@moon-x/core 0.2.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (40) hide show
  1. package/README.md +2 -2
  2. package/dist/{chunk-CDT4MC7S.mjs → chunk-6LTEG7VN.mjs} +0 -39
  3. package/dist/{chunk-SOKLPX7V.mjs → chunk-VVL65GIB.mjs} +10 -0
  4. package/dist/index.d.mts +2 -2
  5. package/dist/index.d.ts +2 -2
  6. package/dist/index.js +10 -0
  7. package/dist/index.mjs +1 -1
  8. package/dist/interfaces-cdKh3sLA.d.mts +192 -0
  9. package/dist/interfaces-pNTEOKaK.d.ts +192 -0
  10. package/dist/lib/index.d.mts +1 -1
  11. package/dist/lib/index.d.ts +1 -1
  12. package/dist/lib/index.js +2 -47
  13. package/dist/lib/index.mjs +3 -15
  14. package/dist/passkey-cache-WnDFQ-v4.d.mts +26 -0
  15. package/dist/passkey-cache-WnDFQ-v4.d.ts +26 -0
  16. package/dist/{post-message-C_99BCBh.d.mts → post-message-CmgAfkOS.d.mts} +2 -0
  17. package/dist/{post-message-C_99BCBh.d.ts → post-message-CmgAfkOS.d.ts} +2 -0
  18. package/dist/react/index.d.mts +1 -0
  19. package/dist/react/index.d.ts +1 -0
  20. package/dist/react/index.js +2 -1
  21. package/dist/react/index.mjs +3 -2
  22. package/dist/sdk/index.d.mts +52 -21
  23. package/dist/sdk/index.d.ts +52 -21
  24. package/dist/sdk/index.js +252 -102
  25. package/dist/sdk/index.mjs +241 -80
  26. package/dist/types/index.d.mts +19 -12
  27. package/dist/types/index.d.ts +19 -12
  28. package/dist/utils/index.d.mts +1 -1
  29. package/dist/utils/index.d.ts +1 -1
  30. package/dist/utils/index.js +10 -0
  31. package/dist/utils/index.mjs +1 -1
  32. package/dist/web/index.d.mts +2 -2
  33. package/dist/web/index.d.ts +2 -2
  34. package/dist/web/index.js +50 -114
  35. package/dist/web/index.mjs +51 -58
  36. package/package.json +6 -2
  37. package/dist/interfaces-9k0eKCc4.d.ts +0 -120
  38. package/dist/interfaces-fNhwnCeY.d.mts +0 -120
  39. package/dist/passkey-cache-B9PT3AWX.d.mts +0 -47
  40. package/dist/passkey-cache-B9PT3AWX.d.ts +0 -47
package/dist/sdk/index.js CHANGED
@@ -31,10 +31,13 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
31
31
  var sdk_exports = {};
32
32
  __export(sdk_exports, {
33
33
  assertPasskeyInParent: () => assertPasskeyInParent,
34
+ flattenPresenceTokens: () => flattenPresenceTokens,
34
35
  getHeadlessAuthenticationMethods: () => getHeadlessAuthenticationMethods,
35
36
  getHeadlessEthereumMethods: () => getHeadlessEthereumMethods,
36
37
  getHeadlessGeneralMethods: () => getHeadlessGeneralMethods,
37
- getHeadlessSolanaMethods: () => getHeadlessSolanaMethods
38
+ getHeadlessSolanaMethods: () => getHeadlessSolanaMethods,
39
+ getInternalPresenceTokens: () => getInternalPresenceTokens,
40
+ getPresenceToken: () => getPresenceToken
38
41
  });
39
42
  module.exports = __toCommonJS(sdk_exports);
40
43
 
@@ -65,34 +68,6 @@ var toB64url = (bytes) => {
65
68
  return btoa(str).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
66
69
  };
67
70
 
68
- // src/lib/passkey/passkey-cache.ts
69
- var cacheTtlMs = 0;
70
- var cache = null;
71
- var clearParentAssertCache = () => {
72
- cache = null;
73
- };
74
- var readParentAssertCache = () => {
75
- if (cacheTtlMs <= 0) return null;
76
- if (!cache) return null;
77
- if (Date.now() - cache.ts >= cacheTtlMs) return null;
78
- return {
79
- userHandleB64url: cache.userHandleB64url,
80
- credentialIdB64url: cache.credentialIdB64url
81
- };
82
- };
83
- var writeParentAssertCache = (entry) => {
84
- if (cacheTtlMs <= 0) return;
85
- cache = { ...entry, ts: Date.now() };
86
- };
87
- var withClearOnFailure = async (fn) => {
88
- try {
89
- return await fn();
90
- } catch (error) {
91
- clearParentAssertCache();
92
- throw error;
93
- }
94
- };
95
-
96
71
  // src/lib/ethereum/chains.ts
97
72
  var import_viem = require("viem");
98
73
 
@@ -282,6 +257,16 @@ var PostMessageMethod = {
282
257
  // begin/verify HTTP calls (where the session JWT lives).
283
258
  PASSKEY_REGISTER_BEGIN: "PASSKEY_REGISTER_BEGIN",
284
259
  PASSKEY_REGISTER_VERIFY: "PASSKEY_REGISTER_VERIFY",
260
+ // Passkey-asserted step-up ("presence token"). Same split as register:
261
+ // parent owns the WebAuthn API call; iframe owns the begin/verify
262
+ // HTTP halves (where the session JWT lives). Mints a short-lived
263
+ // (`tt:"presence"`) JWT app backends can verify over JWKS.
264
+ // CRITICAL: parent MUST strip response.userHandle from the assertion
265
+ // before posting PASSKEY_PRESENCE_VERIFY. The userHandle carries DEK
266
+ // material in MoonX's overloaded model and has no business reaching
267
+ // the server. The server also defensively never reads it.
268
+ PASSKEY_PRESENCE_BEGIN: "PASSKEY_PRESENCE_BEGIN",
269
+ PASSKEY_PRESENCE_VERIFY: "PASSKEY_PRESENCE_VERIFY",
285
270
  GET_PASSKEY_STATUS: "GET_PASSKEY_STATUS",
286
271
  // Parent-side passkey assertion plumbing. Parent calls GET_DEK_INFO
287
272
  // to learn which credential IDs to put in allowCredentials and to
@@ -306,12 +291,8 @@ var assertPasskeyInParent = async ({
306
291
  transport,
307
292
  passkey,
308
293
  publishableKey,
309
- requireFreshAssertion = false
294
+ validateCredentialInAllowList = false
310
295
  }) => {
311
- if (!requireFreshAssertion) {
312
- const cached = readParentAssertCache();
313
- if (cached) return cached;
314
- }
315
296
  const dekInfo = await transport.send(
316
297
  PostMessageType.AUTH,
317
298
  PostMessageMethod.GET_DEK_INFO,
@@ -332,27 +313,104 @@ var assertPasskeyInParent = async ({
332
313
  challenge,
333
314
  allowCredentials: []
334
315
  });
335
- const result = {
316
+ if (validateCredentialInAllowList && !allowList.includes(credential.rawIdB64url)) {
317
+ throw new Error("unknown_passkey_for_this_account");
318
+ }
319
+ return {
336
320
  userHandleB64url: credential.userHandleB64url,
337
321
  credentialIdB64url: credential.rawIdB64url
338
322
  };
339
- writeParentAssertCache(result);
340
- return result;
323
+ };
324
+
325
+ // src/sdk/get-presence-token.ts
326
+ var getPresenceToken = async ({
327
+ transport,
328
+ passkey,
329
+ publishableKey,
330
+ relyingPartyOrigin
331
+ }) => {
332
+ const { token, optionsJSON } = await transport.send(
333
+ PostMessageType.AUTH,
334
+ PostMessageMethod.PASSKEY_PRESENCE_BEGIN,
335
+ { publishableKey, relyingPartyOrigin }
336
+ );
337
+ const response = await passkey.assertForServer({ optionsJSON });
338
+ const verify = await transport.send(
339
+ PostMessageType.AUTH,
340
+ PostMessageMethod.PASSKEY_PRESENCE_VERIFY,
341
+ {
342
+ publishableKey,
343
+ relyingPartyOrigin,
344
+ token,
345
+ response
346
+ }
347
+ );
348
+ return {
349
+ presenceToken: verify.presence_token,
350
+ expiresAt: verify.expires_at
351
+ };
352
+ };
353
+
354
+ // src/sdk/get-internal-presence-tokens.ts
355
+ var getInternalPresenceTokens = async ({
356
+ transport,
357
+ passkey,
358
+ publishableKey,
359
+ relyingPartyOrigin,
360
+ scopes
361
+ }) => {
362
+ const { token, optionsJSON } = await transport.send(
363
+ PostMessageType.AUTH,
364
+ PostMessageMethod.PASSKEY_PRESENCE_BEGIN,
365
+ { publishableKey, relyingPartyOrigin }
366
+ );
367
+ const { response, userHandleB64url, credentialIdB64url } = await passkey.assertForInternalPresence({ optionsJSON });
368
+ const verify = await transport.send(
369
+ PostMessageType.AUTH,
370
+ PostMessageMethod.PASSKEY_PRESENCE_VERIFY,
371
+ {
372
+ publishableKey,
373
+ relyingPartyOrigin,
374
+ token,
375
+ response,
376
+ purpose: "internal",
377
+ scopes
378
+ }
379
+ );
380
+ const out = {};
381
+ for (const [scope, t] of Object.entries(verify.tokens ?? {})) {
382
+ out[scope] = { token: t.token, expiresAt: t.expires_at };
383
+ }
384
+ return {
385
+ tokens: out,
386
+ userHandleB64url,
387
+ credentialIdB64url
388
+ };
389
+ };
390
+ var flattenPresenceTokens = (result) => {
391
+ const out = {};
392
+ for (const [scope, t] of Object.entries(result.tokens)) {
393
+ out[scope] = t.token;
394
+ }
395
+ return out;
341
396
  };
342
397
 
343
398
  // src/sdk/headless-ethereum.ts
399
+ var SCOPES_SIGN = ["keyshare_read", "sign"];
344
400
  var getHeadlessEthereumMethods = ({
345
401
  transport,
346
402
  passkey,
347
- publishableKey
403
+ publishableKey,
404
+ relyingPartyOrigin
348
405
  }) => ({
349
- signEthereumMessageHeadless: async (params) => withClearOnFailure(async () => {
406
+ signEthereumMessageHeadless: async (params) => {
350
407
  if (!transport.isReady()) throw new Error("SDK not ready");
351
- const { userHandleB64url, credentialIdB64url } = await assertPasskeyInParent({
408
+ const { userHandleB64url, credentialIdB64url, tokens } = await getInternalPresenceTokens({
352
409
  transport,
353
410
  passkey,
354
411
  publishableKey,
355
- requireFreshAssertion: params.requireFreshAssertion
412
+ relyingPartyOrigin,
413
+ scopes: SCOPES_SIGN
356
414
  });
357
415
  return transport.send(
358
416
  PostMessageType.WALLET,
@@ -363,17 +421,23 @@ var getHeadlessEthereumMethods = ({
363
421
  wallet: params.wallet,
364
422
  uiOptions: params.options?.uiOptions,
365
423
  userHandleB64url,
366
- credentialIdB64url
424
+ credentialIdB64url,
425
+ presenceTokens: flattenPresenceTokens({
426
+ tokens,
427
+ userHandleB64url,
428
+ credentialIdB64url
429
+ })
367
430
  }
368
431
  );
369
- }),
370
- signEthereumTransactionHeadless: async (params) => withClearOnFailure(async () => {
432
+ },
433
+ signEthereumTransactionHeadless: async (params) => {
371
434
  if (!transport.isReady()) throw new Error("SDK not ready");
372
- const { userHandleB64url, credentialIdB64url } = await assertPasskeyInParent({
435
+ const { userHandleB64url, credentialIdB64url, tokens } = await getInternalPresenceTokens({
373
436
  transport,
374
437
  passkey,
375
438
  publishableKey,
376
- requireFreshAssertion: params.requireFreshAssertion
439
+ relyingPartyOrigin,
440
+ scopes: SCOPES_SIGN
377
441
  });
378
442
  return transport.send(
379
443
  PostMessageType.WALLET,
@@ -385,17 +449,23 @@ var getHeadlessEthereumMethods = ({
385
449
  wallet: params.wallet,
386
450
  options: params.options,
387
451
  userHandleB64url,
388
- credentialIdB64url
452
+ credentialIdB64url,
453
+ presenceTokens: flattenPresenceTokens({
454
+ tokens,
455
+ userHandleB64url,
456
+ credentialIdB64url
457
+ })
389
458
  }
390
459
  );
391
- }),
392
- signEthereumTypedDataHeadless: async (params) => withClearOnFailure(async () => {
460
+ },
461
+ signEthereumTypedDataHeadless: async (params) => {
393
462
  if (!transport.isReady()) throw new Error("SDK not ready");
394
- const { userHandleB64url, credentialIdB64url } = await assertPasskeyInParent({
463
+ const { userHandleB64url, credentialIdB64url, tokens } = await getInternalPresenceTokens({
395
464
  transport,
396
465
  passkey,
397
466
  publishableKey,
398
- requireFreshAssertion: params.requireFreshAssertion
467
+ relyingPartyOrigin,
468
+ scopes: SCOPES_SIGN
399
469
  });
400
470
  return transport.send(
401
471
  PostMessageType.WALLET,
@@ -409,17 +479,23 @@ var getHeadlessEthereumMethods = ({
409
479
  wallet: params.wallet,
410
480
  options: params.options,
411
481
  userHandleB64url,
412
- credentialIdB64url
482
+ credentialIdB64url,
483
+ presenceTokens: flattenPresenceTokens({
484
+ tokens,
485
+ userHandleB64url,
486
+ credentialIdB64url
487
+ })
413
488
  }
414
489
  );
415
- }),
416
- signEthereumHashHeadless: async (params) => withClearOnFailure(async () => {
490
+ },
491
+ signEthereumHashHeadless: async (params) => {
417
492
  if (!transport.isReady()) throw new Error("SDK not ready");
418
- const { userHandleB64url, credentialIdB64url } = await assertPasskeyInParent({
493
+ const { userHandleB64url, credentialIdB64url, tokens } = await getInternalPresenceTokens({
419
494
  transport,
420
495
  passkey,
421
496
  publishableKey,
422
- requireFreshAssertion: params.requireFreshAssertion
497
+ relyingPartyOrigin,
498
+ scopes: SCOPES_SIGN
423
499
  });
424
500
  return transport.send(
425
501
  PostMessageType.WALLET,
@@ -430,17 +506,23 @@ var getHeadlessEthereumMethods = ({
430
506
  wallet: params.wallet,
431
507
  options: params.options,
432
508
  userHandleB64url,
433
- credentialIdB64url
509
+ credentialIdB64url,
510
+ presenceTokens: flattenPresenceTokens({
511
+ tokens,
512
+ userHandleB64url,
513
+ credentialIdB64url
514
+ })
434
515
  }
435
516
  );
436
- }),
437
- signEthereum7702AuthorizationHeadless: async (params) => withClearOnFailure(async () => {
517
+ },
518
+ signEthereum7702AuthorizationHeadless: async (params) => {
438
519
  if (!transport.isReady()) throw new Error("SDK not ready");
439
- const { userHandleB64url, credentialIdB64url } = await assertPasskeyInParent({
520
+ const { userHandleB64url, credentialIdB64url, tokens } = await getInternalPresenceTokens({
440
521
  transport,
441
522
  passkey,
442
523
  publishableKey,
443
- requireFreshAssertion: params.requireFreshAssertion
524
+ relyingPartyOrigin,
525
+ scopes: SCOPES_SIGN
444
526
  });
445
527
  return transport.send(
446
528
  PostMessageType.WALLET,
@@ -454,17 +536,23 @@ var getHeadlessEthereumMethods = ({
454
536
  wallet: params.wallet,
455
537
  options: params.options,
456
538
  userHandleB64url,
457
- credentialIdB64url
539
+ credentialIdB64url,
540
+ presenceTokens: flattenPresenceTokens({
541
+ tokens,
542
+ userHandleB64url,
543
+ credentialIdB64url
544
+ })
458
545
  }
459
546
  );
460
- }),
461
- sendEthereumTransactionHeadless: async (params) => withClearOnFailure(async () => {
547
+ },
548
+ sendEthereumTransactionHeadless: async (params) => {
462
549
  if (!transport.isReady()) throw new Error("SDK not ready");
463
- const { userHandleB64url, credentialIdB64url } = await assertPasskeyInParent({
550
+ const { userHandleB64url, credentialIdB64url, tokens } = await getInternalPresenceTokens({
464
551
  transport,
465
552
  passkey,
466
553
  publishableKey,
467
- requireFreshAssertion: params.requireFreshAssertion
554
+ relyingPartyOrigin,
555
+ scopes: SCOPES_SIGN
468
556
  });
469
557
  const serializedTransaction = await serializeEthereumTransaction(
470
558
  params.transaction
@@ -478,7 +566,12 @@ var getHeadlessEthereumMethods = ({
478
566
  wallet: params.wallet,
479
567
  options: params.options,
480
568
  userHandleB64url,
481
- credentialIdB64url
569
+ credentialIdB64url,
570
+ presenceTokens: flattenPresenceTokens({
571
+ tokens,
572
+ userHandleB64url,
573
+ credentialIdB64url
574
+ })
482
575
  }
483
576
  );
484
577
  if (!signed.serializedSigned) {
@@ -491,7 +584,7 @@ var getHeadlessEthereumMethods = ({
491
584
  signed.serializedSigned
492
585
  );
493
586
  return { hash };
494
- }),
587
+ },
495
588
  getEthereumBalance: async (params) => {
496
589
  if (!transport.isReady()) throw new Error("SDK not ready");
497
590
  return transport.send(
@@ -527,18 +620,21 @@ var getHeadlessEthereumMethods = ({
527
620
  });
528
621
 
529
622
  // src/sdk/headless-solana.ts
623
+ var SCOPES_SIGN2 = ["keyshare_read", "sign"];
530
624
  var getHeadlessSolanaMethods = ({
531
625
  transport,
532
626
  passkey,
533
- publishableKey
627
+ publishableKey,
628
+ relyingPartyOrigin
534
629
  }) => ({
535
- signSolanaMessageHeadless: async (params) => withClearOnFailure(async () => {
630
+ signSolanaMessageHeadless: async (params) => {
536
631
  if (!transport.isReady()) throw new Error("SDK not ready");
537
- const { userHandleB64url, credentialIdB64url } = await assertPasskeyInParent({
632
+ const { userHandleB64url, credentialIdB64url, tokens } = await getInternalPresenceTokens({
538
633
  transport,
539
634
  passkey,
540
635
  publishableKey,
541
- requireFreshAssertion: params.requireFreshAssertion
636
+ relyingPartyOrigin,
637
+ scopes: SCOPES_SIGN2
542
638
  });
543
639
  const { signature } = await transport.send(
544
640
  PostMessageType.WALLET,
@@ -549,18 +645,24 @@ var getHeadlessSolanaMethods = ({
549
645
  wallet: params.wallet,
550
646
  uiOptions: params.options?.uiOptions,
551
647
  userHandleB64url,
552
- credentialIdB64url
648
+ credentialIdB64url,
649
+ presenceTokens: flattenPresenceTokens({
650
+ tokens,
651
+ userHandleB64url,
652
+ credentialIdB64url
653
+ })
553
654
  }
554
655
  );
555
656
  return { signature: arrayLikeToBytes(signature) };
556
- }),
557
- signSolanaTransactionHeadless: async (params) => withClearOnFailure(async () => {
657
+ },
658
+ signSolanaTransactionHeadless: async (params) => {
558
659
  if (!transport.isReady()) throw new Error("SDK not ready");
559
- const { userHandleB64url, credentialIdB64url } = await assertPasskeyInParent({
660
+ const { userHandleB64url, credentialIdB64url, tokens } = await getInternalPresenceTokens({
560
661
  transport,
561
662
  passkey,
562
663
  publishableKey,
563
- requireFreshAssertion: params.requireFreshAssertion
664
+ relyingPartyOrigin,
665
+ scopes: SCOPES_SIGN2
564
666
  });
565
667
  const { signedTransaction } = await transport.send(
566
668
  PostMessageType.WALLET,
@@ -571,18 +673,24 @@ var getHeadlessSolanaMethods = ({
571
673
  wallet: params.wallet,
572
674
  options: params.options,
573
675
  userHandleB64url,
574
- credentialIdB64url
676
+ credentialIdB64url,
677
+ presenceTokens: flattenPresenceTokens({
678
+ tokens,
679
+ userHandleB64url,
680
+ credentialIdB64url
681
+ })
575
682
  }
576
683
  );
577
684
  return { signedTransaction: await bs58ToBytes(signedTransaction) };
578
- }),
579
- sendSolanaTransactionHeadless: async (params) => withClearOnFailure(async () => {
685
+ },
686
+ sendSolanaTransactionHeadless: async (params) => {
580
687
  if (!transport.isReady()) throw new Error("SDK not ready");
581
- const { userHandleB64url, credentialIdB64url } = await assertPasskeyInParent({
688
+ const { userHandleB64url, credentialIdB64url, tokens } = await getInternalPresenceTokens({
582
689
  transport,
583
690
  passkey,
584
691
  publishableKey,
585
- requireFreshAssertion: params.requireFreshAssertion
692
+ relyingPartyOrigin,
693
+ scopes: SCOPES_SIGN2
586
694
  });
587
695
  const { signedTransaction } = await transport.send(
588
696
  PostMessageType.WALLET,
@@ -593,7 +701,12 @@ var getHeadlessSolanaMethods = ({
593
701
  wallet: params.wallet,
594
702
  options: params.options,
595
703
  userHandleB64url,
596
- credentialIdB64url
704
+ credentialIdB64url,
705
+ presenceTokens: flattenPresenceTokens({
706
+ tokens,
707
+ userHandleB64url,
708
+ credentialIdB64url
709
+ })
597
710
  }
598
711
  );
599
712
  const broadcastSignature = await broadcastSolanaSigned(
@@ -601,7 +714,7 @@ var getHeadlessSolanaMethods = ({
601
714
  signedTransaction
602
715
  );
603
716
  return { signature: await bs58ToBytes(broadcastSignature) };
604
- }),
717
+ },
605
718
  getSolanaBalance: async (params) => {
606
719
  if (!transport.isReady()) throw new Error("SDK not ready");
607
720
  return transport.send(
@@ -624,13 +737,17 @@ var getHeadlessSolanaMethods = ({
624
737
  var getHeadlessAuthenticationMethods = ({
625
738
  transport,
626
739
  publishableKey,
627
- emailConfig,
628
740
  setIsAuthenticated,
629
741
  setUser
630
742
  }) => ({
631
- /** Send a one-time passcode to the user's email address. */
743
+ /**
744
+ * Send a one-time passcode to the user's email address. Returns the
745
+ * server's response — most importantly `expires_at` (unix seconds),
746
+ * which the UI uses to render a countdown that cannot drift from the
747
+ * authoritative server-side TTL.
748
+ */
632
749
  sendCode: async (params) => {
633
- await transport.send(
750
+ const response = await transport.send(
634
751
  PostMessageType.AUTH,
635
752
  PostMessageMethod.LOGIN_CREATE,
636
753
  {
@@ -641,6 +758,7 @@ var getHeadlessAuthenticationMethods = ({
641
758
  );
642
759
  authState.clearEmail();
643
760
  authState.setEmail(params.email);
761
+ return response;
644
762
  },
645
763
  /**
646
764
  * Verify the OTP and complete the login. The iframe-app handles
@@ -656,8 +774,7 @@ var getHeadlessAuthenticationMethods = ({
656
774
  {
657
775
  email,
658
776
  code: params.code,
659
- publishableKey,
660
- expiresIn: emailConfig?.expiresIn
777
+ publishableKey
661
778
  }
662
779
  );
663
780
  authState.clearEmail();
@@ -709,11 +826,15 @@ var getHeadlessAuthenticationMethods = ({
709
826
  });
710
827
 
711
828
  // src/sdk/headless-general.ts
829
+ var SCOPES_CREATE_WALLET = ["dek_bootstrap", "keyshare_write"];
830
+ var SCOPES_IMPORT_KEY = ["dek_bootstrap", "keyshare_write"];
831
+ var SCOPES_REMOVE_PASSKEY = ["passkey_remove"];
712
832
  var getHeadlessGeneralMethods = ({
713
833
  transport,
714
834
  passkey,
715
835
  storage,
716
836
  publishableKey,
837
+ relyingPartyOrigin,
717
838
  setIsAuthenticated,
718
839
  setUser
719
840
  }) => ({
@@ -723,18 +844,34 @@ var getHeadlessGeneralMethods = ({
723
844
  { publishableKey }
724
845
  ),
725
846
  removePasskey: async (credentialIdB64url) => {
847
+ const { tokens, userHandleB64url, credentialIdB64url: assertedCredId } = await getInternalPresenceTokens({
848
+ transport,
849
+ passkey,
850
+ publishableKey,
851
+ relyingPartyOrigin,
852
+ scopes: SCOPES_REMOVE_PASSKEY
853
+ });
726
854
  await transport.send(
727
855
  PostMessageType.AUTH,
728
856
  PostMessageMethod.REMOVE_PASSKEY,
729
- { publishableKey, credentialIdB64url }
857
+ {
858
+ publishableKey,
859
+ credentialIdB64url,
860
+ presenceTokens: flattenPresenceTokens({
861
+ tokens,
862
+ userHandleB64url,
863
+ credentialIdB64url: assertedCredId
864
+ })
865
+ }
730
866
  );
731
867
  },
732
- createWallet: (walletType, options) => withClearOnFailure(async () => {
733
- const { userHandleB64url, credentialIdB64url } = await assertPasskeyInParent({
868
+ createWallet: async (walletType, options) => {
869
+ const { userHandleB64url, credentialIdB64url, tokens } = await getInternalPresenceTokens({
734
870
  transport,
735
871
  passkey,
736
872
  publishableKey,
737
- requireFreshAssertion: options?.requireFreshAssertion
873
+ relyingPartyOrigin,
874
+ scopes: SCOPES_CREATE_WALLET
738
875
  });
739
876
  const wallet = await transport.send(
740
877
  PostMessageType.WALLET,
@@ -744,17 +881,23 @@ var getHeadlessGeneralMethods = ({
744
881
  publishableKey,
745
882
  options,
746
883
  userHandleB64url,
747
- credentialIdB64url
884
+ credentialIdB64url,
885
+ presenceTokens: flattenPresenceTokens({
886
+ tokens,
887
+ userHandleB64url,
888
+ credentialIdB64url
889
+ })
748
890
  }
749
891
  );
750
892
  return { wallet };
751
- }),
752
- importKey: (walletType, key, options) => withClearOnFailure(async () => {
753
- const { userHandleB64url, credentialIdB64url } = await assertPasskeyInParent({
893
+ },
894
+ importKey: async (walletType, key) => {
895
+ const { userHandleB64url, credentialIdB64url, tokens } = await getInternalPresenceTokens({
754
896
  transport,
755
897
  passkey,
756
898
  publishableKey,
757
- requireFreshAssertion: options?.requireFreshAssertion
899
+ relyingPartyOrigin,
900
+ scopes: SCOPES_IMPORT_KEY
758
901
  });
759
902
  const wallet = await transport.send(
760
903
  PostMessageType.WALLET,
@@ -764,11 +907,16 @@ var getHeadlessGeneralMethods = ({
764
907
  publishableKey,
765
908
  key,
766
909
  userHandleB64url,
767
- credentialIdB64url
910
+ credentialIdB64url,
911
+ presenceTokens: flattenPresenceTokens({
912
+ tokens,
913
+ userHandleB64url,
914
+ credentialIdB64url
915
+ })
768
916
  }
769
917
  );
770
918
  return { wallet };
771
- }),
919
+ },
772
920
  getWallets: async (walletType) => {
773
921
  const { wallets } = await transport.send(
774
922
  PostMessageType.WALLET,
@@ -808,7 +956,6 @@ var getHeadlessGeneralMethods = ({
808
956
  await transport.send(PostMessageType.AUTH, PostMessageMethod.LOGOUT, {
809
957
  publishableKey
810
958
  });
811
- clearParentAssertCache();
812
959
  await storage.remove("id_token");
813
960
  if (setIsAuthenticated) setIsAuthenticated(false);
814
961
  if (setUser) setUser(null);
@@ -857,8 +1004,11 @@ var getHeadlessGeneralMethods = ({
857
1004
  // Annotate the CommonJS export names for ESM import in node:
858
1005
  0 && (module.exports = {
859
1006
  assertPasskeyInParent,
1007
+ flattenPresenceTokens,
860
1008
  getHeadlessAuthenticationMethods,
861
1009
  getHeadlessEthereumMethods,
862
1010
  getHeadlessGeneralMethods,
863
- getHeadlessSolanaMethods
1011
+ getHeadlessSolanaMethods,
1012
+ getInternalPresenceTokens,
1013
+ getPresenceToken
864
1014
  });