@privy-io/node 0.1.0-alpha.3 → 0.2.0

package/lib/auth.js

@@ -0,0 +1,130 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InvalidAuthTokenError = void 0;
+exports.verifyAuthToken = verifyAuthToken;
+exports.verifyIdentityToken = verifyIdentityToken;
+exports.createPrivyAppJWKS = createPrivyAppJWKS;
+const jose_1 = require("jose");
+const error_1 = require("../core/error.js");
+const identity_token_1 = require("./identity-token.js");
+const JWT_ALGORITHM = 'ES256';
+const JWT_ISSUER = 'privy.io';
+/**
+ * Verifies a JWT issued by privy.io for the given app ID.
+ * This serves both auth tokens and identity tokens.
+ * @returns The verify result along with the token's payload.
+ * @throws If the token is invalid.
+ */
+async function verifyPrivyIssuedJwt(jwt, appId, verificationKey) {
+    // Because of a type difference, the calls cannot be merged into one.
+    let verifiedToken;
+    if (typeof verificationKey !== 'function') {
+        verifiedToken = await (0, jose_1.jwtVerify)(jwt, verificationKey, {
+            typ: 'JWT',
+            algorithms: [JWT_ALGORITHM],
+            issuer: JWT_ISSUER,
+            audience: appId,
+        }).catch(mapAndThrowJoseErrors);
+    }
+    else {
+        verifiedToken = await (0, jose_1.jwtVerify)(jwt, verificationKey, {
+            typ: 'JWT',
+            algorithms: [JWT_ALGORITHM],
+            issuer: JWT_ISSUER,
+            audience: appId,
+        }).catch(mapAndThrowJoseErrors);
+    }
+    return verifiedToken;
+}
+/**
+ * Verifies a Privy-issued authentication token.
+ *
+ * @returns The payload of the token if it is valid.
+ * @throws If the token is invalid.
+ */
+async function verifyAuthToken({ auth_token: authToken, app_id: appId, verification_key: verificationKeyOrString, }) {
+    const verificationKey = typeof verificationKeyOrString === 'string' ?
+        await (0, jose_1.importSPKI)(verificationKeyOrString, JWT_ALGORITHM)
+        : verificationKeyOrString;
+    const verifiedToken = await verifyPrivyIssuedJwt(authToken, appId, verificationKey);
+    return {
+        app_id: throwIfNotString(verifiedToken.payload.aud),
+        issuer: throwIfNotString(verifiedToken.payload.iss),
+        issued_at: throwIfNotNumber(verifiedToken.payload.iat),
+        expiration: throwIfNotNumber(verifiedToken.payload.exp),
+        session_id: throwIfNotString(verifiedToken.payload['sid']),
+        user_id: throwIfNotString(verifiedToken.payload.sub),
+    };
+}
+/**
+ * Verifies an identity token, parsing it into a `User` object if it is valid.
+ *
+ * @returns The user object parsed from the identity token.
+ * @throws If the token or its payload is invalid.
+ */
+async function verifyIdentityToken({ identity_token: identityToken, app_id: appId, verification_key: verificationKeyOrString, }) {
+    const verificationKey = typeof verificationKeyOrString === 'string' ?
+        await (0, jose_1.importSPKI)(verificationKeyOrString, JWT_ALGORITHM)
+        : verificationKeyOrString;
+    const verifiedToken = await verifyPrivyIssuedJwt(identityToken, appId, verificationKey);
+    if (!verifiedToken.payload) {
+        throw new InvalidAuthTokenError('Unable to parse identity token');
+    }
+    return (0, identity_token_1.parseUserFromIdentityTokenPayload)(verifiedToken.payload);
+}
+class InvalidAuthTokenError extends error_1.PrivyAPIError {
+}
+exports.InvalidAuthTokenError = InvalidAuthTokenError;
+/** Used for asserting the values in the token payload are strings. */
+function throwIfNotString(value) {
+    if (!value || typeof value !== 'string') {
+        throw new InvalidAuthTokenError("Token's payload is invalid");
+    }
+    return value;
+}
+/** Used for asserting the values in the token payload are numbers. */
+function throwIfNotNumber(value) {
+    if (!value || typeof value !== 'number') {
+        throw new InvalidAuthTokenError("Token's payload is invalid");
+    }
+    return value;
+}
+/**
+ * Used to catch errors thrown by async `jose` functions and map to our own error types.
+ * This method will **always** throw an error, so it's return type is `never`.
+ */
+function mapAndThrowJoseErrors(error) {
+    if (error instanceof jose_1.errors.JWTExpired) {
+        throw new InvalidAuthTokenError('Authentication token expired');
+    }
+    else if (error instanceof jose_1.errors.JWTClaimValidationFailed || error instanceof jose_1.errors.JWTInvalid) {
+        throw new InvalidAuthTokenError('Authentication token is invalid');
+    }
+    else {
+        throw new InvalidAuthTokenError('Failed to verify authentication token');
+    }
+}
+function createPrivyAppJWKS({ appId, apiUrl, headers, verificationKeyOverride, }) {
+    if (verificationKeyOverride !== undefined) {
+        // Use a closure to cache the verification key once imported
+        let verificationKey;
+        return async () => {
+            if (verificationKey === undefined) {
+                try {
+                    verificationKey = await (0, jose_1.importSPKI)(verificationKeyOverride, JWT_ALGORITHM);
+                }
+                catch (error) {
+                    throw new InvalidAuthTokenError('Failed to import the provided verification key override');
+                }
+            }
+            return verificationKey;
+        };
+    }
+    const url = new URL(`${apiUrl}/v1/apps/${appId}/jwks.json`);
+    return (0, jose_1.createRemoteJWKSet)(url, {
+        cacheMaxAge: 60 * 60 * 1000, // 60 minutes
+        cooldownDuration: 10 * 60 * 1000, // 10 minutes
+        headers,
+    });
+}
+//# sourceMappingURL=auth.js.map

package/lib/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/lib/auth.ts"],"names":[],"mappings":";;;AAmFA,0CAkBC;AAsBD,kDAgBC;AA2CD,gDA2BC;AAjND,+BAQc;AACd,4CAA8C;AAC9C,wDAAqE;AAGrE,MAAM,aAAa,GAAG,OAAO,CAAC;AAC9B,MAAM,UAAU,GAAG,UAAU,CAAC;AA+B9B;;;;;GAKG;AACH,KAAK,UAAU,oBAAoB,CACjC,GAAW,EACX,KAAa,EACb,eAA4C;IAE5C,qEAAqE;IACrE,IAAI,aAA8B,CAAC;IACnC,IAAI,OAAO,eAAe,KAAK,UAAU,EAAE,CAAC;QAC1C,aAAa,GAAG,MAAM,IAAA,gBAAS,EAAC,GAAG,EAAE,eAAe,EAAE;YACpD,GAAG,EAAE,KAAK;YACV,UAAU,EAAE,CAAC,aAAa,CAAC;YAC3B,MAAM,EAAE,UAAU;YAClB,QAAQ,EAAE,KAAK;SAChB,CAAC,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAClC,CAAC;SAAM,CAAC;QACN,aAAa,GAAG,MAAM,IAAA,gBAAS,EAAC,GAAG,EAAE,eAAe,EAAE;YACpD,GAAG,EAAE,KAAK;YACV,UAAU,EAAE,CAAC,aAAa,CAAC;YAC3B,MAAM,EAAE,UAAU;YAClB,QAAQ,EAAE,KAAK;SAChB,CAAC,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAClC,CAAC;IAED,OAAO,aAAa,CAAC;AACvB,CAAC;AAED;;;;;GAKG;AACI,KAAK,UAAU,eAAe,CAAC,EACpC,UAAU,EAAE,SAAS,EACrB,MAAM,EAAE,KAAK,EACb,gBAAgB,EAAE,uBAAuB,GACpB;IACrB,MAAM,eAAe,GACnB,OAAO,uBAAuB,KAAK,QAAQ,CAAC,CAAC;QAC3C,MAAM,IAAA,iBAAU,EAAC,uBAAuB,EAAE,aAAa,CAAC;QAC1D,CAAC,CAAC,uBAAuB,CAAC;IAC5B,MAAM,aAAa,GAAG,MAAM,oBAAoB,CAAC,SAAS,EAAE,KAAK,EAAE,eAAe,CAAC,CAAC;IACpF,OAAO;QACL,MAAM,EAAE,gBAAgB,CAAC,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC;QACnD,MAAM,EAAE,gBAAgB,CAAC,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC;QACnD,SAAS,EAAE,gBAAgB,CAAC,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC;QACtD,UAAU,EAAE,gBAAgB,CAAC,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC;QACvD,UAAU,EAAE,gBAAgB,CAAC,aAAa,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAC1D,OAAO,EAAE,gBAAgB,CAAC,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC;KACrD,CAAC;AACJ,CAAC;AAgBD;;;;;GAKG;AACI,KAAK,UAAU,mBAAmB,CAAC,EACxC,cAAc,EAAE,aAAa,EAC7B,MAAM,EAAE,KAAK,EACb,gBAAgB,EAAE,uBAAuB,GAChB;IACzB,MAAM,eAAe,GACnB,OAAO,uBAAuB,KAAK,QAAQ,CAAC,CAAC;QAC3C,MAAM,IAAA,iBAAU,EAAC,uBAAuB,EAAE,aAAa,CAAC;QAC1D,CAAC,CAAC,uBAAuB,CAAC;IAC5B,MAAM,aAAa,GAAG,MAAM,oBAAoB,CAAC,aAAa,EAAE,KAAK,EAAE,eAAe,CAAC,CAAC;IAExF,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC;QAC3B,MAAM,IAAI,qBAAqB,CAAC,gCAAgC,CAAC,CAAC;IACpE,CAAC;IAED,OAAO,IAAA,kDAAiC,EAAC,aAAa,CAAC,OAAO,CAAC,CAAC;AAClE,CAAC;AAED,MAAa,qBAAsB,SAAQ,qBAAa;CAAG;AAA3D,sDAA2D;AAE3D,sEAAsE;AACtE,SAAS,gBAAgB,CAAC,KAAc;IACtC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,MAAM,IAAI,qBAAqB,CAAC,4BAA4B,CAAC,CAAC;IAChE,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,sEAAsE;AACtE,SAAS,gBAAgB,CAAC,KAAc;IACtC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,MAAM,IAAI,qBAAqB,CAAC,4BAA4B,CAAC,CAAC;IAChE,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,SAAS,qBAAqB,CAAC,KAAc;IAC3C,IAAI,KAAK,YAAY,aAAU,CAAC,UAAU,EAAE,CAAC;QAC3C,MAAM,IAAI,qBAAqB,CAAC,8BAA8B,CAAC,CAAC;IAClE,CAAC;SAAM,IAAI,KAAK,YAAY,aAAU,CAAC,wBAAwB,IAAI,KAAK,YAAY,aAAU,CAAC,UAAU,EAAE,CAAC;QAC1G,MAAM,IAAI,qBAAqB,CAAC,iCAAiC,CAAC,CAAC;IACrE,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,qBAAqB,CAAC,uCAAuC,CAAC,CAAC;IAC3E,CAAC;AACH,CAAC;AAWD,SAAgB,kBAAkB,CAAC,EACjC,KAAK,EACL,MAAM,EACN,OAAO,EACP,uBAAuB,GACC;IACxB,IAAI,uBAAuB,KAAK,SAAS,EAAE,CAAC;QAC1C,4DAA4D;QAC5D,IAAI,eAA0B,CAAC;QAC/B,OAAO,KAAK,IAAI,EAAE;YAChB,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;gBAClC,IAAI,CAAC;oBACH,eAAe,GAAG,MAAM,IAAA,iBAAU,EAAC,uBAAuB,EAAE,aAAa,CAAC,CAAC;gBAC7E,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,CAAC,yDAAyD,CAAC,CAAC;gBAC7F,CAAC;YACH,CAAC;YACD,OAAO,eAAe,CAAC;QACzB,CAAC,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,MAAM,YAAY,KAAK,YAAY,CAAC,CAAC;IAC5D,OAAO,IAAA,yBAAkB,EAAC,GAAG,EAAE;QAC7B,WAAW,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,aAAa;QAC1C,gBAAgB,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,aAAa;QAC/C,OAAO;KACR,CAAC,CAAC;AACL,CAAC"}

package/lib/auth.mjs

@@ -0,0 +1,123 @@
+import { createRemoteJWKSet, importSPKI, errors as joseErrors, jwtVerify, } from 'jose';
+import { PrivyAPIError } from "../core/error.mjs";
+import { parseUserFromIdentityTokenPayload } from "./identity-token.mjs";
+const JWT_ALGORITHM = 'ES256';
+const JWT_ISSUER = 'privy.io';
+/**
+ * Verifies a JWT issued by privy.io for the given app ID.
+ * This serves both auth tokens and identity tokens.
+ * @returns The verify result along with the token's payload.
+ * @throws If the token is invalid.
+ */
+async function verifyPrivyIssuedJwt(jwt, appId, verificationKey) {
+    // Because of a type difference, the calls cannot be merged into one.
+    let verifiedToken;
+    if (typeof verificationKey !== 'function') {
+        verifiedToken = await jwtVerify(jwt, verificationKey, {
+            typ: 'JWT',
+            algorithms: [JWT_ALGORITHM],
+            issuer: JWT_ISSUER,
+            audience: appId,
+        }).catch(mapAndThrowJoseErrors);
+    }
+    else {
+        verifiedToken = await jwtVerify(jwt, verificationKey, {
+            typ: 'JWT',
+            algorithms: [JWT_ALGORITHM],
+            issuer: JWT_ISSUER,
+            audience: appId,
+        }).catch(mapAndThrowJoseErrors);
+    }
+    return verifiedToken;
+}
+/**
+ * Verifies a Privy-issued authentication token.
+ *
+ * @returns The payload of the token if it is valid.
+ * @throws If the token is invalid.
+ */
+export async function verifyAuthToken({ auth_token: authToken, app_id: appId, verification_key: verificationKeyOrString, }) {
+    const verificationKey = typeof verificationKeyOrString === 'string' ?
+        await importSPKI(verificationKeyOrString, JWT_ALGORITHM)
+        : verificationKeyOrString;
+    const verifiedToken = await verifyPrivyIssuedJwt(authToken, appId, verificationKey);
+    return {
+        app_id: throwIfNotString(verifiedToken.payload.aud),
+        issuer: throwIfNotString(verifiedToken.payload.iss),
+        issued_at: throwIfNotNumber(verifiedToken.payload.iat),
+        expiration: throwIfNotNumber(verifiedToken.payload.exp),
+        session_id: throwIfNotString(verifiedToken.payload['sid']),
+        user_id: throwIfNotString(verifiedToken.payload.sub),
+    };
+}
+/**
+ * Verifies an identity token, parsing it into a `User` object if it is valid.
+ *
+ * @returns The user object parsed from the identity token.
+ * @throws If the token or its payload is invalid.
+ */
+export async function verifyIdentityToken({ identity_token: identityToken, app_id: appId, verification_key: verificationKeyOrString, }) {
+    const verificationKey = typeof verificationKeyOrString === 'string' ?
+        await importSPKI(verificationKeyOrString, JWT_ALGORITHM)
+        : verificationKeyOrString;
+    const verifiedToken = await verifyPrivyIssuedJwt(identityToken, appId, verificationKey);
+    if (!verifiedToken.payload) {
+        throw new InvalidAuthTokenError('Unable to parse identity token');
+    }
+    return parseUserFromIdentityTokenPayload(verifiedToken.payload);
+}
+export class InvalidAuthTokenError extends PrivyAPIError {
+}
+/** Used for asserting the values in the token payload are strings. */
+function throwIfNotString(value) {
+    if (!value || typeof value !== 'string') {
+        throw new InvalidAuthTokenError("Token's payload is invalid");
+    }
+    return value;
+}
+/** Used for asserting the values in the token payload are numbers. */
+function throwIfNotNumber(value) {
+    if (!value || typeof value !== 'number') {
+        throw new InvalidAuthTokenError("Token's payload is invalid");
+    }
+    return value;
+}
+/**
+ * Used to catch errors thrown by async `jose` functions and map to our own error types.
+ * This method will **always** throw an error, so it's return type is `never`.
+ */
+function mapAndThrowJoseErrors(error) {
+    if (error instanceof joseErrors.JWTExpired) {
+        throw new InvalidAuthTokenError('Authentication token expired');
+    }
+    else if (error instanceof joseErrors.JWTClaimValidationFailed || error instanceof joseErrors.JWTInvalid) {
+        throw new InvalidAuthTokenError('Authentication token is invalid');
+    }
+    else {
+        throw new InvalidAuthTokenError('Failed to verify authentication token');
+    }
+}
+export function createPrivyAppJWKS({ appId, apiUrl, headers, verificationKeyOverride, }) {
+    if (verificationKeyOverride !== undefined) {
+        // Use a closure to cache the verification key once imported
+        let verificationKey;
+        return async () => {
+            if (verificationKey === undefined) {
+                try {
+                    verificationKey = await importSPKI(verificationKeyOverride, JWT_ALGORITHM);
+                }
+                catch (error) {
+                    throw new InvalidAuthTokenError('Failed to import the provided verification key override');
+                }
+            }
+            return verificationKey;
+        };
+    }
+    const url = new URL(`${apiUrl}/v1/apps/${appId}/jwks.json`);
+    return createRemoteJWKSet(url, {
+        cacheMaxAge: 60 * 60 * 1000, // 60 minutes
+        cooldownDuration: 10 * 60 * 1000, // 10 minutes
+        headers,
+    });
+}
+//# sourceMappingURL=auth.mjs.map

package/lib/auth.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.mjs","sourceRoot":"","sources":["../src/lib/auth.ts"],"names":[],"mappings":"OAAO,EACL,kBAAkB,EAElB,UAAU,EACV,MAAM,IAAI,UAAU,EACpB,SAAS,GAGV,MAAM,MAAM;OACN,EAAE,aAAa,EAAE;OACjB,EAAE,iCAAiC,EAAE;AAG5C,MAAM,aAAa,GAAG,OAAO,CAAC;AAC9B,MAAM,UAAU,GAAG,UAAU,CAAC;AA+B9B;;;;;GAKG;AACH,KAAK,UAAU,oBAAoB,CACjC,GAAW,EACX,KAAa,EACb,eAA4C;IAE5C,qEAAqE;IACrE,IAAI,aAA8B,CAAC;IACnC,IAAI,OAAO,eAAe,KAAK,UAAU,EAAE,CAAC;QAC1C,aAAa,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE,eAAe,EAAE;YACpD,GAAG,EAAE,KAAK;YACV,UAAU,EAAE,CAAC,aAAa,CAAC;YAC3B,MAAM,EAAE,UAAU;YAClB,QAAQ,EAAE,KAAK;SAChB,CAAC,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAClC,CAAC;SAAM,CAAC;QACN,aAAa,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE,eAAe,EAAE;YACpD,GAAG,EAAE,KAAK;YACV,UAAU,EAAE,CAAC,aAAa,CAAC;YAC3B,MAAM,EAAE,UAAU;YAClB,QAAQ,EAAE,KAAK;SAChB,CAAC,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAClC,CAAC;IAED,OAAO,aAAa,CAAC;AACvB,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,EACpC,UAAU,EAAE,SAAS,EACrB,MAAM,EAAE,KAAK,EACb,gBAAgB,EAAE,uBAAuB,GACpB;IACrB,MAAM,eAAe,GACnB,OAAO,uBAAuB,KAAK,QAAQ,CAAC,CAAC;QAC3C,MAAM,UAAU,CAAC,uBAAuB,EAAE,aAAa,CAAC;QAC1D,CAAC,CAAC,uBAAuB,CAAC;IAC5B,MAAM,aAAa,GAAG,MAAM,oBAAoB,CAAC,SAAS,EAAE,KAAK,EAAE,eAAe,CAAC,CAAC;IACpF,OAAO;QACL,MAAM,EAAE,gBAAgB,CAAC,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC;QACnD,MAAM,EAAE,gBAAgB,CAAC,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC;QACnD,SAAS,EAAE,gBAAgB,CAAC,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC;QACtD,UAAU,EAAE,gBAAgB,CAAC,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC;QACvD,UAAU,EAAE,gBAAgB,CAAC,aAAa,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAC1D,OAAO,EAAE,gBAAgB,CAAC,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC;KACrD,CAAC;AACJ,CAAC;AAgBD;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,EACxC,cAAc,EAAE,aAAa,EAC7B,MAAM,EAAE,KAAK,EACb,gBAAgB,EAAE,uBAAuB,GAChB;IACzB,MAAM,eAAe,GACnB,OAAO,uBAAuB,KAAK,QAAQ,CAAC,CAAC;QAC3C,MAAM,UAAU,CAAC,uBAAuB,EAAE,aAAa,CAAC;QAC1D,CAAC,CAAC,uBAAuB,CAAC;IAC5B,MAAM,aAAa,GAAG,MAAM,oBAAoB,CAAC,aAAa,EAAE,KAAK,EAAE,eAAe,CAAC,CAAC;IAExF,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC;QAC3B,MAAM,IAAI,qBAAqB,CAAC,gCAAgC,CAAC,CAAC;IACpE,CAAC;IAED,OAAO,iCAAiC,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;AAClE,CAAC;AAED,MAAM,OAAO,qBAAsB,SAAQ,aAAa;CAAG;AAE3D,sEAAsE;AACtE,SAAS,gBAAgB,CAAC,KAAc;IACtC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,MAAM,IAAI,qBAAqB,CAAC,4BAA4B,CAAC,CAAC;IAChE,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,sEAAsE;AACtE,SAAS,gBAAgB,CAAC,KAAc;IACtC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,MAAM,IAAI,qBAAqB,CAAC,4BAA4B,CAAC,CAAC;IAChE,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,SAAS,qBAAqB,CAAC,KAAc;IAC3C,IAAI,KAAK,YAAY,UAAU,CAAC,UAAU,EAAE,CAAC;QAC3C,MAAM,IAAI,qBAAqB,CAAC,8BAA8B,CAAC,CAAC;IAClE,CAAC;SAAM,IAAI,KAAK,YAAY,UAAU,CAAC,wBAAwB,IAAI,KAAK,YAAY,UAAU,CAAC,UAAU,EAAE,CAAC;QAC1G,MAAM,IAAI,qBAAqB,CAAC,iCAAiC,CAAC,CAAC;IACrE,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,qBAAqB,CAAC,uCAAuC,CAAC,CAAC;IAC3E,CAAC;AACH,CAAC;AAWD,MAAM,UAAU,kBAAkB,CAAC,EACjC,KAAK,EACL,MAAM,EACN,OAAO,EACP,uBAAuB,GACC;IACxB,IAAI,uBAAuB,KAAK,SAAS,EAAE,CAAC;QAC1C,4DAA4D;QAC5D,IAAI,eAA0B,CAAC;QAC/B,OAAO,KAAK,IAAI,EAAE;YAChB,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;gBAClC,IAAI,CAAC;oBACH,eAAe,GAAG,MAAM,UAAU,CAAC,uBAAuB,EAAE,aAAa,CAAC,CAAC;gBAC7E,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,CAAC,yDAAyD,CAAC,CAAC;gBAC7F,CAAC;YACH,CAAC;YACD,OAAO,eAAe,CAAC;QACzB,CAAC,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,MAAM,YAAY,KAAK,YAAY,CAAC,CAAC;IAC5D,OAAO,kBAAkB,CAAC,GAAG,EAAE;QAC7B,WAAW,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,aAAa;QAC1C,gBAAgB,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,aAAa;QAC/C,OAAO;KACR,CAAC,CAAC;AACL,CAAC"}

package/lib/cryptography.d.mts

@@ -5,4 +5,7 @@ export declare namespace HPKESender {
     }
 }
 export declare function setupHPKESender(): Promise<HPKESender>;
+/** This prefix is no longer used, but we need to support existing keys */
+export declare const WALLET_API_PRIVATE_KEY_PREFIX = "wallet-api:";
+export declare const AUTHORIZATION_PRIVATE_KEY_PREFIX = "wallet-auth:";
 //# sourceMappingURL=cryptography.d.mts.map

package/lib/cryptography.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"cryptography.d.mts","sourceRoot":"","sources":["../src/lib/cryptography.ts"],"names":[],"mappings":"AA+EA,yBAAiB,UAAU,CAAC;IAC1B,UAAiB,oBAAoB;QACnC,UAAU,EAAE,UAAU,CAAC;QACvB,eAAe,EAAE,UAAU,CAAC;KAC7B;CACF;AAED,wBAAsB,eAAe,IAAI,OAAO,CAAC,UAAU,CAAC,CAsB3D"}
+{"version":3,"file":"cryptography.d.mts","sourceRoot":"","sources":["../src/lib/cryptography.ts"],"names":[],"mappings":"AAmFA,yBAAiB,UAAU,CAAC;IAC1B,UAAiB,oBAAoB;QACnC,UAAU,EAAE,UAAU,CAAC;QACvB,eAAe,EAAE,UAAU,CAAC;KAC7B;CACF;AAED,wBAAsB,eAAe,IAAI,OAAO,CAAC,UAAU,CAAC,CAsB3D;AAED,0EAA0E;AAC1E,eAAO,MAAM,6BAA6B,gBAAgB,CAAC;AAC3D,eAAO,MAAM,gCAAgC,iBAAiB,CAAC"}

package/lib/cryptography.d.ts

@@ -5,4 +5,7 @@ export declare namespace HPKESender {
     }
 }
 export declare function setupHPKESender(): Promise<HPKESender>;
+/** This prefix is no longer used, but we need to support existing keys */
+export declare const WALLET_API_PRIVATE_KEY_PREFIX = "wallet-api:";
+export declare const AUTHORIZATION_PRIVATE_KEY_PREFIX = "wallet-auth:";
 //# sourceMappingURL=cryptography.d.ts.map

package/lib/cryptography.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cryptography.d.ts","sourceRoot":"","sources":["../src/lib/cryptography.ts"],"names":[],"mappings":"AA+EA,yBAAiB,UAAU,CAAC;IAC1B,UAAiB,oBAAoB;QACnC,UAAU,EAAE,UAAU,CAAC;QACvB,eAAe,EAAE,UAAU,CAAC;KAC7B;CACF;AAED,wBAAsB,eAAe,IAAI,OAAO,CAAC,UAAU,CAAC,CAsB3D"}
+{"version":3,"file":"cryptography.d.ts","sourceRoot":"","sources":["../src/lib/cryptography.ts"],"names":[],"mappings":"AAmFA,yBAAiB,UAAU,CAAC;IAC1B,UAAiB,oBAAoB;QACnC,UAAU,EAAE,UAAU,CAAC;QACvB,eAAe,EAAE,UAAU,CAAC;KAC7B;CACF;AAED,wBAAsB,eAAe,IAAI,OAAO,CAAC,UAAU,CAAC,CAsB3D;AAED,0EAA0E;AAC1E,eAAO,MAAM,6BAA6B,gBAAgB,CAAC;AAC3D,eAAO,MAAM,gCAAgC,iBAAiB,CAAC"}

package/lib/cryptography.js

@@ -1,5 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.AUTHORIZATION_PRIVATE_KEY_PREFIX = exports.WALLET_API_PRIVATE_KEY_PREFIX = void 0;
 exports.importPKCS8PrivateKey = importPKCS8PrivateKey;
 exports.setupHPKERecipient = setupHPKERecipient;
 exports.setupHPKESender = setupHPKESender;
@@ -14,8 +15,11 @@ const nist_1 = require("@noble/curves/nist");
  * @internal
  */
 function importPKCS8PrivateKey(privateKey) {
+    const strippedPrivateKey = privateKey
+        .replace(exports.AUTHORIZATION_PRIVATE_KEY_PREFIX, '')
+        .replace(exports.WALLET_API_PRIVATE_KEY_PREFIX, '');
     // We fall back to `Buffer` here as Uint8Array.fromBase64 is not widely supported yet
-    const pkcs8Bytes = Buffer.from(privateKey, 'base64');
+    const pkcs8Bytes = Buffer.from(strippedPrivateKey, 'base64');
     const privateKeyStart = pkcs8Bytes.indexOf(Buffer.from([0x04, 0x20]));
     if (privateKeyStart === -1) {
         throw new Error('Invalid wallet authorization private key');
@@ -69,4 +73,7 @@ async function setupHPKESender() {
         },
     };
 }
+/** This prefix is no longer used, but we need to support existing keys */
+exports.WALLET_API_PRIVATE_KEY_PREFIX = 'wallet-api:';
+exports.AUTHORIZATION_PRIVATE_KEY_PREFIX = 'wallet-auth:';
 //# sourceMappingURL=cryptography.js.map

package/lib/cryptography.js.map

@@ -1 +1 @@
-{"version":3,"file":"cryptography.js","sourceRoot":"","sources":["../src/lib/cryptography.ts"],"names":[],"mappings":";;AAYA,sDAUC;AAqBD,gDAuBC;AAoBD,0CAsBC;AA5GD,6DAA0D;AAC1D,qCAA0E;AAC1E,6CAA0C;AAG1C;;;;;;GAMG;AACH,SAAgB,qBAAqB,CAAC,UAAkB;IACtD,qFAAqF;IACrF,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IACrD,MAAM,eAAe,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;IAEtE,IAAI,eAAe,KAAK,CAAC,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC9D,CAAC;IACD,MAAM,eAAe,GAAG,UAAU,CAAC,QAAQ,CAAC,eAAe,GAAG,CAAC,EAAE,eAAe,GAAG,EAAE,CAAC,CAAC;IACvF,OAAO,WAAI,CAAC,KAAK,CAAC,EAAE,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;AAClD,CAAC;AAeD;;;;;GAKG;AACI,KAAK,UAAU,kBAAkB;IACtC,MAAM,KAAK,GAAG,IAAI,kBAAW,CAAC;QAC5B,GAAG,EAAE,IAAI,0BAAmB,EAAE;QAC9B,GAAG,EAAE,IAAI,iBAAU,EAAE;QACrB,IAAI,EAAE,IAAI,mCAAgB,EAAE;KAC7B,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,eAAe,EAAE,CAAC;IAClD,MAAM,aAAa,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IAE/E,OAAO;QACL,aAAa,EAAE,IAAI,UAAU,CAAC,aAAa,CAAC;QAC5C,cAAc,EAAE,KAAK,EAAE,eAA2B,EAAE,UAAsB,EAAE,EAAE;YAC5E,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,sBAAsB,CAAC;gBACnD,YAAY,EAAE,OAAO,CAAC,UAAU;gBAChC,GAAG,EAAE,eAAe;aACrB,CAAC,CAAC;YAEH,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAEtD,OAAO,IAAI,UAAU,CAAC,YAAY,CAAC,CAAC;QACtC,CAAC;KACF,CAAC;AACJ,CAAC;AAoBM,KAAK,UAAU,eAAe;IACnC,MAAM,KAAK,GAAG,IAAI,kBAAW,CAAC;QAC5B,GAAG,EAAE,IAAI,0BAAmB,EAAE;QAC9B,GAAG,EAAE,IAAI,iBAAU,EAAE;QACrB,IAAI,EAAE,IAAI,mCAAgB,EAAE;KAC7B,CAAC,CAAC;IAEH,OAAO;QACL,cAAc,EAAE,KAAK,EAAE,SAAqB,EAAE,OAAmB,EAAE,EAAE;YACnE,MAAM,kBAAkB,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAC;YAC3E,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,mBAAmB,CAAC;gBAC7C,kBAAkB;aACnB,CAAC,CAAC;YAEH,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAE9C,OAAO;gBACL,UAAU,EAAE,IAAI,UAAU,CAAC,UAAU,CAAC;gBACtC,eAAe,EAAE,IAAI,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC;aAC5C,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC"}
+{"version":3,"file":"cryptography.js","sourceRoot":"","sources":["../src/lib/cryptography.ts"],"names":[],"mappings":";;;AAYA,sDAcC;AAqBD,gDAuBC;AAoBD,0CAsBC;AAhHD,6DAA0D;AAC1D,qCAA0E;AAC1E,6CAA0C;AAG1C;;;;;;GAMG;AACH,SAAgB,qBAAqB,CAAC,UAAkB;IACtD,MAAM,kBAAkB,GAAG,UAAU;SAClC,OAAO,CAAC,wCAAgC,EAAE,EAAE,CAAC;SAC7C,OAAO,CAAC,qCAA6B,EAAE,EAAE,CAAC,CAAC;IAE9C,qFAAqF;IACrF,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,kBAAkB,EAAE,QAAQ,CAAC,CAAC;IAC7D,MAAM,eAAe,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;IAEtE,IAAI,eAAe,KAAK,CAAC,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC9D,CAAC;IACD,MAAM,eAAe,GAAG,UAAU,CAAC,QAAQ,CAAC,eAAe,GAAG,CAAC,EAAE,eAAe,GAAG,EAAE,CAAC,CAAC;IACvF,OAAO,WAAI,CAAC,KAAK,CAAC,EAAE,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;AAClD,CAAC;AAeD;;;;;GAKG;AACI,KAAK,UAAU,kBAAkB;IACtC,MAAM,KAAK,GAAG,IAAI,kBAAW,CAAC;QAC5B,GAAG,EAAE,IAAI,0BAAmB,EAAE;QAC9B,GAAG,EAAE,IAAI,iBAAU,EAAE;QACrB,IAAI,EAAE,IAAI,mCAAgB,EAAE;KAC7B,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,eAAe,EAAE,CAAC;IAClD,MAAM,aAAa,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IAE/E,OAAO;QACL,aAAa,EAAE,IAAI,UAAU,CAAC,aAAa,CAAC;QAC5C,cAAc,EAAE,KAAK,EAAE,eAA2B,EAAE,UAAsB,EAAE,EAAE;YAC5E,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,sBAAsB,CAAC;gBACnD,YAAY,EAAE,OAAO,CAAC,UAAU;gBAChC,GAAG,EAAE,eAAe;aACrB,CAAC,CAAC;YAEH,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAEtD,OAAO,IAAI,UAAU,CAAC,YAAY,CAAC,CAAC;QACtC,CAAC;KACF,CAAC;AACJ,CAAC;AAoBM,KAAK,UAAU,eAAe;IACnC,MAAM,KAAK,GAAG,IAAI,kBAAW,CAAC;QAC5B,GAAG,EAAE,IAAI,0BAAmB,EAAE;QAC9B,GAAG,EAAE,IAAI,iBAAU,EAAE;QACrB,IAAI,EAAE,IAAI,mCAAgB,EAAE;KAC7B,CAAC,CAAC;IAEH,OAAO;QACL,cAAc,EAAE,KAAK,EAAE,SAAqB,EAAE,OAAmB,EAAE,EAAE;YACnE,MAAM,kBAAkB,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAC;YAC3E,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,mBAAmB,CAAC;gBAC7C,kBAAkB;aACnB,CAAC,CAAC;YAEH,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAE9C,OAAO;gBACL,UAAU,EAAE,IAAI,UAAU,CAAC,UAAU,CAAC;gBACtC,eAAe,EAAE,IAAI,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC;aAC5C,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC;AAED,0EAA0E;AAC7D,QAAA,6BAA6B,GAAG,aAAa,CAAC;AAC9C,QAAA,gCAAgC,GAAG,cAAc,CAAC"}

package/lib/cryptography.mjs

@@ -9,8 +9,11 @@ import { p256 } from '@noble/curves/nist';
  * @internal
  */
 export function importPKCS8PrivateKey(privateKey) {
+    const strippedPrivateKey = privateKey
+        .replace(AUTHORIZATION_PRIVATE_KEY_PREFIX, '')
+        .replace(WALLET_API_PRIVATE_KEY_PREFIX, '');
     // We fall back to `Buffer` here as Uint8Array.fromBase64 is not widely supported yet
-    const pkcs8Bytes = Buffer.from(privateKey, 'base64');
+    const pkcs8Bytes = Buffer.from(strippedPrivateKey, 'base64');
     const privateKeyStart = pkcs8Bytes.indexOf(Buffer.from([0x04, 0x20]));
     if (privateKeyStart === -1) {
         throw new Error('Invalid wallet authorization private key');
@@ -64,4 +67,7 @@ export async function setupHPKESender() {
         },
     };
 }
+/** This prefix is no longer used, but we need to support existing keys */
+export const WALLET_API_PRIVATE_KEY_PREFIX = 'wallet-api:';
+export const AUTHORIZATION_PRIVATE_KEY_PREFIX = 'wallet-auth:';
 //# sourceMappingURL=cryptography.mjs.map

package/lib/cryptography.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"cryptography.mjs","sourceRoot":"","sources":["../src/lib/cryptography.ts"],"names":[],"mappings":"OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB;OAClD,EAAE,WAAW,EAAE,mBAAmB,EAAE,UAAU,EAAE,MAAM,YAAY;OAClE,EAAE,IAAI,EAAE,MAAM,oBAAoB;AAGzC;;;;;;GAMG;AACH,MAAM,UAAU,qBAAqB,CAAC,UAAkB;IACtD,qFAAqF;IACrF,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IACrD,MAAM,eAAe,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;IAEtE,IAAI,eAAe,KAAK,CAAC,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC9D,CAAC;IACD,MAAM,eAAe,GAAG,UAAU,CAAC,QAAQ,CAAC,eAAe,GAAG,CAAC,EAAE,eAAe,GAAG,EAAE,CAAC,CAAC;IACvF,OAAO,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;AAClD,CAAC;AAeD;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB;IACtC,MAAM,KAAK,GAAG,IAAI,WAAW,CAAC;QAC5B,GAAG,EAAE,IAAI,mBAAmB,EAAE;QAC9B,GAAG,EAAE,IAAI,UAAU,EAAE;QACrB,IAAI,EAAE,IAAI,gBAAgB,EAAE;KAC7B,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,eAAe,EAAE,CAAC;IAClD,MAAM,aAAa,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IAE/E,OAAO;QACL,aAAa,EAAE,IAAI,UAAU,CAAC,aAAa,CAAC;QAC5C,cAAc,EAAE,KAAK,EAAE,eAA2B,EAAE,UAAsB,EAAE,EAAE;YAC5E,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,sBAAsB,CAAC;gBACnD,YAAY,EAAE,OAAO,CAAC,UAAU;gBAChC,GAAG,EAAE,eAAe;aACrB,CAAC,CAAC;YAEH,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAEtD,OAAO,IAAI,UAAU,CAAC,YAAY,CAAC,CAAC;QACtC,CAAC;KACF,CAAC;AACJ,CAAC;AAoBD,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,MAAM,KAAK,GAAG,IAAI,WAAW,CAAC;QAC5B,GAAG,EAAE,IAAI,mBAAmB,EAAE;QAC9B,GAAG,EAAE,IAAI,UAAU,EAAE;QACrB,IAAI,EAAE,IAAI,gBAAgB,EAAE;KAC7B,CAAC,CAAC;IAEH,OAAO;QACL,cAAc,EAAE,KAAK,EAAE,SAAqB,EAAE,OAAmB,EAAE,EAAE;YACnE,MAAM,kBAAkB,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAC;YAC3E,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,mBAAmB,CAAC;gBAC7C,kBAAkB;aACnB,CAAC,CAAC;YAEH,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAE9C,OAAO;gBACL,UAAU,EAAE,IAAI,UAAU,CAAC,UAAU,CAAC;gBACtC,eAAe,EAAE,IAAI,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC;aAC5C,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC"}
+{"version":3,"file":"cryptography.mjs","sourceRoot":"","sources":["../src/lib/cryptography.ts"],"names":[],"mappings":"OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB;OAClD,EAAE,WAAW,EAAE,mBAAmB,EAAE,UAAU,EAAE,MAAM,YAAY;OAClE,EAAE,IAAI,EAAE,MAAM,oBAAoB;AAGzC;;;;;;GAMG;AACH,MAAM,UAAU,qBAAqB,CAAC,UAAkB;IACtD,MAAM,kBAAkB,GAAG,UAAU;SAClC,OAAO,CAAC,gCAAgC,EAAE,EAAE,CAAC;SAC7C,OAAO,CAAC,6BAA6B,EAAE,EAAE,CAAC,CAAC;IAE9C,qFAAqF;IACrF,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,kBAAkB,EAAE,QAAQ,CAAC,CAAC;IAC7D,MAAM,eAAe,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;IAEtE,IAAI,eAAe,KAAK,CAAC,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC9D,CAAC;IACD,MAAM,eAAe,GAAG,UAAU,CAAC,QAAQ,CAAC,eAAe,GAAG,CAAC,EAAE,eAAe,GAAG,EAAE,CAAC,CAAC;IACvF,OAAO,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;AAClD,CAAC;AAeD;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB;IACtC,MAAM,KAAK,GAAG,IAAI,WAAW,CAAC;QAC5B,GAAG,EAAE,IAAI,mBAAmB,EAAE;QAC9B,GAAG,EAAE,IAAI,UAAU,EAAE;QACrB,IAAI,EAAE,IAAI,gBAAgB,EAAE;KAC7B,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,eAAe,EAAE,CAAC;IAClD,MAAM,aAAa,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IAE/E,OAAO;QACL,aAAa,EAAE,IAAI,UAAU,CAAC,aAAa,CAAC;QAC5C,cAAc,EAAE,KAAK,EAAE,eAA2B,EAAE,UAAsB,EAAE,EAAE;YAC5E,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,sBAAsB,CAAC;gBACnD,YAAY,EAAE,OAAO,CAAC,UAAU;gBAChC,GAAG,EAAE,eAAe;aACrB,CAAC,CAAC;YAEH,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAEtD,OAAO,IAAI,UAAU,CAAC,YAAY,CAAC,CAAC;QACtC,CAAC;KACF,CAAC;AACJ,CAAC;AAoBD,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,MAAM,KAAK,GAAG,IAAI,WAAW,CAAC;QAC5B,GAAG,EAAE,IAAI,mBAAmB,EAAE;QAC9B,GAAG,EAAE,IAAI,UAAU,EAAE;QACrB,IAAI,EAAE,IAAI,gBAAgB,EAAE;KAC7B,CAAC,CAAC;IAEH,OAAO;QACL,cAAc,EAAE,KAAK,EAAE,SAAqB,EAAE,OAAmB,EAAE,EAAE;YACnE,MAAM,kBAAkB,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAC;YAC3E,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,mBAAmB,CAAC;gBAC7C,kBAAkB;aACnB,CAAC,CAAC;YAEH,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAE9C,OAAO;gBACL,UAAU,EAAE,IAAI,UAAU,CAAC,UAAU,CAAC;gBACtC,eAAe,EAAE,IAAI,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC;aAC5C,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC;AAED,0EAA0E;AAC1E,MAAM,CAAC,MAAM,6BAA6B,GAAG,aAAa,CAAC;AAC3D,MAAM,CAAC,MAAM,gCAAgC,GAAG,cAAc,CAAC"}

package/lib/identity-token.d.mts

@@ -0,0 +1,15 @@
+import { JWTPayload } from 'jose';
+import { User } from "../resources.mjs";
+import { PrivyAPIError } from "../error.mjs";
+/**
+ * Parses the payload of an identity token (JWT) into a `User` object.
+ * Note that the user object may be incomplete due to the size constraints of the identity token.
+ *
+ * @param payload The payload of the identity token.
+ * @returns The user object parsed from the identity token.
+ * @throws If the payload is invalid.
+ */
+export declare function parseUserFromIdentityTokenPayload(payload: JWTPayload): User;
+export declare class InvalidIdentityTokenError extends PrivyAPIError {
+}
+//# sourceMappingURL=identity-token.d.mts.map

package/lib/identity-token.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity-token.d.mts","sourceRoot":"","sources":["../src/lib/identity-token.ts"],"names":[],"mappings":"OAAO,EAAE,UAAU,EAAE,MAAM,MAAM;OAC1B,EAAE,IAAI,EAAE;OACR,EAAE,aAAa,EAAE;AAGxB;;;;;;;GAOG;AACH,wBAAgB,iCAAiC,CAAC,OAAO,EAAE,UAAU,GAAG,IAAI,CAY3E;AA8PD,qBAAa,yBAA0B,SAAQ,aAAa;CAAG"}

package/lib/identity-token.d.ts

@@ -0,0 +1,15 @@
+import { JWTPayload } from 'jose';
+import { User } from "../resources.js";
+import { PrivyAPIError } from "../error.js";
+/**
+ * Parses the payload of an identity token (JWT) into a `User` object.
+ * Note that the user object may be incomplete due to the size constraints of the identity token.
+ *
+ * @param payload The payload of the identity token.
+ * @returns The user object parsed from the identity token.
+ * @throws If the payload is invalid.
+ */
+export declare function parseUserFromIdentityTokenPayload(payload: JWTPayload): User;
+export declare class InvalidIdentityTokenError extends PrivyAPIError {
+}
+//# sourceMappingURL=identity-token.d.ts.map

package/lib/identity-token.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity-token.d.ts","sourceRoot":"","sources":["../src/lib/identity-token.ts"],"names":[],"mappings":"OAAO,EAAE,UAAU,EAAE,MAAM,MAAM;OAC1B,EAAE,IAAI,EAAE;OACR,EAAE,aAAa,EAAE;AAGxB;;;;;;;GAOG;AACH,wBAAgB,iCAAiC,CAAC,OAAO,EAAE,UAAU,GAAG,IAAI,CAY3E;AA8PD,qBAAa,yBAA0B,SAAQ,aAAa;CAAG"}