@phantom/react-native-sdk 1.0.4 → 1.0.6

package/dist/index.js

@@ -31,7 +31,7 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var src_exports = {};
 __export(src_exports, {
   AddressType: () => import_client.AddressType,
-  NetworkId: () => import_constants4.NetworkId,
+  NetworkId: () => import_constants5.NetworkId,
   PhantomProvider: () => PhantomProvider,
   darkTheme: () => import_wallet_sdk_ui6.darkTheme,
   lightTheme: () => import_wallet_sdk_ui6.lightTheme,
@@ -48,7 +48,7 @@ module.exports = __toCommonJS(src_exports);
 // src/PhantomProvider.tsx
 var import_react8 = require("react");
 var import_embedded_provider_core = require("@phantom/embedded-provider-core");
-var import_constants3 = require("@phantom/constants");
+var import_constants4 = require("@phantom/constants");
 var import_wallet_sdk_ui5 = require("@phantom/wallet-sdk-ui");
 
 // src/ModalProvider.tsx
@@ -557,7 +557,7 @@ var ExpoAuthProvider = class {
         // OAuth session management - defaults to allow refresh unless explicitly clearing after logout
         clear_previous_session: (phantomOptions.clearPreviousSession ?? false).toString(),
         allow_refresh: (phantomOptions.allowRefresh ?? true).toString(),
-        sdk_version: "1.0.4",
+        sdk_version: "1.0.6",
         sdk_type: "react-native",
         platform: import_react_native5.Platform.OS
       });
@@ -657,7 +657,6 @@ var ExpoAuth2AuthProvider = class {
       throw new Error("Stamper key pair not found.");
     }
     const codeVerifier = (0, import_auth2.createCodeVerifier)();
-    const salt = (0, import_auth2.createSalt)();
     const url = await (0, import_auth2.createConnectStartUrl)({
       keyPair,
       connectLoginUrl: this.auth2ProviderOptions.connectLoginUrl,
@@ -666,7 +665,8 @@ var ExpoAuth2AuthProvider = class {
       sessionId: options.sessionId,
       provider: options.provider,
       codeVerifier,
-      salt
+      // The P-256 ephemeral key is unique per wallet, so no additional salt is needed.
+      salt: ""
     });
     await WebBrowser2.warmUpAsync();
     let result;
@@ -692,15 +692,14 @@ var ExpoAuth2AuthProvider = class {
     if (!code) {
       throw new Error("Auth2 callback missing authorization code");
     }
-    const { idToken, bearerToken, authUserId, expiresInMs } = await (0, import_auth2.exchangeAuthCode)({
+    const { idToken, bearerToken, authUserId, expiresInMs, refreshToken } = await (0, import_auth2.exchangeAuthCode)({
       authApiBaseUrl: this.auth2ProviderOptions.authApiBaseUrl,
       clientId: this.auth2ProviderOptions.clientId,
       redirectUri: this.auth2ProviderOptions.redirectUri,
       code,
       codeVerifier
     });
-    this.stamper.idToken = idToken;
-    this.stamper.salt = salt;
+    await this.stamper.setTokens({ idToken, bearerToken, refreshToken, expiresInMs });
     const { organizationId, walletId } = await this.kms.discoverOrganizationAndWalletId(bearerToken, authUserId);
     return {
       walletId,
@@ -721,25 +720,47 @@ var import_bs58 = __toESM(require("bs58"));
 var import_buffer = require("buffer");
 var import_base64url = require("@phantom/base64url");
 var import_sdk_types = require("@phantom/sdk-types");
+var import_auth22 = require("@phantom/auth2");
+var import_constants2 = require("@phantom/constants");
 var ExpoAuth2Stamper = class {
   /**
    * @param storageKey - expo-secure-store key used to persist the P-256 private key.
    *   Use a unique key per app, e.g. `phantom-auth2-<appId>`.
+   * @param refreshConfig - When provided, the stamper will automatically refresh
+   *   the id_token using the refresh_token before it expires.
    */
-  constructor(storageKey) {
+  constructor(storageKey, refreshConfig) {
     this.storageKey = storageKey;
-    this.privateKey = null;
-    this.publicKey = null;
+    this.refreshConfig = refreshConfig;
+    this._keyPair = null;
     this._keyInfo = null;
+    this._idToken = null;
+    this._bearerToken = null;
+    this._refreshToken = null;
+    this._tokenExpiresAt = null;
     this.algorithm = import_sdk_types.Algorithm.secp256r1;
     this.type = "OIDC";
   }
   async init() {
     const stored = await this.loadRecord();
     if (stored) {
-      this.privateKey = await this.importPrivateKey(stored.privateKeyPkcs8);
-      this.publicKey = await this.importPublicKeyFromBase58(stored.keyInfo.publicKey);
+      this._keyPair = {
+        privateKey: await this.importPrivateKey(stored.privateKeyPkcs8),
+        publicKey: await this.importPublicKeyFromBase58(stored.keyInfo.publicKey)
+      };
       this._keyInfo = stored.keyInfo;
+      if (stored.idToken) {
+        this._idToken = stored.idToken;
+      }
+      if (stored.bearerToken) {
+        this._bearerToken = stored.bearerToken;
+      }
+      if (stored.refreshToken) {
+        this._refreshToken = stored.refreshToken;
+      }
+      if (stored.tokenExpiresAt) {
+        this._tokenExpiresAt = stored.tokenExpiresAt;
+      }
       return this._keyInfo;
     }
     return this.generateAndStore();
@@ -748,45 +769,96 @@ var ExpoAuth2Stamper = class {
     return this._keyInfo;
   }
   getCryptoKeyPair() {
-    if (!this.privateKey || !this.publicKey)
+    return this._keyPair;
+  }
+  /**
+   * Returns the current token state (refreshing proactively if near expiry),
+   * or null if no token has been set yet.
+   */
+  async getTokens() {
+    if (this.refreshConfig && this._refreshToken && this._tokenExpiresAt !== null && Date.now() >= this._tokenExpiresAt - import_constants2.TOKEN_REFRESH_BUFFER_MS) {
+      const refreshed = await (0, import_auth22.refreshToken)({
+        authApiBaseUrl: this.refreshConfig.authApiBaseUrl,
+        clientId: this.refreshConfig.clientId,
+        redirectUri: this.refreshConfig.redirectUri,
+        refreshToken: this._refreshToken
+      });
+      await this.setTokens(refreshed);
+    }
+    if (!this._idToken || !this._bearerToken) {
       return null;
-    return { privateKey: this.privateKey, publicKey: this.publicKey };
+    }
+    return {
+      idToken: this._idToken,
+      bearerToken: this._bearerToken,
+      refreshToken: this._refreshToken ?? void 0
+    };
+  }
+  /**
+   * Arms the stamper with the OIDC token data for subsequent KMS stamp() calls.
+   *
+   * Persists the tokens to SecureStore alongside the key pair so that
+   * auto-connect can restore them on the next app launch without a new login.
+   *
+   * @param refreshToken - When provided alongside a `refreshConfig`, enables
+   *   silent token refresh before the token expires.
+   * @param expiresInMs - Token lifetime in milliseconds (from `expires_in * 1000`).
+   *   Used to compute the absolute expiry time for proactive refresh.
+   */
+  async setTokens({
+    idToken,
+    bearerToken,
+    refreshToken,
+    expiresInMs
+  }) {
+    this._idToken = idToken;
+    this._bearerToken = bearerToken;
+    this._refreshToken = refreshToken ?? null;
+    this._tokenExpiresAt = expiresInMs != null ? Date.now() + expiresInMs : null;
+    const existing = await this.loadRecord();
+    if (existing) {
+      await this.storeRecord({
+        ...existing,
+        idToken,
+        bearerToken,
+        refreshToken,
+        tokenExpiresAt: this._tokenExpiresAt ?? void 0
+      });
+    }
   }
   async stamp(params) {
-    if (!this.privateKey || !this._keyInfo) {
+    if (!this._keyPair || !this._keyInfo || this._idToken === null) {
       throw new Error("ExpoAuth2Stamper not initialized. Call init() first.");
     }
     const signatureRaw = await crypto.subtle.sign(
       { name: "ECDSA", hash: "SHA-256" },
-      this.privateKey,
+      this._keyPair.privateKey,
       new Uint8Array(params.data)
     );
     const rawPublicKey = import_bs58.default.decode(this._keyInfo.publicKey);
-    if (this.idToken === void 0 || this.salt === void 0) {
-      throw new Error("ExpoAuth2Stamper not initialized with idToken or salt.");
-    }
     const stampData = {
-      kind: "OIDC",
-      idToken: this.idToken,
+      kind: this.type,
+      idToken: this._idToken,
       publicKey: (0, import_base64url.base64urlEncode)(rawPublicKey),
-      algorithm: "Secp256r1",
-      salt: this.salt,
+      algorithm: this.algorithm,
+      // The P-256 ephemeral key is unique per wallet, so no additional salt is needed.
+      salt: "",
       signature: (0, import_base64url.base64urlEncode)(new Uint8Array(signatureRaw))
     };
     return (0, import_base64url.base64urlEncode)(new TextEncoder().encode(JSON.stringify(stampData)));
   }
   async resetKeyPair() {
-    await this.clearStoredRecord();
-    this.privateKey = null;
-    this.publicKey = null;
-    this._keyInfo = null;
+    await this.clear();
     return this.generateAndStore();
   }
   async clear() {
     await this.clearStoredRecord();
-    this.privateKey = null;
-    this.publicKey = null;
+    this._keyPair = null;
     this._keyInfo = null;
+    this._idToken = null;
+    this._bearerToken = null;
+    this._refreshToken = null;
+    this._tokenExpiresAt = null;
   }
   // Auth2 doesn't use key rotation; minimal no-op implementations.
   async rotateKeyPair() {
@@ -811,16 +883,11 @@ var ExpoAuth2Stamper = class {
     const publicKeyBase58 = import_bs58.default.encode(rawPublicKey);
     const keyIdBuffer = await crypto.subtle.digest("SHA-256", rawPublicKey.buffer);
     const keyId = (0, import_base64url.base64urlEncode)(new Uint8Array(keyIdBuffer)).substring(0, 16);
+    this._keyPair = keyPair;
     this._keyInfo = { keyId, publicKey: publicKeyBase58, createdAt: Date.now() };
     const pkcs8Buffer = await crypto.subtle.exportKey("pkcs8", keyPair.privateKey);
     const privateKeyPkcs8 = import_buffer.Buffer.from(pkcs8Buffer).toString("base64");
-    await SecureStore2.setItemAsync(
-      this.storageKey,
-      JSON.stringify({ privateKeyPkcs8, keyInfo: this._keyInfo }),
-      { requireAuthentication: false }
-    );
-    this.privateKey = await this.importPrivateKey(privateKeyPkcs8);
-    this.publicKey = keyPair.publicKey;
+    await this.storeRecord({ privateKeyPkcs8, keyInfo: this._keyInfo });
     return this._keyInfo;
   }
   async importPublicKeyFromBase58(base58PublicKey) {
@@ -853,6 +920,9 @@ var ExpoAuth2Stamper = class {
       return null;
     }
   }
+  async storeRecord(record) {
+    await SecureStore2.setItemAsync(this.storageKey, JSON.stringify(record), { requireAuthentication: false });
+  }
   async clearStoredRecord() {
     try {
       await SecureStore2.deleteItemAsync(this.storageKey);
@@ -932,7 +1002,7 @@ var ExpoURLParamsAccessor = class {
 // src/providers/embedded/stamper.ts
 var SecureStore3 = __toESM(require("expo-secure-store"));
 var import_api_key_stamper = require("@phantom/api-key-stamper");
-var import_constants2 = require("@phantom/constants");
+var import_constants3 = require("@phantom/constants");
 var import_crypto = require("@phantom/crypto");
 var import_base64url2 = require("@phantom/base64url");
 var ReactNativeStamper = class {
@@ -940,7 +1010,7 @@ var ReactNativeStamper = class {
   constructor(config = {}) {
     this.activeKeyRecord = null;
     this.pendingKeyRecord = null;
-    this.algorithm = import_constants2.DEFAULT_AUTHENTICATOR_ALGORITHM;
+    this.algorithm = import_constants3.DEFAULT_AUTHENTICATOR_ALGORITHM;
     this.type = "PKI";
     this.keyPrefix = config.keyPrefix || "phantom-rn-stamper";
     this.appId = config.appId || "default";
@@ -1108,24 +1178,24 @@ var ExpoLogger = class {
   constructor(enabled = false) {
     this.enabled = enabled;
   }
-  info(category, message, data) {
+  info(message, ...args) {
     if (this.enabled) {
-      console.info(`[${category}] ${message}`, data);
+      console.info(`[PHANTOM] ${message}`, ...args);
     }
   }
-  warn(category, message, data) {
+  warn(message, ...args) {
     if (this.enabled) {
-      console.warn(`[${category}] ${message}`, data);
+      console.warn(`[PHANTOM] ${message}`, ...args);
     }
   }
-  error(category, message, data) {
+  error(message, ...args) {
     if (this.enabled) {
-      console.error(`[${category}] ${message}`, data);
+      console.error(`[PHANTOM] ${message}`, ...args);
     }
   }
-  log(category, message, data) {
+  debug(message, ...args) {
     if (this.enabled) {
-      console.log(`[${category}] ${message}`, data);
+      console.log(`[PHANTOM] ${message}`, ...args);
     }
   }
 };
@@ -1158,12 +1228,12 @@ function PhantomProvider({ children, config, debugConfig, theme, appIcon, appNam
     const redirectUrl = config.authOptions?.redirectUrl || `${config.scheme}://phantom-auth-callback`;
     return {
       ...config,
-      apiBaseUrl: config.apiBaseUrl || import_constants3.DEFAULT_WALLET_API_URL,
-      embeddedWalletType: config.embeddedWalletType || import_constants3.DEFAULT_EMBEDDED_WALLET_TYPE,
+      apiBaseUrl: config.apiBaseUrl || import_constants4.DEFAULT_WALLET_API_URL,
+      embeddedWalletType: config.embeddedWalletType || import_constants4.DEFAULT_EMBEDDED_WALLET_TYPE,
       authOptions: {
         ...config.authOptions || {},
         redirectUrl,
-        authUrl: config.authOptions?.authUrl || import_constants3.DEFAULT_AUTH_URL
+        authUrl: config.authOptions?.authUrl || import_constants4.DEFAULT_AUTH_URL
       }
     };
   }, [config]);
@@ -1171,7 +1241,11 @@ function PhantomProvider({ children, config, debugConfig, theme, appIcon, appNam
     const storage = new ExpoSecureStorage();
     const urlParamsAccessor = new ExpoURLParamsAccessor();
     const logger = new ExpoLogger(debugConfig?.enabled || false);
-    const stamper = config.unstable__auth2Options ? new ExpoAuth2Stamper(`phantom-auth2-${memoizedConfig.appId}`) : new ReactNativeStamper({
+    const stamper = config.unstable__auth2Options && config.authOptions?.redirectUrl ? new ExpoAuth2Stamper(`phantom-auth2-${memoizedConfig.appId}`, {
+      authApiBaseUrl: config.unstable__auth2Options.authApiBaseUrl,
+      clientId: config.unstable__auth2Options.clientId,
+      redirectUri: config.authOptions.redirectUrl
+    }) : new ReactNativeStamper({
       keyPrefix: `phantom-rn-${memoizedConfig.appId}`,
       appId: memoizedConfig.appId
     });
@@ -1197,13 +1271,13 @@ function PhantomProvider({ children, config, debugConfig, theme, appIcon, appNam
       phantomAppProvider: new ReactNativePhantomAppProvider(),
       name: platformName,
       analyticsHeaders: {
-        [import_constants3.ANALYTICS_HEADERS.SDK_TYPE]: "react-native",
-        [import_constants3.ANALYTICS_HEADERS.PLATFORM]: "ext-sdk",
-        [import_constants3.ANALYTICS_HEADERS.PLATFORM_VERSION]: `${import_react_native7.Platform.Version}`,
-        [import_constants3.ANALYTICS_HEADERS.CLIENT]: import_react_native7.Platform.OS,
-        [import_constants3.ANALYTICS_HEADERS.APP_ID]: config.appId,
-        [import_constants3.ANALYTICS_HEADERS.WALLET_TYPE]: config.embeddedWalletType,
-        [import_constants3.ANALYTICS_HEADERS.SDK_VERSION]: "1.0.4"
+        [import_constants4.ANALYTICS_HEADERS.SDK_TYPE]: "react-native",
+        [import_constants4.ANALYTICS_HEADERS.PLATFORM]: "ext-sdk",
+        [import_constants4.ANALYTICS_HEADERS.PLATFORM_VERSION]: `${import_react_native7.Platform.Version}`,
+        [import_constants4.ANALYTICS_HEADERS.CLIENT]: import_react_native7.Platform.OS,
+        [import_constants4.ANALYTICS_HEADERS.APP_ID]: config.appId,
+        [import_constants4.ANALYTICS_HEADERS.WALLET_TYPE]: config.embeddedWalletType,
+        [import_constants4.ANALYTICS_HEADERS.SDK_VERSION]: "1.0.6"
         // Replaced at build time
       }
     };
@@ -1317,7 +1391,7 @@ function useEthereum() {
 
 // src/index.ts
 var import_client = require("@phantom/client");
-var import_constants4 = require("@phantom/constants");
+var import_constants5 = require("@phantom/constants");
 var import_wallet_sdk_ui6 = require("@phantom/wallet-sdk-ui");
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {

package/dist/index.mjs

@@ -515,7 +515,7 @@ var ExpoAuthProvider = class {
         // OAuth session management - defaults to allow refresh unless explicitly clearing after logout
         clear_previous_session: (phantomOptions.clearPreviousSession ?? false).toString(),
         allow_refresh: (phantomOptions.allowRefresh ?? true).toString(),
-        sdk_version: "1.0.4",
+        sdk_version: "1.0.6",
         sdk_type: "react-native",
         platform: Platform.OS
       });
@@ -594,7 +594,6 @@ var ExpoAuthProvider = class {
 import * as WebBrowser2 from "expo-web-browser";
 import {
   createCodeVerifier,
-  createSalt,
   exchangeAuthCode,
   Auth2KmsRpcClient,
   createConnectStartUrl
@@ -621,7 +620,6 @@ var ExpoAuth2AuthProvider = class {
       throw new Error("Stamper key pair not found.");
     }
     const codeVerifier = createCodeVerifier();
-    const salt = createSalt();
     const url = await createConnectStartUrl({
       keyPair,
       connectLoginUrl: this.auth2ProviderOptions.connectLoginUrl,
@@ -630,7 +628,8 @@ var ExpoAuth2AuthProvider = class {
       sessionId: options.sessionId,
       provider: options.provider,
       codeVerifier,
-      salt
+      // The P-256 ephemeral key is unique per wallet, so no additional salt is needed.
+      salt: ""
     });
     await WebBrowser2.warmUpAsync();
     let result;
@@ -656,15 +655,14 @@ var ExpoAuth2AuthProvider = class {
     if (!code) {
       throw new Error("Auth2 callback missing authorization code");
     }
-    const { idToken, bearerToken, authUserId, expiresInMs } = await exchangeAuthCode({
+    const { idToken, bearerToken, authUserId, expiresInMs, refreshToken } = await exchangeAuthCode({
       authApiBaseUrl: this.auth2ProviderOptions.authApiBaseUrl,
       clientId: this.auth2ProviderOptions.clientId,
       redirectUri: this.auth2ProviderOptions.redirectUri,
       code,
       codeVerifier
     });
-    this.stamper.idToken = idToken;
-    this.stamper.salt = salt;
+    await this.stamper.setTokens({ idToken, bearerToken, refreshToken, expiresInMs });
     const { organizationId, walletId } = await this.kms.discoverOrganizationAndWalletId(bearerToken, authUserId);
     return {
       walletId,
@@ -685,25 +683,47 @@ import bs58 from "bs58";
 import { Buffer } from "buffer";
 import { base64urlEncode } from "@phantom/base64url";
 import { Algorithm } from "@phantom/sdk-types";
+import { refreshToken as refreshTokenRequest } from "@phantom/auth2";
+import { TOKEN_REFRESH_BUFFER_MS } from "@phantom/constants";
 var ExpoAuth2Stamper = class {
   /**
    * @param storageKey - expo-secure-store key used to persist the P-256 private key.
    *   Use a unique key per app, e.g. `phantom-auth2-<appId>`.
+   * @param refreshConfig - When provided, the stamper will automatically refresh
+   *   the id_token using the refresh_token before it expires.
    */
-  constructor(storageKey) {
+  constructor(storageKey, refreshConfig) {
     this.storageKey = storageKey;
-    this.privateKey = null;
-    this.publicKey = null;
+    this.refreshConfig = refreshConfig;
+    this._keyPair = null;
     this._keyInfo = null;
+    this._idToken = null;
+    this._bearerToken = null;
+    this._refreshToken = null;
+    this._tokenExpiresAt = null;
     this.algorithm = Algorithm.secp256r1;
     this.type = "OIDC";
   }
   async init() {
     const stored = await this.loadRecord();
     if (stored) {
-      this.privateKey = await this.importPrivateKey(stored.privateKeyPkcs8);
-      this.publicKey = await this.importPublicKeyFromBase58(stored.keyInfo.publicKey);
+      this._keyPair = {
+        privateKey: await this.importPrivateKey(stored.privateKeyPkcs8),
+        publicKey: await this.importPublicKeyFromBase58(stored.keyInfo.publicKey)
+      };
       this._keyInfo = stored.keyInfo;
+      if (stored.idToken) {
+        this._idToken = stored.idToken;
+      }
+      if (stored.bearerToken) {
+        this._bearerToken = stored.bearerToken;
+      }
+      if (stored.refreshToken) {
+        this._refreshToken = stored.refreshToken;
+      }
+      if (stored.tokenExpiresAt) {
+        this._tokenExpiresAt = stored.tokenExpiresAt;
+      }
       return this._keyInfo;
     }
     return this.generateAndStore();
@@ -712,45 +732,96 @@ var ExpoAuth2Stamper = class {
     return this._keyInfo;
   }
   getCryptoKeyPair() {
-    if (!this.privateKey || !this.publicKey)
+    return this._keyPair;
+  }
+  /**
+   * Returns the current token state (refreshing proactively if near expiry),
+   * or null if no token has been set yet.
+   */
+  async getTokens() {
+    if (this.refreshConfig && this._refreshToken && this._tokenExpiresAt !== null && Date.now() >= this._tokenExpiresAt - TOKEN_REFRESH_BUFFER_MS) {
+      const refreshed = await refreshTokenRequest({
+        authApiBaseUrl: this.refreshConfig.authApiBaseUrl,
+        clientId: this.refreshConfig.clientId,
+        redirectUri: this.refreshConfig.redirectUri,
+        refreshToken: this._refreshToken
+      });
+      await this.setTokens(refreshed);
+    }
+    if (!this._idToken || !this._bearerToken) {
       return null;
-    return { privateKey: this.privateKey, publicKey: this.publicKey };
+    }
+    return {
+      idToken: this._idToken,
+      bearerToken: this._bearerToken,
+      refreshToken: this._refreshToken ?? void 0
+    };
+  }
+  /**
+   * Arms the stamper with the OIDC token data for subsequent KMS stamp() calls.
+   *
+   * Persists the tokens to SecureStore alongside the key pair so that
+   * auto-connect can restore them on the next app launch without a new login.
+   *
+   * @param refreshToken - When provided alongside a `refreshConfig`, enables
+   *   silent token refresh before the token expires.
+   * @param expiresInMs - Token lifetime in milliseconds (from `expires_in * 1000`).
+   *   Used to compute the absolute expiry time for proactive refresh.
+   */
+  async setTokens({
+    idToken,
+    bearerToken,
+    refreshToken,
+    expiresInMs
+  }) {
+    this._idToken = idToken;
+    this._bearerToken = bearerToken;
+    this._refreshToken = refreshToken ?? null;
+    this._tokenExpiresAt = expiresInMs != null ? Date.now() + expiresInMs : null;
+    const existing = await this.loadRecord();
+    if (existing) {
+      await this.storeRecord({
+        ...existing,
+        idToken,
+        bearerToken,
+        refreshToken,
+        tokenExpiresAt: this._tokenExpiresAt ?? void 0
+      });
+    }
   }
   async stamp(params) {
-    if (!this.privateKey || !this._keyInfo) {
+    if (!this._keyPair || !this._keyInfo || this._idToken === null) {
       throw new Error("ExpoAuth2Stamper not initialized. Call init() first.");
     }
     const signatureRaw = await crypto.subtle.sign(
       { name: "ECDSA", hash: "SHA-256" },
-      this.privateKey,
+      this._keyPair.privateKey,
       new Uint8Array(params.data)
     );
     const rawPublicKey = bs58.decode(this._keyInfo.publicKey);
-    if (this.idToken === void 0 || this.salt === void 0) {
-      throw new Error("ExpoAuth2Stamper not initialized with idToken or salt.");
-    }
     const stampData = {
-      kind: "OIDC",
-      idToken: this.idToken,
+      kind: this.type,
+      idToken: this._idToken,
       publicKey: base64urlEncode(rawPublicKey),
-      algorithm: "Secp256r1",
-      salt: this.salt,
+      algorithm: this.algorithm,
+      // The P-256 ephemeral key is unique per wallet, so no additional salt is needed.
+      salt: "",
       signature: base64urlEncode(new Uint8Array(signatureRaw))
     };
     return base64urlEncode(new TextEncoder().encode(JSON.stringify(stampData)));
   }
   async resetKeyPair() {
-    await this.clearStoredRecord();
-    this.privateKey = null;
-    this.publicKey = null;
-    this._keyInfo = null;
+    await this.clear();
     return this.generateAndStore();
   }
   async clear() {
     await this.clearStoredRecord();
-    this.privateKey = null;
-    this.publicKey = null;
+    this._keyPair = null;
     this._keyInfo = null;
+    this._idToken = null;
+    this._bearerToken = null;
+    this._refreshToken = null;
+    this._tokenExpiresAt = null;
   }
   // Auth2 doesn't use key rotation; minimal no-op implementations.
   async rotateKeyPair() {
@@ -775,16 +846,11 @@ var ExpoAuth2Stamper = class {
     const publicKeyBase58 = bs58.encode(rawPublicKey);
     const keyIdBuffer = await crypto.subtle.digest("SHA-256", rawPublicKey.buffer);
     const keyId = base64urlEncode(new Uint8Array(keyIdBuffer)).substring(0, 16);
+    this._keyPair = keyPair;
     this._keyInfo = { keyId, publicKey: publicKeyBase58, createdAt: Date.now() };
     const pkcs8Buffer = await crypto.subtle.exportKey("pkcs8", keyPair.privateKey);
     const privateKeyPkcs8 = Buffer.from(pkcs8Buffer).toString("base64");
-    await SecureStore2.setItemAsync(
-      this.storageKey,
-      JSON.stringify({ privateKeyPkcs8, keyInfo: this._keyInfo }),
-      { requireAuthentication: false }
-    );
-    this.privateKey = await this.importPrivateKey(privateKeyPkcs8);
-    this.publicKey = keyPair.publicKey;
+    await this.storeRecord({ privateKeyPkcs8, keyInfo: this._keyInfo });
     return this._keyInfo;
   }
   async importPublicKeyFromBase58(base58PublicKey) {
@@ -817,6 +883,9 @@ var ExpoAuth2Stamper = class {
       return null;
     }
   }
+  async storeRecord(record) {
+    await SecureStore2.setItemAsync(this.storageKey, JSON.stringify(record), { requireAuthentication: false });
+  }
   async clearStoredRecord() {
     try {
       await SecureStore2.deleteItemAsync(this.storageKey);
@@ -1072,24 +1141,24 @@ var ExpoLogger = class {
   constructor(enabled = false) {
     this.enabled = enabled;
   }
-  info(category, message, data) {
+  info(message, ...args) {
     if (this.enabled) {
-      console.info(`[${category}] ${message}`, data);
+      console.info(`[PHANTOM] ${message}`, ...args);
     }
   }
-  warn(category, message, data) {
+  warn(message, ...args) {
     if (this.enabled) {
-      console.warn(`[${category}] ${message}`, data);
+      console.warn(`[PHANTOM] ${message}`, ...args);
     }
   }
-  error(category, message, data) {
+  error(message, ...args) {
     if (this.enabled) {
-      console.error(`[${category}] ${message}`, data);
+      console.error(`[PHANTOM] ${message}`, ...args);
     }
   }
-  log(category, message, data) {
+  debug(message, ...args) {
     if (this.enabled) {
-      console.log(`[${category}] ${message}`, data);
+      console.log(`[PHANTOM] ${message}`, ...args);
     }
   }
 };
@@ -1135,7 +1204,11 @@ function PhantomProvider({ children, config, debugConfig, theme, appIcon, appNam
     const storage = new ExpoSecureStorage();
     const urlParamsAccessor = new ExpoURLParamsAccessor();
     const logger = new ExpoLogger(debugConfig?.enabled || false);
-    const stamper = config.unstable__auth2Options ? new ExpoAuth2Stamper(`phantom-auth2-${memoizedConfig.appId}`) : new ReactNativeStamper({
+    const stamper = config.unstable__auth2Options && config.authOptions?.redirectUrl ? new ExpoAuth2Stamper(`phantom-auth2-${memoizedConfig.appId}`, {
+      authApiBaseUrl: config.unstable__auth2Options.authApiBaseUrl,
+      clientId: config.unstable__auth2Options.clientId,
+      redirectUri: config.authOptions.redirectUrl
+    }) : new ReactNativeStamper({
       keyPrefix: `phantom-rn-${memoizedConfig.appId}`,
       appId: memoizedConfig.appId
     });
@@ -1167,7 +1240,7 @@ function PhantomProvider({ children, config, debugConfig, theme, appIcon, appNam
         [ANALYTICS_HEADERS.CLIENT]: Platform2.OS,
         [ANALYTICS_HEADERS.APP_ID]: config.appId,
         [ANALYTICS_HEADERS.WALLET_TYPE]: config.embeddedWalletType,
-        [ANALYTICS_HEADERS.SDK_VERSION]: "1.0.4"
+        [ANALYTICS_HEADERS.SDK_VERSION]: "1.0.6"
         // Replaced at build time
       }
     };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@phantom/react-native-sdk",
-  "version": "1.0.4",
+  "version": "1.0.6",
   "description": "Phantom Wallet SDK for React Native and Expo applications",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
@@ -45,16 +45,16 @@
     "directory": "packages/react-native-sdk"
   },
   "dependencies": {
-    "@phantom/api-key-stamper": "^1.0.4",
-    "@phantom/auth2": "^1.0.0",
-    "@phantom/base64url": "^1.0.4",
-    "@phantom/chain-interfaces": "^1.0.4",
-    "@phantom/client": "^1.0.4",
-    "@phantom/constants": "^1.0.4",
-    "@phantom/crypto": "^1.0.4",
-    "@phantom/embedded-provider-core": "^1.0.4",
-    "@phantom/sdk-types": "^1.0.4",
-    "@phantom/wallet-sdk-ui": "^1.0.4",
+    "@phantom/api-key-stamper": "^1.0.6",
+    "@phantom/auth2": "^1.0.2",
+    "@phantom/base64url": "^1.0.6",
+    "@phantom/chain-interfaces": "^1.0.6",
+    "@phantom/client": "^1.0.6",
+    "@phantom/constants": "^1.0.6",
+    "@phantom/crypto": "^1.0.6",
+    "@phantom/embedded-provider-core": "^1.0.6",
+    "@phantom/sdk-types": "^1.0.6",
+    "@phantom/wallet-sdk-ui": "^1.0.6",
     "@types/bs58": "^5.0.0",
     "bs58": "^6.0.0",
     "buffer": "^6.0.3"