@moon-x/core 0.2.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/dist/{chunk-CDT4MC7S.mjs → chunk-6LTEG7VN.mjs} +0 -39
- package/dist/{chunk-SOKLPX7V.mjs → chunk-VVL65GIB.mjs} +10 -0
- package/dist/index.d.mts +2 -2
- package/dist/index.d.ts +2 -2
- package/dist/index.js +10 -0
- package/dist/index.mjs +1 -1
- package/dist/interfaces-cdKh3sLA.d.mts +192 -0
- package/dist/interfaces-pNTEOKaK.d.ts +192 -0
- package/dist/lib/index.d.mts +1 -1
- package/dist/lib/index.d.ts +1 -1
- package/dist/lib/index.js +2 -47
- package/dist/lib/index.mjs +3 -15
- package/dist/passkey-cache-WnDFQ-v4.d.mts +26 -0
- package/dist/passkey-cache-WnDFQ-v4.d.ts +26 -0
- package/dist/{post-message-C_99BCBh.d.mts → post-message-CmgAfkOS.d.mts} +2 -0
- package/dist/{post-message-C_99BCBh.d.ts → post-message-CmgAfkOS.d.ts} +2 -0
- package/dist/react/index.d.mts +1 -0
- package/dist/react/index.d.ts +1 -0
- package/dist/react/index.js +2 -1
- package/dist/react/index.mjs +3 -2
- package/dist/sdk/index.d.mts +52 -21
- package/dist/sdk/index.d.ts +52 -21
- package/dist/sdk/index.js +252 -102
- package/dist/sdk/index.mjs +241 -80
- package/dist/types/index.d.mts +19 -12
- package/dist/types/index.d.ts +19 -12
- package/dist/utils/index.d.mts +1 -1
- package/dist/utils/index.d.ts +1 -1
- package/dist/utils/index.js +10 -0
- package/dist/utils/index.mjs +1 -1
- package/dist/web/index.d.mts +2 -2
- package/dist/web/index.d.ts +2 -2
- package/dist/web/index.js +50 -114
- package/dist/web/index.mjs +51 -58
- package/package.json +6 -2
- package/dist/interfaces-9k0eKCc4.d.ts +0 -120
- package/dist/interfaces-fNhwnCeY.d.mts +0 -120
- package/dist/passkey-cache-B9PT3AWX.d.mts +0 -47
- package/dist/passkey-cache-B9PT3AWX.d.ts +0 -47
package/dist/sdk/index.js
CHANGED
|
@@ -31,10 +31,13 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
|
|
|
31
31
|
var sdk_exports = {};
|
|
32
32
|
__export(sdk_exports, {
|
|
33
33
|
assertPasskeyInParent: () => assertPasskeyInParent,
|
|
34
|
+
flattenPresenceTokens: () => flattenPresenceTokens,
|
|
34
35
|
getHeadlessAuthenticationMethods: () => getHeadlessAuthenticationMethods,
|
|
35
36
|
getHeadlessEthereumMethods: () => getHeadlessEthereumMethods,
|
|
36
37
|
getHeadlessGeneralMethods: () => getHeadlessGeneralMethods,
|
|
37
|
-
getHeadlessSolanaMethods: () => getHeadlessSolanaMethods
|
|
38
|
+
getHeadlessSolanaMethods: () => getHeadlessSolanaMethods,
|
|
39
|
+
getInternalPresenceTokens: () => getInternalPresenceTokens,
|
|
40
|
+
getPresenceToken: () => getPresenceToken
|
|
38
41
|
});
|
|
39
42
|
module.exports = __toCommonJS(sdk_exports);
|
|
40
43
|
|
|
@@ -65,34 +68,6 @@ var toB64url = (bytes) => {
|
|
|
65
68
|
return btoa(str).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
|
|
66
69
|
};
|
|
67
70
|
|
|
68
|
-
// src/lib/passkey/passkey-cache.ts
|
|
69
|
-
var cacheTtlMs = 0;
|
|
70
|
-
var cache = null;
|
|
71
|
-
var clearParentAssertCache = () => {
|
|
72
|
-
cache = null;
|
|
73
|
-
};
|
|
74
|
-
var readParentAssertCache = () => {
|
|
75
|
-
if (cacheTtlMs <= 0) return null;
|
|
76
|
-
if (!cache) return null;
|
|
77
|
-
if (Date.now() - cache.ts >= cacheTtlMs) return null;
|
|
78
|
-
return {
|
|
79
|
-
userHandleB64url: cache.userHandleB64url,
|
|
80
|
-
credentialIdB64url: cache.credentialIdB64url
|
|
81
|
-
};
|
|
82
|
-
};
|
|
83
|
-
var writeParentAssertCache = (entry) => {
|
|
84
|
-
if (cacheTtlMs <= 0) return;
|
|
85
|
-
cache = { ...entry, ts: Date.now() };
|
|
86
|
-
};
|
|
87
|
-
var withClearOnFailure = async (fn) => {
|
|
88
|
-
try {
|
|
89
|
-
return await fn();
|
|
90
|
-
} catch (error) {
|
|
91
|
-
clearParentAssertCache();
|
|
92
|
-
throw error;
|
|
93
|
-
}
|
|
94
|
-
};
|
|
95
|
-
|
|
96
71
|
// src/lib/ethereum/chains.ts
|
|
97
72
|
var import_viem = require("viem");
|
|
98
73
|
|
|
@@ -282,6 +257,16 @@ var PostMessageMethod = {
|
|
|
282
257
|
// begin/verify HTTP calls (where the session JWT lives).
|
|
283
258
|
PASSKEY_REGISTER_BEGIN: "PASSKEY_REGISTER_BEGIN",
|
|
284
259
|
PASSKEY_REGISTER_VERIFY: "PASSKEY_REGISTER_VERIFY",
|
|
260
|
+
// Passkey-asserted step-up ("presence token"). Same split as register:
|
|
261
|
+
// parent owns the WebAuthn API call; iframe owns the begin/verify
|
|
262
|
+
// HTTP halves (where the session JWT lives). Mints a short-lived
|
|
263
|
+
// (`tt:"presence"`) JWT app backends can verify over JWKS.
|
|
264
|
+
// CRITICAL: parent MUST strip response.userHandle from the assertion
|
|
265
|
+
// before posting PASSKEY_PRESENCE_VERIFY. The userHandle carries DEK
|
|
266
|
+
// material in MoonX's overloaded model and has no business reaching
|
|
267
|
+
// the server. The server also defensively never reads it.
|
|
268
|
+
PASSKEY_PRESENCE_BEGIN: "PASSKEY_PRESENCE_BEGIN",
|
|
269
|
+
PASSKEY_PRESENCE_VERIFY: "PASSKEY_PRESENCE_VERIFY",
|
|
285
270
|
GET_PASSKEY_STATUS: "GET_PASSKEY_STATUS",
|
|
286
271
|
// Parent-side passkey assertion plumbing. Parent calls GET_DEK_INFO
|
|
287
272
|
// to learn which credential IDs to put in allowCredentials and to
|
|
@@ -306,12 +291,8 @@ var assertPasskeyInParent = async ({
|
|
|
306
291
|
transport,
|
|
307
292
|
passkey,
|
|
308
293
|
publishableKey,
|
|
309
|
-
|
|
294
|
+
validateCredentialInAllowList = false
|
|
310
295
|
}) => {
|
|
311
|
-
if (!requireFreshAssertion) {
|
|
312
|
-
const cached = readParentAssertCache();
|
|
313
|
-
if (cached) return cached;
|
|
314
|
-
}
|
|
315
296
|
const dekInfo = await transport.send(
|
|
316
297
|
PostMessageType.AUTH,
|
|
317
298
|
PostMessageMethod.GET_DEK_INFO,
|
|
@@ -332,27 +313,104 @@ var assertPasskeyInParent = async ({
|
|
|
332
313
|
challenge,
|
|
333
314
|
allowCredentials: []
|
|
334
315
|
});
|
|
335
|
-
|
|
316
|
+
if (validateCredentialInAllowList && !allowList.includes(credential.rawIdB64url)) {
|
|
317
|
+
throw new Error("unknown_passkey_for_this_account");
|
|
318
|
+
}
|
|
319
|
+
return {
|
|
336
320
|
userHandleB64url: credential.userHandleB64url,
|
|
337
321
|
credentialIdB64url: credential.rawIdB64url
|
|
338
322
|
};
|
|
339
|
-
|
|
340
|
-
|
|
323
|
+
};
|
|
324
|
+
|
|
325
|
+
// src/sdk/get-presence-token.ts
|
|
326
|
+
var getPresenceToken = async ({
|
|
327
|
+
transport,
|
|
328
|
+
passkey,
|
|
329
|
+
publishableKey,
|
|
330
|
+
relyingPartyOrigin
|
|
331
|
+
}) => {
|
|
332
|
+
const { token, optionsJSON } = await transport.send(
|
|
333
|
+
PostMessageType.AUTH,
|
|
334
|
+
PostMessageMethod.PASSKEY_PRESENCE_BEGIN,
|
|
335
|
+
{ publishableKey, relyingPartyOrigin }
|
|
336
|
+
);
|
|
337
|
+
const response = await passkey.assertForServer({ optionsJSON });
|
|
338
|
+
const verify = await transport.send(
|
|
339
|
+
PostMessageType.AUTH,
|
|
340
|
+
PostMessageMethod.PASSKEY_PRESENCE_VERIFY,
|
|
341
|
+
{
|
|
342
|
+
publishableKey,
|
|
343
|
+
relyingPartyOrigin,
|
|
344
|
+
token,
|
|
345
|
+
response
|
|
346
|
+
}
|
|
347
|
+
);
|
|
348
|
+
return {
|
|
349
|
+
presenceToken: verify.presence_token,
|
|
350
|
+
expiresAt: verify.expires_at
|
|
351
|
+
};
|
|
352
|
+
};
|
|
353
|
+
|
|
354
|
+
// src/sdk/get-internal-presence-tokens.ts
|
|
355
|
+
var getInternalPresenceTokens = async ({
|
|
356
|
+
transport,
|
|
357
|
+
passkey,
|
|
358
|
+
publishableKey,
|
|
359
|
+
relyingPartyOrigin,
|
|
360
|
+
scopes
|
|
361
|
+
}) => {
|
|
362
|
+
const { token, optionsJSON } = await transport.send(
|
|
363
|
+
PostMessageType.AUTH,
|
|
364
|
+
PostMessageMethod.PASSKEY_PRESENCE_BEGIN,
|
|
365
|
+
{ publishableKey, relyingPartyOrigin }
|
|
366
|
+
);
|
|
367
|
+
const { response, userHandleB64url, credentialIdB64url } = await passkey.assertForInternalPresence({ optionsJSON });
|
|
368
|
+
const verify = await transport.send(
|
|
369
|
+
PostMessageType.AUTH,
|
|
370
|
+
PostMessageMethod.PASSKEY_PRESENCE_VERIFY,
|
|
371
|
+
{
|
|
372
|
+
publishableKey,
|
|
373
|
+
relyingPartyOrigin,
|
|
374
|
+
token,
|
|
375
|
+
response,
|
|
376
|
+
purpose: "internal",
|
|
377
|
+
scopes
|
|
378
|
+
}
|
|
379
|
+
);
|
|
380
|
+
const out = {};
|
|
381
|
+
for (const [scope, t] of Object.entries(verify.tokens ?? {})) {
|
|
382
|
+
out[scope] = { token: t.token, expiresAt: t.expires_at };
|
|
383
|
+
}
|
|
384
|
+
return {
|
|
385
|
+
tokens: out,
|
|
386
|
+
userHandleB64url,
|
|
387
|
+
credentialIdB64url
|
|
388
|
+
};
|
|
389
|
+
};
|
|
390
|
+
var flattenPresenceTokens = (result) => {
|
|
391
|
+
const out = {};
|
|
392
|
+
for (const [scope, t] of Object.entries(result.tokens)) {
|
|
393
|
+
out[scope] = t.token;
|
|
394
|
+
}
|
|
395
|
+
return out;
|
|
341
396
|
};
|
|
342
397
|
|
|
343
398
|
// src/sdk/headless-ethereum.ts
|
|
399
|
+
var SCOPES_SIGN = ["keyshare_read", "sign"];
|
|
344
400
|
var getHeadlessEthereumMethods = ({
|
|
345
401
|
transport,
|
|
346
402
|
passkey,
|
|
347
|
-
publishableKey
|
|
403
|
+
publishableKey,
|
|
404
|
+
relyingPartyOrigin
|
|
348
405
|
}) => ({
|
|
349
|
-
signEthereumMessageHeadless: async (params) =>
|
|
406
|
+
signEthereumMessageHeadless: async (params) => {
|
|
350
407
|
if (!transport.isReady()) throw new Error("SDK not ready");
|
|
351
|
-
const { userHandleB64url, credentialIdB64url } = await
|
|
408
|
+
const { userHandleB64url, credentialIdB64url, tokens } = await getInternalPresenceTokens({
|
|
352
409
|
transport,
|
|
353
410
|
passkey,
|
|
354
411
|
publishableKey,
|
|
355
|
-
|
|
412
|
+
relyingPartyOrigin,
|
|
413
|
+
scopes: SCOPES_SIGN
|
|
356
414
|
});
|
|
357
415
|
return transport.send(
|
|
358
416
|
PostMessageType.WALLET,
|
|
@@ -363,17 +421,23 @@ var getHeadlessEthereumMethods = ({
|
|
|
363
421
|
wallet: params.wallet,
|
|
364
422
|
uiOptions: params.options?.uiOptions,
|
|
365
423
|
userHandleB64url,
|
|
366
|
-
credentialIdB64url
|
|
424
|
+
credentialIdB64url,
|
|
425
|
+
presenceTokens: flattenPresenceTokens({
|
|
426
|
+
tokens,
|
|
427
|
+
userHandleB64url,
|
|
428
|
+
credentialIdB64url
|
|
429
|
+
})
|
|
367
430
|
}
|
|
368
431
|
);
|
|
369
|
-
}
|
|
370
|
-
signEthereumTransactionHeadless: async (params) =>
|
|
432
|
+
},
|
|
433
|
+
signEthereumTransactionHeadless: async (params) => {
|
|
371
434
|
if (!transport.isReady()) throw new Error("SDK not ready");
|
|
372
|
-
const { userHandleB64url, credentialIdB64url } = await
|
|
435
|
+
const { userHandleB64url, credentialIdB64url, tokens } = await getInternalPresenceTokens({
|
|
373
436
|
transport,
|
|
374
437
|
passkey,
|
|
375
438
|
publishableKey,
|
|
376
|
-
|
|
439
|
+
relyingPartyOrigin,
|
|
440
|
+
scopes: SCOPES_SIGN
|
|
377
441
|
});
|
|
378
442
|
return transport.send(
|
|
379
443
|
PostMessageType.WALLET,
|
|
@@ -385,17 +449,23 @@ var getHeadlessEthereumMethods = ({
|
|
|
385
449
|
wallet: params.wallet,
|
|
386
450
|
options: params.options,
|
|
387
451
|
userHandleB64url,
|
|
388
|
-
credentialIdB64url
|
|
452
|
+
credentialIdB64url,
|
|
453
|
+
presenceTokens: flattenPresenceTokens({
|
|
454
|
+
tokens,
|
|
455
|
+
userHandleB64url,
|
|
456
|
+
credentialIdB64url
|
|
457
|
+
})
|
|
389
458
|
}
|
|
390
459
|
);
|
|
391
|
-
}
|
|
392
|
-
signEthereumTypedDataHeadless: async (params) =>
|
|
460
|
+
},
|
|
461
|
+
signEthereumTypedDataHeadless: async (params) => {
|
|
393
462
|
if (!transport.isReady()) throw new Error("SDK not ready");
|
|
394
|
-
const { userHandleB64url, credentialIdB64url } = await
|
|
463
|
+
const { userHandleB64url, credentialIdB64url, tokens } = await getInternalPresenceTokens({
|
|
395
464
|
transport,
|
|
396
465
|
passkey,
|
|
397
466
|
publishableKey,
|
|
398
|
-
|
|
467
|
+
relyingPartyOrigin,
|
|
468
|
+
scopes: SCOPES_SIGN
|
|
399
469
|
});
|
|
400
470
|
return transport.send(
|
|
401
471
|
PostMessageType.WALLET,
|
|
@@ -409,17 +479,23 @@ var getHeadlessEthereumMethods = ({
|
|
|
409
479
|
wallet: params.wallet,
|
|
410
480
|
options: params.options,
|
|
411
481
|
userHandleB64url,
|
|
412
|
-
credentialIdB64url
|
|
482
|
+
credentialIdB64url,
|
|
483
|
+
presenceTokens: flattenPresenceTokens({
|
|
484
|
+
tokens,
|
|
485
|
+
userHandleB64url,
|
|
486
|
+
credentialIdB64url
|
|
487
|
+
})
|
|
413
488
|
}
|
|
414
489
|
);
|
|
415
|
-
}
|
|
416
|
-
signEthereumHashHeadless: async (params) =>
|
|
490
|
+
},
|
|
491
|
+
signEthereumHashHeadless: async (params) => {
|
|
417
492
|
if (!transport.isReady()) throw new Error("SDK not ready");
|
|
418
|
-
const { userHandleB64url, credentialIdB64url } = await
|
|
493
|
+
const { userHandleB64url, credentialIdB64url, tokens } = await getInternalPresenceTokens({
|
|
419
494
|
transport,
|
|
420
495
|
passkey,
|
|
421
496
|
publishableKey,
|
|
422
|
-
|
|
497
|
+
relyingPartyOrigin,
|
|
498
|
+
scopes: SCOPES_SIGN
|
|
423
499
|
});
|
|
424
500
|
return transport.send(
|
|
425
501
|
PostMessageType.WALLET,
|
|
@@ -430,17 +506,23 @@ var getHeadlessEthereumMethods = ({
|
|
|
430
506
|
wallet: params.wallet,
|
|
431
507
|
options: params.options,
|
|
432
508
|
userHandleB64url,
|
|
433
|
-
credentialIdB64url
|
|
509
|
+
credentialIdB64url,
|
|
510
|
+
presenceTokens: flattenPresenceTokens({
|
|
511
|
+
tokens,
|
|
512
|
+
userHandleB64url,
|
|
513
|
+
credentialIdB64url
|
|
514
|
+
})
|
|
434
515
|
}
|
|
435
516
|
);
|
|
436
|
-
}
|
|
437
|
-
signEthereum7702AuthorizationHeadless: async (params) =>
|
|
517
|
+
},
|
|
518
|
+
signEthereum7702AuthorizationHeadless: async (params) => {
|
|
438
519
|
if (!transport.isReady()) throw new Error("SDK not ready");
|
|
439
|
-
const { userHandleB64url, credentialIdB64url } = await
|
|
520
|
+
const { userHandleB64url, credentialIdB64url, tokens } = await getInternalPresenceTokens({
|
|
440
521
|
transport,
|
|
441
522
|
passkey,
|
|
442
523
|
publishableKey,
|
|
443
|
-
|
|
524
|
+
relyingPartyOrigin,
|
|
525
|
+
scopes: SCOPES_SIGN
|
|
444
526
|
});
|
|
445
527
|
return transport.send(
|
|
446
528
|
PostMessageType.WALLET,
|
|
@@ -454,17 +536,23 @@ var getHeadlessEthereumMethods = ({
|
|
|
454
536
|
wallet: params.wallet,
|
|
455
537
|
options: params.options,
|
|
456
538
|
userHandleB64url,
|
|
457
|
-
credentialIdB64url
|
|
539
|
+
credentialIdB64url,
|
|
540
|
+
presenceTokens: flattenPresenceTokens({
|
|
541
|
+
tokens,
|
|
542
|
+
userHandleB64url,
|
|
543
|
+
credentialIdB64url
|
|
544
|
+
})
|
|
458
545
|
}
|
|
459
546
|
);
|
|
460
|
-
}
|
|
461
|
-
sendEthereumTransactionHeadless: async (params) =>
|
|
547
|
+
},
|
|
548
|
+
sendEthereumTransactionHeadless: async (params) => {
|
|
462
549
|
if (!transport.isReady()) throw new Error("SDK not ready");
|
|
463
|
-
const { userHandleB64url, credentialIdB64url } = await
|
|
550
|
+
const { userHandleB64url, credentialIdB64url, tokens } = await getInternalPresenceTokens({
|
|
464
551
|
transport,
|
|
465
552
|
passkey,
|
|
466
553
|
publishableKey,
|
|
467
|
-
|
|
554
|
+
relyingPartyOrigin,
|
|
555
|
+
scopes: SCOPES_SIGN
|
|
468
556
|
});
|
|
469
557
|
const serializedTransaction = await serializeEthereumTransaction(
|
|
470
558
|
params.transaction
|
|
@@ -478,7 +566,12 @@ var getHeadlessEthereumMethods = ({
|
|
|
478
566
|
wallet: params.wallet,
|
|
479
567
|
options: params.options,
|
|
480
568
|
userHandleB64url,
|
|
481
|
-
credentialIdB64url
|
|
569
|
+
credentialIdB64url,
|
|
570
|
+
presenceTokens: flattenPresenceTokens({
|
|
571
|
+
tokens,
|
|
572
|
+
userHandleB64url,
|
|
573
|
+
credentialIdB64url
|
|
574
|
+
})
|
|
482
575
|
}
|
|
483
576
|
);
|
|
484
577
|
if (!signed.serializedSigned) {
|
|
@@ -491,7 +584,7 @@ var getHeadlessEthereumMethods = ({
|
|
|
491
584
|
signed.serializedSigned
|
|
492
585
|
);
|
|
493
586
|
return { hash };
|
|
494
|
-
}
|
|
587
|
+
},
|
|
495
588
|
getEthereumBalance: async (params) => {
|
|
496
589
|
if (!transport.isReady()) throw new Error("SDK not ready");
|
|
497
590
|
return transport.send(
|
|
@@ -527,18 +620,21 @@ var getHeadlessEthereumMethods = ({
|
|
|
527
620
|
});
|
|
528
621
|
|
|
529
622
|
// src/sdk/headless-solana.ts
|
|
623
|
+
var SCOPES_SIGN2 = ["keyshare_read", "sign"];
|
|
530
624
|
var getHeadlessSolanaMethods = ({
|
|
531
625
|
transport,
|
|
532
626
|
passkey,
|
|
533
|
-
publishableKey
|
|
627
|
+
publishableKey,
|
|
628
|
+
relyingPartyOrigin
|
|
534
629
|
}) => ({
|
|
535
|
-
signSolanaMessageHeadless: async (params) =>
|
|
630
|
+
signSolanaMessageHeadless: async (params) => {
|
|
536
631
|
if (!transport.isReady()) throw new Error("SDK not ready");
|
|
537
|
-
const { userHandleB64url, credentialIdB64url } = await
|
|
632
|
+
const { userHandleB64url, credentialIdB64url, tokens } = await getInternalPresenceTokens({
|
|
538
633
|
transport,
|
|
539
634
|
passkey,
|
|
540
635
|
publishableKey,
|
|
541
|
-
|
|
636
|
+
relyingPartyOrigin,
|
|
637
|
+
scopes: SCOPES_SIGN2
|
|
542
638
|
});
|
|
543
639
|
const { signature } = await transport.send(
|
|
544
640
|
PostMessageType.WALLET,
|
|
@@ -549,18 +645,24 @@ var getHeadlessSolanaMethods = ({
|
|
|
549
645
|
wallet: params.wallet,
|
|
550
646
|
uiOptions: params.options?.uiOptions,
|
|
551
647
|
userHandleB64url,
|
|
552
|
-
credentialIdB64url
|
|
648
|
+
credentialIdB64url,
|
|
649
|
+
presenceTokens: flattenPresenceTokens({
|
|
650
|
+
tokens,
|
|
651
|
+
userHandleB64url,
|
|
652
|
+
credentialIdB64url
|
|
653
|
+
})
|
|
553
654
|
}
|
|
554
655
|
);
|
|
555
656
|
return { signature: arrayLikeToBytes(signature) };
|
|
556
|
-
}
|
|
557
|
-
signSolanaTransactionHeadless: async (params) =>
|
|
657
|
+
},
|
|
658
|
+
signSolanaTransactionHeadless: async (params) => {
|
|
558
659
|
if (!transport.isReady()) throw new Error("SDK not ready");
|
|
559
|
-
const { userHandleB64url, credentialIdB64url } = await
|
|
660
|
+
const { userHandleB64url, credentialIdB64url, tokens } = await getInternalPresenceTokens({
|
|
560
661
|
transport,
|
|
561
662
|
passkey,
|
|
562
663
|
publishableKey,
|
|
563
|
-
|
|
664
|
+
relyingPartyOrigin,
|
|
665
|
+
scopes: SCOPES_SIGN2
|
|
564
666
|
});
|
|
565
667
|
const { signedTransaction } = await transport.send(
|
|
566
668
|
PostMessageType.WALLET,
|
|
@@ -571,18 +673,24 @@ var getHeadlessSolanaMethods = ({
|
|
|
571
673
|
wallet: params.wallet,
|
|
572
674
|
options: params.options,
|
|
573
675
|
userHandleB64url,
|
|
574
|
-
credentialIdB64url
|
|
676
|
+
credentialIdB64url,
|
|
677
|
+
presenceTokens: flattenPresenceTokens({
|
|
678
|
+
tokens,
|
|
679
|
+
userHandleB64url,
|
|
680
|
+
credentialIdB64url
|
|
681
|
+
})
|
|
575
682
|
}
|
|
576
683
|
);
|
|
577
684
|
return { signedTransaction: await bs58ToBytes(signedTransaction) };
|
|
578
|
-
}
|
|
579
|
-
sendSolanaTransactionHeadless: async (params) =>
|
|
685
|
+
},
|
|
686
|
+
sendSolanaTransactionHeadless: async (params) => {
|
|
580
687
|
if (!transport.isReady()) throw new Error("SDK not ready");
|
|
581
|
-
const { userHandleB64url, credentialIdB64url } = await
|
|
688
|
+
const { userHandleB64url, credentialIdB64url, tokens } = await getInternalPresenceTokens({
|
|
582
689
|
transport,
|
|
583
690
|
passkey,
|
|
584
691
|
publishableKey,
|
|
585
|
-
|
|
692
|
+
relyingPartyOrigin,
|
|
693
|
+
scopes: SCOPES_SIGN2
|
|
586
694
|
});
|
|
587
695
|
const { signedTransaction } = await transport.send(
|
|
588
696
|
PostMessageType.WALLET,
|
|
@@ -593,7 +701,12 @@ var getHeadlessSolanaMethods = ({
|
|
|
593
701
|
wallet: params.wallet,
|
|
594
702
|
options: params.options,
|
|
595
703
|
userHandleB64url,
|
|
596
|
-
credentialIdB64url
|
|
704
|
+
credentialIdB64url,
|
|
705
|
+
presenceTokens: flattenPresenceTokens({
|
|
706
|
+
tokens,
|
|
707
|
+
userHandleB64url,
|
|
708
|
+
credentialIdB64url
|
|
709
|
+
})
|
|
597
710
|
}
|
|
598
711
|
);
|
|
599
712
|
const broadcastSignature = await broadcastSolanaSigned(
|
|
@@ -601,7 +714,7 @@ var getHeadlessSolanaMethods = ({
|
|
|
601
714
|
signedTransaction
|
|
602
715
|
);
|
|
603
716
|
return { signature: await bs58ToBytes(broadcastSignature) };
|
|
604
|
-
}
|
|
717
|
+
},
|
|
605
718
|
getSolanaBalance: async (params) => {
|
|
606
719
|
if (!transport.isReady()) throw new Error("SDK not ready");
|
|
607
720
|
return transport.send(
|
|
@@ -624,13 +737,17 @@ var getHeadlessSolanaMethods = ({
|
|
|
624
737
|
var getHeadlessAuthenticationMethods = ({
|
|
625
738
|
transport,
|
|
626
739
|
publishableKey,
|
|
627
|
-
emailConfig,
|
|
628
740
|
setIsAuthenticated,
|
|
629
741
|
setUser
|
|
630
742
|
}) => ({
|
|
631
|
-
/**
|
|
743
|
+
/**
|
|
744
|
+
* Send a one-time passcode to the user's email address. Returns the
|
|
745
|
+
* server's response — most importantly `expires_at` (unix seconds),
|
|
746
|
+
* which the UI uses to render a countdown that cannot drift from the
|
|
747
|
+
* authoritative server-side TTL.
|
|
748
|
+
*/
|
|
632
749
|
sendCode: async (params) => {
|
|
633
|
-
await transport.send(
|
|
750
|
+
const response = await transport.send(
|
|
634
751
|
PostMessageType.AUTH,
|
|
635
752
|
PostMessageMethod.LOGIN_CREATE,
|
|
636
753
|
{
|
|
@@ -641,6 +758,7 @@ var getHeadlessAuthenticationMethods = ({
|
|
|
641
758
|
);
|
|
642
759
|
authState.clearEmail();
|
|
643
760
|
authState.setEmail(params.email);
|
|
761
|
+
return response;
|
|
644
762
|
},
|
|
645
763
|
/**
|
|
646
764
|
* Verify the OTP and complete the login. The iframe-app handles
|
|
@@ -656,8 +774,7 @@ var getHeadlessAuthenticationMethods = ({
|
|
|
656
774
|
{
|
|
657
775
|
email,
|
|
658
776
|
code: params.code,
|
|
659
|
-
publishableKey
|
|
660
|
-
expiresIn: emailConfig?.expiresIn
|
|
777
|
+
publishableKey
|
|
661
778
|
}
|
|
662
779
|
);
|
|
663
780
|
authState.clearEmail();
|
|
@@ -709,11 +826,15 @@ var getHeadlessAuthenticationMethods = ({
|
|
|
709
826
|
});
|
|
710
827
|
|
|
711
828
|
// src/sdk/headless-general.ts
|
|
829
|
+
var SCOPES_CREATE_WALLET = ["dek_bootstrap", "keyshare_write"];
|
|
830
|
+
var SCOPES_IMPORT_KEY = ["dek_bootstrap", "keyshare_write"];
|
|
831
|
+
var SCOPES_REMOVE_PASSKEY = ["passkey_remove"];
|
|
712
832
|
var getHeadlessGeneralMethods = ({
|
|
713
833
|
transport,
|
|
714
834
|
passkey,
|
|
715
835
|
storage,
|
|
716
836
|
publishableKey,
|
|
837
|
+
relyingPartyOrigin,
|
|
717
838
|
setIsAuthenticated,
|
|
718
839
|
setUser
|
|
719
840
|
}) => ({
|
|
@@ -723,18 +844,34 @@ var getHeadlessGeneralMethods = ({
|
|
|
723
844
|
{ publishableKey }
|
|
724
845
|
),
|
|
725
846
|
removePasskey: async (credentialIdB64url) => {
|
|
847
|
+
const { tokens, userHandleB64url, credentialIdB64url: assertedCredId } = await getInternalPresenceTokens({
|
|
848
|
+
transport,
|
|
849
|
+
passkey,
|
|
850
|
+
publishableKey,
|
|
851
|
+
relyingPartyOrigin,
|
|
852
|
+
scopes: SCOPES_REMOVE_PASSKEY
|
|
853
|
+
});
|
|
726
854
|
await transport.send(
|
|
727
855
|
PostMessageType.AUTH,
|
|
728
856
|
PostMessageMethod.REMOVE_PASSKEY,
|
|
729
|
-
{
|
|
857
|
+
{
|
|
858
|
+
publishableKey,
|
|
859
|
+
credentialIdB64url,
|
|
860
|
+
presenceTokens: flattenPresenceTokens({
|
|
861
|
+
tokens,
|
|
862
|
+
userHandleB64url,
|
|
863
|
+
credentialIdB64url: assertedCredId
|
|
864
|
+
})
|
|
865
|
+
}
|
|
730
866
|
);
|
|
731
867
|
},
|
|
732
|
-
createWallet: (walletType, options) =>
|
|
733
|
-
const { userHandleB64url, credentialIdB64url } = await
|
|
868
|
+
createWallet: async (walletType, options) => {
|
|
869
|
+
const { userHandleB64url, credentialIdB64url, tokens } = await getInternalPresenceTokens({
|
|
734
870
|
transport,
|
|
735
871
|
passkey,
|
|
736
872
|
publishableKey,
|
|
737
|
-
|
|
873
|
+
relyingPartyOrigin,
|
|
874
|
+
scopes: SCOPES_CREATE_WALLET
|
|
738
875
|
});
|
|
739
876
|
const wallet = await transport.send(
|
|
740
877
|
PostMessageType.WALLET,
|
|
@@ -744,17 +881,23 @@ var getHeadlessGeneralMethods = ({
|
|
|
744
881
|
publishableKey,
|
|
745
882
|
options,
|
|
746
883
|
userHandleB64url,
|
|
747
|
-
credentialIdB64url
|
|
884
|
+
credentialIdB64url,
|
|
885
|
+
presenceTokens: flattenPresenceTokens({
|
|
886
|
+
tokens,
|
|
887
|
+
userHandleB64url,
|
|
888
|
+
credentialIdB64url
|
|
889
|
+
})
|
|
748
890
|
}
|
|
749
891
|
);
|
|
750
892
|
return { wallet };
|
|
751
|
-
}
|
|
752
|
-
importKey: (walletType, key
|
|
753
|
-
const { userHandleB64url, credentialIdB64url } = await
|
|
893
|
+
},
|
|
894
|
+
importKey: async (walletType, key) => {
|
|
895
|
+
const { userHandleB64url, credentialIdB64url, tokens } = await getInternalPresenceTokens({
|
|
754
896
|
transport,
|
|
755
897
|
passkey,
|
|
756
898
|
publishableKey,
|
|
757
|
-
|
|
899
|
+
relyingPartyOrigin,
|
|
900
|
+
scopes: SCOPES_IMPORT_KEY
|
|
758
901
|
});
|
|
759
902
|
const wallet = await transport.send(
|
|
760
903
|
PostMessageType.WALLET,
|
|
@@ -764,11 +907,16 @@ var getHeadlessGeneralMethods = ({
|
|
|
764
907
|
publishableKey,
|
|
765
908
|
key,
|
|
766
909
|
userHandleB64url,
|
|
767
|
-
credentialIdB64url
|
|
910
|
+
credentialIdB64url,
|
|
911
|
+
presenceTokens: flattenPresenceTokens({
|
|
912
|
+
tokens,
|
|
913
|
+
userHandleB64url,
|
|
914
|
+
credentialIdB64url
|
|
915
|
+
})
|
|
768
916
|
}
|
|
769
917
|
);
|
|
770
918
|
return { wallet };
|
|
771
|
-
}
|
|
919
|
+
},
|
|
772
920
|
getWallets: async (walletType) => {
|
|
773
921
|
const { wallets } = await transport.send(
|
|
774
922
|
PostMessageType.WALLET,
|
|
@@ -808,7 +956,6 @@ var getHeadlessGeneralMethods = ({
|
|
|
808
956
|
await transport.send(PostMessageType.AUTH, PostMessageMethod.LOGOUT, {
|
|
809
957
|
publishableKey
|
|
810
958
|
});
|
|
811
|
-
clearParentAssertCache();
|
|
812
959
|
await storage.remove("id_token");
|
|
813
960
|
if (setIsAuthenticated) setIsAuthenticated(false);
|
|
814
961
|
if (setUser) setUser(null);
|
|
@@ -857,8 +1004,11 @@ var getHeadlessGeneralMethods = ({
|
|
|
857
1004
|
// Annotate the CommonJS export names for ESM import in node:
|
|
858
1005
|
0 && (module.exports = {
|
|
859
1006
|
assertPasskeyInParent,
|
|
1007
|
+
flattenPresenceTokens,
|
|
860
1008
|
getHeadlessAuthenticationMethods,
|
|
861
1009
|
getHeadlessEthereumMethods,
|
|
862
1010
|
getHeadlessGeneralMethods,
|
|
863
|
-
getHeadlessSolanaMethods
|
|
1011
|
+
getHeadlessSolanaMethods,
|
|
1012
|
+
getInternalPresenceTokens,
|
|
1013
|
+
getPresenceToken
|
|
864
1014
|
});
|