@mysten/sui 1.22.0 → 1.23.0

package/CHANGELOG.md

@@ -1,5 +1,15 @@
 # @mysten/sui.js
 
+## 1.23.0
+
+### Minor Changes
+
+- 8baac61: remove jose dependency
+
+### Patch Changes
+
+- 8baac61: Add check for malformed google iss in toZkLoginPublicIdentifier
+
 ## 1.22.0
 
 ### Minor Changes

package/dist/cjs/version.d.ts

@@ -1,2 +1,2 @@
-export declare const PACKAGE_VERSION = "1.22.0";
+export declare const PACKAGE_VERSION = "1.23.0";
 export declare const TARGETED_RPC_VERSION = "1.45.0";

package/dist/cjs/version.js

@@ -22,6 +22,6 @@ __export(version_exports, {
   TARGETED_RPC_VERSION: () => TARGETED_RPC_VERSION
 });
 module.exports = __toCommonJS(version_exports);
-const PACKAGE_VERSION = "1.22.0";
+const PACKAGE_VERSION = "1.23.0";
 const TARGETED_RPC_VERSION = "1.45.0";
 //# sourceMappingURL=version.js.map

package/dist/cjs/version.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../src/version.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\n// This file is generated by genversion.mjs. Do not edit it directly.\n\nexport const PACKAGE_VERSION = '1.22.0';\nexport const TARGETED_RPC_VERSION = '1.45.0';\n"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\n// This file is generated by genversion.mjs. Do not edit it directly.\n\nexport const PACKAGE_VERSION = '1.23.0';\nexport const TARGETED_RPC_VERSION = '1.45.0';\n"],
   "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAKO,MAAM,kBAAkB;AACxB,MAAM,uBAAuB;",
   "names": []
 }

package/dist/cjs/zklogin/address.js

@@ -28,16 +28,13 @@ __export(address_exports, {
 module.exports = __toCommonJS(address_exports);
 var import_blake2b = require("@noble/hashes/blake2b");
 var import_utils = require("@noble/hashes/utils");
-var import_jose = require("jose");
 var import_signature_scheme = require("../cryptography/signature-scheme.js");
 var import_utils2 = require("../utils/index.js");
+var import_jwt_utils = require("./jwt-utils.js");
 var import_utils3 = require("./utils.js");
 function computeZkLoginAddressFromSeed(addressSeed, iss, legacyAddress = true) {
   const addressSeedBytesBigEndian = legacyAddress ? (0, import_utils3.toBigEndianBytes)(addressSeed, 32) : (0, import_utils3.toPaddedBigEndianBytes)(addressSeed, 32);
-  if (iss === "accounts.google.com") {
-    iss = "https://accounts.google.com";
-  }
-  const addressParamBytes = new TextEncoder().encode(iss);
+  const addressParamBytes = new TextEncoder().encode((0, import_utils3.normalizeZkLoginIssuer)(iss));
   const tmp = new Uint8Array(2 + addressSeedBytesBigEndian.length + addressParamBytes.length);
   tmp.set([import_signature_scheme.SIGNATURE_SCHEME_TO_FLAG.ZkLogin]);
   tmp.set([addressParamBytes.length], 1);
@@ -63,13 +60,7 @@ function lengthChecks(jwt) {
 }
 function jwtToAddress(jwt, userSalt, legacyAddress = false) {
   lengthChecks(jwt);
-  const decodedJWT = (0, import_jose.decodeJwt)(jwt);
-  if (!decodedJWT.sub || !decodedJWT.iss || !decodedJWT.aud) {
-    throw new Error("Missing jwt data");
-  }
-  if (Array.isArray(decodedJWT.aud)) {
-    throw new Error("Not supported aud. Aud is an array, string was expected.");
-  }
+  const decodedJWT = (0, import_jwt_utils.decodeJwt)(jwt);
   return computeZkLoginAddress({
     userSalt,
     claimName: "sub",

package/dist/cjs/zklogin/address.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../src/zklogin/address.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { blake2b } from '@noble/hashes/blake2b';\nimport { bytesToHex } from '@noble/hashes/utils';\nimport { decodeJwt } from 'jose';\n\nimport { SIGNATURE_SCHEME_TO_FLAG } from '../cryptography/signature-scheme.js';\nimport { normalizeSuiAddress, SUI_ADDRESS_LENGTH } from '../utils/index.js';\nimport { genAddressSeed, toBigEndianBytes, toPaddedBigEndianBytes } from './utils.js';\n\nexport function computeZkLoginAddressFromSeed(\n\taddressSeed: bigint,\n\tiss: string,\n\t/** TODO: This default should be changed in the next major release */\n\tlegacyAddress = true,\n) {\n\tconst addressSeedBytesBigEndian = legacyAddress\n\t\t? toBigEndianBytes(addressSeed, 32)\n\t\t: toPaddedBigEndianBytes(addressSeed, 32);\n\tif (iss === 'accounts.google.com') {\n\t\tiss = 'https://accounts.google.com';\n\t}\n\tconst addressParamBytes = new TextEncoder().encode(iss);\n\tconst tmp = new Uint8Array(2 + addressSeedBytesBigEndian.length + addressParamBytes.length);\n\n\ttmp.set([SIGNATURE_SCHEME_TO_FLAG.ZkLogin]);\n\ttmp.set([addressParamBytes.length], 1);\n\ttmp.set(addressParamBytes, 2);\n\ttmp.set(addressSeedBytesBigEndian, 2 + addressParamBytes.length);\n\n\treturn normalizeSuiAddress(\n\t\tbytesToHex(blake2b(tmp, { dkLen: 32 })).slice(0, SUI_ADDRESS_LENGTH * 2),\n\t);\n}\n\nexport const MAX_HEADER_LEN_B64 = 248;\nexport const MAX_PADDED_UNSIGNED_JWT_LEN = 64 * 25;\n\nexport function lengthChecks(jwt: string) {\n\tconst [header, payload] = jwt.split('.');\n\t/// Is the header small enough\n\tif (header.length > MAX_HEADER_LEN_B64) {\n\t\tthrow new Error(`Header is too long`);\n\t}\n\n\t/// Is the combined length of (header, payload, SHA2 padding) small enough?\n\t// unsigned_jwt = header + '.' + payload;\n\tconst L = (header.length + 1 + payload.length) * 8;\n\tconst K = (512 + 448 - ((L % 512) + 1)) % 512;\n\n\t// The SHA2 padding is 1 followed by K zeros, followed by the length of the message\n\tconst padded_unsigned_jwt_len = (L + 1 + K + 64) / 8;\n\n\t// The padded unsigned JWT must be less than the max_padded_unsigned_jwt_len\n\tif (padded_unsigned_jwt_len > MAX_PADDED_UNSIGNED_JWT_LEN) {\n\t\tthrow new Error(`JWT is too long`);\n\t}\n}\n\nexport function jwtToAddress(jwt: string, userSalt: string | bigint, legacyAddress = false) {\n\tlengthChecks(jwt);\n\n\tconst decodedJWT = decodeJwt(jwt);\n\tif (!decodedJWT.sub || !decodedJWT.iss || !decodedJWT.aud) {\n\t\tthrow new Error('Missing jwt data');\n\t}\n\n\tif (Array.isArray(decodedJWT.aud)) {\n\t\tthrow new Error('Not supported aud. Aud is an array, string was expected.');\n\t}\n\n\treturn computeZkLoginAddress({\n\t\tuserSalt,\n\t\tclaimName: 'sub',\n\t\tclaimValue: decodedJWT.sub,\n\t\taud: decodedJWT.aud,\n\t\tiss: decodedJWT.iss,\n\t\tlegacyAddress,\n\t});\n}\n\nexport interface ComputeZkLoginAddressOptions {\n\tclaimName: string;\n\tclaimValue: string;\n\tuserSalt: string | bigint;\n\tiss: string;\n\taud: string;\n\tlegacyAddress?: boolean;\n}\n\nexport function computeZkLoginAddress({\n\tclaimName,\n\tclaimValue,\n\tiss,\n\taud,\n\tuserSalt,\n\tlegacyAddress = false,\n}: ComputeZkLoginAddressOptions) {\n\treturn computeZkLoginAddressFromSeed(\n\t\tgenAddressSeed(userSalt, claimName, claimValue, aud),\n\t\tiss,\n\t\tlegacyAddress,\n\t);\n}\n"],
-  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,qBAAwB;AACxB,mBAA2B;AAC3B,kBAA0B;AAE1B,8BAAyC;AACzC,IAAAA,gBAAwD;AACxD,IAAAA,gBAAyE;AAElE,SAAS,8BACf,aACA,KAEA,gBAAgB,MACf;AACD,QAAM,4BAA4B,oBAC/B,gCAAiB,aAAa,EAAE,QAChC,sCAAuB,aAAa,EAAE;AACzC,MAAI,QAAQ,uBAAuB;AAClC,UAAM;AAAA,EACP;AACA,QAAM,oBAAoB,IAAI,YAAY,EAAE,OAAO,GAAG;AACtD,QAAM,MAAM,IAAI,WAAW,IAAI,0BAA0B,SAAS,kBAAkB,MAAM;AAE1F,MAAI,IAAI,CAAC,iDAAyB,OAAO,CAAC;AAC1C,MAAI,IAAI,CAAC,kBAAkB,MAAM,GAAG,CAAC;AACrC,MAAI,IAAI,mBAAmB,CAAC;AAC5B,MAAI,IAAI,2BAA2B,IAAI,kBAAkB,MAAM;AAE/D,aAAO;AAAA,QACN,6BAAW,wBAAQ,KAAK,EAAE,OAAO,GAAG,CAAC,CAAC,EAAE,MAAM,GAAG,mCAAqB,CAAC;AAAA,EACxE;AACD;AAEO,MAAM,qBAAqB;AAC3B,MAAM,8BAA8B,KAAK;AAEzC,SAAS,aAAa,KAAa;AACzC,QAAM,CAAC,QAAQ,OAAO,IAAI,IAAI,MAAM,GAAG;AAEvC,MAAI,OAAO,SAAS,oBAAoB;AACvC,UAAM,IAAI,MAAM,oBAAoB;AAAA,EACrC;AAIA,QAAM,KAAK,OAAO,SAAS,IAAI,QAAQ,UAAU;AACjD,QAAM,KAAK,MAAM,OAAQ,IAAI,MAAO,MAAM;AAG1C,QAAM,2BAA2B,IAAI,IAAI,IAAI,MAAM;AAGnD,MAAI,0BAA0B,6BAA6B;AAC1D,UAAM,IAAI,MAAM,iBAAiB;AAAA,EAClC;AACD;AAEO,SAAS,aAAa,KAAa,UAA2B,gBAAgB,OAAO;AAC3F,eAAa,GAAG;AAEhB,QAAM,iBAAa,uBAAU,GAAG;AAChC,MAAI,CAAC,WAAW,OAAO,CAAC,WAAW,OAAO,CAAC,WAAW,KAAK;AAC1D,UAAM,IAAI,MAAM,kBAAkB;AAAA,EACnC;AAEA,MAAI,MAAM,QAAQ,WAAW,GAAG,GAAG;AAClC,UAAM,IAAI,MAAM,0DAA0D;AAAA,EAC3E;AAEA,SAAO,sBAAsB;AAAA,IAC5B;AAAA,IACA,WAAW;AAAA,IACX,YAAY,WAAW;AAAA,IACvB,KAAK,WAAW;AAAA,IAChB,KAAK,WAAW;AAAA,IAChB;AAAA,EACD,CAAC;AACF;AAWO,SAAS,sBAAsB;AAAA,EACrC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,gBAAgB;AACjB,GAAiC;AAChC,SAAO;AAAA,QACN,8BAAe,UAAU,WAAW,YAAY,GAAG;AAAA,IACnD;AAAA,IACA;AAAA,EACD;AACD;",
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { blake2b } from '@noble/hashes/blake2b';\nimport { bytesToHex } from '@noble/hashes/utils';\n\nimport { SIGNATURE_SCHEME_TO_FLAG } from '../cryptography/signature-scheme.js';\nimport { normalizeSuiAddress, SUI_ADDRESS_LENGTH } from '../utils/index.js';\nimport { decodeJwt } from './jwt-utils.js';\nimport {\n\tgenAddressSeed,\n\tnormalizeZkLoginIssuer,\n\ttoBigEndianBytes,\n\ttoPaddedBigEndianBytes,\n} from './utils.js';\n\nexport function computeZkLoginAddressFromSeed(\n\taddressSeed: bigint,\n\tiss: string,\n\t/** TODO: This default should be changed in the next major release */\n\tlegacyAddress = true,\n) {\n\tconst addressSeedBytesBigEndian = legacyAddress\n\t\t? toBigEndianBytes(addressSeed, 32)\n\t\t: toPaddedBigEndianBytes(addressSeed, 32);\n\n\tconst addressParamBytes = new TextEncoder().encode(normalizeZkLoginIssuer(iss));\n\tconst tmp = new Uint8Array(2 + addressSeedBytesBigEndian.length + addressParamBytes.length);\n\n\ttmp.set([SIGNATURE_SCHEME_TO_FLAG.ZkLogin]);\n\ttmp.set([addressParamBytes.length], 1);\n\ttmp.set(addressParamBytes, 2);\n\ttmp.set(addressSeedBytesBigEndian, 2 + addressParamBytes.length);\n\n\treturn normalizeSuiAddress(\n\t\tbytesToHex(blake2b(tmp, { dkLen: 32 })).slice(0, SUI_ADDRESS_LENGTH * 2),\n\t);\n}\n\nexport const MAX_HEADER_LEN_B64 = 248;\nexport const MAX_PADDED_UNSIGNED_JWT_LEN = 64 * 25;\n\nexport function lengthChecks(jwt: string) {\n\tconst [header, payload] = jwt.split('.');\n\t/// Is the header small enough\n\tif (header.length > MAX_HEADER_LEN_B64) {\n\t\tthrow new Error(`Header is too long`);\n\t}\n\n\t/// Is the combined length of (header, payload, SHA2 padding) small enough?\n\t// unsigned_jwt = header + '.' + payload;\n\tconst L = (header.length + 1 + payload.length) * 8;\n\tconst K = (512 + 448 - ((L % 512) + 1)) % 512;\n\n\t// The SHA2 padding is 1 followed by K zeros, followed by the length of the message\n\tconst padded_unsigned_jwt_len = (L + 1 + K + 64) / 8;\n\n\t// The padded unsigned JWT must be less than the max_padded_unsigned_jwt_len\n\tif (padded_unsigned_jwt_len > MAX_PADDED_UNSIGNED_JWT_LEN) {\n\t\tthrow new Error(`JWT is too long`);\n\t}\n}\n\nexport function jwtToAddress(jwt: string, userSalt: string | bigint, legacyAddress = false) {\n\tlengthChecks(jwt);\n\n\tconst decodedJWT = decodeJwt(jwt);\n\n\treturn computeZkLoginAddress({\n\t\tuserSalt,\n\t\tclaimName: 'sub',\n\t\tclaimValue: decodedJWT.sub,\n\t\taud: decodedJWT.aud,\n\t\tiss: decodedJWT.iss,\n\t\tlegacyAddress,\n\t});\n}\n\nexport interface ComputeZkLoginAddressOptions {\n\tclaimName: string;\n\tclaimValue: string;\n\tuserSalt: string | bigint;\n\tiss: string;\n\taud: string;\n\tlegacyAddress?: boolean;\n}\n\nexport function computeZkLoginAddress({\n\tclaimName,\n\tclaimValue,\n\tiss,\n\taud,\n\tuserSalt,\n\tlegacyAddress = false,\n}: ComputeZkLoginAddressOptions) {\n\treturn computeZkLoginAddressFromSeed(\n\t\tgenAddressSeed(userSalt, claimName, claimValue, aud),\n\t\tiss,\n\t\tlegacyAddress,\n\t);\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,qBAAwB;AACxB,mBAA2B;AAE3B,8BAAyC;AACzC,IAAAA,gBAAwD;AACxD,uBAA0B;AAC1B,IAAAA,gBAKO;AAEA,SAAS,8BACf,aACA,KAEA,gBAAgB,MACf;AACD,QAAM,4BAA4B,oBAC/B,gCAAiB,aAAa,EAAE,QAChC,sCAAuB,aAAa,EAAE;AAEzC,QAAM,oBAAoB,IAAI,YAAY,EAAE,WAAO,sCAAuB,GAAG,CAAC;AAC9E,QAAM,MAAM,IAAI,WAAW,IAAI,0BAA0B,SAAS,kBAAkB,MAAM;AAE1F,MAAI,IAAI,CAAC,iDAAyB,OAAO,CAAC;AAC1C,MAAI,IAAI,CAAC,kBAAkB,MAAM,GAAG,CAAC;AACrC,MAAI,IAAI,mBAAmB,CAAC;AAC5B,MAAI,IAAI,2BAA2B,IAAI,kBAAkB,MAAM;AAE/D,aAAO;AAAA,QACN,6BAAW,wBAAQ,KAAK,EAAE,OAAO,GAAG,CAAC,CAAC,EAAE,MAAM,GAAG,mCAAqB,CAAC;AAAA,EACxE;AACD;AAEO,MAAM,qBAAqB;AAC3B,MAAM,8BAA8B,KAAK;AAEzC,SAAS,aAAa,KAAa;AACzC,QAAM,CAAC,QAAQ,OAAO,IAAI,IAAI,MAAM,GAAG;AAEvC,MAAI,OAAO,SAAS,oBAAoB;AACvC,UAAM,IAAI,MAAM,oBAAoB;AAAA,EACrC;AAIA,QAAM,KAAK,OAAO,SAAS,IAAI,QAAQ,UAAU;AACjD,QAAM,KAAK,MAAM,OAAQ,IAAI,MAAO,MAAM;AAG1C,QAAM,2BAA2B,IAAI,IAAI,IAAI,MAAM;AAGnD,MAAI,0BAA0B,6BAA6B;AAC1D,UAAM,IAAI,MAAM,iBAAiB;AAAA,EAClC;AACD;AAEO,SAAS,aAAa,KAAa,UAA2B,gBAAgB,OAAO;AAC3F,eAAa,GAAG;AAEhB,QAAM,iBAAa,4BAAU,GAAG;AAEhC,SAAO,sBAAsB;AAAA,IAC5B;AAAA,IACA,WAAW;AAAA,IACX,YAAY,WAAW;AAAA,IACvB,KAAK,WAAW;AAAA,IAChB,KAAK,WAAW;AAAA,IAChB;AAAA,EACD,CAAC;AACF;AAWO,SAAS,sBAAsB;AAAA,EACrC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,gBAAgB;AACjB,GAAiC;AAChC,SAAO;AAAA,QACN,8BAAe,UAAU,WAAW,YAAY,GAAG;AAAA,IACnD;AAAA,IACA;AAAA,EACD;AACD;",
   "names": ["import_utils"]
 }

package/dist/cjs/zklogin/index.d.ts

@@ -6,3 +6,4 @@ export { toZkLoginPublicIdentifier, ZkLoginPublicIdentifier } from './publickey.
 export type { ZkLoginSignatureInputs } from './bcs.js';
 export { poseidonHash } from './poseidon.js';
 export { generateNonce, generateRandomness } from './nonce.js';
+export { decodeJwt } from './jwt-utils.js';

package/dist/cjs/zklogin/index.js

@@ -21,6 +21,7 @@ __export(zklogin_exports, {
   ZkLoginPublicIdentifier: () => import_publickey.ZkLoginPublicIdentifier,
   computeZkLoginAddress: () => import_address.computeZkLoginAddress,
   computeZkLoginAddressFromSeed: () => import_address.computeZkLoginAddressFromSeed,
+  decodeJwt: () => import_jwt_utils.decodeJwt,
   genAddressSeed: () => import_utils.genAddressSeed,
   generateNonce: () => import_nonce.generateNonce,
   generateRandomness: () => import_nonce.generateRandomness,
@@ -41,4 +42,5 @@ var import_address = require("./address.js");
 var import_publickey = require("./publickey.js");
 var import_poseidon = require("./poseidon.js");
 var import_nonce = require("./nonce.js");
+var import_jwt_utils = require("./jwt-utils.js");
 //# sourceMappingURL=index.js.map

package/dist/cjs/zklogin/index.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../src/zklogin/index.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nexport { getZkLoginSignature, parseZkLoginSignature } from './signature.js';\nexport {\n\ttoBigEndianBytes,\n\ttoPaddedBigEndianBytes,\n\thashASCIIStrToField,\n\tgenAddressSeed,\n\tgetExtendedEphemeralPublicKey,\n} from './utils.js';\nexport { computeZkLoginAddressFromSeed, computeZkLoginAddress, jwtToAddress } from './address.js';\nexport type { ComputeZkLoginAddressOptions } from './address.js';\nexport { toZkLoginPublicIdentifier, ZkLoginPublicIdentifier } from './publickey.js';\nexport type { ZkLoginSignatureInputs } from './bcs.js';\nexport { poseidonHash } from './poseidon.js';\nexport { generateNonce, generateRandomness } from './nonce.js';\n"],
-  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,uBAA2D;AAC3D,mBAMO;AACP,qBAAmF;AAEnF,uBAAmE;AAEnE,sBAA6B;AAC7B,mBAAkD;",
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nexport { getZkLoginSignature, parseZkLoginSignature } from './signature.js';\nexport {\n\ttoBigEndianBytes,\n\ttoPaddedBigEndianBytes,\n\thashASCIIStrToField,\n\tgenAddressSeed,\n\tgetExtendedEphemeralPublicKey,\n} from './utils.js';\nexport { computeZkLoginAddressFromSeed, computeZkLoginAddress, jwtToAddress } from './address.js';\nexport type { ComputeZkLoginAddressOptions } from './address.js';\nexport { toZkLoginPublicIdentifier, ZkLoginPublicIdentifier } from './publickey.js';\nexport type { ZkLoginSignatureInputs } from './bcs.js';\nexport { poseidonHash } from './poseidon.js';\nexport { generateNonce, generateRandomness } from './nonce.js';\nexport { decodeJwt } from './jwt-utils.js';\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,uBAA2D;AAC3D,mBAMO;AACP,qBAAmF;AAEnF,uBAAmE;AAEnE,sBAA6B;AAC7B,mBAAkD;AAClD,uBAA0B;",
   "names": []
 }

package/dist/cjs/zklogin/jwt-decode.d.ts

@@ -0,0 +1,47 @@
+/** Copied from https://github.com/auth0/jwt-decode/blob/3d372e9875ff673228a9f2d9df74e84690842a9c/lib/index.ts */
+/**
+The MIT License (MIT)
+
+Copyright (c) 2015 Auth0, Inc. <support@auth0.com> (http://auth0.com)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+ */
+export interface JwtDecodeOptions {
+    header?: boolean;
+}
+export interface JwtHeader {
+    typ?: string;
+    alg?: string;
+    kid?: string;
+}
+export interface JwtPayload {
+    iss?: string;
+    sub?: string;
+    aud?: string[] | string;
+    exp?: number;
+    nbf?: number;
+    iat?: number;
+    jti?: string;
+}
+export declare class InvalidTokenError extends Error {
+}
+export declare function jwtDecode<T = JwtHeader>(token: string, options: JwtDecodeOptions & {
+    header: true;
+}): T;
+export declare function jwtDecode<T = JwtPayload>(token: string, options?: JwtDecodeOptions): T;

package/dist/cjs/zklogin/jwt-decode.js

@@ -0,0 +1,85 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var jwt_decode_exports = {};
+__export(jwt_decode_exports, {
+  InvalidTokenError: () => InvalidTokenError,
+  jwtDecode: () => jwtDecode
+});
+module.exports = __toCommonJS(jwt_decode_exports);
+class InvalidTokenError extends Error {
+}
+InvalidTokenError.prototype.name = "InvalidTokenError";
+function b64DecodeUnicode(str) {
+  return decodeURIComponent(
+    atob(str).replace(/(.)/g, (_m, p) => {
+      let code = p.charCodeAt(0).toString(16).toUpperCase();
+      if (code.length < 2) {
+        code = "0" + code;
+      }
+      return "%" + code;
+    })
+  );
+}
+function base64UrlDecode(str) {
+  let output = str.replace(/-/g, "+").replace(/_/g, "/");
+  switch (output.length % 4) {
+    case 0:
+      break;
+    case 2:
+      output += "==";
+      break;
+    case 3:
+      output += "=";
+      break;
+    default:
+      throw new Error("base64 string is not of the correct length");
+  }
+  try {
+    return b64DecodeUnicode(output);
+  } catch (err) {
+    return atob(output);
+  }
+}
+function jwtDecode(token, options) {
+  if (typeof token !== "string") {
+    throw new InvalidTokenError("Invalid token specified: must be a string");
+  }
+  options || (options = {});
+  const pos = options.header === true ? 0 : 1;
+  const part = token.split(".")[pos];
+  if (typeof part !== "string") {
+    throw new InvalidTokenError(`Invalid token specified: missing part #${pos + 1}`);
+  }
+  let decoded;
+  try {
+    decoded = base64UrlDecode(part);
+  } catch (e) {
+    throw new InvalidTokenError(
+      `Invalid token specified: invalid base64 for part #${pos + 1} (${e.message})`
+    );
+  }
+  try {
+    return JSON.parse(decoded);
+  } catch (e) {
+    throw new InvalidTokenError(
+      `Invalid token specified: invalid json for part #${pos + 1} (${e.message})`
+    );
+  }
+}
+//# sourceMappingURL=jwt-decode.js.map

package/dist/cjs/zklogin/jwt-decode.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/zklogin/jwt-decode.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\n/** Copied from https://github.com/auth0/jwt-decode/blob/3d372e9875ff673228a9f2d9df74e84690842a9c/lib/index.ts */\n\n/**\nThe MIT License (MIT)\n\nCopyright (c) 2015 Auth0, Inc. <support@auth0.com> (http://auth0.com)\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n */\n\nexport interface JwtDecodeOptions {\n\theader?: boolean;\n}\n\nexport interface JwtHeader {\n\ttyp?: string;\n\talg?: string;\n\tkid?: string;\n}\n\nexport interface JwtPayload {\n\tiss?: string;\n\tsub?: string;\n\taud?: string[] | string;\n\texp?: number;\n\tnbf?: number;\n\tiat?: number;\n\tjti?: string;\n}\n\nexport class InvalidTokenError extends Error {}\n\nInvalidTokenError.prototype.name = 'InvalidTokenError';\n\nfunction b64DecodeUnicode(str: string) {\n\treturn decodeURIComponent(\n\t\tatob(str).replace(/(.)/g, (_m, p) => {\n\t\t\tlet code = (p as string).charCodeAt(0).toString(16).toUpperCase();\n\t\t\tif (code.length < 2) {\n\t\t\t\tcode = '0' + code;\n\t\t\t}\n\t\t\treturn '%' + code;\n\t\t}),\n\t);\n}\n\nfunction base64UrlDecode(str: string) {\n\tlet output = str.replace(/-/g, '+').replace(/_/g, '/');\n\tswitch (output.length % 4) {\n\t\tcase 0:\n\t\t\tbreak;\n\t\tcase 2:\n\t\t\toutput += '==';\n\t\t\tbreak;\n\t\tcase 3:\n\t\t\toutput += '=';\n\t\t\tbreak;\n\t\tdefault:\n\t\t\tthrow new Error('base64 string is not of the correct length');\n\t}\n\n\ttry {\n\t\treturn b64DecodeUnicode(output);\n\t} catch (err) {\n\t\treturn atob(output);\n\t}\n}\n\nexport function jwtDecode<T = JwtHeader>(\n\ttoken: string,\n\toptions: JwtDecodeOptions & { header: true },\n): T;\nexport function jwtDecode<T = JwtPayload>(token: string, options?: JwtDecodeOptions): T;\nexport function jwtDecode<T = JwtHeader | JwtPayload>(\n\ttoken: string,\n\toptions?: JwtDecodeOptions,\n): T {\n\tif (typeof token !== 'string') {\n\t\tthrow new InvalidTokenError('Invalid token specified: must be a string');\n\t}\n\n\toptions ||= {};\n\n\tconst pos = options.header === true ? 0 : 1;\n\tconst part = token.split('.')[pos];\n\n\tif (typeof part !== 'string') {\n\t\tthrow new InvalidTokenError(`Invalid token specified: missing part #${pos + 1}`);\n\t}\n\n\tlet decoded: string;\n\ttry {\n\t\tdecoded = base64UrlDecode(part);\n\t} catch (e) {\n\t\tthrow new InvalidTokenError(\n\t\t\t`Invalid token specified: invalid base64 for part #${pos + 1} (${(e as Error).message})`,\n\t\t);\n\t}\n\n\ttry {\n\t\treturn JSON.parse(decoded) as T;\n\t} catch (e) {\n\t\tthrow new InvalidTokenError(\n\t\t\t`Invalid token specified: invalid json for part #${pos + 1} (${(e as Error).message})`,\n\t\t);\n\t}\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAiDO,MAAM,0BAA0B,MAAM;AAAC;AAE9C,kBAAkB,UAAU,OAAO;AAEnC,SAAS,iBAAiB,KAAa;AACtC,SAAO;AAAA,IACN,KAAK,GAAG,EAAE,QAAQ,QAAQ,CAAC,IAAI,MAAM;AACpC,UAAI,OAAQ,EAAa,WAAW,CAAC,EAAE,SAAS,EAAE,EAAE,YAAY;AAChE,UAAI,KAAK,SAAS,GAAG;AACpB,eAAO,MAAM;AAAA,MACd;AACA,aAAO,MAAM;AAAA,IACd,CAAC;AAAA,EACF;AACD;AAEA,SAAS,gBAAgB,KAAa;AACrC,MAAI,SAAS,IAAI,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG;AACrD,UAAQ,OAAO,SAAS,GAAG;AAAA,IAC1B,KAAK;AACJ;AAAA,IACD,KAAK;AACJ,gBAAU;AACV;AAAA,IACD,KAAK;AACJ,gBAAU;AACV;AAAA,IACD;AACC,YAAM,IAAI,MAAM,4CAA4C;AAAA,EAC9D;AAEA,MAAI;AACH,WAAO,iBAAiB,MAAM;AAAA,EAC/B,SAAS,KAAK;AACb,WAAO,KAAK,MAAM;AAAA,EACnB;AACD;AAOO,SAAS,UACf,OACA,SACI;AACJ,MAAI,OAAO,UAAU,UAAU;AAC9B,UAAM,IAAI,kBAAkB,2CAA2C;AAAA,EACxE;AAEA,wBAAY,CAAC;AAEb,QAAM,MAAM,QAAQ,WAAW,OAAO,IAAI;AAC1C,QAAM,OAAO,MAAM,MAAM,GAAG,EAAE,GAAG;AAEjC,MAAI,OAAO,SAAS,UAAU;AAC7B,UAAM,IAAI,kBAAkB,0CAA0C,MAAM,CAAC,EAAE;AAAA,EAChF;AAEA,MAAI;AACJ,MAAI;AACH,cAAU,gBAAgB,IAAI;AAAA,EAC/B,SAAS,GAAG;AACX,UAAM,IAAI;AAAA,MACT,qDAAqD,MAAM,CAAC,KAAM,EAAY,OAAO;AAAA,IACtF;AAAA,EACD;AAEA,MAAI;AACH,WAAO,KAAK,MAAM,OAAO;AAAA,EAC1B,SAAS,GAAG;AACX,UAAM,IAAI;AAAA,MACT,mDAAmD,MAAM,CAAC,KAAM,EAAY,OAAO;AAAA,IACpF;AAAA,EACD;AACD;",
+  "names": []
+}

package/dist/cjs/zklogin/jwt-utils.d.ts

@@ -1,5 +1,12 @@
+import type { JwtPayload } from './jwt-decode.js';
 export type Claim = {
     value: string;
     indexMod4: number;
 };
 export declare function extractClaimValue<R>(claim: Claim, claimName: string): R;
+export declare function decodeJwt(jwt: string): Omit<JwtPayload, 'iss' | 'aud' | 'sub'> & {
+    iss: string;
+    aud: string;
+    sub: string;
+    rawIss: string;
+};

package/dist/cjs/zklogin/jwt-utils.js

@@ -18,9 +18,12 @@ var __copyProps = (to, from, except, desc) => {
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 var jwt_utils_exports = {};
 __export(jwt_utils_exports, {
+  decodeJwt: () => decodeJwt,
   extractClaimValue: () => extractClaimValue
 });
 module.exports = __toCommonJS(jwt_utils_exports);
+var import_jwt_decode = require("./jwt-decode.js");
+var import_utils = require("./utils.js");
 function base64UrlCharTo6Bits(base64UrlChar) {
   if (base64UrlChar.length !== 1) {
     throw new Error("Invalid base64Url character: " + base64UrlChar);
@@ -99,4 +102,20 @@ function extractClaimValue(claim, claimName) {
   }
   return value;
 }
+function decodeJwt(jwt) {
+  const { iss, aud, sub, ...decodedJWT } = (0, import_jwt_decode.jwtDecode)(jwt);
+  if (!sub || !iss || !aud) {
+    throw new Error("Missing jwt data");
+  }
+  if (Array.isArray(aud)) {
+    throw new Error("Not supported aud. Aud is an array, string was expected.");
+  }
+  return {
+    ...decodedJWT,
+    iss: (0, import_utils.normalizeZkLoginIssuer)(iss),
+    rawIss: iss,
+    aud,
+    sub
+  };
+}
 //# sourceMappingURL=jwt-utils.js.map

package/dist/cjs/zklogin/jwt-utils.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../src/zklogin/jwt-utils.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nfunction base64UrlCharTo6Bits(base64UrlChar: string): number[] {\n\tif (base64UrlChar.length !== 1) {\n\t\tthrow new Error('Invalid base64Url character: ' + base64UrlChar);\n\t}\n\n\t// Define the base64URL character set\n\tconst base64UrlCharacterSet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_';\n\n\t// Find the index of the input character in the base64URL character set\n\tconst index = base64UrlCharacterSet.indexOf(base64UrlChar);\n\n\tif (index === -1) {\n\t\tthrow new Error('Invalid base64Url character: ' + base64UrlChar);\n\t}\n\n\t// Convert the index to a 6-bit binary string\n\tconst binaryString = index.toString(2).padStart(6, '0');\n\n\t// Convert the binary string to an array of bits\n\tconst bits = Array.from(binaryString).map(Number);\n\n\treturn bits;\n}\n\nfunction base64UrlStringToBitVector(base64UrlString: string) {\n\tlet bitVector: number[] = [];\n\tfor (let i = 0; i < base64UrlString.length; i++) {\n\t\tconst base64UrlChar = base64UrlString.charAt(i);\n\t\tconst bits = base64UrlCharTo6Bits(base64UrlChar);\n\t\tbitVector = bitVector.concat(bits);\n\t}\n\treturn bitVector;\n}\n\nfunction decodeBase64URL(s: string, i: number): string {\n\tif (s.length < 2) {\n\t\tthrow new Error(`Input (s = ${s}) is not tightly packed because s.length < 2`);\n\t}\n\tlet bits = base64UrlStringToBitVector(s);\n\n\tconst firstCharOffset = i % 4;\n\tif (firstCharOffset === 0) {\n\t\t// skip\n\t} else if (firstCharOffset === 1) {\n\t\tbits = bits.slice(2);\n\t} else if (firstCharOffset === 2) {\n\t\tbits = bits.slice(4);\n\t} else {\n\t\t// (offset == 3)\n\t\tthrow new Error(`Input (s = ${s}) is not tightly packed because i%4 = 3 (i = ${i}))`);\n\t}\n\n\tconst lastCharOffset = (i + s.length - 1) % 4;\n\tif (lastCharOffset === 3) {\n\t\t// skip\n\t} else if (lastCharOffset === 2) {\n\t\tbits = bits.slice(0, bits.length - 2);\n\t} else if (lastCharOffset === 1) {\n\t\tbits = bits.slice(0, bits.length - 4);\n\t} else {\n\t\t// (offset == 0)\n\t\tthrow new Error(\n\t\t\t`Input (s = ${s}) is not tightly packed because (i + s.length - 1)%4 = 0 (i = ${i}))`,\n\t\t);\n\t}\n\n\tif (bits.length % 8 !== 0) {\n\t\tthrow new Error(`We should never reach here...`);\n\t}\n\n\tconst bytes = new Uint8Array(Math.floor(bits.length / 8));\n\tlet currentByteIndex = 0;\n\tfor (let i = 0; i < bits.length; i += 8) {\n\t\tconst bitChunk = bits.slice(i, i + 8);\n\n\t\t// Convert the 8-bit chunk to a byte and add it to the bytes array\n\t\tconst byte = parseInt(bitChunk.join(''), 2);\n\t\tbytes[currentByteIndex++] = byte;\n\t}\n\treturn new TextDecoder().decode(bytes);\n}\n\nfunction verifyExtendedClaim(claim: string) {\n\t// Last character of each extracted_claim must be '}' or ','\n\tif (!(claim.slice(-1) === '}' || claim.slice(-1) === ',')) {\n\t\tthrow new Error('Invalid claim');\n\t}\n\n\t// A hack to parse the JSON key-value pair.. but it should work\n\tconst json = JSON.parse('{' + claim.slice(0, -1) + '}');\n\tif (Object.keys(json).length !== 1) {\n\t\tthrow new Error('Invalid claim');\n\t}\n\tconst key = Object.keys(json)[0];\n\treturn [key, json[key]];\n}\n\nexport type Claim = {\n\tvalue: string;\n\tindexMod4: number;\n};\n\nexport function extractClaimValue<R>(claim: Claim, claimName: string): R {\n\tconst extendedClaim = decodeBase64URL(claim.value, claim.indexMod4);\n\tconst [name, value] = verifyExtendedClaim(extendedClaim);\n\tif (name !== claimName) {\n\t\tthrow new Error(`Invalid field name: found ${name} expected ${claimName}`);\n\t}\n\treturn value;\n}\n"],
-  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,SAAS,qBAAqB,eAAiC;AAC9D,MAAI,cAAc,WAAW,GAAG;AAC/B,UAAM,IAAI,MAAM,kCAAkC,aAAa;AAAA,EAChE;AAGA,QAAM,wBAAwB;AAG9B,QAAM,QAAQ,sBAAsB,QAAQ,aAAa;AAEzD,MAAI,UAAU,IAAI;AACjB,UAAM,IAAI,MAAM,kCAAkC,aAAa;AAAA,EAChE;AAGA,QAAM,eAAe,MAAM,SAAS,CAAC,EAAE,SAAS,GAAG,GAAG;AAGtD,QAAM,OAAO,MAAM,KAAK,YAAY,EAAE,IAAI,MAAM;AAEhD,SAAO;AACR;AAEA,SAAS,2BAA2B,iBAAyB;AAC5D,MAAI,YAAsB,CAAC;AAC3B,WAAS,IAAI,GAAG,IAAI,gBAAgB,QAAQ,KAAK;AAChD,UAAM,gBAAgB,gBAAgB,OAAO,CAAC;AAC9C,UAAM,OAAO,qBAAqB,aAAa;AAC/C,gBAAY,UAAU,OAAO,IAAI;AAAA,EAClC;AACA,SAAO;AACR;AAEA,SAAS,gBAAgB,GAAW,GAAmB;AACtD,MAAI,EAAE,SAAS,GAAG;AACjB,UAAM,IAAI,MAAM,cAAc,CAAC,8CAA8C;AAAA,EAC9E;AACA,MAAI,OAAO,2BAA2B,CAAC;AAEvC,QAAM,kBAAkB,IAAI;AAC5B,MAAI,oBAAoB,GAAG;AAAA,EAE3B,WAAW,oBAAoB,GAAG;AACjC,WAAO,KAAK,MAAM,CAAC;AAAA,EACpB,WAAW,oBAAoB,GAAG;AACjC,WAAO,KAAK,MAAM,CAAC;AAAA,EACpB,OAAO;AAEN,UAAM,IAAI,MAAM,cAAc,CAAC,gDAAgD,CAAC,IAAI;AAAA,EACrF;AAEA,QAAM,kBAAkB,IAAI,EAAE,SAAS,KAAK;AAC5C,MAAI,mBAAmB,GAAG;AAAA,EAE1B,WAAW,mBAAmB,GAAG;AAChC,WAAO,KAAK,MAAM,GAAG,KAAK,SAAS,CAAC;AAAA,EACrC,WAAW,mBAAmB,GAAG;AAChC,WAAO,KAAK,MAAM,GAAG,KAAK,SAAS,CAAC;AAAA,EACrC,OAAO;AAEN,UAAM,IAAI;AAAA,MACT,cAAc,CAAC,iEAAiE,CAAC;AAAA,IAClF;AAAA,EACD;AAEA,MAAI,KAAK,SAAS,MAAM,GAAG;AAC1B,UAAM,IAAI,MAAM,+BAA+B;AAAA,EAChD;AAEA,QAAM,QAAQ,IAAI,WAAW,KAAK,MAAM,KAAK,SAAS,CAAC,CAAC;AACxD,MAAI,mBAAmB;AACvB,WAASA,KAAI,GAAGA,KAAI,KAAK,QAAQA,MAAK,GAAG;AACxC,UAAM,WAAW,KAAK,MAAMA,IAAGA,KAAI,CAAC;AAGpC,UAAM,OAAO,SAAS,SAAS,KAAK,EAAE,GAAG,CAAC;AAC1C,UAAM,kBAAkB,IAAI;AAAA,EAC7B;AACA,SAAO,IAAI,YAAY,EAAE,OAAO,KAAK;AACtC;AAEA,SAAS,oBAAoB,OAAe;AAE3C,MAAI,EAAE,MAAM,MAAM,EAAE,MAAM,OAAO,MAAM,MAAM,EAAE,MAAM,MAAM;AAC1D,UAAM,IAAI,MAAM,eAAe;AAAA,EAChC;AAGA,QAAM,OAAO,KAAK,MAAM,MAAM,MAAM,MAAM,GAAG,EAAE,IAAI,GAAG;AACtD,MAAI,OAAO,KAAK,IAAI,EAAE,WAAW,GAAG;AACnC,UAAM,IAAI,MAAM,eAAe;AAAA,EAChC;AACA,QAAM,MAAM,OAAO,KAAK,IAAI,EAAE,CAAC;AAC/B,SAAO,CAAC,KAAK,KAAK,GAAG,CAAC;AACvB;AAOO,SAAS,kBAAqB,OAAc,WAAsB;AACxE,QAAM,gBAAgB,gBAAgB,MAAM,OAAO,MAAM,SAAS;AAClE,QAAM,CAAC,MAAM,KAAK,IAAI,oBAAoB,aAAa;AACvD,MAAI,SAAS,WAAW;AACvB,UAAM,IAAI,MAAM,6BAA6B,IAAI,aAAa,SAAS,EAAE;AAAA,EAC1E;AACA,SAAO;AACR;",
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { JwtPayload } from './jwt-decode.js';\nimport { jwtDecode } from './jwt-decode.js';\nimport { normalizeZkLoginIssuer } from './utils.js';\n\nfunction base64UrlCharTo6Bits(base64UrlChar: string): number[] {\n\tif (base64UrlChar.length !== 1) {\n\t\tthrow new Error('Invalid base64Url character: ' + base64UrlChar);\n\t}\n\n\t// Define the base64URL character set\n\tconst base64UrlCharacterSet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_';\n\n\t// Find the index of the input character in the base64URL character set\n\tconst index = base64UrlCharacterSet.indexOf(base64UrlChar);\n\n\tif (index === -1) {\n\t\tthrow new Error('Invalid base64Url character: ' + base64UrlChar);\n\t}\n\n\t// Convert the index to a 6-bit binary string\n\tconst binaryString = index.toString(2).padStart(6, '0');\n\n\t// Convert the binary string to an array of bits\n\tconst bits = Array.from(binaryString).map(Number);\n\n\treturn bits;\n}\n\nfunction base64UrlStringToBitVector(base64UrlString: string) {\n\tlet bitVector: number[] = [];\n\tfor (let i = 0; i < base64UrlString.length; i++) {\n\t\tconst base64UrlChar = base64UrlString.charAt(i);\n\t\tconst bits = base64UrlCharTo6Bits(base64UrlChar);\n\t\tbitVector = bitVector.concat(bits);\n\t}\n\treturn bitVector;\n}\n\nfunction decodeBase64URL(s: string, i: number): string {\n\tif (s.length < 2) {\n\t\tthrow new Error(`Input (s = ${s}) is not tightly packed because s.length < 2`);\n\t}\n\tlet bits = base64UrlStringToBitVector(s);\n\n\tconst firstCharOffset = i % 4;\n\tif (firstCharOffset === 0) {\n\t\t// skip\n\t} else if (firstCharOffset === 1) {\n\t\tbits = bits.slice(2);\n\t} else if (firstCharOffset === 2) {\n\t\tbits = bits.slice(4);\n\t} else {\n\t\t// (offset == 3)\n\t\tthrow new Error(`Input (s = ${s}) is not tightly packed because i%4 = 3 (i = ${i}))`);\n\t}\n\n\tconst lastCharOffset = (i + s.length - 1) % 4;\n\tif (lastCharOffset === 3) {\n\t\t// skip\n\t} else if (lastCharOffset === 2) {\n\t\tbits = bits.slice(0, bits.length - 2);\n\t} else if (lastCharOffset === 1) {\n\t\tbits = bits.slice(0, bits.length - 4);\n\t} else {\n\t\t// (offset == 0)\n\t\tthrow new Error(\n\t\t\t`Input (s = ${s}) is not tightly packed because (i + s.length - 1)%4 = 0 (i = ${i}))`,\n\t\t);\n\t}\n\n\tif (bits.length % 8 !== 0) {\n\t\tthrow new Error(`We should never reach here...`);\n\t}\n\n\tconst bytes = new Uint8Array(Math.floor(bits.length / 8));\n\tlet currentByteIndex = 0;\n\tfor (let i = 0; i < bits.length; i += 8) {\n\t\tconst bitChunk = bits.slice(i, i + 8);\n\n\t\t// Convert the 8-bit chunk to a byte and add it to the bytes array\n\t\tconst byte = parseInt(bitChunk.join(''), 2);\n\t\tbytes[currentByteIndex++] = byte;\n\t}\n\treturn new TextDecoder().decode(bytes);\n}\n\nfunction verifyExtendedClaim(claim: string) {\n\t// Last character of each extracted_claim must be '}' or ','\n\tif (!(claim.slice(-1) === '}' || claim.slice(-1) === ',')) {\n\t\tthrow new Error('Invalid claim');\n\t}\n\n\t// A hack to parse the JSON key-value pair.. but it should work\n\tconst json = JSON.parse('{' + claim.slice(0, -1) + '}');\n\tif (Object.keys(json).length !== 1) {\n\t\tthrow new Error('Invalid claim');\n\t}\n\tconst key = Object.keys(json)[0];\n\treturn [key, json[key]];\n}\n\nexport type Claim = {\n\tvalue: string;\n\tindexMod4: number;\n};\n\nexport function extractClaimValue<R>(claim: Claim, claimName: string): R {\n\tconst extendedClaim = decodeBase64URL(claim.value, claim.indexMod4);\n\tconst [name, value] = verifyExtendedClaim(extendedClaim);\n\tif (name !== claimName) {\n\t\tthrow new Error(`Invalid field name: found ${name} expected ${claimName}`);\n\t}\n\treturn value;\n}\n\nexport function decodeJwt(jwt: string): Omit<JwtPayload, 'iss' | 'aud' | 'sub'> & {\n\tiss: string;\n\taud: string;\n\tsub: string;\n\trawIss: string;\n} {\n\tconst { iss, aud, sub, ...decodedJWT } = jwtDecode(jwt);\n\n\tif (!sub || !iss || !aud) {\n\t\tthrow new Error('Missing jwt data');\n\t}\n\n\tif (Array.isArray(aud)) {\n\t\tthrow new Error('Not supported aud. Aud is an array, string was expected.');\n\t}\n\n\treturn {\n\t\t...decodedJWT,\n\t\tiss: normalizeZkLoginIssuer(iss),\n\t\trawIss: iss,\n\t\taud,\n\t\tsub,\n\t};\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAIA,wBAA0B;AAC1B,mBAAuC;AAEvC,SAAS,qBAAqB,eAAiC;AAC9D,MAAI,cAAc,WAAW,GAAG;AAC/B,UAAM,IAAI,MAAM,kCAAkC,aAAa;AAAA,EAChE;AAGA,QAAM,wBAAwB;AAG9B,QAAM,QAAQ,sBAAsB,QAAQ,aAAa;AAEzD,MAAI,UAAU,IAAI;AACjB,UAAM,IAAI,MAAM,kCAAkC,aAAa;AAAA,EAChE;AAGA,QAAM,eAAe,MAAM,SAAS,CAAC,EAAE,SAAS,GAAG,GAAG;AAGtD,QAAM,OAAO,MAAM,KAAK,YAAY,EAAE,IAAI,MAAM;AAEhD,SAAO;AACR;AAEA,SAAS,2BAA2B,iBAAyB;AAC5D,MAAI,YAAsB,CAAC;AAC3B,WAAS,IAAI,GAAG,IAAI,gBAAgB,QAAQ,KAAK;AAChD,UAAM,gBAAgB,gBAAgB,OAAO,CAAC;AAC9C,UAAM,OAAO,qBAAqB,aAAa;AAC/C,gBAAY,UAAU,OAAO,IAAI;AAAA,EAClC;AACA,SAAO;AACR;AAEA,SAAS,gBAAgB,GAAW,GAAmB;AACtD,MAAI,EAAE,SAAS,GAAG;AACjB,UAAM,IAAI,MAAM,cAAc,CAAC,8CAA8C;AAAA,EAC9E;AACA,MAAI,OAAO,2BAA2B,CAAC;AAEvC,QAAM,kBAAkB,IAAI;AAC5B,MAAI,oBAAoB,GAAG;AAAA,EAE3B,WAAW,oBAAoB,GAAG;AACjC,WAAO,KAAK,MAAM,CAAC;AAAA,EACpB,WAAW,oBAAoB,GAAG;AACjC,WAAO,KAAK,MAAM,CAAC;AAAA,EACpB,OAAO;AAEN,UAAM,IAAI,MAAM,cAAc,CAAC,gDAAgD,CAAC,IAAI;AAAA,EACrF;AAEA,QAAM,kBAAkB,IAAI,EAAE,SAAS,KAAK;AAC5C,MAAI,mBAAmB,GAAG;AAAA,EAE1B,WAAW,mBAAmB,GAAG;AAChC,WAAO,KAAK,MAAM,GAAG,KAAK,SAAS,CAAC;AAAA,EACrC,WAAW,mBAAmB,GAAG;AAChC,WAAO,KAAK,MAAM,GAAG,KAAK,SAAS,CAAC;AAAA,EACrC,OAAO;AAEN,UAAM,IAAI;AAAA,MACT,cAAc,CAAC,iEAAiE,CAAC;AAAA,IAClF;AAAA,EACD;AAEA,MAAI,KAAK,SAAS,MAAM,GAAG;AAC1B,UAAM,IAAI,MAAM,+BAA+B;AAAA,EAChD;AAEA,QAAM,QAAQ,IAAI,WAAW,KAAK,MAAM,KAAK,SAAS,CAAC,CAAC;AACxD,MAAI,mBAAmB;AACvB,WAASA,KAAI,GAAGA,KAAI,KAAK,QAAQA,MAAK,GAAG;AACxC,UAAM,WAAW,KAAK,MAAMA,IAAGA,KAAI,CAAC;AAGpC,UAAM,OAAO,SAAS,SAAS,KAAK,EAAE,GAAG,CAAC;AAC1C,UAAM,kBAAkB,IAAI;AAAA,EAC7B;AACA,SAAO,IAAI,YAAY,EAAE,OAAO,KAAK;AACtC;AAEA,SAAS,oBAAoB,OAAe;AAE3C,MAAI,EAAE,MAAM,MAAM,EAAE,MAAM,OAAO,MAAM,MAAM,EAAE,MAAM,MAAM;AAC1D,UAAM,IAAI,MAAM,eAAe;AAAA,EAChC;AAGA,QAAM,OAAO,KAAK,MAAM,MAAM,MAAM,MAAM,GAAG,EAAE,IAAI,GAAG;AACtD,MAAI,OAAO,KAAK,IAAI,EAAE,WAAW,GAAG;AACnC,UAAM,IAAI,MAAM,eAAe;AAAA,EAChC;AACA,QAAM,MAAM,OAAO,KAAK,IAAI,EAAE,CAAC;AAC/B,SAAO,CAAC,KAAK,KAAK,GAAG,CAAC;AACvB;AAOO,SAAS,kBAAqB,OAAc,WAAsB;AACxE,QAAM,gBAAgB,gBAAgB,MAAM,OAAO,MAAM,SAAS;AAClE,QAAM,CAAC,MAAM,KAAK,IAAI,oBAAoB,aAAa;AACvD,MAAI,SAAS,WAAW;AACvB,UAAM,IAAI,MAAM,6BAA6B,IAAI,aAAa,SAAS,EAAE;AAAA,EAC1E;AACA,SAAO;AACR;AAEO,SAAS,UAAU,KAKxB;AACD,QAAM,EAAE,KAAK,KAAK,KAAK,GAAG,WAAW,QAAI,6BAAU,GAAG;AAEtD,MAAI,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK;AACzB,UAAM,IAAI,MAAM,kBAAkB;AAAA,EACnC;AAEA,MAAI,MAAM,QAAQ,GAAG,GAAG;AACvB,UAAM,IAAI,MAAM,0DAA0D;AAAA,EAC3E;AAEA,SAAO;AAAA,IACN,GAAG;AAAA,IACH,SAAK,qCAAuB,GAAG;AAAA,IAC/B,QAAQ;AAAA,IACR;AAAA,IACA;AAAA,EACD;AACD;",
   "names": ["i"]
 }

package/dist/cjs/zklogin/nonce.js

@@ -25,7 +25,7 @@ __export(nonce_exports, {
 module.exports = __toCommonJS(nonce_exports);
 var import_bcs = require("@mysten/bcs");
 var import_utils = require("@noble/hashes/utils");
-var import_jose = require("jose");
+var import_base = require("@scure/base");
 var import_poseidon = require("./poseidon.js");
 var import_utils2 = require("./utils.js");
 const NONCE_LENGTH = 27;
@@ -45,7 +45,7 @@ function generateNonce(publicKey, maxEpoch, randomness) {
   const eph_public_key_1 = publicKeyBytes % 2n ** 128n;
   const bigNum = (0, import_poseidon.poseidonHash)([eph_public_key_0, eph_public_key_1, maxEpoch, BigInt(randomness)]);
   const Z = (0, import_utils2.toPaddedBigEndianBytes)(bigNum, 20);
-  const nonce = import_jose.base64url.encode(Z);
+  const nonce = import_base.base64urlnopad.encode(Z);
   if (nonce.length !== NONCE_LENGTH) {
     throw new Error(`Length of nonce ${nonce} (${nonce.length}) is not equal to ${NONCE_LENGTH}`);
   }

package/dist/cjs/zklogin/nonce.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../src/zklogin/nonce.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { toHex } from '@mysten/bcs';\nimport { randomBytes } from '@noble/hashes/utils';\nimport { base64url } from 'jose';\n\nimport type { PublicKey } from '../cryptography/publickey.js';\nimport { poseidonHash } from './poseidon.js';\nimport { toPaddedBigEndianBytes } from './utils.js';\n\nexport const NONCE_LENGTH = 27;\n\nfunction toBigIntBE(bytes: Uint8Array) {\n\tconst hex = toHex(bytes);\n\tif (hex.length === 0) {\n\t\treturn BigInt(0);\n\t}\n\treturn BigInt(`0x${hex}`);\n}\n\nexport function generateRandomness() {\n\t// Once Node 20 enters LTS, we can just use crypto.getRandomValues(new Uint8Array(16)), but until then we use `randomBytes` to improve compatibility:\n\treturn String(toBigIntBE(randomBytes(16)));\n}\n\nexport function generateNonce(publicKey: PublicKey, maxEpoch: number, randomness: bigint | string) {\n\tconst publicKeyBytes = toBigIntBE(publicKey.toSuiBytes());\n\tconst eph_public_key_0 = publicKeyBytes / 2n ** 128n;\n\tconst eph_public_key_1 = publicKeyBytes % 2n ** 128n;\n\tconst bigNum = poseidonHash([eph_public_key_0, eph_public_key_1, maxEpoch, BigInt(randomness)]);\n\tconst Z = toPaddedBigEndianBytes(bigNum, 20);\n\tconst nonce = base64url.encode(Z);\n\tif (nonce.length !== NONCE_LENGTH) {\n\t\tthrow new Error(`Length of nonce ${nonce} (${nonce.length}) is not equal to ${NONCE_LENGTH}`);\n\t}\n\treturn nonce;\n}\n"],
-  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAsB;AACtB,mBAA4B;AAC5B,kBAA0B;AAG1B,sBAA6B;AAC7B,IAAAA,gBAAuC;AAEhC,MAAM,eAAe;AAE5B,SAAS,WAAW,OAAmB;AACtC,QAAM,UAAM,kBAAM,KAAK;AACvB,MAAI,IAAI,WAAW,GAAG;AACrB,WAAO,OAAO,CAAC;AAAA,EAChB;AACA,SAAO,OAAO,KAAK,GAAG,EAAE;AACzB;AAEO,SAAS,qBAAqB;AAEpC,SAAO,OAAO,eAAW,0BAAY,EAAE,CAAC,CAAC;AAC1C;AAEO,SAAS,cAAc,WAAsB,UAAkB,YAA6B;AAClG,QAAM,iBAAiB,WAAW,UAAU,WAAW,CAAC;AACxD,QAAM,mBAAmB,iBAAiB,MAAM;AAChD,QAAM,mBAAmB,iBAAiB,MAAM;AAChD,QAAM,aAAS,8BAAa,CAAC,kBAAkB,kBAAkB,UAAU,OAAO,UAAU,CAAC,CAAC;AAC9F,QAAM,QAAI,sCAAuB,QAAQ,EAAE;AAC3C,QAAM,QAAQ,sBAAU,OAAO,CAAC;AAChC,MAAI,MAAM,WAAW,cAAc;AAClC,UAAM,IAAI,MAAM,mBAAmB,KAAK,KAAK,MAAM,MAAM,qBAAqB,YAAY,EAAE;AAAA,EAC7F;AACA,SAAO;AACR;",
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { toHex } from '@mysten/bcs';\nimport { randomBytes } from '@noble/hashes/utils';\nimport { base64urlnopad } from '@scure/base';\n\nimport type { PublicKey } from '../cryptography/publickey.js';\nimport { poseidonHash } from './poseidon.js';\nimport { toPaddedBigEndianBytes } from './utils.js';\n\nexport const NONCE_LENGTH = 27;\n\nfunction toBigIntBE(bytes: Uint8Array) {\n\tconst hex = toHex(bytes);\n\tif (hex.length === 0) {\n\t\treturn BigInt(0);\n\t}\n\treturn BigInt(`0x${hex}`);\n}\n\nexport function generateRandomness() {\n\t// Once Node 20 enters LTS, we can just use crypto.getRandomValues(new Uint8Array(16)), but until then we use `randomBytes` to improve compatibility:\n\treturn String(toBigIntBE(randomBytes(16)));\n}\n\nexport function generateNonce(publicKey: PublicKey, maxEpoch: number, randomness: bigint | string) {\n\tconst publicKeyBytes = toBigIntBE(publicKey.toSuiBytes());\n\tconst eph_public_key_0 = publicKeyBytes / 2n ** 128n;\n\tconst eph_public_key_1 = publicKeyBytes % 2n ** 128n;\n\tconst bigNum = poseidonHash([eph_public_key_0, eph_public_key_1, maxEpoch, BigInt(randomness)]);\n\tconst Z = toPaddedBigEndianBytes(bigNum, 20);\n\tconst nonce = base64urlnopad.encode(Z);\n\n\tif (nonce.length !== NONCE_LENGTH) {\n\t\tthrow new Error(`Length of nonce ${nonce} (${nonce.length}) is not equal to ${NONCE_LENGTH}`);\n\t}\n\treturn nonce;\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAsB;AACtB,mBAA4B;AAC5B,kBAA+B;AAG/B,sBAA6B;AAC7B,IAAAA,gBAAuC;AAEhC,MAAM,eAAe;AAE5B,SAAS,WAAW,OAAmB;AACtC,QAAM,UAAM,kBAAM,KAAK;AACvB,MAAI,IAAI,WAAW,GAAG;AACrB,WAAO,OAAO,CAAC;AAAA,EAChB;AACA,SAAO,OAAO,KAAK,GAAG,EAAE;AACzB;AAEO,SAAS,qBAAqB;AAEpC,SAAO,OAAO,eAAW,0BAAY,EAAE,CAAC,CAAC;AAC1C;AAEO,SAAS,cAAc,WAAsB,UAAkB,YAA6B;AAClG,QAAM,iBAAiB,WAAW,UAAU,WAAW,CAAC;AACxD,QAAM,mBAAmB,iBAAiB,MAAM;AAChD,QAAM,mBAAmB,iBAAiB,MAAM;AAChD,QAAM,aAAS,8BAAa,CAAC,kBAAkB,kBAAkB,UAAU,OAAO,UAAU,CAAC,CAAC;AAC9F,QAAM,QAAI,sCAAuB,QAAQ,EAAE;AAC3C,QAAM,QAAQ,2BAAe,OAAO,CAAC;AAErC,MAAI,MAAM,WAAW,cAAc;AAClC,UAAM,IAAI,MAAM,mBAAmB,KAAK,KAAK,MAAM,MAAM,qBAAqB,YAAY,EAAE;AAAA,EAC7F;AACA,SAAO;AACR;",
   "names": ["import_utils"]
 }

package/dist/cjs/zklogin/publickey.d.ts

@@ -1,6 +1,7 @@
 import { PublicKey } from '../cryptography/publickey.js';
 import type { PublicKeyInitData } from '../cryptography/publickey.js';
 import { SuiGraphQLClient } from '../graphql/client.js';
+import type { ZkLoginSignatureInputs } from './bcs.js';
 /**
  * A zkLogin public identifier
  */
@@ -13,6 +14,7 @@ export declare class ZkLoginPublicIdentifier extends PublicKey {
     constructor(value: PublicKeyInitData, { client }?: {
         client?: SuiGraphQLClient;
     });
+    static fromProof(address: string, proof: ZkLoginSignatureInputs): ZkLoginPublicIdentifier;
     /**
      * Checks if two zkLogin public identifiers are equal
      */

package/dist/cjs/zklogin/publickey.js

@@ -67,6 +67,23 @@ const _ZkLoginPublicIdentifier = class _ZkLoginPublicIdentifier extends import_p
       __privateSet(this, _data, normalizeZkLoginPublicKeyBytes(__privateGet(this, _data)));
     }
   }
+  static fromProof(address, proof) {
+    const { issBase64Details, addressSeed } = proof;
+    const iss = (0, import_jwt_utils.extractClaimValue)(issBase64Details, "iss");
+    const legacyPublicKey = toZkLoginPublicIdentifier(BigInt(addressSeed), iss, {
+      legacyAddress: true
+    });
+    if (legacyPublicKey.toSuiAddress() === address) {
+      return legacyPublicKey;
+    }
+    const publicKey = toZkLoginPublicIdentifier(BigInt(addressSeed), iss, {
+      legacyAddress: false
+    });
+    if (publicKey.toSuiAddress() !== address) {
+      throw new Error("Proof does not match address");
+    }
+    return publicKey;
+  }
   /**
    * Checks if two zkLogin public identifiers are equal
    */
@@ -148,7 +165,7 @@ toLegacyAddress_fn = function() {
 let ZkLoginPublicIdentifier = _ZkLoginPublicIdentifier;
 function toZkLoginPublicIdentifier(addressSeed, iss, options) {
   const addressSeedBytesBigEndian = options?.legacyAddress ? (0, import_utils2.toBigEndianBytes)(addressSeed, 32) : (0, import_utils2.toPaddedBigEndianBytes)(addressSeed, 32);
-  const issBytes = new TextEncoder().encode(iss);
+  const issBytes = new TextEncoder().encode((0, import_utils2.normalizeZkLoginIssuer)(iss));
   const tmp = new Uint8Array(1 + issBytes.length + addressSeedBytesBigEndian.length);
   tmp.set([issBytes.length], 0);
   tmp.set(issBytes, 1);

package/dist/cjs/zklogin/publickey.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../src/zklogin/publickey.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromBase64, toBase64, toHex } from '@mysten/bcs';\nimport { blake2b } from '@noble/hashes/blake2b';\nimport { bytesToHex } from '@noble/hashes/utils';\n\nimport { PublicKey } from '../cryptography/publickey.js';\nimport type { PublicKeyInitData } from '../cryptography/publickey.js';\nimport { SIGNATURE_SCHEME_TO_FLAG } from '../cryptography/signature-scheme.js';\nimport { SuiGraphQLClient } from '../graphql/client.js';\nimport { graphql } from '../graphql/schemas/latest/index.js';\nimport { normalizeSuiAddress, SUI_ADDRESS_LENGTH } from '../utils/sui-types.js';\nimport { extractClaimValue } from './jwt-utils.js';\nimport { parseZkLoginSignature } from './signature.js';\nimport { toBigEndianBytes, toPaddedBigEndianBytes } from './utils.js';\n\n/**\n * A zkLogin public identifier\n */\nexport class ZkLoginPublicIdentifier extends PublicKey {\n\t#data: Uint8Array;\n\t#client?: SuiGraphQLClient;\n\t#legacyAddress: boolean;\n\n\t/**\n\t * Create a new ZkLoginPublicIdentifier object\n\t * @param value zkLogin public identifier as buffer or base-64 encoded string\n\t */\n\tconstructor(value: PublicKeyInitData, { client }: { client?: SuiGraphQLClient } = {}) {\n\t\tsuper();\n\n\t\tthis.#client = client;\n\n\t\tif (typeof value === 'string') {\n\t\t\tthis.#data = fromBase64(value);\n\t\t} else if (value instanceof Uint8Array) {\n\t\t\tthis.#data = value;\n\t\t} else {\n\t\t\tthis.#data = Uint8Array.from(value);\n\t\t}\n\t\tthis.#legacyAddress = this.#data.length !== this.#data[0] + 1 + 32;\n\n\t\tif (this.#legacyAddress) {\n\t\t\tthis.#data = normalizeZkLoginPublicKeyBytes(this.#data);\n\t\t}\n\t}\n\n\t/**\n\t * Checks if two zkLogin public identifiers are equal\n\t */\n\toverride equals(publicKey: ZkLoginPublicIdentifier): boolean {\n\t\treturn super.equals(publicKey);\n\t}\n\n\toverride toSuiAddress(): string {\n\t\tif (this.#legacyAddress) {\n\t\t\treturn this.#toLegacyAddress();\n\t\t}\n\n\t\treturn super.toSuiAddress();\n\t}\n\n\t#toLegacyAddress() {\n\t\tconst legacyBytes = normalizeZkLoginPublicKeyBytes(this.#data, true);\n\t\tconst addressBytes = new Uint8Array(legacyBytes.length + 1);\n\t\taddressBytes[0] = this.flag();\n\t\taddressBytes.set(legacyBytes, 1);\n\t\treturn normalizeSuiAddress(\n\t\t\tbytesToHex(blake2b(addressBytes, { dkLen: 32 })).slice(0, SUI_ADDRESS_LENGTH * 2),\n\t\t);\n\t}\n\n\t/**\n\t * Return the byte array representation of the zkLogin public identifier\n\t */\n\ttoRawBytes(): Uint8Array {\n\t\treturn this.#data;\n\t}\n\n\t/**\n\t * Return the Sui address associated with this ZkLogin public identifier\n\t */\n\tflag(): number {\n\t\treturn SIGNATURE_SCHEME_TO_FLAG['ZkLogin'];\n\t}\n\n\t/**\n\t * Verifies that the signature is valid for for the provided message\n\t */\n\tasync verify(_message: Uint8Array, _signature: Uint8Array | string): Promise<boolean> {\n\t\tthrow Error('does not support');\n\t}\n\n\t/**\n\t * Verifies that the signature is valid for for the provided PersonalMessage\n\t */\n\tverifyPersonalMessage(message: Uint8Array, signature: Uint8Array | string): Promise<boolean> {\n\t\tconst parsedSignature = parseSerializedZkLoginSignature(signature);\n\t\tconst address = new ZkLoginPublicIdentifier(parsedSignature.publicKey).toSuiAddress();\n\n\t\treturn graphqlVerifyZkLoginSignature({\n\t\t\taddress: address,\n\t\t\tbytes: toBase64(message),\n\t\t\tsignature: parsedSignature.serializedSignature,\n\t\t\tintentScope: 'PERSONAL_MESSAGE',\n\t\t\tclient: this.#client,\n\t\t});\n\t}\n\n\t/**\n\t * Verifies that the signature is valid for for the provided Transaction\n\t */\n\tverifyTransaction(transaction: Uint8Array, signature: Uint8Array | string): Promise<boolean> {\n\t\tconst parsedSignature = parseSerializedZkLoginSignature(signature);\n\t\tconst address = new ZkLoginPublicIdentifier(parsedSignature.publicKey).toSuiAddress();\n\t\treturn graphqlVerifyZkLoginSignature({\n\t\t\taddress: address,\n\t\t\tbytes: toBase64(transaction),\n\t\t\tsignature: parsedSignature.serializedSignature,\n\t\t\tintentScope: 'TRANSACTION_DATA',\n\t\t\tclient: this.#client,\n\t\t});\n\t}\n\n\t/**\n\t * Verifies that the public key is associated with the provided address\n\t */\n\toverride verifyAddress(address: string): boolean {\n\t\treturn address === super.toSuiAddress() || address === this.#toLegacyAddress();\n\t}\n}\n\n// Derive the public identifier for zklogin based on address seed and iss.\nexport function toZkLoginPublicIdentifier(\n\taddressSeed: bigint,\n\tiss: string,\n\toptions?: { client?: SuiGraphQLClient; legacyAddress?: boolean },\n): ZkLoginPublicIdentifier {\n\t// Consists of iss_bytes_len || iss_bytes || padded_32_byte_address_seed.\n\tconst addressSeedBytesBigEndian = options?.legacyAddress\n\t\t? toBigEndianBytes(addressSeed, 32)\n\t\t: toPaddedBigEndianBytes(addressSeed, 32);\n\n\tconst issBytes = new TextEncoder().encode(iss);\n\tconst tmp = new Uint8Array(1 + issBytes.length + addressSeedBytesBigEndian.length);\n\ttmp.set([issBytes.length], 0);\n\ttmp.set(issBytes, 1);\n\ttmp.set(addressSeedBytesBigEndian, 1 + issBytes.length);\n\treturn new ZkLoginPublicIdentifier(tmp, options);\n}\n\nconst VerifyZkLoginSignatureQuery = graphql(`\n\tquery Zklogin(\n\t\t$bytes: Base64!\n\t\t$signature: Base64!\n\t\t$intentScope: ZkLoginIntentScope!\n\t\t$author: SuiAddress!\n\t) {\n\t\tverifyZkloginSignature(\n\t\t\tbytes: $bytes\n\t\t\tsignature: $signature\n\t\t\tintentScope: $intentScope\n\t\t\tauthor: $author\n\t\t) {\n\t\t\tsuccess\n\t\t\terrors\n\t\t}\n\t}\n`);\n\nfunction normalizeZkLoginPublicKeyBytes(bytes: Uint8Array, legacyAddress = false) {\n\tconst issByteLength = bytes[0] + 1;\n\tconst addressSeed = BigInt(`0x${toHex(bytes.slice(issByteLength))}`);\n\tconst seedBytes = legacyAddress\n\t\t? toBigEndianBytes(addressSeed, 32)\n\t\t: toPaddedBigEndianBytes(addressSeed, 32);\n\tconst data = new Uint8Array(issByteLength + seedBytes.length);\n\tdata.set(bytes.slice(0, issByteLength), 0);\n\tdata.set(seedBytes, issByteLength);\n\treturn data;\n}\n\nasync function graphqlVerifyZkLoginSignature({\n\taddress,\n\tbytes,\n\tsignature,\n\tintentScope,\n\tclient = new SuiGraphQLClient({\n\t\turl: 'https://sui-mainnet.mystenlabs.com/graphql',\n\t}),\n}: {\n\taddress: string;\n\tbytes: string;\n\tsignature: string;\n\tintentScope: 'PERSONAL_MESSAGE' | 'TRANSACTION_DATA';\n\tclient?: SuiGraphQLClient;\n}) {\n\tconst resp = await client.query({\n\t\tquery: VerifyZkLoginSignatureQuery,\n\t\tvariables: {\n\t\t\tbytes,\n\t\t\tsignature,\n\t\t\tintentScope,\n\t\t\tauthor: address,\n\t\t},\n\t});\n\n\treturn (\n\t\tresp.data?.verifyZkloginSignature.success === true &&\n\t\tresp.data?.verifyZkloginSignature.errors.length === 0\n\t);\n}\n\nexport function parseSerializedZkLoginSignature(signature: Uint8Array | string) {\n\tconst bytes = typeof signature === 'string' ? fromBase64(signature) : signature;\n\n\tif (bytes[0] !== SIGNATURE_SCHEME_TO_FLAG.ZkLogin) {\n\t\tthrow new Error('Invalid signature scheme');\n\t}\n\n\tconst signatureBytes = bytes.slice(1);\n\tconst { inputs, maxEpoch, userSignature } = parseZkLoginSignature(signatureBytes);\n\tconst { issBase64Details, addressSeed } = inputs;\n\tconst iss = extractClaimValue<string>(issBase64Details, 'iss');\n\tconst publicIdentifer = toZkLoginPublicIdentifier(BigInt(addressSeed), iss);\n\treturn {\n\t\tserializedSignature: toBase64(bytes),\n\t\tsignatureScheme: 'ZkLogin' as const,\n\t\tzkLogin: {\n\t\t\tinputs,\n\t\t\tmaxEpoch,\n\t\t\tuserSignature,\n\t\t\tiss,\n\t\t\taddressSeed: BigInt(addressSeed),\n\t\t},\n\t\tsignature: bytes,\n\t\tpublicKey: publicIdentifer.toRawBytes(),\n\t};\n}\n"],
-  "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAA4C;AAC5C,qBAAwB;AACxB,mBAA2B;AAE3B,uBAA0B;AAE1B,8BAAyC;AACzC,oBAAiC;AACjC,oBAAwB;AACxB,uBAAwD;AACxD,uBAAkC;AAClC,uBAAsC;AACtC,IAAAA,gBAAyD;AAfzD;AAoBO,MAAM,2BAAN,MAAM,iCAAgC,2BAAU;AAAA;AAAA;AAAA;AAAA;AAAA,EAStD,YAAY,OAA0B,EAAE,OAAO,IAAmC,CAAC,GAAG;AACrF,UAAM;AAVD;AACN;AACA;AACA;AASC,uBAAK,SAAU;AAEf,QAAI,OAAO,UAAU,UAAU;AAC9B,yBAAK,WAAQ,uBAAW,KAAK;AAAA,IAC9B,WAAW,iBAAiB,YAAY;AACvC,yBAAK,OAAQ;AAAA,IACd,OAAO;AACN,yBAAK,OAAQ,WAAW,KAAK,KAAK;AAAA,IACnC;AACA,uBAAK,gBAAiB,mBAAK,OAAM,WAAW,mBAAK,OAAM,CAAC,IAAI,IAAI;AAEhE,QAAI,mBAAK,iBAAgB;AACxB,yBAAK,OAAQ,+BAA+B,mBAAK,MAAK;AAAA,IACvD;AAAA,EACD;AAAA;AAAA;AAAA;AAAA,EAKS,OAAO,WAA6C;AAC5D,WAAO,MAAM,OAAO,SAAS;AAAA,EAC9B;AAAA,EAES,eAAuB;AAC/B,QAAI,mBAAK,iBAAgB;AACxB,aAAO,sBAAK,wDAAL;AAAA,IACR;AAEA,WAAO,MAAM,aAAa;AAAA,EAC3B;AAAA;AAAA;AAAA;AAAA,EAeA,aAAyB;AACxB,WAAO,mBAAK;AAAA,EACb;AAAA;AAAA;AAAA;AAAA,EAKA,OAAe;AACd,WAAO,iDAAyB,SAAS;AAAA,EAC1C;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAO,UAAsB,YAAmD;AACrF,UAAM,MAAM,kBAAkB;AAAA,EAC/B;AAAA;AAAA;AAAA;AAAA,EAKA,sBAAsB,SAAqB,WAAkD;AAC5F,UAAM,kBAAkB,gCAAgC,SAAS;AACjE,UAAM,UAAU,IAAI,yBAAwB,gBAAgB,SAAS,EAAE,aAAa;AAEpF,WAAO,8BAA8B;AAAA,MACpC;AAAA,MACA,WAAO,qBAAS,OAAO;AAAA,MACvB,WAAW,gBAAgB;AAAA,MAC3B,aAAa;AAAA,MACb,QAAQ,mBAAK;AAAA,IACd,CAAC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,kBAAkB,aAAyB,WAAkD;AAC5F,UAAM,kBAAkB,gCAAgC,SAAS;AACjE,UAAM,UAAU,IAAI,yBAAwB,gBAAgB,SAAS,EAAE,aAAa;AACpF,WAAO,8BAA8B;AAAA,MACpC;AAAA,MACA,WAAO,qBAAS,WAAW;AAAA,MAC3B,WAAW,gBAAgB;AAAA,MAC3B,aAAa;AAAA,MACb,QAAQ,mBAAK;AAAA,IACd,CAAC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKS,cAAc,SAA0B;AAChD,WAAO,YAAY,MAAM,aAAa,KAAK,YAAY,sBAAK,wDAAL;AAAA,EACxD;AACD;AA9GC;AACA;AACA;AAHM;AA2CN,qBAAgB,WAAG;AAClB,QAAM,cAAc,+BAA+B,mBAAK,QAAO,IAAI;AACnE,QAAM,eAAe,IAAI,WAAW,YAAY,SAAS,CAAC;AAC1D,eAAa,CAAC,IAAI,KAAK,KAAK;AAC5B,eAAa,IAAI,aAAa,CAAC;AAC/B,aAAO;AAAA,QACN,6BAAW,wBAAQ,cAAc,EAAE,OAAO,GAAG,CAAC,CAAC,EAAE,MAAM,GAAG,sCAAqB,CAAC;AAAA,EACjF;AACD;AAnDM,IAAM,0BAAN;AAkHA,SAAS,0BACf,aACA,KACA,SAC0B;AAE1B,QAAM,4BAA4B,SAAS,oBACxC,gCAAiB,aAAa,EAAE,QAChC,sCAAuB,aAAa,EAAE;AAEzC,QAAM,WAAW,IAAI,YAAY,EAAE,OAAO,GAAG;AAC7C,QAAM,MAAM,IAAI,WAAW,IAAI,SAAS,SAAS,0BAA0B,MAAM;AACjF,MAAI,IAAI,CAAC,SAAS,MAAM,GAAG,CAAC;AAC5B,MAAI,IAAI,UAAU,CAAC;AACnB,MAAI,IAAI,2BAA2B,IAAI,SAAS,MAAM;AACtD,SAAO,IAAI,wBAAwB,KAAK,OAAO;AAChD;AAEA,MAAM,kCAA8B,uBAAQ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,CAiB3C;AAED,SAAS,+BAA+B,OAAmB,gBAAgB,OAAO;AACjF,QAAM,gBAAgB,MAAM,CAAC,IAAI;AACjC,QAAM,cAAc,OAAO,SAAK,kBAAM,MAAM,MAAM,aAAa,CAAC,CAAC,EAAE;AACnE,QAAM,YAAY,oBACf,gCAAiB,aAAa,EAAE,QAChC,sCAAuB,aAAa,EAAE;AACzC,QAAM,OAAO,IAAI,WAAW,gBAAgB,UAAU,MAAM;AAC5D,OAAK,IAAI,MAAM,MAAM,GAAG,aAAa,GAAG,CAAC;AACzC,OAAK,IAAI,WAAW,aAAa;AACjC,SAAO;AACR;AAEA,eAAe,8BAA8B;AAAA,EAC5C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,SAAS,IAAI,+BAAiB;AAAA,IAC7B,KAAK;AAAA,EACN,CAAC;AACF,GAMG;AACF,QAAM,OAAO,MAAM,OAAO,MAAM;AAAA,IAC/B,OAAO;AAAA,IACP,WAAW;AAAA,MACV;AAAA,MACA;AAAA,MACA;AAAA,MACA,QAAQ;AAAA,IACT;AAAA,EACD,CAAC;AAED,SACC,KAAK,MAAM,uBAAuB,YAAY,QAC9C,KAAK,MAAM,uBAAuB,OAAO,WAAW;AAEtD;AAEO,SAAS,gCAAgC,WAAgC;AAC/E,QAAM,QAAQ,OAAO,cAAc,eAAW,uBAAW,SAAS,IAAI;AAEtE,MAAI,MAAM,CAAC,MAAM,iDAAyB,SAAS;AAClD,UAAM,IAAI,MAAM,0BAA0B;AAAA,EAC3C;AAEA,QAAM,iBAAiB,MAAM,MAAM,CAAC;AACpC,QAAM,EAAE,QAAQ,UAAU,cAAc,QAAI,wCAAsB,cAAc;AAChF,QAAM,EAAE,kBAAkB,YAAY,IAAI;AAC1C,QAAM,UAAM,oCAA0B,kBAAkB,KAAK;AAC7D,QAAM,kBAAkB,0BAA0B,OAAO,WAAW,GAAG,GAAG;AAC1E,SAAO;AAAA,IACN,yBAAqB,qBAAS,KAAK;AAAA,IACnC,iBAAiB;AAAA,IACjB,SAAS;AAAA,MACR;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,aAAa,OAAO,WAAW;AAAA,IAChC;AAAA,IACA,WAAW;AAAA,IACX,WAAW,gBAAgB,WAAW;AAAA,EACvC;AACD;",
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromBase64, toBase64, toHex } from '@mysten/bcs';\nimport { blake2b } from '@noble/hashes/blake2b';\nimport { bytesToHex } from '@noble/hashes/utils';\n\nimport { PublicKey } from '../cryptography/publickey.js';\nimport type { PublicKeyInitData } from '../cryptography/publickey.js';\nimport { SIGNATURE_SCHEME_TO_FLAG } from '../cryptography/signature-scheme.js';\nimport { SuiGraphQLClient } from '../graphql/client.js';\nimport { graphql } from '../graphql/schemas/latest/index.js';\nimport { normalizeSuiAddress, SUI_ADDRESS_LENGTH } from '../utils/sui-types.js';\nimport type { ZkLoginSignatureInputs } from './bcs.js';\nimport { extractClaimValue } from './jwt-utils.js';\nimport { parseZkLoginSignature } from './signature.js';\nimport { normalizeZkLoginIssuer, toBigEndianBytes, toPaddedBigEndianBytes } from './utils.js';\n\n/**\n * A zkLogin public identifier\n */\nexport class ZkLoginPublicIdentifier extends PublicKey {\n\t#data: Uint8Array;\n\t#client?: SuiGraphQLClient;\n\t#legacyAddress: boolean;\n\n\t/**\n\t * Create a new ZkLoginPublicIdentifier object\n\t * @param value zkLogin public identifier as buffer or base-64 encoded string\n\t */\n\tconstructor(value: PublicKeyInitData, { client }: { client?: SuiGraphQLClient } = {}) {\n\t\tsuper();\n\n\t\tthis.#client = client;\n\n\t\tif (typeof value === 'string') {\n\t\t\tthis.#data = fromBase64(value);\n\t\t} else if (value instanceof Uint8Array) {\n\t\t\tthis.#data = value;\n\t\t} else {\n\t\t\tthis.#data = Uint8Array.from(value);\n\t\t}\n\t\tthis.#legacyAddress = this.#data.length !== this.#data[0] + 1 + 32;\n\n\t\tif (this.#legacyAddress) {\n\t\t\tthis.#data = normalizeZkLoginPublicKeyBytes(this.#data);\n\t\t}\n\t}\n\n\tstatic fromProof(address: string, proof: ZkLoginSignatureInputs) {\n\t\tconst { issBase64Details, addressSeed } = proof;\n\t\tconst iss = extractClaimValue<string>(issBase64Details, 'iss');\n\n\t\tconst legacyPublicKey = toZkLoginPublicIdentifier(BigInt(addressSeed), iss, {\n\t\t\tlegacyAddress: true,\n\t\t});\n\n\t\tif (legacyPublicKey.toSuiAddress() === address) {\n\t\t\treturn legacyPublicKey;\n\t\t}\n\n\t\tconst publicKey = toZkLoginPublicIdentifier(BigInt(addressSeed), iss, {\n\t\t\tlegacyAddress: false,\n\t\t});\n\n\t\tif (publicKey.toSuiAddress() !== address) {\n\t\t\tthrow new Error('Proof does not match address');\n\t\t}\n\n\t\treturn publicKey;\n\t}\n\n\t/**\n\t * Checks if two zkLogin public identifiers are equal\n\t */\n\toverride equals(publicKey: ZkLoginPublicIdentifier): boolean {\n\t\treturn super.equals(publicKey);\n\t}\n\n\toverride toSuiAddress(): string {\n\t\tif (this.#legacyAddress) {\n\t\t\treturn this.#toLegacyAddress();\n\t\t}\n\n\t\treturn super.toSuiAddress();\n\t}\n\n\t#toLegacyAddress() {\n\t\tconst legacyBytes = normalizeZkLoginPublicKeyBytes(this.#data, true);\n\t\tconst addressBytes = new Uint8Array(legacyBytes.length + 1);\n\t\taddressBytes[0] = this.flag();\n\t\taddressBytes.set(legacyBytes, 1);\n\t\treturn normalizeSuiAddress(\n\t\t\tbytesToHex(blake2b(addressBytes, { dkLen: 32 })).slice(0, SUI_ADDRESS_LENGTH * 2),\n\t\t);\n\t}\n\n\t/**\n\t * Return the byte array representation of the zkLogin public identifier\n\t */\n\ttoRawBytes(): Uint8Array {\n\t\treturn this.#data;\n\t}\n\n\t/**\n\t * Return the Sui address associated with this ZkLogin public identifier\n\t */\n\tflag(): number {\n\t\treturn SIGNATURE_SCHEME_TO_FLAG['ZkLogin'];\n\t}\n\n\t/**\n\t * Verifies that the signature is valid for for the provided message\n\t */\n\tasync verify(_message: Uint8Array, _signature: Uint8Array | string): Promise<boolean> {\n\t\tthrow Error('does not support');\n\t}\n\n\t/**\n\t * Verifies that the signature is valid for for the provided PersonalMessage\n\t */\n\tverifyPersonalMessage(message: Uint8Array, signature: Uint8Array | string): Promise<boolean> {\n\t\tconst parsedSignature = parseSerializedZkLoginSignature(signature);\n\t\tconst address = new ZkLoginPublicIdentifier(parsedSignature.publicKey).toSuiAddress();\n\n\t\treturn graphqlVerifyZkLoginSignature({\n\t\t\taddress: address,\n\t\t\tbytes: toBase64(message),\n\t\t\tsignature: parsedSignature.serializedSignature,\n\t\t\tintentScope: 'PERSONAL_MESSAGE',\n\t\t\tclient: this.#client,\n\t\t});\n\t}\n\n\t/**\n\t * Verifies that the signature is valid for for the provided Transaction\n\t */\n\tverifyTransaction(transaction: Uint8Array, signature: Uint8Array | string): Promise<boolean> {\n\t\tconst parsedSignature = parseSerializedZkLoginSignature(signature);\n\t\tconst address = new ZkLoginPublicIdentifier(parsedSignature.publicKey).toSuiAddress();\n\t\treturn graphqlVerifyZkLoginSignature({\n\t\t\taddress: address,\n\t\t\tbytes: toBase64(transaction),\n\t\t\tsignature: parsedSignature.serializedSignature,\n\t\t\tintentScope: 'TRANSACTION_DATA',\n\t\t\tclient: this.#client,\n\t\t});\n\t}\n\n\t/**\n\t * Verifies that the public key is associated with the provided address\n\t */\n\toverride verifyAddress(address: string): boolean {\n\t\treturn address === super.toSuiAddress() || address === this.#toLegacyAddress();\n\t}\n}\n\n// Derive the public identifier for zklogin based on address seed and iss.\nexport function toZkLoginPublicIdentifier(\n\taddressSeed: bigint,\n\tiss: string,\n\toptions?: { client?: SuiGraphQLClient; legacyAddress?: boolean },\n): ZkLoginPublicIdentifier {\n\t// Consists of iss_bytes_len || iss_bytes || padded_32_byte_address_seed.\n\tconst addressSeedBytesBigEndian = options?.legacyAddress\n\t\t? toBigEndianBytes(addressSeed, 32)\n\t\t: toPaddedBigEndianBytes(addressSeed, 32);\n\n\tconst issBytes = new TextEncoder().encode(normalizeZkLoginIssuer(iss));\n\tconst tmp = new Uint8Array(1 + issBytes.length + addressSeedBytesBigEndian.length);\n\ttmp.set([issBytes.length], 0);\n\ttmp.set(issBytes, 1);\n\ttmp.set(addressSeedBytesBigEndian, 1 + issBytes.length);\n\treturn new ZkLoginPublicIdentifier(tmp, options);\n}\n\nconst VerifyZkLoginSignatureQuery = graphql(`\n\tquery Zklogin(\n\t\t$bytes: Base64!\n\t\t$signature: Base64!\n\t\t$intentScope: ZkLoginIntentScope!\n\t\t$author: SuiAddress!\n\t) {\n\t\tverifyZkloginSignature(\n\t\t\tbytes: $bytes\n\t\t\tsignature: $signature\n\t\t\tintentScope: $intentScope\n\t\t\tauthor: $author\n\t\t) {\n\t\t\tsuccess\n\t\t\terrors\n\t\t}\n\t}\n`);\n\nfunction normalizeZkLoginPublicKeyBytes(bytes: Uint8Array, legacyAddress = false) {\n\tconst issByteLength = bytes[0] + 1;\n\tconst addressSeed = BigInt(`0x${toHex(bytes.slice(issByteLength))}`);\n\tconst seedBytes = legacyAddress\n\t\t? toBigEndianBytes(addressSeed, 32)\n\t\t: toPaddedBigEndianBytes(addressSeed, 32);\n\tconst data = new Uint8Array(issByteLength + seedBytes.length);\n\tdata.set(bytes.slice(0, issByteLength), 0);\n\tdata.set(seedBytes, issByteLength);\n\treturn data;\n}\n\nasync function graphqlVerifyZkLoginSignature({\n\taddress,\n\tbytes,\n\tsignature,\n\tintentScope,\n\tclient = new SuiGraphQLClient({\n\t\turl: 'https://sui-mainnet.mystenlabs.com/graphql',\n\t}),\n}: {\n\taddress: string;\n\tbytes: string;\n\tsignature: string;\n\tintentScope: 'PERSONAL_MESSAGE' | 'TRANSACTION_DATA';\n\tclient?: SuiGraphQLClient;\n}) {\n\tconst resp = await client.query({\n\t\tquery: VerifyZkLoginSignatureQuery,\n\t\tvariables: {\n\t\t\tbytes,\n\t\t\tsignature,\n\t\t\tintentScope,\n\t\t\tauthor: address,\n\t\t},\n\t});\n\n\treturn (\n\t\tresp.data?.verifyZkloginSignature.success === true &&\n\t\tresp.data?.verifyZkloginSignature.errors.length === 0\n\t);\n}\n\nexport function parseSerializedZkLoginSignature(signature: Uint8Array | string) {\n\tconst bytes = typeof signature === 'string' ? fromBase64(signature) : signature;\n\n\tif (bytes[0] !== SIGNATURE_SCHEME_TO_FLAG.ZkLogin) {\n\t\tthrow new Error('Invalid signature scheme');\n\t}\n\n\tconst signatureBytes = bytes.slice(1);\n\tconst { inputs, maxEpoch, userSignature } = parseZkLoginSignature(signatureBytes);\n\tconst { issBase64Details, addressSeed } = inputs;\n\tconst iss = extractClaimValue<string>(issBase64Details, 'iss');\n\tconst publicIdentifer = toZkLoginPublicIdentifier(BigInt(addressSeed), iss);\n\treturn {\n\t\tserializedSignature: toBase64(bytes),\n\t\tsignatureScheme: 'ZkLogin' as const,\n\t\tzkLogin: {\n\t\t\tinputs,\n\t\t\tmaxEpoch,\n\t\t\tuserSignature,\n\t\t\tiss,\n\t\t\taddressSeed: BigInt(addressSeed),\n\t\t},\n\t\tsignature: bytes,\n\t\tpublicKey: publicIdentifer.toRawBytes(),\n\t};\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAA4C;AAC5C,qBAAwB;AACxB,mBAA2B;AAE3B,uBAA0B;AAE1B,8BAAyC;AACzC,oBAAiC;AACjC,oBAAwB;AACxB,uBAAwD;AAExD,uBAAkC;AAClC,uBAAsC;AACtC,IAAAA,gBAAiF;AAhBjF;AAqBO,MAAM,2BAAN,MAAM,iCAAgC,2BAAU;AAAA;AAAA;AAAA;AAAA;AAAA,EAStD,YAAY,OAA0B,EAAE,OAAO,IAAmC,CAAC,GAAG;AACrF,UAAM;AAVD;AACN;AACA;AACA;AASC,uBAAK,SAAU;AAEf,QAAI,OAAO,UAAU,UAAU;AAC9B,yBAAK,WAAQ,uBAAW,KAAK;AAAA,IAC9B,WAAW,iBAAiB,YAAY;AACvC,yBAAK,OAAQ;AAAA,IACd,OAAO;AACN,yBAAK,OAAQ,WAAW,KAAK,KAAK;AAAA,IACnC;AACA,uBAAK,gBAAiB,mBAAK,OAAM,WAAW,mBAAK,OAAM,CAAC,IAAI,IAAI;AAEhE,QAAI,mBAAK,iBAAgB;AACxB,yBAAK,OAAQ,+BAA+B,mBAAK,MAAK;AAAA,IACvD;AAAA,EACD;AAAA,EAEA,OAAO,UAAU,SAAiB,OAA+B;AAChE,UAAM,EAAE,kBAAkB,YAAY,IAAI;AAC1C,UAAM,UAAM,oCAA0B,kBAAkB,KAAK;AAE7D,UAAM,kBAAkB,0BAA0B,OAAO,WAAW,GAAG,KAAK;AAAA,MAC3E,eAAe;AAAA,IAChB,CAAC;AAED,QAAI,gBAAgB,aAAa,MAAM,SAAS;AAC/C,aAAO;AAAA,IACR;AAEA,UAAM,YAAY,0BAA0B,OAAO,WAAW,GAAG,KAAK;AAAA,MACrE,eAAe;AAAA,IAChB,CAAC;AAED,QAAI,UAAU,aAAa,MAAM,SAAS;AACzC,YAAM,IAAI,MAAM,8BAA8B;AAAA,IAC/C;AAEA,WAAO;AAAA,EACR;AAAA;AAAA;AAAA;AAAA,EAKS,OAAO,WAA6C;AAC5D,WAAO,MAAM,OAAO,SAAS;AAAA,EAC9B;AAAA,EAES,eAAuB;AAC/B,QAAI,mBAAK,iBAAgB;AACxB,aAAO,sBAAK,wDAAL;AAAA,IACR;AAEA,WAAO,MAAM,aAAa;AAAA,EAC3B;AAAA;AAAA;AAAA;AAAA,EAeA,aAAyB;AACxB,WAAO,mBAAK;AAAA,EACb;AAAA;AAAA;AAAA;AAAA,EAKA,OAAe;AACd,WAAO,iDAAyB,SAAS;AAAA,EAC1C;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAO,UAAsB,YAAmD;AACrF,UAAM,MAAM,kBAAkB;AAAA,EAC/B;AAAA;AAAA;AAAA;AAAA,EAKA,sBAAsB,SAAqB,WAAkD;AAC5F,UAAM,kBAAkB,gCAAgC,SAAS;AACjE,UAAM,UAAU,IAAI,yBAAwB,gBAAgB,SAAS,EAAE,aAAa;AAEpF,WAAO,8BAA8B;AAAA,MACpC;AAAA,MACA,WAAO,qBAAS,OAAO;AAAA,MACvB,WAAW,gBAAgB;AAAA,MAC3B,aAAa;AAAA,MACb,QAAQ,mBAAK;AAAA,IACd,CAAC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,kBAAkB,aAAyB,WAAkD;AAC5F,UAAM,kBAAkB,gCAAgC,SAAS;AACjE,UAAM,UAAU,IAAI,yBAAwB,gBAAgB,SAAS,EAAE,aAAa;AACpF,WAAO,8BAA8B;AAAA,MACpC;AAAA,MACA,WAAO,qBAAS,WAAW;AAAA,MAC3B,WAAW,gBAAgB;AAAA,MAC3B,aAAa;AAAA,MACb,QAAQ,mBAAK;AAAA,IACd,CAAC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKS,cAAc,SAA0B;AAChD,WAAO,YAAY,MAAM,aAAa,KAAK,YAAY,sBAAK,wDAAL;AAAA,EACxD;AACD;AArIC;AACA;AACA;AAHM;AAkEN,qBAAgB,WAAG;AAClB,QAAM,cAAc,+BAA+B,mBAAK,QAAO,IAAI;AACnE,QAAM,eAAe,IAAI,WAAW,YAAY,SAAS,CAAC;AAC1D,eAAa,CAAC,IAAI,KAAK,KAAK;AAC5B,eAAa,IAAI,aAAa,CAAC;AAC/B,aAAO;AAAA,QACN,6BAAW,wBAAQ,cAAc,EAAE,OAAO,GAAG,CAAC,CAAC,EAAE,MAAM,GAAG,sCAAqB,CAAC;AAAA,EACjF;AACD;AA1EM,IAAM,0BAAN;AAyIA,SAAS,0BACf,aACA,KACA,SAC0B;AAE1B,QAAM,4BAA4B,SAAS,oBACxC,gCAAiB,aAAa,EAAE,QAChC,sCAAuB,aAAa,EAAE;AAEzC,QAAM,WAAW,IAAI,YAAY,EAAE,WAAO,sCAAuB,GAAG,CAAC;AACrE,QAAM,MAAM,IAAI,WAAW,IAAI,SAAS,SAAS,0BAA0B,MAAM;AACjF,MAAI,IAAI,CAAC,SAAS,MAAM,GAAG,CAAC;AAC5B,MAAI,IAAI,UAAU,CAAC;AACnB,MAAI,IAAI,2BAA2B,IAAI,SAAS,MAAM;AACtD,SAAO,IAAI,wBAAwB,KAAK,OAAO;AAChD;AAEA,MAAM,kCAA8B,uBAAQ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,CAiB3C;AAED,SAAS,+BAA+B,OAAmB,gBAAgB,OAAO;AACjF,QAAM,gBAAgB,MAAM,CAAC,IAAI;AACjC,QAAM,cAAc,OAAO,SAAK,kBAAM,MAAM,MAAM,aAAa,CAAC,CAAC,EAAE;AACnE,QAAM,YAAY,oBACf,gCAAiB,aAAa,EAAE,QAChC,sCAAuB,aAAa,EAAE;AACzC,QAAM,OAAO,IAAI,WAAW,gBAAgB,UAAU,MAAM;AAC5D,OAAK,IAAI,MAAM,MAAM,GAAG,aAAa,GAAG,CAAC;AACzC,OAAK,IAAI,WAAW,aAAa;AACjC,SAAO;AACR;AAEA,eAAe,8BAA8B;AAAA,EAC5C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,SAAS,IAAI,+BAAiB;AAAA,IAC7B,KAAK;AAAA,EACN,CAAC;AACF,GAMG;AACF,QAAM,OAAO,MAAM,OAAO,MAAM;AAAA,IAC/B,OAAO;AAAA,IACP,WAAW;AAAA,MACV;AAAA,MACA;AAAA,MACA;AAAA,MACA,QAAQ;AAAA,IACT;AAAA,EACD,CAAC;AAED,SACC,KAAK,MAAM,uBAAuB,YAAY,QAC9C,KAAK,MAAM,uBAAuB,OAAO,WAAW;AAEtD;AAEO,SAAS,gCAAgC,WAAgC;AAC/E,QAAM,QAAQ,OAAO,cAAc,eAAW,uBAAW,SAAS,IAAI;AAEtE,MAAI,MAAM,CAAC,MAAM,iDAAyB,SAAS;AAClD,UAAM,IAAI,MAAM,0BAA0B;AAAA,EAC3C;AAEA,QAAM,iBAAiB,MAAM,MAAM,CAAC;AACpC,QAAM,EAAE,QAAQ,UAAU,cAAc,QAAI,wCAAsB,cAAc;AAChF,QAAM,EAAE,kBAAkB,YAAY,IAAI;AAC1C,QAAM,UAAM,oCAA0B,kBAAkB,KAAK;AAC7D,QAAM,kBAAkB,0BAA0B,OAAO,WAAW,GAAG,GAAG;AAC1E,SAAO;AAAA,IACN,yBAAqB,qBAAS,KAAK;AAAA,IACnC,iBAAiB;AAAA,IACjB,SAAS;AAAA,MACR;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,aAAa,OAAO,WAAW;AAAA,IAChC;AAAA,IACA,WAAW;AAAA,IACX,WAAW,gBAAgB,WAAW;AAAA,EACvC;AACD;",
   "names": ["import_utils"]
 }

package/dist/cjs/zklogin/utils.d.ts

@@ -13,3 +13,4 @@ export declare function getExtendedEphemeralPublicKey(publicKey: PublicKey): str
 export declare function chunkArray<T>(array: T[], chunk_size: number): T[][];
 export declare function hashASCIIStrToField(str: string, maxSize: number): bigint;
 export declare function genAddressSeed(salt: string | bigint, name: string, value: string, aud: string, max_name_length?: number, max_value_length?: number, max_aud_length?: number): bigint;
+export declare function normalizeZkLoginIssuer(iss: string): string;

package/dist/cjs/zklogin/utils.js

@@ -22,6 +22,7 @@ __export(utils_exports, {
   genAddressSeed: () => genAddressSeed,
   getExtendedEphemeralPublicKey: () => getExtendedEphemeralPublicKey,
   hashASCIIStrToField: () => hashASCIIStrToField,
+  normalizeZkLoginIssuer: () => normalizeZkLoginIssuer,
   toBigEndianBytes: () => toBigEndianBytes,
   toPaddedBigEndianBytes: () => toPaddedBigEndianBytes
 });
@@ -87,4 +88,10 @@ function genAddressSeed(salt, name, value, aud, max_name_length = MAX_KEY_CLAIM_
     (0, import_poseidon.poseidonHash)([BigInt(salt)])
   ]);
 }
+function normalizeZkLoginIssuer(iss) {
+  if (iss === "accounts.google.com") {
+    return "https://accounts.google.com";
+  }
+  return iss;
+}
 //# sourceMappingURL=utils.js.map

package/dist/cjs/zklogin/utils.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../src/zklogin/utils.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { hexToBytes } from '@noble/hashes/utils';\n\nimport type { PublicKey } from '../cryptography/publickey.js';\nimport { poseidonHash } from './poseidon.js';\n\nconst MAX_KEY_CLAIM_NAME_LENGTH = 32;\nconst MAX_KEY_CLAIM_VALUE_LENGTH = 115;\nconst MAX_AUD_VALUE_LENGTH = 145;\nconst PACK_WIDTH = 248;\n\nfunction findFirstNonZeroIndex(bytes: Uint8Array) {\n\tfor (let i = 0; i < bytes.length; i++) {\n\t\tif (bytes[i] !== 0) {\n\t\t\treturn i;\n\t\t}\n\t}\n\n\treturn -1;\n}\n\n// Derive bytearray from num where the bytearray is padded to the left with 0s to the specified width.\nexport function toPaddedBigEndianBytes(num: bigint, width: number): Uint8Array {\n\tconst hex = num.toString(16);\n\treturn hexToBytes(hex.padStart(width * 2, '0').slice(-width * 2));\n}\n\n// Derive bytearray from num where the bytearray is not padded with 0.\nexport function toBigEndianBytes(num: bigint, width: number): Uint8Array {\n\tconst bytes = toPaddedBigEndianBytes(num, width);\n\n\tconst firstNonZeroIndex = findFirstNonZeroIndex(bytes);\n\n\tif (firstNonZeroIndex === -1) {\n\t\treturn new Uint8Array([0]);\n\t}\n\n\treturn bytes.slice(firstNonZeroIndex);\n}\n\nexport function getExtendedEphemeralPublicKey(publicKey: PublicKey) {\n\treturn publicKey.toSuiPublicKey();\n}\n\n/**\n * Splits an array into chunks of size chunk_size. If the array is not evenly\n * divisible by chunk_size, the first chunk will be smaller than chunk_size.\n *\n * E.g., arrayChunk([1, 2, 3, 4, 5], 2) => [[1], [2, 3], [4, 5]]\n *\n * Note: Can be made more efficient by avoiding the reverse() calls.\n */\nexport function chunkArray<T>(array: T[], chunk_size: number): T[][] {\n\tconst chunks = Array(Math.ceil(array.length / chunk_size));\n\tconst revArray = array.reverse();\n\tfor (let i = 0; i < chunks.length; i++) {\n\t\tchunks[i] = revArray.slice(i * chunk_size, (i + 1) * chunk_size).reverse();\n\t}\n\treturn chunks.reverse();\n}\n\nfunction bytesBEToBigInt(bytes: number[]): bigint {\n\tconst hex = bytes.map((b) => b.toString(16).padStart(2, '0')).join('');\n\tif (hex.length === 0) {\n\t\treturn BigInt(0);\n\t}\n\treturn BigInt('0x' + hex);\n}\n\n// hashes an ASCII string to a field element\nexport function hashASCIIStrToField(str: string, maxSize: number) {\n\tif (str.length > maxSize) {\n\t\tthrow new Error(`String ${str} is longer than ${maxSize} chars`);\n\t}\n\n\t// Note: Padding with zeroes is safe because we are only using this function to map human-readable sequence of bytes.\n\t// So the ASCII values of those characters will never be zero (null character).\n\tconst strPadded = str\n\t\t.padEnd(maxSize, String.fromCharCode(0))\n\t\t.split('')\n\t\t.map((c) => c.charCodeAt(0));\n\n\tconst chunkSize = PACK_WIDTH / 8;\n\tconst packed = chunkArray(strPadded, chunkSize).map((chunk) => bytesBEToBigInt(chunk));\n\treturn poseidonHash(packed);\n}\n\nexport function genAddressSeed(\n\tsalt: string | bigint,\n\tname: string,\n\tvalue: string,\n\taud: string,\n\tmax_name_length = MAX_KEY_CLAIM_NAME_LENGTH,\n\tmax_value_length = MAX_KEY_CLAIM_VALUE_LENGTH,\n\tmax_aud_length = MAX_AUD_VALUE_LENGTH,\n): bigint {\n\treturn poseidonHash([\n\t\thashASCIIStrToField(name, max_name_length),\n\t\thashASCIIStrToField(value, max_value_length),\n\t\thashASCIIStrToField(aud, max_aud_length),\n\t\tposeidonHash([BigInt(salt)]),\n\t]);\n}\n"],
-  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,mBAA2B;AAG3B,sBAA6B;AAE7B,MAAM,4BAA4B;AAClC,MAAM,6BAA6B;AACnC,MAAM,uBAAuB;AAC7B,MAAM,aAAa;AAEnB,SAAS,sBAAsB,OAAmB;AACjD,WAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACtC,QAAI,MAAM,CAAC,MAAM,GAAG;AACnB,aAAO;AAAA,IACR;AAAA,EACD;AAEA,SAAO;AACR;AAGO,SAAS,uBAAuB,KAAa,OAA2B;AAC9E,QAAM,MAAM,IAAI,SAAS,EAAE;AAC3B,aAAO,yBAAW,IAAI,SAAS,QAAQ,GAAG,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;AACjE;AAGO,SAAS,iBAAiB,KAAa,OAA2B;AACxE,QAAM,QAAQ,uBAAuB,KAAK,KAAK;AAE/C,QAAM,oBAAoB,sBAAsB,KAAK;AAErD,MAAI,sBAAsB,IAAI;AAC7B,WAAO,IAAI,WAAW,CAAC,CAAC,CAAC;AAAA,EAC1B;AAEA,SAAO,MAAM,MAAM,iBAAiB;AACrC;AAEO,SAAS,8BAA8B,WAAsB;AACnE,SAAO,UAAU,eAAe;AACjC;AAUO,SAAS,WAAc,OAAY,YAA2B;AACpE,QAAM,SAAS,MAAM,KAAK,KAAK,MAAM,SAAS,UAAU,CAAC;AACzD,QAAM,WAAW,MAAM,QAAQ;AAC/B,WAAS,IAAI,GAAG,IAAI,OAAO,QAAQ,KAAK;AACvC,WAAO,CAAC,IAAI,SAAS,MAAM,IAAI,aAAa,IAAI,KAAK,UAAU,EAAE,QAAQ;AAAA,EAC1E;AACA,SAAO,OAAO,QAAQ;AACvB;AAEA,SAAS,gBAAgB,OAAyB;AACjD,QAAM,MAAM,MAAM,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAAE,KAAK,EAAE;AACrE,MAAI,IAAI,WAAW,GAAG;AACrB,WAAO,OAAO,CAAC;AAAA,EAChB;AACA,SAAO,OAAO,OAAO,GAAG;AACzB;AAGO,SAAS,oBAAoB,KAAa,SAAiB;AACjE,MAAI,IAAI,SAAS,SAAS;AACzB,UAAM,IAAI,MAAM,UAAU,GAAG,mBAAmB,OAAO,QAAQ;AAAA,EAChE;AAIA,QAAM,YAAY,IAChB,OAAO,SAAS,OAAO,aAAa,CAAC,CAAC,EACtC,MAAM,EAAE,EACR,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;AAE5B,QAAM,YAAY,aAAa;AAC/B,QAAM,SAAS,WAAW,WAAW,SAAS,EAAE,IAAI,CAAC,UAAU,gBAAgB,KAAK,CAAC;AACrF,aAAO,8BAAa,MAAM;AAC3B;AAEO,SAAS,eACf,MACA,MACA,OACA,KACA,kBAAkB,2BAClB,mBAAmB,4BACnB,iBAAiB,sBACR;AACT,aAAO,8BAAa;AAAA,IACnB,oBAAoB,MAAM,eAAe;AAAA,IACzC,oBAAoB,OAAO,gBAAgB;AAAA,IAC3C,oBAAoB,KAAK,cAAc;AAAA,QACvC,8BAAa,CAAC,OAAO,IAAI,CAAC,CAAC;AAAA,EAC5B,CAAC;AACF;",
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { hexToBytes } from '@noble/hashes/utils';\n\nimport type { PublicKey } from '../cryptography/publickey.js';\nimport { poseidonHash } from './poseidon.js';\n\nconst MAX_KEY_CLAIM_NAME_LENGTH = 32;\nconst MAX_KEY_CLAIM_VALUE_LENGTH = 115;\nconst MAX_AUD_VALUE_LENGTH = 145;\nconst PACK_WIDTH = 248;\n\nfunction findFirstNonZeroIndex(bytes: Uint8Array) {\n\tfor (let i = 0; i < bytes.length; i++) {\n\t\tif (bytes[i] !== 0) {\n\t\t\treturn i;\n\t\t}\n\t}\n\n\treturn -1;\n}\n\n// Derive bytearray from num where the bytearray is padded to the left with 0s to the specified width.\nexport function toPaddedBigEndianBytes(num: bigint, width: number): Uint8Array {\n\tconst hex = num.toString(16);\n\treturn hexToBytes(hex.padStart(width * 2, '0').slice(-width * 2));\n}\n\n// Derive bytearray from num where the bytearray is not padded with 0.\nexport function toBigEndianBytes(num: bigint, width: number): Uint8Array {\n\tconst bytes = toPaddedBigEndianBytes(num, width);\n\n\tconst firstNonZeroIndex = findFirstNonZeroIndex(bytes);\n\n\tif (firstNonZeroIndex === -1) {\n\t\treturn new Uint8Array([0]);\n\t}\n\n\treturn bytes.slice(firstNonZeroIndex);\n}\n\nexport function getExtendedEphemeralPublicKey(publicKey: PublicKey) {\n\treturn publicKey.toSuiPublicKey();\n}\n\n/**\n * Splits an array into chunks of size chunk_size. If the array is not evenly\n * divisible by chunk_size, the first chunk will be smaller than chunk_size.\n *\n * E.g., arrayChunk([1, 2, 3, 4, 5], 2) => [[1], [2, 3], [4, 5]]\n *\n * Note: Can be made more efficient by avoiding the reverse() calls.\n */\nexport function chunkArray<T>(array: T[], chunk_size: number): T[][] {\n\tconst chunks = Array(Math.ceil(array.length / chunk_size));\n\tconst revArray = array.reverse();\n\tfor (let i = 0; i < chunks.length; i++) {\n\t\tchunks[i] = revArray.slice(i * chunk_size, (i + 1) * chunk_size).reverse();\n\t}\n\treturn chunks.reverse();\n}\n\nfunction bytesBEToBigInt(bytes: number[]): bigint {\n\tconst hex = bytes.map((b) => b.toString(16).padStart(2, '0')).join('');\n\tif (hex.length === 0) {\n\t\treturn BigInt(0);\n\t}\n\treturn BigInt('0x' + hex);\n}\n\n// hashes an ASCII string to a field element\nexport function hashASCIIStrToField(str: string, maxSize: number) {\n\tif (str.length > maxSize) {\n\t\tthrow new Error(`String ${str} is longer than ${maxSize} chars`);\n\t}\n\n\t// Note: Padding with zeroes is safe because we are only using this function to map human-readable sequence of bytes.\n\t// So the ASCII values of those characters will never be zero (null character).\n\tconst strPadded = str\n\t\t.padEnd(maxSize, String.fromCharCode(0))\n\t\t.split('')\n\t\t.map((c) => c.charCodeAt(0));\n\n\tconst chunkSize = PACK_WIDTH / 8;\n\tconst packed = chunkArray(strPadded, chunkSize).map((chunk) => bytesBEToBigInt(chunk));\n\treturn poseidonHash(packed);\n}\n\nexport function genAddressSeed(\n\tsalt: string | bigint,\n\tname: string,\n\tvalue: string,\n\taud: string,\n\tmax_name_length = MAX_KEY_CLAIM_NAME_LENGTH,\n\tmax_value_length = MAX_KEY_CLAIM_VALUE_LENGTH,\n\tmax_aud_length = MAX_AUD_VALUE_LENGTH,\n): bigint {\n\treturn poseidonHash([\n\t\thashASCIIStrToField(name, max_name_length),\n\t\thashASCIIStrToField(value, max_value_length),\n\t\thashASCIIStrToField(aud, max_aud_length),\n\t\tposeidonHash([BigInt(salt)]),\n\t]);\n}\n\nexport function normalizeZkLoginIssuer(iss: string) {\n\tif (iss === 'accounts.google.com') {\n\t\treturn 'https://accounts.google.com';\n\t}\n\treturn iss;\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,mBAA2B;AAG3B,sBAA6B;AAE7B,MAAM,4BAA4B;AAClC,MAAM,6BAA6B;AACnC,MAAM,uBAAuB;AAC7B,MAAM,aAAa;AAEnB,SAAS,sBAAsB,OAAmB;AACjD,WAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACtC,QAAI,MAAM,CAAC,MAAM,GAAG;AACnB,aAAO;AAAA,IACR;AAAA,EACD;AAEA,SAAO;AACR;AAGO,SAAS,uBAAuB,KAAa,OAA2B;AAC9E,QAAM,MAAM,IAAI,SAAS,EAAE;AAC3B,aAAO,yBAAW,IAAI,SAAS,QAAQ,GAAG,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;AACjE;AAGO,SAAS,iBAAiB,KAAa,OAA2B;AACxE,QAAM,QAAQ,uBAAuB,KAAK,KAAK;AAE/C,QAAM,oBAAoB,sBAAsB,KAAK;AAErD,MAAI,sBAAsB,IAAI;AAC7B,WAAO,IAAI,WAAW,CAAC,CAAC,CAAC;AAAA,EAC1B;AAEA,SAAO,MAAM,MAAM,iBAAiB;AACrC;AAEO,SAAS,8BAA8B,WAAsB;AACnE,SAAO,UAAU,eAAe;AACjC;AAUO,SAAS,WAAc,OAAY,YAA2B;AACpE,QAAM,SAAS,MAAM,KAAK,KAAK,MAAM,SAAS,UAAU,CAAC;AACzD,QAAM,WAAW,MAAM,QAAQ;AAC/B,WAAS,IAAI,GAAG,IAAI,OAAO,QAAQ,KAAK;AACvC,WAAO,CAAC,IAAI,SAAS,MAAM,IAAI,aAAa,IAAI,KAAK,UAAU,EAAE,QAAQ;AAAA,EAC1E;AACA,SAAO,OAAO,QAAQ;AACvB;AAEA,SAAS,gBAAgB,OAAyB;AACjD,QAAM,MAAM,MAAM,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAAE,KAAK,EAAE;AACrE,MAAI,IAAI,WAAW,GAAG;AACrB,WAAO,OAAO,CAAC;AAAA,EAChB;AACA,SAAO,OAAO,OAAO,GAAG;AACzB;AAGO,SAAS,oBAAoB,KAAa,SAAiB;AACjE,MAAI,IAAI,SAAS,SAAS;AACzB,UAAM,IAAI,MAAM,UAAU,GAAG,mBAAmB,OAAO,QAAQ;AAAA,EAChE;AAIA,QAAM,YAAY,IAChB,OAAO,SAAS,OAAO,aAAa,CAAC,CAAC,EACtC,MAAM,EAAE,EACR,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;AAE5B,QAAM,YAAY,aAAa;AAC/B,QAAM,SAAS,WAAW,WAAW,SAAS,EAAE,IAAI,CAAC,UAAU,gBAAgB,KAAK,CAAC;AACrF,aAAO,8BAAa,MAAM;AAC3B;AAEO,SAAS,eACf,MACA,MACA,OACA,KACA,kBAAkB,2BAClB,mBAAmB,4BACnB,iBAAiB,sBACR;AACT,aAAO,8BAAa;AAAA,IACnB,oBAAoB,MAAM,eAAe;AAAA,IACzC,oBAAoB,OAAO,gBAAgB;AAAA,IAC3C,oBAAoB,KAAK,cAAc;AAAA,QACvC,8BAAa,CAAC,OAAO,IAAI,CAAC,CAAC;AAAA,EAC5B,CAAC;AACF;AAEO,SAAS,uBAAuB,KAAa;AACnD,MAAI,QAAQ,uBAAuB;AAClC,WAAO;AAAA,EACR;AACA,SAAO;AACR;",
   "names": []
 }

package/dist/esm/version.d.ts

@@ -1,2 +1,2 @@
-export declare const PACKAGE_VERSION = "1.22.0";
+export declare const PACKAGE_VERSION = "1.23.0";
 export declare const TARGETED_RPC_VERSION = "1.45.0";

package/dist/esm/version.js

@@ -1,4 +1,4 @@
-const PACKAGE_VERSION = "1.22.0";
+const PACKAGE_VERSION = "1.23.0";
 const TARGETED_RPC_VERSION = "1.45.0";
 export {
   PACKAGE_VERSION,

package/dist/esm/version.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../src/version.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\n// This file is generated by genversion.mjs. Do not edit it directly.\n\nexport const PACKAGE_VERSION = '1.22.0';\nexport const TARGETED_RPC_VERSION = '1.45.0';\n"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\n// This file is generated by genversion.mjs. Do not edit it directly.\n\nexport const PACKAGE_VERSION = '1.23.0';\nexport const TARGETED_RPC_VERSION = '1.45.0';\n"],
   "mappings": "AAKO,MAAM,kBAAkB;AACxB,MAAM,uBAAuB;",
   "names": []
 }