@openfort/openfort-js 0.7.15 → 0.7.17

package/dist/index.cjs

@@ -3204,10 +3204,12 @@ class OpenfortConfiguration {
 class ShieldConfiguration {
     shieldPublishableKey;
     shieldEncryptionKey;
+    shieldEncryptionSession;
     debug = false;
     constructor(options) {
         this.shieldPublishableKey = options.shieldPublishableKey;
         this.shieldEncryptionKey = options.shieldEncryptionKey;
+        this.shieldEncryptionSession = options.shieldEncryptionSession;
         this.debug = options.shieldDebug || false;
     }
 }
@@ -5178,6 +5180,163 @@ class AuthManager {
     }
 }
 
+var Event;
+(function (Event) {
+    Event["LOADED"] = "loaded";
+    Event["CONFIGURE"] = "configure";
+    Event["CONFIGURED"] = "configured";
+    Event["UPDATE_AUTHENTICATION"] = "update-authentication";
+    Event["AUTHENTICATION_UPDATED"] = "authentication-updated";
+    Event["SIGN"] = "sign";
+    Event["EXPORT"] = "export";
+    Event["SIGNED"] = "signed";
+    Event["LOGOUT"] = "logout";
+    Event["LOGGED_OUT"] = "logged-out";
+    Event["GET_CURRENT_DEVICE"] = "get-current-device";
+    Event["CURRENT_DEVICE"] = "current-device";
+    Event["PING"] = "ping";
+    Event["PONG"] = "pong";
+})(Event || (Event = {}));
+const NOT_CONFIGURED_ERROR = 'not-configured-error';
+const MISSING_USER_ENTROPY_ERROR = 'missing-user-entropy-error';
+const INCORRECT_USER_ENTROPY_ERROR = 'incorrect-user-entropy-error';
+class GetCurrentDeviceRequest {
+    uuid;
+    action = Event.GET_CURRENT_DEVICE;
+    playerID;
+    constructor(uuid, playerId) {
+        this.uuid = uuid;
+        this.playerID = playerId;
+    }
+}
+class PingRequest {
+    uuid;
+    action = Event.PING;
+    constructor(uuid) {
+        this.uuid = uuid;
+    }
+}
+class GetCurrentDeviceResponse {
+    uuid;
+    success;
+    action = Event.CURRENT_DEVICE;
+    deviceID;
+    accountType;
+    version = null;
+    chainId;
+    address;
+    constructor(uuid, deviceID, accountType, chainId, address) {
+        this.uuid = uuid;
+        this.success = true;
+        this.deviceID = deviceID;
+        this.accountType = accountType;
+        this.chainId = chainId;
+        this.address = address;
+    }
+}
+class LogoutRequest {
+    uuid;
+    action = Event.LOGOUT;
+    constructor(uuid) {
+        this.uuid = uuid;
+    }
+}
+class SignRequest {
+    uuid;
+    action = Event.SIGN;
+    message;
+    requireArrayify;
+    requireHash;
+    requestConfiguration;
+    constructor(uuid, message, requireArrayify, requireHash, requestConfiguration) {
+        this.uuid = uuid;
+        this.message = message;
+        this.requireArrayify = requireArrayify;
+        this.requireHash = requireHash;
+        this.requestConfiguration = requestConfiguration;
+    }
+}
+class ExportPrivateKeyRequest {
+    uuid;
+    action = Event.EXPORT;
+    requestConfiguration;
+    constructor(uuid, requestConfiguration) {
+        this.uuid = uuid;
+        this.requestConfiguration = requestConfiguration;
+    }
+}
+function isErrorResponse(response) {
+    return 'error' in response;
+}
+class ConfigureResponse {
+    uuid;
+    success;
+    deviceID;
+    address;
+    chainId;
+    accountType;
+    action = Event.CONFIGURED;
+    version;
+    constructor(uuid, deviceID, accountType, chainId, address) {
+        this.success = true;
+        this.deviceID = deviceID;
+        this.uuid = uuid;
+        this.accountType = accountType;
+        this.chainId = chainId;
+        this.address = address;
+        this.version = null;
+    }
+}
+class UpdateAuthenticationResponse {
+    uuid;
+    success;
+    action = Event.AUTHENTICATION_UPDATED;
+    version;
+    constructor(uuid) {
+        this.success = true;
+        this.uuid = uuid;
+        this.version = null;
+    }
+}
+class SignResponse {
+    uuid;
+    success;
+    signature;
+    action = Event.SIGNED;
+    version;
+    constructor(uuid, signature) {
+        this.success = true;
+        this.signature = signature;
+        this.uuid = uuid;
+        this.version = null;
+    }
+}
+class LogoutResponse {
+    uuid;
+    success;
+    action = Event.LOGGED_OUT;
+    constructor(uuid) {
+        this.success = true;
+        this.uuid = uuid;
+    }
+}
+class UpdateAuthenticationRequest {
+    uuid;
+    action = Event.UPDATE_AUTHENTICATION;
+    accessToken;
+    recovery;
+    constructor(uuid, accessToken, recovery) {
+        this.uuid = uuid;
+        this.accessToken = accessToken;
+        this.recovery = recovery;
+    }
+}
+exports.ShieldAuthType = void 0;
+(function (ShieldAuthType) {
+    ShieldAuthType["OPENFORT"] = "openfort";
+    ShieldAuthType["CUSTOM"] = "custom";
+})(exports.ShieldAuthType || (exports.ShieldAuthType = {}));
+
 const authTokenStorageKey = 'openfort.auth_token';
 const thirdPartyProviderStorageKey = 'openfort.third_party_provider';
 const thirdPartyProviderTokenTypeStorageKey = 'openfort.third_party_provider_token_type';
@@ -5427,6 +5586,11 @@ class InstanceManager {
     getShieldAuthType() {
         if (!this.accountType) {
             this.accountType = this.persistentStorage.get(shieldAuthTypeStorageKey);
+            if (this.accountType === null) {
+                // TODO: remove, this is for backward compatibility
+                this.setShieldAuthType(exports.ShieldAuthType.OPENFORT);
+                this.accountType = exports.ShieldAuthType.OPENFORT;
+            }
         }
         return this.accountType;
     }
@@ -5553,6 +5717,12 @@ class SessionSigner {
     updateAuthentication() {
         return Promise.resolve();
     }
+    export() {
+        if (this.sessionKey === null) {
+            throw new Error('Session key is not loaded.');
+        }
+        return Promise.resolve(this.sessionKey.getPrivateKey());
+    }
 }
 
 class EmbeddedSigner {
@@ -5577,7 +5747,8 @@ class EmbeddedSigner {
         if (!accessToken) {
             return;
         }
-        await this.iframeManager.updateAuthentication(this.iframeConfiguration, accessToken.token);
+        const shieldAuthType = this.instanceManager.getShieldAuthType();
+        await this.iframeManager.updateAuthentication(this.iframeConfiguration, accessToken.token, shieldAuthType);
     }
     // eslint-disable-next-line class-methods-use-this
     getSingerType() {
@@ -5606,6 +5777,13 @@ class EmbeddedSigner {
         }
         return await this.iframeManager.sign(this.iframeConfiguration, message, requireArrayify, requireHash);
     }
+    async export() {
+        const loaded = await this.isLoaded();
+        if (!loaded) {
+            throw new Error('Signer is not loaded');
+        }
+        return await this.iframeManager.export(this.iframeConfiguration);
+    }
     getDeviceID() {
         return this.instanceManager.getDeviceID();
     }
@@ -5652,153 +5830,6 @@ class SessionStorage {
     }
 }
 
-var Event;
-(function (Event) {
-    Event["LOADED"] = "loaded";
-    Event["CONFIGURE"] = "configure";
-    Event["CONFIGURED"] = "configured";
-    Event["UPDATE_AUTHENTICATION"] = "update-authentication";
-    Event["AUTHENTICATION_UPDATED"] = "authentication-updated";
-    Event["SIGN"] = "sign";
-    Event["SIGNED"] = "signed";
-    Event["LOGOUT"] = "logout";
-    Event["LOGGED_OUT"] = "logged-out";
-    Event["GET_CURRENT_DEVICE"] = "get-current-device";
-    Event["CURRENT_DEVICE"] = "current-device";
-    Event["PING"] = "ping";
-    Event["PONG"] = "pong";
-})(Event || (Event = {}));
-const NOT_CONFIGURED_ERROR = 'not-configured-error';
-const MISSING_USER_ENTROPY_ERROR = 'missing-user-entropy-error';
-const INCORRECT_USER_ENTROPY_ERROR = 'incorrect-user-entropy-error';
-class GetCurrentDeviceRequest {
-    uuid;
-    action = Event.GET_CURRENT_DEVICE;
-    playerID;
-    constructor(uuid, playerId) {
-        this.uuid = uuid;
-        this.playerID = playerId;
-    }
-}
-class PingRequest {
-    uuid;
-    action = Event.PING;
-    constructor(uuid) {
-        this.uuid = uuid;
-    }
-}
-class GetCurrentDeviceResponse {
-    uuid;
-    success;
-    action = Event.CURRENT_DEVICE;
-    deviceID;
-    accountType;
-    version = null;
-    chainId;
-    address;
-    constructor(uuid, deviceID, accountType, chainId, address) {
-        this.uuid = uuid;
-        this.success = true;
-        this.deviceID = deviceID;
-        this.accountType = accountType;
-        this.chainId = chainId;
-        this.address = address;
-    }
-}
-class LogoutRequest {
-    uuid;
-    action = Event.LOGOUT;
-    constructor(uuid) {
-        this.uuid = uuid;
-    }
-}
-class SignRequest {
-    uuid;
-    action = Event.SIGN;
-    message;
-    requireArrayify;
-    requireHash;
-    requestConfiguration;
-    constructor(uuid, message, requireArrayify, requireHash, requestConfiguration) {
-        this.uuid = uuid;
-        this.message = message;
-        this.requireArrayify = requireArrayify;
-        this.requireHash = requireHash;
-        this.requestConfiguration = requestConfiguration;
-    }
-}
-function isErrorResponse(response) {
-    return 'error' in response;
-}
-class ConfigureResponse {
-    uuid;
-    success;
-    deviceID;
-    address;
-    chainId;
-    accountType;
-    action = Event.CONFIGURED;
-    version;
-    constructor(uuid, deviceID, accountType, chainId, address) {
-        this.success = true;
-        this.deviceID = deviceID;
-        this.uuid = uuid;
-        this.accountType = accountType;
-        this.chainId = chainId;
-        this.address = address;
-        this.version = null;
-    }
-}
-class UpdateAuthenticationResponse {
-    uuid;
-    success;
-    action = Event.AUTHENTICATION_UPDATED;
-    version;
-    constructor(uuid) {
-        this.success = true;
-        this.uuid = uuid;
-        this.version = null;
-    }
-}
-class SignResponse {
-    uuid;
-    success;
-    signature;
-    action = Event.SIGNED;
-    version;
-    constructor(uuid, signature) {
-        this.success = true;
-        this.signature = signature;
-        this.uuid = uuid;
-        this.version = null;
-    }
-}
-class LogoutResponse {
-    uuid;
-    success;
-    action = Event.LOGGED_OUT;
-    constructor(uuid) {
-        this.success = true;
-        this.uuid = uuid;
-    }
-}
-class UpdateAuthenticationRequest {
-    uuid;
-    action = Event.UPDATE_AUTHENTICATION;
-    accessToken;
-    recovery;
-    constructor(uuid, accessToken, recovery) {
-        this.uuid = uuid;
-        this.accessToken = accessToken;
-        this.recovery = recovery;
-    }
-}
-exports.ShieldAuthType = void 0;
-(function (ShieldAuthType) {
-    ShieldAuthType["OPENFORT"] = "openfort";
-    ShieldAuthType["CUSTOM"] = "custom";
-})(exports.ShieldAuthType || (exports.ShieldAuthType = {}));
-
 class MissingRecoveryPasswordError extends Error {
     constructor() {
         super('This embedded signer requires a password to be recovered');
@@ -5944,6 +5975,7 @@ class IframeManager {
             thirdPartyTokenType: iframeConfiguration.thirdPartyTokenType,
             encryptionKey: password ?? null,
             encryptionPart: this.sdkConfiguration?.shieldConfiguration?.shieldEncryptionKey ?? null,
+            encryptionSession: this.sdkConfiguration?.shieldConfiguration?.shieldEncryptionSession ?? null,
             openfortURL: this.sdkConfiguration.backendUrl,
             shieldURL: this.sdkConfiguration.shieldUrl,
         };
@@ -5978,6 +6010,32 @@ class IframeManager {
         sessionStorage.setItem('iframe-version', response.version ?? 'undefined');
         return response.signature;
     }
+    async export(iframeConfiguration) {
+        await this.waitForIframeLoad();
+        const uuid = this.generateShortUUID();
+        const requestConfiguration = {
+            thirdPartyProvider: iframeConfiguration.thirdPartyProvider ?? undefined,
+            thirdPartyTokenType: iframeConfiguration.thirdPartyTokenType ?? undefined,
+            token: iframeConfiguration.accessToken ?? undefined,
+            publishableKey: this.sdkConfiguration.baseConfiguration.publishableKey,
+            openfortURL: this.sdkConfiguration.backendUrl,
+        };
+        const request = new ExportPrivateKeyRequest(uuid, requestConfiguration);
+        this.iframe?.contentWindow?.postMessage(request, '*');
+        let response;
+        try {
+            response = await this.waitForResponse(uuid);
+        }
+        catch (e) {
+            if (e instanceof NotConfiguredError) {
+                await this.configure(iframeConfiguration);
+                return this.export(iframeConfiguration);
+            }
+            throw e;
+        }
+        sessionStorage.setItem('iframe-version', response.version ?? 'undefined');
+        return response.key;
+    }
     async getCurrentUser(playerId) {
         await this.waitForIframeLoad();
         const uuid = this.generateShortUUID();
@@ -6002,9 +6060,13 @@ class IframeManager {
         this.iframe?.contentWindow?.postMessage(request, '*');
         await this.waitForResponse(uuid);
     }
-    async updateAuthentication(iframeConfiguration, token) {
+    async updateAuthentication(iframeConfiguration, token, shieldAuthType) {
         // eslint-disable-next-line no-param-reassign
         iframeConfiguration.accessToken = token;
+        if (shieldAuthType === exports.ShieldAuthType.OPENFORT && iframeConfiguration.recovery) {
+            // eslint-disable-next-line no-param-reassign
+            iframeConfiguration.recovery.token = token;
+        }
         await this.waitForIframeLoad();
         const uuid = this.generateShortUUID();
         const request = new UpdateAuthenticationRequest(uuid, token);
@@ -6015,7 +6077,7 @@ class IframeManager {
         catch (e) {
             if (e instanceof NotConfiguredError) {
                 await this.configure(iframeConfiguration);
-                await this.updateAuthentication(iframeConfiguration, token);
+                await this.updateAuthentication(iframeConfiguration, token, shieldAuthType);
                 return;
             }
             throw e;
@@ -6144,10 +6206,18 @@ class Openfort {
                 this.instanceManager.setShieldAuthToken(shieldAuthentication?.token);
             }
         }
-        const signer = this.newEmbeddedSigner(chainId);
-        await signer.ensureEmbeddedAccount(recoveryPassword);
-        this.signer = signer;
-        this.instanceManager.setSignerType(SignerType.EMBEDDED);
+        try {
+            const signer = this.newEmbeddedSigner(chainId);
+            await signer.ensureEmbeddedAccount(recoveryPassword);
+            this.signer = signer;
+            this.instanceManager.setSignerType(SignerType.EMBEDDED);
+        }
+        catch (e) {
+            if (e instanceof MissingRecoveryPasswordError) {
+                await this.flushSigner();
+                throw e;
+            }
+        }
     }
     /**
      * Logs in a user with email and password.
@@ -6433,6 +6503,22 @@ class Openfort {
         const { hashMessage = true, arrayifyMessage = false } = options || {};
         return await this.signer.sign(message, arrayifyMessage, hashMessage);
     }
+    /**
+     * Exports the private key.
+     *
+     * @returns The private key.
+     * @throws {OpenfortError} If no signer is configured.
+     */
+    async exportPrivateKey() {
+        await this.recoverSigner();
+        if (!this.signer) {
+            throw new OpenfortError('In order to sign a message, an embedded signer must be configured', exports.OpenfortErrorType.MISSING_EMBEDDED_SIGNER_ERROR);
+        }
+        if (this.signer.useCredentials()) {
+            await this.validateAndRefreshToken();
+        }
+        return await this.signer.export();
+    }
     /**
      * Signs typed data.
      *
@@ -6603,13 +6689,7 @@ class Openfort {
         if (!this.credentialsProvided()) {
             throw new OpenfortError('Must be logged in to configure embedded signer', exports.OpenfortErrorType.NOT_LOGGED_IN_ERROR);
         }
-        let shieldAuthType = this.instanceManager.getShieldAuthType();
-        if (!shieldAuthType) {
-            // TODO: remove, this is for backward compatibility
-            this.instanceManager.setShieldAuthType(exports.ShieldAuthType.OPENFORT);
-            shieldAuthType = exports.ShieldAuthType.OPENFORT;
-            // throw new OpenfortError('Shield auth type is not set', OpenfortErrorType.INVALID_CONFIGURATION);
-        }
+        const shieldAuthType = this.instanceManager.getShieldAuthType();
         const token = shieldAuthType === exports.ShieldAuthType.OPENFORT
             ? this.instanceManager.getAccessToken()?.token
             : this.instanceManager.getShieldAuthToken();

package/dist/index.d.ts

@@ -433,10 +433,12 @@ declare class OpenfortConfiguration {
 declare class ShieldConfiguration {
     readonly shieldPublishableKey: string;
     readonly shieldEncryptionKey?: string;
+    readonly shieldEncryptionSession?: string;
     readonly debug?: boolean;
     constructor(options: {
         shieldPublishableKey: string;
         shieldEncryptionKey?: string;
+        shieldEncryptionSession?: string;
         shieldDebug?: boolean;
     });
 }
@@ -800,6 +802,13 @@ declare class Openfort {
         hashMessage?: boolean;
         arrayifyMessage?: boolean;
     }): Promise<string>;
+    /**
+     * Exports the private key.
+     *
+     * @returns The private key.
+     * @throws {OpenfortError} If no signer is configured.
+     */
+    exportPrivateKey(): Promise<string>;
     /**
      * Signs typed data.
      *

package/dist/index.js

@@ -3181,10 +3181,12 @@ class OpenfortConfiguration {
 class ShieldConfiguration {
     shieldPublishableKey;
     shieldEncryptionKey;
+    shieldEncryptionSession;
     debug = false;
     constructor(options) {
         this.shieldPublishableKey = options.shieldPublishableKey;
         this.shieldEncryptionKey = options.shieldEncryptionKey;
+        this.shieldEncryptionSession = options.shieldEncryptionSession;
         this.debug = options.shieldDebug || false;
     }
 }
@@ -5155,6 +5157,163 @@ class AuthManager {
     }
 }
 
+var Event;
+(function (Event) {
+    Event["LOADED"] = "loaded";
+    Event["CONFIGURE"] = "configure";
+    Event["CONFIGURED"] = "configured";
+    Event["UPDATE_AUTHENTICATION"] = "update-authentication";
+    Event["AUTHENTICATION_UPDATED"] = "authentication-updated";
+    Event["SIGN"] = "sign";
+    Event["EXPORT"] = "export";
+    Event["SIGNED"] = "signed";
+    Event["LOGOUT"] = "logout";
+    Event["LOGGED_OUT"] = "logged-out";
+    Event["GET_CURRENT_DEVICE"] = "get-current-device";
+    Event["CURRENT_DEVICE"] = "current-device";
+    Event["PING"] = "ping";
+    Event["PONG"] = "pong";
+})(Event || (Event = {}));
+const NOT_CONFIGURED_ERROR = 'not-configured-error';
+const MISSING_USER_ENTROPY_ERROR = 'missing-user-entropy-error';
+const INCORRECT_USER_ENTROPY_ERROR = 'incorrect-user-entropy-error';
+class GetCurrentDeviceRequest {
+    uuid;
+    action = Event.GET_CURRENT_DEVICE;
+    playerID;
+    constructor(uuid, playerId) {
+        this.uuid = uuid;
+        this.playerID = playerId;
+    }
+}
+class PingRequest {
+    uuid;
+    action = Event.PING;
+    constructor(uuid) {
+        this.uuid = uuid;
+    }
+}
+class GetCurrentDeviceResponse {
+    uuid;
+    success;
+    action = Event.CURRENT_DEVICE;
+    deviceID;
+    accountType;
+    version = null;
+    chainId;
+    address;
+    constructor(uuid, deviceID, accountType, chainId, address) {
+        this.uuid = uuid;
+        this.success = true;
+        this.deviceID = deviceID;
+        this.accountType = accountType;
+        this.chainId = chainId;
+        this.address = address;
+    }
+}
+class LogoutRequest {
+    uuid;
+    action = Event.LOGOUT;
+    constructor(uuid) {
+        this.uuid = uuid;
+    }
+}
+class SignRequest {
+    uuid;
+    action = Event.SIGN;
+    message;
+    requireArrayify;
+    requireHash;
+    requestConfiguration;
+    constructor(uuid, message, requireArrayify, requireHash, requestConfiguration) {
+        this.uuid = uuid;
+        this.message = message;
+        this.requireArrayify = requireArrayify;
+        this.requireHash = requireHash;
+        this.requestConfiguration = requestConfiguration;
+    }
+}
+class ExportPrivateKeyRequest {
+    uuid;
+    action = Event.EXPORT;
+    requestConfiguration;
+    constructor(uuid, requestConfiguration) {
+        this.uuid = uuid;
+        this.requestConfiguration = requestConfiguration;
+    }
+}
+function isErrorResponse(response) {
+    return 'error' in response;
+}
+class ConfigureResponse {
+    uuid;
+    success;
+    deviceID;
+    address;
+    chainId;
+    accountType;
+    action = Event.CONFIGURED;
+    version;
+    constructor(uuid, deviceID, accountType, chainId, address) {
+        this.success = true;
+        this.deviceID = deviceID;
+        this.uuid = uuid;
+        this.accountType = accountType;
+        this.chainId = chainId;
+        this.address = address;
+        this.version = null;
+    }
+}
+class UpdateAuthenticationResponse {
+    uuid;
+    success;
+    action = Event.AUTHENTICATION_UPDATED;
+    version;
+    constructor(uuid) {
+        this.success = true;
+        this.uuid = uuid;
+        this.version = null;
+    }
+}
+class SignResponse {
+    uuid;
+    success;
+    signature;
+    action = Event.SIGNED;
+    version;
+    constructor(uuid, signature) {
+        this.success = true;
+        this.signature = signature;
+        this.uuid = uuid;
+        this.version = null;
+    }
+}
+class LogoutResponse {
+    uuid;
+    success;
+    action = Event.LOGGED_OUT;
+    constructor(uuid) {
+        this.success = true;
+        this.uuid = uuid;
+    }
+}
+class UpdateAuthenticationRequest {
+    uuid;
+    action = Event.UPDATE_AUTHENTICATION;
+    accessToken;
+    recovery;
+    constructor(uuid, accessToken, recovery) {
+        this.uuid = uuid;
+        this.accessToken = accessToken;
+        this.recovery = recovery;
+    }
+}
+var ShieldAuthType;
+(function (ShieldAuthType) {
+    ShieldAuthType["OPENFORT"] = "openfort";
+    ShieldAuthType["CUSTOM"] = "custom";
+})(ShieldAuthType || (ShieldAuthType = {}));
+
 const authTokenStorageKey = 'openfort.auth_token';
 const thirdPartyProviderStorageKey = 'openfort.third_party_provider';
 const thirdPartyProviderTokenTypeStorageKey = 'openfort.third_party_provider_token_type';
@@ -5404,6 +5563,11 @@ class InstanceManager {
     getShieldAuthType() {
         if (!this.accountType) {
             this.accountType = this.persistentStorage.get(shieldAuthTypeStorageKey);
+            if (this.accountType === null) {
+                // TODO: remove, this is for backward compatibility
+                this.setShieldAuthType(ShieldAuthType.OPENFORT);
+                this.accountType = ShieldAuthType.OPENFORT;
+            }
         }
         return this.accountType;
     }
@@ -5530,6 +5694,12 @@ class SessionSigner {
     updateAuthentication() {
         return Promise.resolve();
     }
+    export() {
+        if (this.sessionKey === null) {
+            throw new Error('Session key is not loaded.');
+        }
+        return Promise.resolve(this.sessionKey.getPrivateKey());
+    }
 }
 
 class EmbeddedSigner {
@@ -5554,7 +5724,8 @@ class EmbeddedSigner {
         if (!accessToken) {
             return;
         }
-        await this.iframeManager.updateAuthentication(this.iframeConfiguration, accessToken.token);
+        const shieldAuthType = this.instanceManager.getShieldAuthType();
+        await this.iframeManager.updateAuthentication(this.iframeConfiguration, accessToken.token, shieldAuthType);
     }
     // eslint-disable-next-line class-methods-use-this
     getSingerType() {
@@ -5583,6 +5754,13 @@ class EmbeddedSigner {
         }
         return await this.iframeManager.sign(this.iframeConfiguration, message, requireArrayify, requireHash);
     }
+    async export() {
+        const loaded = await this.isLoaded();
+        if (!loaded) {
+            throw new Error('Signer is not loaded');
+        }
+        return await this.iframeManager.export(this.iframeConfiguration);
+    }
     getDeviceID() {
         return this.instanceManager.getDeviceID();
     }
@@ -5629,153 +5807,6 @@ class SessionStorage {
     }
 }
 
-var Event;
-(function (Event) {
-    Event["LOADED"] = "loaded";
-    Event["CONFIGURE"] = "configure";
-    Event["CONFIGURED"] = "configured";
-    Event["UPDATE_AUTHENTICATION"] = "update-authentication";
-    Event["AUTHENTICATION_UPDATED"] = "authentication-updated";
-    Event["SIGN"] = "sign";
-    Event["SIGNED"] = "signed";
-    Event["LOGOUT"] = "logout";
-    Event["LOGGED_OUT"] = "logged-out";
-    Event["GET_CURRENT_DEVICE"] = "get-current-device";
-    Event["CURRENT_DEVICE"] = "current-device";
-    Event["PING"] = "ping";
-    Event["PONG"] = "pong";
-})(Event || (Event = {}));
-const NOT_CONFIGURED_ERROR = 'not-configured-error';
-const MISSING_USER_ENTROPY_ERROR = 'missing-user-entropy-error';
-const INCORRECT_USER_ENTROPY_ERROR = 'incorrect-user-entropy-error';
-class GetCurrentDeviceRequest {
-    uuid;
-    action = Event.GET_CURRENT_DEVICE;
-    playerID;
-    constructor(uuid, playerId) {
-        this.uuid = uuid;
-        this.playerID = playerId;
-    }
-}
-class PingRequest {
-    uuid;
-    action = Event.PING;
-    constructor(uuid) {
-        this.uuid = uuid;
-    }
-}
-class GetCurrentDeviceResponse {
-    uuid;
-    success;
-    action = Event.CURRENT_DEVICE;
-    deviceID;
-    accountType;
-    version = null;
-    chainId;
-    address;
-    constructor(uuid, deviceID, accountType, chainId, address) {
-        this.uuid = uuid;
-        this.success = true;
-        this.deviceID = deviceID;
-        this.accountType = accountType;
-        this.chainId = chainId;
-        this.address = address;
-    }
-}
-class LogoutRequest {
-    uuid;
-    action = Event.LOGOUT;
-    constructor(uuid) {
-        this.uuid = uuid;
-    }
-}
-class SignRequest {
-    uuid;
-    action = Event.SIGN;
-    message;
-    requireArrayify;
-    requireHash;
-    requestConfiguration;
-    constructor(uuid, message, requireArrayify, requireHash, requestConfiguration) {
-        this.uuid = uuid;
-        this.message = message;
-        this.requireArrayify = requireArrayify;
-        this.requireHash = requireHash;
-        this.requestConfiguration = requestConfiguration;
-    }
-}
-function isErrorResponse(response) {
-    return 'error' in response;
-}
-class ConfigureResponse {
-    uuid;
-    success;
-    deviceID;
-    address;
-    chainId;
-    accountType;
-    action = Event.CONFIGURED;
-    version;
-    constructor(uuid, deviceID, accountType, chainId, address) {
-        this.success = true;
-        this.deviceID = deviceID;
-        this.uuid = uuid;
-        this.accountType = accountType;
-        this.chainId = chainId;
-        this.address = address;
-        this.version = null;
-    }
-}
-class UpdateAuthenticationResponse {
-    uuid;
-    success;
-    action = Event.AUTHENTICATION_UPDATED;
-    version;
-    constructor(uuid) {
-        this.success = true;
-        this.uuid = uuid;
-        this.version = null;
-    }
-}
-class SignResponse {
-    uuid;
-    success;
-    signature;
-    action = Event.SIGNED;
-    version;
-    constructor(uuid, signature) {
-        this.success = true;
-        this.signature = signature;
-        this.uuid = uuid;
-        this.version = null;
-    }
-}
-class LogoutResponse {
-    uuid;
-    success;
-    action = Event.LOGGED_OUT;
-    constructor(uuid) {
-        this.success = true;
-        this.uuid = uuid;
-    }
-}
-class UpdateAuthenticationRequest {
-    uuid;
-    action = Event.UPDATE_AUTHENTICATION;
-    accessToken;
-    recovery;
-    constructor(uuid, accessToken, recovery) {
-        this.uuid = uuid;
-        this.accessToken = accessToken;
-        this.recovery = recovery;
-    }
-}
-var ShieldAuthType;
-(function (ShieldAuthType) {
-    ShieldAuthType["OPENFORT"] = "openfort";
-    ShieldAuthType["CUSTOM"] = "custom";
-})(ShieldAuthType || (ShieldAuthType = {}));
-
 class MissingRecoveryPasswordError extends Error {
     constructor() {
         super('This embedded signer requires a password to be recovered');
@@ -5921,6 +5952,7 @@ class IframeManager {
             thirdPartyTokenType: iframeConfiguration.thirdPartyTokenType,
             encryptionKey: password ?? null,
             encryptionPart: this.sdkConfiguration?.shieldConfiguration?.shieldEncryptionKey ?? null,
+            encryptionSession: this.sdkConfiguration?.shieldConfiguration?.shieldEncryptionSession ?? null,
             openfortURL: this.sdkConfiguration.backendUrl,
             shieldURL: this.sdkConfiguration.shieldUrl,
         };
@@ -5955,6 +5987,32 @@ class IframeManager {
         sessionStorage.setItem('iframe-version', response.version ?? 'undefined');
         return response.signature;
     }
+    async export(iframeConfiguration) {
+        await this.waitForIframeLoad();
+        const uuid = this.generateShortUUID();
+        const requestConfiguration = {
+            thirdPartyProvider: iframeConfiguration.thirdPartyProvider ?? undefined,
+            thirdPartyTokenType: iframeConfiguration.thirdPartyTokenType ?? undefined,
+            token: iframeConfiguration.accessToken ?? undefined,
+            publishableKey: this.sdkConfiguration.baseConfiguration.publishableKey,
+            openfortURL: this.sdkConfiguration.backendUrl,
+        };
+        const request = new ExportPrivateKeyRequest(uuid, requestConfiguration);
+        this.iframe?.contentWindow?.postMessage(request, '*');
+        let response;
+        try {
+            response = await this.waitForResponse(uuid);
+        }
+        catch (e) {
+            if (e instanceof NotConfiguredError) {
+                await this.configure(iframeConfiguration);
+                return this.export(iframeConfiguration);
+            }
+            throw e;
+        }
+        sessionStorage.setItem('iframe-version', response.version ?? 'undefined');
+        return response.key;
+    }
     async getCurrentUser(playerId) {
         await this.waitForIframeLoad();
         const uuid = this.generateShortUUID();
@@ -5979,9 +6037,13 @@ class IframeManager {
         this.iframe?.contentWindow?.postMessage(request, '*');
         await this.waitForResponse(uuid);
     }
-    async updateAuthentication(iframeConfiguration, token) {
+    async updateAuthentication(iframeConfiguration, token, shieldAuthType) {
         // eslint-disable-next-line no-param-reassign
         iframeConfiguration.accessToken = token;
+        if (shieldAuthType === ShieldAuthType.OPENFORT && iframeConfiguration.recovery) {
+            // eslint-disable-next-line no-param-reassign
+            iframeConfiguration.recovery.token = token;
+        }
         await this.waitForIframeLoad();
         const uuid = this.generateShortUUID();
         const request = new UpdateAuthenticationRequest(uuid, token);
@@ -5992,7 +6054,7 @@ class IframeManager {
         catch (e) {
             if (e instanceof NotConfiguredError) {
                 await this.configure(iframeConfiguration);
-                await this.updateAuthentication(iframeConfiguration, token);
+                await this.updateAuthentication(iframeConfiguration, token, shieldAuthType);
                 return;
             }
             throw e;
@@ -6121,10 +6183,18 @@ class Openfort {
                 this.instanceManager.setShieldAuthToken(shieldAuthentication?.token);
             }
         }
-        const signer = this.newEmbeddedSigner(chainId);
-        await signer.ensureEmbeddedAccount(recoveryPassword);
-        this.signer = signer;
-        this.instanceManager.setSignerType(SignerType.EMBEDDED);
+        try {
+            const signer = this.newEmbeddedSigner(chainId);
+            await signer.ensureEmbeddedAccount(recoveryPassword);
+            this.signer = signer;
+            this.instanceManager.setSignerType(SignerType.EMBEDDED);
+        }
+        catch (e) {
+            if (e instanceof MissingRecoveryPasswordError) {
+                await this.flushSigner();
+                throw e;
+            }
+        }
     }
     /**
      * Logs in a user with email and password.
@@ -6410,6 +6480,22 @@ class Openfort {
         const { hashMessage = true, arrayifyMessage = false } = options || {};
         return await this.signer.sign(message, arrayifyMessage, hashMessage);
     }
+    /**
+     * Exports the private key.
+     *
+     * @returns The private key.
+     * @throws {OpenfortError} If no signer is configured.
+     */
+    async exportPrivateKey() {
+        await this.recoverSigner();
+        if (!this.signer) {
+            throw new OpenfortError('In order to sign a message, an embedded signer must be configured', OpenfortErrorType.MISSING_EMBEDDED_SIGNER_ERROR);
+        }
+        if (this.signer.useCredentials()) {
+            await this.validateAndRefreshToken();
+        }
+        return await this.signer.export();
+    }
     /**
      * Signs typed data.
      *
@@ -6580,13 +6666,7 @@ class Openfort {
         if (!this.credentialsProvided()) {
             throw new OpenfortError('Must be logged in to configure embedded signer', OpenfortErrorType.NOT_LOGGED_IN_ERROR);
         }
-        let shieldAuthType = this.instanceManager.getShieldAuthType();
-        if (!shieldAuthType) {
-            // TODO: remove, this is for backward compatibility
-            this.instanceManager.setShieldAuthType(ShieldAuthType.OPENFORT);
-            shieldAuthType = ShieldAuthType.OPENFORT;
-            // throw new OpenfortError('Shield auth type is not set', OpenfortErrorType.INVALID_CONFIGURATION);
-        }
+        const shieldAuthType = this.instanceManager.getShieldAuthType();
         const token = shieldAuthType === ShieldAuthType.OPENFORT
             ? this.instanceManager.getAccessToken()?.token
             : this.instanceManager.getShieldAuthToken();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openfort/openfort-js",
-  "version": "0.7.15",
+  "version": "0.7.17",
   "author": "Openfort (https://www.openfort.xyz)",
   "bugs": "https://github.com/openfort-xyz/openfort-js/issues",
   "repository": "openfort-xyz/openfort-js.git",