@moon-x/core 0.2.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/dist/{chunk-CDT4MC7S.mjs → chunk-6LTEG7VN.mjs} +0 -39
- package/dist/{chunk-SOKLPX7V.mjs → chunk-VVL65GIB.mjs} +10 -0
- package/dist/index.d.mts +2 -2
- package/dist/index.d.ts +2 -2
- package/dist/index.js +10 -0
- package/dist/index.mjs +1 -1
- package/dist/interfaces-cdKh3sLA.d.mts +192 -0
- package/dist/interfaces-pNTEOKaK.d.ts +192 -0
- package/dist/lib/index.d.mts +1 -1
- package/dist/lib/index.d.ts +1 -1
- package/dist/lib/index.js +2 -47
- package/dist/lib/index.mjs +3 -15
- package/dist/passkey-cache-WnDFQ-v4.d.mts +26 -0
- package/dist/passkey-cache-WnDFQ-v4.d.ts +26 -0
- package/dist/{post-message-C_99BCBh.d.mts → post-message-CmgAfkOS.d.mts} +2 -0
- package/dist/{post-message-C_99BCBh.d.ts → post-message-CmgAfkOS.d.ts} +2 -0
- package/dist/react/index.d.mts +1 -0
- package/dist/react/index.d.ts +1 -0
- package/dist/react/index.js +2 -1
- package/dist/react/index.mjs +3 -2
- package/dist/sdk/index.d.mts +52 -21
- package/dist/sdk/index.d.ts +52 -21
- package/dist/sdk/index.js +252 -102
- package/dist/sdk/index.mjs +241 -80
- package/dist/types/index.d.mts +19 -12
- package/dist/types/index.d.ts +19 -12
- package/dist/utils/index.d.mts +1 -1
- package/dist/utils/index.d.ts +1 -1
- package/dist/utils/index.js +10 -0
- package/dist/utils/index.mjs +1 -1
- package/dist/web/index.d.mts +2 -2
- package/dist/web/index.d.ts +2 -2
- package/dist/web/index.js +50 -114
- package/dist/web/index.mjs +51 -58
- package/package.json +6 -2
- package/dist/interfaces-9k0eKCc4.d.ts +0 -120
- package/dist/interfaces-fNhwnCeY.d.mts +0 -120
- package/dist/passkey-cache-B9PT3AWX.d.mts +0 -47
- package/dist/passkey-cache-B9PT3AWX.d.ts +0 -47
package/dist/types/index.d.mts
CHANGED
|
@@ -205,6 +205,23 @@ interface IdentityTokenClaims extends BaseTokenClaims {
|
|
|
205
205
|
picture?: string;
|
|
206
206
|
[key: string]: unknown;
|
|
207
207
|
}
|
|
208
|
+
/**
|
|
209
|
+
* Presence-token claims. Minted after a verified passkey assertion
|
|
210
|
+
* (the parent-side "step-up" ceremony). Customer backends verify these
|
|
211
|
+
* via the app's JWKS to gate high-risk routes without holding their
|
|
212
|
+
* own session/step-up model. Short-lived (5min by default, server-side
|
|
213
|
+
* configurable).
|
|
214
|
+
*
|
|
215
|
+
* `tt: "presence"` is the type discriminator — the verify primitive
|
|
216
|
+
* rejects anything else, so a long-lived access token cannot be
|
|
217
|
+
* substituted for a presence proof.
|
|
218
|
+
*/
|
|
219
|
+
interface PresenceTokenClaims extends BaseTokenClaims {
|
|
220
|
+
/** Token type discriminator. Always "presence" for this shape. */
|
|
221
|
+
tt: "presence";
|
|
222
|
+
/** Base64url credential id of the WebAuthn credential that asserted. */
|
|
223
|
+
cid: string;
|
|
224
|
+
}
|
|
208
225
|
/** Result of `@moon-x/node-sdk`'s `client.auth.verifySession(...)`. */
|
|
209
226
|
interface VerifiedSession {
|
|
210
227
|
access: AccessTokenClaims;
|
|
@@ -263,7 +280,6 @@ type Sign7702AuthorizationResponse = Sign7702AuthorizationResult | Sign7702Autho
|
|
|
263
280
|
interface EthereumSignMessageParams {
|
|
264
281
|
message: string;
|
|
265
282
|
wallet: PublicWallet;
|
|
266
|
-
requireFreshAssertion?: boolean;
|
|
267
283
|
options?: {
|
|
268
284
|
uiOptions?: {
|
|
269
285
|
title?: string;
|
|
@@ -281,7 +297,6 @@ interface EthereumSignMessageResult {
|
|
|
281
297
|
interface EthereumSignTransactionParams {
|
|
282
298
|
transaction: string;
|
|
283
299
|
wallet: PublicWallet;
|
|
284
|
-
requireFreshAssertion?: boolean;
|
|
285
300
|
options?: {
|
|
286
301
|
preflightCommitment?: "finalized" | "confirmed" | "processed";
|
|
287
302
|
minContextSlot?: number;
|
|
@@ -307,7 +322,6 @@ interface EthereumSignTypedDataParams {
|
|
|
307
322
|
primaryType: SignTypedDataParams["primaryType"];
|
|
308
323
|
message: SignTypedDataParams["message"];
|
|
309
324
|
wallet: PublicWallet;
|
|
310
|
-
requireFreshAssertion?: boolean;
|
|
311
325
|
options?: {
|
|
312
326
|
uiOptions?: any;
|
|
313
327
|
};
|
|
@@ -318,7 +332,6 @@ interface EthereumSignTypedDataResult {
|
|
|
318
332
|
interface EthereumSignHashParams {
|
|
319
333
|
hash: `0x${string}` | string;
|
|
320
334
|
wallet: PublicWallet;
|
|
321
|
-
requireFreshAssertion?: boolean;
|
|
322
335
|
options?: {
|
|
323
336
|
uiOptions?: any;
|
|
324
337
|
};
|
|
@@ -332,7 +345,6 @@ interface EthereumSign7702AuthorizationParams {
|
|
|
332
345
|
nonce?: number;
|
|
333
346
|
executor?: "self" | `0x${string}`;
|
|
334
347
|
wallet: PublicWallet;
|
|
335
|
-
requireFreshAssertion?: boolean;
|
|
336
348
|
options?: {
|
|
337
349
|
uiOptions?: any;
|
|
338
350
|
};
|
|
@@ -361,7 +373,6 @@ interface EthereumSendTransactionParams {
|
|
|
361
373
|
};
|
|
362
374
|
wallet: PublicWallet;
|
|
363
375
|
rpcUrl: string;
|
|
364
|
-
requireFreshAssertion?: boolean;
|
|
365
376
|
options?: {
|
|
366
377
|
commitment?: TransactionCommitment;
|
|
367
378
|
skipPreflight?: boolean;
|
|
@@ -505,7 +516,6 @@ interface UseFundWalletInterface {
|
|
|
505
516
|
interface SolanaSignMessageParams {
|
|
506
517
|
message: string;
|
|
507
518
|
wallet: PublicWallet;
|
|
508
|
-
requireFreshAssertion?: boolean;
|
|
509
519
|
options?: {
|
|
510
520
|
uiOptions?: {
|
|
511
521
|
title?: string;
|
|
@@ -524,7 +534,6 @@ interface SolanaSignMessageResult {
|
|
|
524
534
|
interface SolanaSignTransactionParams {
|
|
525
535
|
transaction: string;
|
|
526
536
|
wallet: PublicWallet;
|
|
527
|
-
requireFreshAssertion?: boolean;
|
|
528
537
|
options?: {
|
|
529
538
|
preflightCommitment?: "finalized" | "confirmed" | "processed";
|
|
530
539
|
minContextSlot?: number;
|
|
@@ -547,7 +556,6 @@ interface SolanaSendTransactionParams {
|
|
|
547
556
|
transaction: string;
|
|
548
557
|
wallet: PublicWallet;
|
|
549
558
|
rpcUrl: string;
|
|
550
|
-
requireFreshAssertion?: boolean;
|
|
551
559
|
options?: {
|
|
552
560
|
commitment?: TransactionCommitment;
|
|
553
561
|
skipPreflight?: boolean;
|
|
@@ -728,7 +736,6 @@ interface PasskeyEnrollConfig {
|
|
|
728
736
|
}
|
|
729
737
|
interface EmailOtpConfig {
|
|
730
738
|
skipVerifiedSuccess?: boolean;
|
|
731
|
-
expiresIn?: number;
|
|
732
739
|
verifiedDisplayTime?: number;
|
|
733
740
|
verifyEmailTitle?: string;
|
|
734
741
|
verifyEmailResendTitle?: string;
|
|
@@ -897,7 +904,6 @@ interface AuthProviderConfig {
|
|
|
897
904
|
interface SendEmailOtpRequest {
|
|
898
905
|
publishableKey: string;
|
|
899
906
|
email: string;
|
|
900
|
-
expiresIn?: number;
|
|
901
907
|
}
|
|
902
908
|
interface VerifyEmailOtpRequest {
|
|
903
909
|
publishableKey: string;
|
|
@@ -906,6 +912,7 @@ interface VerifyEmailOtpRequest {
|
|
|
906
912
|
}
|
|
907
913
|
interface SendEmailOtpResponse {
|
|
908
914
|
ok: boolean;
|
|
915
|
+
expires_at: number;
|
|
909
916
|
}
|
|
910
917
|
interface VerifyEmailOtpUser {
|
|
911
918
|
id: string;
|
|
@@ -1187,4 +1194,4 @@ interface WalletVerifyRequest {
|
|
|
1187
1194
|
sessionExpiresIn: number;
|
|
1188
1195
|
}
|
|
1189
1196
|
|
|
1190
|
-
export { type AccessTokenClaims, type AppConfigRequest, type AppConfigResponse, type AttachOAuthTokenRequest, type AttachOAuthTokenResponse, type AuthAppearance, type AuthFlow, type AuthFlowComponent, type AuthLoginMethod, type AuthProviderConfig, type BaseGetBalanceParams, type BaseGetBalanceResult, type BaseGetTokenAccountsParams, type BaseSendTransactionParams, type BaseSendTransactionResult, type BaseSignMessageParams, type BaseSignMessageResult, type BaseSignTransactionParams, type BaseSignTransactionResult, type BaseTokenClaims, type BaseUIOptions, type BaseWalletHooks, Chain, ChainLikeWithId, type ContractUIOptions, type CreateWalletResponse, type DefaultFundingMethod, type DeleteSessionRequest, type DeleteSessionResponse, type DetachOAuthTokenRequest, type DeviceFingerprint, type DisplayMode, type EmailOtpConfig, type EmailOtpFlowState, type EthereumFundingConfig, type EthereumGetBalanceParams, type EthereumGetBalanceResult, type EthereumGetTokenAccountsByOwnerParams, type EthereumGetTokenAccountsByOwnerResult, type EthereumSendTransactionParams, type EthereumSendTransactionRequest, type EthereumSendTransactionResult, type EthereumSign7702AuthorizationParams, type EthereumSign7702AuthorizationResult, type EthereumSignHashParams, type EthereumSignHashResult, type EthereumSignMessageParams, type EthereumSignMessageResult, type EthereumSignTransactionParams, type EthereumSignTransactionResult, type EthereumSignTypedDataParams, type EthereumSignTypedDataResult, type EthereumSwitchChainParams, type ExportKeyConfig, type Factor, type FlexibleTheme, type FundWalletConfig, type FundingEvents, type FundingMethod, type FundingUIConfig, type GetCurrentSessionRequest, type GetCurrentSessionResponse, type Hex, type IdentityTokenClaims, type IdpProvider, type IsAuthenticatedRequest, type IsAuthenticatedResponse, type LoginTokenBundle, type LogoutRequest, type LogoutResponse, type MessageTypeProperty, type MessageTypes, type MoonKeyThemeConfig, type MoonPaySignRequest, type MoonPaySignResponse, type MpcKeyShares, Network, type OAuthRequest, type OAuthResponse, type OnrampFundingSettings, type PasskeyEnrollConfig, type PasskeySettings, type PreferredCardProvider, type PrefillConfig, type PublicEthereumWallet, type PublicSessionData, type PublicWallet, type RefreshSessionRequest, type RefreshSessionResponse, type RetrieveWalletKeyRequest, type RetrieveWalletKeyResponse, type SdkSettings, type SendEmailOtpRequest, type SendEmailOtpResponse, type SendTransactionConfig, type SendTransactionRequest, type SessionData, type SharesDeviceRequest, type SharesDeviceResponse, type Sign7702AuthorizationError, type Sign7702AuthorizationParams, type Sign7702AuthorizationResponse, type Sign7702AuthorizationResult, type SignMessageConfig, type SignTransactionConfig, type SignTypedDataError, type SignTypedDataParams, type SignTypedDataResponse, type SignTypedDataResult, type SmsSettings, type SolanaChain, type SolanaFundingConfig, type SolanaGetBalanceParams, type SolanaGetBalanceResult, type SolanaGetTokenAccountsByOwnerParams, type SolanaGetTokenAccountsByOwnerResult, type SolanaSendTransactionParams, type SolanaSendTransactionResult, type SolanaSignMessageParams, type SolanaSignMessageResult, type SolanaSignTransactionParams, type SolanaSignTransactionResult, type TransactionCommitment, type TransactionEncoding, type TransactionUIOptions, type TypedMessage, type UseFundWalletInterface, type UsersMePublicResponse, type UsersMeRequest, type UsersMeResponse, type VerifiedSession, type VerifyEmailOtpRequest, type VerifyEmailOtpResponse, type VerifyEmailOtpUser, type VerifyOAuthTokenRequest, type VerifyOAuthTokenResponse, type VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, type Wallet, type WalletChain, type WalletChainType, type WalletConnectConfig, WalletCreationError, type WalletError, type WalletErrorCode, type WalletKeyRequest, type WalletListEntry, type WalletRegistrationNonceRequest, type WalletRegistrationNonceResponse, type WalletType, type WalletVerifyRequest };
|
|
1197
|
+
export { type AccessTokenClaims, type AppConfigRequest, type AppConfigResponse, type AttachOAuthTokenRequest, type AttachOAuthTokenResponse, type AuthAppearance, type AuthFlow, type AuthFlowComponent, type AuthLoginMethod, type AuthProviderConfig, type BaseGetBalanceParams, type BaseGetBalanceResult, type BaseGetTokenAccountsParams, type BaseSendTransactionParams, type BaseSendTransactionResult, type BaseSignMessageParams, type BaseSignMessageResult, type BaseSignTransactionParams, type BaseSignTransactionResult, type BaseTokenClaims, type BaseUIOptions, type BaseWalletHooks, Chain, ChainLikeWithId, type ContractUIOptions, type CreateWalletResponse, type DefaultFundingMethod, type DeleteSessionRequest, type DeleteSessionResponse, type DetachOAuthTokenRequest, type DeviceFingerprint, type DisplayMode, type EmailOtpConfig, type EmailOtpFlowState, type EthereumFundingConfig, type EthereumGetBalanceParams, type EthereumGetBalanceResult, type EthereumGetTokenAccountsByOwnerParams, type EthereumGetTokenAccountsByOwnerResult, type EthereumSendTransactionParams, type EthereumSendTransactionRequest, type EthereumSendTransactionResult, type EthereumSign7702AuthorizationParams, type EthereumSign7702AuthorizationResult, type EthereumSignHashParams, type EthereumSignHashResult, type EthereumSignMessageParams, type EthereumSignMessageResult, type EthereumSignTransactionParams, type EthereumSignTransactionResult, type EthereumSignTypedDataParams, type EthereumSignTypedDataResult, type EthereumSwitchChainParams, type ExportKeyConfig, type Factor, type FlexibleTheme, type FundWalletConfig, type FundingEvents, type FundingMethod, type FundingUIConfig, type GetCurrentSessionRequest, type GetCurrentSessionResponse, type Hex, type IdentityTokenClaims, type IdpProvider, type IsAuthenticatedRequest, type IsAuthenticatedResponse, type LoginTokenBundle, type LogoutRequest, type LogoutResponse, type MessageTypeProperty, type MessageTypes, type MoonKeyThemeConfig, type MoonPaySignRequest, type MoonPaySignResponse, type MpcKeyShares, Network, type OAuthRequest, type OAuthResponse, type OnrampFundingSettings, type PasskeyEnrollConfig, type PasskeySettings, type PreferredCardProvider, type PrefillConfig, type PresenceTokenClaims, type PublicEthereumWallet, type PublicSessionData, type PublicWallet, type RefreshSessionRequest, type RefreshSessionResponse, type RetrieveWalletKeyRequest, type RetrieveWalletKeyResponse, type SdkSettings, type SendEmailOtpRequest, type SendEmailOtpResponse, type SendTransactionConfig, type SendTransactionRequest, type SessionData, type SharesDeviceRequest, type SharesDeviceResponse, type Sign7702AuthorizationError, type Sign7702AuthorizationParams, type Sign7702AuthorizationResponse, type Sign7702AuthorizationResult, type SignMessageConfig, type SignTransactionConfig, type SignTypedDataError, type SignTypedDataParams, type SignTypedDataResponse, type SignTypedDataResult, type SmsSettings, type SolanaChain, type SolanaFundingConfig, type SolanaGetBalanceParams, type SolanaGetBalanceResult, type SolanaGetTokenAccountsByOwnerParams, type SolanaGetTokenAccountsByOwnerResult, type SolanaSendTransactionParams, type SolanaSendTransactionResult, type SolanaSignMessageParams, type SolanaSignMessageResult, type SolanaSignTransactionParams, type SolanaSignTransactionResult, type TransactionCommitment, type TransactionEncoding, type TransactionUIOptions, type TypedMessage, type UseFundWalletInterface, type UsersMePublicResponse, type UsersMeRequest, type UsersMeResponse, type VerifiedSession, type VerifyEmailOtpRequest, type VerifyEmailOtpResponse, type VerifyEmailOtpUser, type VerifyOAuthTokenRequest, type VerifyOAuthTokenResponse, type VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, type Wallet, type WalletChain, type WalletChainType, type WalletConnectConfig, WalletCreationError, type WalletError, type WalletErrorCode, type WalletKeyRequest, type WalletListEntry, type WalletRegistrationNonceRequest, type WalletRegistrationNonceResponse, type WalletType, type WalletVerifyRequest };
|
package/dist/types/index.d.ts
CHANGED
|
@@ -205,6 +205,23 @@ interface IdentityTokenClaims extends BaseTokenClaims {
|
|
|
205
205
|
picture?: string;
|
|
206
206
|
[key: string]: unknown;
|
|
207
207
|
}
|
|
208
|
+
/**
|
|
209
|
+
* Presence-token claims. Minted after a verified passkey assertion
|
|
210
|
+
* (the parent-side "step-up" ceremony). Customer backends verify these
|
|
211
|
+
* via the app's JWKS to gate high-risk routes without holding their
|
|
212
|
+
* own session/step-up model. Short-lived (5min by default, server-side
|
|
213
|
+
* configurable).
|
|
214
|
+
*
|
|
215
|
+
* `tt: "presence"` is the type discriminator — the verify primitive
|
|
216
|
+
* rejects anything else, so a long-lived access token cannot be
|
|
217
|
+
* substituted for a presence proof.
|
|
218
|
+
*/
|
|
219
|
+
interface PresenceTokenClaims extends BaseTokenClaims {
|
|
220
|
+
/** Token type discriminator. Always "presence" for this shape. */
|
|
221
|
+
tt: "presence";
|
|
222
|
+
/** Base64url credential id of the WebAuthn credential that asserted. */
|
|
223
|
+
cid: string;
|
|
224
|
+
}
|
|
208
225
|
/** Result of `@moon-x/node-sdk`'s `client.auth.verifySession(...)`. */
|
|
209
226
|
interface VerifiedSession {
|
|
210
227
|
access: AccessTokenClaims;
|
|
@@ -263,7 +280,6 @@ type Sign7702AuthorizationResponse = Sign7702AuthorizationResult | Sign7702Autho
|
|
|
263
280
|
interface EthereumSignMessageParams {
|
|
264
281
|
message: string;
|
|
265
282
|
wallet: PublicWallet;
|
|
266
|
-
requireFreshAssertion?: boolean;
|
|
267
283
|
options?: {
|
|
268
284
|
uiOptions?: {
|
|
269
285
|
title?: string;
|
|
@@ -281,7 +297,6 @@ interface EthereumSignMessageResult {
|
|
|
281
297
|
interface EthereumSignTransactionParams {
|
|
282
298
|
transaction: string;
|
|
283
299
|
wallet: PublicWallet;
|
|
284
|
-
requireFreshAssertion?: boolean;
|
|
285
300
|
options?: {
|
|
286
301
|
preflightCommitment?: "finalized" | "confirmed" | "processed";
|
|
287
302
|
minContextSlot?: number;
|
|
@@ -307,7 +322,6 @@ interface EthereumSignTypedDataParams {
|
|
|
307
322
|
primaryType: SignTypedDataParams["primaryType"];
|
|
308
323
|
message: SignTypedDataParams["message"];
|
|
309
324
|
wallet: PublicWallet;
|
|
310
|
-
requireFreshAssertion?: boolean;
|
|
311
325
|
options?: {
|
|
312
326
|
uiOptions?: any;
|
|
313
327
|
};
|
|
@@ -318,7 +332,6 @@ interface EthereumSignTypedDataResult {
|
|
|
318
332
|
interface EthereumSignHashParams {
|
|
319
333
|
hash: `0x${string}` | string;
|
|
320
334
|
wallet: PublicWallet;
|
|
321
|
-
requireFreshAssertion?: boolean;
|
|
322
335
|
options?: {
|
|
323
336
|
uiOptions?: any;
|
|
324
337
|
};
|
|
@@ -332,7 +345,6 @@ interface EthereumSign7702AuthorizationParams {
|
|
|
332
345
|
nonce?: number;
|
|
333
346
|
executor?: "self" | `0x${string}`;
|
|
334
347
|
wallet: PublicWallet;
|
|
335
|
-
requireFreshAssertion?: boolean;
|
|
336
348
|
options?: {
|
|
337
349
|
uiOptions?: any;
|
|
338
350
|
};
|
|
@@ -361,7 +373,6 @@ interface EthereumSendTransactionParams {
|
|
|
361
373
|
};
|
|
362
374
|
wallet: PublicWallet;
|
|
363
375
|
rpcUrl: string;
|
|
364
|
-
requireFreshAssertion?: boolean;
|
|
365
376
|
options?: {
|
|
366
377
|
commitment?: TransactionCommitment;
|
|
367
378
|
skipPreflight?: boolean;
|
|
@@ -505,7 +516,6 @@ interface UseFundWalletInterface {
|
|
|
505
516
|
interface SolanaSignMessageParams {
|
|
506
517
|
message: string;
|
|
507
518
|
wallet: PublicWallet;
|
|
508
|
-
requireFreshAssertion?: boolean;
|
|
509
519
|
options?: {
|
|
510
520
|
uiOptions?: {
|
|
511
521
|
title?: string;
|
|
@@ -524,7 +534,6 @@ interface SolanaSignMessageResult {
|
|
|
524
534
|
interface SolanaSignTransactionParams {
|
|
525
535
|
transaction: string;
|
|
526
536
|
wallet: PublicWallet;
|
|
527
|
-
requireFreshAssertion?: boolean;
|
|
528
537
|
options?: {
|
|
529
538
|
preflightCommitment?: "finalized" | "confirmed" | "processed";
|
|
530
539
|
minContextSlot?: number;
|
|
@@ -547,7 +556,6 @@ interface SolanaSendTransactionParams {
|
|
|
547
556
|
transaction: string;
|
|
548
557
|
wallet: PublicWallet;
|
|
549
558
|
rpcUrl: string;
|
|
550
|
-
requireFreshAssertion?: boolean;
|
|
551
559
|
options?: {
|
|
552
560
|
commitment?: TransactionCommitment;
|
|
553
561
|
skipPreflight?: boolean;
|
|
@@ -728,7 +736,6 @@ interface PasskeyEnrollConfig {
|
|
|
728
736
|
}
|
|
729
737
|
interface EmailOtpConfig {
|
|
730
738
|
skipVerifiedSuccess?: boolean;
|
|
731
|
-
expiresIn?: number;
|
|
732
739
|
verifiedDisplayTime?: number;
|
|
733
740
|
verifyEmailTitle?: string;
|
|
734
741
|
verifyEmailResendTitle?: string;
|
|
@@ -897,7 +904,6 @@ interface AuthProviderConfig {
|
|
|
897
904
|
interface SendEmailOtpRequest {
|
|
898
905
|
publishableKey: string;
|
|
899
906
|
email: string;
|
|
900
|
-
expiresIn?: number;
|
|
901
907
|
}
|
|
902
908
|
interface VerifyEmailOtpRequest {
|
|
903
909
|
publishableKey: string;
|
|
@@ -906,6 +912,7 @@ interface VerifyEmailOtpRequest {
|
|
|
906
912
|
}
|
|
907
913
|
interface SendEmailOtpResponse {
|
|
908
914
|
ok: boolean;
|
|
915
|
+
expires_at: number;
|
|
909
916
|
}
|
|
910
917
|
interface VerifyEmailOtpUser {
|
|
911
918
|
id: string;
|
|
@@ -1187,4 +1194,4 @@ interface WalletVerifyRequest {
|
|
|
1187
1194
|
sessionExpiresIn: number;
|
|
1188
1195
|
}
|
|
1189
1196
|
|
|
1190
|
-
export { type AccessTokenClaims, type AppConfigRequest, type AppConfigResponse, type AttachOAuthTokenRequest, type AttachOAuthTokenResponse, type AuthAppearance, type AuthFlow, type AuthFlowComponent, type AuthLoginMethod, type AuthProviderConfig, type BaseGetBalanceParams, type BaseGetBalanceResult, type BaseGetTokenAccountsParams, type BaseSendTransactionParams, type BaseSendTransactionResult, type BaseSignMessageParams, type BaseSignMessageResult, type BaseSignTransactionParams, type BaseSignTransactionResult, type BaseTokenClaims, type BaseUIOptions, type BaseWalletHooks, Chain, ChainLikeWithId, type ContractUIOptions, type CreateWalletResponse, type DefaultFundingMethod, type DeleteSessionRequest, type DeleteSessionResponse, type DetachOAuthTokenRequest, type DeviceFingerprint, type DisplayMode, type EmailOtpConfig, type EmailOtpFlowState, type EthereumFundingConfig, type EthereumGetBalanceParams, type EthereumGetBalanceResult, type EthereumGetTokenAccountsByOwnerParams, type EthereumGetTokenAccountsByOwnerResult, type EthereumSendTransactionParams, type EthereumSendTransactionRequest, type EthereumSendTransactionResult, type EthereumSign7702AuthorizationParams, type EthereumSign7702AuthorizationResult, type EthereumSignHashParams, type EthereumSignHashResult, type EthereumSignMessageParams, type EthereumSignMessageResult, type EthereumSignTransactionParams, type EthereumSignTransactionResult, type EthereumSignTypedDataParams, type EthereumSignTypedDataResult, type EthereumSwitchChainParams, type ExportKeyConfig, type Factor, type FlexibleTheme, type FundWalletConfig, type FundingEvents, type FundingMethod, type FundingUIConfig, type GetCurrentSessionRequest, type GetCurrentSessionResponse, type Hex, type IdentityTokenClaims, type IdpProvider, type IsAuthenticatedRequest, type IsAuthenticatedResponse, type LoginTokenBundle, type LogoutRequest, type LogoutResponse, type MessageTypeProperty, type MessageTypes, type MoonKeyThemeConfig, type MoonPaySignRequest, type MoonPaySignResponse, type MpcKeyShares, Network, type OAuthRequest, type OAuthResponse, type OnrampFundingSettings, type PasskeyEnrollConfig, type PasskeySettings, type PreferredCardProvider, type PrefillConfig, type PublicEthereumWallet, type PublicSessionData, type PublicWallet, type RefreshSessionRequest, type RefreshSessionResponse, type RetrieveWalletKeyRequest, type RetrieveWalletKeyResponse, type SdkSettings, type SendEmailOtpRequest, type SendEmailOtpResponse, type SendTransactionConfig, type SendTransactionRequest, type SessionData, type SharesDeviceRequest, type SharesDeviceResponse, type Sign7702AuthorizationError, type Sign7702AuthorizationParams, type Sign7702AuthorizationResponse, type Sign7702AuthorizationResult, type SignMessageConfig, type SignTransactionConfig, type SignTypedDataError, type SignTypedDataParams, type SignTypedDataResponse, type SignTypedDataResult, type SmsSettings, type SolanaChain, type SolanaFundingConfig, type SolanaGetBalanceParams, type SolanaGetBalanceResult, type SolanaGetTokenAccountsByOwnerParams, type SolanaGetTokenAccountsByOwnerResult, type SolanaSendTransactionParams, type SolanaSendTransactionResult, type SolanaSignMessageParams, type SolanaSignMessageResult, type SolanaSignTransactionParams, type SolanaSignTransactionResult, type TransactionCommitment, type TransactionEncoding, type TransactionUIOptions, type TypedMessage, type UseFundWalletInterface, type UsersMePublicResponse, type UsersMeRequest, type UsersMeResponse, type VerifiedSession, type VerifyEmailOtpRequest, type VerifyEmailOtpResponse, type VerifyEmailOtpUser, type VerifyOAuthTokenRequest, type VerifyOAuthTokenResponse, type VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, type Wallet, type WalletChain, type WalletChainType, type WalletConnectConfig, WalletCreationError, type WalletError, type WalletErrorCode, type WalletKeyRequest, type WalletListEntry, type WalletRegistrationNonceRequest, type WalletRegistrationNonceResponse, type WalletType, type WalletVerifyRequest };
|
|
1197
|
+
export { type AccessTokenClaims, type AppConfigRequest, type AppConfigResponse, type AttachOAuthTokenRequest, type AttachOAuthTokenResponse, type AuthAppearance, type AuthFlow, type AuthFlowComponent, type AuthLoginMethod, type AuthProviderConfig, type BaseGetBalanceParams, type BaseGetBalanceResult, type BaseGetTokenAccountsParams, type BaseSendTransactionParams, type BaseSendTransactionResult, type BaseSignMessageParams, type BaseSignMessageResult, type BaseSignTransactionParams, type BaseSignTransactionResult, type BaseTokenClaims, type BaseUIOptions, type BaseWalletHooks, Chain, ChainLikeWithId, type ContractUIOptions, type CreateWalletResponse, type DefaultFundingMethod, type DeleteSessionRequest, type DeleteSessionResponse, type DetachOAuthTokenRequest, type DeviceFingerprint, type DisplayMode, type EmailOtpConfig, type EmailOtpFlowState, type EthereumFundingConfig, type EthereumGetBalanceParams, type EthereumGetBalanceResult, type EthereumGetTokenAccountsByOwnerParams, type EthereumGetTokenAccountsByOwnerResult, type EthereumSendTransactionParams, type EthereumSendTransactionRequest, type EthereumSendTransactionResult, type EthereumSign7702AuthorizationParams, type EthereumSign7702AuthorizationResult, type EthereumSignHashParams, type EthereumSignHashResult, type EthereumSignMessageParams, type EthereumSignMessageResult, type EthereumSignTransactionParams, type EthereumSignTransactionResult, type EthereumSignTypedDataParams, type EthereumSignTypedDataResult, type EthereumSwitchChainParams, type ExportKeyConfig, type Factor, type FlexibleTheme, type FundWalletConfig, type FundingEvents, type FundingMethod, type FundingUIConfig, type GetCurrentSessionRequest, type GetCurrentSessionResponse, type Hex, type IdentityTokenClaims, type IdpProvider, type IsAuthenticatedRequest, type IsAuthenticatedResponse, type LoginTokenBundle, type LogoutRequest, type LogoutResponse, type MessageTypeProperty, type MessageTypes, type MoonKeyThemeConfig, type MoonPaySignRequest, type MoonPaySignResponse, type MpcKeyShares, Network, type OAuthRequest, type OAuthResponse, type OnrampFundingSettings, type PasskeyEnrollConfig, type PasskeySettings, type PreferredCardProvider, type PrefillConfig, type PresenceTokenClaims, type PublicEthereumWallet, type PublicSessionData, type PublicWallet, type RefreshSessionRequest, type RefreshSessionResponse, type RetrieveWalletKeyRequest, type RetrieveWalletKeyResponse, type SdkSettings, type SendEmailOtpRequest, type SendEmailOtpResponse, type SendTransactionConfig, type SendTransactionRequest, type SessionData, type SharesDeviceRequest, type SharesDeviceResponse, type Sign7702AuthorizationError, type Sign7702AuthorizationParams, type Sign7702AuthorizationResponse, type Sign7702AuthorizationResult, type SignMessageConfig, type SignTransactionConfig, type SignTypedDataError, type SignTypedDataParams, type SignTypedDataResponse, type SignTypedDataResult, type SmsSettings, type SolanaChain, type SolanaFundingConfig, type SolanaGetBalanceParams, type SolanaGetBalanceResult, type SolanaGetTokenAccountsByOwnerParams, type SolanaGetTokenAccountsByOwnerResult, type SolanaSendTransactionParams, type SolanaSendTransactionResult, type SolanaSignMessageParams, type SolanaSignMessageResult, type SolanaSignTransactionParams, type SolanaSignTransactionResult, type TransactionCommitment, type TransactionEncoding, type TransactionUIOptions, type TypedMessage, type UseFundWalletInterface, type UsersMePublicResponse, type UsersMeRequest, type UsersMeResponse, type VerifiedSession, type VerifyEmailOtpRequest, type VerifyEmailOtpResponse, type VerifyEmailOtpUser, type VerifyOAuthTokenRequest, type VerifyOAuthTokenResponse, type VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, type Wallet, type WalletChain, type WalletChainType, type WalletConnectConfig, WalletCreationError, type WalletError, type WalletErrorCode, type WalletKeyRequest, type WalletListEntry, type WalletRegistrationNonceRequest, type WalletRegistrationNonceResponse, type WalletType, type WalletVerifyRequest };
|
package/dist/utils/index.d.mts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from '../post-message-
|
|
1
|
+
export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from '../post-message-CmgAfkOS.mjs';
|
|
2
2
|
|
|
3
3
|
/**
|
|
4
4
|
* Get the appropriate MoonKey API URL based on environment configuration
|
package/dist/utils/index.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from '../post-message-
|
|
1
|
+
export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from '../post-message-CmgAfkOS.js';
|
|
2
2
|
|
|
3
3
|
/**
|
|
4
4
|
* Get the appropriate MoonKey API URL based on environment configuration
|
package/dist/utils/index.js
CHANGED
|
@@ -156,6 +156,16 @@ var PostMessageMethod = {
|
|
|
156
156
|
// begin/verify HTTP calls (where the session JWT lives).
|
|
157
157
|
PASSKEY_REGISTER_BEGIN: "PASSKEY_REGISTER_BEGIN",
|
|
158
158
|
PASSKEY_REGISTER_VERIFY: "PASSKEY_REGISTER_VERIFY",
|
|
159
|
+
// Passkey-asserted step-up ("presence token"). Same split as register:
|
|
160
|
+
// parent owns the WebAuthn API call; iframe owns the begin/verify
|
|
161
|
+
// HTTP halves (where the session JWT lives). Mints a short-lived
|
|
162
|
+
// (`tt:"presence"`) JWT app backends can verify over JWKS.
|
|
163
|
+
// CRITICAL: parent MUST strip response.userHandle from the assertion
|
|
164
|
+
// before posting PASSKEY_PRESENCE_VERIFY. The userHandle carries DEK
|
|
165
|
+
// material in MoonX's overloaded model and has no business reaching
|
|
166
|
+
// the server. The server also defensively never reads it.
|
|
167
|
+
PASSKEY_PRESENCE_BEGIN: "PASSKEY_PRESENCE_BEGIN",
|
|
168
|
+
PASSKEY_PRESENCE_VERIFY: "PASSKEY_PRESENCE_VERIFY",
|
|
159
169
|
GET_PASSKEY_STATUS: "GET_PASSKEY_STATUS",
|
|
160
170
|
// Parent-side passkey assertion plumbing. Parent calls GET_DEK_INFO
|
|
161
171
|
// to learn which credential IDs to put in allowCredentials and to
|
package/dist/utils/index.mjs
CHANGED
package/dist/web/index.d.mts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { P as PostMessageClient } from '../post-message-
|
|
2
|
-
import { T as Transport, P as PasskeyAssertor, K as KvStorage } from '../interfaces-
|
|
1
|
+
import { P as PostMessageClient } from '../post-message-CmgAfkOS.mjs';
|
|
2
|
+
import { T as Transport, P as PasskeyAssertor, K as KvStorage } from '../interfaces-cdKh3sLA.mjs';
|
|
3
3
|
|
|
4
4
|
declare const getCachedPostMessageClient: (contentWindow: Window) => PostMessageClient;
|
|
5
5
|
/**
|
package/dist/web/index.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { P as PostMessageClient } from '../post-message-
|
|
2
|
-
import { T as Transport, P as PasskeyAssertor, K as KvStorage } from '../interfaces-
|
|
1
|
+
import { P as PostMessageClient } from '../post-message-CmgAfkOS.js';
|
|
2
|
+
import { T as Transport, P as PasskeyAssertor, K as KvStorage } from '../interfaces-pNTEOKaK.js';
|
|
3
3
|
|
|
4
4
|
declare const getCachedPostMessageClient: (contentWindow: Window) => PostMessageClient;
|
|
5
5
|
/**
|
package/dist/web/index.js
CHANGED
|
@@ -1,9 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __create = Object.create;
|
|
3
2
|
var __defProp = Object.defineProperty;
|
|
4
3
|
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
5
4
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
6
|
-
var __getProtoOf = Object.getPrototypeOf;
|
|
7
5
|
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
8
6
|
var __export = (target, all) => {
|
|
9
7
|
for (var name in all)
|
|
@@ -17,14 +15,6 @@ var __copyProps = (to, from, except, desc) => {
|
|
|
17
15
|
}
|
|
18
16
|
return to;
|
|
19
17
|
};
|
|
20
|
-
var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
|
|
21
|
-
// If the importer is in node compatibility mode or this is not an ESM
|
|
22
|
-
// file that has been converted to a CommonJS file using a Babel-
|
|
23
|
-
// compatible transform (i.e. "__esModule" has not been set), then set
|
|
24
|
-
// "default" to the CommonJS "module.exports" for node compatibility.
|
|
25
|
-
isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
|
|
26
|
-
mod
|
|
27
|
-
));
|
|
28
18
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
29
19
|
|
|
30
20
|
// src/web/index.ts
|
|
@@ -310,126 +300,72 @@ var createIframeTransport = ({
|
|
|
310
300
|
isReady
|
|
311
301
|
});
|
|
312
302
|
|
|
313
|
-
// src/lib/auth/authentication-state.ts
|
|
314
|
-
var AuthenticationState = class {
|
|
315
|
-
constructor() {
|
|
316
|
-
this.email = null;
|
|
317
|
-
}
|
|
318
|
-
setEmail(email) {
|
|
319
|
-
this.email = email;
|
|
320
|
-
}
|
|
321
|
-
getEmail() {
|
|
322
|
-
return this.email;
|
|
323
|
-
}
|
|
324
|
-
clearEmail() {
|
|
325
|
-
this.email = null;
|
|
326
|
-
}
|
|
327
|
-
clear() {
|
|
328
|
-
this.clearEmail();
|
|
329
|
-
}
|
|
330
|
-
};
|
|
331
|
-
var authState = new AuthenticationState();
|
|
332
|
-
|
|
333
|
-
// src/lib/passkey/passkey-codec.ts
|
|
334
|
-
var fromB64url = (b64url) => {
|
|
335
|
-
const base64 = b64url.replace(/-/g, "+").replace(/_/g, "/");
|
|
336
|
-
const padded = base64 + "=".repeat((4 - base64.length % 4) % 4);
|
|
337
|
-
const binary = atob(padded);
|
|
338
|
-
const bytes = new Uint8Array(binary.length);
|
|
339
|
-
for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
|
|
340
|
-
return bytes;
|
|
341
|
-
};
|
|
342
|
-
var toB64url = (bytes) => {
|
|
343
|
-
let str = "";
|
|
344
|
-
for (let i = 0; i < bytes.length; i++) str += String.fromCharCode(bytes[i]);
|
|
345
|
-
return btoa(str).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
|
|
346
|
-
};
|
|
347
|
-
|
|
348
|
-
// src/lib/ethereum/chains.ts
|
|
349
|
-
var import_viem = require("viem");
|
|
350
|
-
|
|
351
|
-
// src/lib/ethereum/siwe.ts
|
|
352
|
-
var import_siwe = require("siwe");
|
|
353
|
-
var import_viem2 = require("viem");
|
|
354
|
-
|
|
355
|
-
// src/lib/ethereum/tx-prep.ts
|
|
356
|
-
var import_viem3 = require("viem");
|
|
357
|
-
|
|
358
|
-
// src/lib/solana/siws.ts
|
|
359
|
-
var nacl = __toESM(require("tweetnacl"));
|
|
360
|
-
|
|
361
|
-
// src/lib/solana/transaction-log-parser.ts
|
|
362
|
-
var import_web3 = require("@solana/web3.js");
|
|
363
|
-
var import_bn = __toESM(require("bn.js"));
|
|
364
|
-
|
|
365
303
|
// src/web/webauthn-passkey.ts
|
|
304
|
+
var import_browser = require("@simplewebauthn/browser");
|
|
366
305
|
var createWebAuthnPasskey = () => ({
|
|
367
306
|
assert: async ({ rpId, challenge }) => {
|
|
368
|
-
const
|
|
369
|
-
|
|
370
|
-
|
|
371
|
-
challenge: challengeBytes,
|
|
307
|
+
const result = await (0, import_browser.startAuthentication)({
|
|
308
|
+
optionsJSON: {
|
|
309
|
+
challenge,
|
|
372
310
|
rpId,
|
|
373
311
|
userVerification: "preferred",
|
|
374
|
-
// Empty allowCredentials → discoverable login → userHandle is
|
|
375
|
-
// REQUIRED on the response. See `parent-passkey-assert.ts`
|
|
376
|
-
// for the full rationale.
|
|
377
312
|
allowCredentials: []
|
|
378
313
|
}
|
|
379
314
|
});
|
|
380
|
-
if (!
|
|
381
|
-
const assertion = credential.response;
|
|
382
|
-
if (!assertion.userHandle) {
|
|
315
|
+
if (!result.response.userHandle) {
|
|
383
316
|
throw new Error("user_handle_missing");
|
|
384
317
|
}
|
|
385
318
|
return {
|
|
386
|
-
rawIdB64url:
|
|
387
|
-
userHandleB64url:
|
|
319
|
+
rawIdB64url: result.rawId,
|
|
320
|
+
userHandleB64url: result.response.userHandle
|
|
388
321
|
};
|
|
389
322
|
},
|
|
390
|
-
|
|
391
|
-
|
|
392
|
-
|
|
393
|
-
|
|
394
|
-
|
|
395
|
-
|
|
396
|
-
|
|
397
|
-
|
|
398
|
-
|
|
399
|
-
|
|
400
|
-
|
|
401
|
-
|
|
402
|
-
|
|
403
|
-
|
|
404
|
-
|
|
405
|
-
|
|
406
|
-
|
|
407
|
-
|
|
408
|
-
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
|
|
412
|
-
|
|
413
|
-
|
|
414
|
-
],
|
|
415
|
-
authenticatorSelection: {
|
|
416
|
-
residentKey: "required",
|
|
417
|
-
userVerification: "preferred"
|
|
418
|
-
},
|
|
419
|
-
excludeCredentials: (excludeCredentials ?? []).map((id) => ({
|
|
420
|
-
id: fromB64url(id),
|
|
421
|
-
type: "public-key"
|
|
422
|
-
}))
|
|
323
|
+
assertForServer: async ({ optionsJSON }) => {
|
|
324
|
+
const result = await (0, import_browser.startAuthentication)({
|
|
325
|
+
optionsJSON
|
|
326
|
+
});
|
|
327
|
+
const sanitized = {
|
|
328
|
+
id: result.id,
|
|
329
|
+
rawId: result.rawId,
|
|
330
|
+
type: result.type,
|
|
331
|
+
response: {
|
|
332
|
+
clientDataJSON: result.response.clientDataJSON,
|
|
333
|
+
authenticatorData: result.response.authenticatorData,
|
|
334
|
+
signature: result.response.signature,
|
|
335
|
+
userHandle: void 0
|
|
336
|
+
},
|
|
337
|
+
clientExtensionResults: result.clientExtensionResults,
|
|
338
|
+
authenticatorAttachment: result.authenticatorAttachment
|
|
339
|
+
};
|
|
340
|
+
return sanitized;
|
|
341
|
+
},
|
|
342
|
+
assertForInternalPresence: async ({ optionsJSON }) => {
|
|
343
|
+
const result = await (0, import_browser.startAuthentication)({
|
|
344
|
+
optionsJSON: {
|
|
345
|
+
...optionsJSON,
|
|
346
|
+
allowCredentials: []
|
|
423
347
|
}
|
|
424
348
|
});
|
|
425
|
-
if (!
|
|
426
|
-
|
|
349
|
+
if (!result.response.userHandle) {
|
|
350
|
+
throw new Error("user_handle_missing");
|
|
351
|
+
}
|
|
352
|
+
const sanitized = {
|
|
353
|
+
id: result.id,
|
|
354
|
+
rawId: result.rawId,
|
|
355
|
+
type: result.type,
|
|
356
|
+
response: {
|
|
357
|
+
clientDataJSON: result.response.clientDataJSON,
|
|
358
|
+
authenticatorData: result.response.authenticatorData,
|
|
359
|
+
signature: result.response.signature,
|
|
360
|
+
userHandle: void 0
|
|
361
|
+
},
|
|
362
|
+
clientExtensionResults: result.clientExtensionResults,
|
|
363
|
+
authenticatorAttachment: result.authenticatorAttachment
|
|
364
|
+
};
|
|
427
365
|
return {
|
|
428
|
-
|
|
429
|
-
|
|
430
|
-
|
|
431
|
-
new Uint8Array(attestation.attestationObject)
|
|
432
|
-
)
|
|
366
|
+
response: sanitized,
|
|
367
|
+
userHandleB64url: result.response.userHandle,
|
|
368
|
+
credentialIdB64url: result.rawId
|
|
433
369
|
};
|
|
434
370
|
}
|
|
435
371
|
});
|
package/dist/web/index.mjs
CHANGED
|
@@ -5,12 +5,7 @@ import {
|
|
|
5
5
|
import {
|
|
6
6
|
PostMessageClient,
|
|
7
7
|
PostMessageServer
|
|
8
|
-
} from "../chunk-
|
|
9
|
-
import {
|
|
10
|
-
fromB64url,
|
|
11
|
-
toB64url
|
|
12
|
-
} from "../chunk-CDT4MC7S.mjs";
|
|
13
|
-
import "../chunk-GQKIA37O.mjs";
|
|
8
|
+
} from "../chunk-VVL65GIB.mjs";
|
|
14
9
|
|
|
15
10
|
// src/web/iframe-transport.ts
|
|
16
11
|
var clientCache = /* @__PURE__ */ new WeakMap();
|
|
@@ -49,73 +44,71 @@ var createIframeTransport = ({
|
|
|
49
44
|
});
|
|
50
45
|
|
|
51
46
|
// src/web/webauthn-passkey.ts
|
|
47
|
+
import { startAuthentication } from "@simplewebauthn/browser";
|
|
52
48
|
var createWebAuthnPasskey = () => ({
|
|
53
49
|
assert: async ({ rpId, challenge }) => {
|
|
54
|
-
const
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
challenge: challengeBytes,
|
|
50
|
+
const result = await startAuthentication({
|
|
51
|
+
optionsJSON: {
|
|
52
|
+
challenge,
|
|
58
53
|
rpId,
|
|
59
54
|
userVerification: "preferred",
|
|
60
|
-
// Empty allowCredentials → discoverable login → userHandle is
|
|
61
|
-
// REQUIRED on the response. See `parent-passkey-assert.ts`
|
|
62
|
-
// for the full rationale.
|
|
63
55
|
allowCredentials: []
|
|
64
56
|
}
|
|
65
57
|
});
|
|
66
|
-
if (!
|
|
67
|
-
const assertion = credential.response;
|
|
68
|
-
if (!assertion.userHandle) {
|
|
58
|
+
if (!result.response.userHandle) {
|
|
69
59
|
throw new Error("user_handle_missing");
|
|
70
60
|
}
|
|
71
61
|
return {
|
|
72
|
-
rawIdB64url:
|
|
73
|
-
userHandleB64url:
|
|
62
|
+
rawIdB64url: result.rawId,
|
|
63
|
+
userHandleB64url: result.response.userHandle
|
|
64
|
+
};
|
|
65
|
+
},
|
|
66
|
+
assertForServer: async ({ optionsJSON }) => {
|
|
67
|
+
const result = await startAuthentication({
|
|
68
|
+
optionsJSON
|
|
69
|
+
});
|
|
70
|
+
const sanitized = {
|
|
71
|
+
id: result.id,
|
|
72
|
+
rawId: result.rawId,
|
|
73
|
+
type: result.type,
|
|
74
|
+
response: {
|
|
75
|
+
clientDataJSON: result.response.clientDataJSON,
|
|
76
|
+
authenticatorData: result.response.authenticatorData,
|
|
77
|
+
signature: result.response.signature,
|
|
78
|
+
userHandle: void 0
|
|
79
|
+
},
|
|
80
|
+
clientExtensionResults: result.clientExtensionResults,
|
|
81
|
+
authenticatorAttachment: result.authenticatorAttachment
|
|
74
82
|
};
|
|
83
|
+
return sanitized;
|
|
75
84
|
},
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
userDisplayName,
|
|
82
|
-
challenge,
|
|
83
|
-
excludeCredentials
|
|
84
|
-
}) => {
|
|
85
|
-
const challengeBytes = fromB64url(challenge);
|
|
86
|
-
const credential = await navigator.credentials.create({
|
|
87
|
-
publicKey: {
|
|
88
|
-
rp: { id: rpId, name: rpName },
|
|
89
|
-
user: {
|
|
90
|
-
id: userId,
|
|
91
|
-
name: userName,
|
|
92
|
-
displayName: userDisplayName
|
|
93
|
-
},
|
|
94
|
-
challenge: challengeBytes,
|
|
95
|
-
pubKeyCredParams: [
|
|
96
|
-
{ type: "public-key", alg: -7 },
|
|
97
|
-
// ES256
|
|
98
|
-
{ type: "public-key", alg: -257 }
|
|
99
|
-
// RS256
|
|
100
|
-
],
|
|
101
|
-
authenticatorSelection: {
|
|
102
|
-
residentKey: "required",
|
|
103
|
-
userVerification: "preferred"
|
|
104
|
-
},
|
|
105
|
-
excludeCredentials: (excludeCredentials ?? []).map((id) => ({
|
|
106
|
-
id: fromB64url(id),
|
|
107
|
-
type: "public-key"
|
|
108
|
-
}))
|
|
85
|
+
assertForInternalPresence: async ({ optionsJSON }) => {
|
|
86
|
+
const result = await startAuthentication({
|
|
87
|
+
optionsJSON: {
|
|
88
|
+
...optionsJSON,
|
|
89
|
+
allowCredentials: []
|
|
109
90
|
}
|
|
110
91
|
});
|
|
111
|
-
if (!
|
|
112
|
-
|
|
92
|
+
if (!result.response.userHandle) {
|
|
93
|
+
throw new Error("user_handle_missing");
|
|
94
|
+
}
|
|
95
|
+
const sanitized = {
|
|
96
|
+
id: result.id,
|
|
97
|
+
rawId: result.rawId,
|
|
98
|
+
type: result.type,
|
|
99
|
+
response: {
|
|
100
|
+
clientDataJSON: result.response.clientDataJSON,
|
|
101
|
+
authenticatorData: result.response.authenticatorData,
|
|
102
|
+
signature: result.response.signature,
|
|
103
|
+
userHandle: void 0
|
|
104
|
+
},
|
|
105
|
+
clientExtensionResults: result.clientExtensionResults,
|
|
106
|
+
authenticatorAttachment: result.authenticatorAttachment
|
|
107
|
+
};
|
|
113
108
|
return {
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
new Uint8Array(attestation.attestationObject)
|
|
118
|
-
)
|
|
109
|
+
response: sanitized,
|
|
110
|
+
userHandleB64url: result.response.userHandle,
|
|
111
|
+
credentialIdB64url: result.rawId
|
|
119
112
|
};
|
|
120
113
|
}
|
|
121
114
|
});
|