@zkproofport-app/sdk 0.2.4 → 0.2.6

package/README.md

@@ -124,13 +124,13 @@ const relay = await sdk.createRelayRequest('coinbase_country_attestation', {
 
 ### `oidc_domain_attestation`
 
-Prove email domain affiliation via Google Sign-In. The mobile app handles authentication and proof generation entirely on-device — the user's email is never revealed.
+Prove email domain affiliation via OIDC Sign-In. The mobile app handles authentication and proof generation entirely on-device — the user's email is never revealed.
 
 | Field | Type | Required | Description |
 |-------|------|----------|-------------|
 | `domain` | `string` | Yes | Target email domain to prove (e.g., `'google.com'`, `'company.com'`) |
 | `scope` | `string` | Yes | dApp scope identifier for proof uniqueness |
-| `provider` | `string` | No | OIDC workspace provider for organization membership verification. Currently supported: `'google'`. |
+| `provider` | `'google' \| 'microsoft'` | No | OIDC workspace provider for organization membership verification. Supported: `'google'` (Google Workspace), `'microsoft'` (Microsoft 365). |
 
 **Email domain verification (default):**
 
@@ -151,7 +151,17 @@ const relay = await sdk.createRelayRequest('oidc_domain_attestation', {
 });
 ```
 
-> When `provider` is set, the mobile app verifies the user's account is managed by the specified workspace provider (e.g., Google Workspace `hd` claim). Without `provider`, only the email domain is verified.
+**Organization membership verification (Microsoft 365):**
+
+```typescript
+const relay = await sdk.createRelayRequest('oidc_domain_attestation', {
+  domain: 'company.com',
+  scope: 'myapp.com',
+  provider: 'microsoft',
+});
+```
+
+> When `provider` is set, the mobile app verifies the user's account is managed by the specified workspace provider (e.g., Google Workspace `hd` claim, Microsoft 365 `tid` claim). Without `provider`, only the email domain is verified.
 
 ## Integration Guide
 
@@ -246,9 +256,20 @@ const relay = await sdk.createRelayRequest('oidc_domain_attestation', {
   dappIcon: 'https://myapp.com/icon.png',
   message: 'Verify your organization membership',
 });
+
+// Organization membership verification (Microsoft 365)
+const relay = await sdk.createRelayRequest('oidc_domain_attestation', {
+  domain: 'company.com',
+  scope: 'myapp.com',
+  provider: 'microsoft',
+}, {
+  dappName: 'My DApp',
+  dappIcon: 'https://myapp.com/icon.png',
+  message: 'Verify your organization membership',
+});
 ```
 
-The mobile app prompts Google Sign-In and generates the proof locally. When `provider` is set, the app additionally verifies organization membership (e.g., Google Workspace `hd` claim).
+The mobile app prompts OIDC Sign-In (Google or Microsoft) and generates the proof locally. When `provider` is set, the app additionally verifies organization membership (e.g., Google Workspace `hd` claim, Microsoft 365 `tid` claim).
 
 ### Step 4: Display QR Code
 
@@ -497,9 +518,9 @@ The `OidcDomainInputs` interface:
 
 ```typescript
 interface OidcDomainInputs {
-  domain: string;     // Target email domain (e.g., 'google.com')
-  scope: string;      // dApp scope identifier
-  provider?: string;  // Workspace provider for org membership (currently: 'google')
+  domain: string;                    // Target email domain (e.g., 'company.com')
+  scope: string;                     // dApp scope identifier
+  provider?: 'google' | 'microsoft'; // Workspace provider for org membership
 }
 ```
 

package/dist/constants.d.ts

@@ -184,14 +184,15 @@ export declare const COINBASE_COUNTRY_PUBLIC_INPUT_LAYOUT: {
     readonly NULLIFIER_END: 149;
 };
 /**
- * OIDC Domain Attestation circuit public input layout (byte offsets).
- * Defines the byte positions of each field in the flattened public inputs array.
+ * OIDC Domain Attestation circuit public input layout (field offsets).
+ * Defines the field positions in the flattened public inputs array (148 fields total).
  *
- * Public inputs are packed as individual field elements (one byte per element):
- * - pubkey_modulus_limbs: 18 x u128 = 18 x 16 bytes = 288 bytes → fields 0–287
- * - domain (BoundedVec<u8, 64>): 4-byte length (u32) + 64-byte storage = 68 fields → fields 288–355
- * - scope: 32 bytes → fields 356–387
- * - nullifier: 32 bytes → fields 388–419
+ * Circuit public inputs (from main.nr):
+ * - pubkey_modulus_limbs: pub [u128; 18] → 18 fields (0–17)
+ * - domain: pub BoundedVec<u8, 64> → 1 len + 64 storage = 65 fields (18–82)
+ * - scope: pub [u8; 32] → 32 fields (83–114)
+ * - nullifier: pub [u8; 32] → 32 fields (115–146)
+ * - provider: pub u8 → 1 field (147)
  *
  * @example
  * ```typescript
@@ -203,11 +204,13 @@ export declare const COINBASE_COUNTRY_PUBLIC_INPUT_LAYOUT: {
  */
 export declare const OIDC_DOMAIN_ATTESTATION_PUBLIC_INPUT_LAYOUT: {
     readonly PUBKEY_MODULUS_START: 0;
-    readonly PUBKEY_MODULUS_END: 287;
-    readonly DOMAIN_START: 288;
-    readonly DOMAIN_END: 355;
-    readonly SCOPE_START: 356;
-    readonly SCOPE_END: 387;
-    readonly NULLIFIER_START: 388;
-    readonly NULLIFIER_END: 419;
+    readonly PUBKEY_MODULUS_END: 17;
+    readonly DOMAIN_LEN: 18;
+    readonly DOMAIN_START: 19;
+    readonly DOMAIN_END: 82;
+    readonly SCOPE_START: 83;
+    readonly SCOPE_END: 114;
+    readonly NULLIFIER_START: 115;
+    readonly NULLIFIER_END: 146;
+    readonly PROVIDER: 147;
 };

package/dist/index.esm.js

@@ -70,8 +70,8 @@ const CIRCUIT_METADATA = {
     oidc_domain_attestation: {
         name: 'OIDC Domain',
         description: 'Prove email domain affiliation via OIDC JWT',
-        publicInputsCount: 420,
-        publicInputNames: ['pubkey_modulus_limbs', 'domain', 'scope', 'nullifier'],
+        publicInputsCount: 148,
+        publicInputNames: ['pubkey_modulus_limbs', 'domain', 'scope', 'nullifier', 'provider'],
     },
 };
 /**
@@ -205,14 +205,15 @@ const COINBASE_COUNTRY_PUBLIC_INPUT_LAYOUT = {
     NULLIFIER_END: 149,
 };
 /**
- * OIDC Domain Attestation circuit public input layout (byte offsets).
- * Defines the byte positions of each field in the flattened public inputs array.
+ * OIDC Domain Attestation circuit public input layout (field offsets).
+ * Defines the field positions in the flattened public inputs array (148 fields total).
  *
- * Public inputs are packed as individual field elements (one byte per element):
- * - pubkey_modulus_limbs: 18 x u128 = 18 x 16 bytes = 288 bytes → fields 0–287
- * - domain (BoundedVec<u8, 64>): 4-byte length (u32) + 64-byte storage = 68 fields → fields 288–355
- * - scope: 32 bytes → fields 356–387
- * - nullifier: 32 bytes → fields 388–419
+ * Circuit public inputs (from main.nr):
+ * - pubkey_modulus_limbs: pub [u128; 18] → 18 fields (0–17)
+ * - domain: pub BoundedVec<u8, 64> → 1 len + 64 storage = 65 fields (18–82)
+ * - scope: pub [u8; 32] → 32 fields (83–114)
+ * - nullifier: pub [u8; 32] → 32 fields (115–146)
+ * - provider: pub u8 → 1 field (147)
  *
  * @example
  * ```typescript
@@ -224,13 +225,15 @@ const COINBASE_COUNTRY_PUBLIC_INPUT_LAYOUT = {
  */
 const OIDC_DOMAIN_ATTESTATION_PUBLIC_INPUT_LAYOUT = {
     PUBKEY_MODULUS_START: 0,
-    PUBKEY_MODULUS_END: 287,
-    DOMAIN_START: 288,
-    DOMAIN_END: 355,
-    SCOPE_START: 356,
-    SCOPE_END: 387,
-    NULLIFIER_START: 388,
-    NULLIFIER_END: 419,
+    PUBKEY_MODULUS_END: 17,
+    DOMAIN_LEN: 18,
+    DOMAIN_START: 19,
+    DOMAIN_END: 82,
+    SCOPE_START: 83,
+    SCOPE_END: 114,
+    NULLIFIER_START: 115,
+    NULLIFIER_END: 146,
+    PROVIDER: 147,
 };
 
 /**
@@ -3828,8 +3831,8 @@ function extractScopeFromPublicInputs(publicInputsHex, circuit) {
         end = 117;
     }
     else if (circuit === 'oidc_domain_attestation') {
-        start = 356;
-        end = 387;
+        start = 83;
+        end = 114;
     }
     else {
         start = 64;
@@ -3865,8 +3868,8 @@ function extractNullifierFromPublicInputs(publicInputsHex, circuit) {
         end = 149;
     }
     else if (circuit === 'oidc_domain_attestation') {
-        start = 388;
-        end = 419;
+        start = 115;
+        end = 146;
     }
     else {
         start = 96;