npm - @swype-org/react-sdk - Versions diffs - 0.1.85 → 0.1.87 - Mend

@swype-org/react-sdk 0.1.85 → 0.1.87

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.cts CHANGED Viewed

@@ -189,11 +189,13 @@ interface UserConfig {
     passkey?: {
         credentialId: string;
         publicKey: string;
+        lastVerificationToken?: string | null;
     } | null;
     /** All registered WebAuthn passkey credentials for this user */
     passkeys?: {
         credentialId: string;
         publicKey: string;
+        lastVerificationToken?: string | null;
     }[];
 }
 /** Theme mode */
@@ -321,6 +323,13 @@ declare function fetchAuthorizationSession(apiBaseUrl: string, sessionId: string
  * POST /v1/users/config/passkey
  */
 declare function registerPasskey(apiBaseUrl: string, token: string, credentialId: string, publicKey: string): Promise<void>;
+/**
+ * Reports passkey activity (verification) to update the last_active
+ * timestamp server-side. Fire-and-forget — callers should not block on
+ * the result.
+ * PATCH /v1/users/config/passkey
+ */
+declare function reportPasskeyActivity(apiBaseUrl: string, token: string, credentialId: string): Promise<void>;
 /**
  * Fetches the authenticated user's config, including passkey status.
  * GET /v1/users/config
@@ -355,11 +364,12 @@ declare const api_fetchTransfer: typeof fetchTransfer;
 declare const api_fetchUserConfig: typeof fetchUserConfig;
 declare const api_registerPasskey: typeof registerPasskey;
 declare const api_reportActionCompletion: typeof reportActionCompletion;
+declare const api_reportPasskeyActivity: typeof reportPasskeyActivity;
 declare const api_signTransfer: typeof signTransfer;
 declare const api_updateUserConfig: typeof updateUserConfig;
 declare const api_updateUserConfigBySession: typeof updateUserConfigBySession;
 declare namespace api {
-  export { type api_CreateTransferParams as CreateTransferParams, api_createTransfer as createTransfer, api_fetchAccounts as fetchAccounts, api_fetchAuthorizationSession as fetchAuthorizationSession, api_fetchChains as fetchChains, api_fetchMerchantPublicKey as fetchMerchantPublicKey, api_fetchProviders as fetchProviders, api_fetchTransfer as fetchTransfer, api_fetchUserConfig as fetchUserConfig, api_registerPasskey as registerPasskey, api_reportActionCompletion as reportActionCompletion, api_signTransfer as signTransfer, api_updateUserConfig as updateUserConfig, api_updateUserConfigBySession as updateUserConfigBySession };
+  export { type api_CreateTransferParams as CreateTransferParams, api_createTransfer as createTransfer, api_fetchAccounts as fetchAccounts, api_fetchAuthorizationSession as fetchAuthorizationSession, api_fetchChains as fetchChains, api_fetchMerchantPublicKey as fetchMerchantPublicKey, api_fetchProviders as fetchProviders, api_fetchTransfer as fetchTransfer, api_fetchUserConfig as fetchUserConfig, api_registerPasskey as registerPasskey, api_reportActionCompletion as reportActionCompletion, api_reportPasskeyActivity as reportPasskeyActivity, api_signTransfer as signTransfer, api_updateUserConfig as updateUserConfig, api_updateUserConfigBySession as updateUserConfigBySession };
 }
 interface SwypePaymentProps {
@@ -458,6 +468,12 @@ interface PasskeyVerifyPopupOptions {
     rpId: string;
     /** Populated by `findDevicePasskeyViaPopup`; not set by callers. */
     channelId?: string;
+    /** Populated by `findDevicePasskeyViaPopup`; not set by callers. */
+    verificationToken?: string;
+    /** Privy JWT so the popup can report verification server-side. */
+    authToken?: string;
+    /** Core API base URL for server-side passkey activity reporting. */
+    apiBaseUrl?: string;
 }
 /**
  * Opens a same-origin pop-up window on the Swype domain to check whether
@@ -467,6 +483,11 @@ interface PasskeyVerifyPopupOptions {
  * inside a cross-origin iframe. The popup runs on the Swype domain where
  * the rpId matches, so WebAuthn works.
  *
+ * When `authToken` and `apiBaseUrl` are provided, the popup also writes a
+ * verification token to the backend. If Safari's ITP blocks both
+ * BroadcastChannel and window.opener.postMessage, the opener falls back to
+ * checking the server for the matching token after the popup closes.
+ *
  * Must be called from a user-gesture handler (e.g. button click) to
  * avoid the browser's pop-up blocker.
  *

package/dist/index.d.ts CHANGED Viewed

@@ -189,11 +189,13 @@ interface UserConfig {
     passkey?: {
         credentialId: string;
         publicKey: string;
+        lastVerificationToken?: string | null;
     } | null;
     /** All registered WebAuthn passkey credentials for this user */
     passkeys?: {
         credentialId: string;
         publicKey: string;
+        lastVerificationToken?: string | null;
     }[];
 }
 /** Theme mode */
@@ -321,6 +323,13 @@ declare function fetchAuthorizationSession(apiBaseUrl: string, sessionId: string
  * POST /v1/users/config/passkey
  */
 declare function registerPasskey(apiBaseUrl: string, token: string, credentialId: string, publicKey: string): Promise<void>;
+/**
+ * Reports passkey activity (verification) to update the last_active
+ * timestamp server-side. Fire-and-forget — callers should not block on
+ * the result.
+ * PATCH /v1/users/config/passkey
+ */
+declare function reportPasskeyActivity(apiBaseUrl: string, token: string, credentialId: string): Promise<void>;
 /**
  * Fetches the authenticated user's config, including passkey status.
  * GET /v1/users/config
@@ -355,11 +364,12 @@ declare const api_fetchTransfer: typeof fetchTransfer;
 declare const api_fetchUserConfig: typeof fetchUserConfig;
 declare const api_registerPasskey: typeof registerPasskey;
 declare const api_reportActionCompletion: typeof reportActionCompletion;
+declare const api_reportPasskeyActivity: typeof reportPasskeyActivity;
 declare const api_signTransfer: typeof signTransfer;
 declare const api_updateUserConfig: typeof updateUserConfig;
 declare const api_updateUserConfigBySession: typeof updateUserConfigBySession;
 declare namespace api {
-  export { type api_CreateTransferParams as CreateTransferParams, api_createTransfer as createTransfer, api_fetchAccounts as fetchAccounts, api_fetchAuthorizationSession as fetchAuthorizationSession, api_fetchChains as fetchChains, api_fetchMerchantPublicKey as fetchMerchantPublicKey, api_fetchProviders as fetchProviders, api_fetchTransfer as fetchTransfer, api_fetchUserConfig as fetchUserConfig, api_registerPasskey as registerPasskey, api_reportActionCompletion as reportActionCompletion, api_signTransfer as signTransfer, api_updateUserConfig as updateUserConfig, api_updateUserConfigBySession as updateUserConfigBySession };
+  export { type api_CreateTransferParams as CreateTransferParams, api_createTransfer as createTransfer, api_fetchAccounts as fetchAccounts, api_fetchAuthorizationSession as fetchAuthorizationSession, api_fetchChains as fetchChains, api_fetchMerchantPublicKey as fetchMerchantPublicKey, api_fetchProviders as fetchProviders, api_fetchTransfer as fetchTransfer, api_fetchUserConfig as fetchUserConfig, api_registerPasskey as registerPasskey, api_reportActionCompletion as reportActionCompletion, api_reportPasskeyActivity as reportPasskeyActivity, api_signTransfer as signTransfer, api_updateUserConfig as updateUserConfig, api_updateUserConfigBySession as updateUserConfigBySession };
 }
 interface SwypePaymentProps {
@@ -458,6 +468,12 @@ interface PasskeyVerifyPopupOptions {
     rpId: string;
     /** Populated by `findDevicePasskeyViaPopup`; not set by callers. */
     channelId?: string;
+    /** Populated by `findDevicePasskeyViaPopup`; not set by callers. */
+    verificationToken?: string;
+    /** Privy JWT so the popup can report verification server-side. */
+    authToken?: string;
+    /** Core API base URL for server-side passkey activity reporting. */
+    apiBaseUrl?: string;
 }
 /**
  * Opens a same-origin pop-up window on the Swype domain to check whether
@@ -467,6 +483,11 @@ interface PasskeyVerifyPopupOptions {
  * inside a cross-origin iframe. The popup runs on the Swype domain where
  * the rpId matches, so WebAuthn works.
  *
+ * When `authToken` and `apiBaseUrl` are provided, the popup also writes a
+ * verification token to the backend. If Safari's ITP blocks both
+ * BroadcastChannel and window.opener.postMessage, the opener falls back to
+ * checking the server for the matching token after the popup closes.
+ *
  * Must be called from a user-gesture handler (e.g. button click) to
  * avoid the browser's pop-up blocker.
  *

package/dist/index.js CHANGED Viewed

@@ -164,6 +164,7 @@ __export(api_exports, {
   fetchUserConfig: () => fetchUserConfig,
   registerPasskey: () => registerPasskey,
   reportActionCompletion: () => reportActionCompletion,
+  reportPasskeyActivity: () => reportPasskeyActivity,
   signTransfer: () => signTransfer,
   updateUserConfig: () => updateUserConfig,
   updateUserConfigBySession: () => updateUserConfigBySession
@@ -286,6 +287,17 @@ async function registerPasskey(apiBaseUrl, token, credentialId, publicKey) {
   });
   if (!res.ok) await throwApiError(res);
 }
+async function reportPasskeyActivity(apiBaseUrl, token, credentialId) {
+  const res = await fetch(`${apiBaseUrl}/v1/users/config/passkey`, {
+    method: "PATCH",
+    headers: {
+      "Content-Type": "application/json",
+      Authorization: `Bearer ${token}`
+    },
+    body: JSON.stringify({ credentialId })
+  });
+  if (!res.ok) await throwApiError(res);
+}
 async function fetchUserConfig(apiBaseUrl, token) {
   const res = await fetch(`${apiBaseUrl}/v1/users/config`, {
     headers: { Authorization: `Bearer ${token}` }
@@ -789,7 +801,12 @@ var VERIFY_POPUP_TIMEOUT_MS = 6e4;
 function findDevicePasskeyViaPopup(options) {
   return new Promise((resolve, reject) => {
     const channelId = `swype-pv-${Date.now()}-${Math.random().toString(36).slice(2)}`;
-    const payload = { ...options, channelId };
+    const verificationToken = crypto.randomUUID();
+    const payload = {
+      ...options,
+      channelId,
+      verificationToken
+    };
     const encoded = btoa(JSON.stringify(payload));
     const popupUrl = `${window.location.origin}/passkey-verify#${encoded}`;
     const popup = window.open(popupUrl, "swype-passkey-verify");
@@ -809,7 +826,15 @@ function findDevicePasskeyViaPopup(options) {
         setTimeout(() => {
           if (!settled) {
             cleanup();
-            resolve(null);
+            checkServerForVerifiedPasskey(
+              options.authToken,
+              options.apiBaseUrl,
+              verificationToken
+            ).then((credentialId) => {
+              resolve(credentialId);
+            }).catch(() => {
+              resolve(null);
+            });
           }
         }, POPUP_CLOSED_GRACE_MS);
       }
@@ -845,6 +870,17 @@ function findDevicePasskeyViaPopup(options) {
     }
   });
 }
+async function checkServerForVerifiedPasskey(authToken, apiBaseUrl, verificationToken) {
+  if (!authToken || !apiBaseUrl) return null;
+  const res = await fetch(`${apiBaseUrl}/v1/users/config`, {
+    headers: { Authorization: `Bearer ${authToken}` }
+  });
+  if (!res.ok) return null;
+  const body = await res.json();
+  const passkeys = body.config.passkeys ?? [];
+  const matched = passkeys.find((p) => p.lastVerificationToken === verificationToken);
+  return matched?.credentialId ?? null;
+}
 async function checkServerForNewPasskey(authToken, apiBaseUrl, existingCredentialIds) {
   if (!authToken || !apiBaseUrl) return null;
   const res = await fetch(`${apiBaseUrl}/v1/users/config`, {
@@ -5049,6 +5085,8 @@ function SwypePaymentInner({
         if (matched) {
           setActiveCredentialId(matched);
           window.localStorage.setItem(ACTIVE_CREDENTIAL_STORAGE_KEY, matched);
+          reportPasskeyActivity(apiBaseUrl, token, matched).catch(() => {
+          });
           await restoreOrDeposit(matched, token);
           return;
         }
@@ -5574,13 +5612,20 @@ function SwypePaymentInner({
     setVerifyingPasskeyPopup(true);
     setError(null);
     try {
+      const token = await getAccessToken();
       const matched = await findDevicePasskeyViaPopup({
         credentialIds: knownCredentialIds,
-        rpId: resolvePasskeyRpId()
+        rpId: resolvePasskeyRpId(),
+        authToken: token ?? void 0,
+        apiBaseUrl
       });
       if (matched) {
         setActiveCredentialId(matched);
         window.localStorage.setItem(ACTIVE_CREDENTIAL_STORAGE_KEY, matched);
+        if (token) {
+          reportPasskeyActivity(apiBaseUrl, token, matched).catch(() => {
+          });
+        }
         setStep("login");
       } else {
         setStep("create-passkey");
@@ -5590,7 +5635,7 @@ function SwypePaymentInner({
     } finally {
       setVerifyingPasskeyPopup(false);
     }
-  }, [knownCredentialIds]);
+  }, [knownCredentialIds, getAccessToken, apiBaseUrl]);
   const handleSelectProvider = useCallback((providerId) => {
     setSelectedProviderId(providerId);
     setSelectedAccountId(null);