly #options: JwtBearerAuth_SIWE_Options;\n\n #signer: JwtBearerAuth_SIWE_Signer | undefined;\n\n constructor(\n config: AuthConfig & { type: AuthType.SiWE },\n options: JwtBearerAuth_SIWE_Options,\n ) {\n this.#config = config;\n this.#options = options;\n }\n\n async getAccessToken(): Promise<string> {\n const session = await this.#getAuthSession();\n if (session) {\n return session.token.accessToken;\n }\n\n const loginResponse = await this.#login();\n return loginResponse.token.accessToken;\n }\n\n async getUserProfile(): Promise<UserProfile> {\n const session = await this.#getAuthSession();\n if (session) {\n return session.profile;\n }\n\n const loginResponse = await this.#login();\n return loginResponse.profile;\n }\n\n async getIdentifier(): Promise<string> {\n this.#assertSigner(this.#signer);\n return this.#signer.address;\n }\n\n async getUserProfileLineage(): Promise<UserProfileLineage> {\n const accessToken = await this.getAccessToken();\n return await getUserProfileLineage(this.#config.env, accessToken);\n }\n\n async getCustomerServiceToken(): Promise<string> {\n const accessToken = await this.getAccessToken();\n return await getCustomerServiceToken(this.#config.env, accessToken);\n }\n\n async signMessage(message: string): Promise<string> {\n this.#assertSigner(this.#signer);\n return await this.#signer.signMessage(message);\n }\n\n prepare(signer: JwtBearerAuth_SIWE_Signer) {\n this.#signer = signer;\n }\n\n // convert expiresIn from seconds to milliseconds and use 90% of expiresIn\n async #getAuthSession(): Promise<LoginResponse | null> {\n const auth = await this.#options.storage.getLoginResponse();\n if (!validateLoginResponse(auth)) {\n return null;\n }\n\n const currentTime = Date.now();\n const sessionAge = currentTime - auth.token.obtainedAt;\n const refreshThreshold = auth.token.expiresIn * 1000 * 0.9;\n\n if (sessionAge < refreshThreshold) {\n return auth;\n }\n return null;\n }\n\n async #login(): Promise<LoginResponse> {\n this.#assertSigner(this.#signer);\n\n // Nonce\n const address = await this.getIdentifier();\n const nonceRes = await getNonce(address, this.#config.env);\n const rawMessage = this.#createSiWELoginRawMessage(nonceRes.nonce);\n const signature = await this.signMessage(rawMessage);\n\n // Authenticate\n const authResponse = await authenticate(\n rawMessage,\n signature,\n this.#config.type,\n this.#config.env,\n );\n\n // Authorize\n const tokenResponse = await authorizeOIDC(\n authResponse.token,\n this.#config.env,\n this.#config.platform,\n );\n\n // Save\n const result: LoginResponse = {\n profile: authResponse.profile,\n token: tokenResponse,\n };\n\n await this.#options.storage.setLoginResponse(result);\n\n return result;\n }\n\n #createSiWELoginRawMessage(nonce: string): string {\n this.#assertSigner(this.#signer);\n\n return new SiweMessage({\n domain: this.#signer?.domain,\n address: this.#signer?.address,\n uri: SIWE_LOGIN_URL(this.#config.env),\n version: '1',\n chainId: this.#signer?.chainId,\n nonce,\n issuedAt: new Date().toISOString(),\n }).prepareMessage();\n }\n\n #assertSigner(\n signer?: JwtBearerAuth_SIWE_Signer,\n ): asserts signer is JwtBearerAuth_SIWE_Signer {\n if (!signer) {\n throw new ValidationError(`you must call 'prepare()' before logging in`);\n }\n }\n}\n"]}
|
|
@@ -17,6 +17,7 @@ export declare class SIWEJwtBearerAuth implements IBaseAuth {
|
|
|
17
17
|
getUserProfile(): Promise<UserProfile>;
|
|
18
18
|
getIdentifier(): Promise<string>;
|
|
19
19
|
getUserProfileLineage(): Promise<UserProfileLineage>;
|
|
20
|
+
getCustomerServiceToken(): Promise<string>;
|
|
20
21
|
signMessage(message: string): Promise<string>;
|
|
21
22
|
prepare(signer: JwtBearerAuth_SIWE_Signer): void;
|
|
22
23
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"flow-siwe.d.cts","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/flow-siwe.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"flow-siwe.d.cts","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/flow-siwe.ts"],"names":[],"mappings":"AAYA,OAAO,KAAK,EACV,UAAU,EACV,kBAAkB,EAClB,QAAQ,EACR,SAAS,EAET,WAAW,EACX,kBAAkB,EACnB,oBAAgB;AAEjB,KAAK,0BAA0B,GAAG;IAChC,OAAO,EAAE,kBAAkB,CAAC;CAC7B,CAAC;AAEF,KAAK,yBAAyB,GAAG;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAClD,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,qBAAa,iBAAkB,YAAW,SAAS;;gBAQ/C,MAAM,EAAE,UAAU,GAAG;QAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAA;KAAE,EAC5C,OAAO,EAAE,0BAA0B;IAM/B,cAAc,IAAI,OAAO,CAAC,MAAM,CAAC;IAUjC,cAAc,IAAI,OAAO,CAAC,WAAW,CAAC;IAUtC,aAAa,IAAI,OAAO,CAAC,MAAM,CAAC;IAKhC,qBAAqB,IAAI,OAAO,CAAC,kBAAkB,CAAC;IAKpD,uBAAuB,IAAI,OAAO,CAAC,MAAM,CAAC;IAK1C,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAKnD,OAAO,CAAC,MAAM,EAAE,yBAAyB;CA6E1C"}
|
|
@@ -17,6 +17,7 @@ export declare class SIWEJwtBearerAuth implements IBaseAuth {
|
|
|
17
17
|
getUserProfile(): Promise<UserProfile>;
|
|
18
18
|
getIdentifier(): Promise<string>;
|
|
19
19
|
getUserProfileLineage(): Promise<UserProfileLineage>;
|
|
20
|
+
getCustomerServiceToken(): Promise<string>;
|
|
20
21
|
signMessage(message: string): Promise<string>;
|
|
21
22
|
prepare(signer: JwtBearerAuth_SIWE_Signer): void;
|
|
22
23
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"flow-siwe.d.mts","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/flow-siwe.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"flow-siwe.d.mts","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/flow-siwe.ts"],"names":[],"mappings":"AAYA,OAAO,KAAK,EACV,UAAU,EACV,kBAAkB,EAClB,QAAQ,EACR,SAAS,EAET,WAAW,EACX,kBAAkB,EACnB,oBAAgB;AAEjB,KAAK,0BAA0B,GAAG;IAChC,OAAO,EAAE,kBAAkB,CAAC;CAC7B,CAAC;AAEF,KAAK,yBAAyB,GAAG;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAClD,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,qBAAa,iBAAkB,YAAW,SAAS;;gBAQ/C,MAAM,EAAE,UAAU,GAAG;QAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAA;KAAE,EAC5C,OAAO,EAAE,0BAA0B;IAM/B,cAAc,IAAI,OAAO,CAAC,MAAM,CAAC;IAUjC,cAAc,IAAI,OAAO,CAAC,WAAW,CAAC;IAUtC,aAAa,IAAI,OAAO,CAAC,MAAM,CAAC;IAKhC,qBAAqB,IAAI,OAAO,CAAC,kBAAkB,CAAC;IAKpD,uBAAuB,IAAI,OAAO,CAAC,MAAM,CAAC;IAK1C,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAKnD,OAAO,CAAC,MAAM,EAAE,yBAAyB;CA6E1C"}
|
|
@@ -13,7 +13,7 @@ var _SIWEJwtBearerAuth_instances, _SIWEJwtBearerAuth_config, _SIWEJwtBearerAuth_
|
|
|
13
13
|
import { SiweMessage } from "siwe";
|
|
14
14
|
import { ValidationError } from "../errors.mjs";
|
|
15
15
|
import { validateLoginResponse } from "../utils/validate-login-response.mjs";
|
|
16
|
-
import { SIWE_LOGIN_URL, authenticate, authorizeOIDC, getNonce, getUserProfileLineage } from "./services.mjs";
|
|
16
|
+
import { SIWE_LOGIN_URL, authenticate, authorizeOIDC, getCustomerServiceToken, getNonce, getUserProfileLineage } from "./services.mjs";
|
|
17
17
|
export class SIWEJwtBearerAuth {
|
|
18
18
|
constructor(config, options) {
|
|
19
19
|
_SIWEJwtBearerAuth_instances.add(this);
|
|
@@ -47,6 +47,10 @@ export class SIWEJwtBearerAuth {
|
|
|
47
47
|
const accessToken = await this.getAccessToken();
|
|
48
48
|
return await getUserProfileLineage(__classPrivateFieldGet(this, _SIWEJwtBearerAuth_config, "f").env, accessToken);
|
|
49
49
|
}
|
|
50
|
+
async getCustomerServiceToken() {
|
|
51
|
+
const accessToken = await this.getAccessToken();
|
|
52
|
+
return await getCustomerServiceToken(__classPrivateFieldGet(this, _SIWEJwtBearerAuth_config, "f").env, accessToken);
|
|
53
|
+
}
|
|
50
54
|
async signMessage(message) {
|
|
51
55
|
__classPrivateFieldGet(this, _SIWEJwtBearerAuth_instances, "m", _SIWEJwtBearerAuth_assertSigner).call(this, __classPrivateFieldGet(this, _SIWEJwtBearerAuth_signer, "f"));
|
|
52
56
|
return await __classPrivateFieldGet(this, _SIWEJwtBearerAuth_signer, "f").signMessage(message);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"flow-siwe.mjs","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/flow-siwe.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,WAAW,EAAE,aAAa;AAEnC,OAAO,EAAE,eAAe,EAAE,sBAAkB;AAC5C,OAAO,EAAE,qBAAqB,EAAE,6CAAyC;AACzE,OAAO,EACL,cAAc,EACd,YAAY,EACZ,aAAa,EACb,QAAQ,EACR,qBAAqB,EACtB,uBAAmB;AAsBpB,MAAM,OAAO,iBAAiB;IAO5B,YACE,MAA4C,EAC5C,OAAmC;;QAR5B,4CAAoB;QAEpB,6CAAqC;QAE9C,4CAA+C;QAM7C,uBAAA,IAAI,6BAAW,MAAM,MAAA,CAAC;QACtB,uBAAA,IAAI,8BAAY,OAAO,MAAA,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,OAAO,GAAG,MAAM,uBAAA,IAAI,uEAAgB,MAApB,IAAI,CAAkB,CAAC;QAC7C,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC;QACnC,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,uBAAA,IAAI,8DAAO,MAAX,IAAI,CAAS,CAAC;QAC1C,OAAO,aAAa,CAAC,KAAK,CAAC,WAAW,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,OAAO,GAAG,MAAM,uBAAA,IAAI,uEAAgB,MAApB,IAAI,CAAkB,CAAC;QAC7C,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,OAAO,CAAC,OAAO,CAAC;QACzB,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,uBAAA,IAAI,8DAAO,MAAX,IAAI,CAAS,CAAC;QAC1C,OAAO,aAAa,CAAC,OAAO,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,uBAAA,IAAI,qEAAc,MAAlB,IAAI,EAAe,uBAAA,IAAI,iCAAQ,CAAC,CAAC;QACjC,OAAO,uBAAA,IAAI,iCAAQ,CAAC,OAAO,CAAC;IAC9B,CAAC;IAED,KAAK,CAAC,qBAAqB;QACzB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAChD,OAAO,MAAM,qBAAqB,CAAC,uBAAA,IAAI,iCAAQ,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IACpE,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAe;QAC/B,uBAAA,IAAI,qEAAc,MAAlB,IAAI,EAAe,uBAAA,IAAI,iCAAQ,CAAC,CAAC;QACjC,OAAO,MAAM,uBAAA,IAAI,iCAAQ,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IACjD,CAAC;IAED,OAAO,CAAC,MAAiC;QACvC,uBAAA,IAAI,6BAAW,MAAM,MAAA,CAAC;IACxB,CAAC;CA2EF;;AAzEC,0EAA0E;AAC1E,KAAK;IACH,MAAM,IAAI,GAAG,MAAM,uBAAA,IAAI,kCAAS,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC;IAC5D,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;QACjC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC/B,MAAM,UAAU,GAAG,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC;IACvD,MAAM,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,IAAI,GAAG,GAAG,CAAC;IAE3D,IAAI,UAAU,GAAG,gBAAgB,EAAE,CAAC;QAClC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC,6BAED,KAAK;IACH,uBAAA,IAAI,qEAAc,MAAlB,IAAI,EAAe,uBAAA,IAAI,iCAAQ,CAAC,CAAC;IAEjC,QAAQ;IACR,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;IAC3C,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,OAAO,EAAE,uBAAA,IAAI,iCAAQ,CAAC,GAAG,CAAC,CAAC;IAC3D,MAAM,UAAU,GAAG,uBAAA,IAAI,kFAA2B,MAA/B,IAAI,EAA4B,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnE,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAErD,eAAe;IACf,MAAM,YAAY,GAAG,MAAM,YAAY,CACrC,UAAU,EACV,SAAS,EACT,uBAAA,IAAI,iCAAQ,CAAC,IAAI,EACjB,uBAAA,IAAI,iCAAQ,CAAC,GAAG,CACjB,CAAC;IAEF,YAAY;IACZ,MAAM,aAAa,GAAG,MAAM,aAAa,CACvC,YAAY,CAAC,KAAK,EAClB,uBAAA,IAAI,iCAAQ,CAAC,GAAG,EAChB,uBAAA,IAAI,iCAAQ,CAAC,QAAQ,CACtB,CAAC;IAEF,OAAO;IACP,MAAM,MAAM,GAAkB;QAC5B,OAAO,EAAE,YAAY,CAAC,OAAO;QAC7B,KAAK,EAAE,aAAa;KACrB,CAAC;IAEF,MAAM,uBAAA,IAAI,kCAAS,CAAC,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAErD,OAAO,MAAM,CAAC;AAChB,CAAC,uGAE0B,KAAa;IACtC,uBAAA,IAAI,qEAAc,MAAlB,IAAI,EAAe,uBAAA,IAAI,iCAAQ,CAAC,CAAC;IAEjC,OAAO,IAAI,WAAW,CAAC;QACrB,MAAM,EAAE,uBAAA,IAAI,iCAAQ,EAAE,MAAM;QAC5B,OAAO,EAAE,uBAAA,IAAI,iCAAQ,EAAE,OAAO;QAC9B,GAAG,EAAE,cAAc,CAAC,uBAAA,IAAI,iCAAQ,CAAC,GAAG,CAAC;QACrC,OAAO,EAAE,GAAG;QACZ,OAAO,EAAE,uBAAA,IAAI,iCAAQ,EAAE,OAAO;QAC9B,KAAK;QACL,QAAQ,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACnC,CAAC,CAAC,cAAc,EAAE,CAAC;AACtB,CAAC,6EAGC,MAAkC;IAElC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,eAAe,CAAC,6CAA6C,CAAC,CAAC;IAC3E,CAAC;AACH,CAAC","sourcesContent":["import { SiweMessage } from 'siwe';\n\nimport { ValidationError } from '../errors';\nimport { validateLoginResponse } from '../utils/validate-login-response';\nimport {\n SIWE_LOGIN_URL,\n authenticate,\n authorizeOIDC,\n getNonce,\n getUserProfileLineage,\n} from './services';\nimport type {\n AuthConfig,\n AuthStorageOptions,\n AuthType,\n IBaseAuth,\n LoginResponse,\n UserProfile,\n UserProfileLineage,\n} from './types';\n\ntype JwtBearerAuth_SIWE_Options = {\n storage: AuthStorageOptions;\n};\n\ntype JwtBearerAuth_SIWE_Signer = {\n address: string;\n chainId: number;\n signMessage: (message: string) => Promise<string>;\n domain: string;\n};\n\nexport class SIWEJwtBearerAuth implements IBaseAuth {\n readonly #config: AuthConfig;\n\n readonly #options: JwtBearerAuth_SIWE_Options;\n\n #signer: JwtBearerAuth_SIWE_Signer | undefined;\n\n constructor(\n config: AuthConfig & { type: AuthType.SiWE },\n options: JwtBearerAuth_SIWE_Options,\n ) {\n this.#config = config;\n this.#options = options;\n }\n\n async getAccessToken(): Promise<string> {\n const session = await this.#getAuthSession();\n if (session) {\n return session.token.accessToken;\n }\n\n const loginResponse = await this.#login();\n return loginResponse.token.accessToken;\n }\n\n async getUserProfile(): Promise<UserProfile> {\n const session = await this.#getAuthSession();\n if (session) {\n return session.profile;\n }\n\n const loginResponse = await this.#login();\n return loginResponse.profile;\n }\n\n async getIdentifier(): Promise<string> {\n this.#assertSigner(this.#signer);\n return this.#signer.address;\n }\n\n async getUserProfileLineage(): Promise<UserProfileLineage> {\n const accessToken = await this.getAccessToken();\n return await getUserProfileLineage(this.#config.env, accessToken);\n }\n\n async signMessage(message: string): Promise<string> {\n this.#assertSigner(this.#signer);\n return await this.#signer.signMessage(message);\n }\n\n prepare(signer: JwtBearerAuth_SIWE_Signer) {\n this.#signer = signer;\n }\n\n // convert expiresIn from seconds to milliseconds and use 90% of expiresIn\n async #getAuthSession(): Promise<LoginResponse | null> {\n const auth = await this.#options.storage.getLoginResponse();\n if (!validateLoginResponse(auth)) {\n return null;\n }\n\n const currentTime = Date.now();\n const sessionAge = currentTime - auth.token.obtainedAt;\n const refreshThreshold = auth.token.expiresIn * 1000 * 0.9;\n\n if (sessionAge < refreshThreshold) {\n return auth;\n }\n return null;\n }\n\n async #login(): Promise<LoginResponse> {\n this.#assertSigner(this.#signer);\n\n // Nonce\n const address = await this.getIdentifier();\n const nonceRes = await getNonce(address, this.#config.env);\n const rawMessage = this.#createSiWELoginRawMessage(nonceRes.nonce);\n const signature = await this.signMessage(rawMessage);\n\n // Authenticate\n const authResponse = await authenticate(\n rawMessage,\n signature,\n this.#config.type,\n this.#config.env,\n );\n\n // Authorize\n const tokenResponse = await authorizeOIDC(\n authResponse.token,\n this.#config.env,\n this.#config.platform,\n );\n\n // Save\n const result: LoginResponse = {\n profile: authResponse.profile,\n token: tokenResponse,\n };\n\n await this.#options.storage.setLoginResponse(result);\n\n return result;\n }\n\n #createSiWELoginRawMessage(nonce: string): string {\n this.#assertSigner(this.#signer);\n\n return new SiweMessage({\n domain: this.#signer?.domain,\n address: this.#signer?.address,\n uri: SIWE_LOGIN_URL(this.#config.env),\n version: '1',\n chainId: this.#signer?.chainId,\n nonce,\n issuedAt: new Date().toISOString(),\n }).prepareMessage();\n }\n\n #assertSigner(\n signer?: JwtBearerAuth_SIWE_Signer,\n ): asserts signer is JwtBearerAuth_SIWE_Signer {\n if (!signer) {\n throw new ValidationError(`you must call 'prepare()' before logging in`);\n }\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"flow-siwe.mjs","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/flow-siwe.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,WAAW,EAAE,aAAa;AAEnC,OAAO,EAAE,eAAe,EAAE,sBAAkB;AAC5C,OAAO,EAAE,qBAAqB,EAAE,6CAAyC;AACzE,OAAO,EACL,cAAc,EACd,YAAY,EACZ,aAAa,EACb,uBAAuB,EACvB,QAAQ,EACR,qBAAqB,EACtB,uBAAmB;AAsBpB,MAAM,OAAO,iBAAiB;IAO5B,YACE,MAA4C,EAC5C,OAAmC;;QAR5B,4CAAoB;QAEpB,6CAAqC;QAE9C,4CAA+C;QAM7C,uBAAA,IAAI,6BAAW,MAAM,MAAA,CAAC;QACtB,uBAAA,IAAI,8BAAY,OAAO,MAAA,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,OAAO,GAAG,MAAM,uBAAA,IAAI,uEAAgB,MAApB,IAAI,CAAkB,CAAC;QAC7C,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC;QACnC,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,uBAAA,IAAI,8DAAO,MAAX,IAAI,CAAS,CAAC;QAC1C,OAAO,aAAa,CAAC,KAAK,CAAC,WAAW,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,OAAO,GAAG,MAAM,uBAAA,IAAI,uEAAgB,MAApB,IAAI,CAAkB,CAAC;QAC7C,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,OAAO,CAAC,OAAO,CAAC;QACzB,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,uBAAA,IAAI,8DAAO,MAAX,IAAI,CAAS,CAAC;QAC1C,OAAO,aAAa,CAAC,OAAO,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,uBAAA,IAAI,qEAAc,MAAlB,IAAI,EAAe,uBAAA,IAAI,iCAAQ,CAAC,CAAC;QACjC,OAAO,uBAAA,IAAI,iCAAQ,CAAC,OAAO,CAAC;IAC9B,CAAC;IAED,KAAK,CAAC,qBAAqB;QACzB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAChD,OAAO,MAAM,qBAAqB,CAAC,uBAAA,IAAI,iCAAQ,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IACpE,CAAC;IAED,KAAK,CAAC,uBAAuB;QAC3B,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAChD,OAAO,MAAM,uBAAuB,CAAC,uBAAA,IAAI,iCAAQ,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IACtE,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAe;QAC/B,uBAAA,IAAI,qEAAc,MAAlB,IAAI,EAAe,uBAAA,IAAI,iCAAQ,CAAC,CAAC;QACjC,OAAO,MAAM,uBAAA,IAAI,iCAAQ,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IACjD,CAAC;IAED,OAAO,CAAC,MAAiC;QACvC,uBAAA,IAAI,6BAAW,MAAM,MAAA,CAAC;IACxB,CAAC;CA2EF;;AAzEC,0EAA0E;AAC1E,KAAK;IACH,MAAM,IAAI,GAAG,MAAM,uBAAA,IAAI,kCAAS,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC;IAC5D,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;QACjC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC/B,MAAM,UAAU,GAAG,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC;IACvD,MAAM,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,IAAI,GAAG,GAAG,CAAC;IAE3D,IAAI,UAAU,GAAG,gBAAgB,EAAE,CAAC;QAClC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC,6BAED,KAAK;IACH,uBAAA,IAAI,qEAAc,MAAlB,IAAI,EAAe,uBAAA,IAAI,iCAAQ,CAAC,CAAC;IAEjC,QAAQ;IACR,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;IAC3C,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,OAAO,EAAE,uBAAA,IAAI,iCAAQ,CAAC,GAAG,CAAC,CAAC;IAC3D,MAAM,UAAU,GAAG,uBAAA,IAAI,kFAA2B,MAA/B,IAAI,EAA4B,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnE,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAErD,eAAe;IACf,MAAM,YAAY,GAAG,MAAM,YAAY,CACrC,UAAU,EACV,SAAS,EACT,uBAAA,IAAI,iCAAQ,CAAC,IAAI,EACjB,uBAAA,IAAI,iCAAQ,CAAC,GAAG,CACjB,CAAC;IAEF,YAAY;IACZ,MAAM,aAAa,GAAG,MAAM,aAAa,CACvC,YAAY,CAAC,KAAK,EAClB,uBAAA,IAAI,iCAAQ,CAAC,GAAG,EAChB,uBAAA,IAAI,iCAAQ,CAAC,QAAQ,CACtB,CAAC;IAEF,OAAO;IACP,MAAM,MAAM,GAAkB;QAC5B,OAAO,EAAE,YAAY,CAAC,OAAO;QAC7B,KAAK,EAAE,aAAa;KACrB,CAAC;IAEF,MAAM,uBAAA,IAAI,kCAAS,CAAC,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAErD,OAAO,MAAM,CAAC;AAChB,CAAC,uGAE0B,KAAa;IACtC,uBAAA,IAAI,qEAAc,MAAlB,IAAI,EAAe,uBAAA,IAAI,iCAAQ,CAAC,CAAC;IAEjC,OAAO,IAAI,WAAW,CAAC;QACrB,MAAM,EAAE,uBAAA,IAAI,iCAAQ,EAAE,MAAM;QAC5B,OAAO,EAAE,uBAAA,IAAI,iCAAQ,EAAE,OAAO;QAC9B,GAAG,EAAE,cAAc,CAAC,uBAAA,IAAI,iCAAQ,CAAC,GAAG,CAAC;QACrC,OAAO,EAAE,GAAG;QACZ,OAAO,EAAE,uBAAA,IAAI,iCAAQ,EAAE,OAAO;QAC9B,KAAK;QACL,QAAQ,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACnC,CAAC,CAAC,cAAc,EAAE,CAAC;AACtB,CAAC,6EAGC,MAAkC;IAElC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,eAAe,CAAC,6CAA6C,CAAC,CAAC;IAC3E,CAAC;AACH,CAAC","sourcesContent":["import { SiweMessage } from 'siwe';\n\nimport { ValidationError } from '../errors';\nimport { validateLoginResponse } from '../utils/validate-login-response';\nimport {\n SIWE_LOGIN_URL,\n authenticate,\n authorizeOIDC,\n getCustomerServiceToken,\n getNonce,\n getUserProfileLineage,\n} from './services';\nimport type {\n AuthConfig,\n AuthStorageOptions,\n AuthType,\n IBaseAuth,\n LoginResponse,\n UserProfile,\n UserProfileLineage,\n} from './types';\n\ntype JwtBearerAuth_SIWE_Options = {\n storage: AuthStorageOptions;\n};\n\ntype JwtBearerAuth_SIWE_Signer = {\n address: string;\n chainId: number;\n signMessage: (message: string) => Promise<string>;\n domain: string;\n};\n\nexport class SIWEJwtBearerAuth implements IBaseAuth {\n readonly #config: AuthConfig;\n\n readonly #options: JwtBearerAuth_SIWE_Options;\n\n #signer: JwtBearerAuth_SIWE_Signer | undefined;\n\n constructor(\n config: AuthConfig & { type: AuthType.SiWE },\n options: JwtBearerAuth_SIWE_Options,\n ) {\n this.#config = config;\n this.#options = options;\n }\n\n async getAccessToken(): Promise<string> {\n const session = await this.#getAuthSession();\n if (session) {\n return session.token.accessToken;\n }\n\n const loginResponse = await this.#login();\n return loginResponse.token.accessToken;\n }\n\n async getUserProfile(): Promise<UserProfile> {\n const session = await this.#getAuthSession();\n if (session) {\n return session.profile;\n }\n\n const loginResponse = await this.#login();\n return loginResponse.profile;\n }\n\n async getIdentifier(): Promise<string> {\n this.#assertSigner(this.#signer);\n return this.#signer.address;\n }\n\n async getUserProfileLineage(): Promise<UserProfileLineage> {\n const accessToken = await this.getAccessToken();\n return await getUserProfileLineage(this.#config.env, accessToken);\n }\n\n async getCustomerServiceToken(): Promise<string> {\n const accessToken = await this.getAccessToken();\n return await getCustomerServiceToken(this.#config.env, accessToken);\n }\n\n async signMessage(message: string): Promise<string> {\n this.#assertSigner(this.#signer);\n return await this.#signer.signMessage(message);\n }\n\n prepare(signer: JwtBearerAuth_SIWE_Signer) {\n this.#signer = signer;\n }\n\n // convert expiresIn from seconds to milliseconds and use 90% of expiresIn\n async #getAuthSession(): Promise<LoginResponse | null> {\n const auth = await this.#options.storage.getLoginResponse();\n if (!validateLoginResponse(auth)) {\n return null;\n }\n\n const currentTime = Date.now();\n const sessionAge = currentTime - auth.token.obtainedAt;\n const refreshThreshold = auth.token.expiresIn * 1000 * 0.9;\n\n if (sessionAge < refreshThreshold) {\n return auth;\n }\n return null;\n }\n\n async #login(): Promise<LoginResponse> {\n this.#assertSigner(this.#signer);\n\n // Nonce\n const address = await this.getIdentifier();\n const nonceRes = await getNonce(address, this.#config.env);\n const rawMessage = this.#createSiWELoginRawMessage(nonceRes.nonce);\n const signature = await this.signMessage(rawMessage);\n\n // Authenticate\n const authResponse = await authenticate(\n rawMessage,\n signature,\n this.#config.type,\n this.#config.env,\n );\n\n // Authorize\n const tokenResponse = await authorizeOIDC(\n authResponse.token,\n this.#config.env,\n this.#config.platform,\n );\n\n // Save\n const result: LoginResponse = {\n profile: authResponse.profile,\n token: tokenResponse,\n };\n\n await this.#options.storage.setLoginResponse(result);\n\n return result;\n }\n\n #createSiWELoginRawMessage(nonce: string): string {\n this.#assertSigner(this.#signer);\n\n return new SiweMessage({\n domain: this.#signer?.domain,\n address: this.#signer?.address,\n uri: SIWE_LOGIN_URL(this.#config.env),\n version: '1',\n chainId: this.#signer?.chainId,\n nonce,\n issuedAt: new Date().toISOString(),\n }).prepareMessage();\n }\n\n #assertSigner(\n signer?: JwtBearerAuth_SIWE_Signer,\n ): asserts signer is JwtBearerAuth_SIWE_Signer {\n if (!signer) {\n throw new ValidationError(`you must call 'prepare()' before logging in`);\n }\n }\n}\n"]}
|
|
@@ -121,6 +121,10 @@ class SRPJwtBearerAuth {
|
|
|
121
121
|
const accessToken = await this.getAccessToken(entropySourceId);
|
|
122
122
|
return await (0, services_1.getUserProfileLineage)(__classPrivateFieldGet(this, _SRPJwtBearerAuth_config, "f").env, accessToken);
|
|
123
123
|
}
|
|
124
|
+
async getCustomerServiceToken(entropySourceId) {
|
|
125
|
+
const accessToken = await this.getAccessToken(entropySourceId);
|
|
126
|
+
return await (0, services_1.getCustomerServiceToken)(__classPrivateFieldGet(this, _SRPJwtBearerAuth_config, "f").env, accessToken);
|
|
127
|
+
}
|
|
124
128
|
async pairSrpProfiles(accessTokens, authAccessToken) {
|
|
125
129
|
// Order-insensitive key: the same token set in any order maps to the same
|
|
126
130
|
// entry. Sort a copy so the request payload itself stays primary-first.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"flow-srp.cjs","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/flow-srp.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAGA,0CAA8D;AAC9D,wFAAiF;AACjF,kGAKkD;AAClD,kFAAyE;AACzE,6CAMoB;AAYpB,uDAAyD;AACzD,4DAA0C;AAW1C,0EAA0E;AAC1E,kFAAkF;AACrE,QAAA,kBAAkB,GAAG,KAAM,CAAC;AAEzC,MAAM,yBAAyB,GAAG,KAAK,IAAI,EAAE;IAC3C,MAAM,QAAQ,GAAG,MAAM,IAAA,uDAA0B,GAAE,CAAC;IACpD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,wBAAe,CAAC,8BAA8B,CAAC,CAAC;IAC5D,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC,CAAC;AAEF,MAAM,+BAA+B,GAAG,CACtC,cAAgC,EACZ,EAAE,CAAC,CAAC;IACxB,aAAa,EAAE,KAAK,EAAE,eAAwB,EAAmB,EAAE;QACjE,MAAM,QAAQ,GAAG,cAAc,IAAI,CAAC,MAAM,yBAAyB,EAAE,CAAC,CAAC;QACvE,OAAO,MAAM,sDAAoB,CAAC,YAAY,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;IAC5E,CAAC;IACD,WAAW,EAAE,KAAK,EAChB,OAAe,EACf,eAAwB,EACP,EAAE;QACnB,MAAM,QAAQ,GAAG,cAAc,IAAI,CAAC,MAAM,yBAAyB,EAAE,CAAC,CAAC;QACvE,IAAA,iEAA+B,EAAC,OAAO,CAAC,CAAC;QACzC,OAAO,MAAM,sDAAoB,CAAC,WAAW,CAC3C,QAAQ,EACR,OAAO,EACP,eAAe,CAChB,CAAC;IACJ,CAAC;CACF,CAAC,CAAC;AAEH,MAAa,gBAAgB;IAgC3B,YACE,MAA2C,EAC3C,OAGC;;QApCM,2CAAoB;QAEpB,4CAGP;QAEO,gDAA+B;QAExC,yDAAyD;QAChD,0CAAiB,IAAI,GAAG,EAG9B,EAAC;QAEJ,qEAAqE;QACrE,2EAA2E;QAC3E,iEAAiE;QACxD,4CAAmB,IAAI,GAAG,EAGhC,EAAC;QAEJ,sDAAsD;QAC7C,sDAA2B;QAEpC,uDAAuD;QAC9C,oDAAyB;QAElC,mDAAkC;QAShC,uBAAA,IAAI,4BAAW,MAAM,MAAA,CAAC;QACtB,uBAAA,IAAI,oCAAmB,OAAO,CAAC,cAAc,MAAA,CAAC;QAC9C,uBAAA,IAAI,6BAAY;YACd,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,OAAO,EACL,OAAO,CAAC,OAAO;gBACf,+BAA+B,CAAC,uBAAA,IAAI,wCAAgB,CAAC;SACxD,MAAA,CAAC;QACF,uBAAA,IAAI,iCAAgB,OAAO,CAAC,WAAW,MAAA,CAAC;QAExC,4CAA4C;QAC5C,uBAAA,IAAI,uCACF,OAAO,CAAC,cAAc,EAAE,iBAAiB,IAAI,KAAK,MAAA,CAAC;QACrD,uBAAA,IAAI,qCAAoB,OAAO,CAAC,cAAc,EAAE,eAAe,IAAI,CAAC,MAAA,CAAC;IACvE,CAAC;IAED,iBAAiB,CAAC,QAAyB;QACzC,uBAAA,IAAI,oCAAmB,QAAQ,MAAA,CAAC;QAChC,uBAAA,IAAI,iCAAS,CAAC,OAAO,GAAG,+BAA+B,CAAC,QAAQ,CAAC,CAAC;IACpE,CAAC;IAED,0HAA0H;IAC1H,KAAK,CAAC,cAAc,CAAC,eAAwB;QAC3C,MAAM,OAAO,GAAG,MAAM,uBAAA,IAAI,qEAAgB,MAApB,IAAI,EAAiB,eAAe,CAAC,CAAC;QAC5D,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC;QACnC,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,uBAAA,IAAI,4DAAO,MAAX,IAAI,EAAQ,eAAe,CAAC,CAAC;QACzD,OAAO,aAAa,CAAC,KAAK,CAAC,WAAW,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,eAAwB;QAC3C,MAAM,OAAO,GAAG,MAAM,uBAAA,IAAI,qEAAgB,MAApB,IAAI,EAAiB,eAAe,CAAC,CAAC;QAC5D,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,OAAO,CAAC,OAAO,CAAC;QACzB,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,uBAAA,IAAI,4DAAO,MAAX,IAAI,EAAQ,eAAe,CAAC,CAAC;QACzD,OAAO,aAAa,CAAC,OAAO,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,eAAwB;QAC1C,OAAO,MAAM,uBAAA,IAAI,iCAAS,CAAC,OAAO,CAAC,aAAa,CAAC,eAAe,CAAC,CAAC;IACpE,CAAC;IAED,KAAK,CAAC,qBAAqB,CACzB,eAAwB;QAExB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,CAAC;QAC/D,OAAO,MAAM,IAAA,gCAAqB,EAAC,uBAAA,IAAI,gCAAQ,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IACpE,CAAC;IAED,KAAK,CAAC,eAAe,CACnB,YAAsB,EACtB,eAAuB;QAEvB,0EAA0E;QAC1E,wEAAwE;QACxE,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,GAAG,YAAY,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAErD,MAAM,MAAM,GAAG,uBAAA,IAAI,yCAAiB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC9C,IAAI,MAAM,IAAI,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YAC5C,OAAO,MAAM,MAAM,CAAC,OAAO,CAAC;QAC9B,CAAC;QAED,MAAM,OAAO,GAAG,IAAA,uBAAY,EAC1B,YAAY,EACZ,eAAe,EACf,uBAAA,IAAI,gCAAQ,CAAC,GAAG,CACjB,CAAC;QACF,yEAAyE;QACzE,4CAA4C;QAC5C,uBAAA,IAAI,yCAAiB,CAAC,GAAG,CAAC,GAAG,EAAE;YAC7B,OAAO;YACP,SAAS,EAAE,MAAM,CAAC,gBAAgB;SACnC,CAAC,CAAC;QAEH,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC;YAC7B,mEAAmE;YACnE,0CAA0C;YAC1C,uBAAA,IAAI,yCAAiB,CAAC,GAAG,CAAC,GAAG,EAAE;gBAC7B,OAAO;gBACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,0BAAkB;aAC3C,CAAC,CAAC;YACH,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,sEAAsE;YACtE,oCAAoC;YACpC,uBAAA,IAAI,yCAAiB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAClC,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CACf,OAAe,EACf,eAAwB;QAExB,OAAO,MAAM,uBAAA,IAAI,iCAAS,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;IAC3E,CAAC;IAED,KAAK,CAAC,eAAe;QACnB,MAAM,QAAQ,GACZ,uBAAA,IAAI,wCAAgB,IAAI,CAAC,MAAM,yBAAyB,EAAE,CAAC,CAAC;QAC9D,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,IAAA,iDAAe,EAAC,QAAQ,CAAC,CAAC;QACpD,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,WAAW;QACf,MAAM,QAAQ,GACZ,uBAAA,IAAI,wCAAgB,IAAI,CAAC,MAAM,yBAAyB,EAAE,CAAC,CAAC;QAE9D,MAAM,GAAG,GAAG,MAAM,IAAA,6CAAW,EAAC,QAAQ,CAAC,CAAC;QACxC,OAAO,GAAG,CAAC;IACb,CAAC;CA4JF;AA1TD,4CA0TC;;AA1JC,0EAA0E;AAC1E,KAAK,2CACH,eAAwB;IAExB,MAAM,IAAI,GAAG,MAAM,uBAAA,IAAI,iCAAS,CAAC,OAAO,CAAC,gBAAgB,CAAC,eAAe,CAAC,CAAC;IAC3E,IAAI,CAAC,IAAA,+CAAqB,EAAC,IAAI,CAAC,EAAE,CAAC;QACjC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,4EAA4E;IAC5E,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE,CAAC;QACrC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC/B,MAAM,UAAU,GAAG,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC;IACvD,MAAM,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,IAAI,GAAG,GAAG,CAAC;IAE3D,IAAI,UAAU,GAAG,gBAAgB,EAAE,CAAC;QAClC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC,4BAED,KAAK,kCAAQ,eAAwB;IACnC,gDAAgD;IAChD,OAAO,MAAM,uBAAA,IAAI,oEAAe,MAAnB,IAAI,EAAgB,eAAe,CAAC,CAAC;AACpD,CAAC,mCAED,KAAK,yCAAe,eAAwB;IAC1C,QAAQ;IACR,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,eAAe,CAAC,CAAC;IAC5D,MAAM,QAAQ,GAAG,MAAM,IAAA,mBAAQ,EAAC,SAAS,EAAE,uBAAA,IAAI,gCAAQ,CAAC,GAAG,CAAC,CAAC;IAE7D,MAAM,UAAU,GAAG,uBAAA,IAAI,+EAA0B,MAA9B,IAAI,EACrB,QAAQ,CAAC,KAAK,EACd,SAAS,CACV,CAAC;IACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,eAAe,CAAC,CAAC;IAEtE,eAAe;IACf,MAAM,YAAY,GAAG,MAAM,IAAA,uBAAY,EACrC,UAAU,EACV,SAAS,EACT,uBAAA,IAAI,gCAAQ,CAAC,IAAI,EACjB,uBAAA,IAAI,gCAAQ,CAAC,GAAG,EAChB,uBAAA,IAAI,qCAAa,CAClB,CAAC;IAEF,2CAA2C;IAC3C,oFAAoF;IACpF,8DAA8D;IAC9D,MAAM,kBAAkB,GAAG,YAAY,CAAC,OAAO,CAAC,SAAS,CAAC;IAC1D,MAAM,OAAO,GAAG,EAAE,GAAG,YAAY,CAAC,OAAO,EAAE,CAAC;IAE5C,IAAI,YAAY,CAAC,cAAc,EAAE,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5C,MAAM,kBAAkB,GAAG,IAAA,gCAAmB,EAC5C,SAAS,EACT,uBAAA,IAAI,gCAAQ,CAAC,GAAG,CACjB,CAAC;QAEF,MAAM,eAAe,GAAG,YAAY,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CACnE,KAAK,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,KAAK,kBAAkB,CAAC,CAC/D,CAAC;QAEF,wEAAwE;QACxE,uEAAuE;QACvE,sEAAsE;QACtE,iEAAiE;QACjE,MAAM,WAAW,GACf,eAAe,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,aAAa,CAAC,MAAM,KAAK,CAAC,CAAC;YACjE,eAAe,CAAC,CAAC,CAAC,CAAC;QAErB,IAAI,WAAW,EAAE,CAAC;YAChB,OAAO,CAAC,SAAS,GAAG,WAAW,CAAC,cAAc,CAAC;QACjD,CAAC;IACH,CAAC;IAED,OAAO,CAAC,kBAAkB,GAAG,kBAAkB,CAAC;IAEhD,YAAY;IACZ,MAAM,aAAa,GAAG,MAAM,IAAA,wBAAa,EACvC,YAAY,CAAC,KAAK,EAClB,uBAAA,IAAI,gCAAQ,CAAC,GAAG,EAChB,uBAAA,IAAI,gCAAQ,CAAC,QAAQ,CACtB,CAAC;IAEF,OAAO;IACP,MAAM,MAAM,GAAkB;QAC5B,OAAO;QACP,KAAK,EAAE,aAAa;KACrB,CAAC;IAEF,MAAM,uBAAA,IAAI,iCAAS,CAAC,OAAO,CAAC,gBAAgB,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IAEtE,OAAO,MAAM,CAAC;AAChB,CAAC,oCAED,KAAK,0CAAgB,eAAwB;IAC3C,qEAAqE;IACrE,MAAM,aAAa,GAAG,uBAAA,IAAI,uCAAe,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAC/D,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,6BAA6B;IAC7B,MAAM,YAAY,GAAG,uBAAA,IAAI,qEAAgB,MAApB,IAAI,EAAiB,eAAe,CAAC,CAAC;IAE3D,+BAA+B;IAC/B,uBAAA,IAAI,uCAAe,CAAC,GAAG,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC;IAEvD,IAAI,CAAC;QACH,iCAAiC;QACjC,OAAO,MAAM,YAAY,CAAC;IAC5B,CAAC;YAAS,CAAC;QACT,sDAAsD;QACtD,uBAAA,IAAI,uCAAe,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IAC9C,CAAC;AACH,CAAC,qCAED,KAAK,2CAAiB,eAAwB;IAC5C,uDAAuD;IACvD,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,CAAC,GAAG,uBAAA,IAAI,yCAAiB,EAAE,OAAO,IAAI,CAAC,EAAE,CAAC;QACxE,IAAI,CAAC;YACH,OAAO,MAAM,uBAAA,IAAI,mEAAc,MAAlB,IAAI,EAAe,eAAe,CAAC,CAAC;QACnD,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,wCAAwC;YACxC,IAAI,CAAC,yBAAgB,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC1C,MAAM,CAAC,CAAC;YACV,CAAC;YAED,uCAAuC;YACvC,IAAI,OAAO,IAAI,uBAAA,IAAI,yCAAiB,EAAE,CAAC;gBACrC,MAAM,CAAC,CAAC;YACV,CAAC;YAED,2CAA2C;YAC3C,MAAM,MAAM,GAAG,CAAC,CAAC,YAAY,IAAI,uBAAA,IAAI,2CAAmB,CAAC;YACzD,MAAM,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAE9B,0BAA0B;QAC5B,CAAC;IACH,CAAC;IAED,2EAA2E;IAC3E,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;AACrE,CAAC,mGAGC,KAAa,EACb,SAAiB;IAEjB,OAAO,YAAY,KAAK,IAAI,SAAS,EAAW,CAAC;AACnD,CAAC","sourcesContent":["import type { Eip1193Provider } from 'ethers';\n\nimport type { MetaMetricsAuth } from '../../shared/types/services';\nimport { ValidationError, RateLimitedError } from '../errors';\nimport { getMetaMaskProviderEIP6963 } from '../utils/eip-6963-metamask-provider';\nimport {\n MESSAGE_SIGNING_SNAP,\n assertMessageStartsWithMetamask,\n connectSnap,\n isSnapConnected,\n} from '../utils/messaging-signing-snap-requests';\nimport { validateLoginResponse } from '../utils/validate-login-response';\nimport {\n authenticate,\n authorizeOIDC,\n getNonce,\n getUserProfileLineage,\n pairProfiles,\n} from './services';\nimport type { PairProfilesResponse } from './services';\nimport type {\n AuthConfig,\n AuthSigningOptions,\n AuthStorageOptions,\n AuthType,\n IBaseAuth,\n LoginResponse,\n UserProfile,\n UserProfileLineage,\n} from './types';\nimport { computeIdentifierId } from './utils/identifier';\nimport * as timeUtils from './utils/time';\n\ntype JwtBearerAuth_SRP_Options = {\n storage: AuthStorageOptions;\n signing?: AuthSigningOptions;\n rateLimitRetry?: {\n cooldownDefaultMs?: number; // default cooldown when 429 has no Retry-After\n maxLoginRetries?: number; // maximum number of login retries on rate limit\n };\n};\n\n// How long a successful pairing result stays cached so identical payloads\n// (concurrent or sequential retries) reuse it instead of re-hitting the endpoint.\nexport const PAIR_DEDUPE_TTL_MS = 30_000;\n\nconst getDefaultEIP6963Provider = async () => {\n const provider = await getMetaMaskProviderEIP6963();\n if (!provider) {\n throw new ValidationError('No MetaMask wallet connected');\n }\n return provider;\n};\n\nconst getDefaultEIP6963SigningOptions = (\n customProvider?: Eip1193Provider,\n): AuthSigningOptions => ({\n getIdentifier: async (entropySourceId?: string): Promise<string> => {\n const provider = customProvider ?? (await getDefaultEIP6963Provider());\n return await MESSAGE_SIGNING_SNAP.getPublicKey(provider, entropySourceId);\n },\n signMessage: async (\n message: string,\n entropySourceId?: string,\n ): Promise<string> => {\n const provider = customProvider ?? (await getDefaultEIP6963Provider());\n assertMessageStartsWithMetamask(message);\n return await MESSAGE_SIGNING_SNAP.signMessage(\n provider,\n message,\n entropySourceId,\n );\n },\n});\n\nexport class SRPJwtBearerAuth implements IBaseAuth {\n readonly #config: AuthConfig;\n\n readonly #options: {\n storage: AuthStorageOptions;\n signing: AuthSigningOptions;\n };\n\n readonly #metametrics?: MetaMetricsAuth;\n\n // Map to store ongoing login promises by entropySourceId\n readonly #ongoingLogins = new Map<\n string | undefined,\n Promise<LoginResponse>\n >();\n\n // Map to dedupe pairing calls by an order-insensitive token-set key.\n // Holds the in-flight promise (coalescing concurrent callers) and keeps it\n // for a short TTL after success (collapsing sequential retries).\n readonly #ongoingPairings = new Map<\n string,\n { promise: Promise<PairProfilesResponse>; expiresAt: number }\n >();\n\n // Default cooldown when 429 has no Retry-After header\n readonly #cooldownDefaultMs: number;\n\n // Maximum number of login retries on rate limit errors\n readonly #maxLoginRetries: number;\n\n #customProvider?: Eip1193Provider;\n\n constructor(\n config: AuthConfig & { type: AuthType.SRP },\n options: JwtBearerAuth_SRP_Options & {\n customProvider?: Eip1193Provider;\n metametrics?: MetaMetricsAuth;\n },\n ) {\n this.#config = config;\n this.#customProvider = options.customProvider;\n this.#options = {\n storage: options.storage,\n signing:\n options.signing ??\n getDefaultEIP6963SigningOptions(this.#customProvider),\n };\n this.#metametrics = options.metametrics;\n\n // Apply rate limit retry config if provided\n this.#cooldownDefaultMs =\n options.rateLimitRetry?.cooldownDefaultMs ?? 10000;\n this.#maxLoginRetries = options.rateLimitRetry?.maxLoginRetries ?? 1;\n }\n\n setCustomProvider(provider: Eip1193Provider) {\n this.#customProvider = provider;\n this.#options.signing = getDefaultEIP6963SigningOptions(provider);\n }\n\n // TODO: might be easier to keep entropySourceId as a class param and use multiple SRPJwtBearerAuth instances where needed\n async getAccessToken(entropySourceId?: string): Promise<string> {\n const session = await this.#getAuthSession(entropySourceId);\n if (session) {\n return session.token.accessToken;\n }\n\n const loginResponse = await this.#login(entropySourceId);\n return loginResponse.token.accessToken;\n }\n\n async getUserProfile(entropySourceId?: string): Promise<UserProfile> {\n const session = await this.#getAuthSession(entropySourceId);\n if (session) {\n return session.profile;\n }\n\n const loginResponse = await this.#login(entropySourceId);\n return loginResponse.profile;\n }\n\n async getIdentifier(entropySourceId?: string): Promise<string> {\n return await this.#options.signing.getIdentifier(entropySourceId);\n }\n\n async getUserProfileLineage(\n entropySourceId?: string,\n ): Promise<UserProfileLineage> {\n const accessToken = await this.getAccessToken(entropySourceId);\n return await getUserProfileLineage(this.#config.env, accessToken);\n }\n\n async pairSrpProfiles(\n accessTokens: string[],\n authAccessToken: string,\n ): Promise<PairProfilesResponse> {\n // Order-insensitive key: the same token set in any order maps to the same\n // entry. Sort a copy so the request payload itself stays primary-first.\n const key = JSON.stringify([...accessTokens].sort());\n\n const cached = this.#ongoingPairings.get(key);\n if (cached && cached.expiresAt > Date.now()) {\n return await cached.promise;\n }\n\n const promise = pairProfiles(\n accessTokens,\n authAccessToken,\n this.#config.env,\n );\n // Store the in-flight promise immediately so concurrent callers coalesce\n // regardless of how long the request takes.\n this.#ongoingPairings.set(key, {\n promise,\n expiresAt: Number.MAX_SAFE_INTEGER,\n });\n\n try {\n const result = await promise;\n // Keep the resolved result cached for a short window so sequential\n // retries with the same payload reuse it.\n this.#ongoingPairings.set(key, {\n promise,\n expiresAt: Date.now() + PAIR_DEDUPE_TTL_MS,\n });\n return result;\n } catch (error) {\n // Never cache failures: the pairing retry loop must be able to re-hit\n // the endpoint on the next attempt.\n this.#ongoingPairings.delete(key);\n throw error;\n }\n }\n\n async signMessage(\n message: string,\n entropySourceId?: string,\n ): Promise<string> {\n return await this.#options.signing.signMessage(message, entropySourceId);\n }\n\n async isSnapConnected(): Promise<boolean> {\n const provider =\n this.#customProvider ?? (await getDefaultEIP6963Provider());\n if (!provider) {\n return false;\n }\n\n const isConnected = await isSnapConnected(provider);\n return isConnected;\n }\n\n async connectSnap(): Promise<string> {\n const provider =\n this.#customProvider ?? (await getDefaultEIP6963Provider());\n\n const res = await connectSnap(provider);\n return res;\n }\n\n // convert expiresIn from seconds to milliseconds and use 90% of expiresIn\n async #getAuthSession(\n entropySourceId?: string,\n ): Promise<LoginResponse | null> {\n const auth = await this.#options.storage.getLoginResponse(entropySourceId);\n if (!validateLoginResponse(auth)) {\n return null;\n }\n\n // get canonical profile id from server if not present in the cached session\n if (!auth.profile.canonicalProfileId) {\n return null;\n }\n\n const currentTime = Date.now();\n const sessionAge = currentTime - auth.token.obtainedAt;\n const refreshThreshold = auth.token.expiresIn * 1000 * 0.9;\n\n if (sessionAge < refreshThreshold) {\n return auth;\n }\n return null;\n }\n\n async #login(entropySourceId?: string): Promise<LoginResponse> {\n // Use a deferred login to avoid race conditions\n return await this.#deferredLogin(entropySourceId);\n }\n\n async #performLogin(entropySourceId?: string): Promise<LoginResponse> {\n // Nonce\n const publicKey = await this.getIdentifier(entropySourceId);\n const nonceRes = await getNonce(publicKey, this.#config.env);\n\n const rawMessage = this.#createSrpLoginRawMessage(\n nonceRes.nonce,\n publicKey,\n );\n const signature = await this.signMessage(rawMessage, entropySourceId);\n\n // Authenticate\n const authResponse = await authenticate(\n rawMessage,\n signature,\n this.#config.type,\n this.#config.env,\n this.#metametrics,\n );\n\n // Resolve original profileId from aliases.\n // This is done mainly to preserve the original profileId for storage key derivation\n // until we migrate to the canonical profileId storage system.\n const canonicalProfileId = authResponse.profile.profileId;\n const profile = { ...authResponse.profile };\n\n if (authResponse.profileAliases?.length > 0) {\n const targetIdentifierId = computeIdentifierId(\n publicKey,\n this.#config.env,\n );\n\n const matchingAliases = authResponse.profileAliases.filter((alias) =>\n alias.identifierIds.some((id) => id.id === targetIdentifierId),\n );\n\n // Prefer the leaf alias (single identifier) — it's the original profile\n // created for this SRP. Multi-identifier aliases are former canonicals\n // that absorbed other profiles; they are correct only when this SRP's\n // original profile was itself a canonical before being absorbed.\n const targetAlias =\n matchingAliases.find((alias) => alias.identifierIds.length === 1) ??\n matchingAliases[0];\n\n if (targetAlias) {\n profile.profileId = targetAlias.aliasProfileId;\n }\n }\n\n profile.canonicalProfileId = canonicalProfileId;\n\n // Authorize\n const tokenResponse = await authorizeOIDC(\n authResponse.token,\n this.#config.env,\n this.#config.platform,\n );\n\n // Save\n const result: LoginResponse = {\n profile,\n token: tokenResponse,\n };\n\n await this.#options.storage.setLoginResponse(result, entropySourceId);\n\n return result;\n }\n\n async #deferredLogin(entropySourceId?: string): Promise<LoginResponse> {\n // Check if there's already an ongoing login for this entropySourceId\n const existingLogin = this.#ongoingLogins.get(entropySourceId);\n if (existingLogin) {\n return existingLogin;\n }\n\n // Create a new login promise\n const loginPromise = this.#loginWithRetry(entropySourceId);\n\n // Store the promise in the map\n this.#ongoingLogins.set(entropySourceId, loginPromise);\n\n try {\n // Wait for the login to complete\n return await loginPromise;\n } finally {\n // Always clean up the ongoing login promise when done\n this.#ongoingLogins.delete(entropySourceId);\n }\n }\n\n async #loginWithRetry(entropySourceId?: string): Promise<LoginResponse> {\n // Allow max attempts: initial + maxLoginRetries on 429\n for (let attempt = 0; attempt < 1 + this.#maxLoginRetries; attempt += 1) {\n try {\n return await this.#performLogin(entropySourceId);\n } catch (e) {\n // Only retry on rate-limit (429) errors\n if (!RateLimitedError.isRateLimitError(e)) {\n throw e;\n }\n\n // If we've exhausted attempts, rethrow\n if (attempt >= this.#maxLoginRetries) {\n throw e;\n }\n\n // Wait for Retry-After or default cooldown\n const waitMs = e.retryAfterMs ?? this.#cooldownDefaultMs;\n await timeUtils.delay(waitMs);\n\n // Loop continues to retry\n }\n }\n\n // Should never reach here due to loop logic, but TypeScript needs a return\n throw new Error('Unexpected: login loop exhausted without result');\n }\n\n #createSrpLoginRawMessage(\n nonce: string,\n publicKey: string,\n ): `metamask:${string}:${string}` {\n return `metamask:${nonce}:${publicKey}` as const;\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"flow-srp.cjs","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/flow-srp.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAGA,0CAA8D;AAC9D,wFAAiF;AACjF,kGAKkD;AAClD,kFAAyE;AACzE,6CAOoB;AAYpB,uDAAyD;AACzD,4DAA0C;AAW1C,0EAA0E;AAC1E,kFAAkF;AACrE,QAAA,kBAAkB,GAAG,KAAM,CAAC;AAEzC,MAAM,yBAAyB,GAAG,KAAK,IAAI,EAAE;IAC3C,MAAM,QAAQ,GAAG,MAAM,IAAA,uDAA0B,GAAE,CAAC;IACpD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,wBAAe,CAAC,8BAA8B,CAAC,CAAC;IAC5D,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC,CAAC;AAEF,MAAM,+BAA+B,GAAG,CACtC,cAAgC,EACZ,EAAE,CAAC,CAAC;IACxB,aAAa,EAAE,KAAK,EAAE,eAAwB,EAAmB,EAAE;QACjE,MAAM,QAAQ,GAAG,cAAc,IAAI,CAAC,MAAM,yBAAyB,EAAE,CAAC,CAAC;QACvE,OAAO,MAAM,sDAAoB,CAAC,YAAY,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;IAC5E,CAAC;IACD,WAAW,EAAE,KAAK,EAChB,OAAe,EACf,eAAwB,EACP,EAAE;QACnB,MAAM,QAAQ,GAAG,cAAc,IAAI,CAAC,MAAM,yBAAyB,EAAE,CAAC,CAAC;QACvE,IAAA,iEAA+B,EAAC,OAAO,CAAC,CAAC;QACzC,OAAO,MAAM,sDAAoB,CAAC,WAAW,CAC3C,QAAQ,EACR,OAAO,EACP,eAAe,CAChB,CAAC;IACJ,CAAC;CACF,CAAC,CAAC;AAEH,MAAa,gBAAgB;IAgC3B,YACE,MAA2C,EAC3C,OAGC;;QApCM,2CAAoB;QAEpB,4CAGP;QAEO,gDAA+B;QAExC,yDAAyD;QAChD,0CAAiB,IAAI,GAAG,EAG9B,EAAC;QAEJ,qEAAqE;QACrE,2EAA2E;QAC3E,iEAAiE;QACxD,4CAAmB,IAAI,GAAG,EAGhC,EAAC;QAEJ,sDAAsD;QAC7C,sDAA2B;QAEpC,uDAAuD;QAC9C,oDAAyB;QAElC,mDAAkC;QAShC,uBAAA,IAAI,4BAAW,MAAM,MAAA,CAAC;QACtB,uBAAA,IAAI,oCAAmB,OAAO,CAAC,cAAc,MAAA,CAAC;QAC9C,uBAAA,IAAI,6BAAY;YACd,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,OAAO,EACL,OAAO,CAAC,OAAO;gBACf,+BAA+B,CAAC,uBAAA,IAAI,wCAAgB,CAAC;SACxD,MAAA,CAAC;QACF,uBAAA,IAAI,iCAAgB,OAAO,CAAC,WAAW,MAAA,CAAC;QAExC,4CAA4C;QAC5C,uBAAA,IAAI,uCACF,OAAO,CAAC,cAAc,EAAE,iBAAiB,IAAI,KAAK,MAAA,CAAC;QACrD,uBAAA,IAAI,qCAAoB,OAAO,CAAC,cAAc,EAAE,eAAe,IAAI,CAAC,MAAA,CAAC;IACvE,CAAC;IAED,iBAAiB,CAAC,QAAyB;QACzC,uBAAA,IAAI,oCAAmB,QAAQ,MAAA,CAAC;QAChC,uBAAA,IAAI,iCAAS,CAAC,OAAO,GAAG,+BAA+B,CAAC,QAAQ,CAAC,CAAC;IACpE,CAAC;IAED,0HAA0H;IAC1H,KAAK,CAAC,cAAc,CAAC,eAAwB;QAC3C,MAAM,OAAO,GAAG,MAAM,uBAAA,IAAI,qEAAgB,MAApB,IAAI,EAAiB,eAAe,CAAC,CAAC;QAC5D,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC;QACnC,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,uBAAA,IAAI,4DAAO,MAAX,IAAI,EAAQ,eAAe,CAAC,CAAC;QACzD,OAAO,aAAa,CAAC,KAAK,CAAC,WAAW,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,eAAwB;QAC3C,MAAM,OAAO,GAAG,MAAM,uBAAA,IAAI,qEAAgB,MAApB,IAAI,EAAiB,eAAe,CAAC,CAAC;QAC5D,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,OAAO,CAAC,OAAO,CAAC;QACzB,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,uBAAA,IAAI,4DAAO,MAAX,IAAI,EAAQ,eAAe,CAAC,CAAC;QACzD,OAAO,aAAa,CAAC,OAAO,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,eAAwB;QAC1C,OAAO,MAAM,uBAAA,IAAI,iCAAS,CAAC,OAAO,CAAC,aAAa,CAAC,eAAe,CAAC,CAAC;IACpE,CAAC;IAED,KAAK,CAAC,qBAAqB,CACzB,eAAwB;QAExB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,CAAC;QAC/D,OAAO,MAAM,IAAA,gCAAqB,EAAC,uBAAA,IAAI,gCAAQ,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IACpE,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,eAAwB;QACpD,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,CAAC;QAC/D,OAAO,MAAM,IAAA,kCAAuB,EAAC,uBAAA,IAAI,gCAAQ,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IACtE,CAAC;IAED,KAAK,CAAC,eAAe,CACnB,YAAsB,EACtB,eAAuB;QAEvB,0EAA0E;QAC1E,wEAAwE;QACxE,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,GAAG,YAAY,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAErD,MAAM,MAAM,GAAG,uBAAA,IAAI,yCAAiB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC9C,IAAI,MAAM,IAAI,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YAC5C,OAAO,MAAM,MAAM,CAAC,OAAO,CAAC;QAC9B,CAAC;QAED,MAAM,OAAO,GAAG,IAAA,uBAAY,EAC1B,YAAY,EACZ,eAAe,EACf,uBAAA,IAAI,gCAAQ,CAAC,GAAG,CACjB,CAAC;QACF,yEAAyE;QACzE,4CAA4C;QAC5C,uBAAA,IAAI,yCAAiB,CAAC,GAAG,CAAC,GAAG,EAAE;YAC7B,OAAO;YACP,SAAS,EAAE,MAAM,CAAC,gBAAgB;SACnC,CAAC,CAAC;QAEH,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC;YAC7B,mEAAmE;YACnE,0CAA0C;YAC1C,uBAAA,IAAI,yCAAiB,CAAC,GAAG,CAAC,GAAG,EAAE;gBAC7B,OAAO;gBACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,0BAAkB;aAC3C,CAAC,CAAC;YACH,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,sEAAsE;YACtE,oCAAoC;YACpC,uBAAA,IAAI,yCAAiB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAClC,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CACf,OAAe,EACf,eAAwB;QAExB,OAAO,MAAM,uBAAA,IAAI,iCAAS,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;IAC3E,CAAC;IAED,KAAK,CAAC,eAAe;QACnB,MAAM,QAAQ,GACZ,uBAAA,IAAI,wCAAgB,IAAI,CAAC,MAAM,yBAAyB,EAAE,CAAC,CAAC;QAC9D,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,IAAA,iDAAe,EAAC,QAAQ,CAAC,CAAC;QACpD,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,WAAW;QACf,MAAM,QAAQ,GACZ,uBAAA,IAAI,wCAAgB,IAAI,CAAC,MAAM,yBAAyB,EAAE,CAAC,CAAC;QAE9D,MAAM,GAAG,GAAG,MAAM,IAAA,6CAAW,EAAC,QAAQ,CAAC,CAAC;QACxC,OAAO,GAAG,CAAC;IACb,CAAC;CA4JF;AA/TD,4CA+TC;;AA1JC,0EAA0E;AAC1E,KAAK,2CACH,eAAwB;IAExB,MAAM,IAAI,GAAG,MAAM,uBAAA,IAAI,iCAAS,CAAC,OAAO,CAAC,gBAAgB,CAAC,eAAe,CAAC,CAAC;IAC3E,IAAI,CAAC,IAAA,+CAAqB,EAAC,IAAI,CAAC,EAAE,CAAC;QACjC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,4EAA4E;IAC5E,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE,CAAC;QACrC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC/B,MAAM,UAAU,GAAG,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC;IACvD,MAAM,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,IAAI,GAAG,GAAG,CAAC;IAE3D,IAAI,UAAU,GAAG,gBAAgB,EAAE,CAAC;QAClC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC,4BAED,KAAK,kCAAQ,eAAwB;IACnC,gDAAgD;IAChD,OAAO,MAAM,uBAAA,IAAI,oEAAe,MAAnB,IAAI,EAAgB,eAAe,CAAC,CAAC;AACpD,CAAC,mCAED,KAAK,yCAAe,eAAwB;IAC1C,QAAQ;IACR,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,eAAe,CAAC,CAAC;IAC5D,MAAM,QAAQ,GAAG,MAAM,IAAA,mBAAQ,EAAC,SAAS,EAAE,uBAAA,IAAI,gCAAQ,CAAC,GAAG,CAAC,CAAC;IAE7D,MAAM,UAAU,GAAG,uBAAA,IAAI,+EAA0B,MAA9B,IAAI,EACrB,QAAQ,CAAC,KAAK,EACd,SAAS,CACV,CAAC;IACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,eAAe,CAAC,CAAC;IAEtE,eAAe;IACf,MAAM,YAAY,GAAG,MAAM,IAAA,uBAAY,EACrC,UAAU,EACV,SAAS,EACT,uBAAA,IAAI,gCAAQ,CAAC,IAAI,EACjB,uBAAA,IAAI,gCAAQ,CAAC,GAAG,EAChB,uBAAA,IAAI,qCAAa,CAClB,CAAC;IAEF,2CAA2C;IAC3C,oFAAoF;IACpF,8DAA8D;IAC9D,MAAM,kBAAkB,GAAG,YAAY,CAAC,OAAO,CAAC,SAAS,CAAC;IAC1D,MAAM,OAAO,GAAG,EAAE,GAAG,YAAY,CAAC,OAAO,EAAE,CAAC;IAE5C,IAAI,YAAY,CAAC,cAAc,EAAE,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5C,MAAM,kBAAkB,GAAG,IAAA,gCAAmB,EAC5C,SAAS,EACT,uBAAA,IAAI,gCAAQ,CAAC,GAAG,CACjB,CAAC;QAEF,MAAM,eAAe,GAAG,YAAY,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CACnE,KAAK,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,KAAK,kBAAkB,CAAC,CAC/D,CAAC;QAEF,wEAAwE;QACxE,uEAAuE;QACvE,sEAAsE;QACtE,iEAAiE;QACjE,MAAM,WAAW,GACf,eAAe,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,aAAa,CAAC,MAAM,KAAK,CAAC,CAAC;YACjE,eAAe,CAAC,CAAC,CAAC,CAAC;QAErB,IAAI,WAAW,EAAE,CAAC;YAChB,OAAO,CAAC,SAAS,GAAG,WAAW,CAAC,cAAc,CAAC;QACjD,CAAC;IACH,CAAC;IAED,OAAO,CAAC,kBAAkB,GAAG,kBAAkB,CAAC;IAEhD,YAAY;IACZ,MAAM,aAAa,GAAG,MAAM,IAAA,wBAAa,EACvC,YAAY,CAAC,KAAK,EAClB,uBAAA,IAAI,gCAAQ,CAAC,GAAG,EAChB,uBAAA,IAAI,gCAAQ,CAAC,QAAQ,CACtB,CAAC;IAEF,OAAO;IACP,MAAM,MAAM,GAAkB;QAC5B,OAAO;QACP,KAAK,EAAE,aAAa;KACrB,CAAC;IAEF,MAAM,uBAAA,IAAI,iCAAS,CAAC,OAAO,CAAC,gBAAgB,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IAEtE,OAAO,MAAM,CAAC;AAChB,CAAC,oCAED,KAAK,0CAAgB,eAAwB;IAC3C,qEAAqE;IACrE,MAAM,aAAa,GAAG,uBAAA,IAAI,uCAAe,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAC/D,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,6BAA6B;IAC7B,MAAM,YAAY,GAAG,uBAAA,IAAI,qEAAgB,MAApB,IAAI,EAAiB,eAAe,CAAC,CAAC;IAE3D,+BAA+B;IAC/B,uBAAA,IAAI,uCAAe,CAAC,GAAG,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC;IAEvD,IAAI,CAAC;QACH,iCAAiC;QACjC,OAAO,MAAM,YAAY,CAAC;IAC5B,CAAC;YAAS,CAAC;QACT,sDAAsD;QACtD,uBAAA,IAAI,uCAAe,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IAC9C,CAAC;AACH,CAAC,qCAED,KAAK,2CAAiB,eAAwB;IAC5C,uDAAuD;IACvD,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,CAAC,GAAG,uBAAA,IAAI,yCAAiB,EAAE,OAAO,IAAI,CAAC,EAAE,CAAC;QACxE,IAAI,CAAC;YACH,OAAO,MAAM,uBAAA,IAAI,mEAAc,MAAlB,IAAI,EAAe,eAAe,CAAC,CAAC;QACnD,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,wCAAwC;YACxC,IAAI,CAAC,yBAAgB,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC1C,MAAM,CAAC,CAAC;YACV,CAAC;YAED,uCAAuC;YACvC,IAAI,OAAO,IAAI,uBAAA,IAAI,yCAAiB,EAAE,CAAC;gBACrC,MAAM,CAAC,CAAC;YACV,CAAC;YAED,2CAA2C;YAC3C,MAAM,MAAM,GAAG,CAAC,CAAC,YAAY,IAAI,uBAAA,IAAI,2CAAmB,CAAC;YACzD,MAAM,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAE9B,0BAA0B;QAC5B,CAAC;IACH,CAAC;IAED,2EAA2E;IAC3E,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;AACrE,CAAC,mGAGC,KAAa,EACb,SAAiB;IAEjB,OAAO,YAAY,KAAK,IAAI,SAAS,EAAW,CAAC;AACnD,CAAC","sourcesContent":["import type { Eip1193Provider } from 'ethers';\n\nimport type { MetaMetricsAuth } from '../../shared/types/services';\nimport { ValidationError, RateLimitedError } from '../errors';\nimport { getMetaMaskProviderEIP6963 } from '../utils/eip-6963-metamask-provider';\nimport {\n MESSAGE_SIGNING_SNAP,\n assertMessageStartsWithMetamask,\n connectSnap,\n isSnapConnected,\n} from '../utils/messaging-signing-snap-requests';\nimport { validateLoginResponse } from '../utils/validate-login-response';\nimport {\n authenticate,\n authorizeOIDC,\n getCustomerServiceToken,\n getNonce,\n getUserProfileLineage,\n pairProfiles,\n} from './services';\nimport type { PairProfilesResponse } from './services';\nimport type {\n AuthConfig,\n AuthSigningOptions,\n AuthStorageOptions,\n AuthType,\n IBaseAuth,\n LoginResponse,\n UserProfile,\n UserProfileLineage,\n} from './types';\nimport { computeIdentifierId } from './utils/identifier';\nimport * as timeUtils from './utils/time';\n\ntype JwtBearerAuth_SRP_Options = {\n storage: AuthStorageOptions;\n signing?: AuthSigningOptions;\n rateLimitRetry?: {\n cooldownDefaultMs?: number; // default cooldown when 429 has no Retry-After\n maxLoginRetries?: number; // maximum number of login retries on rate limit\n };\n};\n\n// How long a successful pairing result stays cached so identical payloads\n// (concurrent or sequential retries) reuse it instead of re-hitting the endpoint.\nexport const PAIR_DEDUPE_TTL_MS = 30_000;\n\nconst getDefaultEIP6963Provider = async () => {\n const provider = await getMetaMaskProviderEIP6963();\n if (!provider) {\n throw new ValidationError('No MetaMask wallet connected');\n }\n return provider;\n};\n\nconst getDefaultEIP6963SigningOptions = (\n customProvider?: Eip1193Provider,\n): AuthSigningOptions => ({\n getIdentifier: async (entropySourceId?: string): Promise<string> => {\n const provider = customProvider ?? (await getDefaultEIP6963Provider());\n return await MESSAGE_SIGNING_SNAP.getPublicKey(provider, entropySourceId);\n },\n signMessage: async (\n message: string,\n entropySourceId?: string,\n ): Promise<string> => {\n const provider = customProvider ?? (await getDefaultEIP6963Provider());\n assertMessageStartsWithMetamask(message);\n return await MESSAGE_SIGNING_SNAP.signMessage(\n provider,\n message,\n entropySourceId,\n );\n },\n});\n\nexport class SRPJwtBearerAuth implements IBaseAuth {\n readonly #config: AuthConfig;\n\n readonly #options: {\n storage: AuthStorageOptions;\n signing: AuthSigningOptions;\n };\n\n readonly #metametrics?: MetaMetricsAuth;\n\n // Map to store ongoing login promises by entropySourceId\n readonly #ongoingLogins = new Map<\n string | undefined,\n Promise<LoginResponse>\n >();\n\n // Map to dedupe pairing calls by an order-insensitive token-set key.\n // Holds the in-flight promise (coalescing concurrent callers) and keeps it\n // for a short TTL after success (collapsing sequential retries).\n readonly #ongoingPairings = new Map<\n string,\n { promise: Promise<PairProfilesResponse>; expiresAt: number }\n >();\n\n // Default cooldown when 429 has no Retry-After header\n readonly #cooldownDefaultMs: number;\n\n // Maximum number of login retries on rate limit errors\n readonly #maxLoginRetries: number;\n\n #customProvider?: Eip1193Provider;\n\n constructor(\n config: AuthConfig & { type: AuthType.SRP },\n options: JwtBearerAuth_SRP_Options & {\n customProvider?: Eip1193Provider;\n metametrics?: MetaMetricsAuth;\n },\n ) {\n this.#config = config;\n this.#customProvider = options.customProvider;\n this.#options = {\n storage: options.storage,\n signing:\n options.signing ??\n getDefaultEIP6963SigningOptions(this.#customProvider),\n };\n this.#metametrics = options.metametrics;\n\n // Apply rate limit retry config if provided\n this.#cooldownDefaultMs =\n options.rateLimitRetry?.cooldownDefaultMs ?? 10000;\n this.#maxLoginRetries = options.rateLimitRetry?.maxLoginRetries ?? 1;\n }\n\n setCustomProvider(provider: Eip1193Provider) {\n this.#customProvider = provider;\n this.#options.signing = getDefaultEIP6963SigningOptions(provider);\n }\n\n // TODO: might be easier to keep entropySourceId as a class param and use multiple SRPJwtBearerAuth instances where needed\n async getAccessToken(entropySourceId?: string): Promise<string> {\n const session = await this.#getAuthSession(entropySourceId);\n if (session) {\n return session.token.accessToken;\n }\n\n const loginResponse = await this.#login(entropySourceId);\n return loginResponse.token.accessToken;\n }\n\n async getUserProfile(entropySourceId?: string): Promise<UserProfile> {\n const session = await this.#getAuthSession(entropySourceId);\n if (session) {\n return session.profile;\n }\n\n const loginResponse = await this.#login(entropySourceId);\n return loginResponse.profile;\n }\n\n async getIdentifier(entropySourceId?: string): Promise<string> {\n return await this.#options.signing.getIdentifier(entropySourceId);\n }\n\n async getUserProfileLineage(\n entropySourceId?: string,\n ): Promise<UserProfileLineage> {\n const accessToken = await this.getAccessToken(entropySourceId);\n return await getUserProfileLineage(this.#config.env, accessToken);\n }\n\n async getCustomerServiceToken(entropySourceId?: string): Promise<string> {\n const accessToken = await this.getAccessToken(entropySourceId);\n return await getCustomerServiceToken(this.#config.env, accessToken);\n }\n\n async pairSrpProfiles(\n accessTokens: string[],\n authAccessToken: string,\n ): Promise<PairProfilesResponse> {\n // Order-insensitive key: the same token set in any order maps to the same\n // entry. Sort a copy so the request payload itself stays primary-first.\n const key = JSON.stringify([...accessTokens].sort());\n\n const cached = this.#ongoingPairings.get(key);\n if (cached && cached.expiresAt > Date.now()) {\n return await cached.promise;\n }\n\n const promise = pairProfiles(\n accessTokens,\n authAccessToken,\n this.#config.env,\n );\n // Store the in-flight promise immediately so concurrent callers coalesce\n // regardless of how long the request takes.\n this.#ongoingPairings.set(key, {\n promise,\n expiresAt: Number.MAX_SAFE_INTEGER,\n });\n\n try {\n const result = await promise;\n // Keep the resolved result cached for a short window so sequential\n // retries with the same payload reuse it.\n this.#ongoingPairings.set(key, {\n promise,\n expiresAt: Date.now() + PAIR_DEDUPE_TTL_MS,\n });\n return result;\n } catch (error) {\n // Never cache failures: the pairing retry loop must be able to re-hit\n // the endpoint on the next attempt.\n this.#ongoingPairings.delete(key);\n throw error;\n }\n }\n\n async signMessage(\n message: string,\n entropySourceId?: string,\n ): Promise<string> {\n return await this.#options.signing.signMessage(message, entropySourceId);\n }\n\n async isSnapConnected(): Promise<boolean> {\n const provider =\n this.#customProvider ?? (await getDefaultEIP6963Provider());\n if (!provider) {\n return false;\n }\n\n const isConnected = await isSnapConnected(provider);\n return isConnected;\n }\n\n async connectSnap(): Promise<string> {\n const provider =\n this.#customProvider ?? (await getDefaultEIP6963Provider());\n\n const res = await connectSnap(provider);\n return res;\n }\n\n // convert expiresIn from seconds to milliseconds and use 90% of expiresIn\n async #getAuthSession(\n entropySourceId?: string,\n ): Promise<LoginResponse | null> {\n const auth = await this.#options.storage.getLoginResponse(entropySourceId);\n if (!validateLoginResponse(auth)) {\n return null;\n }\n\n // get canonical profile id from server if not present in the cached session\n if (!auth.profile.canonicalProfileId) {\n return null;\n }\n\n const currentTime = Date.now();\n const sessionAge = currentTime - auth.token.obtainedAt;\n const refreshThreshold = auth.token.expiresIn * 1000 * 0.9;\n\n if (sessionAge < refreshThreshold) {\n return auth;\n }\n return null;\n }\n\n async #login(entropySourceId?: string): Promise<LoginResponse> {\n // Use a deferred login to avoid race conditions\n return await this.#deferredLogin(entropySourceId);\n }\n\n async #performLogin(entropySourceId?: string): Promise<LoginResponse> {\n // Nonce\n const publicKey = await this.getIdentifier(entropySourceId);\n const nonceRes = await getNonce(publicKey, this.#config.env);\n\n const rawMessage = this.#createSrpLoginRawMessage(\n nonceRes.nonce,\n publicKey,\n );\n const signature = await this.signMessage(rawMessage, entropySourceId);\n\n // Authenticate\n const authResponse = await authenticate(\n rawMessage,\n signature,\n this.#config.type,\n this.#config.env,\n this.#metametrics,\n );\n\n // Resolve original profileId from aliases.\n // This is done mainly to preserve the original profileId for storage key derivation\n // until we migrate to the canonical profileId storage system.\n const canonicalProfileId = authResponse.profile.profileId;\n const profile = { ...authResponse.profile };\n\n if (authResponse.profileAliases?.length > 0) {\n const targetIdentifierId = computeIdentifierId(\n publicKey,\n this.#config.env,\n );\n\n const matchingAliases = authResponse.profileAliases.filter((alias) =>\n alias.identifierIds.some((id) => id.id === targetIdentifierId),\n );\n\n // Prefer the leaf alias (single identifier) — it's the original profile\n // created for this SRP. Multi-identifier aliases are former canonicals\n // that absorbed other profiles; they are correct only when this SRP's\n // original profile was itself a canonical before being absorbed.\n const targetAlias =\n matchingAliases.find((alias) => alias.identifierIds.length === 1) ??\n matchingAliases[0];\n\n if (targetAlias) {\n profile.profileId = targetAlias.aliasProfileId;\n }\n }\n\n profile.canonicalProfileId = canonicalProfileId;\n\n // Authorize\n const tokenResponse = await authorizeOIDC(\n authResponse.token,\n this.#config.env,\n this.#config.platform,\n );\n\n // Save\n const result: LoginResponse = {\n profile,\n token: tokenResponse,\n };\n\n await this.#options.storage.setLoginResponse(result, entropySourceId);\n\n return result;\n }\n\n async #deferredLogin(entropySourceId?: string): Promise<LoginResponse> {\n // Check if there's already an ongoing login for this entropySourceId\n const existingLogin = this.#ongoingLogins.get(entropySourceId);\n if (existingLogin) {\n return existingLogin;\n }\n\n // Create a new login promise\n const loginPromise = this.#loginWithRetry(entropySourceId);\n\n // Store the promise in the map\n this.#ongoingLogins.set(entropySourceId, loginPromise);\n\n try {\n // Wait for the login to complete\n return await loginPromise;\n } finally {\n // Always clean up the ongoing login promise when done\n this.#ongoingLogins.delete(entropySourceId);\n }\n }\n\n async #loginWithRetry(entropySourceId?: string): Promise<LoginResponse> {\n // Allow max attempts: initial + maxLoginRetries on 429\n for (let attempt = 0; attempt < 1 + this.#maxLoginRetries; attempt += 1) {\n try {\n return await this.#performLogin(entropySourceId);\n } catch (e) {\n // Only retry on rate-limit (429) errors\n if (!RateLimitedError.isRateLimitError(e)) {\n throw e;\n }\n\n // If we've exhausted attempts, rethrow\n if (attempt >= this.#maxLoginRetries) {\n throw e;\n }\n\n // Wait for Retry-After or default cooldown\n const waitMs = e.retryAfterMs ?? this.#cooldownDefaultMs;\n await timeUtils.delay(waitMs);\n\n // Loop continues to retry\n }\n }\n\n // Should never reach here due to loop logic, but TypeScript needs a return\n throw new Error('Unexpected: login loop exhausted without result');\n }\n\n #createSrpLoginRawMessage(\n nonce: string,\n publicKey: string,\n ): `metamask:${string}:${string}` {\n return `metamask:${nonce}:${publicKey}` as const;\n }\n}\n"]}
|
|
@@ -24,6 +24,7 @@ export declare class SRPJwtBearerAuth implements IBaseAuth {
|
|
|
24
24
|
getUserProfile(entropySourceId?: string): Promise<UserProfile>;
|
|
25
25
|
getIdentifier(entropySourceId?: string): Promise<string>;
|
|
26
26
|
getUserProfileLineage(entropySourceId?: string): Promise<UserProfileLineage>;
|
|
27
|
+
getCustomerServiceToken(entropySourceId?: string): Promise<string>;
|
|
27
28
|
pairSrpProfiles(accessTokens: string[], authAccessToken: string): Promise<PairProfilesResponse>;
|
|
28
29
|
signMessage(message: string, entropySourceId?: string): Promise<string>;
|
|
29
30
|
isSnapConnected(): Promise<boolean>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"flow-srp.d.cts","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/flow-srp.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,eAAe;AAE9C,OAAO,KAAK,EAAE,eAAe,EAAE,wCAAoC;
|
|
1
|
+
{"version":3,"file":"flow-srp.d.cts","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/flow-srp.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,eAAe;AAE9C,OAAO,KAAK,EAAE,eAAe,EAAE,wCAAoC;AAkBnE,OAAO,KAAK,EAAE,oBAAoB,EAAE,uBAAmB;AACvD,OAAO,KAAK,EACV,UAAU,EACV,kBAAkB,EAClB,kBAAkB,EAClB,QAAQ,EACR,SAAS,EAET,WAAW,EACX,kBAAkB,EACnB,oBAAgB;AAIjB,KAAK,yBAAyB,GAAG;IAC/B,OAAO,EAAE,kBAAkB,CAAC;IAC5B,OAAO,CAAC,EAAE,kBAAkB,CAAC;IAC7B,cAAc,CAAC,EAAE;QACf,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,eAAe,CAAC,EAAE,MAAM,CAAC;KAC1B,CAAC;CACH,CAAC;AAIF,eAAO,MAAM,kBAAkB,QAAS,CAAC;AA+BzC,qBAAa,gBAAiB,YAAW,SAAS;;gBAiC9C,MAAM,EAAE,UAAU,GAAG;QAAE,IAAI,EAAE,QAAQ,CAAC,GAAG,CAAA;KAAE,EAC3C,OAAO,EAAE,yBAAyB,GAAG;QACnC,cAAc,CAAC,EAAE,eAAe,CAAC;QACjC,WAAW,CAAC,EAAE,eAAe,CAAC;KAC/B;IAkBH,iBAAiB,CAAC,QAAQ,EAAE,eAAe;IAMrC,cAAc,CAAC,eAAe,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAUzD,cAAc,CAAC,eAAe,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAU9D,aAAa,CAAC,eAAe,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAIxD,qBAAqB,CACzB,eAAe,CAAC,EAAE,MAAM,GACvB,OAAO,CAAC,kBAAkB,CAAC;IAKxB,uBAAuB,CAAC,eAAe,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAKlE,eAAe,CACnB,YAAY,EAAE,MAAM,EAAE,EACtB,eAAe,EAAE,MAAM,GACtB,OAAO,CAAC,oBAAoB,CAAC;IAuC1B,WAAW,CACf,OAAO,EAAE,MAAM,EACf,eAAe,CAAC,EAAE,MAAM,GACvB,OAAO,CAAC,MAAM,CAAC;IAIZ,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC;IAWnC,WAAW,IAAI,OAAO,CAAC,MAAM,CAAC;CAkKrC"}
|
|
@@ -24,6 +24,7 @@ export declare class SRPJwtBearerAuth implements IBaseAuth {
|
|
|
24
24
|
getUserProfile(entropySourceId?: string): Promise<UserProfile>;
|
|
25
25
|
getIdentifier(entropySourceId?: string): Promise<string>;
|
|
26
26
|
getUserProfileLineage(entropySourceId?: string): Promise<UserProfileLineage>;
|
|
27
|
+
getCustomerServiceToken(entropySourceId?: string): Promise<string>;
|
|
27
28
|
pairSrpProfiles(accessTokens: string[], authAccessToken: string): Promise<PairProfilesResponse>;
|
|
28
29
|
signMessage(message: string, entropySourceId?: string): Promise<string>;
|
|
29
30
|
isSnapConnected(): Promise<boolean>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"flow-srp.d.mts","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/flow-srp.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,eAAe;AAE9C,OAAO,KAAK,EAAE,eAAe,EAAE,wCAAoC;
|
|
1
|
+
{"version":3,"file":"flow-srp.d.mts","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/flow-srp.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,eAAe;AAE9C,OAAO,KAAK,EAAE,eAAe,EAAE,wCAAoC;AAkBnE,OAAO,KAAK,EAAE,oBAAoB,EAAE,uBAAmB;AACvD,OAAO,KAAK,EACV,UAAU,EACV,kBAAkB,EAClB,kBAAkB,EAClB,QAAQ,EACR,SAAS,EAET,WAAW,EACX,kBAAkB,EACnB,oBAAgB;AAIjB,KAAK,yBAAyB,GAAG;IAC/B,OAAO,EAAE,kBAAkB,CAAC;IAC5B,OAAO,CAAC,EAAE,kBAAkB,CAAC;IAC7B,cAAc,CAAC,EAAE;QACf,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,eAAe,CAAC,EAAE,MAAM,CAAC;KAC1B,CAAC;CACH,CAAC;AAIF,eAAO,MAAM,kBAAkB,QAAS,CAAC;AA+BzC,qBAAa,gBAAiB,YAAW,SAAS;;gBAiC9C,MAAM,EAAE,UAAU,GAAG;QAAE,IAAI,EAAE,QAAQ,CAAC,GAAG,CAAA;KAAE,EAC3C,OAAO,EAAE,yBAAyB,GAAG;QACnC,cAAc,CAAC,EAAE,eAAe,CAAC;QACjC,WAAW,CAAC,EAAE,eAAe,CAAC;KAC/B;IAkBH,iBAAiB,CAAC,QAAQ,EAAE,eAAe;IAMrC,cAAc,CAAC,eAAe,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAUzD,cAAc,CAAC,eAAe,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAU9D,aAAa,CAAC,eAAe,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAIxD,qBAAqB,CACzB,eAAe,CAAC,EAAE,MAAM,GACvB,OAAO,CAAC,kBAAkB,CAAC;IAKxB,uBAAuB,CAAC,eAAe,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAKlE,eAAe,CACnB,YAAY,EAAE,MAAM,EAAE,EACtB,eAAe,EAAE,MAAM,GACtB,OAAO,CAAC,oBAAoB,CAAC;IAuC1B,WAAW,CACf,OAAO,EAAE,MAAM,EACf,eAAe,CAAC,EAAE,MAAM,GACvB,OAAO,CAAC,MAAM,CAAC;IAIZ,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC;IAWnC,WAAW,IAAI,OAAO,CAAC,MAAM,CAAC;CAkKrC"}
|
|
@@ -14,7 +14,7 @@ import { ValidationError, RateLimitedError } from "../errors.mjs";
|
|
|
14
14
|
import { getMetaMaskProviderEIP6963 } from "../utils/eip-6963-metamask-provider.mjs";
|
|
15
15
|
import { MESSAGE_SIGNING_SNAP, assertMessageStartsWithMetamask, connectSnap, isSnapConnected } from "../utils/messaging-signing-snap-requests.mjs";
|
|
16
16
|
import { validateLoginResponse } from "../utils/validate-login-response.mjs";
|
|
17
|
-
import { authenticate, authorizeOIDC, getNonce, getUserProfileLineage, pairProfiles } from "./services.mjs";
|
|
17
|
+
import { authenticate, authorizeOIDC, getCustomerServiceToken, getNonce, getUserProfileLineage, pairProfiles } from "./services.mjs";
|
|
18
18
|
import { computeIdentifierId } from "./utils/identifier.mjs";
|
|
19
19
|
import * as timeUtils from "./utils/time.mjs";
|
|
20
20
|
// How long a successful pairing result stays cached so identical payloads
|
|
@@ -95,6 +95,10 @@ export class SRPJwtBearerAuth {
|
|
|
95
95
|
const accessToken = await this.getAccessToken(entropySourceId);
|
|
96
96
|
return await getUserProfileLineage(__classPrivateFieldGet(this, _SRPJwtBearerAuth_config, "f").env, accessToken);
|
|
97
97
|
}
|
|
98
|
+
async getCustomerServiceToken(entropySourceId) {
|
|
99
|
+
const accessToken = await this.getAccessToken(entropySourceId);
|
|
100
|
+
return await getCustomerServiceToken(__classPrivateFieldGet(this, _SRPJwtBearerAuth_config, "f").env, accessToken);
|
|
101
|
+
}
|
|
98
102
|
async pairSrpProfiles(accessTokens, authAccessToken) {
|
|
99
103
|
// Order-insensitive key: the same token set in any order maps to the same
|
|
100
104
|
// entry. Sort a copy so the request payload itself stays primary-first.
|