@zkproofport-app/sdk 0.1.2-beta.1 → 0.1.3-beta.1

package/dist/ProofportSDK.d.ts

@@ -1,7 +1,7 @@
 /**
  * Proofport SDK - Main class
  */
-import type { ProofRequest, ProofResponse, CircuitType, CircuitInputs, ProofportConfig, QRCodeOptions, AuthCredentials, AuthToken, RelayProofRequest, RelayProofResult } from './types';
+import type { ProofRequest, ProofResponse, CircuitType, CircuitInputs, ProofportConfig, QRCodeOptions, ChallengeResponse, WalletSigner, RelayProofRequest, RelayProofResult } from './types';
 import type { SDKEnvironment } from './types';
 /**
  * Main SDK class for interacting with the ZKProofport mobile app.
@@ -12,12 +12,15 @@ import type { SDKEnvironment } from './types';
  * @example
  * ```typescript
  * import { ProofportSDK } from '@zkproofport-app/sdk';
+ * import { BrowserProvider } from 'ethers';
  *
  * // Initialize SDK (uses production relay by default)
  * const sdk = ProofportSDK.create();
  *
- * // Authenticate
- * await sdk.login({ clientId: 'your-id', apiKey: 'your-key' });
+ * // Set wallet signer for challenge-signature auth
+ * const provider = new BrowserProvider(window.ethereum);
+ * const signer = await provider.getSigner();
+ * sdk.setSigner(signer);
  *
  * // Create proof request via relay
  * const relay = await sdk.createRelayRequest('coinbase_attestation', {
@@ -37,7 +40,7 @@ import type { SDKEnvironment } from './types';
 export declare class ProofportSDK {
     private config;
     private pendingRequests;
-    private authToken;
+    private signer;
     private relayUrl;
     private nullifierRegistry?;
     private socket;
@@ -707,91 +710,48 @@ export declare class ProofportSDK {
      */
     static isMobile(): boolean;
     /**
-     * Authenticates with ZKProofport using client credentials via the relay server.
+     * Sets the wallet signer for challenge-signature authentication.
+     * The signer will be used to sign challenges from the relay server.
      *
-     * Exchanges a client_id and api_key pair for a short-lived JWT token
-     * that can be used to authenticate relay requests.
-     *
-     * @param credentials - Client ID and API key
-     * @param relayUrl - Relay server URL (e.g., 'https://relay.zkproofport.app')
-     * @returns Promise resolving to AuthToken with JWT token and metadata
-     * @throws Error if authentication fails
+     * @param signer - Wallet signer (ethers v6 Signer or compatible object with signMessage/getAddress)
      *
      * @example
      * ```typescript
-     * const auth = await ProofportSDK.authenticate(
-     *   { clientId: 'your-client-id', apiKey: 'your-api-key' },
-     *   'https://relay.zkproofport.app'
-     * );
-     * console.log('Token:', auth.token);
-     * console.log('Expires in:', auth.expiresIn, 'seconds');
-     * ```
-     */
-    static authenticate(credentials: AuthCredentials, relayUrl: string): Promise<AuthToken>;
-    /**
-     * Checks if an auth token is still valid (not expired).
-     *
-     * @param auth - AuthToken to check
-     * @returns True if the token has not expired
+     * import { BrowserProvider } from 'ethers';
      *
-     * @example
-     * ```typescript
-     * if (!ProofportSDK.isTokenValid(auth)) {
-     *   auth = await ProofportSDK.authenticate(credentials, relayUrl);
-     * }
+     * const provider = new BrowserProvider(window.ethereum);
+     * const signer = await provider.getSigner();
+     * sdk.setSigner(signer);
      * ```
      */
-    static isTokenValid(auth: AuthToken): boolean;
+    setSigner(signer: WalletSigner): void;
     /**
-     * Authenticates with ZKProofport and stores the token for relay requests.
-     *
-     * Instance method that authenticates via the relay server and stores
-     * the JWT token internally, so subsequent relay requests are automatically authenticated.
-     *
-     * @param credentials - Client ID and API key
-     * @returns Promise resolving to AuthToken
-     * @throws Error if authentication fails or relayUrl is not configured
+     * Fetches a random challenge from the relay server.
+     * The challenge must be signed and included in proof requests.
      *
-     * @example
-     * ```typescript
-     * const sdk = ProofportSDK.create('production');
-     *
-     * await sdk.login({ clientId: 'your-id', apiKey: 'your-key' });
-     * // SDK is now authenticated for relay requests
-     * ```
-     */
-    login(credentials: AuthCredentials): Promise<AuthToken>;
-    /**
-     * Logs out by clearing the stored authentication token.
-     */
-    logout(): void;
-    /**
-     * Returns whether the SDK instance is currently authenticated with a valid token.
-     */
-    isAuthenticated(): boolean;
-    /**
-     * Returns the current auth token, or null if not authenticated.
+     * @returns Promise resolving to ChallengeResponse with challenge hex and expiry
+     * @throws Error if relayUrl is not configured
      */
-    getAuthToken(): AuthToken | null;
+    getChallenge(): Promise<ChallengeResponse>;
     /**
      * Creates a proof request through the relay server.
      *
      * This is the recommended way to create proof requests. The relay server:
      * - Issues a server-side requestId (validated by the mobile app)
      * - Tracks request status in Redis
-     * - Handles credit deduction and tier enforcement
      * - Builds the deep link with relay callback URL
+     * - Stores inputs hash for deep link integrity verification
      *
      * @param circuit - Circuit type identifier
      * @param inputs - Circuit-specific inputs
      * @param options - Request options (message, dappName, dappIcon, nonce)
      * @returns Promise resolving to RelayProofRequest with requestId, deepLink, pollUrl
-     * @throws Error if not authenticated or relay request fails
+     * @throws Error if signer not set or relay request fails
      *
      * @example
      * ```typescript
      * const sdk = ProofportSDK.create();
-     * await sdk.login({ clientId: 'id', apiKey: 'key' });
+     * sdk.setSigner(signer);
      *
      * const relay = await sdk.createRelayRequest('coinbase_attestation', {
      *   scope: 'myapp.com'
@@ -857,7 +817,7 @@ export declare class ProofportSDK {
      * @param callbacks.onResult - Called when proof is completed or failed
      * @param callbacks.onError - Called on errors
      * @returns Unsubscribe function to clean up the connection
-     * @throws Error if not authenticated, relayUrl not set, or socket.io-client not installed
+     * @throws Error if relayUrl not set or socket.io-client not installed
      *
      * @example
      * ```typescript

package/dist/index.d.ts

@@ -10,8 +10,8 @@
  * // Initialize with environment preset
  * const sdk = ProofportSDK.create('production');
  *
- * // Authenticate
- * await sdk.login({ clientId: 'your-id', apiKey: 'your-key' });
+ * // Set wallet signer
+ * sdk.setSigner(signer);
  *
  * // Create proof request via relay
  * const relay = await sdk.createRelayRequest('coinbase_attestation', {
@@ -26,4 +26,4 @@
  * ```
  */
 export { ProofportSDK, default } from './ProofportSDK';
-export type { CircuitType, ProofRequestStatus, CoinbaseKycInputs, CoinbaseCountryInputs, CircuitInputs, ProofRequest, ProofResponse, QRCodeOptions, VerifierContract, ProofportConfig, AuthCredentials, AuthToken, RelayProofRequest, RelayProofResult, SDKEnvironment, } from './types';
+export type { CircuitType, ProofRequestStatus, CoinbaseKycInputs, CoinbaseCountryInputs, CircuitInputs, ProofRequest, ProofResponse, QRCodeOptions, VerifierContract, ProofportConfig, ChallengeResponse, WalletSigner, RelayProofRequest, RelayProofResult, SDKEnvironment, } from './types';

package/dist/index.esm.js

@@ -3909,12 +3909,15 @@ async function getNullifierInfo(nullifier, registryAddress, provider) {
  * @example
  * ```typescript
  * import { ProofportSDK } from '@zkproofport-app/sdk';
+ * import { BrowserProvider } from 'ethers';
  *
  * // Initialize SDK (uses production relay by default)
  * const sdk = ProofportSDK.create();
  *
- * // Authenticate
- * await sdk.login({ clientId: 'your-id', apiKey: 'your-key' });
+ * // Set wallet signer for challenge-signature auth
+ * const provider = new BrowserProvider(window.ethereum);
+ * const signer = await provider.getSigner();
+ * sdk.setSigner(signer);
  *
  * // Create proof request via relay
  * const relay = await sdk.createRelayRequest('coinbase_attestation', {
@@ -3960,7 +3963,7 @@ class ProofportSDK {
      */
     constructor(config = {}) {
         this.pendingRequests = new Map();
-        this.authToken = null;
+        this.signer = null;
         this.socket = null;
         this.config = {
             scheme: config.scheme || DEFAULT_SCHEME,
@@ -4728,115 +4731,42 @@ class ProofportSDK {
             return false;
         return /Android|iPhone|iPad|iPod|webOS|BlackBerry|IEMobile|Opera Mini/i.test(navigator.userAgent);
     }
+    // ============ Relay Integration ============
     /**
-     * Authenticates with ZKProofport using client credentials via the relay server.
-     *
-     * Exchanges a client_id and api_key pair for a short-lived JWT token
-     * that can be used to authenticate relay requests.
+     * Sets the wallet signer for challenge-signature authentication.
+     * The signer will be used to sign challenges from the relay server.
      *
-     * @param credentials - Client ID and API key
-     * @param relayUrl - Relay server URL (e.g., 'https://relay.zkproofport.app')
-     * @returns Promise resolving to AuthToken with JWT token and metadata
-     * @throws Error if authentication fails
+     * @param signer - Wallet signer (ethers v6 Signer or compatible object with signMessage/getAddress)
      *
      * @example
      * ```typescript
-     * const auth = await ProofportSDK.authenticate(
-     *   { clientId: 'your-client-id', apiKey: 'your-api-key' },
-     *   'https://relay.zkproofport.app'
-     * );
-     * console.log('Token:', auth.token);
-     * console.log('Expires in:', auth.expiresIn, 'seconds');
-     * ```
-     */
-    static async authenticate(credentials, relayUrl) {
-        if (!credentials.clientId || !credentials.apiKey) {
-            throw new Error('clientId and apiKey are required');
-        }
-        if (!relayUrl) {
-            throw new Error('relayUrl is required');
-        }
-        const response = await fetch(`${relayUrl}/api/v1/auth/token`, {
-            method: 'POST',
-            headers: { 'Content-Type': 'application/json' },
-            body: JSON.stringify({
-                client_id: credentials.clientId,
-                api_key: credentials.apiKey,
-            }),
-        });
-        if (!response.ok) {
-            const error = await response.json().catch(() => ({ error: `HTTP ${response.status}` }));
-            throw new Error(error.error || `Authentication failed: HTTP ${response.status}`);
-        }
-        const data = await response.json();
-        return {
-            token: data.token,
-            clientId: data.client_id,
-            dappId: data.dapp_id,
-            tier: data.tier,
-            expiresIn: data.expires_in,
-            expiresAt: Date.now() + (data.expires_in * 1000),
-        };
-    }
-    /**
-     * Checks if an auth token is still valid (not expired).
-     *
-     * @param auth - AuthToken to check
-     * @returns True if the token has not expired
+     * import { BrowserProvider } from 'ethers';
      *
-     * @example
-     * ```typescript
-     * if (!ProofportSDK.isTokenValid(auth)) {
-     *   auth = await ProofportSDK.authenticate(credentials, relayUrl);
-     * }
+     * const provider = new BrowserProvider(window.ethereum);
+     * const signer = await provider.getSigner();
+     * sdk.setSigner(signer);
      * ```
      */
-    static isTokenValid(auth) {
-        return Date.now() < auth.expiresAt - 30000; // 30s buffer
+    setSigner(signer) {
+        this.signer = signer;
     }
-    // ============ Relay Integration ============
     /**
-     * Authenticates with ZKProofport and stores the token for relay requests.
-     *
-     * Instance method that authenticates via the relay server and stores
-     * the JWT token internally, so subsequent relay requests are automatically authenticated.
+     * Fetches a random challenge from the relay server.
+     * The challenge must be signed and included in proof requests.
      *
-     * @param credentials - Client ID and API key
-     * @returns Promise resolving to AuthToken
-     * @throws Error if authentication fails or relayUrl is not configured
-     *
-     * @example
-     * ```typescript
-     * const sdk = ProofportSDK.create('production');
-     *
-     * await sdk.login({ clientId: 'your-id', apiKey: 'your-key' });
-     * // SDK is now authenticated for relay requests
-     * ```
+     * @returns Promise resolving to ChallengeResponse with challenge hex and expiry
+     * @throws Error if relayUrl is not configured
      */
-    async login(credentials) {
+    async getChallenge() {
         if (!this.relayUrl) {
-            throw new Error('relayUrl is required for authentication. Use ProofportSDK.create(\'production\') or set relayUrl in config.');
+            throw new Error('relayUrl is required. Set it in ProofportSDK config.');
         }
-        this.authToken = await ProofportSDK.authenticate(credentials, this.relayUrl);
-        return this.authToken;
-    }
-    /**
-     * Logs out by clearing the stored authentication token.
-     */
-    logout() {
-        this.authToken = null;
-    }
-    /**
-     * Returns whether the SDK instance is currently authenticated with a valid token.
-     */
-    isAuthenticated() {
-        return this.authToken !== null && ProofportSDK.isTokenValid(this.authToken);
-    }
-    /**
-     * Returns the current auth token, or null if not authenticated.
-     */
-    getAuthToken() {
-        return this.authToken;
+        const response = await fetch(`${this.relayUrl}/api/v1/challenge`);
+        if (!response.ok) {
+            const error = await response.json().catch(() => ({ error: `HTTP ${response.status}` }));
+            throw new Error(error.error || `Failed to get challenge: HTTP ${response.status}`);
+        }
+        return await response.json();
     }
     /**
      * Creates a proof request through the relay server.
@@ -4844,19 +4774,19 @@ class ProofportSDK {
      * This is the recommended way to create proof requests. The relay server:
      * - Issues a server-side requestId (validated by the mobile app)
      * - Tracks request status in Redis
-     * - Handles credit deduction and tier enforcement
      * - Builds the deep link with relay callback URL
+     * - Stores inputs hash for deep link integrity verification
      *
      * @param circuit - Circuit type identifier
      * @param inputs - Circuit-specific inputs
      * @param options - Request options (message, dappName, dappIcon, nonce)
      * @returns Promise resolving to RelayProofRequest with requestId, deepLink, pollUrl
-     * @throws Error if not authenticated or relay request fails
+     * @throws Error if signer not set or relay request fails
      *
      * @example
      * ```typescript
      * const sdk = ProofportSDK.create();
-     * await sdk.login({ clientId: 'id', apiKey: 'key' });
+     * sdk.setSigner(signer);
      *
      * const relay = await sdk.createRelayRequest('coinbase_attestation', {
      *   scope: 'myapp.com'
@@ -4870,15 +4800,20 @@ class ProofportSDK {
      * ```
      */
     async createRelayRequest(circuit, inputs, options = {}) {
-        if (!this.authToken || !ProofportSDK.isTokenValid(this.authToken)) {
-            throw new Error('Not authenticated. Call login() first.');
+        if (!this.signer) {
+            throw new Error('Signer not set. Call setSigner() first.');
         }
         if (!this.relayUrl) {
             throw new Error('relayUrl is required. Set it in ProofportSDK config.');
         }
+        // Get challenge from relay and sign it
+        const { challenge } = await this.getChallenge();
+        const signature = await this.signer.signMessage(challenge);
         const body = {
             circuitId: circuit,
             inputs,
+            challenge,
+            signature,
         };
         if (options.message)
             body.message = options.message;
@@ -4892,7 +4827,6 @@ class ProofportSDK {
             method: 'POST',
             headers: {
                 'Content-Type': 'application/json',
-                'Authorization': `Bearer ${this.authToken.token}`,
             },
             body: JSON.stringify(body),
         });
@@ -4975,7 +4909,7 @@ class ProofportSDK {
      * @param callbacks.onResult - Called when proof is completed or failed
      * @param callbacks.onError - Called on errors
      * @returns Unsubscribe function to clean up the connection
-     * @throws Error if not authenticated, relayUrl not set, or socket.io-client not installed
+     * @throws Error if relayUrl not set or socket.io-client not installed
      *
      * @example
      * ```typescript
@@ -4996,9 +4930,6 @@ class ProofportSDK {
      * ```
      */
     async subscribe(requestId, callbacks) {
-        if (!this.authToken || !ProofportSDK.isTokenValid(this.authToken)) {
-            throw new Error('Not authenticated. Call login() first.');
-        }
         if (!this.relayUrl) {
             throw new Error('relayUrl is required. Set it in ProofportSDK config.');
         }
@@ -5013,10 +4944,9 @@ class ProofportSDK {
         if (typeof ioConnect !== 'function') {
             throw new Error('Failed to load socket.io-client: io function not found');
         }
-        // Connect to relay /proof namespace
+        // Connect to relay /proof namespace (no JWT — open connections)
         const socket = ioConnect(`${this.relayUrl}/proof`, {
             path: '/socket.io',
-            auth: { token: this.authToken.token },
             transports: ['websocket', 'polling'],
         });
         this.socket = socket;
@@ -5065,7 +4995,7 @@ class ProofportSDK {
     async waitForProof(requestId, options = {}) {
         const timeout = options.timeoutMs || 300000;
         // Try Socket.IO first
-        if (this.authToken && ProofportSDK.isTokenValid(this.authToken) && this.relayUrl) {
+        if (this.relayUrl) {
             try {
                 return await new Promise((resolve, reject) => {
                     const timer = setTimeout(() => {