@moon-x/react-sdk 0.1.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.mjs CHANGED
@@ -389,8 +389,8 @@ function _ts_generator(thisArg, body) {
389
389
  };
390
390
  }
391
391
  }
392
- import { ethereum_exports } from "./chunk-7BCQAHO6.mjs";
393
- import { solana_exports } from "./chunk-MYWXMCMO.mjs";
392
+ import { ethereum_exports } from "./chunk-Y6HSLN2H.mjs";
393
+ import { solana_exports } from "./chunk-RFAKWGRF.mjs";
394
394
  import { AuthContext, useAuthSDK } from "./chunk-PCEN5CH6.mjs";
395
395
  // src/index.ts
396
396
  import { useAddPasskey, useLoginWithEmail, usePasskeyStatus, useRegisterPasskey, useRemovePasskey, useUser } from "@moon-x/core/react";
@@ -837,6 +837,7 @@ var useMoonKey = function useMoonKey() {
837
837
  status: "start"
838
838
  },
839
839
  getSessionTokens: coreSDK.getSessionTokens,
840
+ getPresenceToken: coreSDK.getPresenceToken,
840
841
  start: coreSDK.start || function() {
841
842
  return Promise.resolve(null);
842
843
  },
@@ -885,13 +886,13 @@ var createPostMessageClient = function createPostMessageClient(contentWindow, _p
885
886
  };
886
887
  // src/hooks/use-oauth-callback-detection.ts
887
888
  var useOAuthCallbackDetection = function useOAuthCallbackDetection(param) {
888
- var isMounted = param.isMounted, isReady = param.isReady, publishableKey = param.publishableKey, iframeRef = param.iframeRef, onOAuthSuccess = param.onOAuthSuccess, onOAuthError = param.onOAuthError, setCurrentFlow = param.setCurrentFlow, setFlowData = param.setFlowData, setStartFlow = param.setStartFlow;
889
+ var isMounted = param.isMounted, isIframeReady = param.isIframeReady, publishableKey = param.publishableKey, iframeRef = param.iframeRef, onOAuthSuccess = param.onOAuthSuccess, onOAuthError = param.onOAuthError, setCurrentFlow = param.setCurrentFlow, setFlowData = param.setFlowData, setStartFlow = param.setStartFlow;
889
890
  if (typeof window === "undefined") {
890
891
  return;
891
892
  }
892
893
  useEffect4(function() {
893
894
  if (typeof window === "undefined") return;
894
- if (!isMounted || !isReady) return;
895
+ if (!isMounted || !isIframeReady) return;
895
896
  var checkForOAuthCallback = function checkForOAuthCallback() {
896
897
  if (typeof window === "undefined") return;
897
898
  try {
@@ -903,7 +904,7 @@ var useOAuthCallbackDetection = function useOAuthCallbackDetection(param) {
903
904
  token: token
904
905
  });
905
906
  setStartFlow === null || setStartFlow === void 0 ? void 0 : setStartFlow(true);
906
- setTimeout(function() {
907
+ void function() {
907
908
  return _async_to_generator(function() {
908
909
  var _iframeRef_current, client, error;
909
910
  return _ts_generator(this, function(_state) {
@@ -950,7 +951,7 @@ var useOAuthCallbackDetection = function useOAuthCallbackDetection(param) {
950
951
  }
951
952
  });
952
953
  })();
953
- }, 1500);
954
+ }();
954
955
  try {
955
956
  var newUrl = new URL(window.location.href);
956
957
  newUrl.searchParams.delete("token");
@@ -970,7 +971,7 @@ var useOAuthCallbackDetection = function useOAuthCallbackDetection(param) {
970
971
  };
971
972
  }, [
972
973
  isMounted,
973
- isReady,
974
+ isIframeReady,
974
975
  publishableKey,
975
976
  iframeRef,
976
977
  onOAuthSuccess,
@@ -1111,13 +1112,12 @@ var idTokenStorage = {
1111
1112
  import { sanitizeUserData, verifyIdToken } from "@moon-x/core/lib";
1112
1113
  // src/sdk/create-sdk-instance.ts
1113
1114
  import { PostMessageMethod as PostMessageMethod8, PostMessageType as PostMessageType9 } from "@moon-x/core/utils";
1114
- import { withClearOnFailure as withClearOnFailure3 } from "@moon-x/core/lib";
1115
- import { assertPasskeyInParent as assertPasskeyInParent3 } from "@moon-x/core/sdk";
1115
+ import { flattenPresenceTokens as flattenPresenceTokens3, getInternalPresenceTokens as getInternalPresenceTokens3 } from "@moon-x/core/sdk";
1116
1116
  import { createIframeTransport as createIframeTransport5, createWebAuthnPasskey as createWebAuthnPasskey4 } from "@moon-x/core/web";
1117
1117
  // src/sdk/sdk-ethereum-methods.ts
1118
1118
  import { PostMessageMethod as PostMessageMethod4, PostMessageType as PostMessageType5 } from "@moon-x/core/utils";
1119
- import { serializeEthereumTransaction, withClearOnFailure } from "@moon-x/core/lib";
1120
- import { assertPasskeyInParent, getHeadlessEthereumMethods } from "@moon-x/core/sdk";
1119
+ import { serializeEthereumTransaction } from "@moon-x/core/lib";
1120
+ import { flattenPresenceTokens, getHeadlessEthereumMethods, getInternalPresenceTokens } from "@moon-x/core/sdk";
1121
1121
  import { createIframeTransport, createWebAuthnPasskey } from "@moon-x/core/web";
1122
1122
  // src/sdk/register-one-shot.ts
1123
1123
  import { PostMessageServer as PostMessageServer4 } from "@moon-x/core/utils";
@@ -1136,6 +1136,10 @@ var registerOneShot = function registerOneShot(type, method, handler) {
1136
1136
  });
1137
1137
  };
1138
1138
  // src/sdk/sdk-ethereum-methods.ts
1139
+ var SCOPES_SIGN = [
1140
+ "keyshare_read",
1141
+ "sign"
1142
+ ];
1139
1143
  var getEthereumSDKMethods = function getEthereumSDKMethods(publishableKey, getIsReady, iframeRef, setCurrentFlow, setFlowData, setStartFlow) {
1140
1144
  var transport = createIframeTransport({
1141
1145
  getContentWindow: function getContentWindow() {
@@ -1152,7 +1156,8 @@ var getEthereumSDKMethods = function getEthereumSDKMethods(publishableKey, getIs
1152
1156
  var headless = getHeadlessEthereumMethods({
1153
1157
  transport: transport,
1154
1158
  passkey: passkey,
1155
- publishableKey: publishableKey
1159
+ publishableKey: publishableKey,
1160
+ relyingPartyOrigin: typeof window !== "undefined" ? window.location.origin : ""
1156
1161
  });
1157
1162
  return _object_spread_props(_object_spread({}, headless), {
1158
1163
  // *WithUI variants stay here — they orchestrate parent React state
@@ -1163,45 +1168,62 @@ var getEthereumSDKMethods = function getEthereumSDKMethods(publishableKey, getIs
1163
1168
  // (not before they've seen what they're authorizing).
1164
1169
  signEthereumMessageWithUI: function signEthereumMessageWithUI(params) {
1165
1170
  return _async_to_generator(function() {
1171
+ var _iframeRef_current, onAssertPasskey;
1166
1172
  return _ts_generator(this, function(_state) {
1173
+ if (!((_iframeRef_current = iframeRef.current) === null || _iframeRef_current === void 0 ? void 0 : _iframeRef_current.contentWindow)) throw new Error("SDK not ready");
1174
+ onAssertPasskey = function onAssertPasskey() {
1175
+ return _async_to_generator(function() {
1176
+ var _ref, userHandleB64url, credentialIdB64url, tokens;
1177
+ return _ts_generator(this, function(_state) {
1178
+ switch(_state.label){
1179
+ case 0:
1180
+ return [
1181
+ 4,
1182
+ getInternalPresenceTokens({
1183
+ transport: transport,
1184
+ passkey: passkey,
1185
+ publishableKey: publishableKey,
1186
+ relyingPartyOrigin: typeof window !== "undefined" ? window.location.origin : "",
1187
+ scopes: SCOPES_SIGN
1188
+ })
1189
+ ];
1190
+ case 1:
1191
+ _ref = _state.sent(), userHandleB64url = _ref.userHandleB64url, credentialIdB64url = _ref.credentialIdB64url, tokens = _ref.tokens;
1192
+ return [
1193
+ 2,
1194
+ {
1195
+ userHandleB64url: userHandleB64url,
1196
+ credentialIdB64url: credentialIdB64url,
1197
+ presenceTokens: flattenPresenceTokens({
1198
+ tokens: tokens,
1199
+ userHandleB64url: userHandleB64url,
1200
+ credentialIdB64url: credentialIdB64url
1201
+ })
1202
+ }
1203
+ ];
1204
+ }
1205
+ });
1206
+ })();
1207
+ };
1167
1208
  return [
1168
1209
  2,
1169
- withClearOnFailure(function() {
1170
- return _async_to_generator(function() {
1171
- var _iframeRef_current, onAssertPasskey;
1172
- return _ts_generator(this, function(_state) {
1173
- if (!((_iframeRef_current = iframeRef.current) === null || _iframeRef_current === void 0 ? void 0 : _iframeRef_current.contentWindow)) throw new Error("SDK not ready");
1174
- onAssertPasskey = function onAssertPasskey() {
1175
- return assertPasskeyInParent({
1176
- transport: transport,
1177
- passkey: passkey,
1178
- publishableKey: publishableKey,
1179
- requireFreshAssertion: params.requireFreshAssertion
1180
- });
1181
- };
1182
- return [
1183
- 2,
1184
- new Promise(function(resolve, reject) {
1185
- var _params_options;
1186
- registerOneShot(PostMessageType5.WALLET, PostMessageMethod4.SIGN_MESSAGE, function(payload) {
1187
- var _payload_signature;
1188
- if (payload.success) resolve({
1189
- signature: (_payload_signature = payload.signature) !== null && _payload_signature !== void 0 ? _payload_signature : ""
1190
- });
1191
- else reject(new Error(payload.error || "Sign message failed"));
1192
- });
1193
- setCurrentFlow("sign-message");
1194
- setFlowData({
1195
- message: params.message,
1196
- wallet: params.wallet,
1197
- uiOptions: (_params_options = params.options) === null || _params_options === void 0 ? void 0 : _params_options.uiOptions,
1198
- onAssertPasskey: onAssertPasskey
1199
- });
1200
- setStartFlow(true);
1201
- })
1202
- ];
1210
+ new Promise(function(resolve, reject) {
1211
+ var _params_options;
1212
+ registerOneShot(PostMessageType5.WALLET, PostMessageMethod4.SIGN_MESSAGE, function(payload) {
1213
+ var _payload_signature;
1214
+ if (payload.success) resolve({
1215
+ signature: (_payload_signature = payload.signature) !== null && _payload_signature !== void 0 ? _payload_signature : ""
1203
1216
  });
1204
- })();
1217
+ else reject(new Error(payload.error || "Sign message failed"));
1218
+ });
1219
+ setCurrentFlow("sign-message");
1220
+ setFlowData({
1221
+ message: params.message,
1222
+ wallet: params.wallet,
1223
+ uiOptions: (_params_options = params.options) === null || _params_options === void 0 ? void 0 : _params_options.uiOptions,
1224
+ onAssertPasskey: onAssertPasskey
1225
+ });
1226
+ setStartFlow(true);
1205
1227
  })
1206
1228
  ];
1207
1229
  });
@@ -1209,46 +1231,63 @@ var getEthereumSDKMethods = function getEthereumSDKMethods(publishableKey, getIs
1209
1231
  },
1210
1232
  signEthereumTransactionWithUI: function signEthereumTransactionWithUI(params) {
1211
1233
  return _async_to_generator(function() {
1234
+ var _iframeRef_current, onAssertPasskey;
1212
1235
  return _ts_generator(this, function(_state) {
1236
+ if (!((_iframeRef_current = iframeRef.current) === null || _iframeRef_current === void 0 ? void 0 : _iframeRef_current.contentWindow)) throw new Error("SDK not ready");
1237
+ onAssertPasskey = function onAssertPasskey() {
1238
+ return _async_to_generator(function() {
1239
+ var _ref, userHandleB64url, credentialIdB64url, tokens;
1240
+ return _ts_generator(this, function(_state) {
1241
+ switch(_state.label){
1242
+ case 0:
1243
+ return [
1244
+ 4,
1245
+ getInternalPresenceTokens({
1246
+ transport: transport,
1247
+ passkey: passkey,
1248
+ publishableKey: publishableKey,
1249
+ relyingPartyOrigin: typeof window !== "undefined" ? window.location.origin : "",
1250
+ scopes: SCOPES_SIGN
1251
+ })
1252
+ ];
1253
+ case 1:
1254
+ _ref = _state.sent(), userHandleB64url = _ref.userHandleB64url, credentialIdB64url = _ref.credentialIdB64url, tokens = _ref.tokens;
1255
+ return [
1256
+ 2,
1257
+ {
1258
+ userHandleB64url: userHandleB64url,
1259
+ credentialIdB64url: credentialIdB64url,
1260
+ presenceTokens: flattenPresenceTokens({
1261
+ tokens: tokens,
1262
+ userHandleB64url: userHandleB64url,
1263
+ credentialIdB64url: credentialIdB64url
1264
+ })
1265
+ }
1266
+ ];
1267
+ }
1268
+ });
1269
+ })();
1270
+ };
1213
1271
  return [
1214
1272
  2,
1215
- withClearOnFailure(function() {
1216
- return _async_to_generator(function() {
1217
- var _iframeRef_current, onAssertPasskey;
1218
- return _ts_generator(this, function(_state) {
1219
- if (!((_iframeRef_current = iframeRef.current) === null || _iframeRef_current === void 0 ? void 0 : _iframeRef_current.contentWindow)) throw new Error("SDK not ready");
1220
- onAssertPasskey = function onAssertPasskey() {
1221
- return assertPasskeyInParent({
1222
- transport: transport,
1223
- passkey: passkey,
1224
- publishableKey: publishableKey,
1225
- requireFreshAssertion: params.requireFreshAssertion
1226
- });
1227
- };
1228
- return [
1229
- 2,
1230
- new Promise(function(resolve, reject) {
1231
- registerOneShot(PostMessageType5.WALLET, PostMessageMethod4.SIGN_TRANSACTION, function(payload) {
1232
- var _payload_signature;
1233
- if (payload.success) resolve({
1234
- signature: (_payload_signature = payload.signature) !== null && _payload_signature !== void 0 ? _payload_signature : "",
1235
- serializedSigned: payload.serializedSigned,
1236
- hash: payload.hash
1237
- });
1238
- else reject(new Error(payload.error || "Sign transaction failed"));
1239
- });
1240
- setCurrentFlow("sign-transaction");
1241
- setFlowData({
1242
- serializedTransaction: params.transaction,
1243
- wallet: params.wallet,
1244
- options: params.options,
1245
- onAssertPasskey: onAssertPasskey
1246
- });
1247
- setStartFlow(true);
1248
- })
1249
- ];
1273
+ new Promise(function(resolve, reject) {
1274
+ registerOneShot(PostMessageType5.WALLET, PostMessageMethod4.SIGN_TRANSACTION, function(payload) {
1275
+ var _payload_signature;
1276
+ if (payload.success) resolve({
1277
+ signature: (_payload_signature = payload.signature) !== null && _payload_signature !== void 0 ? _payload_signature : "",
1278
+ serializedSigned: payload.serializedSigned,
1279
+ hash: payload.hash
1250
1280
  });
1251
- })();
1281
+ else reject(new Error(payload.error || "Sign transaction failed"));
1282
+ });
1283
+ setCurrentFlow("sign-transaction");
1284
+ setFlowData({
1285
+ serializedTransaction: params.transaction,
1286
+ wallet: params.wallet,
1287
+ options: params.options,
1288
+ onAssertPasskey: onAssertPasskey
1289
+ });
1290
+ setStartFlow(true);
1252
1291
  })
1253
1292
  ];
1254
1293
  });
@@ -1256,47 +1295,64 @@ var getEthereumSDKMethods = function getEthereumSDKMethods(publishableKey, getIs
1256
1295
  },
1257
1296
  signEthereumTypedDataWithUI: function signEthereumTypedDataWithUI(params) {
1258
1297
  return _async_to_generator(function() {
1298
+ var _iframeRef_current, onAssertPasskey;
1259
1299
  return _ts_generator(this, function(_state) {
1300
+ if (!((_iframeRef_current = iframeRef.current) === null || _iframeRef_current === void 0 ? void 0 : _iframeRef_current.contentWindow)) throw new Error("SDK not ready");
1301
+ onAssertPasskey = function onAssertPasskey() {
1302
+ return _async_to_generator(function() {
1303
+ var _ref, userHandleB64url, credentialIdB64url, tokens;
1304
+ return _ts_generator(this, function(_state) {
1305
+ switch(_state.label){
1306
+ case 0:
1307
+ return [
1308
+ 4,
1309
+ getInternalPresenceTokens({
1310
+ transport: transport,
1311
+ passkey: passkey,
1312
+ publishableKey: publishableKey,
1313
+ relyingPartyOrigin: typeof window !== "undefined" ? window.location.origin : "",
1314
+ scopes: SCOPES_SIGN
1315
+ })
1316
+ ];
1317
+ case 1:
1318
+ _ref = _state.sent(), userHandleB64url = _ref.userHandleB64url, credentialIdB64url = _ref.credentialIdB64url, tokens = _ref.tokens;
1319
+ return [
1320
+ 2,
1321
+ {
1322
+ userHandleB64url: userHandleB64url,
1323
+ credentialIdB64url: credentialIdB64url,
1324
+ presenceTokens: flattenPresenceTokens({
1325
+ tokens: tokens,
1326
+ userHandleB64url: userHandleB64url,
1327
+ credentialIdB64url: credentialIdB64url
1328
+ })
1329
+ }
1330
+ ];
1331
+ }
1332
+ });
1333
+ })();
1334
+ };
1260
1335
  return [
1261
1336
  2,
1262
- withClearOnFailure(function() {
1263
- return _async_to_generator(function() {
1264
- var _iframeRef_current, onAssertPasskey;
1265
- return _ts_generator(this, function(_state) {
1266
- if (!((_iframeRef_current = iframeRef.current) === null || _iframeRef_current === void 0 ? void 0 : _iframeRef_current.contentWindow)) throw new Error("SDK not ready");
1267
- onAssertPasskey = function onAssertPasskey() {
1268
- return assertPasskeyInParent({
1269
- transport: transport,
1270
- passkey: passkey,
1271
- publishableKey: publishableKey,
1272
- requireFreshAssertion: params.requireFreshAssertion
1273
- });
1274
- };
1275
- return [
1276
- 2,
1277
- new Promise(function(resolve, reject) {
1278
- registerOneShot(PostMessageType5.WALLET, PostMessageMethod4.SIGN_TYPED_DATA, function(payload) {
1279
- var _payload_signature;
1280
- if (payload.success) resolve({
1281
- signature: (_payload_signature = payload.signature) !== null && _payload_signature !== void 0 ? _payload_signature : ""
1282
- });
1283
- else reject(new Error(payload.error || "Sign typed data failed"));
1284
- });
1285
- setCurrentFlow("sign-typed-data");
1286
- setFlowData({
1287
- domain: params.domain,
1288
- types: params.types,
1289
- primaryType: params.primaryType,
1290
- message: params.message,
1291
- wallet: params.wallet,
1292
- options: params.options,
1293
- onAssertPasskey: onAssertPasskey
1294
- });
1295
- setStartFlow(true);
1296
- })
1297
- ];
1337
+ new Promise(function(resolve, reject) {
1338
+ registerOneShot(PostMessageType5.WALLET, PostMessageMethod4.SIGN_TYPED_DATA, function(payload) {
1339
+ var _payload_signature;
1340
+ if (payload.success) resolve({
1341
+ signature: (_payload_signature = payload.signature) !== null && _payload_signature !== void 0 ? _payload_signature : ""
1298
1342
  });
1299
- })();
1343
+ else reject(new Error(payload.error || "Sign typed data failed"));
1344
+ });
1345
+ setCurrentFlow("sign-typed-data");
1346
+ setFlowData({
1347
+ domain: params.domain,
1348
+ types: params.types,
1349
+ primaryType: params.primaryType,
1350
+ message: params.message,
1351
+ wallet: params.wallet,
1352
+ options: params.options,
1353
+ onAssertPasskey: onAssertPasskey
1354
+ });
1355
+ setStartFlow(true);
1300
1356
  })
1301
1357
  ];
1302
1358
  });
@@ -1304,44 +1360,61 @@ var getEthereumSDKMethods = function getEthereumSDKMethods(publishableKey, getIs
1304
1360
  },
1305
1361
  signEthereum7702AuthorizationWithUI: function signEthereum7702AuthorizationWithUI(params) {
1306
1362
  return _async_to_generator(function() {
1363
+ var _iframeRef_current, onAssertPasskey;
1307
1364
  return _ts_generator(this, function(_state) {
1365
+ if (!((_iframeRef_current = iframeRef.current) === null || _iframeRef_current === void 0 ? void 0 : _iframeRef_current.contentWindow)) throw new Error("SDK not ready");
1366
+ onAssertPasskey = function onAssertPasskey() {
1367
+ return _async_to_generator(function() {
1368
+ var _ref, userHandleB64url, credentialIdB64url, tokens;
1369
+ return _ts_generator(this, function(_state) {
1370
+ switch(_state.label){
1371
+ case 0:
1372
+ return [
1373
+ 4,
1374
+ getInternalPresenceTokens({
1375
+ transport: transport,
1376
+ passkey: passkey,
1377
+ publishableKey: publishableKey,
1378
+ relyingPartyOrigin: typeof window !== "undefined" ? window.location.origin : "",
1379
+ scopes: SCOPES_SIGN
1380
+ })
1381
+ ];
1382
+ case 1:
1383
+ _ref = _state.sent(), userHandleB64url = _ref.userHandleB64url, credentialIdB64url = _ref.credentialIdB64url, tokens = _ref.tokens;
1384
+ return [
1385
+ 2,
1386
+ {
1387
+ userHandleB64url: userHandleB64url,
1388
+ credentialIdB64url: credentialIdB64url,
1389
+ presenceTokens: flattenPresenceTokens({
1390
+ tokens: tokens,
1391
+ userHandleB64url: userHandleB64url,
1392
+ credentialIdB64url: credentialIdB64url
1393
+ })
1394
+ }
1395
+ ];
1396
+ }
1397
+ });
1398
+ })();
1399
+ };
1308
1400
  return [
1309
1401
  2,
1310
- withClearOnFailure(function() {
1311
- return _async_to_generator(function() {
1312
- var _iframeRef_current, onAssertPasskey;
1313
- return _ts_generator(this, function(_state) {
1314
- if (!((_iframeRef_current = iframeRef.current) === null || _iframeRef_current === void 0 ? void 0 : _iframeRef_current.contentWindow)) throw new Error("SDK not ready");
1315
- onAssertPasskey = function onAssertPasskey() {
1316
- return assertPasskeyInParent({
1317
- transport: transport,
1318
- passkey: passkey,
1319
- publishableKey: publishableKey,
1320
- requireFreshAssertion: params.requireFreshAssertion
1321
- });
1322
- };
1323
- return [
1324
- 2,
1325
- new Promise(function(resolve, reject) {
1326
- registerOneShot(PostMessageType5.WALLET, PostMessageMethod4.SIGN_7702_AUTHORIZATION, function(payload) {
1327
- if (payload.success) resolve(payload);
1328
- else reject(new Error(payload.error || "Sign EIP-7702 authorization failed"));
1329
- });
1330
- setCurrentFlow("sign-7702-authorization");
1331
- setFlowData({
1332
- contractAddress: params.contractAddress,
1333
- chainId: params.chainId,
1334
- nonce: params.nonce,
1335
- executor: params.executor,
1336
- wallet: params.wallet,
1337
- options: params.options,
1338
- onAssertPasskey: onAssertPasskey
1339
- });
1340
- setStartFlow(true);
1341
- })
1342
- ];
1343
- });
1344
- })();
1402
+ new Promise(function(resolve, reject) {
1403
+ registerOneShot(PostMessageType5.WALLET, PostMessageMethod4.SIGN_7702_AUTHORIZATION, function(payload) {
1404
+ if (payload.success) resolve(payload);
1405
+ else reject(new Error(payload.error || "Sign EIP-7702 authorization failed"));
1406
+ });
1407
+ setCurrentFlow("sign-7702-authorization");
1408
+ setFlowData({
1409
+ contractAddress: params.contractAddress,
1410
+ chainId: params.chainId,
1411
+ nonce: params.nonce,
1412
+ executor: params.executor,
1413
+ wallet: params.wallet,
1414
+ options: params.options,
1415
+ onAssertPasskey: onAssertPasskey
1416
+ });
1417
+ setStartFlow(true);
1345
1418
  })
1346
1419
  ];
1347
1420
  });
@@ -1349,60 +1422,77 @@ var getEthereumSDKMethods = function getEthereumSDKMethods(publishableKey, getIs
1349
1422
  },
1350
1423
  sendEthereumTransactionWithUI: function sendEthereumTransactionWithUI(params) {
1351
1424
  return _async_to_generator(function() {
1425
+ var _iframeRef_current, onAssertPasskey, serializedTransaction;
1352
1426
  return _ts_generator(this, function(_state) {
1353
- return [
1354
- 2,
1355
- withClearOnFailure(function() {
1356
- return _async_to_generator(function() {
1357
- var _iframeRef_current, onAssertPasskey, serializedTransaction;
1358
- return _ts_generator(this, function(_state) {
1359
- switch(_state.label){
1360
- case 0:
1361
- if (!((_iframeRef_current = iframeRef.current) === null || _iframeRef_current === void 0 ? void 0 : _iframeRef_current.contentWindow)) throw new Error("SDK not ready");
1362
- onAssertPasskey = function onAssertPasskey() {
1363
- return assertPasskeyInParent({
1364
- transport: transport,
1365
- passkey: passkey,
1366
- publishableKey: publishableKey,
1367
- requireFreshAssertion: params.requireFreshAssertion
1368
- });
1369
- };
1370
- return [
1371
- 4,
1372
- serializeEthereumTransaction(params.transaction)
1373
- ];
1374
- case 1:
1375
- serializedTransaction = _state.sent();
1376
- return [
1377
- 2,
1378
- new Promise(function(resolve, reject) {
1379
- var _params_options;
1380
- registerOneShot(PostMessageType5.WALLET, PostMessageMethod4.SEND_TRANSACTION, function(payload) {
1381
- var _payload_hash;
1382
- if (payload.success) resolve({
1383
- hash: (_payload_hash = payload.hash) !== null && _payload_hash !== void 0 ? _payload_hash : ""
1384
- });
1385
- else if (payload.cancelled) reject(new Error("User cancelled transaction"));
1386
- else reject(new Error(payload.error || "Send transaction failed"));
1387
- });
1388
- setCurrentFlow("send-ethereum-transaction");
1389
- setFlowData({
1390
- transaction: params.transaction,
1391
- serializedTransaction: serializedTransaction,
1392
- wallet: params.wallet,
1393
- options: params.options,
1394
- rpcUrl: params.rpcUrl,
1395
- network: (_params_options = params.options) === null || _params_options === void 0 ? void 0 : _params_options.network,
1396
- onAssertPasskey: onAssertPasskey
1397
- });
1398
- setStartFlow(true);
1399
- })
1400
- ];
1401
- }
1402
- });
1403
- })();
1404
- })
1405
- ];
1427
+ switch(_state.label){
1428
+ case 0:
1429
+ if (!((_iframeRef_current = iframeRef.current) === null || _iframeRef_current === void 0 ? void 0 : _iframeRef_current.contentWindow)) throw new Error("SDK not ready");
1430
+ onAssertPasskey = function onAssertPasskey() {
1431
+ return _async_to_generator(function() {
1432
+ var _ref, userHandleB64url, credentialIdB64url, tokens;
1433
+ return _ts_generator(this, function(_state) {
1434
+ switch(_state.label){
1435
+ case 0:
1436
+ return [
1437
+ 4,
1438
+ getInternalPresenceTokens({
1439
+ transport: transport,
1440
+ passkey: passkey,
1441
+ publishableKey: publishableKey,
1442
+ relyingPartyOrigin: typeof window !== "undefined" ? window.location.origin : "",
1443
+ scopes: SCOPES_SIGN
1444
+ })
1445
+ ];
1446
+ case 1:
1447
+ _ref = _state.sent(), userHandleB64url = _ref.userHandleB64url, credentialIdB64url = _ref.credentialIdB64url, tokens = _ref.tokens;
1448
+ return [
1449
+ 2,
1450
+ {
1451
+ userHandleB64url: userHandleB64url,
1452
+ credentialIdB64url: credentialIdB64url,
1453
+ presenceTokens: flattenPresenceTokens({
1454
+ tokens: tokens,
1455
+ userHandleB64url: userHandleB64url,
1456
+ credentialIdB64url: credentialIdB64url
1457
+ })
1458
+ }
1459
+ ];
1460
+ }
1461
+ });
1462
+ })();
1463
+ };
1464
+ return [
1465
+ 4,
1466
+ serializeEthereumTransaction(params.transaction)
1467
+ ];
1468
+ case 1:
1469
+ serializedTransaction = _state.sent();
1470
+ return [
1471
+ 2,
1472
+ new Promise(function(resolve, reject) {
1473
+ var _params_options;
1474
+ registerOneShot(PostMessageType5.WALLET, PostMessageMethod4.SEND_TRANSACTION, function(payload) {
1475
+ var _payload_hash;
1476
+ if (payload.success) resolve({
1477
+ hash: (_payload_hash = payload.hash) !== null && _payload_hash !== void 0 ? _payload_hash : ""
1478
+ });
1479
+ else if (payload.cancelled) reject(new Error("User cancelled transaction"));
1480
+ else reject(new Error(payload.error || "Send transaction failed"));
1481
+ });
1482
+ setCurrentFlow("send-ethereum-transaction");
1483
+ setFlowData({
1484
+ transaction: params.transaction,
1485
+ serializedTransaction: serializedTransaction,
1486
+ wallet: params.wallet,
1487
+ options: params.options,
1488
+ rpcUrl: params.rpcUrl,
1489
+ network: (_params_options = params.options) === null || _params_options === void 0 ? void 0 : _params_options.network,
1490
+ onAssertPasskey: onAssertPasskey
1491
+ });
1492
+ setStartFlow(true);
1493
+ })
1494
+ ];
1495
+ }
1406
1496
  });
1407
1497
  })();
1408
1498
  }
@@ -1410,8 +1500,7 @@ var getEthereumSDKMethods = function getEthereumSDKMethods(publishableKey, getIs
1410
1500
  };
1411
1501
  // src/sdk/sdk-methods.ts
1412
1502
  import { PostMessageMethod as PostMessageMethod6, PostMessageType as PostMessageType7 } from "@moon-x/core/utils";
1413
- import { clearParentAssertCache } from "@moon-x/core/lib";
1414
- import { getHeadlessGeneralMethods } from "@moon-x/core/sdk";
1503
+ import { getHeadlessGeneralMethods, getPresenceToken as headlessGetPresenceToken } from "@moon-x/core/sdk";
1415
1504
  import { createIframeTransport as createIframeTransport3, createLocalStorageKv, createWebAuthnPasskey as createWebAuthnPasskey2 } from "@moon-x/core/web";
1416
1505
  import { authState as authState2 } from "@moon-x/core/lib";
1417
1506
  // src/sdk/sdk-authentication-methods.ts
@@ -1419,7 +1508,7 @@ import { PostMessageMethod as PostMessageMethod5, PostMessageType as PostMessage
1419
1508
  import { getHeadlessAuthenticationMethods } from "@moon-x/core/sdk";
1420
1509
  import { createIframeTransport as createIframeTransport2 } from "@moon-x/core/web";
1421
1510
  import { authState } from "@moon-x/core/lib";
1422
- var getAuthenticationMethods = function getAuthenticationMethods(publishableKey, isMounted, getIsReady, iframeRef, setFlowState, emailConfig, setIsAuthenticated, setUser) {
1511
+ var getAuthenticationMethods = function getAuthenticationMethods(publishableKey, isMounted, getIsReady, iframeRef, setFlowState, setIsAuthenticated, setUser) {
1423
1512
  var transport = createIframeTransport2({
1424
1513
  getContentWindow: function getContentWindow() {
1425
1514
  var _ref;
@@ -1434,7 +1523,6 @@ var getAuthenticationMethods = function getAuthenticationMethods(publishableKey,
1434
1523
  var headless = getHeadlessAuthenticationMethods({
1435
1524
  transport: transport,
1436
1525
  publishableKey: publishableKey,
1437
- emailConfig: emailConfig,
1438
1526
  setIsAuthenticated: setIsAuthenticated,
1439
1527
  setUser: setUser
1440
1528
  });
@@ -1443,12 +1531,12 @@ var getAuthenticationMethods = function getAuthenticationMethods(publishableKey,
1443
1531
  * Send a one-time passcode to the user's email address. Wraps the
1444
1532
  * shared headless `sendCode` with web's setFlowState lifecycle so
1445
1533
  * the email-otp-verify modal can render loading/error/waiting-code
1446
- * states. Same status names the global machine has used since
1447
- * before the refactor (for back-compat with `useMoonKey().flowState`
1448
- * consumers that haven't migrated to the local-state `useLoginWithEmail`).
1534
+ * states. Returns the platform response (including the authoritative
1535
+ * `expires_at` unix timestamp) so headless consumers can render an
1536
+ * accurate countdown without making it up.
1449
1537
  */ sendCode: function sendCode(params) {
1450
1538
  return _async_to_generator(function() {
1451
- var _iframeRef_current, error, errorObj;
1539
+ var _iframeRef_current, response, error, errorObj;
1452
1540
  return _ts_generator(this, function(_state) {
1453
1541
  switch(_state.label){
1454
1542
  case 0:
@@ -1480,13 +1568,13 @@ var getAuthenticationMethods = function getAuthenticationMethods(publishableKey,
1480
1568
  headless.sendCode(params)
1481
1569
  ];
1482
1570
  case 2:
1483
- _state.sent();
1571
+ response = _state.sent();
1484
1572
  setFlowState({
1485
1573
  status: "waiting-code-input"
1486
1574
  });
1487
1575
  return [
1488
- 3,
1489
- 4
1576
+ 2,
1577
+ response
1490
1578
  ];
1491
1579
  case 3:
1492
1580
  error = _state.sent();
@@ -1778,7 +1866,7 @@ var getAuthenticationMethods = function getAuthenticationMethods(publishableKey,
1778
1866
  };
1779
1867
  };
1780
1868
  // src/sdk/sdk-methods.ts
1781
- var getSDKMethods = function getSDKMethods(publishableKey, isMounted, getIsReady, iframeRef, setCurrentFlow, setFlowData, setStartFlow, setFlowState, emailConfig, setIsAuthenticated, setUser, closeCallbackRef) {
1869
+ var getSDKMethods = function getSDKMethods(publishableKey, isMounted, getIsReady, iframeRef, setCurrentFlow, setFlowData, setStartFlow, setFlowState, setIsAuthenticated, setUser, closeCallbackRef) {
1782
1870
  var transport = createIframeTransport3({
1783
1871
  getContentWindow: function getContentWindow() {
1784
1872
  var _ref;
@@ -1797,10 +1885,14 @@ var getSDKMethods = function getSDKMethods(publishableKey, isMounted, getIsReady
1797
1885
  passkey: passkey,
1798
1886
  storage: storage,
1799
1887
  publishableKey: publishableKey,
1888
+ // window is defined in the browser context where this hook runs.
1889
+ // SSR rendering never reaches the factory because the SDK is gated
1890
+ // on the MoonKeyProvider's `useEffect`-mounted lifecycle.
1891
+ relyingPartyOrigin: typeof window !== "undefined" ? window.location.origin : "",
1800
1892
  setIsAuthenticated: setIsAuthenticated,
1801
1893
  setUser: setUser
1802
1894
  });
1803
- return _object_spread_props(_object_spread({}, getAuthenticationMethods(publishableKey, isMounted, getIsReady, iframeRef, setFlowState, emailConfig, setIsAuthenticated, setUser), headless), {
1895
+ return _object_spread_props(_object_spread({}, getAuthenticationMethods(publishableKey, isMounted, getIsReady, iframeRef, setFlowState, setIsAuthenticated, setUser), headless), {
1804
1896
  // Web override: logout must also reset the modal state machine
1805
1897
  // (`setCurrentFlow` / `setFlowData` / `setStartFlow`) AND clear the
1806
1898
  // localStorage id-token (idTokenStorage). The shared logout already
@@ -1839,7 +1931,6 @@ var getSDKMethods = function getSDKMethods(publishableKey, isMounted, getIsReady
1839
1931
  case 2:
1840
1932
  result = _state.sent();
1841
1933
  authState2.clear();
1842
- clearParentAssertCache();
1843
1934
  idTokenStorage.remove();
1844
1935
  setFlowData(null);
1845
1936
  setCurrentFlow("landing");
@@ -1873,6 +1964,35 @@ var getSDKMethods = function getSDKMethods(publishableKey, isMounted, getIsReady
1873
1964
  addPasskey: function addPasskey(_params) {
1874
1965
  return Promise.reject(new Error("addPasskey not initialized"));
1875
1966
  },
1967
+ // getPresenceToken: parent-side passkey step-up ceremony. Returns a
1968
+ // short-lived JWT (tt:"presence") that customer backends verify via
1969
+ // the app's JWKS to gate high-risk routes without rolling their own
1970
+ // session/step-up model. Must be invoked from inside a click handler so
1971
+ // transient activation is alive when WebAuthn fires.
1972
+ //
1973
+ // The strip of `response.userHandle` happens INSIDE getPresenceToken
1974
+ // (parent boundary, before iframe roundtrip). DEK material never
1975
+ // crosses the iframe → server boundary.
1976
+ getPresenceToken: function getPresenceToken() {
1977
+ return _async_to_generator(function() {
1978
+ var _iframeRef_current;
1979
+ return _ts_generator(this, function(_state) {
1980
+ if (!isMounted) throw new Error("SDK not ready");
1981
+ if (!getIsReady() || !((_iframeRef_current = iframeRef.current) === null || _iframeRef_current === void 0 ? void 0 : _iframeRef_current.contentWindow)) {
1982
+ throw new Error("SDK not ready");
1983
+ }
1984
+ return [
1985
+ 2,
1986
+ headlessGetPresenceToken({
1987
+ transport: transport,
1988
+ passkey: passkey,
1989
+ publishableKey: publishableKey,
1990
+ relyingPartyOrigin: window.location.origin
1991
+ })
1992
+ ];
1993
+ });
1994
+ })();
1995
+ },
1876
1996
  // hide: web-only — closes the parent-side modal. No shared analogue.
1877
1997
  hide: function hide() {
1878
1998
  if (!isMounted) return;
@@ -2066,9 +2186,13 @@ var getPasskeyMethods = function getPasskeyMethods(param) {
2066
2186
  };
2067
2187
  // src/sdk/sdk-solana-methods.ts
2068
2188
  import { PostMessageMethod as PostMessageMethod7, PostMessageType as PostMessageType8 } from "@moon-x/core/utils";
2069
- import { bs58ToBytes, withClearOnFailure as withClearOnFailure2 } from "@moon-x/core/lib";
2070
- import { assertPasskeyInParent as assertPasskeyInParent2, getHeadlessSolanaMethods } from "@moon-x/core/sdk";
2189
+ import { bs58ToBytes } from "@moon-x/core/lib";
2190
+ import { flattenPresenceTokens as flattenPresenceTokens2, getHeadlessSolanaMethods, getInternalPresenceTokens as getInternalPresenceTokens2 } from "@moon-x/core/sdk";
2071
2191
  import { createIframeTransport as createIframeTransport4, createWebAuthnPasskey as createWebAuthnPasskey3 } from "@moon-x/core/web";
2192
+ var SCOPES_SIGN2 = [
2193
+ "keyshare_read",
2194
+ "sign"
2195
+ ];
2072
2196
  var getSolanaSDKMethods = function getSolanaSDKMethods(publishableKey, getIsReady, iframeRef, setCurrentFlow, setFlowData, setStartFlow) {
2073
2197
  var transport = createIframeTransport4({
2074
2198
  getContentWindow: function getContentWindow() {
@@ -2085,7 +2209,8 @@ var getSolanaSDKMethods = function getSolanaSDKMethods(publishableKey, getIsRead
2085
2209
  var headless = getHeadlessSolanaMethods({
2086
2210
  transport: transport,
2087
2211
  passkey: passkey,
2088
- publishableKey: publishableKey
2212
+ publishableKey: publishableKey,
2213
+ relyingPartyOrigin: typeof window !== "undefined" ? window.location.origin : ""
2089
2214
  });
2090
2215
  return _object_spread_props(_object_spread({}, headless), {
2091
2216
  // WithUI variants — drive the auth-flow-renderer modal. Result
@@ -2093,72 +2218,89 @@ var getSolanaSDKMethods = function getSolanaSDKMethods(publishableKey, getIsRead
2093
2218
  // SolanaSign*Result's typed Uint8Array.
2094
2219
  signSolanaMessageWithUI: function signSolanaMessageWithUI(params) {
2095
2220
  return _async_to_generator(function() {
2221
+ var _iframeRef_current, onAssertPasskey;
2096
2222
  return _ts_generator(this, function(_state) {
2223
+ if (!((_iframeRef_current = iframeRef.current) === null || _iframeRef_current === void 0 ? void 0 : _iframeRef_current.contentWindow)) throw new Error("SDK not ready");
2224
+ onAssertPasskey = function onAssertPasskey() {
2225
+ return _async_to_generator(function() {
2226
+ var _ref, userHandleB64url, credentialIdB64url, tokens;
2227
+ return _ts_generator(this, function(_state) {
2228
+ switch(_state.label){
2229
+ case 0:
2230
+ return [
2231
+ 4,
2232
+ getInternalPresenceTokens2({
2233
+ transport: transport,
2234
+ passkey: passkey,
2235
+ publishableKey: publishableKey,
2236
+ relyingPartyOrigin: typeof window !== "undefined" ? window.location.origin : "",
2237
+ scopes: SCOPES_SIGN2
2238
+ })
2239
+ ];
2240
+ case 1:
2241
+ _ref = _state.sent(), userHandleB64url = _ref.userHandleB64url, credentialIdB64url = _ref.credentialIdB64url, tokens = _ref.tokens;
2242
+ return [
2243
+ 2,
2244
+ {
2245
+ userHandleB64url: userHandleB64url,
2246
+ credentialIdB64url: credentialIdB64url,
2247
+ presenceTokens: flattenPresenceTokens2({
2248
+ tokens: tokens,
2249
+ userHandleB64url: userHandleB64url,
2250
+ credentialIdB64url: credentialIdB64url
2251
+ })
2252
+ }
2253
+ ];
2254
+ }
2255
+ });
2256
+ })();
2257
+ };
2097
2258
  return [
2098
2259
  2,
2099
- withClearOnFailure2(function() {
2100
- return _async_to_generator(function() {
2101
- var _iframeRef_current, onAssertPasskey;
2102
- return _ts_generator(this, function(_state) {
2103
- if (!((_iframeRef_current = iframeRef.current) === null || _iframeRef_current === void 0 ? void 0 : _iframeRef_current.contentWindow)) throw new Error("SDK not ready");
2104
- onAssertPasskey = function onAssertPasskey() {
2105
- return assertPasskeyInParent2({
2106
- transport: transport,
2107
- passkey: passkey,
2108
- publishableKey: publishableKey,
2109
- requireFreshAssertion: params.requireFreshAssertion
2110
- });
2111
- };
2112
- return [
2113
- 2,
2114
- new Promise(function(resolve, reject) {
2115
- var _params_options;
2116
- registerOneShot(PostMessageType8.WALLET, PostMessageMethod7.SIGN_MESSAGE, function(payload) {
2117
- return _async_to_generator(function() {
2118
- var _tmp;
2119
- return _ts_generator(this, function(_state) {
2120
- switch(_state.label){
2121
- case 0:
2122
- if (!payload.success) return [
2123
- 3,
2124
- 2
2125
- ];
2126
- _tmp = {};
2127
- return [
2128
- 4,
2129
- bs58ToBytes(payload.signature)
2130
- ];
2131
- case 1:
2132
- resolve.apply(void 0, [
2133
- (_tmp.signature = _state.sent(), _tmp)
2134
- ]);
2135
- return [
2136
- 3,
2137
- 3
2138
- ];
2139
- case 2:
2140
- reject(new Error(payload.error || "Sign message failed"));
2141
- _state.label = 3;
2142
- case 3:
2143
- return [
2144
- 2
2145
- ];
2146
- }
2147
- });
2148
- })();
2149
- });
2150
- setCurrentFlow("sign-message");
2151
- setFlowData({
2152
- message: params.message,
2153
- wallet: params.wallet,
2154
- uiOptions: (_params_options = params.options) === null || _params_options === void 0 ? void 0 : _params_options.uiOptions,
2155
- onAssertPasskey: onAssertPasskey
2156
- });
2157
- setStartFlow(true);
2158
- })
2159
- ];
2160
- });
2161
- })();
2260
+ new Promise(function(resolve, reject) {
2261
+ var _params_options;
2262
+ registerOneShot(PostMessageType8.WALLET, PostMessageMethod7.SIGN_MESSAGE, function(payload) {
2263
+ return _async_to_generator(function() {
2264
+ var _tmp;
2265
+ return _ts_generator(this, function(_state) {
2266
+ switch(_state.label){
2267
+ case 0:
2268
+ if (!payload.success) return [
2269
+ 3,
2270
+ 2
2271
+ ];
2272
+ _tmp = {};
2273
+ return [
2274
+ 4,
2275
+ bs58ToBytes(payload.signature)
2276
+ ];
2277
+ case 1:
2278
+ resolve.apply(void 0, [
2279
+ (_tmp.signature = _state.sent(), _tmp)
2280
+ ]);
2281
+ return [
2282
+ 3,
2283
+ 3
2284
+ ];
2285
+ case 2:
2286
+ reject(new Error(payload.error || "Sign message failed"));
2287
+ _state.label = 3;
2288
+ case 3:
2289
+ return [
2290
+ 2
2291
+ ];
2292
+ }
2293
+ });
2294
+ })();
2295
+ });
2296
+ setCurrentFlow("sign-message");
2297
+ setFlowData({
2298
+ message: params.message,
2299
+ wallet: params.wallet,
2300
+ uiOptions: (_params_options = params.options) === null || _params_options === void 0 ? void 0 : _params_options.uiOptions,
2301
+ onAssertPasskey: onAssertPasskey
2302
+ });
2303
+ setStartFlow(true);
2162
2304
  })
2163
2305
  ];
2164
2306
  });
@@ -2166,71 +2308,88 @@ var getSolanaSDKMethods = function getSolanaSDKMethods(publishableKey, getIsRead
2166
2308
  },
2167
2309
  signSolanaTransactionWithUI: function signSolanaTransactionWithUI(params) {
2168
2310
  return _async_to_generator(function() {
2311
+ var _iframeRef_current, onAssertPasskey;
2169
2312
  return _ts_generator(this, function(_state) {
2313
+ if (!((_iframeRef_current = iframeRef.current) === null || _iframeRef_current === void 0 ? void 0 : _iframeRef_current.contentWindow)) throw new Error("SDK not ready");
2314
+ onAssertPasskey = function onAssertPasskey() {
2315
+ return _async_to_generator(function() {
2316
+ var _ref, userHandleB64url, credentialIdB64url, tokens;
2317
+ return _ts_generator(this, function(_state) {
2318
+ switch(_state.label){
2319
+ case 0:
2320
+ return [
2321
+ 4,
2322
+ getInternalPresenceTokens2({
2323
+ transport: transport,
2324
+ passkey: passkey,
2325
+ publishableKey: publishableKey,
2326
+ relyingPartyOrigin: typeof window !== "undefined" ? window.location.origin : "",
2327
+ scopes: SCOPES_SIGN2
2328
+ })
2329
+ ];
2330
+ case 1:
2331
+ _ref = _state.sent(), userHandleB64url = _ref.userHandleB64url, credentialIdB64url = _ref.credentialIdB64url, tokens = _ref.tokens;
2332
+ return [
2333
+ 2,
2334
+ {
2335
+ userHandleB64url: userHandleB64url,
2336
+ credentialIdB64url: credentialIdB64url,
2337
+ presenceTokens: flattenPresenceTokens2({
2338
+ tokens: tokens,
2339
+ userHandleB64url: userHandleB64url,
2340
+ credentialIdB64url: credentialIdB64url
2341
+ })
2342
+ }
2343
+ ];
2344
+ }
2345
+ });
2346
+ })();
2347
+ };
2170
2348
  return [
2171
2349
  2,
2172
- withClearOnFailure2(function() {
2173
- return _async_to_generator(function() {
2174
- var _iframeRef_current, onAssertPasskey;
2175
- return _ts_generator(this, function(_state) {
2176
- if (!((_iframeRef_current = iframeRef.current) === null || _iframeRef_current === void 0 ? void 0 : _iframeRef_current.contentWindow)) throw new Error("SDK not ready");
2177
- onAssertPasskey = function onAssertPasskey() {
2178
- return assertPasskeyInParent2({
2179
- transport: transport,
2180
- passkey: passkey,
2181
- publishableKey: publishableKey,
2182
- requireFreshAssertion: params.requireFreshAssertion
2183
- });
2184
- };
2185
- return [
2186
- 2,
2187
- new Promise(function(resolve, reject) {
2188
- registerOneShot(PostMessageType8.WALLET, PostMessageMethod7.SIGN_TRANSACTION, function(payload) {
2189
- return _async_to_generator(function() {
2190
- var _tmp;
2191
- return _ts_generator(this, function(_state) {
2192
- switch(_state.label){
2193
- case 0:
2194
- if (!payload.success) return [
2195
- 3,
2196
- 2
2197
- ];
2198
- _tmp = {};
2199
- return [
2200
- 4,
2201
- bs58ToBytes(payload.signedTransaction)
2202
- ];
2203
- case 1:
2204
- resolve.apply(void 0, [
2205
- (_tmp.signedTransaction = _state.sent(), _tmp)
2206
- ]);
2207
- return [
2208
- 3,
2209
- 3
2210
- ];
2211
- case 2:
2212
- reject(new Error(payload.error || "Sign transaction failed"));
2213
- _state.label = 3;
2214
- case 3:
2215
- return [
2216
- 2
2217
- ];
2218
- }
2219
- });
2220
- })();
2221
- });
2222
- setCurrentFlow("sign-transaction");
2223
- setFlowData({
2224
- serializedTransaction: params.transaction,
2225
- wallet: params.wallet,
2226
- options: params.options,
2227
- onAssertPasskey: onAssertPasskey
2228
- });
2229
- setStartFlow(true);
2230
- })
2231
- ];
2232
- });
2233
- })();
2350
+ new Promise(function(resolve, reject) {
2351
+ registerOneShot(PostMessageType8.WALLET, PostMessageMethod7.SIGN_TRANSACTION, function(payload) {
2352
+ return _async_to_generator(function() {
2353
+ var _tmp;
2354
+ return _ts_generator(this, function(_state) {
2355
+ switch(_state.label){
2356
+ case 0:
2357
+ if (!payload.success) return [
2358
+ 3,
2359
+ 2
2360
+ ];
2361
+ _tmp = {};
2362
+ return [
2363
+ 4,
2364
+ bs58ToBytes(payload.signedTransaction)
2365
+ ];
2366
+ case 1:
2367
+ resolve.apply(void 0, [
2368
+ (_tmp.signedTransaction = _state.sent(), _tmp)
2369
+ ]);
2370
+ return [
2371
+ 3,
2372
+ 3
2373
+ ];
2374
+ case 2:
2375
+ reject(new Error(payload.error || "Sign transaction failed"));
2376
+ _state.label = 3;
2377
+ case 3:
2378
+ return [
2379
+ 2
2380
+ ];
2381
+ }
2382
+ });
2383
+ })();
2384
+ });
2385
+ setCurrentFlow("sign-transaction");
2386
+ setFlowData({
2387
+ serializedTransaction: params.transaction,
2388
+ wallet: params.wallet,
2389
+ options: params.options,
2390
+ onAssertPasskey: onAssertPasskey
2391
+ });
2392
+ setStartFlow(true);
2234
2393
  })
2235
2394
  ];
2236
2395
  });
@@ -2238,73 +2397,90 @@ var getSolanaSDKMethods = function getSolanaSDKMethods(publishableKey, getIsRead
2238
2397
  },
2239
2398
  sendSolanaTransactionWithUI: function sendSolanaTransactionWithUI(params) {
2240
2399
  return _async_to_generator(function() {
2400
+ var _iframeRef_current, onAssertPasskey;
2241
2401
  return _ts_generator(this, function(_state) {
2402
+ if (!((_iframeRef_current = iframeRef.current) === null || _iframeRef_current === void 0 ? void 0 : _iframeRef_current.contentWindow)) throw new Error("SDK not ready");
2403
+ onAssertPasskey = function onAssertPasskey() {
2404
+ return _async_to_generator(function() {
2405
+ var _ref, userHandleB64url, credentialIdB64url, tokens;
2406
+ return _ts_generator(this, function(_state) {
2407
+ switch(_state.label){
2408
+ case 0:
2409
+ return [
2410
+ 4,
2411
+ getInternalPresenceTokens2({
2412
+ transport: transport,
2413
+ passkey: passkey,
2414
+ publishableKey: publishableKey,
2415
+ relyingPartyOrigin: typeof window !== "undefined" ? window.location.origin : "",
2416
+ scopes: SCOPES_SIGN2
2417
+ })
2418
+ ];
2419
+ case 1:
2420
+ _ref = _state.sent(), userHandleB64url = _ref.userHandleB64url, credentialIdB64url = _ref.credentialIdB64url, tokens = _ref.tokens;
2421
+ return [
2422
+ 2,
2423
+ {
2424
+ userHandleB64url: userHandleB64url,
2425
+ credentialIdB64url: credentialIdB64url,
2426
+ presenceTokens: flattenPresenceTokens2({
2427
+ tokens: tokens,
2428
+ userHandleB64url: userHandleB64url,
2429
+ credentialIdB64url: credentialIdB64url
2430
+ })
2431
+ }
2432
+ ];
2433
+ }
2434
+ });
2435
+ })();
2436
+ };
2242
2437
  return [
2243
2438
  2,
2244
- withClearOnFailure2(function() {
2245
- return _async_to_generator(function() {
2246
- var _iframeRef_current, onAssertPasskey;
2247
- return _ts_generator(this, function(_state) {
2248
- if (!((_iframeRef_current = iframeRef.current) === null || _iframeRef_current === void 0 ? void 0 : _iframeRef_current.contentWindow)) throw new Error("SDK not ready");
2249
- onAssertPasskey = function onAssertPasskey() {
2250
- return assertPasskeyInParent2({
2251
- transport: transport,
2252
- passkey: passkey,
2253
- publishableKey: publishableKey,
2254
- requireFreshAssertion: params.requireFreshAssertion
2255
- });
2256
- };
2257
- return [
2258
- 2,
2259
- new Promise(function(resolve, reject) {
2260
- registerOneShot(PostMessageType8.WALLET, PostMessageMethod7.SEND_TRANSACTION, function(payload) {
2261
- return _async_to_generator(function() {
2262
- var _tmp;
2263
- return _ts_generator(this, function(_state) {
2264
- switch(_state.label){
2265
- case 0:
2266
- if (!payload.success) return [
2267
- 3,
2268
- 2
2269
- ];
2270
- _tmp = {};
2271
- return [
2272
- 4,
2273
- bs58ToBytes(payload.signature)
2274
- ];
2275
- case 1:
2276
- resolve.apply(void 0, [
2277
- (_tmp.signature = _state.sent(), _tmp)
2278
- ]);
2279
- return [
2280
- 3,
2281
- 3
2282
- ];
2283
- case 2:
2284
- reject(new Error(payload.error || "Send transaction failed"));
2285
- _state.label = 3;
2286
- case 3:
2287
- return [
2288
- 2
2289
- ];
2290
- }
2291
- });
2292
- })();
2293
- });
2294
- setCurrentFlow("send-transaction");
2295
- setFlowData({
2296
- serializedTransaction: params.transaction,
2297
- walletAddress: params.wallet.public_address,
2298
- rpcUrl: params.rpcUrl,
2299
- wallet: params.wallet,
2300
- options: params.options,
2301
- onAssertPasskey: onAssertPasskey
2302
- });
2303
- setStartFlow(true);
2304
- })
2305
- ];
2306
- });
2307
- })();
2439
+ new Promise(function(resolve, reject) {
2440
+ registerOneShot(PostMessageType8.WALLET, PostMessageMethod7.SEND_TRANSACTION, function(payload) {
2441
+ return _async_to_generator(function() {
2442
+ var _tmp;
2443
+ return _ts_generator(this, function(_state) {
2444
+ switch(_state.label){
2445
+ case 0:
2446
+ if (!payload.success) return [
2447
+ 3,
2448
+ 2
2449
+ ];
2450
+ _tmp = {};
2451
+ return [
2452
+ 4,
2453
+ bs58ToBytes(payload.signature)
2454
+ ];
2455
+ case 1:
2456
+ resolve.apply(void 0, [
2457
+ (_tmp.signature = _state.sent(), _tmp)
2458
+ ]);
2459
+ return [
2460
+ 3,
2461
+ 3
2462
+ ];
2463
+ case 2:
2464
+ reject(new Error(payload.error || "Send transaction failed"));
2465
+ _state.label = 3;
2466
+ case 3:
2467
+ return [
2468
+ 2
2469
+ ];
2470
+ }
2471
+ });
2472
+ })();
2473
+ });
2474
+ setCurrentFlow("send-transaction");
2475
+ setFlowData({
2476
+ serializedTransaction: params.transaction,
2477
+ walletAddress: params.wallet.public_address,
2478
+ rpcUrl: params.rpcUrl,
2479
+ wallet: params.wallet,
2480
+ options: params.options,
2481
+ onAssertPasskey: onAssertPasskey
2482
+ });
2483
+ setStartFlow(true);
2308
2484
  })
2309
2485
  ];
2310
2486
  });
@@ -2313,6 +2489,10 @@ var getSolanaSDKMethods = function getSolanaSDKMethods(publishableKey, getIsRead
2313
2489
  });
2314
2490
  };
2315
2491
  // src/sdk/create-sdk-instance.ts
2492
+ var IMPORT_KEY_SCOPES = [
2493
+ "dek_bootstrap",
2494
+ "keyshare_write"
2495
+ ];
2316
2496
  var createSDKInstance = function createSDKInstance(publishableKey, isMounted, isReady, flowState, iframeRef, onError, onClose, setFlowState, setStartFlow, setCurrentFlow, setFlowData, authProviderConfig, getCurrentIsReady, setIsAuthenticated, setUser, closeCallbacksRef, getStartFlow, setAppearance, refreshUser) {
2317
2497
  var currentSuccessCallback = null;
2318
2498
  var currentErrorCallback = null;
@@ -2424,7 +2604,7 @@ var createSDKInstance = function createSDKInstance(publishableKey, isMounted, is
2424
2604
  },
2425
2605
  onError: onError,
2426
2606
  onClose: onClose
2427
- }, getSDKMethods(publishableKey, isMounted, getCurrentIsReady, iframeRef, setCurrentFlow, setFlowData, setStartFlow, setFlowState, authProviderConfig === null || authProviderConfig === void 0 ? void 0 : authProviderConfig.emailConfig, setIsAuthenticated, setUser, closeCallbacksRef), getPasskeyMethods({
2607
+ }, getSDKMethods(publishableKey, isMounted, getCurrentIsReady, iframeRef, setCurrentFlow, setFlowData, setStartFlow, setFlowState, setIsAuthenticated, setUser, closeCallbacksRef), getPasskeyMethods({
2428
2608
  isMounted: isMounted,
2429
2609
  getIsReady: getCurrentIsReady,
2430
2610
  iframeRef: iframeRef,
@@ -2440,100 +2620,103 @@ var createSDKInstance = function createSDKInstance(publishableKey, isMounted, is
2440
2620
  // Override getSDKMethods' importKey to support both headless and UI
2441
2621
  // modes. With a key provided, we forward straight to the iframe and
2442
2622
  // never open the modal. Without a key, we open the ImportWallet flow
2443
- // and resolve once the user submits inside the modal.
2623
+ // and let it run its own assert-on-CTA ceremony — minting tokens
2624
+ // here would mean the 30s single-use JWTs expire while the user
2625
+ // sits on the modal.
2444
2626
  //
2445
2627
  // Return shape MUST be { wallet: PublicWallet } to match the headless
2446
2628
  // contract in @moon-x/core/sdk/headless-general.ts → importKey. The
2447
2629
  // wrapper in wallets/ethereum.ts and wallets/solana.ts does
2448
2630
  // `result.wallet`, so a bare PublicWallet here causes downstream
2449
2631
  // `wallet.public_address` accesses to throw on undefined.
2450
- importKey: function importKey(walletType, key, options) {
2451
- var _iframeRef_current;
2452
- if (!isMounted) {
2453
- return Promise.reject(new Error("SDK not ready"));
2454
- }
2455
- if (!getCurrentIsReady() || !((_iframeRef_current = iframeRef.current) === null || _iframeRef_current === void 0 ? void 0 : _iframeRef_current.contentWindow)) {
2456
- return Promise.reject(new Error("SDK not ready"));
2457
- }
2458
- return withClearOnFailure3(function() {
2459
- return _async_to_generator(function() {
2460
- var _ref, userHandleB64url, credentialIdB64url, client, wallet;
2461
- return _ts_generator(this, function(_state) {
2462
- switch(_state.label){
2463
- case 0:
2464
- return [
2465
- 4,
2466
- assertPasskeyInParent3({
2467
- transport: createIframeTransport5({
2468
- getContentWindow: function getContentWindow() {
2469
- var _ref;
2470
- var _iframeRef_current;
2471
- return (_ref = (_iframeRef_current = iframeRef.current) === null || _iframeRef_current === void 0 ? void 0 : _iframeRef_current.contentWindow) !== null && _ref !== void 0 ? _ref : null;
2472
- },
2473
- isReady: function isReady() {
2474
- var _iframeRef_current;
2475
- return !!((_iframeRef_current = iframeRef.current) === null || _iframeRef_current === void 0 ? void 0 : _iframeRef_current.contentWindow);
2476
- }
2477
- }),
2478
- passkey: createWebAuthnPasskey4(),
2479
- publishableKey: publishableKey,
2480
- requireFreshAssertion: options === null || options === void 0 ? void 0 : options.requireFreshAssertion
2481
- })
2482
- ];
2483
- case 1:
2484
- _ref = _state.sent(), userHandleB64url = _ref.userHandleB64url, credentialIdB64url = _ref.credentialIdB64url;
2485
- if (!(key !== void 0)) return [
2486
- 3,
2487
- 3
2488
- ];
2489
- client = createPostMessageClient(iframeRef.current.contentWindow, publishableKey);
2490
- return [
2491
- 4,
2492
- client.send(PostMessageType9.WALLET, PostMessageMethod8.IMPORT_KEY, {
2493
- walletType: walletType,
2494
- key: key,
2495
- publishableKey: publishableKey,
2496
- userHandleB64url: userHandleB64url,
2497
- credentialIdB64url: credentialIdB64url
2498
- })
2499
- ];
2500
- case 2:
2501
- wallet = _state.sent();
2502
- return [
2503
- 2,
2504
- {
2505
- wallet: wallet
2506
- }
2507
- ];
2508
- case 3:
2509
- setCurrentFlow("import-key");
2510
- setFlowData({
2632
+ importKey: function importKey(walletType, key) {
2633
+ return _async_to_generator(function() {
2634
+ var _iframeRef_current, transport, _ref, userHandleB64url, credentialIdB64url, tokens, presenceTokens, client, wallet;
2635
+ return _ts_generator(this, function(_state) {
2636
+ switch(_state.label){
2637
+ case 0:
2638
+ if (!isMounted) throw new Error("SDK not ready");
2639
+ if (!getCurrentIsReady() || !((_iframeRef_current = iframeRef.current) === null || _iframeRef_current === void 0 ? void 0 : _iframeRef_current.contentWindow)) {
2640
+ throw new Error("SDK not ready");
2641
+ }
2642
+ if (!(key !== void 0)) return [
2643
+ 3,
2644
+ 3
2645
+ ];
2646
+ transport = createIframeTransport5({
2647
+ getContentWindow: function getContentWindow() {
2648
+ var _ref;
2649
+ var _iframeRef_current;
2650
+ return (_ref = (_iframeRef_current = iframeRef.current) === null || _iframeRef_current === void 0 ? void 0 : _iframeRef_current.contentWindow) !== null && _ref !== void 0 ? _ref : null;
2651
+ },
2652
+ isReady: function isReady() {
2653
+ var _iframeRef_current;
2654
+ return !!((_iframeRef_current = iframeRef.current) === null || _iframeRef_current === void 0 ? void 0 : _iframeRef_current.contentWindow);
2655
+ }
2656
+ });
2657
+ return [
2658
+ 4,
2659
+ getInternalPresenceTokens3({
2660
+ transport: transport,
2661
+ passkey: createWebAuthnPasskey4(),
2662
+ publishableKey: publishableKey,
2663
+ relyingPartyOrigin: typeof window !== "undefined" ? window.location.origin : "",
2664
+ scopes: IMPORT_KEY_SCOPES
2665
+ })
2666
+ ];
2667
+ case 1:
2668
+ _ref = _state.sent(), userHandleB64url = _ref.userHandleB64url, credentialIdB64url = _ref.credentialIdB64url, tokens = _ref.tokens;
2669
+ presenceTokens = flattenPresenceTokens3({
2670
+ tokens: tokens,
2671
+ userHandleB64url: userHandleB64url,
2672
+ credentialIdB64url: credentialIdB64url
2673
+ });
2674
+ client = createPostMessageClient(iframeRef.current.contentWindow, publishableKey);
2675
+ return [
2676
+ 4,
2677
+ client.send(PostMessageType9.WALLET, PostMessageMethod8.IMPORT_KEY, {
2511
2678
  walletType: walletType,
2679
+ key: key,
2680
+ publishableKey: publishableKey,
2512
2681
  userHandleB64url: userHandleB64url,
2513
- credentialIdB64url: credentialIdB64url
2514
- });
2515
- setStartFlow(true);
2516
- return [
2517
- 2,
2518
- new Promise(function(resolve, reject) {
2519
- currentSuccessCallback = function(data) {
2520
- currentSuccessCallback = null;
2521
- currentErrorCallback = null;
2522
- resolve({
2523
- wallet: data
2524
- });
2525
- };
2526
- currentErrorCallback = function(error) {
2527
- currentSuccessCallback = null;
2528
- currentErrorCallback = null;
2529
- reject(error);
2530
- };
2531
- })
2532
- ];
2533
- }
2534
- });
2535
- })();
2536
- });
2682
+ credentialIdB64url: credentialIdB64url,
2683
+ presenceTokens: presenceTokens
2684
+ })
2685
+ ];
2686
+ case 2:
2687
+ wallet = _state.sent();
2688
+ return [
2689
+ 2,
2690
+ {
2691
+ wallet: wallet
2692
+ }
2693
+ ];
2694
+ case 3:
2695
+ setCurrentFlow("import-key");
2696
+ setFlowData({
2697
+ walletType: walletType
2698
+ });
2699
+ setStartFlow(true);
2700
+ return [
2701
+ 2,
2702
+ new Promise(function(resolve, reject) {
2703
+ currentSuccessCallback = function(data) {
2704
+ currentSuccessCallback = null;
2705
+ currentErrorCallback = null;
2706
+ resolve({
2707
+ wallet: data
2708
+ });
2709
+ };
2710
+ currentErrorCallback = function(error) {
2711
+ currentSuccessCallback = null;
2712
+ currentErrorCallback = null;
2713
+ reject(error);
2714
+ };
2715
+ })
2716
+ ];
2717
+ }
2718
+ });
2719
+ })();
2537
2720
  }
2538
2721
  }), getSolanaSDKMethods(publishableKey, getCurrentIsReady, iframeRef, setCurrentFlow, setFlowData, setStartFlow), getEthereumSDKMethods(publishableKey, getCurrentIsReady, iframeRef, setCurrentFlow, setFlowData, setStartFlow));
2539
2722
  };
@@ -2605,6 +2788,8 @@ var getWalletErrorMessage = function getWalletErrorMessage(errorResponse) {
2605
2788
  };
2606
2789
  // src/components/flows/add-passkey/add-passkey.tsx
2607
2790
  import { PostMessageMethod as PostMessageMethod11, PostMessageType as PostMessageType12 } from "@moon-x/core/utils";
2791
+ import { flattenPresenceTokens as flattenPresenceTokens4, getInternalPresenceTokens as getInternalPresenceTokens4 } from "@moon-x/core/sdk";
2792
+ import { createWebAuthnPasskey as createWebAuthnPasskey5 } from "@moon-x/core/web";
2608
2793
  import { startRegistration } from "@simplewebauthn/browser";
2609
2794
  import { CheckCircle2, Fingerprint, KeyRound, Plus } from "lucide-react";
2610
2795
  import { useRef as useRef4, useState as useState11 } from "react";
@@ -2613,6 +2798,7 @@ import { PostMessageMethod as PostMessageMethod10, PostMessageType as PostMessag
2613
2798
  import { useEffect as useEffect5, useState as useState5 } from "react";
2614
2799
  // src/lib/iframe.ts
2615
2800
  import { PostMessageClient, PostMessageMethod as PostMessageMethod9, PostMessageType as PostMessageType10, getIframeOrigin, getIframeUrl } from "@moon-x/core";
2801
+ import { createIframeTransport as createIframeTransport6 } from "@moon-x/core/web";
2616
2802
  var getIframeClient = function getIframeClient(publishableKey) {
2617
2803
  var iframeId = arguments.length > 1 && arguments[1] !== void 0 ? arguments[1] : "moonkey-auth-iframe";
2618
2804
  var iframe = document.getElementById(iframeId);
@@ -2623,6 +2809,20 @@ var getIframeClient = function getIframeClient(publishableKey) {
2623
2809
  var iframeOrigin = getIframeOrigin(iframeUrl);
2624
2810
  return new PostMessageClient(iframe.contentWindow, iframeOrigin);
2625
2811
  };
2812
+ var getIframeTransport = function getIframeTransport() {
2813
+ var iframeId = arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : "moonkey-auth-iframe";
2814
+ return createIframeTransport6({
2815
+ getContentWindow: function getContentWindow() {
2816
+ var _ref;
2817
+ var iframe = document.getElementById(iframeId);
2818
+ return (_ref = iframe === null || iframe === void 0 ? void 0 : iframe.contentWindow) !== null && _ref !== void 0 ? _ref : null;
2819
+ },
2820
+ isReady: function isReady() {
2821
+ var iframe = document.getElementById(iframeId);
2822
+ return !!(iframe === null || iframe === void 0 ? void 0 : iframe.contentWindow);
2823
+ }
2824
+ });
2825
+ };
2626
2826
  var closeIframe = function closeIframe(publishableKey) {
2627
2827
  var iframe = getIframeClient(publishableKey);
2628
2828
  if (!iframe) {
@@ -3638,14 +3838,50 @@ function AddressPill(param) {
3638
3838
  });
3639
3839
  }
3640
3840
  // src/components/vanilla-ui/error-box.tsx
3841
+ import { AlertCircle } from "lucide-react";
3641
3842
  import { jsx as jsx11, jsxs as jsxs7 } from "react/jsx-runtime";
3642
3843
  function ErrorBox(param) {
3643
- var children = param.children, icon = param.icon, className = param.className, style = param.style;
3644
- return /* @__PURE__ */ jsxs7("div", {
3844
+ var children = param.children, icon = param.icon, _param_variant = param.variant, variant = _param_variant === void 0 ? "boxed" : _param_variant, align = param.align, className = param.className, style = param.style;
3845
+ var a11yProps = {
3846
+ role: "alert",
3847
+ "aria-live": "polite"
3848
+ };
3849
+ if (variant === "inline") {
3850
+ var resolvedAlign = align !== null && align !== void 0 ? align : "left";
3851
+ var resolvedIcon = icon === null ? null : icon !== null && icon !== void 0 ? icon : /* @__PURE__ */ jsx11(AlertCircle, {
3852
+ size: 14,
3853
+ strokeWidth: 2,
3854
+ style: {
3855
+ flexShrink: 0
3856
+ },
3857
+ "aria-hidden": "true"
3858
+ });
3859
+ return /* @__PURE__ */ jsxs7("div", _object_spread_props(_object_spread({}, a11yProps), {
3860
+ className: cx("moonkey-text--error", className),
3861
+ style: _object_spread({
3862
+ fontSize: "0.875rem",
3863
+ color: "var(--moonkey-color-error)",
3864
+ textAlign: resolvedAlign,
3865
+ display: "flex",
3866
+ alignItems: "center",
3867
+ gap: "0.375rem"
3868
+ }, resolvedAlign === "center" && {
3869
+ justifyContent: "center"
3870
+ }, style),
3871
+ children: [
3872
+ resolvedIcon,
3873
+ /* @__PURE__ */ jsx11("span", {
3874
+ children: children
3875
+ })
3876
+ ]
3877
+ }));
3878
+ }
3879
+ return /* @__PURE__ */ jsxs7("div", _object_spread_props(_object_spread({}, a11yProps), {
3645
3880
  className: cx("moonkey-box moonkey-box--warning", className),
3646
3881
  style: style,
3647
3882
  children: [
3648
3883
  icon && /* @__PURE__ */ jsx11("span", {
3884
+ "aria-hidden": "true",
3649
3885
  style: {
3650
3886
  flexShrink: 0,
3651
3887
  marginTop: "0.125rem",
@@ -3656,14 +3892,17 @@ function ErrorBox(param) {
3656
3892
  children: icon
3657
3893
  }),
3658
3894
  /* @__PURE__ */ jsx11("span", {
3659
- style: {
3895
+ style: _object_spread({
3660
3896
  fontSize: "0.875rem",
3661
3897
  color: "var(--moonkey-color-error)"
3662
- },
3898
+ }, align === "center" && {
3899
+ textAlign: "center",
3900
+ flex: 1
3901
+ }),
3663
3902
  children: children
3664
3903
  })
3665
3904
  ]
3666
- });
3905
+ }));
3667
3906
  }
3668
3907
  // src/components/vanilla-ui/success-box.tsx
3669
3908
  import { jsx as jsx12, jsxs as jsxs8 } from "react/jsx-runtime";
@@ -3732,6 +3971,10 @@ function DetailRow(param) {
3732
3971
  }
3733
3972
  // src/components/flows/add-passkey/add-passkey.tsx
3734
3973
  import { jsx as jsx16, jsxs as jsxs10 } from "react/jsx-runtime";
3974
+ var ADD_PASSKEY_SCOPES = [
3975
+ "passkey_enroll",
3976
+ "wrap_add"
3977
+ ];
3735
3978
  var SUCCESS_AUTO_CLOSE_MS = 3e3;
3736
3979
  var generateUserIdB64url = function generateUserIdB64url() {
3737
3980
  var bytes = crypto.getRandomValues(new Uint8Array(32));
@@ -3778,20 +4021,12 @@ var AddPasskey = function AddPasskey(param) {
3778
4021
  };
3779
4022
  var handleUnlock = function handleUnlock() {
3780
4023
  return _async_to_generator(function() {
3781
- var client, _dekInfo_allow_credential_ids_b64url, dekInfo, allowList, challenge, credential, assertion, credentialIdB64url, error;
4024
+ var _dekInfo_allow_credential_ids_b64url, transport, dekInfo, allowList, _ref, userHandleB64url, credentialIdB64url, tokens, error;
3782
4025
  return _ts_generator(this, function(_state) {
3783
4026
  switch(_state.label){
3784
4027
  case 0:
3785
4028
  setErrorMessage(null);
3786
4029
  setStep("unlocking");
3787
- client = getIframeClient(publishableKey);
3788
- if (!client) {
3789
- setErrorMessage("SDK not initialized");
3790
- setStep("error");
3791
- return [
3792
- 2
3793
- ];
3794
- }
3795
4030
  _state.label = 1;
3796
4031
  case 1:
3797
4032
  _state.trys.push([
@@ -3800,48 +4035,39 @@ var AddPasskey = function AddPasskey(param) {
3800
4035
  ,
3801
4036
  5
3802
4037
  ]);
4038
+ transport = getIframeTransport();
3803
4039
  return [
3804
4040
  4,
3805
- client.send(PostMessageType12.AUTH, PostMessageMethod11.GET_DEK_INFO, {
4041
+ transport.send(PostMessageType12.AUTH, PostMessageMethod11.GET_DEK_INFO, {
3806
4042
  publishableKey: publishableKey
3807
4043
  })
3808
4044
  ];
3809
4045
  case 2:
3810
4046
  dekInfo = _state.sent();
3811
4047
  allowList = (_dekInfo_allow_credential_ids_b64url = dekInfo.allow_credential_ids_b64url) !== null && _dekInfo_allow_credential_ids_b64url !== void 0 ? _dekInfo_allow_credential_ids_b64url : [];
3812
- if (allowList.length === 0) {
3813
- throw new Error("passkey_required");
3814
- }
3815
- if (!dekInfo.rp_id) {
3816
- throw new Error("webauthn_rp_id_not_configured");
3817
- }
3818
- challenge = crypto.getRandomValues(new Uint8Array(32));
3819
4048
  return [
3820
4049
  4,
3821
- navigator.credentials.get({
3822
- publicKey: {
3823
- challenge: challenge,
3824
- // Configured `webauthn.rp_id` (apex), not the page hostname,
3825
- // so credentials registered under the apex are surfaced even
3826
- // when the SDK is running on a subdomain.
3827
- rpId: dekInfo.rp_id,
3828
- userVerification: "preferred",
3829
- allowCredentials: []
3830
- }
4050
+ getInternalPresenceTokens4({
4051
+ transport: transport,
4052
+ passkey: createWebAuthnPasskey5(),
4053
+ publishableKey: publishableKey,
4054
+ relyingPartyOrigin: window.location.origin,
4055
+ scopes: ADD_PASSKEY_SCOPES
3831
4056
  })
3832
4057
  ];
3833
4058
  case 3:
3834
- credential = _state.sent();
3835
- if (!credential) throw new Error("passkey_assertion_cancelled");
3836
- assertion = credential.response;
3837
- if (!assertion.userHandle) throw new Error("user_handle_missing");
3838
- credentialIdB64url = bytesToB64url(new Uint8Array(credential.rawId));
4059
+ _ref = _state.sent(), userHandleB64url = _ref.userHandleB64url, credentialIdB64url = _ref.credentialIdB64url, tokens = _ref.tokens;
3839
4060
  if (!allowList.includes(credentialIdB64url)) {
3840
4061
  throw new Error("unknown_passkey_for_this_account");
3841
4062
  }
3842
4063
  unlockResult.current = {
3843
- userHandleB64url: bytesToB64url(new Uint8Array(assertion.userHandle)),
3844
- credentialIdB64url: credentialIdB64url
4064
+ userHandleB64url: userHandleB64url,
4065
+ credentialIdB64url: credentialIdB64url,
4066
+ presenceTokens: flattenPresenceTokens4({
4067
+ tokens: tokens,
4068
+ userHandleB64url: userHandleB64url,
4069
+ credentialIdB64url: credentialIdB64url
4070
+ })
3845
4071
  };
3846
4072
  setStep("enroll-prompt");
3847
4073
  return [
@@ -3936,7 +4162,11 @@ var AddPasskey = function AddPasskey(param) {
3936
4162
  publishableKey: publishableKey,
3937
4163
  relyingPartyOrigin: window.location.origin,
3938
4164
  token: beginResult.token,
3939
- credential: newCredential
4165
+ credential: newCredential,
4166
+ // passkey_enroll token from the unlock assertion. Server's
4167
+ // RequirePresenceUnlessFirstCredential middleware enforces
4168
+ // presence on second-and-onwards enrollments.
4169
+ presenceTokens: unlockResult.current.presenceTokens
3940
4170
  })
3941
4171
  ];
3942
4172
  case 4:
@@ -3949,7 +4179,11 @@ var AddPasskey = function AddPasskey(param) {
3949
4179
  unlockUserHandleB64url: unlockResult.current.userHandleB64url,
3950
4180
  unlockCredentialIdB64url: unlockResult.current.credentialIdB64url,
3951
4181
  newUserHandleB64url: newUserHandleB64url,
3952
- newCredentialIdB64url: newCredentialIdB64url
4182
+ newCredentialIdB64url: newCredentialIdB64url,
4183
+ // wrap_add token from the unlock assertion. Single-use; once
4184
+ // /auth/wallet/wraps POST consumes it, replay is rejected by
4185
+ // the jti burn table.
4186
+ presenceTokens: unlockResult.current.presenceTokens
3953
4187
  })
3954
4188
  ];
3955
4189
  case 5:
@@ -4256,7 +4490,7 @@ var formatCurrency = function formatCurrency(value) {
4256
4490
  // src/components/flows/email-otp-flow/email-otp-input.tsx
4257
4491
  import { Fragment as Fragment2, jsx as jsx17, jsxs as jsxs11 } from "react/jsx-runtime";
4258
4492
  var EmailOtpInput = function EmailOtpInput(param) {
4259
- var publishableKey = param.publishableKey, expiresIn = param.expiresIn, prefillEmail = param.prefillEmail, onSuccess = param.onSuccess, onError = param.onError;
4493
+ var publishableKey = param.publishableKey, prefillEmail = param.prefillEmail, onSuccess = param.onSuccess, onError = param.onError;
4260
4494
  var _useState12 = _sliced_to_array(useState12(false), 2), isProcessing = _useState12[0], setIsProcessing = _useState12[1];
4261
4495
  var _useState121 = _sliced_to_array(useState12(prefillEmail || ""), 2), email = _useState121[0], setEmail = _useState121[1];
4262
4496
  var _useState122 = _sliced_to_array(useState12(false), 2), hasPrefetched = _useState122[0], setHasPrefetched = _useState122[1];
@@ -4291,13 +4525,12 @@ var EmailOtpInput = function EmailOtpInput(param) {
4291
4525
  };
4292
4526
  var handleEmailSubmit = function handleEmailSubmit() {
4293
4527
  return _async_to_generator(function() {
4294
- var client, error;
4528
+ var client, response, error, errorObj;
4295
4529
  return _ts_generator(this, function(_state) {
4296
4530
  switch(_state.label){
4297
4531
  case 0:
4298
4532
  if (!isEmailValid) return [
4299
- 3,
4300
- 4
4533
+ 2
4301
4534
  ];
4302
4535
  setIsProcessing(true);
4303
4536
  _state.label = 1;
@@ -4305,8 +4538,8 @@ var EmailOtpInput = function EmailOtpInput(param) {
4305
4538
  _state.trys.push([
4306
4539
  1,
4307
4540
  3,
4308
- ,
4309
- 4
4541
+ 4,
4542
+ 5
4310
4543
  ]);
4311
4544
  client = getIframeClient(publishableKey);
4312
4545
  if (!client) {
@@ -4319,27 +4552,34 @@ var EmailOtpInput = function EmailOtpInput(param) {
4319
4552
  4,
4320
4553
  client.send(PostMessageType13.AUTH, PostMessageMethod12.LOGIN_CREATE, {
4321
4554
  publishableKey: publishableKey,
4322
- email: email,
4323
- expiresIn: expiresIn
4555
+ email: email
4324
4556
  })
4325
4557
  ];
4326
4558
  case 2:
4327
- _state.sent();
4328
- onSuccess(email);
4559
+ response = _state.sent();
4560
+ onSuccess({
4561
+ email: email,
4562
+ expires_at: response === null || response === void 0 ? void 0 : response.expires_at
4563
+ });
4329
4564
  return [
4330
4565
  3,
4331
- 4
4566
+ 5
4332
4567
  ];
4333
4568
  case 3:
4334
4569
  error = _state.sent();
4335
4570
  console.error("Failed to send OTP:", error);
4336
- setIsProcessing(false);
4337
- onError(error);
4571
+ errorObj = _instanceof(error, Error) ? error : new Error(String(error));
4572
+ onError(errorObj);
4338
4573
  return [
4339
4574
  3,
4340
- 4
4575
+ 5
4341
4576
  ];
4342
4577
  case 4:
4578
+ setIsProcessing(false);
4579
+ return [
4580
+ 7
4581
+ ];
4582
+ case 5:
4343
4583
  return [
4344
4584
  2
4345
4585
  ];
@@ -4760,16 +5000,17 @@ var i18n_default = i18n;
4760
5000
  // src/components/flows/email-otp-flow/email-otp-verify.tsx
4761
5001
  import { Fragment as Fragment3, jsx as jsx18, jsxs as jsxs12 } from "react/jsx-runtime";
4762
5002
  var EmailOtpVerify = function EmailOtpVerify(param) {
4763
- var config = param.config, publishableKey = param.publishableKey, language = param.language, expiresIn = param.expiresIn, emailOtpSendResponse = param.emailOtpSendResponse, onSuccess = param.onSuccess, onBackPress = param.onBackPress, onFlowStateChange = param.onFlowStateChange, propsIsDark = param.isDark;
5003
+ var config = param.config, publishableKey = param.publishableKey, language = param.language, emailOtpSendResponse = param.emailOtpSendResponse, onSuccess = param.onSuccess, onBackPress = param.onBackPress, onFlowStateChange = param.onFlowStateChange, propsIsDark = param.isDark;
4764
5004
  var _ref;
4765
5005
  var _config_config, _config_config_appearance, _config_config1, _config_config_appearance1, _config_config2, _config_config3, _config_config4, _config_config_emailConfig, _config_config5, _config_config_emailConfig1, _config_config6;
4766
5006
  var _useState13 = _sliced_to_array(useState13(""), 2), otp = _useState13[0], setOtp = _useState13[1];
4767
5007
  var _useState131 = _sliced_to_array(useState13(false), 2), isLoading = _useState131[0], setIsLoading = _useState131[1];
4768
5008
  var _useState132 = _sliced_to_array(useState13(false), 2), isResending = _useState132[0], setIsResending = _useState132[1];
4769
- var _useState133 = _sliced_to_array(useState13(expiresIn !== null && expiresIn !== void 0 ? expiresIn : DEFAULT_COUNTDOWN_TIME), 2), countdown = _useState133[0], setCountdown = _useState133[1];
4770
- var _useState134 = _sliced_to_array(useState13(false), 2), canResend = _useState134[0], setCanResend = _useState134[1];
5009
+ var _useState133 = _sliced_to_array(useState13(false), 2), canResend = _useState133[0], setCanResend = _useState133[1];
5010
+ var _useState134 = _sliced_to_array(useState13(0), 2), resendCooldownEpoch = _useState134[0], setResendCooldownEpoch = _useState134[1];
4771
5011
  var _useState135 = _sliced_to_array(useState13("idle"), 2), validationState = _useState135[0], setValidationState = _useState135[1];
4772
5012
  var _useState136 = _sliced_to_array(useState13(""), 2), errorMessage = _useState136[0], setErrorMessage = _useState136[1];
5013
+ var _useState137 = _sliced_to_array(useState13(null), 2), resendError = _useState137[0], setResendError = _useState137[1];
4773
5014
  var t = useTranslation().t;
4774
5015
  var isDark = propsIsDark !== void 0 ? propsIsDark : isDarkMode(config === null || config === void 0 ? void 0 : (_config_config = config.config) === null || _config_config === void 0 ? void 0 : _config_config.theme, config === null || config === void 0 ? void 0 : (_config_config1 = config.config) === null || _config_config1 === void 0 ? void 0 : (_config_config_appearance = _config_config1.appearance) === null || _config_config_appearance === void 0 ? void 0 : _config_config_appearance.displayMode, config === null || config === void 0 ? void 0 : (_config_config2 = config.config) === null || _config_config2 === void 0 ? void 0 : (_config_config_appearance1 = _config_config2.appearance) === null || _config_config_appearance1 === void 0 ? void 0 : _config_config_appearance1.backgroundColor);
4775
5016
  useEffect9(function() {
@@ -4779,39 +5020,20 @@ var EmailOtpVerify = function EmailOtpVerify(param) {
4779
5020
  }, [
4780
5021
  language
4781
5022
  ]);
4782
- useEffect9(function() {
4783
- if (countdown * 60 > 0) {
4784
- var timer = setTimeout(function() {
4785
- setCountdown(countdown * 60 - 1);
4786
- }, 1e3);
4787
- return function() {
4788
- return clearTimeout(timer);
4789
- };
4790
- } else {
4791
- setCanResend(true);
4792
- }
4793
- }, [
4794
- countdown
4795
- ]);
4796
5023
  var calculateResendCodeTime = function calculateResendCodeTime() {
4797
5024
  var _ref;
4798
5025
  var _config_config_emailConfig, _config_config;
4799
5026
  var resendCodeTime = (_ref = config === null || config === void 0 ? void 0 : (_config_config = config.config) === null || _config_config === void 0 ? void 0 : (_config_config_emailConfig = _config_config.emailConfig) === null || _config_config_emailConfig === void 0 ? void 0 : _config_config_emailConfig.resendCodeTime) !== null && _ref !== void 0 ? _ref : DEFAULT_COUNTDOWN_TIME;
4800
- if (resendCodeTime && resendCodeTime > 1) {
4801
- return resendCodeTime * 60;
4802
- }
4803
- return DEFAULT_COUNTDOWN_TIME * 60;
5027
+ return resendCodeTime > 0 ? resendCodeTime : DEFAULT_COUNTDOWN_TIME;
4804
5028
  };
4805
5029
  var handleResendCode = function handleResendCode() {
4806
5030
  return _async_to_generator(function() {
4807
- var client, error;
5031
+ var client, error, errorObj;
4808
5032
  return _ts_generator(this, function(_state) {
4809
5033
  switch(_state.label){
4810
5034
  case 0:
4811
5035
  setIsResending(true);
4812
- setValidationState("idle");
4813
- setErrorMessage("");
4814
- setOtp("");
5036
+ setResendError(null);
4815
5037
  _state.label = 1;
4816
5038
  case 1:
4817
5039
  _state.trys.push([
@@ -4822,8 +5044,11 @@ var EmailOtpVerify = function EmailOtpVerify(param) {
4822
5044
  ]);
4823
5045
  client = getIframeClient(publishableKey);
4824
5046
  if (!client) {
4825
- setValidationState("error");
4826
- setErrorMessage("Failed to resend OTP");
5047
+ setResendError("Failed to resend OTP");
5048
+ setResendCooldownEpoch(function(n) {
5049
+ return n + 1;
5050
+ });
5051
+ setCanResend(false);
4827
5052
  return [
4828
5053
  2
4829
5054
  ];
@@ -4832,13 +5057,17 @@ var EmailOtpVerify = function EmailOtpVerify(param) {
4832
5057
  4,
4833
5058
  client.send(PostMessageType14.AUTH, PostMessageMethod13.LOGIN_CREATE, {
4834
5059
  publishableKey: publishableKey,
4835
- email: emailOtpSendResponse.email,
4836
- expiresIn: expiresIn
5060
+ email: emailOtpSendResponse.email
4837
5061
  })
4838
5062
  ];
4839
5063
  case 2:
4840
5064
  _state.sent();
4841
- setCountdown(calculateResendCodeTime());
5065
+ setOtp("");
5066
+ setValidationState("idle");
5067
+ setErrorMessage("");
5068
+ setResendCooldownEpoch(function(n) {
5069
+ return n + 1;
5070
+ });
4842
5071
  setCanResend(false);
4843
5072
  return [
4844
5073
  3,
@@ -4846,8 +5075,16 @@ var EmailOtpVerify = function EmailOtpVerify(param) {
4846
5075
  ];
4847
5076
  case 3:
4848
5077
  error = _state.sent();
4849
- setValidationState("error");
4850
- setErrorMessage("Failed to re-send OTP");
5078
+ errorObj = _instanceof(error, Error) ? error : new Error(String(error));
5079
+ setResendError(errorObj.message || "Failed to re-send OTP");
5080
+ setResendCooldownEpoch(function(n) {
5081
+ return n + 1;
5082
+ });
5083
+ setCanResend(false);
5084
+ onFlowStateChange === null || onFlowStateChange === void 0 ? void 0 : onFlowStateChange({
5085
+ status: "error",
5086
+ error: errorObj
5087
+ });
4851
5088
  return [
4852
5089
  3,
4853
5090
  5
@@ -5060,12 +5297,10 @@ var EmailOtpVerify = function EmailOtpVerify(param) {
5060
5297
  ]
5061
5298
  })
5062
5299
  }),
5063
- validationState === "error" && /* @__PURE__ */ jsxs12("div", {
5064
- className: "moonkey-text--error moonkey-text--center",
5065
- children: [
5066
- "\u2717 ",
5067
- errorMessage
5068
- ]
5300
+ validationState === "error" && /* @__PURE__ */ jsx18(ErrorBox, {
5301
+ variant: "inline",
5302
+ align: "center",
5303
+ children: errorMessage
5069
5304
  }),
5070
5305
  canResend ? /* @__PURE__ */ jsxs12("div", {
5071
5306
  className: "moonkey-center-row",
@@ -5100,6 +5335,11 @@ var EmailOtpVerify = function EmailOtpVerify(param) {
5100
5335
  onComplete: function onComplete() {
5101
5336
  return setCanResend(true);
5102
5337
  }
5338
+ }, resendCooldownEpoch),
5339
+ resendError && /* @__PURE__ */ jsx18(ErrorBox, {
5340
+ variant: "inline",
5341
+ align: "center",
5342
+ children: resendError
5103
5343
  })
5104
5344
  ]
5105
5345
  })
@@ -5288,11 +5528,9 @@ var EmailOtpVerifyFlow = function EmailOtpVerifyFlow(param) {
5288
5528
  onComplete
5289
5529
  ]);
5290
5530
  if (currentStep === "verify") {
5291
- var _authConfig_config_emailConfig, _authConfig_config;
5292
5531
  return /* @__PURE__ */ jsx21(EmailOtpVerify, {
5293
5532
  config: authConfig,
5294
5533
  publishableKey: authConfig.publishableKey,
5295
- expiresIn: (_authConfig_config = authConfig.config) === null || _authConfig_config === void 0 ? void 0 : (_authConfig_config_emailConfig = _authConfig_config.emailConfig) === null || _authConfig_config_emailConfig === void 0 ? void 0 : _authConfig_config_emailConfig.expiresIn,
5296
5534
  emailOtpSendResponse: storedEmailOtpSendResponse,
5297
5535
  onSuccess: handleOtpVerifySuccess,
5298
5536
  onBackPress: onBackPress
@@ -5308,14 +5546,14 @@ var EmailOtpVerifyFlow = function EmailOtpVerifyFlow(param) {
5308
5546
  };
5309
5547
  // src/components/flows/export-key/export-key.tsx
5310
5548
  import { getIframeUrl as getIframeUrl2, PostMessageMethod as PostMessageMethod14, PostMessageType as PostMessageType15 } from "@moon-x/core/utils";
5549
+ import { flattenPresenceTokens as flattenPresenceTokens5, getInternalPresenceTokens as getInternalPresenceTokens5 } from "@moon-x/core/sdk";
5550
+ import { createWebAuthnPasskey as createWebAuthnPasskey6 } from "@moon-x/core/web";
5311
5551
  import { KeyRound as KeyRound2, ShieldOff, X } from "lucide-react";
5312
5552
  import { useEffect as useEffect11, useRef as useRef6, useState as useState15 } from "react";
5313
5553
  import { Fragment as Fragment4, jsx as jsx22, jsxs as jsxs15 } from "react/jsx-runtime";
5314
- var bytesToB64url2 = function bytesToB64url2(bytes) {
5315
- var bin = "";
5316
- for(var i = 0; i < bytes.byteLength; i++)bin += String.fromCharCode(bytes[i]);
5317
- return btoa(bin).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
5318
- };
5554
+ var EXPORT_KEY_SCOPES = [
5555
+ "keyshare_read"
5556
+ ];
5319
5557
  var ExportKey = function ExportKey(param) {
5320
5558
  var uiConfig = param.uiConfig, walletId = param.walletId, publishableKey = param.publishableKey, walletType = param.walletType, onCancel = param.onCancel, propsIsDark = param.isDark, propsAppConfig = param.appConfig, config = param.config;
5321
5559
  var _ref;
@@ -5429,7 +5667,7 @@ var ExportKey = function ExportKey(param) {
5429
5667
  }
5430
5668
  return themeVars;
5431
5669
  };
5432
- var getfinalIframeUrl = function getfinalIframeUrl(entropyType2, userHandleB64url, credentialIdB64url) {
5670
+ var getfinalIframeUrl = function getfinalIframeUrl(entropyType2, userHandleB64url, credentialIdB64url, keyshareReadToken) {
5433
5671
  var baseUrl = getIframeUrl2("/export-key");
5434
5672
  var url = new URL(baseUrl);
5435
5673
  url.searchParams.append("publishableKey", publishableKey);
@@ -5439,6 +5677,7 @@ var ExportKey = function ExportKey(param) {
5439
5677
  url.searchParams.append("displayMode", isDark ? "dark" : "light");
5440
5678
  url.searchParams.append("user_handle_b64url", userHandleB64url);
5441
5679
  url.searchParams.append("credential_id_b64url", credentialIdB64url);
5680
+ url.searchParams.append("keyshare_read_token", keyshareReadToken);
5442
5681
  var themeVars = buildThemeParams();
5443
5682
  if (Object.keys(themeVars).length > 0) {
5444
5683
  url.searchParams.append("theme", JSON.stringify(themeVars));
@@ -5492,20 +5731,12 @@ var ExportKey = function ExportKey(param) {
5492
5731
  };
5493
5732
  var handleReveal = function handleReveal() {
5494
5733
  return _async_to_generator(function() {
5495
- var client, _dekInfo_allow_credential_ids_b64url, dekInfo, challenge, credential, assertion, err, msg;
5734
+ var _dekInfo_allow_credential_ids_b64url, transport, dekInfo, allowList, _ref, userHandleB64url, credentialIdB64url, tokens, flat, err, msg;
5496
5735
  return _ts_generator(this, function(_state) {
5497
5736
  switch(_state.label){
5498
5737
  case 0:
5499
5738
  setRevealError(null);
5500
5739
  setIsRevealing(true);
5501
- client = getIframeClient(publishableKey);
5502
- if (!client) {
5503
- setRevealError("SDK not initialized");
5504
- setIsRevealing(false);
5505
- return [
5506
- 2
5507
- ];
5508
- }
5509
5740
  _state.label = 1;
5510
5741
  case 1:
5511
5742
  _state.trys.push([
@@ -5514,45 +5745,44 @@ var ExportKey = function ExportKey(param) {
5514
5745
  5,
5515
5746
  6
5516
5747
  ]);
5748
+ transport = getIframeTransport();
5517
5749
  return [
5518
5750
  4,
5519
- client.send(PostMessageType15.AUTH, PostMessageMethod14.GET_DEK_INFO, {
5751
+ transport.send(PostMessageType15.AUTH, PostMessageMethod14.GET_DEK_INFO, {
5520
5752
  publishableKey: publishableKey
5521
5753
  })
5522
5754
  ];
5523
5755
  case 2:
5524
5756
  dekInfo = _state.sent();
5525
- if (((_dekInfo_allow_credential_ids_b64url = dekInfo.allow_credential_ids_b64url) !== null && _dekInfo_allow_credential_ids_b64url !== void 0 ? _dekInfo_allow_credential_ids_b64url : []).length === 0) {
5526
- throw new Error("passkey_required");
5527
- }
5528
- if (!dekInfo.rp_id) {
5529
- throw new Error("webauthn_rp_id_not_configured");
5530
- }
5531
- challenge = crypto.getRandomValues(new Uint8Array(32));
5757
+ allowList = (_dekInfo_allow_credential_ids_b64url = dekInfo.allow_credential_ids_b64url) !== null && _dekInfo_allow_credential_ids_b64url !== void 0 ? _dekInfo_allow_credential_ids_b64url : [];
5532
5758
  return [
5533
5759
  4,
5534
- navigator.credentials.get({
5535
- publicKey: {
5536
- challenge: challenge,
5537
- rpId: dekInfo.rp_id,
5538
- userVerification: "preferred",
5539
- allowCredentials: []
5540
- }
5760
+ getInternalPresenceTokens5({
5761
+ transport: transport,
5762
+ passkey: createWebAuthnPasskey6(),
5763
+ publishableKey: publishableKey,
5764
+ relyingPartyOrigin: window.location.origin,
5765
+ scopes: EXPORT_KEY_SCOPES
5541
5766
  })
5542
5767
  ];
5543
5768
  case 3:
5544
- credential = _state.sent();
5545
- if (!credential) throw new Error("passkey_assertion_cancelled");
5546
- assertion = credential.response;
5547
- if (!assertion.userHandle) throw new Error("user_handle_missing");
5548
- setIframeUrl(getfinalIframeUrl("private_key", bytesToB64url2(new Uint8Array(assertion.userHandle)), bytesToB64url2(new Uint8Array(credential.rawId))));
5769
+ _ref = _state.sent(), userHandleB64url = _ref.userHandleB64url, credentialIdB64url = _ref.credentialIdB64url, tokens = _ref.tokens;
5770
+ if (!allowList.includes(credentialIdB64url)) {
5771
+ throw new Error("unknown_passkey_for_this_account");
5772
+ }
5773
+ flat = flattenPresenceTokens5({
5774
+ tokens: tokens,
5775
+ userHandleB64url: userHandleB64url,
5776
+ credentialIdB64url: credentialIdB64url
5777
+ });
5778
+ setIframeUrl(getfinalIframeUrl("private_key", userHandleB64url, credentialIdB64url, flat.keyshare_read));
5549
5779
  return [
5550
5780
  3,
5551
5781
  6
5552
5782
  ];
5553
5783
  case 4:
5554
5784
  err = _state.sent();
5555
- msg = _instanceof(err, Error) ? err.name === "NotAllowedError" ? "Passkey prompt was cancelled. Click Reveal Key to retry." : err.message === "passkey_required" ? "Enroll a passkey first." : err.message === "user_handle_missing" ? "Your authenticator didn't return a user handle. Pick a different passkey." : err.message : "Couldn't unlock the export.";
5785
+ msg = _instanceof(err, Error) ? err.name === "NotAllowedError" ? "Passkey prompt was cancelled. Click Reveal Key to retry." : err.message === "passkey_required" ? "Enroll a passkey first." : err.message === "user_handle_missing" ? "Your authenticator didn't return a user handle. Pick a different passkey." : err.message === "unknown_passkey_for_this_account" ? "That passkey isn't recognized for your account on this device. It may belong to a different account. Try again and pick one of your registered passkeys." : err.message : "Couldn't unlock the export.";
5556
5786
  setRevealError(msg);
5557
5787
  return [
5558
5788
  3,
@@ -7018,11 +7248,17 @@ var FundingFlow = function FundingFlow(param) {
7018
7248
  };
7019
7249
  // src/components/flows/import-wallet/import-wallet.tsx
7020
7250
  import { PostMessageMethod as PostMessageMethod15, PostMessageType as PostMessageType16 } from "@moon-x/core";
7251
+ import { flattenPresenceTokens as flattenPresenceTokens6, getInternalPresenceTokens as getInternalPresenceTokens6 } from "@moon-x/core/sdk";
7252
+ import { createWebAuthnPasskey as createWebAuthnPasskey7 } from "@moon-x/core/web";
7021
7253
  import { CheckCircle2 as CheckCircle23, X as X5 } from "lucide-react";
7022
7254
  import { useState as useState21 } from "react";
7023
7255
  import { jsx as jsx32, jsxs as jsxs24 } from "react/jsx-runtime";
7256
+ var IMPORT_KEY_SCOPES2 = [
7257
+ "dek_bootstrap",
7258
+ "keyshare_write"
7259
+ ];
7024
7260
  var ImportWallet = function ImportWallet(param) {
7025
- var publishableKey = param.publishableKey, walletType = param.walletType, uiConfig = param.uiConfig, userHandleB64url = param.userHandleB64url, credentialIdB64url = param.credentialIdB64url, onComplete = param.onComplete, onCancel = param.onCancel, propsIsDark = param.isDark, config = param.config;
7261
+ var publishableKey = param.publishableKey, walletType = param.walletType, uiConfig = param.uiConfig, onComplete = param.onComplete, onCancel = param.onCancel, propsIsDark = param.isDark, config = param.config;
7026
7262
  var _ref, _ref1, _ref2, _ref3, _ref4, _ref5;
7027
7263
  var _config_config, _config_config_appearance, _config_config1, _config_config_appearance1, _config_config2, _config_config3, _config_config4;
7028
7264
  var t = useTranslation().t;
@@ -7039,7 +7275,7 @@ var ImportWallet = function ImportWallet(param) {
7039
7275
  var successText = (_ref5 = uiConfig === null || uiConfig === void 0 ? void 0 : uiConfig.successText) !== null && _ref5 !== void 0 ? _ref5 : "Wallet imported";
7040
7276
  var handleSubmit = function handleSubmit() {
7041
7277
  return _async_to_generator(function() {
7042
- var trimmed, _ref, client, response, wallet, err, raw, friendly;
7278
+ var trimmed, _ref, client, _ref1, userHandleB64url, credentialIdB64url, tokens, presenceTokens, response, wallet, err, raw, friendly;
7043
7279
  return _ts_generator(this, function(_state) {
7044
7280
  switch(_state.label){
7045
7281
  case 0:
@@ -7056,9 +7292,9 @@ var ImportWallet = function ImportWallet(param) {
7056
7292
  case 1:
7057
7293
  _state.trys.push([
7058
7294
  1,
7059
- 3,
7060
7295
  4,
7061
- 5
7296
+ 5,
7297
+ 6
7062
7298
  ]);
7063
7299
  client = getIframeClient(publishableKey);
7064
7300
  if (!client) {
@@ -7067,19 +7303,35 @@ var ImportWallet = function ImportWallet(param) {
7067
7303
  2
7068
7304
  ];
7069
7305
  }
7306
+ return [
7307
+ 4,
7308
+ getInternalPresenceTokens6({
7309
+ transport: getIframeTransport(),
7310
+ passkey: createWebAuthnPasskey7(),
7311
+ publishableKey: publishableKey,
7312
+ relyingPartyOrigin: window.location.origin,
7313
+ scopes: IMPORT_KEY_SCOPES2
7314
+ })
7315
+ ];
7316
+ case 2:
7317
+ _ref1 = _state.sent(), userHandleB64url = _ref1.userHandleB64url, credentialIdB64url = _ref1.credentialIdB64url, tokens = _ref1.tokens;
7318
+ presenceTokens = flattenPresenceTokens6({
7319
+ tokens: tokens,
7320
+ userHandleB64url: userHandleB64url,
7321
+ credentialIdB64url: credentialIdB64url
7322
+ });
7070
7323
  return [
7071
7324
  4,
7072
7325
  client.send(PostMessageType16.WALLET, PostMessageMethod15.IMPORT_KEY, {
7073
7326
  walletType: walletType,
7074
7327
  key: trimmed,
7075
7328
  publishableKey: publishableKey,
7076
- // Parent-asserted passkey userHandle — see ImportWalletProps
7077
- // for context.
7078
7329
  userHandleB64url: userHandleB64url,
7079
- credentialIdB64url: credentialIdB64url
7330
+ credentialIdB64url: credentialIdB64url,
7331
+ presenceTokens: presenceTokens
7080
7332
  })
7081
7333
  ];
7082
- case 2:
7334
+ case 3:
7083
7335
  response = _state.sent();
7084
7336
  wallet = (_ref = response === null || response === void 0 ? void 0 : response.data) !== null && _ref !== void 0 ? _ref : response;
7085
7337
  if (!wallet || !wallet.public_address) {
@@ -7093,23 +7345,23 @@ var ImportWallet = function ImportWallet(param) {
7093
7345
  onComplete(wallet);
7094
7346
  return [
7095
7347
  3,
7096
- 5
7348
+ 6
7097
7349
  ];
7098
- case 3:
7350
+ case 4:
7099
7351
  err = _state.sent();
7100
7352
  raw = _instanceof(err, Error) ? err.message : String(err);
7101
7353
  friendly = raw === "passkey_required" ? "A passkey is required before importing a wallet. Register one first." : raw;
7102
7354
  setErrorMessage(friendly);
7103
7355
  return [
7104
7356
  3,
7105
- 5
7357
+ 6
7106
7358
  ];
7107
- case 4:
7359
+ case 5:
7108
7360
  setSubmitting(false);
7109
7361
  return [
7110
7362
  7
7111
7363
  ];
7112
- case 5:
7364
+ case 6:
7113
7365
  return [
7114
7366
  2
7115
7367
  ];
@@ -12153,7 +12405,7 @@ var TermsAndPrivacy = function TermsAndPrivacy(param) {
12153
12405
  import { jsx as jsx51, jsxs as jsxs41 } from "react/jsx-runtime";
12154
12406
  var LoginLanding = function LoginLanding(param) {
12155
12407
  var config = param.config, onCancel = param.onCancel, onMethodSelect = param.onMethodSelect, _param_embedded = param.embedded, embedded = _param_embedded === void 0 ? false : _param_embedded, _param_hideClose = param.hideClose, hideClose = _param_hideClose === void 0 ? false : _param_hideClose, propsIsDark = param.isDark, propsAppConfig = param.appConfig;
12156
- var _config_config, _config_config_appearance, _config_config1, _config_config_appearance1, _config_config2, _config_config3, _config_config4, _appConfig_privacy_policy_url, _appConfig_terms_of_service_url, _config_config5, _config_config6, _config_config_appearance_loginHeaderTitle, _config_config_appearance2, _config_config7, _config_config_appearance3, _config_config8, _config_config_appearance4, _config_config9, _config_config_appearance5, _config_config10, _config_config_emailConfig, _config_config11, _config_config_prefill, _config_config12, _config_config_prefill1, _config_config13;
12408
+ var _config_config, _config_config_appearance, _config_config1, _config_config_appearance1, _config_config2, _config_config3, _config_config4, _appConfig_privacy_policy_url, _appConfig_terms_of_service_url, _config_config5, _config_config6, _config_config_appearance_loginHeaderTitle, _config_config_appearance2, _config_config7, _config_config_appearance3, _config_config8, _config_config_appearance4, _config_config9, _config_config_appearance5, _config_config10, _config_config_prefill, _config_config11, _config_config_prefill1, _config_config12;
12157
12409
  var _useAppConfig = useAppConfig(propsAppConfig ? void 0 : config === null || config === void 0 ? void 0 : config.publishableKey), fetchedAppConfig = _useAppConfig.appConfig;
12158
12410
  var appConfig = propsAppConfig || fetchedAppConfig;
12159
12411
  var t = useTranslation().t;
@@ -12194,20 +12446,23 @@ var LoginLanding = function LoginLanding(param) {
12194
12446
  }
12195
12447
  };
12196
12448
  var _React16_useState = _sliced_to_array(React16.useState(false), 2), acceptedTerms = _React16_useState[0], setAcceptedTerms = _React16_useState[1];
12449
+ var _React16_useState1 = _sliced_to_array(React16.useState(null), 2), loginError = _React16_useState1[0], setLoginError = _React16_useState1[1];
12197
12450
  var hasAnyTermsUrl = !!(appConfig === null || appConfig === void 0 ? void 0 : (_appConfig_privacy_policy_url = appConfig.privacy_policy_url) === null || _appConfig_privacy_policy_url === void 0 ? void 0 : _appConfig_privacy_policy_url.startsWith("https://")) || !!(appConfig === null || appConfig === void 0 ? void 0 : (_appConfig_terms_of_service_url = appConfig.terms_of_service_url) === null || _appConfig_terms_of_service_url === void 0 ? void 0 : _appConfig_terms_of_service_url.startsWith("https://"));
12198
12451
  var requireTerms = (appConfig === null || appConfig === void 0 ? void 0 : appConfig.require_users_accept_terms) === true && hasAnyTermsUrl;
12199
12452
  var loginGated = requireTerms && !acceptedTerms;
12200
12453
  var handleSocialLogin = function handleSocialLogin(provider) {
12201
12454
  return _async_to_generator(function() {
12202
- var client, data, redirectUrl, url, popup, handleMessage, error;
12455
+ var client, data, redirectUrl, url, popup, handleMessage, error, message;
12203
12456
  return _ts_generator(this, function(_state) {
12204
12457
  switch(_state.label){
12205
12458
  case 0:
12206
12459
  if (loginGated) return [
12207
12460
  2
12208
12461
  ];
12462
+ setLoginError(null);
12209
12463
  client = getIframeClient(config === null || config === void 0 ? void 0 : config.publishableKey);
12210
12464
  if (!client) {
12465
+ setLoginError("Sign-in is not ready yet \u2014 please reload the page and try again.");
12211
12466
  return [
12212
12467
  2
12213
12468
  ];
@@ -12240,7 +12495,7 @@ var LoginLanding = function LoginLanding(param) {
12240
12495
  }
12241
12496
  popup = window.open(redirectUrl, "_self");
12242
12497
  if (!popup) {
12243
- console.error("Popup blocked");
12498
+ setLoginError("Your browser blocked the sign-in window. Please allow popups for this site and try again.");
12244
12499
  return [
12245
12500
  2
12246
12501
  ];
@@ -12262,6 +12517,8 @@ var LoginLanding = function LoginLanding(param) {
12262
12517
  case 3:
12263
12518
  error = _state.sent();
12264
12519
  console.error("OAuth failed:", error);
12520
+ message = _instanceof(error, Error) ? error.message : "Sign-in failed. Please try again.";
12521
+ setLoginError(message);
12265
12522
  return [
12266
12523
  3,
12267
12524
  4
@@ -12336,15 +12593,15 @@ var LoginLanding = function LoginLanding(param) {
12336
12593
  children: [
12337
12594
  showEmail && /* @__PURE__ */ jsx51(EmailOtpInput, {
12338
12595
  publishableKey: (config === null || config === void 0 ? void 0 : config.publishableKey) || "",
12339
- expiresIn: config === null || config === void 0 ? void 0 : (_config_config11 = config.config) === null || _config_config11 === void 0 ? void 0 : (_config_config_emailConfig = _config_config11.emailConfig) === null || _config_config_emailConfig === void 0 ? void 0 : _config_config_emailConfig.expiresIn,
12340
- prefillEmail: (config === null || config === void 0 ? void 0 : (_config_config12 = config.config) === null || _config_config12 === void 0 ? void 0 : (_config_config_prefill = _config_config12.prefill) === null || _config_config_prefill === void 0 ? void 0 : _config_config_prefill.type) === "email" ? config === null || config === void 0 ? void 0 : (_config_config13 = config.config) === null || _config_config13 === void 0 ? void 0 : (_config_config_prefill1 = _config_config13.prefill) === null || _config_config_prefill1 === void 0 ? void 0 : _config_config_prefill1.value : void 0,
12341
- onSuccess: function onSuccess(email) {
12596
+ prefillEmail: (config === null || config === void 0 ? void 0 : (_config_config11 = config.config) === null || _config_config11 === void 0 ? void 0 : (_config_config_prefill = _config_config11.prefill) === null || _config_config_prefill === void 0 ? void 0 : _config_config_prefill.type) === "email" ? config === null || config === void 0 ? void 0 : (_config_config12 = config.config) === null || _config_config12 === void 0 ? void 0 : (_config_config_prefill1 = _config_config12.prefill) === null || _config_config_prefill1 === void 0 ? void 0 : _config_config_prefill1.value : void 0,
12597
+ onSuccess: function onSuccess(response) {
12342
12598
  if (loginGated) return;
12343
- onMethodSelect === null || onMethodSelect === void 0 ? void 0 : onMethodSelect("email", {
12344
- email: email
12345
- });
12599
+ setLoginError(null);
12600
+ onMethodSelect === null || onMethodSelect === void 0 ? void 0 : onMethodSelect("email", response);
12346
12601
  },
12347
- onError: function onError() {}
12602
+ onError: function onError(err) {
12603
+ return setLoginError(err.message);
12604
+ }
12348
12605
  }),
12349
12606
  /* @__PURE__ */ jsxs41("div", {
12350
12607
  className: "moonkey-social-buttons moonkey-flex-col",
@@ -12370,6 +12627,11 @@ var LoginLanding = function LoginLanding(param) {
12370
12627
  })
12371
12628
  ]
12372
12629
  }),
12630
+ loginError && /* @__PURE__ */ jsx51(ErrorBox, {
12631
+ variant: "inline",
12632
+ align: "center",
12633
+ children: loginError
12634
+ }),
12373
12635
  /* @__PURE__ */ jsx51(TermsAndPrivacy, {
12374
12636
  appConfig: appConfig,
12375
12637
  accepted: acceptedTerms,
@@ -13658,7 +13920,7 @@ var SendEthereumTransactionFlow = function SendEthereumTransactionFlow(param) {
13658
13920
  };
13659
13921
  var handleSend = function handleSend() {
13660
13922
  return _async_to_generator(function() {
13661
- var _options_uiOptions, client, _ref, userHandleB64url, credentialIdB64url, signed, broadcastResponse, broadcast, hash, parentClient, error;
13923
+ var _options_uiOptions, client, _ref, userHandleB64url, credentialIdB64url, presenceTokens, signed, broadcastResponse, broadcast, hash, parentClient, error;
13662
13924
  return _ts_generator(this, function(_state) {
13663
13925
  switch(_state.label){
13664
13926
  case 0:
@@ -13681,7 +13943,7 @@ var SendEthereumTransactionFlow = function SendEthereumTransactionFlow(param) {
13681
13943
  onAssertPasskey()
13682
13944
  ];
13683
13945
  case 1:
13684
- _ref = _state.sent(), userHandleB64url = _ref.userHandleB64url, credentialIdB64url = _ref.credentialIdB64url;
13946
+ _ref = _state.sent(), userHandleB64url = _ref.userHandleB64url, credentialIdB64url = _ref.credentialIdB64url, presenceTokens = _ref.presenceTokens;
13685
13947
  return [
13686
13948
  4,
13687
13949
  client.send(PostMessageType22.WALLET, PostMessageMethod21.SIGN_TRANSACTION, {
@@ -13690,7 +13952,8 @@ var SendEthereumTransactionFlow = function SendEthereumTransactionFlow(param) {
13690
13952
  wallet: wallet,
13691
13953
  options: options,
13692
13954
  userHandleB64url: userHandleB64url,
13693
- credentialIdB64url: credentialIdB64url
13955
+ credentialIdB64url: credentialIdB64url,
13956
+ presenceTokens: presenceTokens
13694
13957
  })
13695
13958
  ];
13696
13959
  case 2:
@@ -14643,7 +14906,7 @@ var SendTransactionFlow = function SendTransactionFlow(param) {
14643
14906
  };
14644
14907
  var handleSign = function handleSign() {
14645
14908
  return _async_to_generator(function() {
14646
- var _options_uiOptions, client, _ref, userHandleB64url, credentialIdB64url, signed, bs58, transactionBytes, base64Transaction, broadcastResponse, broadcast, parentClient, error;
14909
+ var _options_uiOptions, client, _ref, userHandleB64url, credentialIdB64url, presenceTokens, signed, bs58, transactionBytes, base64Transaction, broadcastResponse, broadcast, parentClient, error;
14647
14910
  return _ts_generator(this, function(_state) {
14648
14911
  switch(_state.label){
14649
14912
  case 0:
@@ -14664,7 +14927,7 @@ var SendTransactionFlow = function SendTransactionFlow(param) {
14664
14927
  onAssertPasskey()
14665
14928
  ];
14666
14929
  case 1:
14667
- _ref = _state.sent(), userHandleB64url = _ref.userHandleB64url, credentialIdB64url = _ref.credentialIdB64url;
14930
+ _ref = _state.sent(), userHandleB64url = _ref.userHandleB64url, credentialIdB64url = _ref.credentialIdB64url, presenceTokens = _ref.presenceTokens;
14668
14931
  return [
14669
14932
  4,
14670
14933
  client.send(PostMessageType24.WALLET, PostMessageMethod23.SIGN_TRANSACTION, {
@@ -14672,7 +14935,8 @@ var SendTransactionFlow = function SendTransactionFlow(param) {
14672
14935
  serializedTransaction: sendTransactionRequest.transaction,
14673
14936
  wallet: wallet,
14674
14937
  userHandleB64url: userHandleB64url,
14675
- credentialIdB64url: credentialIdB64url
14938
+ credentialIdB64url: credentialIdB64url,
14939
+ presenceTokens: presenceTokens
14676
14940
  })
14677
14941
  ];
14678
14942
  case 2:
@@ -14920,7 +15184,7 @@ var Sign7702Authorization = function Sign7702Authorization(param) {
14920
15184
  };
14921
15185
  var handleSign = function handleSign() {
14922
15186
  return _async_to_generator(function() {
14923
- var _options_uiOptions, client, _ref, userHandleB64url, credentialIdB64url, result, parentClient, error;
15187
+ var _options_uiOptions, client, _ref, userHandleB64url, credentialIdB64url, presenceTokens, result, parentClient, error;
14924
15188
  return _ts_generator(this, function(_state) {
14925
15189
  switch(_state.label){
14926
15190
  case 0:
@@ -14946,7 +15210,7 @@ var Sign7702Authorization = function Sign7702Authorization(param) {
14946
15210
  onAssertPasskey()
14947
15211
  ];
14948
15212
  case 2:
14949
- _ref = _state.sent(), userHandleB64url = _ref.userHandleB64url, credentialIdB64url = _ref.credentialIdB64url;
15213
+ _ref = _state.sent(), userHandleB64url = _ref.userHandleB64url, credentialIdB64url = _ref.credentialIdB64url, presenceTokens = _ref.presenceTokens;
14950
15214
  return [
14951
15215
  4,
14952
15216
  client.send(PostMessageType25.WALLET, PostMessageMethod24.SIGN_7702_AUTHORIZATION, {
@@ -14958,7 +15222,8 @@ var Sign7702Authorization = function Sign7702Authorization(param) {
14958
15222
  options: options,
14959
15223
  wallet: wallet,
14960
15224
  userHandleB64url: userHandleB64url,
14961
- credentialIdB64url: credentialIdB64url
15225
+ credentialIdB64url: credentialIdB64url,
15226
+ presenceTokens: presenceTokens
14962
15227
  })
14963
15228
  ];
14964
15229
  case 3:
@@ -15275,7 +15540,7 @@ var SignMessage = function SignMessage(param) {
15275
15540
  };
15276
15541
  var handleSign = function handleSign() {
15277
15542
  return _async_to_generator(function() {
15278
- var client, _ref, userHandleB64url, credentialIdB64url, result, processedResponse, parentClient, error;
15543
+ var client, _ref, userHandleB64url, credentialIdB64url, presenceTokens, result, processedResponse, parentClient, error;
15279
15544
  return _ts_generator(this, function(_state) {
15280
15545
  switch(_state.label){
15281
15546
  case 0:
@@ -15301,7 +15566,7 @@ var SignMessage = function SignMessage(param) {
15301
15566
  onAssertPasskey()
15302
15567
  ];
15303
15568
  case 2:
15304
- _ref = _state.sent(), userHandleB64url = _ref.userHandleB64url, credentialIdB64url = _ref.credentialIdB64url;
15569
+ _ref = _state.sent(), userHandleB64url = _ref.userHandleB64url, credentialIdB64url = _ref.credentialIdB64url, presenceTokens = _ref.presenceTokens;
15305
15570
  return [
15306
15571
  4,
15307
15572
  client.send(PostMessageType26.WALLET, PostMessageMethod25.SIGN_MESSAGE, {
@@ -15310,7 +15575,8 @@ var SignMessage = function SignMessage(param) {
15310
15575
  uiOptions: uiOptions,
15311
15576
  wallet: wallet,
15312
15577
  userHandleB64url: userHandleB64url,
15313
- credentialIdB64url: credentialIdB64url
15578
+ credentialIdB64url: credentialIdB64url,
15579
+ presenceTokens: presenceTokens
15314
15580
  })
15315
15581
  ];
15316
15582
  case 3:
@@ -15602,7 +15868,7 @@ var SignTransaction = function SignTransaction(param) {
15602
15868
  };
15603
15869
  var handleSign = function handleSign() {
15604
15870
  return _async_to_generator(function() {
15605
- var _options_uiOptions, client, _ref, userHandleB64url, credentialIdB64url, result, parentClient, error;
15871
+ var _options_uiOptions, client, _ref, userHandleB64url, credentialIdB64url, presenceTokens, result, parentClient, error;
15606
15872
  return _ts_generator(this, function(_state) {
15607
15873
  switch(_state.label){
15608
15874
  case 0:
@@ -15628,7 +15894,7 @@ var SignTransaction = function SignTransaction(param) {
15628
15894
  onAssertPasskey()
15629
15895
  ];
15630
15896
  case 2:
15631
- _ref = _state.sent(), userHandleB64url = _ref.userHandleB64url, credentialIdB64url = _ref.credentialIdB64url;
15897
+ _ref = _state.sent(), userHandleB64url = _ref.userHandleB64url, credentialIdB64url = _ref.credentialIdB64url, presenceTokens = _ref.presenceTokens;
15632
15898
  return [
15633
15899
  4,
15634
15900
  client.send(PostMessageType27.WALLET, PostMessageMethod26.SIGN_TRANSACTION, {
@@ -15639,7 +15905,8 @@ var SignTransaction = function SignTransaction(param) {
15639
15905
  // Parent-asserted passkey userHandle — see sign-message.tsx
15640
15906
  // for context.
15641
15907
  userHandleB64url: userHandleB64url,
15642
- credentialIdB64url: credentialIdB64url
15908
+ credentialIdB64url: credentialIdB64url,
15909
+ presenceTokens: presenceTokens
15643
15910
  })
15644
15911
  ];
15645
15912
  case 3:
@@ -15943,7 +16210,7 @@ var SignTypedData = function SignTypedData(param) {
15943
16210
  };
15944
16211
  var handleSign = function handleSign() {
15945
16212
  return _async_to_generator(function() {
15946
- var _options_uiOptions, client, _ref, userHandleB64url, credentialIdB64url, result, parentClient, error;
16213
+ var _options_uiOptions, client, _ref, userHandleB64url, credentialIdB64url, presenceTokens, result, parentClient, error;
15947
16214
  return _ts_generator(this, function(_state) {
15948
16215
  switch(_state.label){
15949
16216
  case 0:
@@ -15969,7 +16236,7 @@ var SignTypedData = function SignTypedData(param) {
15969
16236
  onAssertPasskey()
15970
16237
  ];
15971
16238
  case 2:
15972
- _ref = _state.sent(), userHandleB64url = _ref.userHandleB64url, credentialIdB64url = _ref.credentialIdB64url;
16239
+ _ref = _state.sent(), userHandleB64url = _ref.userHandleB64url, credentialIdB64url = _ref.credentialIdB64url, presenceTokens = _ref.presenceTokens;
15973
16240
  return [
15974
16241
  4,
15975
16242
  client.send(PostMessageType28.WALLET, PostMessageMethod27.SIGN_TYPED_DATA, {
@@ -15981,7 +16248,8 @@ var SignTypedData = function SignTypedData(param) {
15981
16248
  options: options,
15982
16249
  wallet: wallet,
15983
16250
  userHandleB64url: userHandleB64url,
15984
- credentialIdB64url: credentialIdB64url
16251
+ credentialIdB64url: credentialIdB64url,
16252
+ presenceTokens: presenceTokens
15985
16253
  })
15986
16254
  ];
15987
16255
  case 3:
@@ -17117,8 +17385,6 @@ var AuthFlowRenderer = function AuthFlowRenderer(param) {
17117
17385
  return /* @__PURE__ */ jsx71(ImportWallet, {
17118
17386
  publishableKey: authConfig.publishableKey,
17119
17387
  walletType: walletType1,
17120
- userHandleB64url: flowData === null || flowData === void 0 ? void 0 : flowData.userHandleB64url,
17121
- credentialIdB64url: flowData === null || flowData === void 0 ? void 0 : flowData.credentialIdB64url,
17122
17388
  onComplete: function onComplete(wallet) {
17123
17389
  var _sdkInstance_getCurrentSuccessCallback;
17124
17390
  var successCallback = sdkInstance === null || sdkInstance === void 0 ? void 0 : (_sdkInstance_getCurrentSuccessCallback = sdkInstance.getCurrentSuccessCallback) === null || _sdkInstance_getCurrentSuccessCallback === void 0 ? void 0 : _sdkInstance_getCurrentSuccessCallback.call(sdkInstance);
@@ -17227,12 +17493,17 @@ var AuthProvider = function AuthProvider(param) {
17227
17493
  }), 2), flowState = _useState515[0], setFlowState = _useState515[1];
17228
17494
  var _useState516 = _sliced_to_array(useState51(false), 2), isAuthenticated = _useState516[0], setIsAuthenticated = _useState516[1];
17229
17495
  var _useState517 = _sliced_to_array(useState51(null), 2), user = _useState517[0], setUser = _useState517[1];
17230
- var _useState518 = _sliced_to_array(useState51("landing"), 2), currentFlow = _useState518[0], setCurrentFlow = _useState518[1];
17231
- var _useState519 = _sliced_to_array(useState51(null), 2), flowData = _useState519[0], setFlowData = _useState519[1];
17232
- var _useState5110 = _sliced_to_array(useState51(null), 2), appConfig = _useState5110[0], setAppConfig = _useState5110[1];
17233
- var _useState5111 = _sliced_to_array(useState51(true), 2), isLoadingConfig = _useState5111[0], setIsLoadingConfig = _useState5111[1];
17234
- var _useState5112 = _sliced_to_array(useState51(false), 2), isIframeReady = _useState5112[0], setIsIframeReady = _useState5112[1];
17235
- var _useState5113 = _sliced_to_array(useState51(config === null || config === void 0 ? void 0 : config.appearance), 2), appearance = _useState5113[0], setAppearance = _useState5113[1];
17496
+ var _useState518 = _sliced_to_array(useState51(0), 2), revalidatedAt = _useState518[0], setRevalidatedAt = _useState518[1];
17497
+ var _useState519 = _sliced_to_array(useState51("landing"), 2), currentFlow = _useState519[0], setCurrentFlow = _useState519[1];
17498
+ var _useState5110 = _sliced_to_array(useState51(null), 2), flowData = _useState5110[0], setFlowData = _useState5110[1];
17499
+ var _useState5111 = _sliced_to_array(useState51(null), 2), appConfig = _useState5111[0], setAppConfig = _useState5111[1];
17500
+ var _useState5112 = _sliced_to_array(useState51(true), 2), isLoadingConfig = _useState5112[0], setIsLoadingConfig = _useState5112[1];
17501
+ var _useState5113 = _sliced_to_array(useState51(false), 2), isIframeReady = _useState5113[0], setIsIframeReady = _useState5113[1];
17502
+ var _useState5114 = _sliced_to_array(useState51(function() {
17503
+ if (typeof window === "undefined") return false;
17504
+ return new URLSearchParams(window.location.search).has("token");
17505
+ }), 1), hasOAuthCallbackToken = _useState5114[0];
17506
+ var _useState5115 = _sliced_to_array(useState51(config === null || config === void 0 ? void 0 : config.appearance), 2), appearance = _useState5115[0], setAppearance = _useState5115[1];
17236
17507
  var authCheckCacheRef = useRef18(null);
17237
17508
  var AUTH_CACHE_TTL = 5e3;
17238
17509
  var initialAuthCheckDone = useRef18(false);
@@ -17535,6 +17806,7 @@ var AuthProvider = function AuthProvider(param) {
17535
17806
  ]);
17536
17807
  var handleAuthSuccess = useCallback11(function(response) {
17537
17808
  setIsAuthenticatedWithRef(true);
17809
+ setIsReady(true);
17538
17810
  var rawUserData = (response === null || response === void 0 ? void 0 : response.data) || response;
17539
17811
  if ((rawUserData === null || rawUserData === void 0 ? void 0 : rawUserData.id_token) || (rawUserData === null || rawUserData === void 0 ? void 0 : rawUserData.idToken)) {
17540
17812
  var idToken = rawUserData.id_token || rawUserData.idToken;
@@ -17565,6 +17837,7 @@ var AuthProvider = function AuthProvider(param) {
17565
17837
  var handleOAuthError = useCallback11(function(error) {
17566
17838
  setStartFlow(false);
17567
17839
  setFlowData(null);
17840
+ setIsReady(true);
17568
17841
  if (errorCallback) {
17569
17842
  errorCallback(error);
17570
17843
  }
@@ -17573,7 +17846,7 @@ var AuthProvider = function AuthProvider(param) {
17573
17846
  ]);
17574
17847
  useOAuthCallbackDetection({
17575
17848
  isMounted: isMounted,
17576
- isReady: isReady,
17849
+ isIframeReady: isIframeReady,
17577
17850
  publishableKey: publishableKey,
17578
17851
  iframeRef: iframeRef,
17579
17852
  onOAuthSuccess: handleOAuthSuccess,
@@ -17613,6 +17886,10 @@ var AuthProvider = function AuthProvider(param) {
17613
17886
  var _iframeRef_current;
17614
17887
  if (!isIframeReady || !isMounted || !((_iframeRef_current = iframeRef.current) === null || _iframeRef_current === void 0 ? void 0 : _iframeRef_current.contentWindow)) return;
17615
17888
  if (initialAuthCheckDone.current) return;
17889
+ if (hasOAuthCallbackToken) {
17890
+ initialAuthCheckDone.current = true;
17891
+ return;
17892
+ }
17616
17893
  var checkAuthStatus = function checkAuthStatus() {
17617
17894
  return _async_to_generator(function() {
17618
17895
  var iframeOrigin, client, response, isAuth, userData, rawUserData, error;
@@ -17691,7 +17968,8 @@ var AuthProvider = function AuthProvider(param) {
17691
17968
  isIframeReady,
17692
17969
  isMounted,
17693
17970
  publishableKey,
17694
- setIsAuthenticatedWithRef
17971
+ setIsAuthenticatedWithRef,
17972
+ hasOAuthCallbackToken
17695
17973
  ]);
17696
17974
  var prevStartFlowRef = useRef18(startFlow);
17697
17975
  useEffect34(function() {
@@ -17705,6 +17983,38 @@ var AuthProvider = function AuthProvider(param) {
17705
17983
  startFlow,
17706
17984
  recheckAuthStatus
17707
17985
  ]);
17986
+ var recheckAuthStatusRef = useRef18(recheckAuthStatus);
17987
+ useEffect34(function() {
17988
+ recheckAuthStatusRef.current = recheckAuthStatus;
17989
+ }, [
17990
+ recheckAuthStatus
17991
+ ]);
17992
+ useEffect34(function() {
17993
+ if (typeof window === "undefined" || typeof document === "undefined") {
17994
+ return;
17995
+ }
17996
+ var trigger = function trigger() {
17997
+ setRevalidatedAt(Date.now());
17998
+ recheckAuthStatusRef.current(true);
17999
+ };
18000
+ var onVisibilityChange = function onVisibilityChange() {
18001
+ if (document.visibilityState === "visible") trigger();
18002
+ };
18003
+ var onPageShow = function onPageShow() {
18004
+ return trigger();
18005
+ };
18006
+ var onPopState = function onPopState() {
18007
+ return trigger();
18008
+ };
18009
+ document.addEventListener("visibilitychange", onVisibilityChange);
18010
+ window.addEventListener("pageshow", onPageShow);
18011
+ window.addEventListener("popstate", onPopState);
18012
+ return function() {
18013
+ document.removeEventListener("visibilitychange", onVisibilityChange);
18014
+ window.removeEventListener("pageshow", onPageShow);
18015
+ window.removeEventListener("popstate", onPopState);
18016
+ };
18017
+ }, []);
17708
18018
  var onError = useCallback11(function(callback) {
17709
18019
  if (!isMounted) {
17710
18020
  return;
@@ -17885,6 +18195,7 @@ var AuthProvider = function AuthProvider(param) {
17885
18195
  sdkInstanceRef.current.isAuthenticated = isAuthenticated;
17886
18196
  sdkInstanceRef.current.user = user;
17887
18197
  sdkInstanceRef.current.refreshUser = refreshUser;
18198
+ sdkInstanceRef.current.revalidatedAt = revalidatedAt;
17888
18199
  return sdkInstanceRef.current;
17889
18200
  }, [
17890
18201
  isMounted,
@@ -17895,7 +18206,8 @@ var AuthProvider = function AuthProvider(param) {
17895
18206
  isAuthenticated,
17896
18207
  user,
17897
18208
  setIsAuthenticatedWithRef,
17898
- refreshUser
18209
+ refreshUser,
18210
+ revalidatedAt
17899
18211
  ]);
17900
18212
  var iframeStyles = getIframeStyles(hideIframe, embeddableId);
17901
18213
  useCloseIframe(function() {
@@ -17984,7 +18296,7 @@ import { jsx as jsx73 } from "react/jsx-runtime";
17984
18296
  import { useContext as useContext4 } from "react";
17985
18297
  // src/provider.tsx
17986
18298
  import { createContext, useContext as useContext5, useEffect as useEffect36, useMemo as useMemo5, useRef as useRef19, useState as useState52 } from "react";
17987
- import { setAssertCacheTtlMs, validateChainConfig } from "@moon-x/core/lib";
18299
+ import { validateChainConfig } from "@moon-x/core/lib";
17988
18300
  // src/wallets/walletconnect-client.ts
17989
18301
  var setWalletConnectClient = function setWalletConnectClient(client) {
17990
18302
  if (typeof window !== "undefined") {
@@ -18000,15 +18312,13 @@ var WalletConnectContext = createContext({
18000
18312
  var MoonKeyContext = createContext(null);
18001
18313
  var MoonKeyProvider = function MoonKeyProvider(param) {
18002
18314
  var publishableKey = param.publishableKey, embeddableId = param.embeddableId, config = param.config, children = param.children;
18003
- var _ref;
18004
- var _config_security, _config_walletConnect, _config_emailConfig, _config_emailConfig1, _config_emailConfig2, _config_emailConfig3, _config_emailConfig4, _config_emailConfig5;
18315
+ var _config_walletConnect, _config_emailConfig, _config_emailConfig1, _config_emailConfig2, _config_emailConfig3, _config_emailConfig4;
18005
18316
  if ((config === null || config === void 0 ? void 0 : config.defaultChain) || (config === null || config === void 0 ? void 0 : config.supportedChains)) {
18006
18317
  validateChainConfig({
18007
18318
  defaultChain: config.defaultChain,
18008
18319
  supportedChains: config.supportedChains
18009
18320
  });
18010
18321
  }
18011
- setAssertCacheTtlMs((_ref = config === null || config === void 0 ? void 0 : (_config_security = config.security) === null || _config_security === void 0 ? void 0 : _config_security.assertionCacheTtlMs) !== null && _ref !== void 0 ? _ref : 0);
18012
18322
  var _useState52 = _sliced_to_array(useState52(null), 2), walletConnectClient = _useState52[0], setWalletConnectClient2 = _useState52[1];
18013
18323
  var _useState521 = _sliced_to_array(useState52(false), 2), isInitializing = _useState521[0], setIsInitializing = _useState521[1];
18014
18324
  var initializationAttempted = useRef19(false);
@@ -18105,11 +18415,10 @@ var MoonKeyProvider = function MoonKeyProvider(param) {
18105
18415
  theme: config === null || config === void 0 ? void 0 : config.theme,
18106
18416
  emailConfig: {
18107
18417
  skipVerifiedSuccess: (config === null || config === void 0 ? void 0 : (_config_emailConfig = config.emailConfig) === null || _config_emailConfig === void 0 ? void 0 : _config_emailConfig.skipVerifiedSuccess) || false,
18108
- expiresIn: (config === null || config === void 0 ? void 0 : (_config_emailConfig1 = config.emailConfig) === null || _config_emailConfig1 === void 0 ? void 0 : _config_emailConfig1.expiresIn) || 10,
18109
- verifiedDisplayTime: (config === null || config === void 0 ? void 0 : (_config_emailConfig2 = config.emailConfig) === null || _config_emailConfig2 === void 0 ? void 0 : _config_emailConfig2.verifiedDisplayTime) || 3e3,
18110
- verifyEmailTitle: (config === null || config === void 0 ? void 0 : (_config_emailConfig3 = config.emailConfig) === null || _config_emailConfig3 === void 0 ? void 0 : _config_emailConfig3.verifyEmailTitle) || "Verify email",
18111
- verifyEmailResendTitle: (config === null || config === void 0 ? void 0 : (_config_emailConfig4 = config.emailConfig) === null || _config_emailConfig4 === void 0 ? void 0 : _config_emailConfig4.verifyEmailResendTitle) || "Resend code",
18112
- resendCodeTime: (config === null || config === void 0 ? void 0 : (_config_emailConfig5 = config.emailConfig) === null || _config_emailConfig5 === void 0 ? void 0 : _config_emailConfig5.resendCodeTime) || 60
18418
+ verifiedDisplayTime: (config === null || config === void 0 ? void 0 : (_config_emailConfig1 = config.emailConfig) === null || _config_emailConfig1 === void 0 ? void 0 : _config_emailConfig1.verifiedDisplayTime) || 3e3,
18419
+ verifyEmailTitle: (config === null || config === void 0 ? void 0 : (_config_emailConfig2 = config.emailConfig) === null || _config_emailConfig2 === void 0 ? void 0 : _config_emailConfig2.verifyEmailTitle) || "Verify email",
18420
+ verifyEmailResendTitle: (config === null || config === void 0 ? void 0 : (_config_emailConfig3 = config.emailConfig) === null || _config_emailConfig3 === void 0 ? void 0 : _config_emailConfig3.verifyEmailResendTitle) || "Resend code",
18421
+ resendCodeTime: (config === null || config === void 0 ? void 0 : (_config_emailConfig4 = config.emailConfig) === null || _config_emailConfig4 === void 0 ? void 0 : _config_emailConfig4.resendCodeTime) || 60
18113
18422
  },
18114
18423
  passkeyEnrollConfig: config === null || config === void 0 ? void 0 : config.passkeyEnrollConfig,
18115
18424
  signMessageConfig: config === null || config === void 0 ? void 0 : config.signMessageConfig,