npm - @zkproofport-app/sdk - Versions diffs - 0.2.3 → 0.2.5 - Mend

@zkproofport-app/sdk 0.2.3 → 0.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/README.md CHANGED Viewed

@@ -124,21 +124,44 @@ const relay = await sdk.createRelayRequest('coinbase_country_attestation', {
 ### `oidc_domain_attestation`
-Prove email domain affiliation via Google Sign-In. The mobile app handles authentication and proof generation entirely on-device — the user's email is never revealed.
+Prove email domain affiliation via OIDC Sign-In. The mobile app handles authentication and proof generation entirely on-device — the user's email is never revealed.
 | Field | Type | Required | Description |
 |-------|------|----------|-------------|
 | `domain` | `string` | Yes | Target email domain to prove (e.g., `'google.com'`, `'company.com'`) |
 | `scope` | `string` | Yes | dApp scope identifier for proof uniqueness |
+| `provider` | `'google' \| 'microsoft'` | No | OIDC workspace provider for organization membership verification. Supported: `'google'` (Google Workspace), `'microsoft'` (Microsoft 365). |
+**Email domain verification (default):**
+```typescript
+const relay = await sdk.createRelayRequest('oidc_domain_attestation', {
+  domain: 'gmail.com',
+  scope: 'myapp.com',
+});
+```
+**Organization membership verification (Google Workspace):**
+```typescript
+const relay = await sdk.createRelayRequest('oidc_domain_attestation', {
+  domain: 'company.com',
+  scope: 'myapp.com',
+  provider: 'google',
+});
+```
+**Organization membership verification (Microsoft 365):**
 ```typescript
 const relay = await sdk.createRelayRequest('oidc_domain_attestation', {
   domain: 'company.com',
   scope: 'myapp.com',
+  provider: 'microsoft',
 });
 ```
-> The mobile app prompts Google Sign-In, generates the ZK proof locally, and returns the result via relay. The `domain` is a public input — verifiers can confirm which domain was proven.
+> When `provider` is set, the mobile app verifies the user's account is managed by the specified workspace provider (e.g., Google Workspace `hd` claim, Microsoft 365 `tid` claim). Without `provider`, only the email domain is verified.
 ## Integration Guide
@@ -213,6 +236,7 @@ const relay = await sdk.createRelayRequest('coinbase_attestation', {
 **OIDC Domain Attestation:**
 ```typescript
+// Email domain verification
 const relay = await sdk.createRelayRequest('oidc_domain_attestation', {
   domain: 'company.com',
   scope: 'myapp.com',
@@ -221,9 +245,31 @@ const relay = await sdk.createRelayRequest('oidc_domain_attestation', {
   dappIcon: 'https://myapp.com/icon.png',
   message: 'Verify your email domain',
 });
+// Organization membership verification (Google Workspace)
+const relay = await sdk.createRelayRequest('oidc_domain_attestation', {
+  domain: 'company.com',
+  scope: 'myapp.com',
+  provider: 'google',
+}, {
+  dappName: 'My DApp',
+  dappIcon: 'https://myapp.com/icon.png',
+  message: 'Verify your organization membership',
+});
+// Organization membership verification (Microsoft 365)
+const relay = await sdk.createRelayRequest('oidc_domain_attestation', {
+  domain: 'company.com',
+  scope: 'myapp.com',
+  provider: 'microsoft',
+}, {
+  dappName: 'My DApp',
+  dappIcon: 'https://myapp.com/icon.png',
+  message: 'Verify your organization membership',
+});
 ```
-The mobile app will prompt the user to sign in with Google. The circuit proves the user's email ends with `@company.com` without revealing the full email address. The `domain` field is a **public input** — verifiers can confirm which domain was proven.
+The mobile app prompts OIDC Sign-In (Google or Microsoft) and generates the proof locally. When `provider` is set, the app additionally verifies organization membership (e.g., Google Workspace `hd` claim, Microsoft 365 `tid` claim).
 ### Step 4: Display QR Code
@@ -456,7 +502,7 @@ import type {
 | `ProofRequestStatus` | `'pending' \| 'completed' \| 'error' \| 'cancelled'` |
 | `CoinbaseKycInputs` | Inputs for `coinbase_attestation` (`{ scope, userAddress?, rawTransaction? }`) |
 | `CoinbaseCountryInputs` | Inputs for `coinbase_country_attestation` (`{ scope, countryList, isIncluded, ... }`) |
-| `OidcDomainInputs` | Inputs for `oidc_domain_attestation` (`{ domain, scope }`) |
+| `OidcDomainInputs` | Inputs for `oidc_domain_attestation` (`{ domain, scope, provider? }`) |
 | `CircuitInputs` | Union: `CoinbaseKycInputs \| CoinbaseCountryInputs \| OidcDomainInputs` |
 | `ProofRequest` | Proof request object with `requestId`, `circuit`, `inputs`, metadata, and expiry |
 | `ProofResponse` | Proof response with `status`, `proof`, `publicInputs`, `verifierAddress`, `chainId` |
@@ -472,8 +518,9 @@ The `OidcDomainInputs` interface:
 ```typescript
 interface OidcDomainInputs {
-  domain: string;    // Target email domain (e.g., 'google.com')
-  scope: string;     // dApp scope identifier
+  domain: string;                    // Target email domain (e.g., 'company.com')
+  scope: string;                     // dApp scope identifier
+  provider?: 'google' | 'microsoft'; // Workspace provider for org membership
 }
 ```

package/dist/index.esm.js CHANGED Viewed

@@ -522,6 +522,9 @@ function validateProofRequest(request) {
         if (!inputs.scope || typeof inputs.scope !== 'string' || inputs.scope.trim() === '') {
             return { valid: false, error: 'scope is required and must be a non-empty string' };
         }
+        if (inputs.provider !== undefined && (typeof inputs.provider !== 'string' || inputs.provider.trim() === '')) {
+            return { valid: false, error: 'provider must be a non-empty string when specified' };
+        }
     }
     // Check expiry
     if (request.expiresAt && Date.now() > request.expiresAt) {