@phantom/embedded-provider-core 1.0.0-beta.21 → 1.0.0-beta.24

package/dist/index.js

@@ -32,10 +32,10 @@ var src_exports = {};
 __export(src_exports, {
   AUTHENTICATOR_EXPIRATION_TIME_MS: () => AUTHENTICATOR_EXPIRATION_TIME_MS,
   AUTHENTICATOR_RENEWAL_WINDOW_MS: () => AUTHENTICATOR_RENEWAL_WINDOW_MS,
+  EMBEDDED_PROVIDER_AUTH_TYPES: () => EMBEDDED_PROVIDER_AUTH_TYPES,
   EmbeddedEthereumChain: () => EmbeddedEthereumChain,
   EmbeddedProvider: () => EmbeddedProvider,
   EmbeddedSolanaChain: () => EmbeddedSolanaChain,
-  JWTAuth: () => JWTAuth,
   generateSessionId: () => generateSessionId,
   retryWithBackoff: () => retryWithBackoff
 });
@@ -52,91 +52,7 @@ var import_bs582 = __toESM(require("bs58"));
 // src/constants.ts
 var AUTHENTICATOR_EXPIRATION_TIME_MS = 7 * 24 * 60 * 60 * 1e3;
 var AUTHENTICATOR_RENEWAL_WINDOW_MS = 2 * 24 * 60 * 60 * 1e3;
-
-// src/auth/jwt-auth.ts
-var JWTAuth = class {
-  async authenticate(options) {
-    if (!options.jwtToken || typeof options.jwtToken !== "string") {
-      throw new Error("Invalid JWT token: token must be a non-empty string");
-    }
-    const jwtParts = options.jwtToken.split(".");
-    if (jwtParts.length !== 3) {
-      throw new Error("Invalid JWT token format: token must have 3 parts separated by dots");
-    }
-    try {
-      const response = await fetch("/api/auth/jwt", {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json",
-          Authorization: `Bearer ${options.jwtToken}`,
-          "X-PHANTOM-APPID": options.appId
-        },
-        body: JSON.stringify({
-          appId: options.appId,
-          publicKey: options.publicKey
-        })
-      });
-      if (!response.ok) {
-        let errorMessage = `HTTP ${response.status}`;
-        try {
-          const errorData = await response.json();
-          errorMessage = errorData.message || errorData.error || errorMessage;
-        } catch {
-          errorMessage = response.statusText || errorMessage;
-        }
-        switch (response.status) {
-          case 400:
-            throw new Error(`Invalid JWT authentication request: ${errorMessage}`);
-          case 401:
-            throw new Error(`JWT token is invalid or expired: ${errorMessage}`);
-          case 403:
-            throw new Error(`JWT authentication forbidden: ${errorMessage}`);
-          case 404:
-            throw new Error(`JWT authentication endpoint not found: ${errorMessage}`);
-          case 429:
-            throw new Error(`Too many JWT authentication requests: ${errorMessage}`);
-          case 500:
-          case 502:
-          case 503:
-          case 504:
-            throw new Error(`JWT authentication server error: ${errorMessage}`);
-          default:
-            throw new Error(`JWT authentication failed: ${errorMessage}`);
-        }
-      }
-      let result;
-      try {
-        result = await response.json();
-      } catch (parseError) {
-        throw new Error("Invalid response from JWT authentication server: response is not valid JSON");
-      }
-      if (!result.walletId) {
-        throw new Error("Invalid JWT authentication response: missing walletId");
-      }
-      if (!result.organizationId) {
-        throw new Error("Invalid JWT authentication response: missing organizationId");
-      }
-      if (!result.expiresInMs) {
-        throw new Error("Invalid JWT authentication response: missing expiresInMs");
-      }
-      return {
-        walletId: result.walletId,
-        organizationId: result.organizationId,
-        provider: "jwt",
-        expiresInMs: result.expiresInMs,
-        accountDerivationIndex: result.accountDerivationIndex || 0
-      };
-    } catch (error) {
-      if (error instanceof TypeError && error.message.includes("fetch")) {
-        throw new Error("JWT authentication failed: network error or invalid endpoint");
-      }
-      if (error instanceof Error) {
-        throw error;
-      }
-      throw new Error(`JWT authentication error: ${String(error)}`);
-    }
-  }
-};
+var EMBEDDED_PROVIDER_AUTH_TYPES = ["google", "apple", "x", "phantom", "tiktok"];
 
 // src/chains/SolanaChain.ts
 var import_eventemitter3 = require("eventemitter3");
@@ -536,7 +452,6 @@ var EmbeddedProvider = class {
     this.phantomAppProvider = platform.phantomAppProvider;
     this.urlParamsAccessor = platform.urlParamsAccessor;
     this.stamper = platform.stamper;
-    this.jwtAuth = new JWTAuth();
     this.solana = new EmbeddedSolanaChain(this);
     this.ethereum = new EmbeddedEthereumChain(this);
     this.logger.info("EMBEDDED_PROVIDER", "EmbeddedProvider initialized");
@@ -677,7 +592,11 @@ var EmbeddedProvider = class {
     this.logger.log("EMBEDDED_PROVIDER", "Getting existing session");
     let session = await this.storage.getSession();
     session = await this.validateAndCleanSession(session);
-    if (session && session.status === "completed") {
+    if (!session) {
+      this.logger.log("EMBEDDED_PROVIDER", "No existing session found");
+      return null;
+    }
+    if (session.status === "completed") {
       this.logger.info("EMBEDDED_PROVIDER", "Using existing completed session", {
         sessionId: session.sessionId,
         walletId: session.walletId
@@ -694,8 +613,8 @@ var EmbeddedProvider = class {
         walletId: this.walletId,
         addresses: this.addresses,
         status: "completed",
-        providerType: "embedded",
-        authUserId: session.authUserId
+        authUserId: session.authUserId,
+        authProvider: session.authProvider
       };
       this.emit("connect", {
         ...result,
@@ -705,7 +624,7 @@ var EmbeddedProvider = class {
     }
     this.logger.log("EMBEDDED_PROVIDER", "No completed session found, checking for redirect resume");
     if (this.authProvider.resumeAuthFromRedirect) {
-      const authResult = this.authProvider.resumeAuthFromRedirect();
+      const authResult = this.authProvider.resumeAuthFromRedirect(session.authProvider);
       if (authResult) {
         this.logger.info("EMBEDDED_PROVIDER", "Resuming from redirect", {
           walletId: authResult.walletId,
@@ -737,11 +656,10 @@ var EmbeddedProvider = class {
    * This ensures only supported auth providers are used and required tokens are present.
    */
   validateAuthOptions(authOptions) {
-    if (!["google", "apple", "jwt", "phantom"].includes(authOptions.provider)) {
-      throw new Error(`Invalid auth provider: ${authOptions.provider}. Must be "google", "apple", "jwt", or "phantom"`);
-    }
-    if (authOptions.provider === "jwt" && !authOptions.jwtToken) {
-      throw new Error("JWT token is required when using JWT authentication");
+    if (!EMBEDDED_PROVIDER_AUTH_TYPES.includes(authOptions.provider)) {
+      throw new Error(
+        `Invalid auth provider: ${authOptions.provider}. Must be "google", "apple", "phantom", "tiktok", or "x"`
+      );
     }
   }
   /*
@@ -881,8 +799,7 @@ var EmbeddedProvider = class {
     try {
       this.logger.info("EMBEDDED_PROVIDER", "Starting embedded provider connect", {
         authOptions: {
-          provider: authOptions.provider,
-          hasJwtToken: !!authOptions.jwtToken
+          provider: authOptions.provider
         }
       });
       this.emit("connect_start", {
@@ -912,10 +829,10 @@ var EmbeddedProvider = class {
         return {
           addresses: [],
           status: "pending",
-          providerType: "embedded"
+          authProvider: authOptions.provider
         };
       }
-      if (authOptions.provider === "jwt" || this.config.embeddedWalletType === "app-wallet") {
+      if (this.config.embeddedWalletType === "app-wallet") {
         session.lastUsed = Date.now();
         await this.storage.saveSession(session);
       }
@@ -925,8 +842,8 @@ var EmbeddedProvider = class {
         walletId: this.walletId,
         addresses: this.addresses,
         status: "completed",
-        providerType: "embedded",
-        authUserId: session?.authUserId
+        authUserId: session?.authUserId,
+        authProvider: session?.authProvider
       };
       this.emit("connect", {
         ...result,
@@ -994,12 +911,11 @@ var EmbeddedProvider = class {
       walletId: this.walletId,
       message: params.message
     });
-    const base64UrlMessage = (0, import_base64url.stringToBase64url)(params.message);
     const session = await this.storage.getSession();
     const derivationIndex = session?.accountDerivationIndex ?? 0;
-    const rawResponse = await this.client.signRawPayload({
+    const rawResponse = await this.client.signUtf8Message({
       walletId: this.walletId,
-      message: base64UrlMessage,
+      message: params.message,
       networkId: params.networkId,
       derivationIndex
     });
@@ -1085,12 +1001,16 @@ var EmbeddedProvider = class {
     if (!transactionPayload) {
       throw new Error("Failed to parse transaction: no valid encoding found");
     }
+    const account = this.getAddressForNetwork(params.networkId);
+    if (!account) {
+      throw new Error(`No address found for network ${params.networkId}`);
+    }
     const rawResponse = await this.client.signTransaction({
       walletId: this.walletId,
       transaction: transactionPayload,
       networkId: params.networkId,
       derivationIndex,
-      account: this.getAddressForNetwork(params.networkId)
+      account
     });
     this.logger.info("EMBEDDED_PROVIDER", "Transaction signed successfully", {
       walletId: this.walletId,
@@ -1120,12 +1040,16 @@ var EmbeddedProvider = class {
     if (!transactionPayload) {
       throw new Error("Failed to parse transaction: no valid encoding found");
     }
+    const account = this.getAddressForNetwork(params.networkId);
+    if (!account) {
+      throw new Error(`No address found for network ${params.networkId}`);
+    }
     const rawResponse = await this.client.signAndSendTransaction({
       walletId: this.walletId,
       transaction: transactionPayload,
       networkId: params.networkId,
       derivationIndex,
-      account: this.getAddressForNetwork(params.networkId)
+      account
     });
     this.logger.info("EMBEDDED_PROVIDER", "Transaction signed and sent successfully", {
       walletId: this.walletId,
@@ -1151,9 +1075,7 @@ var EmbeddedProvider = class {
       this.logger.info("EMBEDDED_PROVIDER", "Creating user-wallet, routing authentication", {
         authProvider: authOptions.provider
       });
-      if (authOptions.provider === "jwt") {
-        return await this.handleJWTAuth(publicKey, stamperInfo, authOptions, expiresInMs);
-      } else if (authOptions.provider === "phantom") {
+      if (authOptions.provider === "phantom") {
         return await this.handlePhantomAuth(publicKey, stamperInfo, expiresInMs);
       } else {
         this.logger.info("EMBEDDED_PROVIDER", "Starting redirect-based authentication flow", {
@@ -1186,7 +1108,8 @@ var EmbeddedProvider = class {
         organizationId,
         appId: this.config.appId,
         stamperInfo,
-        authProvider: "app-wallet",
+        authProvider: "device",
+        // For now app wallets have no auth provider.
         accountDerivationIndex: 0,
         // App wallets default to index 0
         status: "completed",
@@ -1201,51 +1124,6 @@ var EmbeddedProvider = class {
       return session;
     }
   }
-  /*
-   * We use this method to handle JWT-based authentication for user-wallets.
-   * It authenticates using the provided JWT token and creates a completed session.
-   */
-  async handleJWTAuth(publicKey, stamperInfo, authOptions, localExpiresInMs) {
-    this.logger.info("EMBEDDED_PROVIDER", "Using JWT authentication flow");
-    if (!authOptions.jwtToken) {
-      this.logger.error("EMBEDDED_PROVIDER", "JWT token missing for JWT authentication");
-      throw new Error("JWT token is required for JWT authentication");
-    }
-    this.logger.log("EMBEDDED_PROVIDER", "Starting JWT authentication");
-    const authResult = await this.jwtAuth.authenticate({
-      publicKey,
-      appId: this.config.appId,
-      jwtToken: authOptions.jwtToken
-    });
-    const walletId = authResult.walletId;
-    const organizationId = authResult.organizationId;
-    const expiresInMs = authResult.expiresInMs > 0 ? authResult.expiresInMs : localExpiresInMs;
-    this.logger.info("EMBEDDED_PROVIDER", "JWT authentication completed", {
-      walletId,
-      organizationId,
-      expiresInMs,
-      source: authResult.expiresInMs ? "server" : "local"
-    });
-    const now = Date.now();
-    const session = {
-      sessionId: generateSessionId(),
-      walletId,
-      organizationId,
-      appId: this.config.appId,
-      stamperInfo,
-      authProvider: authResult.provider,
-      accountDerivationIndex: authResult.accountDerivationIndex,
-      status: "completed",
-      createdAt: now,
-      lastUsed: now,
-      authenticatorCreatedAt: now,
-      authenticatorExpiresAt: Date.now() + expiresInMs,
-      lastRenewalAttempt: void 0
-    };
-    this.logger.log("EMBEDDED_PROVIDER", "Saving JWT session");
-    await this.storage.saveSession(session);
-    return session;
-  }
   /*
    * We use this method to handle Phantom app-based authentication for user-wallets.
    * This method uses the PhantomAppProvider to authenticate via the browser extension or mobile app.
@@ -1419,8 +1297,8 @@ var EmbeddedProvider = class {
       walletId: this.walletId,
       addresses: this.addresses,
       status: "completed",
-      providerType: "embedded",
-      authUserId: session.authUserId
+      authUserId: session.authUserId,
+      authProvider: session.authProvider
     };
   }
   /*
@@ -1480,10 +1358,10 @@ var EmbeddedProvider = class {
 0 && (module.exports = {
   AUTHENTICATOR_EXPIRATION_TIME_MS,
   AUTHENTICATOR_RENEWAL_WINDOW_MS,
+  EMBEDDED_PROVIDER_AUTH_TYPES,
   EmbeddedEthereumChain,
   EmbeddedProvider,
   EmbeddedSolanaChain,
-  JWTAuth,
   generateSessionId,
   retryWithBackoff
 });