@zkpassport/sdk 0.3.4 → 0.4.0

package/src/index.ts

@@ -1,4 +1,3 @@
-import { randomBytes } from "crypto"
 import { Alpha3Code, getAlpha3Code, registerLocale } from "i18n-iso-countries"
 import {
   type DisclosableIDCredential,
@@ -57,11 +56,9 @@ import {
   ProofData,
   getScopeFromOuterProof,
   getSubscopeFromOuterProof,
+  getServiceScopeHash,
 } from "@zkpassport/utils"
 import { bytesToHex } from "@noble/ciphers/utils"
-import { getWebSocketClient, WebSocketClient } from "./websocket"
-import { createEncryptedJsonRpcRequest } from "./json-rpc"
-import { decrypt, generateECDHKeyPair, getSharedSecret } from "./encryption"
 import { noLogger as logger } from "./logger"
 import { inflate } from "pako"
 import i18en from "i18n-iso-countries/langs/en.json"
@@ -70,6 +67,7 @@ import { sha256 } from "@noble/hashes/sha2"
 import { hexToBytes } from "@noble/hashes/utils"
 import ZKPassportVerifierAbi from "./assets/abi/ZKPassportVerifier.json"
 import { RegistryClient } from "@zkpassport/registry"
+import { Bridge, BridgeInterface } from "@obsidion/bridge"
 
 const DEFAULT_DATE_VALUE = new Date(1111, 10, 11)
 
@@ -124,6 +122,24 @@ export type SolidityVerifierParameters = {
 
 export type EVMChain = "ethereum_sepolia" | "local_anvil"
 
+function getChainIdFromEVMChain(chain: EVMChain): number {
+  if (chain === "ethereum_sepolia") {
+    return 11155111
+  } else if (chain === "local_anvil") {
+    return 31337
+  }
+  throw new Error(`Unsupported chain: ${chain}`)
+}
+
+function getEVMChainFromChainId(chainId: number): EVMChain {
+  if (chainId === 11155111) {
+    return "ethereum_sepolia"
+  } else if (chainId === 31337) {
+    return "local_anvil"
+  }
+  throw new Error(`Unsupported chain ID: ${chainId}`)
+}
+
 registerLocale(i18en)
 
 function hasRequestedAccessToField(credentialsRequest: Query, field: IDCredential): boolean {
@@ -351,13 +367,12 @@ export class ZKPassport {
       devMode: boolean
     }
   > = {}
-  private topicToKeyPair: Record<string, { privateKey: Uint8Array; publicKey: Uint8Array }> = {}
-  private topicToWebSocketClient: Record<string, WebSocketClient> = {}
-  private topicToSharedSecret: Record<string, Uint8Array> = {}
+  private topicToPublicKey: Record<string, string> = {}
+  private topicToBridge: Record<string, BridgeInterface> = {}
   private topicToRequestReceived: Record<string, boolean> = {}
   private topicToService: Record<
     string,
-    { name: string; logo: string; purpose: string; scope?: string }
+    { name: string; logo: string; purpose: string; scope?: string; chainId?: number }
   > = {}
   private topicToProofs: Record<string, Array<ProofResult>> = {}
   private topicToExpectedProofCount: Record<string, number> = {}
@@ -400,6 +415,9 @@ export class ZKPassport {
       queryResult: result,
       validity: this.topicToLocalConfig[topic]?.validity,
       scope: this.topicToService[topic]?.scope,
+      evmChain: this.topicToService[topic]?.chainId
+        ? getEVMChainFromChainId(this.topicToService[topic]?.chainId)
+        : undefined,
       devMode: this.topicToLocalConfig[topic]?.devMode,
     })
     delete this.topicToProofs[topic]
@@ -498,11 +516,7 @@ export class ZKPassport {
    * @param request The request.
    * @param outerRequest The outer request.
    */
-  private async handleEncryptedMessage(
-    topic: string,
-    request: JsonRpcRequest,
-    outerRequest: JsonRpcRequest,
-  ) {
+  private async handleEncryptedMessage(topic: string, request: JsonRpcRequest) {
     logger.debug("Received encrypted message:", request)
     if (request.method === "accept") {
       logger.debug(`User accepted the request and is generating a proof`)
@@ -512,31 +526,9 @@ export class ZKPassport {
       await Promise.all(this.onRejectCallbacks[topic].map((callback) => callback()))
     } else if (request.method === "proof") {
       logger.debug(`User generated proof`)
-      // Uncompress the proof and convert it to a hex string
-      const bytesProof = Buffer.from(request.params.proof, "base64")
-      const bytesCommittedInputs = request.params.committedInputs
-        ? Buffer.from(request.params.committedInputs, "base64")
-        : null
-      const uncompressedProof = inflate(bytesProof)
-      const uncompressedCommittedInputs = bytesCommittedInputs
-        ? inflate(bytesCommittedInputs)
-        : null
-      // The gzip lib in the app compress the proof as ASCII
-      // and since the app passes the proof as a hex string, we can
-      // just decode the bytes as hex characters using the TextDecoder
-      const hexProof = new TextDecoder().decode(uncompressedProof)
-      const processedProof: ProofResult = {
-        proof: hexProof,
-        vkeyHash: request.params.vkeyHash,
-        name: request.params.name,
-        version: request.params.version,
-        committedInputs: uncompressedCommittedInputs
-          ? JSON.parse(new TextDecoder().decode(uncompressedCommittedInputs))
-          : undefined,
-      }
-      this.topicToProofs[topic].push(processedProof)
+      this.topicToProofs[topic].push(request.params)
       await Promise.all(
-        this.onProofGeneratedCallbacks[topic].map((callback) => callback(processedProof)),
+        this.onProofGeneratedCallbacks[topic].map((callback) => callback(request.params)),
       )
       // If the results were received before all the proofs were generated,
       // we can handle the result now
@@ -651,7 +643,7 @@ export class ZKPassport {
         const base64Service = Buffer.from(JSON.stringify(this.topicToService[topic])).toString(
           "base64",
         )
-        const pubkey = bytesToHex(this.topicToKeyPair[topic].publicKey)
+        const pubkey = this.topicToPublicKey[topic]
         this.setExpectedProofCount(topic)
         return {
           url: `https://zkpassport.id/r?d=${this.domain}&t=${topic}&c=${base64Config}&s=${base64Service}&p=${pubkey}&m=${this.topicToLocalConfig[topic].mode}`,
@@ -675,7 +667,7 @@ export class ZKPassport {
           onReject: (callback: () => void) => this.onRejectCallbacks[topic].push(callback),
           onError: (callback: (error: string) => void) =>
             this.onErrorCallbacks[topic].push(callback),
-          isBridgeConnected: () => this.topicToWebSocketClient[topic].readyState === WebSocket.OPEN,
+          isBridgeConnected: () => this.topicToBridge[topic].isBridgeConnected(),
           requestReceived: () => this.topicToRequestReceived[topic] === true,
         }
       },
@@ -690,6 +682,7 @@ export class ZKPassport {
    * @param scope Scope this request to a specific use case
    * @param validity How many days ago should have the ID been last scanned by the user?
    * @param devMode Whether to enable dev mode. This will allow you to verify mock proofs (i.e. from ZKR)
+   * @param evmChain The EVM chain to use for the request (if using the proof onchain)
    * @returns The query builder object.
    */
   public async request({
@@ -698,6 +691,7 @@ export class ZKPassport {
     purpose,
     scope,
     mode,
+    evmChain,
     validity,
     devMode,
     topicOverride,
@@ -708,21 +702,27 @@ export class ZKPassport {
     purpose: string
     scope?: string
     mode?: ProofMode
+    evmChain?: EVMChain
     validity?: number
     devMode?: boolean
     topicOverride?: string
     keyPairOverride?: { privateKey: Uint8Array; publicKey: Uint8Array }
   }): Promise<QueryBuilder> {
-    const topic = topicOverride || randomBytes(16).toString("hex")
+    const bridge = await Bridge.create({
+      keyPair: keyPairOverride,
+      bridgeId: topicOverride,
+    })
 
-    const keyPair = keyPairOverride || (await generateECDHKeyPair())
-    this.topicToKeyPair[topic] = {
-      privateKey: keyPair.privateKey,
-      publicKey: keyPair.publicKey,
-    }
+    const topic = bridge.connection.getBridgeId()
 
     this.topicToConfig[topic] = {}
-    this.topicToService[topic] = { name, logo, purpose, scope }
+    this.topicToService[topic] = {
+      name,
+      logo,
+      purpose,
+      scope,
+      chainId: evmChain ? getChainIdFromEVMChain(evmChain) : undefined,
+    }
     this.topicToProofs[topic] = []
     this.topicToExpectedProofCount[topic] = 0
     this.topicToLocalConfig[topic] = {
@@ -740,68 +740,22 @@ export class ZKPassport {
     this.onRejectCallbacks[topic] = []
     this.onErrorCallbacks[topic] = []
 
-    const wsClient = getWebSocketClient(`wss://bridge.zkpassport.id?topic=${topic}`, this.domain)
-    this.topicToWebSocketClient[topic] = wsClient
-    wsClient.onopen = async () => {
-      logger.info("[frontend] WebSocket connection established")
-      await Promise.all(this.onBridgeConnectCallbacks[topic].map((callback) => callback()))
-    }
-    wsClient.addEventListener("message", async (event: any) => {
-      logger.debug("[frontend] Received message:", event.data)
-      try {
-        const data: JsonRpcRequest = JSON.parse(event.data)
-        // Handshake happens when the mobile app scans the QR code and connects to the bridge
-        if (data.method === "handshake") {
-          logger.debug("[frontend] Received handshake:", event.data)
+    this.topicToPublicKey[topic] = bridge.getPublicKey()
 
-          this.topicToRequestReceived[topic] = true
-          this.topicToSharedSecret[topic] = await getSharedSecret(
-            bytesToHex(keyPair.privateKey),
-            data.params.pubkey,
-          )
-          logger.debug(
-            "[frontend] Shared secret:",
-            Buffer.from(this.topicToSharedSecret[topic]).toString("hex"),
-          )
-
-          const encryptedMessage = await createEncryptedJsonRpcRequest(
-            "hello",
-            null,
-            this.topicToSharedSecret[topic],
-            topic,
-          )
-          logger.debug("[frontend] Sending encrypted message:", encryptedMessage)
-          wsClient.send(JSON.stringify(encryptedMessage))
-
-          await Promise.all(this.onRequestReceivedCallbacks[topic].map((callback) => callback()))
-          return
-        }
-
-        // Handle encrypted messages
-        if (data.method === "encryptedMessage") {
-          // Decode the payload from base64 to Uint8Array
-          const payload = new Uint8Array(
-            atob(data.params.payload)
-              .split("")
-              .map((c) => c.charCodeAt(0)),
-          )
-          try {
-            // Decrypt the payload using the shared secret
-            const decrypted = await decrypt(payload, this.topicToSharedSecret[topic], topic)
-            const decryptedJson: JsonRpcRequest = JSON.parse(decrypted)
-            this.handleEncryptedMessage(topic, decryptedJson, data)
-          } catch (error) {
-            logger.error("[frontend] Error decrypting message:", error)
-          }
-          return
-        }
-      } catch (error) {
-        logger.error("[frontend] Error:", error)
-      }
+    this.topicToBridge[topic] = bridge
+    bridge.onConnect(async (reconnection: boolean) => {
+      logger.debug("Bridge connected")
+      logger.debug("Is reconnection:", reconnection)
+      await Promise.all(this.onBridgeConnectCallbacks[topic].map((callback) => callback()))
+    })
+    bridge.onSecureChannelEstablished(async () => {
+      logger.debug("Secure channel established")
+      await Promise.all(this.onRequestReceivedCallbacks[topic].map((callback) => callback()))
+    })
+    bridge.onSecureMessage(async (message: any) => {
+      logger.debug("Received message:", message)
+      this.handleEncryptedMessage(topic, message)
     })
-    wsClient.onerror = (error: Event) => {
-      logger.error("[frontend] WebSocket error:", error)
-    }
     return this.getZkPassportRequest(topic)
   }
 
@@ -1780,13 +1734,17 @@ export class ZKPassport {
     queryResultErrors: QueryResultErrors,
     key: string,
     scope?: string,
+    chainId?: number,
   ) {
     let isCorrect = true
-    if (this.domain && getScopeHash(this.domain) !== BigInt(proofData.publicInputs[1])) {
+    if (
+      this.domain &&
+      getServiceScopeHash(this.domain, chainId) !== BigInt(proofData.publicInputs[1])
+    ) {
       console.warn("The proof comes from a different domain than the one expected")
       isCorrect = false
       queryResultErrors[key as keyof QueryResultErrors].scope = {
-        expected: `Scope: ${getScopeHash(this.domain).toString()}`,
+        expected: `Scope: ${getServiceScopeHash(this.domain, chainId).toString()}`,
         received: `Scope: ${BigInt(proofData.publicInputs[1]).toString()}`,
         message: "The proof comes from a different domain than the one expected",
       }
@@ -1840,6 +1798,7 @@ export class ZKPassport {
     queryResult: QueryResult,
     validity?: number,
     scope?: string,
+    chainId?: number,
   ) {
     let commitmentIn: bigint | undefined
     let commitmentOut: bigint | undefined
@@ -1945,11 +1904,14 @@ export class ZKPassport {
             message: "The proof does not verify all the requested conditions and information",
           }
         }
-        if (this.domain && getScopeHash(this.domain) !== getScopeFromOuterProof(proofData)) {
+        if (
+          this.domain &&
+          getServiceScopeHash(this.domain, chainId) !== getScopeFromOuterProof(proofData)
+        ) {
           console.warn("The proof comes from a different domain than the one expected")
           isCorrect = false
           queryResultErrors.outer.scope = {
-            expected: `Scope: ${getScopeHash(this.domain).toString()}`,
+            expected: `Scope: ${getServiceScopeHash(this.domain, chainId).toString()}`,
             received: `Scope: ${getScopeFromOuterProof(proofData).toString()}`,
             message: "The proof comes from a different domain than the one expected",
           }
@@ -2646,6 +2608,9 @@ export class ZKPassport {
    * @param proofs The proofs to verify.
    * @param queryResult The query result to verify against
    * @param validity How many days ago should have the ID been last scanned by the user?
+   * @param scope Scope this request to a specific use case
+   * @param evmChain The EVM chain to use for the verification (if using the proof onchain)
+   * @param devMode Whether to enable dev mode. This will allow you to verify mock proofs (i.e. from ZKR)
    * @returns An object containing the unique identifier associated to the user
    * and a boolean indicating whether the proofs were successfully verified.
    */
@@ -2654,12 +2619,14 @@ export class ZKPassport {
     queryResult,
     validity,
     scope,
+    evmChain,
     devMode = false,
   }: {
     proofs: Array<ProofResult>
     queryResult: QueryResult
     validity?: number
     scope?: string
+    evmChain?: EVMChain
     devMode?: boolean
   }): Promise<{
     uniqueIdentifier: string | undefined
@@ -2692,11 +2659,12 @@ export class ZKPassport {
     let verified = true
     let uniqueIdentifier: string | undefined
     let queryResultErrors: QueryResultErrors | undefined
+    const chainId = evmChain ? getChainIdFromEVMChain(evmChain) : undefined
     const {
       isCorrect,
       uniqueIdentifier: uniqueIdentifierFromPublicInputs,
       queryResultErrors: queryResultErrorsFromPublicInputs,
-    } = await this.checkPublicInputs(proofs, formattedResult, validity, scope)
+    } = await this.checkPublicInputs(proofs, formattedResult, validity, scope, chainId)
     uniqueIdentifier = uniqueIdentifierFromPublicInputs
     verified = isCorrect
     queryResultErrors = isCorrect ? undefined : queryResultErrorsFromPublicInputs
@@ -2790,7 +2758,7 @@ export class ZKPassport {
     if (network === "ethereum_sepolia") {
       return {
         ...baseConfig,
-        address: "0x8c6982D77f7a8f60aE3133cA9b2FAA6f3e78c394",
+        address: "0xDfE02DFd5c208854884B58bFf6522De5c42F73E3",
       }
     } else if (network === "local_anvil") {
       return {
@@ -2959,7 +2927,7 @@ export class ZKPassport {
    * @returns The URL of the request.
    */
   public getUrl(requestId: string) {
-    const pubkey = bytesToHex(this.topicToKeyPair[requestId].publicKey)
+    const pubkey = this.topicToPublicKey[requestId]
     const base64Config = Buffer.from(JSON.stringify(this.topicToConfig[requestId])).toString(
       "base64",
     )
@@ -2974,14 +2942,13 @@ export class ZKPassport {
    * @param requestId The request ID.
    */
   public cancelRequest(requestId: string) {
-    if (this.topicToWebSocketClient[requestId]) {
-      this.topicToWebSocketClient[requestId].close()
-      delete this.topicToWebSocketClient[requestId]
+    if (this.topicToBridge[requestId]) {
+      this.topicToBridge[requestId].close()
+      delete this.topicToBridge[requestId]
     }
-    delete this.topicToKeyPair[requestId]
+    delete this.topicToPublicKey[requestId]
     delete this.topicToConfig[requestId]
     delete this.topicToLocalConfig[requestId]
-    delete this.topicToSharedSecret[requestId]
     delete this.topicToProofs[requestId]
     delete this.topicToExpectedProofCount[requestId]
     delete this.topicToFailedProofCount[requestId]
@@ -2998,7 +2965,7 @@ export class ZKPassport {
    * @notice Clears all requests.
    */
   public clearAllRequests() {
-    for (const requestId in this.topicToWebSocketClient) {
+    for (const requestId in this.topicToBridge) {
       this.cancelRequest(requestId)
     }
   }

package/src/encryption.ts

@@ -1,45 +0,0 @@
-import { gcm } from "@noble/ciphers/aes"
-import { utf8ToBytes } from "@noble/ciphers/utils"
-
-async function sha256Truncate(topic: string): Promise<Uint8Array> {
-  const encoder = new TextEncoder()
-  const data = encoder.encode(topic)
-  const hashBuffer = await crypto.subtle.digest("SHA-256", data)
-  const fullHashArray = new Uint8Array(hashBuffer)
-  const truncatedHashArray = fullHashArray.slice(0, 12)
-  return truncatedHashArray
-}
-
-export async function generateECDHKeyPair() {
-  const secp256k1 = await import("@noble/secp256k1")
-  const privKey = secp256k1.utils.randomPrivateKey()
-  const pubKey = secp256k1.getPublicKey(privKey)
-  return {
-    privateKey: privKey,
-    publicKey: pubKey,
-  }
-}
-
-export async function getSharedSecret(privateKey: string, publicKey: string) {
-  const secp256k1 = await import("@noble/secp256k1")
-  const sharedSecret = secp256k1.getSharedSecret(privateKey, publicKey)
-  return sharedSecret.slice(0, 32)
-}
-
-export async function encrypt(message: string, sharedSecret: Uint8Array, topic: string) {
-  // Nonce must be 12 bytes
-  const nonce = await sha256Truncate(topic)
-  const aes = gcm(sharedSecret, nonce)
-  const data = utf8ToBytes(message)
-  const ciphertext = aes.encrypt(data)
-  return ciphertext
-}
-
-export async function decrypt(ciphertext: Uint8Array, sharedSecret: Uint8Array, topic: string) {
-  // Nonce must be 12 bytes
-  const nonce = await sha256Truncate(topic)
-  const aes = gcm(sharedSecret, nonce)
-  const data = aes.decrypt(ciphertext)
-  const dataString = new TextDecoder().decode(data)
-  return dataString
-}

package/src/json-rpc.ts

@@ -1,61 +0,0 @@
-import { randomBytes } from "crypto"
-import type { JsonRpcRequest, JsonRpcResponse } from "@zkpassport/utils"
-import { encrypt } from "./encryption"
-import { WebSocketClient } from "./websocket"
-import { noLogger as logger } from "./logger"
-
-export function createJsonRpcRequest(method: string, params: any): JsonRpcRequest {
-  return {
-    jsonrpc: "2.0",
-    id: randomBytes(16).toString("hex"),
-    method,
-    params,
-  }
-}
-
-export async function createEncryptedJsonRpcRequest(
-  method: string,
-  params: any,
-  sharedSecret: Uint8Array,
-  topic: string,
-): Promise<JsonRpcRequest> {
-  const encryptedMessage = await encrypt(
-    JSON.stringify({ method, params: params || {} }),
-    sharedSecret,
-    topic,
-  )
-  return createJsonRpcRequest("encryptedMessage", {
-    payload: Buffer.from(encryptedMessage).toString("base64"),
-  })
-}
-
-export async function sendEncryptedJsonRpcRequest(
-  method: string,
-  params: any,
-  sharedSecret: Uint8Array,
-  topic: string,
-  wsClient: WebSocketClient,
-): Promise<boolean> {
-  try {
-    const message = { method, params: params || {} }
-    const encryptedMessage = await encrypt(JSON.stringify(message), sharedSecret, topic)
-    const request = createJsonRpcRequest("encryptedMessage", {
-      payload: Buffer.from(encryptedMessage).toString("base64"),
-    })
-    logger.debug("Sending encrypted message (original):", message)
-    logger.debug("Sending encrypted message (encrypted):", request)
-    wsClient.send(JSON.stringify(request))
-    return true
-  } catch (error) {
-    logger.error("Error sending encrypted message:", error)
-    return false
-  }
-}
-
-export function createJsonRpcResponse(id: string, result: any): JsonRpcResponse {
-  return {
-    jsonrpc: "2.0",
-    id,
-    result,
-  }
-}

package/src/mobile.ts

@@ -1,186 +0,0 @@
-import { bytesToHex } from "@noble/ciphers/utils"
-import { getWebSocketClient, WebSocketClient } from "./websocket"
-import { sendEncryptedJsonRpcRequest } from "./json-rpc"
-import { decrypt, generateECDHKeyPair, getSharedSecret } from "./encryption"
-import type { JsonRpcRequest } from "@zkpassport/utils"
-import { noLogger as logger } from "./logger"
-
-export class ZkPassportProver {
-  private domain?: string
-  private topicToKeyPair: Record<string, { privateKey: Uint8Array; publicKey: Uint8Array }> = {}
-  private topicToWebSocketClient: Record<string, WebSocketClient> = {}
-  private topicToRemoteDomainVerified: Record<string, boolean> = {}
-  private topicToSharedSecret: Record<string, Uint8Array> = {}
-  private topicToRemotePublicKey: Record<string, Uint8Array> = {}
-
-  private onDomainVerifiedCallbacks: Record<string, Array<() => void>> = {}
-  private onBridgeConnectCallbacks: Record<string, Array<() => void>> = {}
-  private onWebsiteDomainVerifyFailureCallbacks: Record<string, Array<() => void>> = {}
-
-  constructor() {}
-
-  /**
-   * @notice Handle an encrypted message.
-   * @param request The request.
-   * @param outerRequest The outer request.
-   */
-  private async handleEncryptedMessage(
-    topic: string,
-    request: JsonRpcRequest,
-    outerRequest: JsonRpcRequest,
-  ) {
-    logger.debug("Received encrypted message:", request)
-    if (request.method === "hello") {
-      logger.info(`Successfully verified origin domain name: ${outerRequest.origin}`)
-      this.topicToRemoteDomainVerified[topic] = true
-      await Promise.all(this.onDomainVerifiedCallbacks[topic].map((callback) => callback()))
-    } else if (request.method === "closed_page") {
-      // TODO: Implement
-    }
-  }
-
-  /**
-   * @notice Scan a credentirequest QR code.
-   * @returns
-   */
-  public async scan(
-    url: string,
-    {
-      keyPairOverride,
-    }: {
-      keyPairOverride?: { privateKey: Uint8Array; publicKey: Uint8Array }
-    } = {},
-  ) {
-    const parsedUrl = new URL(url)
-    const domain = parsedUrl.searchParams.get("d")
-    const topic = parsedUrl.searchParams.get("t")
-    const pubkeyHex = parsedUrl.searchParams.get("p")
-
-    if (!domain || !topic || !pubkeyHex) {
-      throw new Error("Invalid URL: missing required parameters")
-    }
-
-    const pubkey = new Uint8Array(Buffer.from(pubkeyHex, "hex"))
-
-    this.domain = domain
-    const keyPair = keyPairOverride || (await generateECDHKeyPair())
-
-    this.topicToKeyPair[topic] = {
-      privateKey: keyPair.privateKey,
-      publicKey: keyPair.publicKey,
-    }
-    this.topicToRemotePublicKey[topic] = pubkey
-    this.topicToSharedSecret[topic] = await getSharedSecret(
-      bytesToHex(keyPair.privateKey),
-      bytesToHex(pubkey),
-    )
-    this.topicToRemoteDomainVerified[topic] = false
-    this.onDomainVerifiedCallbacks[topic] = []
-    this.onBridgeConnectCallbacks[topic] = []
-
-    // Set up WebSocket connection
-    const wsClient = getWebSocketClient(
-      `wss://bridge.zkpassport.id?topic=${topic}&pubkey=${bytesToHex(keyPair.publicKey)}`,
-    )
-    this.topicToWebSocketClient[topic] = wsClient
-
-    wsClient.onopen = async () => {
-      logger.info("[mobile] WebSocket connection established")
-      await Promise.all(this.onBridgeConnectCallbacks[topic].map((callback) => callback()))
-      // Server sends handshake automatically (when it sees a pubkey in websocket URI)
-      // wsClient.send(
-      //   JSON.stringify(
-      //     createJsonRpcRequest('handshake', {
-      //       pubkey: bytesToHex(keyPair.publicKey),
-      //     }),
-      //   ),
-      // )
-    }
-
-    wsClient.addEventListener("message", async (event: any) => {
-      logger.info("[mobile] Received message:", event.data)
-
-      try {
-        const data: JsonRpcRequest = JSON.parse(event.data)
-        const originDomain = data.origin ? new URL(data.origin).hostname : undefined
-        // Origin domain must match domain in QR code
-        if (originDomain !== this.domain) {
-          logger.warn(
-            `[mobile] Origin does not match domain in QR code. Expected ${this.domain} but got ${originDomain}`,
-          )
-          return
-        }
-
-        if (data.method === "encryptedMessage") {
-          // Decode the payload from base64 to Uint8Array
-          const payload = new Uint8Array(
-            atob(data.params.payload)
-              .split("")
-              .map((c) => c.charCodeAt(0)),
-          )
-          try {
-            // Decrypt the payload using the shared secret
-            const decrypted = await decrypt(payload, this.topicToSharedSecret[topic], topic)
-            const decryptedJson: JsonRpcRequest = JSON.parse(decrypted)
-            await this.handleEncryptedMessage(topic, decryptedJson, data)
-          } catch (error) {
-            logger.error("[mobile] Error decrypting message:", error)
-          }
-        }
-      } catch (error) {
-        logger.error("[mobile] Error:", error)
-      }
-    })
-
-    wsClient.onerror = (error: Event) => {
-      logger.error("[mobile] WebSocket error:", error)
-    }
-
-    return {
-      domain: this.domain,
-      requestId: topic,
-      isBridgeConnected: () => this.topicToWebSocketClient[topic].readyState === WebSocket.OPEN,
-      isDomainVerified: () => this.topicToRemoteDomainVerified[topic] === true,
-      onDomainVerified: (callback: () => void) =>
-        this.onDomainVerifiedCallbacks[topic].push(callback),
-      onBridgeConnect: (callback: () => void) =>
-        this.onBridgeConnectCallbacks[topic].push(callback),
-      notifyReject: async () => {
-        await sendEncryptedJsonRpcRequest(
-          "reject",
-          null,
-          this.topicToSharedSecret[topic],
-          topic,
-          this.topicToWebSocketClient[topic],
-        )
-      },
-      notifyAccept: async () => {
-        await sendEncryptedJsonRpcRequest(
-          "accept",
-          null,
-          this.topicToSharedSecret[topic],
-          topic,
-          this.topicToWebSocketClient[topic],
-        )
-      },
-      notifyDone: async (proof: any) => {
-        await sendEncryptedJsonRpcRequest(
-          "done",
-          { proof },
-          this.topicToSharedSecret[topic],
-          topic,
-          this.topicToWebSocketClient[topic],
-        )
-      },
-      notifyError: async (error: string) => {
-        await sendEncryptedJsonRpcRequest(
-          "error",
-          { error },
-          this.topicToSharedSecret[topic],
-          topic,
-          this.topicToWebSocketClient[topic],
-        )
-      },
-    }
-  }
-}