@zerodev/wallet-core 0.0.1-alpha.22 → 0.0.1-alpha.23
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/_cjs/actions/auth/loginWithStamp.js +0 -1
- package/dist/_cjs/actions/auth/loginWithStamp.js.map +1 -1
- package/dist/_cjs/core/createZeroDevWalletCore.js +2 -2
- package/dist/_cjs/core/createZeroDevWalletCore.js.map +1 -1
- package/dist/_esm/actions/auth/loginWithStamp.js +4 -1
- package/dist/_esm/actions/auth/loginWithStamp.js.map +1 -1
- package/dist/_esm/core/createZeroDevWalletCore.js +11 -2
- package/dist/_esm/core/createZeroDevWalletCore.js.map +1 -1
- package/dist/_types/actions/auth/loginWithStamp.d.ts.map +1 -1
- package/dist/_types/core/createZeroDevWalletCore.d.ts.map +1 -1
- package/dist/tsconfig.build.tsbuildinfo +1 -1
- package/package.json +4 -1
- package/src/actions/auth/loginWithStamp.ts +4 -1
- package/src/core/createZeroDevWalletCore.ts +11 -2
package/package.json
CHANGED
|
@@ -1,7 +1,10 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@zerodev/wallet-core",
|
|
3
|
-
"version": "0.0.1-alpha.
|
|
3
|
+
"version": "0.0.1-alpha.23",
|
|
4
4
|
"description": "ZeroDev Wallet SDK built on Turnkey",
|
|
5
|
+
"publishConfig": {
|
|
6
|
+
"tag": "alpha"
|
|
7
|
+
},
|
|
5
8
|
"sideEffects": false,
|
|
6
9
|
"main": "./dist/_cjs/index.js",
|
|
7
10
|
"module": "./dist/_esm/index.js",
|
|
@@ -70,8 +70,11 @@ export async function loginWithStamp(
|
|
|
70
70
|
return client.request({
|
|
71
71
|
path: `${projectId}/auth/login/stamp`,
|
|
72
72
|
method: 'POST',
|
|
73
|
+
// The sub-org id is intentionally not sent: the backend derives it from
|
|
74
|
+
// the stamped credential. `organizationId` (the parent org) is only
|
|
75
|
+
// signed into `stampPayload` above so the stamp matches the body the
|
|
76
|
+
// backend relays to Turnkey — it is not part of the wire request.
|
|
73
77
|
body: {
|
|
74
|
-
subOrganizationId: organizationId,
|
|
75
78
|
targetPublicKey,
|
|
76
79
|
timestamp: timestampIso,
|
|
77
80
|
stamp,
|
|
@@ -190,7 +190,11 @@ export async function createZeroDevWalletCore(
|
|
|
190
190
|
const data = await client.loginWithStamp({
|
|
191
191
|
targetPublicKey: compressedPublicKeyHex,
|
|
192
192
|
projectId,
|
|
193
|
-
|
|
193
|
+
// Stamp-login is signed against the Turnkey parent org; the backend
|
|
194
|
+
// resolves the sub-org from the stamped credential. Signing the
|
|
195
|
+
// sub-org here makes the relayed payload's org mismatch the
|
|
196
|
+
// signature → Turnkey SIGNATURE_INVALID.
|
|
197
|
+
organizationId,
|
|
194
198
|
stampWith: 'apiKey',
|
|
195
199
|
})
|
|
196
200
|
await client.apiKeyStamper.commitKeyRotation()
|
|
@@ -270,7 +274,9 @@ export async function createZeroDevWalletCore(
|
|
|
270
274
|
const loginData = await client.loginWithStamp({
|
|
271
275
|
projectId,
|
|
272
276
|
targetPublicKey: compressedPublicKeyHex,
|
|
273
|
-
|
|
277
|
+
// Sign against the parent org (see refreshSession note) — the
|
|
278
|
+
// backend derives the sub-org from the stamped credential.
|
|
279
|
+
organizationId,
|
|
274
280
|
})
|
|
275
281
|
await client.apiKeyStamper.commitKeyRotation()
|
|
276
282
|
const parsedSession = parseSession(loginData.session)
|
|
@@ -302,6 +308,9 @@ export async function createZeroDevWalletCore(
|
|
|
302
308
|
const loginData = await client.loginWithStamp({
|
|
303
309
|
targetPublicKey: generatedPublicKey,
|
|
304
310
|
projectId,
|
|
311
|
+
// Sign against the parent org, not the user's sub-org (see the
|
|
312
|
+
// refreshSession note). The backend derives the sub-org from the
|
|
313
|
+
// stamped passkey credential.
|
|
305
314
|
organizationId,
|
|
306
315
|
stampWith: 'passkey',
|
|
307
316
|
})
|