@phantom/react-native-sdk 1.0.7 → 2.0.0

package/dist/index.mjs

@@ -3,9 +3,10 @@ import { useState as useState5, useEffect as useEffect2, useMemo as useMemo2, us
 import { EmbeddedProvider } from "@phantom/embedded-provider-core";
 import {
   ANALYTICS_HEADERS,
+  DEFAULT_AUTH_API_BASE_URL,
   DEFAULT_WALLET_API_URL,
   DEFAULT_EMBEDDED_WALLET_TYPE,
-  DEFAULT_AUTH_URL as DEFAULT_AUTH_URL2
+  DEFAULT_AUTH_URL
 } from "@phantom/constants";
 import { ThemeProvider, darkTheme } from "@phantom/wallet-sdk-ui";
 
@@ -488,115 +489,13 @@ var ExpoSecureStorage = class {
   }
 };
 
-// src/providers/embedded/auth.ts
-import * as WebBrowser from "expo-web-browser";
-import { Platform } from "react-native";
-import { DEFAULT_AUTH_URL } from "@phantom/constants";
-var ExpoAuthProvider = class {
-  async authenticate(options) {
-    if ("jwtToken" in options) {
-      return;
-    }
-    const phantomOptions = options;
-    const { authUrl, redirectUrl, publicKey, sessionId, provider, appId } = phantomOptions;
-    if (!redirectUrl) {
-      throw new Error("redirectUrl is required for web browser authentication");
-    }
-    if (!publicKey || !sessionId || !appId) {
-      throw new Error("publicKey, sessionId and appId are required for authentication");
-    }
-    try {
-      const baseUrl = authUrl || DEFAULT_AUTH_URL;
-      const params = new URLSearchParams({
-        public_key: publicKey,
-        app_id: appId,
-        redirect_uri: redirectUrl,
-        session_id: sessionId,
-        // OAuth session management - defaults to allow refresh unless explicitly clearing after logout
-        clear_previous_session: (phantomOptions.clearPreviousSession ?? false).toString(),
-        allow_refresh: (phantomOptions.allowRefresh ?? true).toString(),
-        sdk_version: "1.0.7",
-        sdk_type: "react-native",
-        platform: Platform.OS
-      });
-      if (provider) {
-        console.log("[ExpoAuthProvider] Provider specified, will skip selection", { provider });
-        params.append("provider", provider);
-      } else {
-        console.log("[ExpoAuthProvider] No provider specified, defaulting to Google");
-        params.append("provider", "google");
-      }
-      const fullAuthUrl = `${baseUrl}?${params.toString()}`;
-      console.log("[ExpoAuthProvider] Starting authentication", {
-        baseUrl,
-        redirectUrl,
-        publicKey,
-        sessionId,
-        provider
-      });
-      await WebBrowser.warmUpAsync();
-      const result = await WebBrowser.openAuthSessionAsync(fullAuthUrl, redirectUrl, {
-        // Use system browser on iOS for ASWebAuthenticationSession
-        preferEphemeralSession: false
-      });
-      console.log("[ExpoAuthProvider] Authentication result", {
-        type: result.type,
-        url: result.type === "success" && result.url ? result.url.substring(0, 100) + "..." : void 0
-      });
-      if (result.type === "success" && result.url) {
-        const url = new URL(result.url);
-        const walletId = url.searchParams.get("wallet_id");
-        const organizationId = url.searchParams.get("organization_id");
-        const accountDerivationIndex = url.searchParams.get("selected_account_index");
-        const expiresInMs = url.searchParams.get("expires_in_ms");
-        const authUserId = url.searchParams.get("auth_user_id");
-        if (!walletId) {
-          throw new Error("Authentication failed: no walletId in redirect URL");
-        }
-        if (!organizationId) {
-          console.error("[ExpoAuthProvider] Missing organizationId in redirect URL", { url: result.url });
-          throw new Error("Authentication failed: no organizationId in redirect URL");
-        }
-        console.log("[ExpoAuthProvider] Auth redirect parameters", {
-          walletId,
-          organizationId,
-          provider,
-          accountDerivationIndex,
-          expiresInMs,
-          authUserId
-        });
-        return {
-          walletId,
-          organizationId,
-          provider: provider || void 0,
-          accountDerivationIndex: accountDerivationIndex ? parseInt(accountDerivationIndex) : 0,
-          expiresInMs: expiresInMs ? parseInt(expiresInMs) : 0,
-          authUserId: authUserId || void 0
-        };
-      } else if (result.type === "cancel") {
-        throw new Error("User cancelled authentication");
-      } else {
-        throw new Error("Authentication failed");
-      }
-    } catch (error) {
-      console.error("[ExpoAuthProvider] Authentication error", error);
-      throw error;
-    } finally {
-      await WebBrowser.coolDownAsync();
-    }
-  }
-  isAvailable() {
-    return Promise.resolve(true);
-  }
-};
-
 // src/providers/embedded/ExpoAuth2AuthProvider.ts
-import * as WebBrowser2 from "expo-web-browser";
+import * as WebBrowser from "expo-web-browser";
 import {
-  createCodeVerifier,
-  exchangeAuthCode,
   Auth2KmsRpcClient,
-  createConnectStartUrl
+  prepareAuth2Flow,
+  validateAuth2Callback,
+  completeAuth2Exchange
 } from "@phantom/auth2";
 var ExpoAuth2AuthProvider = class {
   constructor(stamper, auth2ProviderOptions, kmsClientOptions) {
@@ -612,246 +511,111 @@ var ExpoAuth2AuthProvider = class {
    * so the token exchange and KMS calls all happen here before returning AuthResult.
    */
   async authenticate(options) {
-    if (!this.stamper.getKeyInfo()) {
-      await this.stamper.init();
-    }
-    const keyPair = this.stamper.getCryptoKeyPair();
-    if (!keyPair) {
-      throw new Error("Stamper key pair not found.");
-    }
-    const codeVerifier = createCodeVerifier();
-    const url = await createConnectStartUrl({
-      keyPair,
-      connectLoginUrl: this.auth2ProviderOptions.connectLoginUrl,
-      clientId: this.auth2ProviderOptions.clientId,
-      redirectUri: this.auth2ProviderOptions.redirectUri,
+    const { url, codeVerifier } = await prepareAuth2Flow({
+      stamper: this.stamper,
+      auth2Options: this.auth2ProviderOptions,
       sessionId: options.sessionId,
-      provider: options.provider,
-      codeVerifier,
-      // The P-256 ephemeral key is unique per wallet, so no additional salt is needed.
-      salt: ""
+      provider: options.provider
     });
-    await WebBrowser2.warmUpAsync();
+    await WebBrowser.warmUpAsync();
     let result;
     try {
-      result = await WebBrowser2.openAuthSessionAsync(url, this.auth2ProviderOptions.redirectUri);
+      result = await WebBrowser.openAuthSessionAsync(url, this.auth2ProviderOptions.redirectUri);
     } finally {
-      await WebBrowser2.coolDownAsync();
+      await WebBrowser.coolDownAsync();
     }
     if (!result.url) {
       throw new Error("Authentication failed");
     }
     const callbackUrl = new URL(result.url);
-    const state = callbackUrl.searchParams.get("state");
-    if (state && state !== options.sessionId) {
-      throw new Error("Auth2 state mismatch \u2014 possible CSRF attack.");
-    }
-    const error = callbackUrl.searchParams.get("error");
-    if (error) {
-      const description = callbackUrl.searchParams.get("error_description");
-      throw new Error(`Auth2 callback error: ${description ?? error}`);
-    }
-    const code = callbackUrl.searchParams.get("code");
-    if (!code) {
-      throw new Error("Auth2 callback missing authorization code");
-    }
-    const { idToken, bearerToken, authUserId, expiresInMs, refreshToken } = await exchangeAuthCode({
-      authApiBaseUrl: this.auth2ProviderOptions.authApiBaseUrl,
-      clientId: this.auth2ProviderOptions.clientId,
-      redirectUri: this.auth2ProviderOptions.redirectUri,
+    const code = validateAuth2Callback({
+      getParam: (key) => callbackUrl.searchParams.get(key),
+      expectedSessionId: options.sessionId
+    });
+    return completeAuth2Exchange({
+      stamper: this.stamper,
+      kms: this.kms,
+      auth2Options: this.auth2ProviderOptions,
       code,
-      codeVerifier
+      codeVerifier,
+      provider: options.provider
     });
-    await this.stamper.setTokens({ idToken, bearerToken, refreshToken, expiresInMs });
-    const { organizationId, walletId } = await this.kms.discoverOrganizationAndWalletId(bearerToken, authUserId);
-    return {
-      walletId,
-      organizationId,
-      provider: options.provider,
-      accountDerivationIndex: 0,
-      // discoverWalletId uses derivation index of 0.
-      expiresInMs,
-      authUserId,
-      bearerToken
-    };
   }
 };
 
-// src/providers/embedded/ExpoAuth2Stamper.ts
+// src/PhantomProvider.tsx
+import { Auth2Stamper } from "@phantom/auth2";
+
+// src/providers/embedded/SecureStoreAuth2StamperStorage.ts
 import * as SecureStore2 from "expo-secure-store";
 import bs58 from "bs58";
 import { Buffer } from "buffer";
-import { base64urlEncode } from "@phantom/base64url";
-import { Algorithm } from "@phantom/sdk-types";
-import { refreshToken as refreshTokenRequest } from "@phantom/auth2";
-import { TOKEN_REFRESH_BUFFER_MS } from "@phantom/constants";
-var ExpoAuth2Stamper = class {
-  /**
-   * @param storageKey - expo-secure-store key used to persist the P-256 private key.
-   *   Use a unique key per app, e.g. `phantom-auth2-<appId>`.
-   * @param refreshConfig - When provided, the stamper will automatically refresh
-   *   the id_token using the refresh_token before it expires.
-   */
-  constructor(storageKey, refreshConfig) {
+var SecureStoreAuth2StamperStorage = class {
+  constructor(storageKey) {
     this.storageKey = storageKey;
-    this.refreshConfig = refreshConfig;
-    this._keyPair = null;
-    this._keyInfo = null;
-    this._idToken = null;
-    this._bearerToken = null;
-    this._refreshToken = null;
-    this._tokenExpiresAt = null;
-    this.algorithm = Algorithm.secp256r1;
-    this.type = "OIDC";
+    this.requiresExtractableKeys = true;
   }
-  async init() {
-    const stored = await this.loadRecord();
-    if (stored) {
-      this._keyPair = {
-        privateKey: await this.importPrivateKey(stored.privateKeyPkcs8),
-        publicKey: await this.importPublicKeyFromBase58(stored.keyInfo.publicKey)
-      };
-      this._keyInfo = stored.keyInfo;
-      if (stored.idToken) {
-        this._idToken = stored.idToken;
-      }
-      if (stored.bearerToken) {
-        this._bearerToken = stored.bearerToken;
-      }
-      if (stored.refreshToken) {
-        this._refreshToken = stored.refreshToken;
-      }
-      if (stored.tokenExpiresAt) {
-        this._tokenExpiresAt = stored.tokenExpiresAt;
-      }
-      return this._keyInfo;
+  async load() {
+    const raw = await SecureStore2.getItemAsync(this.storageKey);
+    if (raw === null) {
+      return null;
     }
-    return this.generateAndStore();
-  }
-  getKeyInfo() {
-    return this._keyInfo;
-  }
-  getCryptoKeyPair() {
-    return this._keyPair;
-  }
-  /**
-   * Returns the current token state (refreshing proactively if near expiry),
-   * or null if no token has been set yet.
-   */
-  async getTokens() {
-    if (this.refreshConfig && this._refreshToken && this._tokenExpiresAt !== null && Date.now() >= this._tokenExpiresAt - TOKEN_REFRESH_BUFFER_MS) {
-      const refreshed = await refreshTokenRequest({
-        authApiBaseUrl: this.refreshConfig.authApiBaseUrl,
-        clientId: this.refreshConfig.clientId,
-        redirectUri: this.refreshConfig.redirectUri,
-        refreshToken: this._refreshToken
-      });
-      await this.setTokens(refreshed);
+    let record;
+    try {
+      record = JSON.parse(raw);
+    } catch (err) {
+      await SecureStore2.deleteItemAsync(this.storageKey);
+      throw new Error(`SecureStoreAuth2StamperStorage: corrupt stored record (JSON parse failed): ${err}`);
     }
-    if (!this._idToken || !this._bearerToken) {
-      return null;
+    let privateKey;
+    let publicKey;
+    try {
+      privateKey = await this.importPrivateKey(record.privateKeyPkcs8);
+      publicKey = await this.importPublicKeyFromBase58(record.keyInfo.publicKey);
+    } catch (err) {
+      await SecureStore2.deleteItemAsync(this.storageKey);
+      throw new Error(`SecureStoreAuth2StamperStorage: corrupt stored record (key import failed): ${err}`);
     }
     return {
-      idToken: this._idToken,
-      bearerToken: this._bearerToken,
-      refreshToken: this._refreshToken ?? void 0
+      keyPair: { privateKey, publicKey },
+      keyInfo: record.keyInfo,
+      accessToken: record.accessToken,
+      idType: record.idType,
+      refreshToken: record.refreshToken,
+      tokenExpiresAt: record.tokenExpiresAt
     };
   }
-  /**
-   * Arms the stamper with the OIDC token data for subsequent KMS stamp() calls.
-   *
-   * Persists the tokens to SecureStore alongside the key pair so that
-   * auto-connect can restore them on the next app launch without a new login.
-   *
-   * @param refreshToken - When provided alongside a `refreshConfig`, enables
-   *   silent token refresh before the token expires.
-   * @param expiresInMs - Token lifetime in milliseconds (from `expires_in * 1000`).
-   *   Used to compute the absolute expiry time for proactive refresh.
-   */
-  async setTokens({
-    idToken,
-    bearerToken,
-    refreshToken,
-    expiresInMs
-  }) {
-    this._idToken = idToken;
-    this._bearerToken = bearerToken;
-    this._refreshToken = refreshToken ?? null;
-    this._tokenExpiresAt = expiresInMs != null ? Date.now() + expiresInMs : null;
-    const existing = await this.loadRecord();
-    if (existing) {
-      await this.storeRecord({
-        ...existing,
-        idToken,
-        bearerToken,
-        refreshToken,
-        tokenExpiresAt: this._tokenExpiresAt ?? void 0
-      });
-    }
-  }
-  async stamp(params) {
-    if (!this._keyPair || !this._keyInfo || this._idToken === null) {
-      throw new Error("ExpoAuth2Stamper not initialized. Call init() first.");
-    }
-    const signatureRaw = await crypto.subtle.sign(
-      { name: "ECDSA", hash: "SHA-256" },
-      this._keyPair.privateKey,
-      new Uint8Array(params.data)
-    );
-    const rawPublicKey = bs58.decode(this._keyInfo.publicKey);
-    const stampData = {
-      kind: this.type,
-      idToken: this._idToken,
-      publicKey: base64urlEncode(rawPublicKey),
-      algorithm: this.algorithm,
-      // The P-256 ephemeral key is unique per wallet, so no additional salt is needed.
-      salt: "",
-      signature: base64urlEncode(new Uint8Array(signatureRaw))
+  async save(record) {
+    const pkcs8Buffer = await crypto.subtle.exportKey("pkcs8", record.keyPair.privateKey);
+    const privateKeyPkcs8 = Buffer.from(pkcs8Buffer).toString("base64");
+    const serialized = {
+      privateKeyPkcs8,
+      keyInfo: record.keyInfo,
+      accessToken: record.accessToken,
+      idType: record.idType,
+      refreshToken: record.refreshToken,
+      tokenExpiresAt: record.tokenExpiresAt
     };
-    return base64urlEncode(new TextEncoder().encode(JSON.stringify(stampData)));
-  }
-  async resetKeyPair() {
-    await this.clear();
-    return this.generateAndStore();
+    await SecureStore2.setItemAsync(this.storageKey, JSON.stringify(serialized), {
+      requireAuthentication: false
+    });
   }
   async clear() {
-    await this.clearStoredRecord();
-    this._keyPair = null;
-    this._keyInfo = null;
-    this._idToken = null;
-    this._bearerToken = null;
-    this._refreshToken = null;
-    this._tokenExpiresAt = null;
-  }
-  // Auth2 doesn't use key rotation; minimal no-op implementations.
-  async rotateKeyPair() {
-    return this.init();
-  }
-  // eslint-disable-next-line @typescript-eslint/require-await
-  async commitRotation(authenticatorId) {
-    if (this._keyInfo) {
-      this._keyInfo.authenticatorId = authenticatorId;
+    try {
+      await SecureStore2.deleteItemAsync(this.storageKey);
+    } catch {
     }
   }
-  async rollbackRotation() {
-  }
-  async generateAndStore() {
-    const keyPair = await crypto.subtle.generateKey(
+  async importPrivateKey(pkcs8Base64) {
+    const pkcs8Bytes = Buffer.from(pkcs8Base64, "base64");
+    return crypto.subtle.importKey(
+      "pkcs8",
+      pkcs8Bytes,
       { name: "ECDSA", namedCurve: "P-256" },
-      true,
-      // extractable — needed to export PKCS#8 for SecureStore
-      ["sign", "verify"]
+      this.requiresExtractableKeys,
+      // extractable so save() can re-export via pkcs8
+      ["sign"]
     );
-    const rawPublicKey = new Uint8Array(await crypto.subtle.exportKey("raw", keyPair.publicKey));
-    const publicKeyBase58 = bs58.encode(rawPublicKey);
-    const keyIdBuffer = await crypto.subtle.digest("SHA-256", rawPublicKey.buffer);
-    const keyId = base64urlEncode(new Uint8Array(keyIdBuffer)).substring(0, 16);
-    this._keyPair = keyPair;
-    this._keyInfo = { keyId, publicKey: publicKeyBase58, createdAt: Date.now() };
-    const pkcs8Buffer = await crypto.subtle.exportKey("pkcs8", keyPair.privateKey);
-    const privateKeyPkcs8 = Buffer.from(pkcs8Buffer).toString("base64");
-    await this.storeRecord({ privateKeyPkcs8, keyInfo: this._keyInfo });
-    return this._keyInfo;
   }
   async importPublicKeyFromBase58(base58PublicKey) {
     const rawBytes = bs58.decode(base58PublicKey);
@@ -864,34 +628,6 @@ var ExpoAuth2Stamper = class {
       ["verify"]
     );
   }
-  async importPrivateKey(pkcs8Base64) {
-    const pkcs8Bytes = Buffer.from(pkcs8Base64, "base64");
-    return crypto.subtle.importKey(
-      "pkcs8",
-      pkcs8Bytes,
-      { name: "ECDSA", namedCurve: "P-256" },
-      false,
-      // non-extractable once loaded into memory
-      ["sign"]
-    );
-  }
-  async loadRecord() {
-    try {
-      const raw = await SecureStore2.getItemAsync(this.storageKey);
-      return raw ? JSON.parse(raw) : null;
-    } catch {
-      return null;
-    }
-  }
-  async storeRecord(record) {
-    await SecureStore2.setItemAsync(this.storageKey, JSON.stringify(record), { requireAuthentication: false });
-  }
-  async clearStoredRecord() {
-    try {
-      await SecureStore2.deleteItemAsync(this.storageKey);
-    } catch {
-    }
-  }
 };
 
 // src/providers/embedded/url-params.ts
@@ -962,180 +698,6 @@ var ExpoURLParamsAccessor = class {
   }
 };
 
-// src/providers/embedded/stamper.ts
-import * as SecureStore3 from "expo-secure-store";
-import { ApiKeyStamper } from "@phantom/api-key-stamper";
-import { DEFAULT_AUTHENTICATOR_ALGORITHM } from "@phantom/constants";
-import { generateKeyPair } from "@phantom/crypto";
-import { base64urlEncode as base64urlEncode2 } from "@phantom/base64url";
-var ReactNativeStamper = class {
-  // Optional for PKI, required for OIDC
-  constructor(config = {}) {
-    this.activeKeyRecord = null;
-    this.pendingKeyRecord = null;
-    this.algorithm = DEFAULT_AUTHENTICATOR_ALGORITHM;
-    this.type = "PKI";
-    this.keyPrefix = config.keyPrefix || "phantom-rn-stamper";
-    this.appId = config.appId || "default";
-  }
-  /**
-   * Initialize the stamper and generate/load cryptographic keys
-   */
-  async init() {
-    this.activeKeyRecord = await this.loadActiveKeyRecord();
-    if (!this.activeKeyRecord) {
-      this.activeKeyRecord = await this.generateAndStoreNewKeyRecord("active");
-    }
-    this.pendingKeyRecord = await this.loadPendingKeyRecord();
-    return this.activeKeyRecord.keyInfo;
-  }
-  /**
-   * Get the current key information
-   */
-  getKeyInfo() {
-    return this.activeKeyRecord?.keyInfo || null;
-  }
-  /**
-   * Generate and store a new key pair, replacing any existing keys
-   */
-  async resetKeyPair() {
-    await this.clear();
-    this.activeKeyRecord = await this.generateAndStoreNewKeyRecord("active");
-    this.pendingKeyRecord = null;
-    return this.activeKeyRecord.keyInfo;
-  }
-  /**
-   * Create X-Phantom-Stamp header value using stored secret key
-   * @param params - Parameters object with data to sign and optional override params
-   * @returns Complete X-Phantom-Stamp header value
-   */
-  async stamp(params) {
-    if (!this.activeKeyRecord) {
-      throw new Error("Stamper not initialized. Call init() first.");
-    }
-    const apiKeyStamper = new ApiKeyStamper({ apiSecretKey: this.activeKeyRecord.secretKey });
-    return await apiKeyStamper.stamp(params);
-  }
-  /**
-   * Clear all stored keys from SecureStore
-   */
-  async clear() {
-    const activeKey = this.getActiveKeyName();
-    const pendingKey = this.getPendingKeyName();
-    try {
-      await SecureStore3.deleteItemAsync(activeKey);
-    } catch (error) {
-    }
-    try {
-      await SecureStore3.deleteItemAsync(pendingKey);
-    } catch (error) {
-    }
-    this.activeKeyRecord = null;
-    this.pendingKeyRecord = null;
-  }
-  /**
-   * Generate a new keypair for rotation without making it active
-   */
-  async rotateKeyPair() {
-    this.pendingKeyRecord = await this.generateAndStoreNewKeyRecord("pending");
-    return this.pendingKeyRecord.keyInfo;
-  }
-  /**
-   * Switch to the pending keypair, making it active and cleaning up the old one
-   */
-  async commitRotation(authenticatorId) {
-    if (!this.pendingKeyRecord) {
-      throw new Error("No pending keypair to commit");
-    }
-    if (this.activeKeyRecord) {
-      try {
-        await SecureStore3.deleteItemAsync(this.getActiveKeyName());
-      } catch (error) {
-      }
-    }
-    this.pendingKeyRecord.status = "active";
-    this.pendingKeyRecord.authenticatorId = authenticatorId;
-    this.pendingKeyRecord.keyInfo.authenticatorId = authenticatorId;
-    this.activeKeyRecord = this.pendingKeyRecord;
-    this.pendingKeyRecord = null;
-    await this.storeKeyRecord(this.activeKeyRecord, "active");
-    try {
-      await SecureStore3.deleteItemAsync(this.getPendingKeyName());
-    } catch (error) {
-    }
-  }
-  /**
-   * Discard the pending keypair on rotation failure
-   */
-  async rollbackRotation() {
-    if (!this.pendingKeyRecord) {
-      return;
-    }
-    try {
-      await SecureStore3.deleteItemAsync(this.getPendingKeyName());
-    } catch (error) {
-    }
-    this.pendingKeyRecord = null;
-  }
-  async generateAndStoreNewKeyRecord(type) {
-    const keypair = generateKeyPair();
-    const keyId = this.createKeyId(keypair.publicKey);
-    const now = Date.now();
-    const keyInfo = {
-      keyId,
-      publicKey: keypair.publicKey,
-      createdAt: now
-    };
-    const record = {
-      keyInfo,
-      secretKey: keypair.secretKey,
-      createdAt: now,
-      expiresAt: 0,
-      // Not used anymore, kept for backward compatibility
-      status: type
-    };
-    await this.storeKeyRecord(record, type);
-    return record;
-  }
-  createKeyId(publicKey) {
-    return base64urlEncode2(new TextEncoder().encode(publicKey)).substring(0, 16);
-  }
-  async storeKeyRecord(record, type) {
-    const keyName = type === "active" ? this.getActiveKeyName() : this.getPendingKeyName();
-    await SecureStore3.setItemAsync(keyName, JSON.stringify(record), {
-      requireAuthentication: false
-    });
-  }
-  async loadActiveKeyRecord() {
-    try {
-      const activeKey = this.getActiveKeyName();
-      const storedRecord = await SecureStore3.getItemAsync(activeKey);
-      if (storedRecord) {
-        return JSON.parse(storedRecord);
-      }
-    } catch (error) {
-    }
-    return null;
-  }
-  async loadPendingKeyRecord() {
-    try {
-      const pendingKey = this.getPendingKeyName();
-      const storedRecord = await SecureStore3.getItemAsync(pendingKey);
-      if (storedRecord) {
-        return JSON.parse(storedRecord);
-      }
-    } catch (error) {
-    }
-    return null;
-  }
-  getActiveKeyName() {
-    return `${this.keyPrefix}-${this.appId}-active`;
-  }
-  getPendingKeyName() {
-    return `${this.keyPrefix}-${this.appId}-pending`;
-  }
-};
-
 // src/providers/embedded/logger.ts
 var ExpoLogger = class {
   constructor(enabled = false) {
@@ -1178,7 +740,7 @@ var ReactNativePhantomAppProvider = class {
 };
 
 // src/PhantomProvider.tsx
-import { Platform as Platform2 } from "react-native";
+import { Platform } from "react-native";
 import { jsx as jsx6 } from "react/jsx-runtime";
 function PhantomProvider({ children, config, debugConfig, theme, appIcon, appName }) {
   const [isConnected, setIsConnected] = useState5(false);
@@ -1194,9 +756,9 @@ function PhantomProvider({ children, config, debugConfig, theme, appIcon, appNam
       apiBaseUrl: config.apiBaseUrl || DEFAULT_WALLET_API_URL,
       embeddedWalletType: config.embeddedWalletType || DEFAULT_EMBEDDED_WALLET_TYPE,
       authOptions: {
-        ...config.authOptions || {},
         redirectUrl,
-        authUrl: config.authOptions?.authUrl || DEFAULT_AUTH_URL2
+        authUrl: config.authOptions?.authUrl || DEFAULT_AUTH_URL,
+        authApiBaseUrl: config.authOptions?.authApiBaseUrl || DEFAULT_AUTH_API_BASE_URL
       }
     };
   }, [config]);
@@ -1204,28 +766,25 @@ function PhantomProvider({ children, config, debugConfig, theme, appIcon, appNam
     const storage = new ExpoSecureStorage();
     const urlParamsAccessor = new ExpoURLParamsAccessor();
     const logger = new ExpoLogger(debugConfig?.enabled || false);
-    const stamper = config.unstable__auth2Options && config.authOptions?.redirectUrl ? new ExpoAuth2Stamper(`phantom-auth2-${memoizedConfig.appId}`, {
-      authApiBaseUrl: config.unstable__auth2Options.authApiBaseUrl,
-      clientId: config.unstable__auth2Options.clientId,
-      redirectUri: config.authOptions.redirectUrl
-    }) : new ReactNativeStamper({
-      keyPrefix: `phantom-rn-${memoizedConfig.appId}`,
-      appId: memoizedConfig.appId
+    const stamper = new Auth2Stamper(new SecureStoreAuth2StamperStorage(`phantom-auth2-${memoizedConfig.appId}`), {
+      authApiBaseUrl: memoizedConfig.authOptions.authApiBaseUrl,
+      clientId: memoizedConfig.appId,
+      redirectUri: memoizedConfig.authOptions.redirectUrl
     });
-    const authProvider = config.unstable__auth2Options && config.authOptions?.authUrl && config.authOptions?.redirectUrl && config.apiBaseUrl && stamper instanceof ExpoAuth2Stamper ? new ExpoAuth2AuthProvider(
+    const authProvider = new ExpoAuth2AuthProvider(
       stamper,
       {
-        redirectUri: config.authOptions.redirectUrl,
-        connectLoginUrl: config.authOptions.authUrl,
-        clientId: config.unstable__auth2Options.clientId,
-        authApiBaseUrl: config.unstable__auth2Options.authApiBaseUrl
+        redirectUri: memoizedConfig.authOptions.redirectUrl,
+        connectLoginUrl: memoizedConfig.authOptions.authUrl,
+        clientId: memoizedConfig.appId,
+        authApiBaseUrl: memoizedConfig.authOptions.authApiBaseUrl
       },
       {
-        apiBaseUrl: config.apiBaseUrl,
-        appId: config.appId
+        apiBaseUrl: memoizedConfig.apiBaseUrl,
+        appId: memoizedConfig.appId
       }
-    ) : new ExpoAuthProvider();
-    const platformName = `${Platform2.OS}-${Platform2.Version}`;
+    );
+    const platformName = `${Platform.OS}-${Platform.Version}`;
     const platform = {
       storage,
       authProvider,
@@ -1236,11 +795,11 @@ function PhantomProvider({ children, config, debugConfig, theme, appIcon, appNam
       analyticsHeaders: {
         [ANALYTICS_HEADERS.SDK_TYPE]: "react-native",
         [ANALYTICS_HEADERS.PLATFORM]: "ext-sdk",
-        [ANALYTICS_HEADERS.PLATFORM_VERSION]: `${Platform2.Version}`,
-        [ANALYTICS_HEADERS.CLIENT]: Platform2.OS,
+        [ANALYTICS_HEADERS.PLATFORM_VERSION]: `${Platform.Version}`,
+        [ANALYTICS_HEADERS.CLIENT]: Platform.OS,
         [ANALYTICS_HEADERS.APP_ID]: config.appId,
         [ANALYTICS_HEADERS.WALLET_TYPE]: config.embeddedWalletType,
-        [ANALYTICS_HEADERS.SDK_VERSION]: "1.0.7"
+        [ANALYTICS_HEADERS.SDK_VERSION]: "2.0.0"
         // Replaced at build time
       }
     };
@@ -1355,14 +914,14 @@ function useEthereum() {
 // src/index.ts
 import { AddressType } from "@phantom/client";
 import { NetworkId } from "@phantom/constants";
-import { base64urlEncode as base64urlEncode3, base64urlDecode } from "@phantom/base64url";
+import { base64urlEncode, base64urlDecode } from "@phantom/base64url";
 import { darkTheme as darkTheme2, lightTheme } from "@phantom/wallet-sdk-ui";
 export {
   AddressType,
   NetworkId,
   PhantomProvider,
   base64urlDecode,
-  base64urlEncode3 as base64urlEncode,
+  base64urlEncode,
   darkTheme2 as darkTheme,
   lightTheme,
   useAccounts,