@privy-io/node 0.6.2 → 0.8.0

package/src/client.ts

@@ -19,6 +19,14 @@ import { AbstractPage, type CursorParams, CursorResponse } from './core/paginati
 import * as Uploads from './core/uploads';
 import * as API from './resources/index';
 import { APIPromise } from './core/api-promise';
+import {
+  Aggregation,
+  AggregationGroupBy,
+  AggregationMethod,
+  AggregationMetric,
+  AggregationWindow,
+  Aggregations,
+} from './resources/aggregations';
 import { Analytics, AnalyticsEventInput } from './resources/analytics';
 import { AppResponse, Apps } from './resources/apps';
 import {
@@ -51,21 +59,78 @@ import {
   PolicyUpdateParams,
   PolicyUpdateRuleParams,
   PolicyUpdateRuleResponse,
+  SuiTransactionCommandCondition,
+  SuiTransactionCommandOperator,
+  SuiTransferObjectsCommandCondition,
+  SuiTransferObjectsCommandField,
+  TronTransactionCondition,
 } from './resources/policies';
 import { TransactionGetResponse, Transactions } from './resources/transactions';
 import {
   AuthenticatedUser,
+  CrossAppEmbeddedWallet,
+  CrossAppSmartWallet,
+  CustomMetadata,
+  EmbeddedWalletRecoveryMethod,
   LinkedAccount,
+  LinkedAccountAppleInput,
+  LinkedAccountAppleOAuth,
+  LinkedAccountAuthorizationKey,
+  LinkedAccountBaseWallet,
   LinkedAccountBitcoinSegwitEmbeddedWallet,
   LinkedAccountBitcoinTaprootEmbeddedWallet,
+  LinkedAccountCrossApp,
   LinkedAccountCurveSigningEmbeddedWallet,
+  LinkedAccountCustomJwt,
+  LinkedAccountCustomJwtInput,
+  LinkedAccountCustomOAuth,
+  LinkedAccountDiscordInput,
+  LinkedAccountDiscordOAuth,
+  LinkedAccountEmail,
+  LinkedAccountEmailInput,
   LinkedAccountEmbeddedWallet,
   LinkedAccountEmbeddedWalletWithID,
+  LinkedAccountEthereum,
   LinkedAccountEthereumEmbeddedWallet,
+  LinkedAccountFarcaster,
+  LinkedAccountFarcasterInput,
+  LinkedAccountGitHubInput,
+  LinkedAccountGitHubOAuth,
+  LinkedAccountGoogleInput,
+  LinkedAccountGoogleOAuth,
+  LinkedAccountInput,
+  LinkedAccountInstagramInput,
+  LinkedAccountInstagramOAuth,
+  LinkedAccountLineInput,
+  LinkedAccountLineOAuth,
+  LinkedAccountLinkedInInput,
+  LinkedAccountLinkedInOAuth,
+  LinkedAccountPasskey,
+  LinkedAccountPhone,
+  LinkedAccountPhoneInput,
   LinkedAccountSmartWallet,
+  LinkedAccountSolana,
   LinkedAccountSolanaEmbeddedWallet,
+  LinkedAccountSpotifyInput,
+  LinkedAccountSpotifyOAuth,
+  LinkedAccountTelegram,
+  LinkedAccountTelegramInput,
+  LinkedAccountTiktokInput,
+  LinkedAccountTiktokOAuth,
+  LinkedAccountTwitchInput,
+  LinkedAccountTwitchOAuth,
+  LinkedAccountTwitterInput,
+  LinkedAccountTwitterOAuth,
+  LinkedAccountType,
+  LinkedAccountWalletInput,
+  LinkedMfaMethod,
+  OAuthTokens,
+  PasskeyMfaMethod,
+  SMSMfaMethod,
   SmartWalletType,
+  TotpMfaMethod,
   User,
+  UserBatchCreateInput,
   UserCreateParams,
   UserGetByCustomAuthIDParams,
   UserGetByDiscordUsernameParams,
@@ -84,11 +149,16 @@ import {
   UserSearchParams,
   UserSetCustomMetadataParams,
   UserUnlinkLinkedAccountParams,
+  UserWithIdentityToken,
   Users,
   UsersCursor,
 } from './resources/users';
 import {
   CurveSigningChainType,
+  CustodialWallet,
+  CustodialWalletChainType,
+  CustodialWalletCreateInput,
+  CustodialWalletProvider,
   EthereumPersonalSignRpcInput,
   EthereumPersonalSignRpcResponse,
   EthereumSecp256k1SignRpcInput,
@@ -105,12 +175,14 @@ import {
   EthereumSignUserOperationRpcResponse,
   ExtendedChainType,
   FirstClassChainType,
+  HpkeImportConfig,
   SolanaSignAndSendTransactionRpcInput,
   SolanaSignAndSendTransactionRpcResponse,
   SolanaSignMessageRpcInput,
   SolanaSignMessageRpcResponse,
   SolanaSignTransactionRpcInput,
   SolanaSignTransactionRpcResponse,
+  SuiCommandName,
   Wallet,
   WalletAuthenticateWithJwtParams,
   WalletAuthenticateWithJwtResponse,
@@ -253,7 +325,7 @@ export class PrivyAPI {
   baseURL: string;
   maxRetries: number;
   timeout: number;
-  logger: Logger | undefined;
+  logger: Logger;
   logLevel: LogLevel | undefined;
   fetchOptions: MergedRequestInit | undefined;
 
@@ -900,6 +972,7 @@ export class PrivyAPI {
   clientAuth: API.ClientAuth = new API.ClientAuth(this);
   analytics: API.Analytics = new API.Analytics(this);
   apps: API.Apps = new API.Apps(this);
+  aggregations: API.Aggregations = new API.Aggregations(this);
 }
 
 PrivyAPI.Wallets = Wallets;
@@ -910,6 +983,7 @@ PrivyAPI.KeyQuorums = KeyQuorums;
 PrivyAPI.ClientAuth = ClientAuth;
 PrivyAPI.Analytics = Analytics;
 PrivyAPI.Apps = Apps;
+PrivyAPI.Aggregations = Aggregations;
 
 export declare namespace PrivyAPI {
   export type RequestOptions = Opts.RequestOptions;
@@ -925,6 +999,12 @@ export declare namespace PrivyAPI {
     type WalletChainType as WalletChainType,
     type ExtendedChainType as ExtendedChainType,
     type WalletCustodian as WalletCustodian,
+    type CustodialWalletProvider as CustodialWalletProvider,
+    type CustodialWalletChainType as CustodialWalletChainType,
+    type CustodialWalletCreateInput as CustodialWalletCreateInput,
+    type CustodialWallet as CustodialWallet,
+    type HpkeImportConfig as HpkeImportConfig,
+    type SuiCommandName as SuiCommandName,
     type EthereumPersonalSignRpcInput as EthereumPersonalSignRpcInput,
     type EthereumSignTransactionRpcInput as EthereumSignTransactionRpcInput,
     type EthereumSendTransactionRpcInput as EthereumSendTransactionRpcInput,
@@ -969,6 +1049,17 @@ export declare namespace PrivyAPI {
     type AuthenticatedUser as AuthenticatedUser,
     type LinkedAccount as LinkedAccount,
     type User as User,
+    type LinkedAccountEmail as LinkedAccountEmail,
+    type LinkedAccountPhone as LinkedAccountPhone,
+    type LinkedAccountBaseWallet as LinkedAccountBaseWallet,
+    type LinkedAccountEthereum as LinkedAccountEthereum,
+    type SmartWalletType as SmartWalletType,
+    type LinkedAccountSmartWallet as LinkedAccountSmartWallet,
+    type LinkedAccountSolana as LinkedAccountSolana,
+    type LinkedAccountFarcaster as LinkedAccountFarcaster,
+    type LinkedAccountPasskey as LinkedAccountPasskey,
+    type LinkedAccountTelegram as LinkedAccountTelegram,
+    type EmbeddedWalletRecoveryMethod as EmbeddedWalletRecoveryMethod,
     type LinkedAccountEthereumEmbeddedWallet as LinkedAccountEthereumEmbeddedWallet,
     type LinkedAccountSolanaEmbeddedWallet as LinkedAccountSolanaEmbeddedWallet,
     type LinkedAccountBitcoinSegwitEmbeddedWallet as LinkedAccountBitcoinSegwitEmbeddedWallet,
@@ -976,8 +1067,50 @@ export declare namespace PrivyAPI {
     type LinkedAccountCurveSigningEmbeddedWallet as LinkedAccountCurveSigningEmbeddedWallet,
     type LinkedAccountEmbeddedWallet as LinkedAccountEmbeddedWallet,
     type LinkedAccountEmbeddedWalletWithID as LinkedAccountEmbeddedWalletWithID,
-    type SmartWalletType as SmartWalletType,
-    type LinkedAccountSmartWallet as LinkedAccountSmartWallet,
+    type LinkedAccountGoogleOAuth as LinkedAccountGoogleOAuth,
+    type LinkedAccountTwitterOAuth as LinkedAccountTwitterOAuth,
+    type LinkedAccountDiscordOAuth as LinkedAccountDiscordOAuth,
+    type LinkedAccountGitHubOAuth as LinkedAccountGitHubOAuth,
+    type LinkedAccountLinkedInOAuth as LinkedAccountLinkedInOAuth,
+    type LinkedAccountSpotifyOAuth as LinkedAccountSpotifyOAuth,
+    type LinkedAccountInstagramOAuth as LinkedAccountInstagramOAuth,
+    type LinkedAccountTiktokOAuth as LinkedAccountTiktokOAuth,
+    type LinkedAccountLineOAuth as LinkedAccountLineOAuth,
+    type LinkedAccountTwitchOAuth as LinkedAccountTwitchOAuth,
+    type LinkedAccountAppleOAuth as LinkedAccountAppleOAuth,
+    type LinkedAccountCustomOAuth as LinkedAccountCustomOAuth,
+    type LinkedAccountCustomJwt as LinkedAccountCustomJwt,
+    type CrossAppEmbeddedWallet as CrossAppEmbeddedWallet,
+    type CrossAppSmartWallet as CrossAppSmartWallet,
+    type LinkedAccountCrossApp as LinkedAccountCrossApp,
+    type LinkedAccountAuthorizationKey as LinkedAccountAuthorizationKey,
+    type LinkedAccountType as LinkedAccountType,
+    type CustomMetadata as CustomMetadata,
+    type LinkedAccountWalletInput as LinkedAccountWalletInput,
+    type LinkedAccountEmailInput as LinkedAccountEmailInput,
+    type LinkedAccountPhoneInput as LinkedAccountPhoneInput,
+    type LinkedAccountGoogleInput as LinkedAccountGoogleInput,
+    type LinkedAccountTwitterInput as LinkedAccountTwitterInput,
+    type LinkedAccountDiscordInput as LinkedAccountDiscordInput,
+    type LinkedAccountGitHubInput as LinkedAccountGitHubInput,
+    type LinkedAccountSpotifyInput as LinkedAccountSpotifyInput,
+    type LinkedAccountInstagramInput as LinkedAccountInstagramInput,
+    type LinkedAccountTiktokInput as LinkedAccountTiktokInput,
+    type LinkedAccountLineInput as LinkedAccountLineInput,
+    type LinkedAccountTwitchInput as LinkedAccountTwitchInput,
+    type LinkedAccountAppleInput as LinkedAccountAppleInput,
+    type LinkedAccountLinkedInInput as LinkedAccountLinkedInInput,
+    type LinkedAccountFarcasterInput as LinkedAccountFarcasterInput,
+    type LinkedAccountTelegramInput as LinkedAccountTelegramInput,
+    type LinkedAccountCustomJwtInput as LinkedAccountCustomJwtInput,
+    type LinkedAccountInput as LinkedAccountInput,
+    type UserBatchCreateInput as UserBatchCreateInput,
+    type SMSMfaMethod as SMSMfaMethod,
+    type TotpMfaMethod as TotpMfaMethod,
+    type PasskeyMfaMethod as PasskeyMfaMethod,
+    type LinkedMfaMethod as LinkedMfaMethod,
+    type OAuthTokens as OAuthTokens,
+    type UserWithIdentityToken as UserWithIdentityToken,
     type UsersCursor as UsersCursor,
     type UserCreateParams as UserCreateParams,
     type UserListParams as UserListParams,
@@ -1002,6 +1135,11 @@ export declare namespace PrivyAPI {
   export {
     Policies as Policies,
     type Policy as Policy,
+    type SuiTransactionCommandOperator as SuiTransactionCommandOperator,
+    type SuiTransferObjectsCommandField as SuiTransferObjectsCommandField,
+    type TronTransactionCondition as TronTransactionCondition,
+    type SuiTransactionCommandCondition as SuiTransactionCommandCondition,
+    type SuiTransferObjectsCommandCondition as SuiTransferObjectsCommandCondition,
     type PolicyCreateRuleResponse as PolicyCreateRuleResponse,
     type PolicyDeleteResponse as PolicyDeleteResponse,
     type PolicyDeleteRuleResponse as PolicyDeleteRuleResponse,
@@ -1038,4 +1176,13 @@ export declare namespace PrivyAPI {
   export { Analytics as Analytics, type AnalyticsEventInput as AnalyticsEventInput };
 
   export { Apps as Apps, type AppResponse as AppResponse };
+
+  export {
+    Aggregations as Aggregations,
+    type AggregationMethod as AggregationMethod,
+    type AggregationMetric as AggregationMetric,
+    type AggregationWindow as AggregationWindow,
+    type AggregationGroupBy as AggregationGroupBy,
+    type Aggregation as Aggregation,
+  };
 }

package/src/index.ts

@@ -9,6 +9,9 @@ export { type PrivyUsersService } from './public-api/services/users';
 export { type PrivyUtils } from './public-api/services/utils';
 export {
   InvalidAuthTokenError,
+  verifyAccessToken,
+  type VerifyAccessTokenResponse,
+  type VerifyAccessTokenInput,
   verifyAuthToken,
   type VerifyAuthTokenResponse,
   type VerifyAuthTokenInput,
@@ -29,6 +32,8 @@ export {
   generateAuthorizationSignatures,
 } from './lib/authorization';
 
+export { generateP256KeyPair, type P256KeyPair } from './lib/cryptography';
+
 export { type EmbeddedWalletLinkedAccount, isEmbeddedWalletLinkedAccount } from './lib/user-utils';
 
 export { APIPromise } from './core/api-promise';

package/src/lib/auth.ts

@@ -14,6 +14,23 @@ import { User } from '../resources';
 const JWT_ALGORITHM = 'ES256';
 const JWT_ISSUER = 'privy.io';
 
+export type VerifyAccessTokenInput = {
+  /** The access token to verify. */
+  access_token: string;
+  /** The Privy app ID to verify the token against. */
+  app_id: string;
+  /**
+   * The verification key to use to verify the token, or a mechanism to get the it such as via JWKS.
+   * You can find this verification key (or a JWKS endpoint) in the Privy dashboard.
+   * @see {@link createRemoteJWKSet}
+   * @see {@link importSPKI}
+   */
+  verification_key: CryptoKey | JWTVerifyGetKey | string;
+};
+
+/**
+ * @deprecated Use `VerifyAccessTokenInput` instead.
+ */
 export type VerifyAuthTokenInput = {
   /** The authentication token to verify. */
   auth_token: string;
@@ -28,7 +45,7 @@ export type VerifyAuthTokenInput = {
   verification_key: CryptoKey | JWTVerifyGetKey | string;
 };
 
-export type VerifyAuthTokenResponse = {
+export type VerifyAccessTokenResponse = {
   /** The Privy app ID for which the token was issued. */
   app_id: string;
   /** The issuer of the token. */
@@ -43,6 +60,11 @@ export type VerifyAuthTokenResponse = {
   user_id: string;
 };
 
+/**
+ * @deprecated Use `VerifyAccessTokenResponse` instead.
+ */
+export type VerifyAuthTokenResponse = VerifyAccessTokenResponse;
+
 /**
  * Verifies a JWT issued by privy.io for the given app ID.
  * This serves both auth tokens and identity tokens.
@@ -76,21 +98,21 @@ async function verifyPrivyIssuedJwt(
 }
 
 /**
- * Verifies a Privy-issued authentication token.
+ * Verifies a Privy-issued access token.
  *
  * @returns The payload of the token if it is valid.
  * @throws If the token is invalid.
  */
-export async function verifyAuthToken({
-  auth_token: authToken,
+export async function verifyAccessToken({
+  access_token: accessToken,
   app_id: appId,
   verification_key: verificationKeyOrString,
-}: VerifyAuthTokenInput): Promise<VerifyAuthTokenResponse> {
+}: VerifyAccessTokenInput): Promise<VerifyAccessTokenResponse> {
   const verificationKey =
     typeof verificationKeyOrString === 'string' ?
       await importSPKI(verificationKeyOrString, JWT_ALGORITHM)
     : verificationKeyOrString;
-  const verifiedToken = await verifyPrivyIssuedJwt(authToken, appId, verificationKey);
+  const verifiedToken = await verifyPrivyIssuedJwt(accessToken, appId, verificationKey);
   return {
     app_id: throwIfNotString(verifiedToken.payload.aud),
     issuer: throwIfNotString(verifiedToken.payload.iss),
@@ -101,6 +123,20 @@ export async function verifyAuthToken({
   };
 }
 
+/**
+ * Verifies a Privy-issued authentication token.
+ *
+ * @returns The payload of the token if it is valid.
+ * @throws If the token is invalid.
+ * @deprecated Use `verifyAccessToken` instead.
+ */
+export const verifyAuthToken = ({
+  auth_token,
+  app_id,
+  verification_key,
+}: VerifyAuthTokenInput): Promise<VerifyAuthTokenResponse> =>
+  verifyAccessToken({ access_token: auth_token, app_id, verification_key });
+
 export type VerifyIdentityTokenInput = {
   /** The identity token to verify. */
   identity_token: string;

package/src/lib/cryptography.ts

@@ -2,6 +2,74 @@ import { Chacha20Poly1305 } from '@hpke/chacha20poly1305';
 import { CipherSuite, DhkemP256HkdfSha256, HkdfSha256 } from '@hpke/core';
 import { p256 } from '@noble/curves/nist';
 import type { PrivKey } from '@noble/curves/utils';
+import { toBase64 } from '../internal/utils/base64';
+
+/**
+ * Returns the runtime's `SubtleCrypto` implementation.
+ *
+ * We rely on `globalThis.crypto.subtle` for broad runtime support (Node.js 20+, Deno, Bun, Workers/Edge).
+ *
+ * @internal
+ */
+function getSubtleCrypto(): typeof globalThis.crypto.subtle {
+  const subtle = (globalThis as any).crypto?.subtle;
+  if (!subtle) {
+    throw new Error(
+      '`crypto.subtle` is not defined as a global; Either run in a runtime that provides WebCrypto, or polyfill `globalThis.crypto`',
+    );
+  }
+  return subtle;
+}
+
+export interface P256KeyPair {
+  /**
+   * The base64-encoded SPKI-formatted public key, with no PEM headers.
+   *
+   * This is the format accepted by Privy when specifying a P-256 public key owner.
+   */
+  publicKey: string;
+  /**
+   * The base64-encoded PKCS8-formatted private key, with no PEM headers.
+   *
+   * This is the format accepted by {@link AuthorizationContext.authorization_private_keys} and
+   * {@link generateAuthorizationSignature}.
+   */
+  privateKey: string;
+}
+
+/**
+ * Generates a P-256 key pair suitable for Privy resource ownership and request
+ * authorization signing.
+ *
+ * @returns A P-256 key pair, in base64-encoded DER format.
+ *
+ * @example
+ * const keypair = await generateP256KeyPair();
+ * const wallet = await privy.wallets().create({
+ *   chain_type: '...',
+ *   owner: { public_key: keypair.publicKey },
+ * });
+ * const response = await privy.wallets().rawSign(wallet.id, {
+ *   params: { hash: '...' },
+ *   authorization_context: {
+ *     authorization_private_keys: [keypair.privateKey]
+ *   },
+ * });
+ */
+export async function generateP256KeyPair(): Promise<P256KeyPair> {
+  const subtle = getSubtleCrypto();
+  const keyPair = await subtle.generateKey({ name: 'ECDSA', namedCurve: 'P-256' }, true, ['sign', 'verify']);
+
+  const [publicKeyDer, privateKeyDer] = await Promise.all([
+    subtle.exportKey('spki', keyPair.publicKey),
+    subtle.exportKey('pkcs8', keyPair.privateKey),
+  ]);
+
+  return {
+    publicKey: toBase64(new Uint8Array(publicKeyDer)),
+    privateKey: toBase64(new Uint8Array(privateKeyDer)),
+  };
+}
 
 /**
  * Imports a P-256 private key for use with the `@noble/curves` library.
@@ -53,7 +121,8 @@ export async function setupHPKERecipient(): Promise<HPKERecipient> {
   });
 
   const keypair = await suite.kem.generateKeyPair();
-  const publicKeySpki = await crypto.subtle.exportKey('spki', keypair.publicKey);
+  const subtle = getSubtleCrypto();
+  const publicKeySpki = await subtle.exportKey('spki', keypair.publicKey);
 
   return {
     publicKeySpki: new Uint8Array(publicKeySpki),
@@ -113,5 +182,5 @@ export async function setupHPKESender(): Promise<HPKESender> {
 }
 
 /** This prefix is no longer used, but we need to support existing keys */
-export const WALLET_API_PRIVATE_KEY_PREFIX = 'wallet-api:';
-export const AUTHORIZATION_PRIVATE_KEY_PREFIX = 'wallet-auth:';
+const WALLET_API_PRIVATE_KEY_PREFIX = 'wallet-api:';
+const AUTHORIZATION_PRIVATE_KEY_PREFIX = 'wallet-auth:';

package/src/lib/identity-token.ts

@@ -1,5 +1,26 @@
 import { JWTPayload } from 'jose';
-import { User, LinkedAccount, LinkedAccountSmartWallet, LinkedAccountEmbeddedWallet } from '../resources';
+import {
+  User,
+  LinkedAccount,
+  LinkedAccountSmartWallet,
+  LinkedAccountEmbeddedWallet,
+  LinkedAccountEmail,
+  LinkedAccountPhone,
+  LinkedAccountFarcaster,
+  LinkedAccountGoogleOAuth,
+  LinkedAccountTwitterOAuth,
+  LinkedAccountDiscordOAuth,
+  LinkedAccountGitHubOAuth,
+  LinkedAccountSpotifyOAuth,
+  LinkedAccountInstagramOAuth,
+  LinkedAccountTiktokOAuth,
+  LinkedAccountLinkedInOAuth,
+  LinkedAccountAppleOAuth,
+  LinkedAccountCrossApp,
+  LinkedAccountCustomJwt,
+  LinkedAccountTelegram,
+  LinkedAccountPasskey,
+} from '../resources';
 import { PrivyAPIError } from '../error';
 import { ExternalWalletLinkedAccount } from './user-utils';
 
@@ -48,7 +69,7 @@ function mapIdLinkedAccountToUserLinkedAccount(account: any): LinkedAccount | nu
       first_verified_at: null,
       verified_at: account.lv,
       latest_verified_at: account.lv,
-    } satisfies LinkedAccount.LinkedAccountEmail;
+    } satisfies LinkedAccountEmail;
   }
   if (account.type === 'phone') {
     return {
@@ -57,7 +78,7 @@ function mapIdLinkedAccountToUserLinkedAccount(account: any): LinkedAccount | nu
       first_verified_at: null,
       verified_at: account.lv,
       latest_verified_at: account.lv,
-    } satisfies LinkedAccount.LinkedAccountPhone;
+    } satisfies LinkedAccountPhone;
   }
 
   // Parses all wallet types
@@ -113,7 +134,7 @@ function mapIdLinkedAccountToUserLinkedAccount(account: any): LinkedAccount | nu
       verified_at: account.lv,
       latest_verified_at: account.lv,
       owner_address: account.oa,
-    } satisfies LinkedAccount.LinkedAccountFarcaster;
+    } satisfies LinkedAccountFarcaster;
   }
   if (account.type === 'google_oauth') {
     return {
@@ -124,7 +145,7 @@ function mapIdLinkedAccountToUserLinkedAccount(account: any): LinkedAccount | nu
       first_verified_at: null,
       verified_at: account.lv,
       latest_verified_at: account.lv,
-    } satisfies LinkedAccount.LinkedAccountGoogleOAuth;
+    } satisfies LinkedAccountGoogleOAuth;
   }
   if (account.type === 'twitter_oauth') {
     // We send along three potential URL shapes here based on possible profile picture URLs, all
@@ -148,7 +169,7 @@ function mapIdLinkedAccountToUserLinkedAccount(account: any): LinkedAccount | nu
       first_verified_at: null,
       verified_at: account.lv,
       latest_verified_at: account.lv,
-    } satisfies LinkedAccount.LinkedAccountTwitterOAuth;
+    } satisfies LinkedAccountTwitterOAuth;
   }
   if (account.type === 'discord_oauth') {
     return {
@@ -159,7 +180,7 @@ function mapIdLinkedAccountToUserLinkedAccount(account: any): LinkedAccount | nu
       first_verified_at: null,
       verified_at: account.lv,
       latest_verified_at: account.lv,
-    } satisfies LinkedAccount.LinkedAccountDiscordOAuth;
+    } satisfies LinkedAccountDiscordOAuth;
   }
   if (account.type === 'github_oauth') {
     return {
@@ -171,7 +192,7 @@ function mapIdLinkedAccountToUserLinkedAccount(account: any): LinkedAccount | nu
       first_verified_at: null,
       verified_at: account.lv,
       latest_verified_at: account.lv,
-    } satisfies LinkedAccount.LinkedAccountGitHubOAuth;
+    } satisfies LinkedAccountGitHubOAuth;
   }
   if (account.type === 'spotify_oauth') {
     return {
@@ -182,7 +203,7 @@ function mapIdLinkedAccountToUserLinkedAccount(account: any): LinkedAccount | nu
       first_verified_at: null,
       verified_at: account.lv,
       latest_verified_at: account.lv,
-    } satisfies LinkedAccount.LinkedAccountSpotifyOAuth;
+    } satisfies LinkedAccountSpotifyOAuth;
   }
   if (account.type === 'instagram_oauth') {
     return {
@@ -192,7 +213,7 @@ function mapIdLinkedAccountToUserLinkedAccount(account: any): LinkedAccount | nu
       first_verified_at: null,
       verified_at: account.lv,
       latest_verified_at: account.lv,
-    } satisfies LinkedAccount.LinkedAccountInstagramOAuth;
+    } satisfies LinkedAccountInstagramOAuth;
   }
   if (account.type === 'tiktok_oauth') {
     return {
@@ -203,7 +224,7 @@ function mapIdLinkedAccountToUserLinkedAccount(account: any): LinkedAccount | nu
       first_verified_at: null,
       verified_at: account.lv,
       latest_verified_at: account.lv,
-    } satisfies LinkedAccount.LinkedAccountTiktokOAuth;
+    } satisfies LinkedAccountTiktokOAuth;
   }
   if (account.type === 'linkedin_oauth') {
     return {
@@ -213,7 +234,7 @@ function mapIdLinkedAccountToUserLinkedAccount(account: any): LinkedAccount | nu
       first_verified_at: null,
       verified_at: account.lv,
       latest_verified_at: account.lv,
-    } satisfies LinkedAccount.LinkedAccountLinkedInOAuth;
+    } satisfies LinkedAccountLinkedInOAuth;
   }
   if (account.type === 'apple_oauth') {
     return {
@@ -223,7 +244,7 @@ function mapIdLinkedAccountToUserLinkedAccount(account: any): LinkedAccount | nu
       first_verified_at: null,
       verified_at: account.lv,
       latest_verified_at: account.lv,
-    } satisfies LinkedAccount.LinkedAccountAppleOAuth;
+    } satisfies LinkedAccountAppleOAuth;
   }
   if (account.type === 'cross_app') {
     return {
@@ -235,7 +256,7 @@ function mapIdLinkedAccountToUserLinkedAccount(account: any): LinkedAccount | nu
       first_verified_at: null,
       verified_at: account.lv,
       latest_verified_at: account.lv,
-    } satisfies LinkedAccount.LinkedAccountCrossApp;
+    } satisfies LinkedAccountCrossApp;
   }
   if (account.type === 'custom_auth') {
     return {
@@ -244,7 +265,7 @@ function mapIdLinkedAccountToUserLinkedAccount(account: any): LinkedAccount | nu
       first_verified_at: null,
       verified_at: account.lv,
       latest_verified_at: account.lv,
-    } satisfies LinkedAccount.LinkedAccountCustomJwt;
+    } satisfies LinkedAccountCustomJwt;
   }
 
   if (account.type === 'telegram') {
@@ -255,8 +276,7 @@ function mapIdLinkedAccountToUserLinkedAccount(account: any): LinkedAccount | nu
       first_verified_at: null,
       verified_at: account.lv,
       latest_verified_at: account.lv,
-      telegramUserId: account.telegram_user_id,
-    } satisfies LinkedAccount.LinkedAccountTelegram;
+    } satisfies LinkedAccountTelegram;
   }
 
   if (account.type === 'passkey') {
@@ -267,7 +287,7 @@ function mapIdLinkedAccountToUserLinkedAccount(account: any): LinkedAccount | nu
       verified_at: account.lv,
       latest_verified_at: account.lv,
       enrolled_in_mfa: false, // not a part of the identity token
-    } satisfies LinkedAccount.LinkedAccountPasskey;
+    } satisfies LinkedAccountPasskey;
   }
 
   return null;

package/src/public-api/services/utils/auth.ts

@@ -1,7 +1,8 @@
 import { PrivyAPI } from '../../../client';
 import {
   PrivyAppJWKS,
-  verifyAuthToken,
+  verifyAccessToken,
+  VerifyAccessTokenResponse,
   VerifyAuthTokenResponse,
   verifyIdentityToken,
 } from '../../../lib/auth';
@@ -17,20 +18,32 @@ export class PrivyAuthUtils {
   }
 
   /**
-   * Verifies the authentication token, and returns the payload if it is valid.
+   * Verifies the access token, and returns the payload if it is valid.
    *
-   * @param authToken - The authentication token to verify.
+   * @param accessToken - The access token to verify.
    * @returns The payload of the token if it is valid.
    * @throws If the token is invalid.
    */
-  public async verifyAuthToken(authToken: string): Promise<VerifyAuthTokenResponse> {
-    return verifyAuthToken({
-      auth_token: authToken,
+  public async verifyAccessToken(accessToken: string): Promise<VerifyAccessTokenResponse> {
+    return verifyAccessToken({
+      access_token: accessToken,
       app_id: this.privyAppID,
       verification_key: this.appJwks,
     });
   }
 
+  /**
+   * Verifies the authentication token, and returns the payload if it is valid.
+   *
+   * @param authToken - The authentication token to verify.
+   * @returns The payload of the token if it is valid.
+   * @throws If the token is invalid.
+   * @deprecated Use `verifyAccessToken` instead.
+   */
+  public async verifyAuthToken(authToken: string): Promise<VerifyAuthTokenResponse> {
+    return this.verifyAccessToken(authToken);
+  }
+
   public async verifyIdentityToken(identityToken: string): Promise<User> {
     return verifyIdentityToken({
       identity_token: identityToken,