@moon-x/core 0.2.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/dist/{chunk-CDT4MC7S.mjs → chunk-6LTEG7VN.mjs} +0 -39
- package/dist/{chunk-SOKLPX7V.mjs → chunk-VVL65GIB.mjs} +10 -0
- package/dist/index.d.mts +2 -2
- package/dist/index.d.ts +2 -2
- package/dist/index.js +10 -0
- package/dist/index.mjs +1 -1
- package/dist/interfaces-cdKh3sLA.d.mts +192 -0
- package/dist/interfaces-pNTEOKaK.d.ts +192 -0
- package/dist/lib/index.d.mts +1 -1
- package/dist/lib/index.d.ts +1 -1
- package/dist/lib/index.js +2 -47
- package/dist/lib/index.mjs +3 -15
- package/dist/passkey-cache-WnDFQ-v4.d.mts +26 -0
- package/dist/passkey-cache-WnDFQ-v4.d.ts +26 -0
- package/dist/{post-message-C_99BCBh.d.mts → post-message-CmgAfkOS.d.mts} +2 -0
- package/dist/{post-message-C_99BCBh.d.ts → post-message-CmgAfkOS.d.ts} +2 -0
- package/dist/react/index.d.mts +1 -0
- package/dist/react/index.d.ts +1 -0
- package/dist/react/index.js +2 -1
- package/dist/react/index.mjs +3 -2
- package/dist/sdk/index.d.mts +52 -21
- package/dist/sdk/index.d.ts +52 -21
- package/dist/sdk/index.js +252 -102
- package/dist/sdk/index.mjs +241 -80
- package/dist/types/index.d.mts +19 -12
- package/dist/types/index.d.ts +19 -12
- package/dist/utils/index.d.mts +1 -1
- package/dist/utils/index.d.ts +1 -1
- package/dist/utils/index.js +10 -0
- package/dist/utils/index.mjs +1 -1
- package/dist/web/index.d.mts +2 -2
- package/dist/web/index.d.ts +2 -2
- package/dist/web/index.js +50 -114
- package/dist/web/index.mjs +51 -58
- package/package.json +6 -2
- package/dist/interfaces-9k0eKCc4.d.ts +0 -120
- package/dist/interfaces-fNhwnCeY.d.mts +0 -120
- package/dist/passkey-cache-B9PT3AWX.d.mts +0 -47
- package/dist/passkey-cache-B9PT3AWX.d.ts +0 -47
package/README.md
CHANGED
|
@@ -18,7 +18,7 @@ This package owns everything that's identical between web and mobile:
|
|
|
18
18
|
- **Headless SDK factories** (`@moon-x/core/sdk`) — platform-agnostic implementations of `signMessage`, `signTransaction`, `sendTransaction`, etc. that take a `Transport` + `PasskeyAssertor` + `KvStorage` via DI. Web and RN both wire their platform impls into these factories.
|
|
19
19
|
- **Web platform impls** (`@moon-x/core/web`) — `createIframeTransport`, `createWebAuthnPasskey`, `createLocalStorageKv`. React-native has its own equivalents inside `@moon-x/react-native-sdk/platform/*`.
|
|
20
20
|
- **Shared React hooks** (`@moon-x/core/react`) — hooks that run identically on web + RN (`useUser`, `useWallets`, `useLogout`, `useLoginWithEmail`, `usePasskeyStatus`, `useAddPasskey`, `useRemovePasskey`, `useCreateWallet`, `useImportKey`, plus per-chain hooks under `@moon-x/core/react/ethereum` and `@moon-x/core/react/solana`). The platform SDKs re-export these directly so consumers never import from core.
|
|
21
|
-
- **Pure utilities** (`@moon-x/core/lib`) — EVM chain/gas helpers (`getEvmGasPrice`, `estimateEvmGas`, `getEvmNonce`, `chains`), `prepareEvmSignTransaction` / `prepareEvmSendTransaction` (chain + RPC + nonce/gas/fee auto-fill), SIWE/SIWS message builders, passkey codec +
|
|
21
|
+
- **Pure utilities** (`@moon-x/core/lib`) — EVM chain/gas helpers (`getEvmGasPrice`, `estimateEvmGas`, `getEvmNonce`, `chains`), `prepareEvmSignTransaction` / `prepareEvmSendTransaction` (chain + RPC + nonce/gas/fee auto-fill), SIWE/SIWS message builders, passkey codec + `generatePasskeyUserId`, AAGUID registry, Solana transaction log parser, etc. (The parent-side passkey-assertion cache was removed in Phase 4 of the presence-token gating work — every sensitive op now mints scope-bound single-use tokens via `getInternalPresenceTokens`.)
|
|
22
22
|
|
|
23
23
|
## Subpath exports
|
|
24
24
|
|
|
@@ -36,4 +36,4 @@ This package owns everything that's identical between web and mobile:
|
|
|
36
36
|
|
|
37
37
|
## License
|
|
38
38
|
|
|
39
|
-
|
|
39
|
+
UNLICENSED. All rights reserved.
|
|
@@ -100,39 +100,6 @@ var toB64url = (bytes) => {
|
|
|
100
100
|
};
|
|
101
101
|
|
|
102
102
|
// src/lib/passkey/passkey-cache.ts
|
|
103
|
-
var cacheTtlMs = 0;
|
|
104
|
-
var cache = null;
|
|
105
|
-
var setAssertCacheTtlMs = (ms) => {
|
|
106
|
-
cacheTtlMs = Math.max(0, Math.floor(ms));
|
|
107
|
-
if (cacheTtlMs === 0) {
|
|
108
|
-
cache = null;
|
|
109
|
-
}
|
|
110
|
-
};
|
|
111
|
-
var getAssertCacheTtlMs = () => cacheTtlMs;
|
|
112
|
-
var clearParentAssertCache = () => {
|
|
113
|
-
cache = null;
|
|
114
|
-
};
|
|
115
|
-
var readParentAssertCache = () => {
|
|
116
|
-
if (cacheTtlMs <= 0) return null;
|
|
117
|
-
if (!cache) return null;
|
|
118
|
-
if (Date.now() - cache.ts >= cacheTtlMs) return null;
|
|
119
|
-
return {
|
|
120
|
-
userHandleB64url: cache.userHandleB64url,
|
|
121
|
-
credentialIdB64url: cache.credentialIdB64url
|
|
122
|
-
};
|
|
123
|
-
};
|
|
124
|
-
var writeParentAssertCache = (entry) => {
|
|
125
|
-
if (cacheTtlMs <= 0) return;
|
|
126
|
-
cache = { ...entry, ts: Date.now() };
|
|
127
|
-
};
|
|
128
|
-
var withClearOnFailure = async (fn) => {
|
|
129
|
-
try {
|
|
130
|
-
return await fn();
|
|
131
|
-
} catch (error) {
|
|
132
|
-
clearParentAssertCache();
|
|
133
|
-
throw error;
|
|
134
|
-
}
|
|
135
|
-
};
|
|
136
103
|
var generatePasskeyUserId = () => {
|
|
137
104
|
const bytes = crypto.getRandomValues(new Uint8Array(32));
|
|
138
105
|
return { userIdB64url: toB64url(bytes), userIdBytes: bytes };
|
|
@@ -1492,12 +1459,6 @@ export {
|
|
|
1492
1459
|
verifyIdToken,
|
|
1493
1460
|
fromB64url,
|
|
1494
1461
|
toB64url,
|
|
1495
|
-
setAssertCacheTtlMs,
|
|
1496
|
-
getAssertCacheTtlMs,
|
|
1497
|
-
clearParentAssertCache,
|
|
1498
|
-
readParentAssertCache,
|
|
1499
|
-
writeParentAssertCache,
|
|
1500
|
-
withClearOnFailure,
|
|
1501
1462
|
generatePasskeyUserId,
|
|
1502
1463
|
formatPasskeyLabel,
|
|
1503
1464
|
resolvePasskeyMetadata,
|
|
@@ -64,6 +64,16 @@ var PostMessageMethod = {
|
|
|
64
64
|
// begin/verify HTTP calls (where the session JWT lives).
|
|
65
65
|
PASSKEY_REGISTER_BEGIN: "PASSKEY_REGISTER_BEGIN",
|
|
66
66
|
PASSKEY_REGISTER_VERIFY: "PASSKEY_REGISTER_VERIFY",
|
|
67
|
+
// Passkey-asserted step-up ("presence token"). Same split as register:
|
|
68
|
+
// parent owns the WebAuthn API call; iframe owns the begin/verify
|
|
69
|
+
// HTTP halves (where the session JWT lives). Mints a short-lived
|
|
70
|
+
// (`tt:"presence"`) JWT app backends can verify over JWKS.
|
|
71
|
+
// CRITICAL: parent MUST strip response.userHandle from the assertion
|
|
72
|
+
// before posting PASSKEY_PRESENCE_VERIFY. The userHandle carries DEK
|
|
73
|
+
// material in MoonX's overloaded model and has no business reaching
|
|
74
|
+
// the server. The server also defensively never reads it.
|
|
75
|
+
PASSKEY_PRESENCE_BEGIN: "PASSKEY_PRESENCE_BEGIN",
|
|
76
|
+
PASSKEY_PRESENCE_VERIFY: "PASSKEY_PRESENCE_VERIFY",
|
|
67
77
|
GET_PASSKEY_STATUS: "GET_PASSKEY_STATUS",
|
|
68
78
|
// Parent-side passkey assertion plumbing. Parent calls GET_DEK_INFO
|
|
69
79
|
// to learn which credential IDs to put in allowCredentials and to
|
package/dist/index.d.mts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export { AccessTokenClaims, AppConfigRequest, AppConfigResponse, AttachOAuthTokenRequest, AttachOAuthTokenResponse, AuthAppearance, AuthFlow, AuthFlowComponent, AuthLoginMethod, AuthProviderConfig, BaseGetBalanceParams, BaseGetBalanceResult, BaseGetTokenAccountsParams, BaseSendTransactionParams, BaseSendTransactionResult, BaseSignMessageParams, BaseSignMessageResult, BaseSignTransactionParams, BaseSignTransactionResult, BaseTokenClaims, BaseUIOptions, BaseWalletHooks, ContractUIOptions, CreateWalletResponse, DefaultFundingMethod, DeleteSessionRequest, DeleteSessionResponse, DetachOAuthTokenRequest, DeviceFingerprint, DisplayMode, EmailOtpConfig, EmailOtpFlowState, EthereumFundingConfig, EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumGetTokenAccountsByOwnerParams, EthereumGetTokenAccountsByOwnerResult, EthereumSendTransactionParams, EthereumSendTransactionRequest, EthereumSendTransactionResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult, EthereumSwitchChainParams, ExportKeyConfig, Factor, FlexibleTheme, FundWalletConfig, FundingEvents, FundingMethod, FundingUIConfig, GetCurrentSessionRequest, GetCurrentSessionResponse, Hex, IdentityTokenClaims, IdpProvider, IsAuthenticatedRequest, IsAuthenticatedResponse, LoginTokenBundle, LogoutRequest, LogoutResponse, MessageTypeProperty, MessageTypes, MoonKeyThemeConfig, MoonPaySignRequest, MoonPaySignResponse, MpcKeyShares, Network, OAuthRequest, OAuthResponse, OnrampFundingSettings, PasskeyEnrollConfig, PasskeySettings, PreferredCardProvider, PrefillConfig, PublicEthereumWallet, PublicSessionData, PublicWallet, RefreshSessionRequest, RefreshSessionResponse, RetrieveWalletKeyRequest, RetrieveWalletKeyResponse, SdkSettings, SendEmailOtpRequest, SendEmailOtpResponse, SendTransactionConfig, SendTransactionRequest, SessionData, SharesDeviceRequest, SharesDeviceResponse, Sign7702AuthorizationError, Sign7702AuthorizationParams, Sign7702AuthorizationResponse, Sign7702AuthorizationResult, SignMessageConfig, SignTransactionConfig, SignTypedDataError, SignTypedDataParams, SignTypedDataResponse, SignTypedDataResult, SmsSettings, SolanaChain, SolanaFundingConfig, SolanaGetBalanceParams, SolanaGetBalanceResult, SolanaGetTokenAccountsByOwnerParams, SolanaGetTokenAccountsByOwnerResult, SolanaSendTransactionParams, SolanaSendTransactionResult, SolanaSignMessageParams, SolanaSignMessageResult, SolanaSignTransactionParams, SolanaSignTransactionResult, TransactionCommitment, TransactionEncoding, TransactionUIOptions, TypedMessage, UseFundWalletInterface, UsersMePublicResponse, UsersMeRequest, UsersMeResponse, VerifiedSession, VerifyEmailOtpRequest, VerifyEmailOtpResponse, VerifyEmailOtpUser, VerifyOAuthTokenRequest, VerifyOAuthTokenResponse, VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, Wallet, WalletChain, WalletChainType, WalletConnectConfig, WalletCreationError, WalletError, WalletErrorCode, WalletKeyRequest, WalletListEntry, WalletRegistrationNonceRequest, WalletRegistrationNonceResponse, WalletType, WalletVerifyRequest } from './types/index.mjs';
|
|
1
|
+
export { AccessTokenClaims, AppConfigRequest, AppConfigResponse, AttachOAuthTokenRequest, AttachOAuthTokenResponse, AuthAppearance, AuthFlow, AuthFlowComponent, AuthLoginMethod, AuthProviderConfig, BaseGetBalanceParams, BaseGetBalanceResult, BaseGetTokenAccountsParams, BaseSendTransactionParams, BaseSendTransactionResult, BaseSignMessageParams, BaseSignMessageResult, BaseSignTransactionParams, BaseSignTransactionResult, BaseTokenClaims, BaseUIOptions, BaseWalletHooks, ContractUIOptions, CreateWalletResponse, DefaultFundingMethod, DeleteSessionRequest, DeleteSessionResponse, DetachOAuthTokenRequest, DeviceFingerprint, DisplayMode, EmailOtpConfig, EmailOtpFlowState, EthereumFundingConfig, EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumGetTokenAccountsByOwnerParams, EthereumGetTokenAccountsByOwnerResult, EthereumSendTransactionParams, EthereumSendTransactionRequest, EthereumSendTransactionResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult, EthereumSwitchChainParams, ExportKeyConfig, Factor, FlexibleTheme, FundWalletConfig, FundingEvents, FundingMethod, FundingUIConfig, GetCurrentSessionRequest, GetCurrentSessionResponse, Hex, IdentityTokenClaims, IdpProvider, IsAuthenticatedRequest, IsAuthenticatedResponse, LoginTokenBundle, LogoutRequest, LogoutResponse, MessageTypeProperty, MessageTypes, MoonKeyThemeConfig, MoonPaySignRequest, MoonPaySignResponse, MpcKeyShares, Network, OAuthRequest, OAuthResponse, OnrampFundingSettings, PasskeyEnrollConfig, PasskeySettings, PreferredCardProvider, PrefillConfig, PresenceTokenClaims, PublicEthereumWallet, PublicSessionData, PublicWallet, RefreshSessionRequest, RefreshSessionResponse, RetrieveWalletKeyRequest, RetrieveWalletKeyResponse, SdkSettings, SendEmailOtpRequest, SendEmailOtpResponse, SendTransactionConfig, SendTransactionRequest, SessionData, SharesDeviceRequest, SharesDeviceResponse, Sign7702AuthorizationError, Sign7702AuthorizationParams, Sign7702AuthorizationResponse, Sign7702AuthorizationResult, SignMessageConfig, SignTransactionConfig, SignTypedDataError, SignTypedDataParams, SignTypedDataResponse, SignTypedDataResult, SmsSettings, SolanaChain, SolanaFundingConfig, SolanaGetBalanceParams, SolanaGetBalanceResult, SolanaGetTokenAccountsByOwnerParams, SolanaGetTokenAccountsByOwnerResult, SolanaSendTransactionParams, SolanaSendTransactionResult, SolanaSignMessageParams, SolanaSignMessageResult, SolanaSignTransactionParams, SolanaSignTransactionResult, TransactionCommitment, TransactionEncoding, TransactionUIOptions, TypedMessage, UseFundWalletInterface, UsersMePublicResponse, UsersMeRequest, UsersMeResponse, VerifiedSession, VerifyEmailOtpRequest, VerifyEmailOtpResponse, VerifyEmailOtpUser, VerifyOAuthTokenRequest, VerifyOAuthTokenResponse, VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, Wallet, WalletChain, WalletChainType, WalletConnectConfig, WalletCreationError, WalletError, WalletErrorCode, WalletKeyRequest, WalletListEntry, WalletRegistrationNonceRequest, WalletRegistrationNonceResponse, WalletType, WalletVerifyRequest } from './types/index.mjs';
|
|
2
2
|
export { getIframeOrigin, getIframeUrl, getMoonKeyApiUrl } from './utils/index.mjs';
|
|
3
|
-
export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from './post-message-
|
|
3
|
+
export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from './post-message-CmgAfkOS.mjs';
|
|
4
4
|
export { B as BlockExplorer, C as Chain, a as ChainLikeWithId, E as EthereumChainConfig, N as NativeCurrency, R as RpcConfig, b as RpcUrls } from './chain-C9dvKXUY.mjs';
|
package/dist/index.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export { AccessTokenClaims, AppConfigRequest, AppConfigResponse, AttachOAuthTokenRequest, AttachOAuthTokenResponse, AuthAppearance, AuthFlow, AuthFlowComponent, AuthLoginMethod, AuthProviderConfig, BaseGetBalanceParams, BaseGetBalanceResult, BaseGetTokenAccountsParams, BaseSendTransactionParams, BaseSendTransactionResult, BaseSignMessageParams, BaseSignMessageResult, BaseSignTransactionParams, BaseSignTransactionResult, BaseTokenClaims, BaseUIOptions, BaseWalletHooks, ContractUIOptions, CreateWalletResponse, DefaultFundingMethod, DeleteSessionRequest, DeleteSessionResponse, DetachOAuthTokenRequest, DeviceFingerprint, DisplayMode, EmailOtpConfig, EmailOtpFlowState, EthereumFundingConfig, EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumGetTokenAccountsByOwnerParams, EthereumGetTokenAccountsByOwnerResult, EthereumSendTransactionParams, EthereumSendTransactionRequest, EthereumSendTransactionResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult, EthereumSwitchChainParams, ExportKeyConfig, Factor, FlexibleTheme, FundWalletConfig, FundingEvents, FundingMethod, FundingUIConfig, GetCurrentSessionRequest, GetCurrentSessionResponse, Hex, IdentityTokenClaims, IdpProvider, IsAuthenticatedRequest, IsAuthenticatedResponse, LoginTokenBundle, LogoutRequest, LogoutResponse, MessageTypeProperty, MessageTypes, MoonKeyThemeConfig, MoonPaySignRequest, MoonPaySignResponse, MpcKeyShares, Network, OAuthRequest, OAuthResponse, OnrampFundingSettings, PasskeyEnrollConfig, PasskeySettings, PreferredCardProvider, PrefillConfig, PublicEthereumWallet, PublicSessionData, PublicWallet, RefreshSessionRequest, RefreshSessionResponse, RetrieveWalletKeyRequest, RetrieveWalletKeyResponse, SdkSettings, SendEmailOtpRequest, SendEmailOtpResponse, SendTransactionConfig, SendTransactionRequest, SessionData, SharesDeviceRequest, SharesDeviceResponse, Sign7702AuthorizationError, Sign7702AuthorizationParams, Sign7702AuthorizationResponse, Sign7702AuthorizationResult, SignMessageConfig, SignTransactionConfig, SignTypedDataError, SignTypedDataParams, SignTypedDataResponse, SignTypedDataResult, SmsSettings, SolanaChain, SolanaFundingConfig, SolanaGetBalanceParams, SolanaGetBalanceResult, SolanaGetTokenAccountsByOwnerParams, SolanaGetTokenAccountsByOwnerResult, SolanaSendTransactionParams, SolanaSendTransactionResult, SolanaSignMessageParams, SolanaSignMessageResult, SolanaSignTransactionParams, SolanaSignTransactionResult, TransactionCommitment, TransactionEncoding, TransactionUIOptions, TypedMessage, UseFundWalletInterface, UsersMePublicResponse, UsersMeRequest, UsersMeResponse, VerifiedSession, VerifyEmailOtpRequest, VerifyEmailOtpResponse, VerifyEmailOtpUser, VerifyOAuthTokenRequest, VerifyOAuthTokenResponse, VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, Wallet, WalletChain, WalletChainType, WalletConnectConfig, WalletCreationError, WalletError, WalletErrorCode, WalletKeyRequest, WalletListEntry, WalletRegistrationNonceRequest, WalletRegistrationNonceResponse, WalletType, WalletVerifyRequest } from './types/index.js';
|
|
1
|
+
export { AccessTokenClaims, AppConfigRequest, AppConfigResponse, AttachOAuthTokenRequest, AttachOAuthTokenResponse, AuthAppearance, AuthFlow, AuthFlowComponent, AuthLoginMethod, AuthProviderConfig, BaseGetBalanceParams, BaseGetBalanceResult, BaseGetTokenAccountsParams, BaseSendTransactionParams, BaseSendTransactionResult, BaseSignMessageParams, BaseSignMessageResult, BaseSignTransactionParams, BaseSignTransactionResult, BaseTokenClaims, BaseUIOptions, BaseWalletHooks, ContractUIOptions, CreateWalletResponse, DefaultFundingMethod, DeleteSessionRequest, DeleteSessionResponse, DetachOAuthTokenRequest, DeviceFingerprint, DisplayMode, EmailOtpConfig, EmailOtpFlowState, EthereumFundingConfig, EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumGetTokenAccountsByOwnerParams, EthereumGetTokenAccountsByOwnerResult, EthereumSendTransactionParams, EthereumSendTransactionRequest, EthereumSendTransactionResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult, EthereumSwitchChainParams, ExportKeyConfig, Factor, FlexibleTheme, FundWalletConfig, FundingEvents, FundingMethod, FundingUIConfig, GetCurrentSessionRequest, GetCurrentSessionResponse, Hex, IdentityTokenClaims, IdpProvider, IsAuthenticatedRequest, IsAuthenticatedResponse, LoginTokenBundle, LogoutRequest, LogoutResponse, MessageTypeProperty, MessageTypes, MoonKeyThemeConfig, MoonPaySignRequest, MoonPaySignResponse, MpcKeyShares, Network, OAuthRequest, OAuthResponse, OnrampFundingSettings, PasskeyEnrollConfig, PasskeySettings, PreferredCardProvider, PrefillConfig, PresenceTokenClaims, PublicEthereumWallet, PublicSessionData, PublicWallet, RefreshSessionRequest, RefreshSessionResponse, RetrieveWalletKeyRequest, RetrieveWalletKeyResponse, SdkSettings, SendEmailOtpRequest, SendEmailOtpResponse, SendTransactionConfig, SendTransactionRequest, SessionData, SharesDeviceRequest, SharesDeviceResponse, Sign7702AuthorizationError, Sign7702AuthorizationParams, Sign7702AuthorizationResponse, Sign7702AuthorizationResult, SignMessageConfig, SignTransactionConfig, SignTypedDataError, SignTypedDataParams, SignTypedDataResponse, SignTypedDataResult, SmsSettings, SolanaChain, SolanaFundingConfig, SolanaGetBalanceParams, SolanaGetBalanceResult, SolanaGetTokenAccountsByOwnerParams, SolanaGetTokenAccountsByOwnerResult, SolanaSendTransactionParams, SolanaSendTransactionResult, SolanaSignMessageParams, SolanaSignMessageResult, SolanaSignTransactionParams, SolanaSignTransactionResult, TransactionCommitment, TransactionEncoding, TransactionUIOptions, TypedMessage, UseFundWalletInterface, UsersMePublicResponse, UsersMeRequest, UsersMeResponse, VerifiedSession, VerifyEmailOtpRequest, VerifyEmailOtpResponse, VerifyEmailOtpUser, VerifyOAuthTokenRequest, VerifyOAuthTokenResponse, VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, Wallet, WalletChain, WalletChainType, WalletConnectConfig, WalletCreationError, WalletError, WalletErrorCode, WalletKeyRequest, WalletListEntry, WalletRegistrationNonceRequest, WalletRegistrationNonceResponse, WalletType, WalletVerifyRequest } from './types/index.js';
|
|
2
2
|
export { getIframeOrigin, getIframeUrl, getMoonKeyApiUrl } from './utils/index.js';
|
|
3
|
-
export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from './post-message-
|
|
3
|
+
export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from './post-message-CmgAfkOS.js';
|
|
4
4
|
export { B as BlockExplorer, C as Chain, a as ChainLikeWithId, E as EthereumChainConfig, N as NativeCurrency, R as RpcConfig, b as RpcUrls } from './chain-C9dvKXUY.js';
|
package/dist/index.js
CHANGED
|
@@ -190,6 +190,16 @@ var PostMessageMethod = {
|
|
|
190
190
|
// begin/verify HTTP calls (where the session JWT lives).
|
|
191
191
|
PASSKEY_REGISTER_BEGIN: "PASSKEY_REGISTER_BEGIN",
|
|
192
192
|
PASSKEY_REGISTER_VERIFY: "PASSKEY_REGISTER_VERIFY",
|
|
193
|
+
// Passkey-asserted step-up ("presence token"). Same split as register:
|
|
194
|
+
// parent owns the WebAuthn API call; iframe owns the begin/verify
|
|
195
|
+
// HTTP halves (where the session JWT lives). Mints a short-lived
|
|
196
|
+
// (`tt:"presence"`) JWT app backends can verify over JWKS.
|
|
197
|
+
// CRITICAL: parent MUST strip response.userHandle from the assertion
|
|
198
|
+
// before posting PASSKEY_PRESENCE_VERIFY. The userHandle carries DEK
|
|
199
|
+
// material in MoonX's overloaded model and has no business reaching
|
|
200
|
+
// the server. The server also defensively never reads it.
|
|
201
|
+
PASSKEY_PRESENCE_BEGIN: "PASSKEY_PRESENCE_BEGIN",
|
|
202
|
+
PASSKEY_PRESENCE_VERIFY: "PASSKEY_PRESENCE_VERIFY",
|
|
193
203
|
GET_PASSKEY_STATUS: "GET_PASSKEY_STATUS",
|
|
194
204
|
// Parent-side passkey assertion plumbing. Parent calls GET_DEK_INFO
|
|
195
205
|
// to learn which credential IDs to put in allowCredentials and to
|
package/dist/index.mjs
CHANGED
|
@@ -0,0 +1,192 @@
|
|
|
1
|
+
import { c as PostMessageType, a as PostMessageMethod } from './post-message-CmgAfkOS.mjs';
|
|
2
|
+
|
|
3
|
+
/**
|
|
4
|
+
* Transport — the bidirectional postMessage channel between the parent
|
|
5
|
+
* (web SDK or RN SDK) and the iframe-app. Web wraps
|
|
6
|
+
* `createPostMessageClient(iframeRef.current.contentWindow, ...)`; RN
|
|
7
|
+
* wraps a `WebViewBridge` over react-native-webview.
|
|
8
|
+
*
|
|
9
|
+
* `send` resolves with the iframe handler's raw return value and rejects
|
|
10
|
+
* with the handler's thrown error (canonical envelope, no
|
|
11
|
+
* {success, data} unwrap at the call site).
|
|
12
|
+
*/
|
|
13
|
+
interface Transport {
|
|
14
|
+
send<P, R>(type: PostMessageType, method: PostMessageMethod, payload: P): Promise<R>;
|
|
15
|
+
/**
|
|
16
|
+
* Register a handler for inbound messages from the iframe-app. Only
|
|
17
|
+
* needed by the parent-side `*WithUI` flow path, where the modal
|
|
18
|
+
* postMessages a result back that the SDK's pending Promise needs to
|
|
19
|
+
* resolve. Returns an unregister fn.
|
|
20
|
+
*/
|
|
21
|
+
register?<P, R>(type: PostMessageType, method: PostMessageMethod, handler: (payload: P) => Promise<R> | R): () => void;
|
|
22
|
+
/**
|
|
23
|
+
* Whether the underlying iframe / WebView is loaded and ready to
|
|
24
|
+
* receive messages. SDK methods short-circuit with "SDK not ready"
|
|
25
|
+
* before calling `send` if this returns false.
|
|
26
|
+
*/
|
|
27
|
+
isReady(): boolean;
|
|
28
|
+
}
|
|
29
|
+
/**
|
|
30
|
+
* PasskeyAssertor — runs the WebAuthn assertion ceremony in the *parent*
|
|
31
|
+
* (where user activation lives — cross-origin iframes/WebViews can't
|
|
32
|
+
* reliably get their own click handler).
|
|
33
|
+
*
|
|
34
|
+
* Two methods, two distinct flow shapes:
|
|
35
|
+
*
|
|
36
|
+
* - `assert` is the DEK-unwrap path: empty allowCredentials, harvests
|
|
37
|
+
* userHandle (= DEK wrap key in MoonX's overloaded model), consumed
|
|
38
|
+
* locally by the iframe-app. Never crosses the server boundary.
|
|
39
|
+
*
|
|
40
|
+
* - `assertForServer` is the server-roundtrip path (presence step-up,
|
|
41
|
+
* future passkey sign-in): server issues options, browser asserts,
|
|
42
|
+
* server verifies the signature. userHandle is stripped on the
|
|
43
|
+
* platform boundary (DEK hygiene) — the strip happens INSIDE the
|
|
44
|
+
* assertor impl, not in the orchestrator, so no caller can bypass
|
|
45
|
+
* it.
|
|
46
|
+
*
|
|
47
|
+
* Registration is handled separately via `@simplewebauthn/browser`'s
|
|
48
|
+
* `startRegistration` on web / `passkeyCreate` from
|
|
49
|
+
* `react-native-passkeys` on RN; this interface is assertion-only.
|
|
50
|
+
*/
|
|
51
|
+
interface PasskeyAssertor {
|
|
52
|
+
/**
|
|
53
|
+
* Run a WebAuthn assertion (`navigator.credentials.get` on web,
|
|
54
|
+
* `passkeyGet` from react-native-passkeys on RN). Returns the
|
|
55
|
+
* platform-decoded base64url forms of the credential id and userHandle.
|
|
56
|
+
*/
|
|
57
|
+
assert(opts: {
|
|
58
|
+
rpId: string;
|
|
59
|
+
challenge: string;
|
|
60
|
+
/**
|
|
61
|
+
* The wire `allow_credential_ids_b64url` list from GET_DEK_INFO,
|
|
62
|
+
* passed through for platforms that want to use it. Note both
|
|
63
|
+
* platforms today pass an empty array to the underlying API; this
|
|
64
|
+
* field is informational only (e.g. for telemetry or for a future
|
|
65
|
+
* platform that prefers non-discoverable login).
|
|
66
|
+
*/
|
|
67
|
+
allowCredentials: string[];
|
|
68
|
+
}): Promise<{
|
|
69
|
+
rawIdB64url: string;
|
|
70
|
+
userHandleB64url: string;
|
|
71
|
+
}>;
|
|
72
|
+
/**
|
|
73
|
+
* Run a WebAuthn assertion for a SERVER-VERIFIED flow (presence
|
|
74
|
+
* step-up, future passkey sign-in). Takes a full
|
|
75
|
+
* `PublicKeyCredentialRequestOptionsJSON` (the server-issued
|
|
76
|
+
* `optionsJSON`) and returns the standard
|
|
77
|
+
* `AuthenticationResponseJSON` with `response.userHandle`
|
|
78
|
+
* **stripped** — DEK hygiene is enforced inside the impl so the
|
|
79
|
+
* orchestrator (and any future caller) cannot forget it.
|
|
80
|
+
*
|
|
81
|
+
* The returned object goes straight onto the wire to /presence/verify
|
|
82
|
+
* (or the future /login/verify). Each platform-specific impl is
|
|
83
|
+
* responsible for: (a) running the underlying ceremony, (b)
|
|
84
|
+
* shaping the result into AuthenticationResponseJSON, and (c) the
|
|
85
|
+
* userHandle strip.
|
|
86
|
+
*/
|
|
87
|
+
assertForServer(opts: {
|
|
88
|
+
optionsJSON: WebAuthnRequestOptions;
|
|
89
|
+
}): Promise<WebAuthnAssertionResponse>;
|
|
90
|
+
/**
|
|
91
|
+
* Internal-use variant of assertForServer. Runs the same WebAuthn
|
|
92
|
+
* ceremony and returns the same sanitized assertion (userHandle
|
|
93
|
+
* stripped on the platform boundary), but ALSO surfaces the
|
|
94
|
+
* captured userHandle + credential id separately for the SDK
|
|
95
|
+
* orchestrator's downstream postMessage payload — the iframe needs
|
|
96
|
+
* the userHandle bytes to do AES-GCM unwrap of the DEK after the
|
|
97
|
+
* presence ceremony mints the scoped tokens.
|
|
98
|
+
*
|
|
99
|
+
* DEK hygiene boundary: the sanitized `response` field still has
|
|
100
|
+
* `response.userHandle === undefined`. The separate
|
|
101
|
+
* `userHandleB64url` field stays inside the orchestrator and is
|
|
102
|
+
* postMessaged to the iframe — never sent over the network to the
|
|
103
|
+
* presence-verify server call. The strip is enforced by the impl;
|
|
104
|
+
* the separate surfacing is opt-in via this method.
|
|
105
|
+
*/
|
|
106
|
+
assertForInternalPresence(opts: {
|
|
107
|
+
optionsJSON: WebAuthnRequestOptions;
|
|
108
|
+
}): Promise<{
|
|
109
|
+
response: WebAuthnAssertionResponse;
|
|
110
|
+
userHandleB64url: string;
|
|
111
|
+
credentialIdB64url: string;
|
|
112
|
+
}>;
|
|
113
|
+
}
|
|
114
|
+
/**
|
|
115
|
+
* Subset of `PublicKeyCredentialRequestOptionsJSON` we forward to the
|
|
116
|
+
* platform impl. Kept loose-typed so a server adding fields doesn't
|
|
117
|
+
* require an interface change here.
|
|
118
|
+
*/
|
|
119
|
+
interface WebAuthnRequestOptions {
|
|
120
|
+
challenge: string;
|
|
121
|
+
rpId?: string;
|
|
122
|
+
allowCredentials?: Array<{
|
|
123
|
+
id: string;
|
|
124
|
+
type?: string;
|
|
125
|
+
transports?: string[];
|
|
126
|
+
}>;
|
|
127
|
+
userVerification?: string;
|
|
128
|
+
timeout?: number;
|
|
129
|
+
extensions?: Record<string, unknown>;
|
|
130
|
+
}
|
|
131
|
+
/**
|
|
132
|
+
* Standard `AuthenticationResponseJSON` shape, with `userHandle`
|
|
133
|
+
* deliberately optional because the assertForServer contract is that
|
|
134
|
+
* impls strip it before returning. The field stays in the type so a
|
|
135
|
+
* server-side decoder can still parse it (= undefined) without a
|
|
136
|
+
* union mismatch.
|
|
137
|
+
*/
|
|
138
|
+
interface WebAuthnAssertionResponse {
|
|
139
|
+
id: string;
|
|
140
|
+
rawId: string;
|
|
141
|
+
type: string;
|
|
142
|
+
response: {
|
|
143
|
+
clientDataJSON: string;
|
|
144
|
+
authenticatorData: string;
|
|
145
|
+
signature: string;
|
|
146
|
+
userHandle?: undefined;
|
|
147
|
+
};
|
|
148
|
+
clientExtensionResults?: Record<string, unknown>;
|
|
149
|
+
authenticatorAttachment?: string;
|
|
150
|
+
}
|
|
151
|
+
/**
|
|
152
|
+
* KvStorage — async key/value storage for ID tokens + session metadata.
|
|
153
|
+
* Web wraps `localStorage` (sync, lifted to a resolved Promise); RN
|
|
154
|
+
* wraps `@react-native-async-storage/async-storage` (natively async).
|
|
155
|
+
*
|
|
156
|
+
* Always async at the interface to unify both platforms.
|
|
157
|
+
*/
|
|
158
|
+
interface KvStorage {
|
|
159
|
+
get(key: string): Promise<string | null>;
|
|
160
|
+
set(key: string, value: string): Promise<void>;
|
|
161
|
+
remove(key: string): Promise<void>;
|
|
162
|
+
}
|
|
163
|
+
/**
|
|
164
|
+
* OAuthOpener — start an OAuth authorize request and wait for the
|
|
165
|
+
* provider redirect to return with `code` + `state`. Web uses a
|
|
166
|
+
* full-page redirect or popup (completion picked up by
|
|
167
|
+
* `useOAuthCompletion` listening for postMessages); RN uses
|
|
168
|
+
* `expo-web-browser.openAuthSessionAsync` (single Promise resolves on
|
|
169
|
+
* deep-link callback).
|
|
170
|
+
*/
|
|
171
|
+
interface OAuthOpener {
|
|
172
|
+
open(opts: {
|
|
173
|
+
authorizeUrl: string;
|
|
174
|
+
redirectUrl: string;
|
|
175
|
+
}): Promise<{
|
|
176
|
+
code: string;
|
|
177
|
+
state: string;
|
|
178
|
+
}>;
|
|
179
|
+
}
|
|
180
|
+
/**
|
|
181
|
+
* The bundle of platform impls that the SDK factories accept. Provider
|
|
182
|
+
* components on each platform construct one of these once and pass it
|
|
183
|
+
* through to the factories.
|
|
184
|
+
*/
|
|
185
|
+
interface PlatformImpls {
|
|
186
|
+
transport: Transport;
|
|
187
|
+
passkey: PasskeyAssertor;
|
|
188
|
+
storage: KvStorage;
|
|
189
|
+
oauth: OAuthOpener;
|
|
190
|
+
}
|
|
191
|
+
|
|
192
|
+
export type { KvStorage as K, OAuthOpener as O, PasskeyAssertor as P, Transport as T, WebAuthnAssertionResponse as W, PlatformImpls as a, WebAuthnRequestOptions as b };
|
|
@@ -0,0 +1,192 @@
|
|
|
1
|
+
import { c as PostMessageType, a as PostMessageMethod } from './post-message-CmgAfkOS.js';
|
|
2
|
+
|
|
3
|
+
/**
|
|
4
|
+
* Transport — the bidirectional postMessage channel between the parent
|
|
5
|
+
* (web SDK or RN SDK) and the iframe-app. Web wraps
|
|
6
|
+
* `createPostMessageClient(iframeRef.current.contentWindow, ...)`; RN
|
|
7
|
+
* wraps a `WebViewBridge` over react-native-webview.
|
|
8
|
+
*
|
|
9
|
+
* `send` resolves with the iframe handler's raw return value and rejects
|
|
10
|
+
* with the handler's thrown error (canonical envelope, no
|
|
11
|
+
* {success, data} unwrap at the call site).
|
|
12
|
+
*/
|
|
13
|
+
interface Transport {
|
|
14
|
+
send<P, R>(type: PostMessageType, method: PostMessageMethod, payload: P): Promise<R>;
|
|
15
|
+
/**
|
|
16
|
+
* Register a handler for inbound messages from the iframe-app. Only
|
|
17
|
+
* needed by the parent-side `*WithUI` flow path, where the modal
|
|
18
|
+
* postMessages a result back that the SDK's pending Promise needs to
|
|
19
|
+
* resolve. Returns an unregister fn.
|
|
20
|
+
*/
|
|
21
|
+
register?<P, R>(type: PostMessageType, method: PostMessageMethod, handler: (payload: P) => Promise<R> | R): () => void;
|
|
22
|
+
/**
|
|
23
|
+
* Whether the underlying iframe / WebView is loaded and ready to
|
|
24
|
+
* receive messages. SDK methods short-circuit with "SDK not ready"
|
|
25
|
+
* before calling `send` if this returns false.
|
|
26
|
+
*/
|
|
27
|
+
isReady(): boolean;
|
|
28
|
+
}
|
|
29
|
+
/**
|
|
30
|
+
* PasskeyAssertor — runs the WebAuthn assertion ceremony in the *parent*
|
|
31
|
+
* (where user activation lives — cross-origin iframes/WebViews can't
|
|
32
|
+
* reliably get their own click handler).
|
|
33
|
+
*
|
|
34
|
+
* Two methods, two distinct flow shapes:
|
|
35
|
+
*
|
|
36
|
+
* - `assert` is the DEK-unwrap path: empty allowCredentials, harvests
|
|
37
|
+
* userHandle (= DEK wrap key in MoonX's overloaded model), consumed
|
|
38
|
+
* locally by the iframe-app. Never crosses the server boundary.
|
|
39
|
+
*
|
|
40
|
+
* - `assertForServer` is the server-roundtrip path (presence step-up,
|
|
41
|
+
* future passkey sign-in): server issues options, browser asserts,
|
|
42
|
+
* server verifies the signature. userHandle is stripped on the
|
|
43
|
+
* platform boundary (DEK hygiene) — the strip happens INSIDE the
|
|
44
|
+
* assertor impl, not in the orchestrator, so no caller can bypass
|
|
45
|
+
* it.
|
|
46
|
+
*
|
|
47
|
+
* Registration is handled separately via `@simplewebauthn/browser`'s
|
|
48
|
+
* `startRegistration` on web / `passkeyCreate` from
|
|
49
|
+
* `react-native-passkeys` on RN; this interface is assertion-only.
|
|
50
|
+
*/
|
|
51
|
+
interface PasskeyAssertor {
|
|
52
|
+
/**
|
|
53
|
+
* Run a WebAuthn assertion (`navigator.credentials.get` on web,
|
|
54
|
+
* `passkeyGet` from react-native-passkeys on RN). Returns the
|
|
55
|
+
* platform-decoded base64url forms of the credential id and userHandle.
|
|
56
|
+
*/
|
|
57
|
+
assert(opts: {
|
|
58
|
+
rpId: string;
|
|
59
|
+
challenge: string;
|
|
60
|
+
/**
|
|
61
|
+
* The wire `allow_credential_ids_b64url` list from GET_DEK_INFO,
|
|
62
|
+
* passed through for platforms that want to use it. Note both
|
|
63
|
+
* platforms today pass an empty array to the underlying API; this
|
|
64
|
+
* field is informational only (e.g. for telemetry or for a future
|
|
65
|
+
* platform that prefers non-discoverable login).
|
|
66
|
+
*/
|
|
67
|
+
allowCredentials: string[];
|
|
68
|
+
}): Promise<{
|
|
69
|
+
rawIdB64url: string;
|
|
70
|
+
userHandleB64url: string;
|
|
71
|
+
}>;
|
|
72
|
+
/**
|
|
73
|
+
* Run a WebAuthn assertion for a SERVER-VERIFIED flow (presence
|
|
74
|
+
* step-up, future passkey sign-in). Takes a full
|
|
75
|
+
* `PublicKeyCredentialRequestOptionsJSON` (the server-issued
|
|
76
|
+
* `optionsJSON`) and returns the standard
|
|
77
|
+
* `AuthenticationResponseJSON` with `response.userHandle`
|
|
78
|
+
* **stripped** — DEK hygiene is enforced inside the impl so the
|
|
79
|
+
* orchestrator (and any future caller) cannot forget it.
|
|
80
|
+
*
|
|
81
|
+
* The returned object goes straight onto the wire to /presence/verify
|
|
82
|
+
* (or the future /login/verify). Each platform-specific impl is
|
|
83
|
+
* responsible for: (a) running the underlying ceremony, (b)
|
|
84
|
+
* shaping the result into AuthenticationResponseJSON, and (c) the
|
|
85
|
+
* userHandle strip.
|
|
86
|
+
*/
|
|
87
|
+
assertForServer(opts: {
|
|
88
|
+
optionsJSON: WebAuthnRequestOptions;
|
|
89
|
+
}): Promise<WebAuthnAssertionResponse>;
|
|
90
|
+
/**
|
|
91
|
+
* Internal-use variant of assertForServer. Runs the same WebAuthn
|
|
92
|
+
* ceremony and returns the same sanitized assertion (userHandle
|
|
93
|
+
* stripped on the platform boundary), but ALSO surfaces the
|
|
94
|
+
* captured userHandle + credential id separately for the SDK
|
|
95
|
+
* orchestrator's downstream postMessage payload — the iframe needs
|
|
96
|
+
* the userHandle bytes to do AES-GCM unwrap of the DEK after the
|
|
97
|
+
* presence ceremony mints the scoped tokens.
|
|
98
|
+
*
|
|
99
|
+
* DEK hygiene boundary: the sanitized `response` field still has
|
|
100
|
+
* `response.userHandle === undefined`. The separate
|
|
101
|
+
* `userHandleB64url` field stays inside the orchestrator and is
|
|
102
|
+
* postMessaged to the iframe — never sent over the network to the
|
|
103
|
+
* presence-verify server call. The strip is enforced by the impl;
|
|
104
|
+
* the separate surfacing is opt-in via this method.
|
|
105
|
+
*/
|
|
106
|
+
assertForInternalPresence(opts: {
|
|
107
|
+
optionsJSON: WebAuthnRequestOptions;
|
|
108
|
+
}): Promise<{
|
|
109
|
+
response: WebAuthnAssertionResponse;
|
|
110
|
+
userHandleB64url: string;
|
|
111
|
+
credentialIdB64url: string;
|
|
112
|
+
}>;
|
|
113
|
+
}
|
|
114
|
+
/**
|
|
115
|
+
* Subset of `PublicKeyCredentialRequestOptionsJSON` we forward to the
|
|
116
|
+
* platform impl. Kept loose-typed so a server adding fields doesn't
|
|
117
|
+
* require an interface change here.
|
|
118
|
+
*/
|
|
119
|
+
interface WebAuthnRequestOptions {
|
|
120
|
+
challenge: string;
|
|
121
|
+
rpId?: string;
|
|
122
|
+
allowCredentials?: Array<{
|
|
123
|
+
id: string;
|
|
124
|
+
type?: string;
|
|
125
|
+
transports?: string[];
|
|
126
|
+
}>;
|
|
127
|
+
userVerification?: string;
|
|
128
|
+
timeout?: number;
|
|
129
|
+
extensions?: Record<string, unknown>;
|
|
130
|
+
}
|
|
131
|
+
/**
|
|
132
|
+
* Standard `AuthenticationResponseJSON` shape, with `userHandle`
|
|
133
|
+
* deliberately optional because the assertForServer contract is that
|
|
134
|
+
* impls strip it before returning. The field stays in the type so a
|
|
135
|
+
* server-side decoder can still parse it (= undefined) without a
|
|
136
|
+
* union mismatch.
|
|
137
|
+
*/
|
|
138
|
+
interface WebAuthnAssertionResponse {
|
|
139
|
+
id: string;
|
|
140
|
+
rawId: string;
|
|
141
|
+
type: string;
|
|
142
|
+
response: {
|
|
143
|
+
clientDataJSON: string;
|
|
144
|
+
authenticatorData: string;
|
|
145
|
+
signature: string;
|
|
146
|
+
userHandle?: undefined;
|
|
147
|
+
};
|
|
148
|
+
clientExtensionResults?: Record<string, unknown>;
|
|
149
|
+
authenticatorAttachment?: string;
|
|
150
|
+
}
|
|
151
|
+
/**
|
|
152
|
+
* KvStorage — async key/value storage for ID tokens + session metadata.
|
|
153
|
+
* Web wraps `localStorage` (sync, lifted to a resolved Promise); RN
|
|
154
|
+
* wraps `@react-native-async-storage/async-storage` (natively async).
|
|
155
|
+
*
|
|
156
|
+
* Always async at the interface to unify both platforms.
|
|
157
|
+
*/
|
|
158
|
+
interface KvStorage {
|
|
159
|
+
get(key: string): Promise<string | null>;
|
|
160
|
+
set(key: string, value: string): Promise<void>;
|
|
161
|
+
remove(key: string): Promise<void>;
|
|
162
|
+
}
|
|
163
|
+
/**
|
|
164
|
+
* OAuthOpener — start an OAuth authorize request and wait for the
|
|
165
|
+
* provider redirect to return with `code` + `state`. Web uses a
|
|
166
|
+
* full-page redirect or popup (completion picked up by
|
|
167
|
+
* `useOAuthCompletion` listening for postMessages); RN uses
|
|
168
|
+
* `expo-web-browser.openAuthSessionAsync` (single Promise resolves on
|
|
169
|
+
* deep-link callback).
|
|
170
|
+
*/
|
|
171
|
+
interface OAuthOpener {
|
|
172
|
+
open(opts: {
|
|
173
|
+
authorizeUrl: string;
|
|
174
|
+
redirectUrl: string;
|
|
175
|
+
}): Promise<{
|
|
176
|
+
code: string;
|
|
177
|
+
state: string;
|
|
178
|
+
}>;
|
|
179
|
+
}
|
|
180
|
+
/**
|
|
181
|
+
* The bundle of platform impls that the SDK factories accept. Provider
|
|
182
|
+
* components on each platform construct one of these once and pass it
|
|
183
|
+
* through to the factories.
|
|
184
|
+
*/
|
|
185
|
+
interface PlatformImpls {
|
|
186
|
+
transport: Transport;
|
|
187
|
+
passkey: PasskeyAssertor;
|
|
188
|
+
storage: KvStorage;
|
|
189
|
+
oauth: OAuthOpener;
|
|
190
|
+
}
|
|
191
|
+
|
|
192
|
+
export type { KvStorage as K, OAuthOpener as O, PasskeyAssertor as P, Transport as T, WebAuthnAssertionResponse as W, PlatformImpls as a, WebAuthnRequestOptions as b };
|
package/dist/lib/index.d.mts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export { C as CachedAssertion,
|
|
1
|
+
export { C as CachedAssertion, g as generatePasskeyUserId } from '../passkey-cache-WnDFQ-v4.mjs';
|
|
2
2
|
export { a as PasskeyFormFactor, P as PasskeyMetadata, b as PasskeyMetadataInput, f as formatPasskeyLabel, r as resolvePasskeyMetadata } from '../passkey-metadata-QqFF2SWQ.mjs';
|
|
3
3
|
import { C as Chain } from '../chain-C9dvKXUY.mjs';
|
|
4
4
|
import { SiweMessage } from 'siwe';
|
package/dist/lib/index.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export { C as CachedAssertion,
|
|
1
|
+
export { C as CachedAssertion, g as generatePasskeyUserId } from '../passkey-cache-WnDFQ-v4.js';
|
|
2
2
|
export { a as PasskeyFormFactor, P as PasskeyMetadata, b as PasskeyMetadataInput, f as formatPasskeyLabel, r as resolvePasskeyMetadata } from '../passkey-metadata-QqFF2SWQ.js';
|
|
3
3
|
import { C as Chain } from '../chain-C9dvKXUY.js';
|
|
4
4
|
import { SiweMessage } from 'siwe';
|
package/dist/lib/index.js
CHANGED
|
@@ -40,14 +40,12 @@ __export(lib_exports, {
|
|
|
40
40
|
broadcastSolanaSigned: () => broadcastSolanaSigned,
|
|
41
41
|
bs58ToBytes: () => bs58ToBytes,
|
|
42
42
|
buildUrl: () => buildUrl,
|
|
43
|
-
clearParentAssertCache: () => clearParentAssertCache,
|
|
44
43
|
createManualSiweMessage: () => createManualSiweMessage,
|
|
45
44
|
estimateEvmGas: () => estimateEvmGas,
|
|
46
45
|
estimateEvmGasReserve: () => estimateEvmGasReserve,
|
|
47
46
|
formatPasskeyLabel: () => formatPasskeyLabel,
|
|
48
47
|
fromB64url: () => fromB64url,
|
|
49
48
|
generatePasskeyUserId: () => generatePasskeyUserId,
|
|
50
|
-
getAssertCacheTtlMs: () => getAssertCacheTtlMs,
|
|
51
49
|
getChainById: () => getChainById,
|
|
52
50
|
getDefaultChain: () => getDefaultChain,
|
|
53
51
|
getEvmGasPrice: () => getEvmGasPrice,
|
|
@@ -60,18 +58,14 @@ __export(lib_exports, {
|
|
|
60
58
|
isChainSupported: () => isChainSupported,
|
|
61
59
|
prepareEvmSendTransaction: () => prepareEvmSendTransaction,
|
|
62
60
|
prepareEvmSignTransaction: () => prepareEvmSignTransaction,
|
|
63
|
-
readParentAssertCache: () => readParentAssertCache,
|
|
64
61
|
resolveEvmChain: () => resolveEvmChain,
|
|
65
62
|
resolvePasskeyMetadata: () => resolvePasskeyMetadata,
|
|
66
63
|
sanitizeUserData: () => sanitizeUserData,
|
|
67
64
|
serializeEthereumTransaction: () => serializeEthereumTransaction,
|
|
68
|
-
setAssertCacheTtlMs: () => setAssertCacheTtlMs,
|
|
69
65
|
setChainRpcUrl: () => setChainRpcUrl,
|
|
70
66
|
toB64url: () => toB64url,
|
|
71
67
|
validateChainConfig: () => validateChainConfig,
|
|
72
|
-
verifyIdToken: () => verifyIdToken
|
|
73
|
-
withClearOnFailure: () => withClearOnFailure,
|
|
74
|
-
writeParentAssertCache: () => writeParentAssertCache
|
|
68
|
+
verifyIdToken: () => verifyIdToken
|
|
75
69
|
});
|
|
76
70
|
module.exports = __toCommonJS(lib_exports);
|
|
77
71
|
|
|
@@ -190,39 +184,6 @@ var toB64url = (bytes) => {
|
|
|
190
184
|
};
|
|
191
185
|
|
|
192
186
|
// src/lib/passkey/passkey-cache.ts
|
|
193
|
-
var cacheTtlMs = 0;
|
|
194
|
-
var cache = null;
|
|
195
|
-
var setAssertCacheTtlMs = (ms) => {
|
|
196
|
-
cacheTtlMs = Math.max(0, Math.floor(ms));
|
|
197
|
-
if (cacheTtlMs === 0) {
|
|
198
|
-
cache = null;
|
|
199
|
-
}
|
|
200
|
-
};
|
|
201
|
-
var getAssertCacheTtlMs = () => cacheTtlMs;
|
|
202
|
-
var clearParentAssertCache = () => {
|
|
203
|
-
cache = null;
|
|
204
|
-
};
|
|
205
|
-
var readParentAssertCache = () => {
|
|
206
|
-
if (cacheTtlMs <= 0) return null;
|
|
207
|
-
if (!cache) return null;
|
|
208
|
-
if (Date.now() - cache.ts >= cacheTtlMs) return null;
|
|
209
|
-
return {
|
|
210
|
-
userHandleB64url: cache.userHandleB64url,
|
|
211
|
-
credentialIdB64url: cache.credentialIdB64url
|
|
212
|
-
};
|
|
213
|
-
};
|
|
214
|
-
var writeParentAssertCache = (entry) => {
|
|
215
|
-
if (cacheTtlMs <= 0) return;
|
|
216
|
-
cache = { ...entry, ts: Date.now() };
|
|
217
|
-
};
|
|
218
|
-
var withClearOnFailure = async (fn) => {
|
|
219
|
-
try {
|
|
220
|
-
return await fn();
|
|
221
|
-
} catch (error) {
|
|
222
|
-
clearParentAssertCache();
|
|
223
|
-
throw error;
|
|
224
|
-
}
|
|
225
|
-
};
|
|
226
187
|
var generatePasskeyUserId = () => {
|
|
227
188
|
const bytes = crypto.getRandomValues(new Uint8Array(32));
|
|
228
189
|
return { userIdB64url: toB64url(bytes), userIdBytes: bytes };
|
|
@@ -1587,14 +1548,12 @@ var bs58ToBytes = async (value) => {
|
|
|
1587
1548
|
broadcastSolanaSigned,
|
|
1588
1549
|
bs58ToBytes,
|
|
1589
1550
|
buildUrl,
|
|
1590
|
-
clearParentAssertCache,
|
|
1591
1551
|
createManualSiweMessage,
|
|
1592
1552
|
estimateEvmGas,
|
|
1593
1553
|
estimateEvmGasReserve,
|
|
1594
1554
|
formatPasskeyLabel,
|
|
1595
1555
|
fromB64url,
|
|
1596
1556
|
generatePasskeyUserId,
|
|
1597
|
-
getAssertCacheTtlMs,
|
|
1598
1557
|
getChainById,
|
|
1599
1558
|
getDefaultChain,
|
|
1600
1559
|
getEvmGasPrice,
|
|
@@ -1607,16 +1566,12 @@ var bs58ToBytes = async (value) => {
|
|
|
1607
1566
|
isChainSupported,
|
|
1608
1567
|
prepareEvmSendTransaction,
|
|
1609
1568
|
prepareEvmSignTransaction,
|
|
1610
|
-
readParentAssertCache,
|
|
1611
1569
|
resolveEvmChain,
|
|
1612
1570
|
resolvePasskeyMetadata,
|
|
1613
1571
|
sanitizeUserData,
|
|
1614
1572
|
serializeEthereumTransaction,
|
|
1615
|
-
setAssertCacheTtlMs,
|
|
1616
1573
|
setChainRpcUrl,
|
|
1617
1574
|
toB64url,
|
|
1618
1575
|
validateChainConfig,
|
|
1619
|
-
verifyIdToken
|
|
1620
|
-
withClearOnFailure,
|
|
1621
|
-
writeParentAssertCache
|
|
1576
|
+
verifyIdToken
|
|
1622
1577
|
});
|