npm - @nucypher/taco-auth - Versions diffs - 0.3.0-alpha.2 → 0.3.0 - Mend

@nucypher/taco-auth 0.3.0-alpha.2 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (51) hide show

package/dist/cjs/auth-sig.d.ts +10 -8
package/dist/cjs/auth-sig.js +4 -5
package/dist/cjs/auth-sig.js.map +1 -1
package/dist/cjs/providers/eip1271/auth.d.ts +47 -0
package/dist/cjs/providers/eip1271/auth.js +15 -0
package/dist/cjs/providers/eip1271/auth.js.map +1 -0
package/dist/cjs/providers/eip1271/eip1271.d.ts +34 -0
package/dist/cjs/providers/eip1271/eip1271.js +53 -0
package/dist/cjs/providers/eip1271/eip1271.js.map +1 -0
package/dist/cjs/providers/eip4361/auth.d.ts +24 -0
package/dist/cjs/providers/eip4361/auth.js +25 -0
package/dist/cjs/providers/eip4361/auth.js.map +1 -0
package/dist/cjs/providers/eip4361/eip4361.d.ts +71 -5
package/dist/cjs/providers/eip4361/eip4361.js +89 -30
package/dist/cjs/providers/eip4361/eip4361.js.map +1 -1
package/dist/cjs/providers/eip4361/external-eip4361.d.ts +35 -4
package/dist/cjs/providers/eip4361/external-eip4361.js +56 -7
package/dist/cjs/providers/eip4361/external-eip4361.js.map +1 -1
package/dist/cjs/providers/index.d.ts +3 -0
package/dist/cjs/providers/index.js +4 -0
package/dist/cjs/providers/index.js.map +1 -1
package/dist/cjs/storage.d.ts +6 -4
package/dist/cjs/storage.js +4 -3
package/dist/cjs/storage.js.map +1 -1
package/dist/es/auth-sig.d.ts +10 -8
package/dist/es/auth-sig.js +3 -4
package/dist/es/auth-sig.js.map +1 -1
package/dist/es/providers/eip1271/auth.d.ts +47 -0
package/dist/es/providers/eip1271/auth.js +12 -0
package/dist/es/providers/eip1271/auth.js.map +1 -0
package/dist/es/providers/eip1271/eip1271.d.ts +34 -0
package/dist/es/providers/eip1271/eip1271.js +49 -0
package/dist/es/providers/eip1271/eip1271.js.map +1 -0
package/dist/es/providers/eip4361/auth.d.ts +24 -0
package/dist/es/providers/eip4361/auth.js +22 -0
package/dist/es/providers/eip4361/auth.js.map +1 -0
package/dist/es/providers/eip4361/eip4361.d.ts +71 -5
package/dist/es/providers/eip4361/eip4361.js +87 -28
package/dist/es/providers/eip4361/eip4361.js.map +1 -1
package/dist/es/providers/eip4361/external-eip4361.d.ts +35 -4
package/dist/es/providers/eip4361/external-eip4361.js +54 -5
package/dist/es/providers/eip4361/external-eip4361.js.map +1 -1
package/dist/es/providers/index.d.ts +3 -0
package/dist/es/providers/index.js +2 -0
package/dist/es/providers/index.js.map +1 -1
package/dist/es/storage.d.ts +6 -4
package/dist/es/storage.js +4 -3
package/dist/es/storage.js.map +1 -1
package/dist/tsconfig.cjs.tsbuildinfo +1 -1
package/dist/tsconfig.es.tsbuildinfo +1 -1
package/package.json +5 -5

package/dist/cjs/providers/eip4361/external-eip4361.js CHANGED Viewed

@@ -1,28 +1,77 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.SingleSignOnEIP4361AuthProvider = exports.USER_ADDRESS_PARAM_EXTERNAL_EIP4361 = void 0;
+exports.SingleSignOnEIP4361AuthProvider = void 0;
 const siwe_1 = require("siwe");
-const common_1 = require("./common");
-exports.USER_ADDRESS_PARAM_EXTERNAL_EIP4361 = ':userAddressExternalEIP4361';
+const auth_1 = require("./auth");
+const eip4361_1 = require("./eip4361");
+async function generateAndVerifySiweMessage(message, signature) {
+    const siweMessage = new siwe_1.SiweMessage(message);
+    // this will trigger validation for the signature and all parameters (`expirationTime`, `notBefore`...).
+    await siweMessage.verify({ signature });
+    const twoHoursBeforeNow = new Date(Date.now() - eip4361_1.FRESHNESS_IN_MILLISECONDS);
+    if (!siweMessage.issuedAt) {
+        throw new Error(
+        // this should never happen
+        `The SIWE message is missing an \`issuedAt\` field and would be rejected by TACo nodes.`);
+    }
+    if (new Date(siweMessage.issuedAt) < twoHoursBeforeNow) {
+        throw new Error(`The SIWE message was issued more than 2 hours ago and would be rejected by TACo nodes.`);
+    }
+    const now = new Date();
+    if (new Date(siweMessage.issuedAt) > now) {
+        throw new Error(`The SIWE message was issued at a future datetime: ${siweMessage.issuedAt} and would be rejected by TACo nodes.`);
+    }
+    return siweMessage;
+}
+/**
+ * SingleSignOnEIP4361AuthProvider handles Sign-In with Ethereum (EIP-4361/SIWE) authentication
+ * using an existing SIWE message and signature.
+ *
+ * This provider validates and reuses an existing SIWE message and signature rather than generating new ones.
+ * It's useful for implementing single sign-on flows where the SIWE authentication was performed elsewhere.
+ */
 class SingleSignOnEIP4361AuthProvider {
     existingSiweMessage;
     address;
     signature;
+    /**
+     * Creates a new SingleSignOnEIP4361AuthProvider from an existing SIWE message and signature.
+     *
+     * @param existingSiweMessage - The existing SIWE message string to validate and reuse
+     * @param signature - The signature corresponding to the SIWE message
+     * @returns A new SingleSignOnEIP4361AuthProvider instance
+     * @throws {Error} If signature verification fails or message parameters are invalid
+     */
     static async fromExistingSiweInfo(existingSiweMessage, signature) {
-        // validation
-        const siweMessage = new siwe_1.SiweMessage(existingSiweMessage);
-        await siweMessage.verify({ signature });
+        const siweMessage = await generateAndVerifySiweMessage(existingSiweMessage, signature);
         // create provider
         const authProvider = new SingleSignOnEIP4361AuthProvider(siweMessage.prepareMessage(), siweMessage.address, signature);
         return authProvider;
     }
+    /**
+     * Private constructor - use fromExistingSiweInfo() to create instances.
+     *
+     * @param existingSiweMessage - The validated SIWE message string
+     * @param address - The Ethereum address that signed the message
+     * @param signature - The validated signature
+     */
     constructor(existingSiweMessage, address, signature) {
         this.existingSiweMessage = existingSiweMessage;
         this.address = address;
         this.signature = signature;
     }
+    /**
+     * Returns the existing auth signature after re-validating it.
+     *
+     * This method verifies that the stored signature and message are still valid
+     * before returning them as an EIP4361AuthSignature object.
+     *
+     * @returns {Promise<EIP4361AuthSignature>} The validated authentication signature
+     * @throws {Error} If signature verification fails
+     */
     async getOrCreateAuthSignature() {
-        const scheme = common_1.EIP4361_AUTH_METHOD;
+        await generateAndVerifySiweMessage(this.existingSiweMessage, this.signature);
+        const scheme = auth_1.EIP4361_AUTH_METHOD;
         return {
             signature: this.signature,
             address: this.address,

package/dist/cjs/providers/eip4361/external-eip4361.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"external-eip4361.js","sourceRoot":"","sources":["../../../../src/providers/eip4361/external-eip4361.ts"],"names":[],"mappings":";;;AAAA,+BAAmC;AAInC,~~qCAA+C~~;~~AAElC~~,~~QAAA~~,~~mCAAmC~~,~~GAC9C~~,~~6BAA6B~~,CAAC;~~AAEhC~~,~~MAAa,+BAA+B~~;~~IAkBvB~~;~~IACD~~;~~IACC~~;~~IAnBZ~~,MAAM,~~CAAC~~,KAAK,CAAC,~~oBAAoB~~,~~CACtC~~,~~mBAA2B~~,~~EAC3B~~,~~SAAiB~~;~~QAEjB~~,~~aAAa~~;~~QACb~~,MAAM,~~WAAW~~,GAAG,IAAI,~~kBAAW~~,CAAC,~~mBAAmB~~,CAAC,CAAC;~~QACzD~~,MAAM,WAAW,CAAC,~~MAAM~~,CAAC,~~EAAE~~,~~SAAS~~,~~EAAE~~,CAAC,CAAC;~~QACxC~~,kBAAkB;QAClB,MAAM,YAAY,GAAG,IAAI,+BAA+B,CACtD,WAAW,CAAC,cAAc,EAAE,EAC5B,WAAW,CAAC,OAAO,EACnB,SAAS,CACV,CAAC;QACF,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,YACmB,mBAA2B,EAC5B,OAAe,EACd,SAAiB;QAFjB,wBAAmB,GAAnB,mBAAmB,CAAQ;QAC5B,YAAO,GAAP,OAAO,CAAQ;QACd,cAAS,GAAT,SAAS,CAAQ;IACjC,CAAC;~~IAEG~~,KAAK,CAAC,wBAAwB;QACnC,MAAM,MAAM,GAAG,~~4BAAmB~~,CAAC;QACnC,OAAO;YACL,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,MAAM;YACN,SAAS,EAAE,IAAI,CAAC,mBAAmB;SACpC,CAAC;IACJ,CAAC;CACF;~~AAhCD~~,~~0EAgCC~~"}
1	+ {"version":3,"file":"external-eip4361.js","sourceRoot":"","sources":["../../../../src/providers/eip4361/external-eip4361.ts"],"names":[],"mappings":";;;AAAA,+BAAmC;AAInC,iCAAmE;AACnE,uCAAsD;AAEtD,KAAK,UAAU,4BAA4B,CACzC,OAAe,EACf,SAAiB;IAEjB,MAAM,WAAW,GAAG,IAAI,kBAAW,CAAC,OAAO,CAAC,CAAC;IAC7C,wGAAwG;IACxG,MAAM,WAAW,CAAC,MAAM,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;IACxC,MAAM,iBAAiB,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,mCAAyB,CAAC,CAAC;IAC3E,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK;QACb,2BAA2B;QAC3B,wFAAwF,CACzF,CAAC;IACJ,CAAC;IACD,IAAI,IAAI,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAG,iBAAiB,EAAE,CAAC;QACvD,MAAM,IAAI,KAAK,CACb,wFAAwF,CACzF,CAAC;IACJ,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,IAAI,IAAI,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAG,GAAG,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CACb,qDAAqD,WAAW,CAAC,QAAQ,uCAAuC,CACjH,CAAC;IACJ,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC;AAED;;;;;;GAMG;AACH,MAAa,+BAA+B;IAmCvB;IACD;IACC;IApCnB;;;;;;;OAOG;IACI,MAAM,CAAC,KAAK,CAAC,oBAAoB,CACtC,mBAA2B,EAC3B,SAAiB;QAEjB,MAAM,WAAW,GAAG,MAAM,4BAA4B,CACpD,mBAAmB,EACnB,SAAS,CACV,CAAC;QAEF,kBAAkB;QAClB,MAAM,YAAY,GAAG,IAAI,+BAA+B,CACtD,WAAW,CAAC,cAAc,EAAE,EAC5B,WAAW,CAAC,OAAO,EACnB,SAAS,CACV,CAAC;QACF,OAAO,YAAY,CAAC;IACtB,CAAC;IAED;;;;;;OAMG;IACH,YACmB,mBAA2B,EAC5B,OAAe,EACd,SAAiB;QAFjB,wBAAmB,GAAnB,mBAAmB,CAAQ;QAC5B,YAAO,GAAP,OAAO,CAAQ;QACd,cAAS,GAAT,SAAS,CAAQ;IACjC,CAAC;IAEJ;;;;;;;;OAQG;IACI,KAAK,CAAC,wBAAwB;QACnC,MAAM,4BAA4B,CAChC,IAAI,CAAC,mBAAmB,EACxB,IAAI,CAAC,SAAS,CACf,CAAC;QAEF,MAAM,MAAM,GAAG,0BAAmB,CAAC;QACnC,OAAO;YACL,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,MAAM;YACN,SAAS,EAAE,IAAI,CAAC,mBAAmB;SACpC,CAAC;IACJ,CAAC;CACF;AA/DD,0EA+DC"}

package/dist/cjs/providers/index.d.ts CHANGED Viewed

@@ -1,2 +1,5 @@
+export { EIP1271AuthSignature } from './eip1271/auth';
+export * from './eip1271/eip1271';
+export { EIP4361AuthSignature, USER_ADDRESS_PARAM_DEFAULT, } from './eip4361/auth';
 export * from './eip4361/eip4361';
 export * from './eip4361/external-eip4361';

package/dist/cjs/providers/index.js CHANGED Viewed

@@ -14,6 +14,10 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.USER_ADDRESS_PARAM_DEFAULT = void 0;
+__exportStar(require("./eip1271/eip1271"), exports);
+var auth_1 = require("./eip4361/auth");
+Object.defineProperty(exports, "USER_ADDRESS_PARAM_DEFAULT", { enumerable: true, get: function () { return auth_1.USER_ADDRESS_PARAM_DEFAULT; } });
 __exportStar(require("./eip4361/eip4361"), exports);
 __exportStar(require("./eip4361/external-eip4361"), exports);
 //# sourceMappingURL=index.js.map

package/dist/cjs/providers/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/providers/index.ts"],"names":[],"mappings":"~~;;;;;;;;;;;;;;;;AAAA~~,oDAAkC;AAClC,6DAA2C"}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/providers/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAEA,oDAAkC;AAClC,uCAGwB;AADtB,kHAAA,0BAA0B,OAAA;AAE5B,oDAAkC;AAClC,6DAA2C"}

package/dist/cjs/storage.d.ts CHANGED Viewed

@@ -1,8 +1,10 @@
+import { z } from 'zod';
 import { AuthSignature } from './index';
-export declare class LocalStorage {
+export declare class LocalStorage<T extends AuthSignature> {
     private storage;
-    constructor();
-    getAuthSignature(key: string): AuthSignature | null;
-    setAuthSignature(key: string, authSignature: AuthSignature): void;
+    private signatureSchema;
+    constructor(signatureSchema: z.ZodSchema);
+    getAuthSignature(key: string): T | null;
+    setAuthSignature(key: string, authSignature: T): void;
     clear(key: string): void;
 }

package/dist/cjs/storage.js CHANGED Viewed

@@ -1,7 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.LocalStorage = void 0;
-const index_1 = require("./index");
 class BrowserStorage {
     getItem(key) {
         return localStorage.getItem(key);
@@ -27,18 +26,20 @@ class NodeStorage {
 }
 class LocalStorage {
     storage;
-    constructor() {
+    signatureSchema;
+    constructor(signatureSchema) {
         this.storage =
             typeof localStorage === 'undefined'
                 ? new NodeStorage()
                 : new BrowserStorage();
+        this.signatureSchema = signatureSchema;
     }
     getAuthSignature(key) {
         const asJson = this.storage.getItem(key);
         if (!asJson) {
             return null;
         }
-        return index_1.authSignatureSchema.parse(JSON.parse(asJson));
+        return this.signatureSchema.parse(JSON.parse(asJson));
     }
     setAuthSignature(key, authSignature) {
         const asJson = JSON.stringify(authSignature);

package/dist/cjs/storage.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"storage.js","sourceRoot":"","sources":["../../src/storage.ts"],"names":[],"mappings":";;;~~AAAA~~,~~mCAA6D;AAU7D,~~MAAM,cAAc;IACX,OAAO,CAAC,GAAW;QACxB,OAAO,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACnC,CAAC;IAEM,OAAO,CAAC,GAAW,EAAE,KAAa;QACvC,YAAY,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACnC,CAAC;IAEM,UAAU,CAAC,GAAW;QAC3B,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC;CACF;AAED,MAAM,WAAW;IACP,OAAO,GAA2B,EAAE,CAAC;IAEtC,OAAO,CAAC,GAAW;QACxB,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC;IACnC,CAAC;IAEM,OAAO,CAAC,GAAW,EAAE,KAAa;QACvC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;IAC5B,CAAC;IAEM,UAAU,CAAC,GAAW;QAC3B,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;CACF;AAED,MAAa,YAAY;IACf,OAAO,CAAW;~~IAE1B~~;~~QACE~~,IAAI,CAAC,OAAO;YACV,OAAO,YAAY,KAAK,WAAW;gBACjC,CAAC,CAAC,IAAI,WAAW,EAAE;gBACnB,CAAC,CAAC,IAAI,cAAc,EAAE,CAAC;~~IAC7B~~,CAAC;IAEM,gBAAgB,CAAC,GAAW;QACjC,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,~~2BAAmB~~,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;~~IACvD~~,CAAC;IAEM,gBAAgB,CAAC,GAAW,EAAE,~~aAA4B~~;~~QAC/D~~,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;QAC7C,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACpC,CAAC;IAEM,KAAK,CAAC,GAAW;QACtB,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC;CACF;~~AA1BD~~,~~oCA0BC~~"}
1	+ {"version":3,"file":"storage.js","sourceRoot":"","sources":["../../src/storage.ts"],"names":[],"mappings":";;;AAYA,MAAM,cAAc;IACX,OAAO,CAAC,GAAW;QACxB,OAAO,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACnC,CAAC;IAEM,OAAO,CAAC,GAAW,EAAE,KAAa;QACvC,YAAY,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACnC,CAAC;IAEM,UAAU,CAAC,GAAW;QAC3B,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC;CACF;AAED,MAAM,WAAW;IACP,OAAO,GAA2B,EAAE,CAAC;IAEtC,OAAO,CAAC,GAAW;QACxB,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC;IACnC,CAAC;IAEM,OAAO,CAAC,GAAW,EAAE,KAAa;QACvC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;IAC5B,CAAC;IAEM,UAAU,CAAC,GAAW;QAC3B,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;CACF;AAED,MAAa,YAAY;IACf,OAAO,CAAW;IAClB,eAAe,CAAc;IAErC,YAAY,eAA4B;QACtC,IAAI,CAAC,OAAO;YACV,OAAO,YAAY,KAAK,WAAW;gBACjC,CAAC,CAAC,IAAI,WAAW,EAAE;gBACnB,CAAC,CAAC,IAAI,cAAc,EAAE,CAAC;QAC3B,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;IACzC,CAAC;IAEM,gBAAgB,CAAC,GAAW;QACjC,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;IACxD,CAAC;IAEM,gBAAgB,CAAC,GAAW,EAAE,aAAgB;QACnD,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;QAC7C,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACpC,CAAC;IAEM,KAAK,CAAC,GAAW;QACtB,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC;CACF;AA5BD,oCA4BC"}

package/dist/es/auth-sig.d.ts CHANGED Viewed

@@ -1,18 +1,20 @@
 import { z } from 'zod';
-export declare const authSignatureSchema: z.ZodObject<{
+import { EIP1271AuthSignature } from './providers/eip1271/auth';
+import { EIP4361AuthSignature } from './providers/eip4361/auth';
+export declare const baseAuthSignatureSchema: z.ZodObject<{
     signature: z.ZodString;
     address: z.ZodEffects<z.ZodString, string, string>;
-    scheme: z.ZodEnum<["EIP4361"]>;
-    typedData: z.ZodEffects<z.ZodString, string, string>;
+    scheme: z.ZodString;
+    typedData: z.ZodUnknown;
 }, "strip", z.ZodTypeAny, {
     signature: string;
     address: string;
-    scheme: "EIP4361";
-    typedData: string;
+    scheme: string;
+    typedData?: unknown;
 }, {
     signature: string;
     address: string;
-    scheme: "EIP4361";
-    typedData: string;
+    scheme: string;
+    typedData?: unknown;
 }>;
-export type AuthSignature = z.infer<typeof authSignatureSchema>;
+export type AuthSignature = EIP4361AuthSignature | EIP1271AuthSignature;

package/dist/es/auth-sig.js CHANGED Viewed

@@ -1,10 +1,9 @@
 import { EthAddressSchema } from '@nucypher/shared';
 import { z } from 'zod';
-import { EIP4361_AUTH_METHOD, EIP4361TypedDataSchema, } from './providers/eip4361/common';
-export const authSignatureSchema = z.object({
+export const baseAuthSignatureSchema = z.object({
     signature: z.string(),
     address: EthAddressSchema,
-    scheme: z.enum([EIP4361_AUTH_METHOD]),
-    typedData: EIP4361TypedDataSchema,
+    scheme: z.string(),
+    typedData: z.unknown(),
 });
 //# sourceMappingURL=auth-sig.js.map

package/dist/es/auth-sig.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"auth-sig.js","sourceRoot":"","sources":["../../src/auth-sig.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;~~AAExB~~,~~OAAO,EACL,mBAAmB,EACnB,sBAAsB,GACvB,~~MAAM,~~4BAA4B,~~CAAC~~;AAEpC~~,MAAM,~~CAAC~~,~~MAAM,mBAAmB,~~GAAG,CAAC,CAAC,MAAM,CAAC;~~IAC1C~~,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,OAAO,EAAE,gBAAgB;IACzB,MAAM,EAAE,CAAC,CAAC,~~IAAI~~,~~CAAC~~,~~CAAC~~,~~mBAAmB~~,CAAC,CAAC~~;IACrC~~,~~SAAS~~,EAAE~~,sBAAsB~~;~~CAClC~~,CAAC,CAAC"}
1	+ {"version":3,"file":"auth-sig.js","sourceRoot":"","sources":["../../src/auth-sig.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAKxB,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9C,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,OAAO,EAAE,gBAAgB;IACzB,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;IAClB,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE;CACvB,CAAC,CAAC"}

package/dist/es/providers/eip1271/auth.d.ts ADDED Viewed

@@ -0,0 +1,47 @@
+import { z } from 'zod';
+export declare const EIP1271_AUTH_METHOD = "EIP1271";
+export declare const EIP1271TypedDataSchema: z.ZodObject<{
+    chain: z.ZodNumber;
+    dataHash: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    chain: number;
+    dataHash: string;
+}, {
+    chain: number;
+    dataHash: string;
+}>;
+export declare const eip1271AuthSignatureSchema: z.ZodObject<z.objectUtil.extendShape<{
+    signature: z.ZodString;
+    address: z.ZodEffects<z.ZodString, string, string>;
+    scheme: z.ZodString;
+    typedData: z.ZodUnknown;
+}, {
+    scheme: z.ZodLiteral<"EIP1271">;
+    typedData: z.ZodObject<{
+        chain: z.ZodNumber;
+        dataHash: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        chain: number;
+        dataHash: string;
+    }, {
+        chain: number;
+        dataHash: string;
+    }>;
+}>, "strip", z.ZodTypeAny, {
+    signature: string;
+    address: string;
+    scheme: "EIP1271";
+    typedData: {
+        chain: number;
+        dataHash: string;
+    };
+}, {
+    signature: string;
+    address: string;
+    scheme: "EIP1271";
+    typedData: {
+        chain: number;
+        dataHash: string;
+    };
+}>;
+export type EIP1271AuthSignature = z.infer<typeof eip1271AuthSignatureSchema>;

package/dist/es/providers/eip1271/auth.js ADDED Viewed

@@ -0,0 +1,12 @@
+import { z } from 'zod';
+import { baseAuthSignatureSchema } from '../../auth-sig';
+export const EIP1271_AUTH_METHOD = 'EIP1271';
+export const EIP1271TypedDataSchema = z.object({
+    chain: z.number().int().nonnegative(),
+    dataHash: z.string().startsWith('0x'), // hex string
+});
+export const eip1271AuthSignatureSchema = baseAuthSignatureSchema.extend({
+    scheme: z.literal(EIP1271_AUTH_METHOD),
+    typedData: EIP1271TypedDataSchema,
+});
+//# sourceMappingURL=auth.js.map

package/dist/es/providers/eip1271/auth.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../../src/providers/eip1271/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,uBAAuB,EAAE,MAAM,gBAAgB,CAAC;AAEzD,MAAM,CAAC,MAAM,mBAAmB,GAAG,SAAS,CAAC;AAE7C,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7C,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE;IACrC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,aAAa;CACrD,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,0BAA0B,GAAG,uBAAuB,CAAC,MAAM,CAAC;IACvE,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC;IACtC,SAAS,EAAE,sBAAsB;CAClC,CAAC,CAAC"}

package/dist/es/providers/eip1271/eip1271.d.ts ADDED Viewed

@@ -0,0 +1,34 @@
+import { AuthProvider } from '../../auth-provider';
+import { EIP1271AuthSignature } from './auth';
+/**
+ * EIP1271AuthProvider handles EIP-1271 contract-based authentication.
+ * This provider manages authentication signatures from smart contracts that implement EIP-1271's `isValidSignature` solidity function.
+ */
+export declare class EIP1271AuthProvider implements AuthProvider {
+    readonly contractAddress: string;
+    readonly chain: number;
+    readonly dataHash: string;
+    readonly signature: string;
+    /**
+     * Creates a new EIP1271AuthProvider for contract-based authentication.
+     *
+     * @param contractAddress - The Ethereum address of the contract implementing EIP-1271
+     * @param chain - The chain ID where the contract is deployed
+     * @param dataHash - The hash of the data that was signed
+     * @param signature - The signature produced by the contract's signing method
+     */
+    constructor(contractAddress: string, chain: number, dataHash: string, signature: string);
+    /**
+     * Returns the authentication signature for the contract.
+     *
+     * Since contract signatures are created externally, this method simply returns
+     * the existing signature and metadata rather than creating a new one.
+     *
+     * @returns {Promise<EIP1271AuthSignature>} The authentication signature containing:
+     *   - signature: The contract-generated signature
+     *   - address: The contract's address
+     *   - scheme: The authentication scheme (EIP1271)
+     *   - typedData: Object containing the chain ID and data hash
+     */
+    getOrCreateAuthSignature(): Promise<EIP1271AuthSignature>;
+}

package/dist/es/providers/eip1271/eip1271.js ADDED Viewed

@@ -0,0 +1,49 @@
+import { EIP1271_AUTH_METHOD } from './auth';
+/**
+ * EIP1271AuthProvider handles EIP-1271 contract-based authentication.
+ * This provider manages authentication signatures from smart contracts that implement EIP-1271's `isValidSignature` solidity function.
+ */
+export class EIP1271AuthProvider {
+    contractAddress;
+    chain;
+    dataHash;
+    signature;
+    /**
+     * Creates a new EIP1271AuthProvider for contract-based authentication.
+     *
+     * @param contractAddress - The Ethereum address of the contract implementing EIP-1271
+     * @param chain - The chain ID where the contract is deployed
+     * @param dataHash - The hash of the data that was signed
+     * @param signature - The signature produced by the contract's signing method
+     */
+    constructor(contractAddress, chain, dataHash, signature) {
+        this.contractAddress = contractAddress;
+        this.chain = chain;
+        this.dataHash = dataHash;
+        this.signature = signature;
+    }
+    /**
+     * Returns the authentication signature for the contract.
+     *
+     * Since contract signatures are created externally, this method simply returns
+     * the existing signature and metadata rather than creating a new one.
+     *
+     * @returns {Promise<EIP1271AuthSignature>} The authentication signature containing:
+     *   - signature: The contract-generated signature
+     *   - address: The contract's address
+     *   - scheme: The authentication scheme (EIP1271)
+     *   - typedData: Object containing the chain ID and data hash
+     */
+    async getOrCreateAuthSignature() {
+        return {
+            signature: this.signature,
+            address: this.contractAddress,
+            scheme: EIP1271_AUTH_METHOD,
+            typedData: {
+                chain: this.chain,
+                dataHash: this.dataHash,
+            },
+        };
+    }
+}
+//# sourceMappingURL=eip1271.js.map

package/dist/es/providers/eip1271/eip1271.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"eip1271.js","sourceRoot":"","sources":["../../../../src/providers/eip1271/eip1271.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,mBAAmB,EAAwB,MAAM,QAAQ,CAAC;AAEnE;;;GAGG;AACH,MAAM,OAAO,mBAAmB;IAUZ;IACA;IACA;IACA;IAZlB;;;;;;;OAOG;IACH,YACkB,eAAuB,EACvB,KAAa,EACb,QAAgB,EAChB,SAAiB;QAHjB,oBAAe,GAAf,eAAe,CAAQ;QACvB,UAAK,GAAL,KAAK,CAAQ;QACb,aAAQ,GAAR,QAAQ,CAAQ;QAChB,cAAS,GAAT,SAAS,CAAQ;IAChC,CAAC;IAEJ;;;;;;;;;;;OAWG;IACI,KAAK,CAAC,wBAAwB;QACnC,OAAO;YACL,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,OAAO,EAAE,IAAI,CAAC,eAAe;YAC7B,MAAM,EAAE,mBAAmB;YAC3B,SAAS,EAAE;gBACT,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,QAAQ,EAAE,IAAI,CAAC,QAAQ;aACxB;SACF,CAAC;IACJ,CAAC;CACF"}

package/dist/es/providers/eip4361/auth.d.ts ADDED Viewed

@@ -0,0 +1,24 @@
+import { z } from 'zod';
+export declare const EIP4361_AUTH_METHOD = "EIP4361";
+export declare const USER_ADDRESS_PARAM_DEFAULT = ":userAddress";
+export declare const EIP4361TypedDataSchema: z.ZodEffects<z.ZodString, string, string>;
+export declare const eip4361AuthSignatureSchema: z.ZodObject<z.objectUtil.extendShape<{
+    signature: z.ZodString;
+    address: z.ZodEffects<z.ZodString, string, string>;
+    scheme: z.ZodString;
+    typedData: z.ZodUnknown;
+}, {
+    scheme: z.ZodLiteral<"EIP4361">;
+    typedData: z.ZodEffects<z.ZodString, string, string>;
+}>, "strip", z.ZodTypeAny, {
+    signature: string;
+    address: string;
+    scheme: "EIP4361";
+    typedData: string;
+}, {
+    signature: string;
+    address: string;
+    scheme: "EIP4361";
+    typedData: string;
+}>;
+export type EIP4361AuthSignature = z.infer<typeof eip4361AuthSignatureSchema>;

package/dist/es/providers/eip4361/auth.js ADDED Viewed

@@ -0,0 +1,22 @@
+import { SiweMessage } from 'siwe';
+import { z } from 'zod';
+import { baseAuthSignatureSchema } from '../../auth-sig';
+export const EIP4361_AUTH_METHOD = 'EIP4361';
+export const USER_ADDRESS_PARAM_DEFAULT = ':userAddress';
+const isSiweMessage = (message) => {
+    try {
+        new SiweMessage(message);
+        return true;
+    }
+    catch {
+        return false;
+    }
+};
+export const EIP4361TypedDataSchema = z
+    .string()
+    .refine(isSiweMessage, { message: 'Invalid SIWE message' });
+export const eip4361AuthSignatureSchema = baseAuthSignatureSchema.extend({
+    scheme: z.literal(EIP4361_AUTH_METHOD),
+    typedData: EIP4361TypedDataSchema,
+});
+//# sourceMappingURL=auth.js.map

package/dist/es/providers/eip4361/auth.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../../src/providers/eip4361/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,MAAM,CAAC;AACnC,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,uBAAuB,EAAE,MAAM,gBAAgB,CAAC;AAEzD,MAAM,CAAC,MAAM,mBAAmB,GAAG,SAAS,CAAC;AAE7C,MAAM,CAAC,MAAM,0BAA0B,GAAG,cAAc,CAAC;AAEzD,MAAM,aAAa,GAAG,CAAC,OAAe,EAAW,EAAE;IACjD,IAAI,CAAC;QACH,IAAI,WAAW,CAAC,OAAO,CAAC,CAAC;QACzB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC;KACpC,MAAM,EAAE;KACR,MAAM,CAAC,aAAa,EAAE,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC,CAAC;AAE9D,MAAM,CAAC,MAAM,0BAA0B,GAAG,uBAAuB,CAAC,MAAM,CAAC;IACvE,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC;IACtC,SAAS,EAAE,sBAAsB;CAClC,CAAC,CAAC"}

package/dist/es/providers/eip4361/eip4361.d.ts CHANGED Viewed

@@ -1,18 +1,84 @@
 import { ethers } from 'ethers';
-import { AuthSignature } from '../../auth-sig';
-export declare const USER_ADDRESS_PARAM_DEFAULT = ":userAddress";
+import { AuthProvider } from '../../auth-provider';
+import { EIP4361AuthSignature } from './auth';
 export type EIP4361AuthProviderParams = {
     domain: string;
     uri: string;
 };
-export declare class EIP4361AuthProvider {
+export declare const FRESHNESS_IN_MILLISECONDS: number;
+/**
+ * Implements Sign-In with Ethereum (EIP-4361/SIWE) authentication by managing SIWE message lifecycle.
+ *
+ * This provider handles:
+ * - Creating and signing new SIWE messages
+ * - Storing signed messages in local storage
+ * - Retrieving and validating stored messages
+ * - Automatically refreshing expired messages
+ *
+ * Messages are valid for 2 hours from creation and stored locally keyed by the signer's address.
+ *
+ * @implements {AuthProvider}
+ */
+export declare class EIP4361AuthProvider implements AuthProvider {
     private readonly provider;
     private readonly signer;
     private readonly storage;
     private readonly providerParams;
+    /**
+     * Creates a new EIP4361AuthProvider instance.
+     *
+     * @param provider - Ethers provider used to fetch the current chainId
+     * @param signer - Ethers signer used to sign SIWE messages
+     * @param providerParams - Optional SIWE message configuration
+     * @param providerParams.domain - Domain name for the signing request (e.g. 'app.example.com').
+     *                               Defaults to current website domain or 'taco.build'
+     * @param providerParams.uri - Full URI of signing request origin (e.g. 'https://app.example.com').
+     *                            Defaults to current website URL or 'https://taco.build'
+     *
+     * The SIWE message will include:
+     * - A human-readable statement: "{domain} wants you to sign in with your Ethereum account: {address}"
+     * - Version: "1"
+     * - 2 hour expiration from creation time
+     * - Chain ID from the provided provider
+     * - Nonce: Auto-generated
+     */
     constructor(provider: ethers.providers.Provider, signer: ethers.Signer, providerParams?: EIP4361AuthProviderParams);
+    /**
+     * Gets default domain and URI parameters based on runtime environment.
+     *
+     * @returns Default parameters object with domain and uri
+     * @returns.domain - Host domain from window.location or 'taco.build'
+     * @returns.uri - Origin URL from window.location or 'https://taco.build'
+     * @private
+     */
     private getDefaultParameters;
-    getOrCreateAuthSignature(): Promise<AuthSignature>;
-    private isMessageExpired;
+    /**
+     * Gets a valid auth signature, either from storage or by creating a new one.
+     *
+     * Process:
+     * 1. Check local storage for existing signature for the signer's address
+     * 2. If found, verify the signature and expiration time
+     * 3. If verification fails or no signature exists, create and store a new one
+     * 4. Return the valid signature
+     *
+     * @returns Promise resolving to a valid EIP-4361 auth signature containing:
+     * @returns.signature - The signed SIWE message
+     * @returns.address - The signer's Ethereum address
+     * @returns.scheme - Authentication scheme ('eip4361')
+     * @returns.typedData - Original SIWE message string
+     */
+    getOrCreateAuthSignature(): Promise<EIP4361AuthSignature>;
+    /**
+     * Creates and signs a new SIWE authentication message.
+     *
+     * Process:
+     * 1. Get signer's address and current chain ID
+     * 2. Create SIWE message with 2 hour expiration
+     * 3. Sign message with signer
+     * 4. Return signed auth signature object
+     *
+     * @returns Promise resolving to newly created and signed auth signature
+     * @private
+     */
     private createSIWEAuthMessage;
 }