@turnkey/core 1.2.0 → 1.4.0

package/dist/__clients__/core.mjs

@@ -1,8 +1,8 @@
 import { TurnkeySDKClientBase } from '../__generated__/sdk-client-base.mjs';
-import { TurnkeyErrorCodes, TurnkeyError, TurnkeyNetworkError, AuthAction } from '@turnkey/sdk-types';
+import { TurnkeyErrorCodes, TurnkeyError, AuthAction } from '@turnkey/sdk-types';
 import { DEFAULT_SESSION_EXPIRATION_IN_SECONDS } from '../__types__/auth.mjs';
 import { SessionKey, StamperType, WalletSource, Chain, FilterType, OtpTypeToFilterTypeMap, OtpType, Curve, SignIntent } from '../__types__/enums.mjs';
-import { withTurnkeyErrorHandling, isValidPasskeyName, isWeb, isReactNative, buildSignUpBody, findWalletProviderFromAddress, addressFromPublicKey, getCurveTypeFromProvider, getPublicKeyFromStampHeader, mapAccountsToWallet, toExternalTimestamp, getAuthenticatorAddresses, isEthereumProvider, isSolanaProvider, getActiveSessionOrThrowIfRequired, getHashFunction, getEncodingType, getEncodedMessage, splitSignature, broadcastTransaction, getPolicySignature, googleISS, isWalletAccountArray, generateWalletAccountsFromAddressFormat } from '../utils.mjs';
+import { withTurnkeyErrorHandling, isValidPasskeyName, isWeb, isReactNative, buildSignUpBody, findWalletProviderFromAddress, getPublicKeyFromStampHeader, addressFromPublicKey, getCurveTypeFromProvider, sendSignedRequest, fetchAllWalletAccountsWithCursor, mapAccountsToWallet, toExternalTimestamp, getAuthenticatorAddresses, isEthereumProvider, isSolanaProvider, getActiveSessionOrThrowIfRequired, getHashFunction, getEncodingType, getEncodedMessage, splitSignature, broadcastTransaction, getPolicySignature, googleISS, isWalletAccountArray, generateWalletAccountsFromAddressFormat } from '../utils.mjs';
 import { createStorageManager } from '../__storage__/base.mjs';
 import { CrossPlatformApiKeyStamper } from '../__stampers__/api/base.mjs';
 import { CrossPlatformPasskeyStamper } from '../__stampers__/passkey/base.mjs';
@@ -15,6 +15,41 @@ class TurnkeyClient {
     constructor(config, 
     // Users can pass in their own stampers, or we will create them. Should we remove this?
     apiKeyStamper, passkeyStamper, walletManager) {
+        /**
+         * Creates a new TurnkeySDKClientBase instance with the provided configuration.
+         * This method is used internally to create the HTTP client for making API requests,
+         * but can also be used to create an additional client with different configurations if needed.
+         * By default, it uses the configuration provided during the TurnkeyClient initialization.
+         *
+         * @param params - Optional configuration parameters to override the default client configuration.
+         * @param params.apiBaseUrl - The base URL of the Turnkey API (defaults to `https://api.turnkey.com` if not provided).
+         * @param params.organizationId - The organization ID to associate requests with.
+         * @param params.authProxyUrl - The base URL of the Auth Proxy (defaults to `https://authproxy.turnkey.com` if not provided).
+         * @param params.authProxyConfigId - The configuration ID to use when making Auth Proxy requests.
+         * @param params.defaultStamperType - The default stamper type to use for signing requests
+         *   (overrides automatic detection of ApiKey, Passkey, or Wallet stampers).
+         *
+         * @returns A new instance of {@link TurnkeySDKClientBase} configured with the provided parameters.
+         */
+        this.createHttpClient = (params) => {
+            // We can comfortably default to the prod urls here
+            const apiBaseUrl = params?.apiBaseUrl || this.config.apiBaseUrl || "https://api.turnkey.com";
+            const authProxyUrl = params?.authProxyUrl ||
+                this.config.authProxyUrl ||
+                "https://authproxy.turnkey.com";
+            const organizationId = params?.organizationId || this.config.organizationId;
+            return new TurnkeySDKClientBase({
+                ...this.config,
+                ...params,
+                apiBaseUrl,
+                authProxyUrl,
+                organizationId,
+                apiKeyStamper: this.apiKeyStamper,
+                passkeyStamper: this.passkeyStamper,
+                walletStamper: this.walletManager?.stamper,
+                storageManager: this.storageManager,
+            });
+        };
         /**
          * Creates a new passkey authenticator for the user.
          *
@@ -377,6 +412,105 @@ class TurnkeyClient {
                 errorCode: TurnkeyErrorCodes.SWITCH_WALLET_CHAIN_ERROR,
             });
         };
+        /**
+         * Builds and signs a wallet login request without submitting it to Turnkey.
+         *
+         * - This function prepares a signed request for wallet authentication, which can later be used
+         *   to log in or sign up a user with Turnkey.
+         * - It initializes the wallet stamper, ensures a valid session public key (generating one if needed),
+         *   and signs the login intent with the connected wallet.
+         * - For Ethereum wallets, derives the public key from the stamped request header.
+         * - For Solana wallets, retrieves the public key directly from the connected wallet.
+         * - The signed request is not sent to Turnkey immediately; it is meant to be used in a subsequent flow
+         *   (e.g., `loginOrSignupWithWallet`) where sub-organization existence is verified or created first.
+         *
+         * @param params.walletProvider - the wallet provider used for authentication and signing.
+         * @param params.publicKey - optional pre-generated session public key (auto-generated if not provided).
+         * @param params.expirationSeconds - optional session expiration time in seconds (defaults to the configured default).
+         * @returns A promise resolving to an object containing:
+         *          - `signedRequest`: the signed wallet login request.
+         *          - `publicKey`: the public key associated with the signed request.
+         * @throws {TurnkeyError} If the wallet stamper is not initialized, the signing process fails,
+         *                        or the public key cannot be derived or generated.
+         */
+        this.buildWalletLoginRequest = async (params) => {
+            const { walletProvider, publicKey: providedPublicKey } = params;
+            const expirationSeconds = params.expirationSeconds || DEFAULT_SESSION_EXPIRATION_IN_SECONDS;
+            let generatedPublicKey = undefined;
+            return withTurnkeyErrorHandling(async () => {
+                if (!this.walletManager?.stamper) {
+                    throw new TurnkeyError("Wallet stamper is not initialized", TurnkeyErrorCodes.WALLET_MANAGER_COMPONENT_NOT_INITIALIZED);
+                }
+                const futureSessionPublicKey = providedPublicKey ??
+                    (generatedPublicKey = await this.apiKeyStamper?.createKeyPair());
+                if (!futureSessionPublicKey) {
+                    throw new TurnkeyError("Failed to find or generate a public key for building the wallet login request", TurnkeyErrorCodes.WALLET_BUILD_LOGIN_REQUEST_ERROR);
+                }
+                this.walletManager.stamper.setProvider(walletProvider.interfaceType, walletProvider);
+                // here we sign the request with the wallet, but we don't send it to Turnkey yet
+                // this is because we need to check if the subOrg exists first, and create one if it doesn't
+                // once we have the subOrg for the publicKey, we then can send the request to Turnkey
+                const signedRequest = await withTurnkeyErrorHandling(async () => {
+                    return this.httpClient.stampStampLogin({
+                        publicKey: futureSessionPublicKey,
+                        organizationId: this.config.organizationId,
+                        expirationSeconds,
+                    }, StamperType.Wallet);
+                }, {
+                    errorMessage: "Failed to create stamped request for wallet login",
+                    errorCode: TurnkeyErrorCodes.WALLET_BUILD_LOGIN_REQUEST_ERROR,
+                    customErrorsByMessages: {
+                        "WalletConnect: The connection request has expired. Please scan the QR code again.": {
+                            message: "Your WalletConnect session expired. Please scan the QR code again.",
+                            code: TurnkeyErrorCodes.WALLET_CONNECT_EXPIRED,
+                        },
+                        "Failed to sign the message": {
+                            message: "Wallet auth was cancelled by the user.",
+                            code: TurnkeyErrorCodes.CONNECT_WALLET_CANCELLED,
+                        },
+                    },
+                });
+                if (!signedRequest) {
+                    throw new TurnkeyError("Failed to create stamped request for wallet login", TurnkeyErrorCodes.BAD_RESPONSE);
+                }
+                let publicKey;
+                switch (walletProvider.chainInfo.namespace) {
+                    case Chain.Ethereum: {
+                        // for Ethereum, there is no way to get the public key from the wallet address
+                        // so we derive it from the signed request
+                        publicKey = getPublicKeyFromStampHeader(signedRequest.stamp.stampHeaderValue);
+                        break;
+                    }
+                    case Chain.Solana: {
+                        // for Solana, we can get the public key from the wallet address
+                        // since the wallet address is the public key
+                        // this doesn't require any action from the user as long as the wallet is connected
+                        // which it has to be since they just called stampStampLogin()
+                        publicKey = await this.walletManager.stamper.getPublicKey(walletProvider.interfaceType, walletProvider);
+                        break;
+                    }
+                    default:
+                        throw new TurnkeyError(`Unsupported interface type: ${walletProvider.interfaceType}`, TurnkeyErrorCodes.INVALID_REQUEST);
+                }
+                return {
+                    signedRequest,
+                    publicKey: publicKey,
+                };
+            }, {
+                errorCode: TurnkeyErrorCodes.WALLET_BUILD_LOGIN_REQUEST_ERROR,
+                errorMessage: "Failed to build wallet login request",
+                catchFn: async () => {
+                    if (generatedPublicKey) {
+                        try {
+                            await this.apiKeyStamper?.deleteKeyPair(generatedPublicKey);
+                        }
+                        catch (cleanupError) {
+                            throw new TurnkeyError(`Failed to clean up generated key pair`, TurnkeyErrorCodes.KEY_PAIR_CLEANUP_ERROR, cleanupError);
+                        }
+                    }
+                },
+            });
+        };
         /**
          * Logs in a user using the specified wallet provider.
          *
@@ -397,7 +531,7 @@ class TurnkeyClient {
          * @throws {TurnkeyError} If the wallet stamper is uninitialized, a public key cannot be found or generated, or login fails.
          */
         this.loginWithWallet = async (params) => {
-            let publicKey = params.publicKey || (await this.apiKeyStamper?.createKeyPair());
+            const publicKey = params.publicKey || (await this.apiKeyStamper?.createKeyPair());
             return withTurnkeyErrorHandling(async () => {
                 if (!this.walletManager?.stamper) {
                     throw new TurnkeyError("Wallet stamper is not initialized", TurnkeyErrorCodes.WALLET_MANAGER_COMPONENT_NOT_INITIALIZED);
@@ -544,6 +678,7 @@ class TurnkeyClient {
          * - Stores the resulting session token under the specified session key, or the default session key if not provided.
          *
          * @param params.walletProvider - wallet provider to use for authentication.
+         * @param params.publicKey - optional public key to associate with the session (generated if not provided).
          * @param params.createSubOrgParams - optional parameters for creating a sub-organization (e.g., authenticators, user metadata).
          * @param params.sessionKey - session key to use for storing the session (defaults to the default session key).
          * @param params.expirationSeconds - session expiration time in seconds (defaults to the configured default).
@@ -558,59 +693,8 @@ class TurnkeyClient {
             const createSubOrgParams = params.createSubOrgParams;
             const sessionKey = params.sessionKey || SessionKey.DefaultSessionkey;
             const walletProvider = params.walletProvider;
-            const expirationSeconds = params.expirationSeconds || DEFAULT_SESSION_EXPIRATION_IN_SECONDS;
-            let generatedPublicKey = undefined;
             return withTurnkeyErrorHandling(async () => {
-                if (!this.walletManager?.stamper) {
-                    throw new TurnkeyError("Wallet stamper is not initialized", TurnkeyErrorCodes.WALLET_MANAGER_COMPONENT_NOT_INITIALIZED);
-                }
-                generatedPublicKey = await this.apiKeyStamper?.createKeyPair();
-                this.walletManager.stamper.setProvider(walletProvider.interfaceType, walletProvider);
-                // here we sign the request with the wallet, but we don't send it to Turnkey yet
-                // this is because we need to check if the subOrg exists first, and create one if it doesn't
-                // once we have the subOrg for the publicKey, we then can send the request to Turnkey
-                const signedRequest = await withTurnkeyErrorHandling(async () => {
-                    return this.httpClient.stampStampLogin({
-                        publicKey: generatedPublicKey,
-                        organizationId: this.config.organizationId,
-                        expirationSeconds,
-                    }, StamperType.Wallet);
-                }, {
-                    errorMessage: "Failed to create stamped request for wallet login",
-                    errorCode: TurnkeyErrorCodes.WALLET_LOGIN_OR_SIGNUP_ERROR,
-                    customErrorsByMessages: {
-                        "WalletConnect: The connection request has expired. Please scan the QR code again.": {
-                            message: "Your WalletConnect session expired. Please scan the QR code again.",
-                            code: TurnkeyErrorCodes.WALLET_CONNECT_EXPIRED,
-                        },
-                        "Failed to sign the message": {
-                            message: "Wallet auth was cancelled by the user.",
-                            code: TurnkeyErrorCodes.CONNECT_WALLET_CANCELLED,
-                        },
-                    },
-                });
-                if (!signedRequest) {
-                    throw new TurnkeyError("Failed to create stamped request for wallet login", TurnkeyErrorCodes.BAD_RESPONSE);
-                }
-                let publicKey;
-                switch (walletProvider.chainInfo.namespace) {
-                    case Chain.Ethereum: {
-                        // for Ethereum, there is no way to get the public key from the wallet address
-                        // so we derive it from the signed request
-                        publicKey = getPublicKeyFromStampHeader(signedRequest.stamp.stampHeaderValue);
-                        break;
-                    }
-                    case Chain.Solana: {
-                        // for Solana, we can get the public key from the wallet address
-                        // since the wallet address is the public key
-                        // this doesn't require any action from the user as long as the wallet is connected
-                        // which it has to be since they just called stampStampLogin()
-                        publicKey = await this.walletManager.stamper.getPublicKey(walletProvider.interfaceType, walletProvider);
-                        break;
-                    }
-                    default:
-                        throw new TurnkeyError(`Unsupported interface type: ${walletProvider.interfaceType}`, TurnkeyErrorCodes.INVALID_REQUEST);
-                }
+                const { signedRequest, publicKey } = await this.buildWalletLoginRequest(params);
                 // here we check if the subOrg exists and create one
                 // then we send off the stamped request to Turnkey
                 const accountRes = await this.httpClient.proxyGetAccount({
@@ -641,20 +725,7 @@ class TurnkeyClient {
                     }
                 }
                 // now we can send the stamped request to Turnkey
-                const headers = {
-                    "Content-Type": "application/json",
-                    [signedRequest.stamp.stampHeaderName]: signedRequest.stamp.stampHeaderValue,
-                };
-                const res = await fetch(signedRequest.url, {
-                    method: "POST",
-                    headers,
-                    body: signedRequest.body,
-                });
-                if (!res.ok) {
-                    const errorText = await res.text();
-                    throw new TurnkeyNetworkError(`Stamped request failed`, res.status, TurnkeyErrorCodes.WALLET_LOGIN_AUTH_ERROR, errorText);
-                }
-                const sessionResponse = await res.json();
+                const sessionResponse = await sendSignedRequest(signedRequest);
                 const sessionToken = sessionResponse.activity.result.stampLoginResult?.session;
                 if (!sessionToken) {
                     throw new TurnkeyError("Session token not found in the response", TurnkeyErrorCodes.BAD_RESPONSE);
@@ -673,14 +744,6 @@ class TurnkeyClient {
                 errorCode: TurnkeyErrorCodes.WALLET_LOGIN_OR_SIGNUP_ERROR,
                 errorMessage: "Failed to log in or sign up with wallet",
                 catchFn: async () => {
-                    if (generatedPublicKey) {
-                        try {
-                            await this.apiKeyStamper?.deleteKeyPair(generatedPublicKey);
-                        }
-                        catch (cleanupError) {
-                            throw new TurnkeyError(`Failed to clean up generated key pair`, TurnkeyErrorCodes.KEY_PAIR_CLEANUP_ERROR, cleanupError);
-                        }
-                    }
                 },
             });
         };
@@ -1123,7 +1186,7 @@ class TurnkeyClient {
          * @throws {TurnkeyError} If no active session is found or if there is an error fetching wallets.
          */
         this.fetchWallets = async (params) => {
-            const { walletProviders, organizationId: organizationIdFromParams, userId: userIdFromParams, connectedOnly, stampWith, } = params || {};
+            const { walletProviders, organizationId: organizationIdFromParams, userId: userIdFromParams, connectedOnly, stampWith = this.config.defaultStamperType, } = params || {};
             const session = await this.storageManager.getActiveSession();
             if (!session && !connectedOnly) {
                 throw new TurnkeyError("No active session found. Fetching embedded wallets requires a valid session. If you only need connected wallets, set the 'connectedOnly' parameter to true.", TurnkeyErrorCodes.NO_SESSION_FOUND);
@@ -1145,16 +1208,10 @@ class TurnkeyClient {
                     if (!userId) {
                         throw new TurnkeyError("No user ID provided and no active session found. Please log in first or pass in a user ID.", TurnkeyErrorCodes.INVALID_REQUEST);
                     }
-                    const res = await this.httpClient.getWalletAccounts({
-                        organizationId,
-                        includeWalletDetails: true,
-                    }, stampWith);
+                    const accounts = await fetchAllWalletAccountsWithCursor(this.httpClient, organizationId, stampWith);
                     const walletsRes = await this.httpClient.getWallets({
                         organizationId,
                     }, stampWith);
-                    if (!res || !res.accounts) {
-                        throw new TurnkeyError("No wallet accounts found in the response", TurnkeyErrorCodes.BAD_RESPONSE);
-                    }
                     // create a map of walletId to EmbeddedWallet for easy lookup
                     const walletMap = new Map(walletsRes.wallets.map((wallet) => [
                         wallet.walletId,
@@ -1165,7 +1222,7 @@ class TurnkeyClient {
                         },
                     ]));
                     // map the accounts to their respective wallets
-                    embedded = mapAccountsToWallet(res.accounts, walletMap);
+                    embedded = mapAccountsToWallet(accounts, walletMap);
                 }
                 // if wallet connecting is disabled we return only embedded wallets
                 // this will never be hit if `connectedOnly` is true because of the check above
@@ -1238,7 +1295,7 @@ class TurnkeyClient {
          * @throws {TurnkeyError} If no active session is found or if there is an error fetching wallet accounts.
          */
         this.fetchWalletAccounts = async (params) => {
-            const { wallet, stampWith, walletProviders, paginationOptions } = params;
+            const { wallet, stampWith = this.config.defaultStamperType, walletProviders, paginationOptions, } = params;
             const session = await this.storageManager.getActiveSession();
             const organizationId = params?.organizationId || session?.organizationId;
             const userId = params?.userId || session?.userId;
@@ -1367,7 +1424,7 @@ class TurnkeyClient {
          * @throws {TurnkeyError} If no active session is found or if there is an error fetching private keys.
          */
         this.fetchPrivateKeys = async (params) => {
-            const { stampWith } = params || {};
+            const { stampWith = this.config.defaultStamperType } = params || {};
             const session = await getActiveSessionOrThrowIfRequired(stampWith, this.storageManager.getActiveSession);
             const organizationId = params?.organizationId || session?.organizationId;
             if (!organizationId) {
@@ -1423,7 +1480,7 @@ class TurnkeyClient {
          * @throws {TurnkeyError} If signing fails, the wallet type does not support message signing, or the response is invalid.
          */
         this.signMessage = async (params) => {
-            const { message, walletAccount, stampWith, addEthereumPrefix, organizationId, } = params;
+            const { message, walletAccount, stampWith = this.config.defaultStamperType, addEthereumPrefix, organizationId, } = params;
             const hashFunction = params.hashFunction || getHashFunction(walletAccount.addressFormat);
             const payloadEncoding = params.encoding || getEncodingType(walletAccount.addressFormat);
             return withTurnkeyErrorHandling(async () => {
@@ -1494,7 +1551,7 @@ class TurnkeyClient {
          * @throws {TurnkeyError} If the wallet type is unsupported, signing fails, or the response is invalid.
          */
         this.signTransaction = async (params) => {
-            const { walletAccount, unsignedTransaction, transactionType, stampWith, organizationId, } = params;
+            const { walletAccount, unsignedTransaction, transactionType, stampWith = this.config.defaultStamperType, organizationId, } = params;
             return withTurnkeyErrorHandling(async () => {
                 if (walletAccount.source === WalletSource.Connected) {
                     switch (walletAccount.chainInfo.namespace) {
@@ -1549,7 +1606,7 @@ class TurnkeyClient {
          * @throws {TurnkeyError} If the wallet type is unsupported, or if signing/broadcasting fails.
          */
         this.signAndSendTransaction = async (params) => {
-            const { walletAccount, unsignedTransaction, transactionType, rpcUrl, stampWith, organizationId, } = params;
+            const { walletAccount, unsignedTransaction, transactionType, rpcUrl, stampWith = this.config.defaultStamperType, organizationId, } = params;
             return withTurnkeyErrorHandling(async () => {
                 if (walletAccount.source === WalletSource.Connected) {
                     // this is a connected wallet account
@@ -1614,7 +1671,7 @@ class TurnkeyClient {
          * @throws {TurnkeyError} If there is no active session, if there is no userId, or if there is an error fetching user details.
          */
         this.fetchUser = async (params) => {
-            const { organizationId: organizationIdFromParams, userId: userIdFromParams, stampWith, } = params || {};
+            const { organizationId: organizationIdFromParams, userId: userIdFromParams, stampWith = this.config.defaultStamperType, } = params || {};
             const session = await getActiveSessionOrThrowIfRequired(stampWith, this.storageManager.getActiveSession);
             const userId = userIdFromParams || session?.userId;
             if (!userId) {
@@ -1652,7 +1709,7 @@ class TurnkeyClient {
          * @throws {TurnkeyError} If there is no active session, if the input is invalid, if user retrieval fails, or if user creation fails.
          */
         this.fetchOrCreateP256ApiKeyUser = async (params) => {
-            const { publicKey, createParams, stampWith, organizationId: organizationIdFromParams, } = params;
+            const { publicKey, createParams, stampWith = this.config.defaultStamperType, organizationId: organizationIdFromParams, } = params;
             return withTurnkeyErrorHandling(async () => {
                 const session = await getActiveSessionOrThrowIfRequired(stampWith, this.storageManager.getActiveSession);
                 const organizationId = organizationIdFromParams || session?.organizationId;
@@ -1734,7 +1791,7 @@ class TurnkeyClient {
          *                        if fetching policies fails, or if creating policies fails.
          */
         this.fetchOrCreatePolicies = async (params) => {
-            const { policies, stampWith } = params;
+            const { policies, stampWith = this.config.defaultStamperType } = params;
             return await withTurnkeyErrorHandling(async () => {
                 const session = await getActiveSessionOrThrowIfRequired(stampWith, this.storageManager.getActiveSession);
                 if (!Array.isArray(policies) || policies.length === 0) {
@@ -1817,7 +1874,7 @@ class TurnkeyClient {
          * @throws {TurnkeyError} If there is no active session, if the userId is missing, or if there is an error updating or verifying the user email.
          */
         this.updateUserEmail = async (params) => {
-            const { verificationToken, email, stampWith, organizationId } = params;
+            const { verificationToken, email, stampWith = this.config.defaultStamperType, organizationId, } = params;
             const session = await getActiveSessionOrThrowIfRequired(stampWith, this.storageManager.getActiveSession);
             const userId = params?.userId || session?.userId;
             if (!userId) {
@@ -1861,7 +1918,7 @@ class TurnkeyClient {
          * @throws {TurnkeyError} If there is no active session, if the userId is missing, or if there is an error removing the user email.
          */
         this.removeUserEmail = async (params) => {
-            const { stampWith, organizationId } = params || {};
+            const { stampWith = this.config.defaultStamperType, organizationId } = params || {};
             const session = await getActiveSessionOrThrowIfRequired(stampWith, this.storageManager.getActiveSession);
             return withTurnkeyErrorHandling(async () => {
                 const userId = params?.userId || session?.userId;
@@ -1900,7 +1957,7 @@ class TurnkeyClient {
          * @throws {TurnkeyError} If there is no active session, if the userId is missing, or if there is an error updating or verifying the user phone number.
          */
         this.updateUserPhoneNumber = async (params) => {
-            const { verificationToken, phoneNumber, stampWith, organizationId } = params;
+            const { verificationToken, phoneNumber, stampWith = this.config.defaultStamperType, organizationId, } = params;
             const session = await getActiveSessionOrThrowIfRequired(stampWith, this.storageManager.getActiveSession);
             const userId = params?.userId || session?.userId;
             if (!userId) {
@@ -1937,7 +1994,7 @@ class TurnkeyClient {
          * @throws {TurnkeyError} If there is no active session, if the userId is missing, or if there is an error removing the user phone number.
          */
         this.removeUserPhoneNumber = async (params) => {
-            const { stampWith, organizationId } = params || {};
+            const { stampWith = this.config.defaultStamperType, organizationId } = params || {};
             const session = await getActiveSessionOrThrowIfRequired(stampWith, this.storageManager.getActiveSession);
             const userId = params?.userId || session?.userId;
             if (!userId) {
@@ -1975,7 +2032,7 @@ class TurnkeyClient {
          * @throws {TurnkeyError} If there is no active session, if the userId is missing, or if there is an error updating the user name.
          */
         this.updateUserName = async (params) => {
-            const { userName, stampWith, organizationId } = params;
+            const { userName, stampWith = this.config.defaultStamperType, organizationId, } = params;
             const session = await getActiveSessionOrThrowIfRequired(stampWith, this.storageManager.getActiveSession);
             const userId = params?.userId || session?.userId;
             if (!userId) {
@@ -2015,7 +2072,7 @@ class TurnkeyClient {
          * @throws {TurnkeyError} If there is no active session, if the account already exists, or if there is an error adding the OAuth provider.
          */
         this.addOauthProvider = async (params) => {
-            const { providerName, oidcToken, stampWith } = params;
+            const { providerName, oidcToken, stampWith = this.config.defaultStamperType, } = params;
             const session = await getActiveSessionOrThrowIfRequired(stampWith, this.storageManager.getActiveSession);
             return withTurnkeyErrorHandling(async () => {
                 const accountRes = await this.httpClient.proxyGetAccount({
@@ -2091,7 +2148,7 @@ class TurnkeyClient {
          * @throws {TurnkeyError} If there is no active session, if the userId is missing, or if there is an error removing the OAuth provider.
          */
         this.removeOauthProviders = async (params) => {
-            const { providerIds, stampWith, organizationId } = params;
+            const { providerIds, stampWith = this.config.defaultStamperType, organizationId, } = params;
             const session = await getActiveSessionOrThrowIfRequired(stampWith, this.storageManager.getActiveSession);
             const userId = params?.userId || session?.userId;
             if (!userId) {
@@ -2130,7 +2187,7 @@ class TurnkeyClient {
          * @throws {TurnkeyError} If there is no active session, if passkey creation fails, or if there is an error adding the passkey.
          */
         this.addPasskey = async (params) => {
-            const { stampWith, organizationId } = params || {};
+            const { stampWith = this.config.defaultStamperType, organizationId } = params || {};
             const name = params?.name || `Turnkey Passkey-${Date.now()}`;
             return withTurnkeyErrorHandling(async () => {
                 const session = await getActiveSessionOrThrowIfRequired(stampWith, this.storageManager.getActiveSession);
@@ -2178,7 +2235,7 @@ class TurnkeyClient {
          * @throws {TurnkeyError} If there is no active session, if the userId is missing, or if there is an error removing the passkeys.
          */
         this.removePasskeys = async (params) => {
-            const { authenticatorIds, stampWith, organizationId } = params;
+            const { authenticatorIds, stampWith = this.config.defaultStamperType, organizationId, } = params;
             const session = await getActiveSessionOrThrowIfRequired(stampWith, this.storageManager.getActiveSession);
             const userId = params?.userId || session?.userId;
             if (!userId) {
@@ -2219,7 +2276,7 @@ class TurnkeyClient {
          * @throws {TurnkeyError} If there is no active session or if there is an error creating the wallet.
          */
         this.createWallet = async (params) => {
-            const { walletName, accounts, organizationId: organizationIdFromParams, mnemonicLength, stampWith, } = params;
+            const { walletName, accounts, organizationId: organizationIdFromParams, mnemonicLength, stampWith = this.config.defaultStamperType, } = params;
             const session = await getActiveSessionOrThrowIfRequired(stampWith, this.storageManager.getActiveSession);
             const organizationId = organizationIdFromParams || session?.organizationId;
             if (!organizationId) {
@@ -2271,7 +2328,7 @@ class TurnkeyClient {
          * @throws {TurnkeyError} If there is no active session, if the wallet does not exist, or if there is an error creating the wallet accounts.
          */
         this.createWalletAccounts = async (params) => {
-            const { accounts, walletId, organizationId: organizationIdFromParams, stampWith, } = params;
+            const { accounts, walletId, organizationId: organizationIdFromParams, stampWith = this.config.defaultStamperType, } = params;
             const session = await getActiveSessionOrThrowIfRequired(stampWith, this.storageManager.getActiveSession);
             const organizationId = organizationIdFromParams || session?.organizationId;
             if (!organizationId) {
@@ -2326,7 +2383,7 @@ class TurnkeyClient {
          * @throws {TurnkeyError} If there is no active session, if the targetPublicKey is missing, or if there is an error exporting the wallet.
          */
         this.exportWallet = async (params) => {
-            const { walletId, targetPublicKey, stampWith, organizationId: organizationIdFromParams, } = params;
+            const { walletId, targetPublicKey, stampWith = this.config.defaultStamperType, organizationId: organizationIdFromParams, } = params;
             const session = await getActiveSessionOrThrowIfRequired(stampWith, this.storageManager.getActiveSession);
             const organizationId = organizationIdFromParams || session?.organizationId;
             if (!organizationId) {
@@ -2364,7 +2421,7 @@ class TurnkeyClient {
          * @throws {TurnkeyError} If there is no active session, if the targetPublicKey is missing, or if there is an error exporting the private key.
          */
         this.exportPrivateKey = async (params) => {
-            const { privateKeyId, targetPublicKey, stampWith, organizationId: organizationIdFromParams, } = params;
+            const { privateKeyId, targetPublicKey, stampWith = this.config.defaultStamperType, organizationId: organizationIdFromParams, } = params;
             const session = await getActiveSessionOrThrowIfRequired(stampWith, this.storageManager.getActiveSession);
             const organizationId = organizationIdFromParams || session?.organizationId;
             if (!organizationId) {
@@ -2403,7 +2460,7 @@ class TurnkeyClient {
          *
          */
         this.exportWalletAccount = async (params) => {
-            const { address, targetPublicKey, stampWith, organizationId: organizationIdFromParams, } = params;
+            const { address, targetPublicKey, stampWith = this.config.defaultStamperType, organizationId: organizationIdFromParams, } = params;
             const session = await getActiveSessionOrThrowIfRequired(stampWith, this.storageManager.getActiveSession);
             const organizationId = organizationIdFromParams || session?.organizationId;
             if (!organizationId) {
@@ -2444,7 +2501,7 @@ class TurnkeyClient {
          * @throws {TurnkeyError} If there is no active session, if the encrypted bundle is invalid, or if there is an error importing the wallet.
          */
         this.importWallet = async (params) => {
-            const { encryptedBundle, accounts, walletName, organizationId: organizationIdFromParams, userId: userIdFromParams, stampWith, } = params;
+            const { encryptedBundle, accounts, walletName, organizationId: organizationIdFromParams, userId: userIdFromParams, stampWith = this.config.defaultStamperType, } = params;
             const session = await getActiveSessionOrThrowIfRequired(stampWith, this.storageManager.getActiveSession);
             const organizationId = organizationIdFromParams || session?.organizationId;
             if (!organizationId) {
@@ -2502,7 +2559,7 @@ class TurnkeyClient {
          * @throws {TurnkeyError} If there is no active session, if the encrypted bundle is invalid, or if there is an error importing the wallet.
          */
         this.importPrivateKey = async (params) => {
-            const { encryptedBundle, privateKeyName, addressFormats, curve, organizationId: organizationIdFromParams, userId: userIdFromParams, stampWith, } = params;
+            const { encryptedBundle, privateKeyName, addressFormats, curve, organizationId: organizationIdFromParams, userId: userIdFromParams, stampWith = this.config.defaultStamperType, } = params;
             const session = await getActiveSessionOrThrowIfRequired(stampWith, this.storageManager.getActiveSession);
             const organizationId = organizationIdFromParams || session?.organizationId;
             if (!organizationId) {
@@ -2552,7 +2609,7 @@ class TurnkeyClient {
          * @throws {TurnkeyError} If there is no active session or if there is an error deleting the sub-organization.
          */
         this.deleteSubOrganization = async (params) => {
-            const { deleteWithoutExport = false, organizationId: organizationIdFromParams, stampWith, } = params || {};
+            const { deleteWithoutExport = false, organizationId: organizationIdFromParams, stampWith = this.config.defaultStamperType, } = params || {};
             const session = await getActiveSessionOrThrowIfRequired(stampWith, this.storageManager.getActiveSession);
             const organizationId = organizationIdFromParams || session?.organizationId;
             return withTurnkeyErrorHandling(async () => {
@@ -2660,7 +2717,7 @@ class TurnkeyClient {
          * @throws {TurnkeyError} If the session key does not exist, if there is no active session, or if there is an error refreshing the session.
          */
         this.refreshSession = async (params) => {
-            const { sessionKey = await this.storageManager.getActiveSessionKey(), expirationSeconds = DEFAULT_SESSION_EXPIRATION_IN_SECONDS, publicKey, invalidateExisitng = false, } = params || {};
+            const { sessionKey = await this.storageManager.getActiveSessionKey(), expirationSeconds = DEFAULT_SESSION_EXPIRATION_IN_SECONDS, publicKey, stampWith = this.config.defaultStamperType, invalidateExisitng = false, } = params || {};
             if (!sessionKey) {
                 throw new TurnkeyError("No session key provided or active session to refresh session", TurnkeyErrorCodes.NO_SESSION_FOUND);
             }
@@ -2683,7 +2740,7 @@ class TurnkeyClient {
                     publicKey: keyPair,
                     expirationSeconds,
                     invalidateExisting: invalidateExisitng,
-                }, params?.stampWith);
+                }, stampWith);
                 if (!res || !res.session) {
                     throw new TurnkeyError("No session found in the refresh response", TurnkeyErrorCodes.BAD_RESPONSE);
                 }
@@ -2881,6 +2938,46 @@ class TurnkeyClient {
                 errorCode: TurnkeyErrorCodes.GET_PROXY_AUTH_CONFIG_ERROR,
             });
         };
+        /**
+         * Fetches the boot proof for a given app proof.
+         *
+         * - This function is idempotent: multiple calls with the same `app proof` will always return the boot proof.
+         * - Attempts to find the boot proof for the given app proof.
+         * - If a boot proof is found, it is returned as is.
+         * - If no boot proof is found, an error is thrown.
+         *
+         * @param params.appProof - the app proof for which the boot proof is being fetched.
+         * @param params.organizationId - organization ID to specify the sub-organization (defaults to the current session's organizationId).
+         * @param params.stampWith - parameter to stamp the request with a specific stamper (StamperType.Passkey, StamperType.ApiKey, or StamperType.Wallet).
+         * @returns A promise that resolves to the {@link v1BootProof} associated with the given app proof.
+         * @throws {TurnkeyError} If there is no active session, if the input is invalid, or if boot proof retrieval fails.
+         */
+        this.fetchBootProofForAppProof = async (params) => {
+            const { appProof, stampWith = this.config.defaultStamperType, organizationId: organizationIdFromParams, } = params;
+            return withTurnkeyErrorHandling(async () => {
+                const session = await getActiveSessionOrThrowIfRequired(stampWith, this.storageManager.getActiveSession);
+                const organizationId = organizationIdFromParams || session?.organizationId;
+                if (!organizationId) {
+                    throw new TurnkeyError("Organization ID is required to fetch a Boot Proof.", TurnkeyErrorCodes.INVALID_REQUEST);
+                }
+                // validate their input
+                if (appProof === null || appProof?.publicKey === null) {
+                    throw new TurnkeyError("'appProof' is required and cannot be empty.", TurnkeyErrorCodes.INVALID_REQUEST);
+                }
+                const ephemeralKey = appProof.publicKey;
+                const bootProofResponse = await this.httpClient.getBootProof({
+                    organizationId,
+                    ephemeralKey,
+                }, stampWith);
+                if (!bootProofResponse || !bootProofResponse.bootProof) {
+                    throw new TurnkeyError("No boot proof found in the response", TurnkeyErrorCodes.BAD_RESPONSE);
+                }
+                return bootProofResponse.bootProof;
+            }, {
+                errorMessage: "Failed to get boot proof for app proof",
+                errorCode: TurnkeyErrorCodes.FETCH_BOOT_PROOF_ERROR,
+            });
+        };
         this.config = config;
         // Just store any explicitly provided stampers
         this.apiKeyStamper = apiKeyStamper;
@@ -2903,19 +3000,9 @@ class TurnkeyClient {
             this.config.walletConfig?.features?.connecting) {
             this.walletManager = await createWalletManager(this.config.walletConfig);
         }
-        // We can comfortably default to the prod urls here
-        const apiBaseUrl = this.config.apiBaseUrl || "https://api.turnkey.com";
-        const authProxyUrl = this.config.authProxyUrl || "https://authproxy.turnkey.com";
         // Initialize the HTTP client with the appropriate stampers
-        this.httpClient = new TurnkeySDKClientBase({
-            ...this.config,
-            apiBaseUrl,
-            authProxyUrl,
-            apiKeyStamper: this.apiKeyStamper,
-            passkeyStamper: this.passkeyStamper,
-            walletStamper: this.walletManager?.stamper,
-            storageManager: this.storageManager,
-        });
+        // Note: not passing anything here since we want to use the configured stampers and this.config
+        this.httpClient = this.createHttpClient();
     }
 }