@zkproofport-app/sdk 0.2.3 → 0.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/README.md +31 -5
  2. package/dist/index.esm.js +3 -0
  3. package/dist/index.esm.js.map +1 -1
  4. package/dist/index.js +3 -0
  5. package/dist/index.js.map +1 -1
  6. package/dist/index.mjs +3 -0
  7. package/dist/index.mjs.map +1 -1
  8. package/dist/types.d.ts +5 -0
  9. package/package.json +1 -1
package/README.md CHANGED
@@ -130,15 +130,28 @@ Prove email domain affiliation via Google Sign-In. The mobile app handles authen
130
130
  |-------|------|----------|-------------|
131
131
  | `domain` | `string` | Yes | Target email domain to prove (e.g., `'google.com'`, `'company.com'`) |
132
132
  | `scope` | `string` | Yes | dApp scope identifier for proof uniqueness |
133
+ | `provider` | `string` | No | OIDC workspace provider for organization membership verification. Currently supported: `'google'`. |
134
+
135
+ **Email domain verification (default):**
136
+
137
+ ```typescript
138
+ const relay = await sdk.createRelayRequest('oidc_domain_attestation', {
139
+ domain: 'gmail.com',
140
+ scope: 'myapp.com',
141
+ });
142
+ ```
143
+
144
+ **Organization membership verification (Google Workspace):**
133
145
 
134
146
  ```typescript
135
147
  const relay = await sdk.createRelayRequest('oidc_domain_attestation', {
136
148
  domain: 'company.com',
137
149
  scope: 'myapp.com',
150
+ provider: 'google',
138
151
  });
139
152
  ```
140
153
 
141
- > The mobile app prompts Google Sign-In, generates the ZK proof locally, and returns the result via relay. The `domain` is a public input verifiers can confirm which domain was proven.
154
+ > When `provider` is set, the mobile app verifies the user's account is managed by the specified workspace provider (e.g., Google Workspace `hd` claim). Without `provider`, only the email domain is verified.
142
155
 
143
156
  ## Integration Guide
144
157
 
@@ -213,6 +226,7 @@ const relay = await sdk.createRelayRequest('coinbase_attestation', {
213
226
  **OIDC Domain Attestation:**
214
227
 
215
228
  ```typescript
229
+ // Email domain verification
216
230
  const relay = await sdk.createRelayRequest('oidc_domain_attestation', {
217
231
  domain: 'company.com',
218
232
  scope: 'myapp.com',
@@ -221,9 +235,20 @@ const relay = await sdk.createRelayRequest('oidc_domain_attestation', {
221
235
  dappIcon: 'https://myapp.com/icon.png',
222
236
  message: 'Verify your email domain',
223
237
  });
238
+
239
+ // Organization membership verification (Google Workspace)
240
+ const relay = await sdk.createRelayRequest('oidc_domain_attestation', {
241
+ domain: 'company.com',
242
+ scope: 'myapp.com',
243
+ provider: 'google',
244
+ }, {
245
+ dappName: 'My DApp',
246
+ dappIcon: 'https://myapp.com/icon.png',
247
+ message: 'Verify your organization membership',
248
+ });
224
249
  ```
225
250
 
226
- The mobile app will prompt the user to sign in with Google. The circuit proves the user's email ends with `@company.com` without revealing the full email address. The `domain` field is a **public input** verifiers can confirm which domain was proven.
251
+ The mobile app prompts Google Sign-In and generates the proof locally. When `provider` is set, the app additionally verifies organization membership (e.g., Google Workspace `hd` claim).
227
252
 
228
253
  ### Step 4: Display QR Code
229
254
 
@@ -456,7 +481,7 @@ import type {
456
481
  | `ProofRequestStatus` | `'pending' \| 'completed' \| 'error' \| 'cancelled'` |
457
482
  | `CoinbaseKycInputs` | Inputs for `coinbase_attestation` (`{ scope, userAddress?, rawTransaction? }`) |
458
483
  | `CoinbaseCountryInputs` | Inputs for `coinbase_country_attestation` (`{ scope, countryList, isIncluded, ... }`) |
459
- | `OidcDomainInputs` | Inputs for `oidc_domain_attestation` (`{ domain, scope }`) |
484
+ | `OidcDomainInputs` | Inputs for `oidc_domain_attestation` (`{ domain, scope, provider? }`) |
460
485
  | `CircuitInputs` | Union: `CoinbaseKycInputs \| CoinbaseCountryInputs \| OidcDomainInputs` |
461
486
  | `ProofRequest` | Proof request object with `requestId`, `circuit`, `inputs`, metadata, and expiry |
462
487
  | `ProofResponse` | Proof response with `status`, `proof`, `publicInputs`, `verifierAddress`, `chainId` |
@@ -472,8 +497,9 @@ The `OidcDomainInputs` interface:
472
497
 
473
498
  ```typescript
474
499
  interface OidcDomainInputs {
475
- domain: string; // Target email domain (e.g., 'google.com')
476
- scope: string; // dApp scope identifier
500
+ domain: string; // Target email domain (e.g., 'google.com')
501
+ scope: string; // dApp scope identifier
502
+ provider?: string; // Workspace provider for org membership (currently: 'google')
477
503
  }
478
504
  ```
479
505
 
package/dist/index.esm.js CHANGED
@@ -522,6 +522,9 @@ function validateProofRequest(request) {
522
522
  if (!inputs.scope || typeof inputs.scope !== 'string' || inputs.scope.trim() === '') {
523
523
  return { valid: false, error: 'scope is required and must be a non-empty string' };
524
524
  }
525
+ if (inputs.provider !== undefined && (typeof inputs.provider !== 'string' || inputs.provider.trim() === '')) {
526
+ return { valid: false, error: 'provider must be a non-empty string when specified' };
527
+ }
525
528
  }
526
529
  // Check expiry
527
530
  if (request.expiresAt && Date.now() > request.expiresAt) {