accounts 0.6.1 → 0.6.2

package/dist/server/internal/handlers/utils.js

@@ -0,0 +1,80 @@
+import { Hex, RpcRequest, RpcResponse } from 'ox';
+import { Transaction as core_Transaction } from 'ox/tempo';
+import * as z from 'zod/mini';
+export function resolveChainId(value) {
+    if (typeof value === 'number')
+        return value;
+    if (typeof value === 'bigint')
+        return Number(value);
+    if (typeof value === 'string' && Hex.validate(value))
+        return Hex.toNumber(value);
+    return undefined;
+}
+export function formatFillTransactionRequest(client, value) {
+    const format = client.chain?.formatters?.transactionRequest?.format;
+    if (!format)
+        return value;
+    return format({ ...value }, 'fillTransaction');
+}
+export function normalizeFillTransactionRequest(value) {
+    if (typeof value.to !== 'undefined' || typeof value.data !== 'undefined')
+        return value;
+    if (!Array.isArray(value.calls) || value.calls.length !== 1)
+        return value;
+    const [call] = value.calls;
+    const { calls: _, ...rest } = value;
+    return {
+        ...rest,
+        ...(typeof call?.data !== 'undefined' ? { data: call.data } : {}),
+        ...(typeof call?.to !== 'undefined' ? { to: call.to } : {}),
+        ...(typeof call?.value !== 'undefined' ? { value: normalizeFillValue(call.value) } : {}),
+    };
+}
+function normalizeFillValue(value) {
+    if (typeof value !== 'string' || !value.startsWith('0x'))
+        return value;
+    return BigInt(value === '0x' ? '0x0' : value);
+}
+export function normalizeTempoTransaction(value) {
+    if (!value)
+        throw new Error('Expected `tx` in eth_fillTransaction response.');
+    return core_Transaction.fromRpc({ type: '0x76', ...value });
+}
+export function rpcError(request, error) {
+    if (error instanceof RpcResponse.InvalidParamsError)
+        return Response.json(RpcResponse.from({ error }, { request }));
+    if (error instanceof RpcResponse.MethodNotSupportedError)
+        return Response.json(RpcResponse.from({ error }, { request }));
+    if (error.name === 'ZodError')
+        return Response.json(RpcResponse.from({
+            error: new RpcResponse.InvalidParamsError({
+                message: error.message,
+            }),
+        }, { request }));
+    const inner = resolveError(error);
+    const message = inner.message ?? error.message;
+    const code = inner.code ?? -32603;
+    const data = inner.data;
+    return Response.json(RpcResponse.from({
+        error: { code, message, ...(data ? { data } : {}) },
+    }, { request }));
+}
+export function rpcResult(request, result) {
+    return Response.json(RpcResponse.from({ result }, { request }));
+}
+export const parseParams = z.readonly(z.tuple([z.record(z.string(), z.unknown())]));
+function resolveError(error) {
+    if (!error || typeof error !== 'object')
+        return {};
+    const e = error;
+    // Walk to the innermost cause with a numeric code (raw RPC error).
+    if (e.cause && typeof e.cause === 'object') {
+        const inner = resolveError(e.cause);
+        if (inner.message)
+            return inner;
+    }
+    if (typeof e.code === 'number' && typeof e.message === 'string')
+        return { message: e.message, code: e.code, data: e.data };
+    return {};
+}
+//# sourceMappingURL=utils.js.map

package/dist/server/internal/handlers/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../../src/server/internal/handlers/utils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,IAAI,CAAA;AACjD,OAAO,EAAE,WAAW,IAAI,gBAAgB,EAAE,MAAM,UAAU,CAAA;AAE1D,OAAO,KAAK,CAAC,MAAM,UAAU,CAAA;AAE7B,MAAM,UAAU,cAAc,CAAC,KAAc;IAC3C,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAA;IAC3C,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,MAAM,CAAC,KAAK,CAAC,CAAA;IACnD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;IAChF,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,MAAM,UAAU,4BAA4B,CAAC,MAAc,EAAE,KAA8B;IACzF,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,CAAA;IACnE,IAAI,CAAC,MAAM;QAAE,OAAO,KAAK,CAAA;IACzB,OAAO,MAAM,CAAC,EAAE,GAAG,KAAK,EAAW,EAAE,iBAAiB,CAA4B,CAAA;AACpF,CAAC;AAED,MAAM,UAAU,+BAA+B,CAAC,KAA8B;IAC5E,IAAI,OAAO,KAAK,CAAC,EAAE,KAAK,WAAW,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,WAAW;QAAE,OAAO,KAAK,CAAA;IACtF,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAA;IACzE,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,KAAuC,CAAA;IAC5D,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,GAAG,IAAI,EAAE,GAAG,KAAK,CAAA;IACnC,OAAO;QACL,GAAG,IAAI;QACP,GAAG,CAAC,OAAO,IAAI,EAAE,IAAI,KAAK,WAAW,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACjE,GAAG,CAAC,OAAO,IAAI,EAAE,EAAE,KAAK,WAAW,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3D,GAAG,CAAC,OAAO,IAAI,EAAE,KAAK,KAAK,WAAW,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACzF,CAAA;AACH,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAc;IACxC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAA;IACtE,OAAO,MAAM,CAAC,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAA;AAC/C,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,KAA0C;IAClF,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAA;IAC7E,OAAO,gBAAgB,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,KAAK,EAA0B,CAAE,CAAA;AACtF,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,OAA8B,EAAE,KAAc;IACrE,IAAI,KAAK,YAAY,WAAW,CAAC,kBAAkB;QACjD,OAAO,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,CAAA;IAEhE,IAAI,KAAK,YAAY,WAAW,CAAC,uBAAuB;QACtD,OAAO,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,CAAA;IAEhE,IAAK,KAAuC,CAAC,IAAI,KAAK,UAAU;QAC9D,OAAO,QAAQ,CAAC,IAAI,CAClB,WAAW,CAAC,IAAI,CACd;YACE,KAAK,EAAE,IAAI,WAAW,CAAC,kBAAkB,CAAC;gBACxC,OAAO,EAAG,KAAe,CAAC,OAAO;aAClC,CAAC;SACH,EACD,EAAE,OAAO,EAAE,CACZ,CACF,CAAA;IAEH,MAAM,KAAK,GAAG,YAAY,CAAC,KAAK,CAAC,CAAA;IACjC,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,IAAK,KAAe,CAAC,OAAO,CAAA;IACzD,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,CAAA;IACjC,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAA;IACvB,OAAO,QAAQ,CAAC,IAAI,CAClB,WAAW,CAAC,IAAI,CACd;QACE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE;KACpD,EACD,EAAE,OAAO,EAAE,CACZ,CACF,CAAA;AACH,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,OAA8B,EAAE,MAAe;IACvE,OAAO,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,CAAA;AACjE,CAAC;AAED,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;AAEnF,SAAS,YAAY,CAAC,KAAc;IAKlC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAA;IAClD,MAAM,CAAC,GAAG,KAAgC,CAAA;IAC1C,mEAAmE;IACnE,IAAI,CAAC,CAAC,KAAK,IAAI,OAAO,CAAC,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC3C,MAAM,KAAK,GAAG,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,CAAA;QACnC,IAAI,KAAK,CAAC,OAAO;YAAE,OAAO,KAAK,CAAA;IACjC,CAAC;IACD,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ;QAC7D,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAA;IAC3D,OAAO,EAAE,CAAA;AACX,CAAC"}

package/dist/server/internal/handlers/webAuthn.d.ts

@@ -0,0 +1,57 @@
+import { type Handler, from } from '../../Handler.js';
+import * as Kv from '../../Kv.js';
+/**
+ * Instantiates a WebAuthn ceremony handler that manages registration and
+ * authentication flows server-side.
+ *
+ * Exposes 4 POST endpoints following the webauthx convention:
+ * - `POST /register/options` — generate credential creation options
+ * - `POST /register` — verify registration and store credential
+ * - `POST /login/options` — generate credential request options
+ * - `POST /login` — verify authentication
+ *
+ * @example
+ * ```ts
+ * import { Handler, Kv } from 'accounts/server'
+ *
+ * const handler = Handler.webAuthn({
+ *   kv: Kv.memory(),
+ *   origin: 'https://example.com',
+ *   rpId: 'example.com',
+ * })
+ *
+ * export default handler
+ * ```
+ *
+ * @param options - Options.
+ * @returns Request handler.
+ */
+export declare function webAuthn(options: webAuthn.Options): Handler;
+export declare namespace webAuthn {
+    type Options = from.Options & {
+        /** Maximum age of a challenge in seconds before it expires. @default 300 */
+        challengeTtl?: number | undefined;
+        /** Key-value store for challenges and credentials. */
+        kv: Kv.Kv;
+        /** Called after a successful registration. The returned response is merged onto the default JSON response. */
+        onRegister?: (parameters: {
+            credentialId: string;
+            publicKey: string;
+            request: Request;
+        }) => Response | Promise<Response> | void | Promise<void>;
+        /** Called after a successful authentication. The returned response is merged onto the default JSON response. */
+        onAuthenticate?: (parameters: {
+            credentialId: string;
+            publicKey: string;
+            userId?: string | undefined;
+            request: Request;
+        }) => Response | Promise<Response> | void | Promise<void>;
+        /** Expected origin(s) (e.g. `"https://example.com"` or `["https://a.com", "https://b.com"]`). */
+        origin: string | readonly string[];
+        /** Path prefix for the WebAuthn endpoints (e.g. `"/webauthn"`). @default "" */
+        path?: string | undefined;
+        /** Relying Party ID (e.g. `"example.com"`). */
+        rpId: string;
+    };
+}
+//# sourceMappingURL=webAuthn.d.ts.map

package/dist/server/internal/handlers/webAuthn.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"webAuthn.d.ts","sourceRoot":"","sources":["../../../../src/server/internal/handlers/webAuthn.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,KAAK,OAAO,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAA;AACrD,OAAO,KAAK,EAAE,MAAM,aAAa,CAAA;AAEjC;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,wBAAgB,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,OAAO,GAAG,OAAO,CAqI3D;AAED,MAAM,CAAC,OAAO,WAAW,QAAQ,CAAC;IAChC,KAAK,OAAO,GAAG,IAAI,CAAC,OAAO,GAAG;QAC5B,4EAA4E;QAC5E,YAAY,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;QACjC,sDAAsD;QACtD,EAAE,EAAE,EAAE,CAAC,EAAE,CAAA;QACT,8GAA8G;QAC9G,UAAU,CAAC,EAAE,CAAC,UAAU,EAAE;YACxB,YAAY,EAAE,MAAM,CAAA;YACpB,SAAS,EAAE,MAAM,CAAA;YACjB,OAAO,EAAE,OAAO,CAAA;SACjB,KAAK,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;QACzD,gHAAgH;QAChH,cAAc,CAAC,EAAE,CAAC,UAAU,EAAE;YAC5B,YAAY,EAAE,MAAM,CAAA;YACpB,SAAS,EAAE,MAAM,CAAA;YACjB,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;YAC3B,OAAO,EAAE,OAAO,CAAA;SACjB,KAAK,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;QACzD,iGAAiG;QACjG,MAAM,EAAE,MAAM,GAAG,SAAS,MAAM,EAAE,CAAA;QAClC,+EAA+E;QAC/E,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;QACzB,+CAA+C;QAC/C,IAAI,EAAE,MAAM,CAAA;KACb,CAAA;CACF"}

package/dist/server/internal/handlers/webAuthn.js

@@ -0,0 +1,143 @@
+import { Base64, Bytes, Hex } from 'ox';
+import { Credential } from 'ox/webauthn';
+import { Authentication, Registration, } from 'webauthx/server';
+import { from } from '../../Handler.js';
+import * as Kv from '../../Kv.js';
+/**
+ * Instantiates a WebAuthn ceremony handler that manages registration and
+ * authentication flows server-side.
+ *
+ * Exposes 4 POST endpoints following the webauthx convention:
+ * - `POST /register/options` — generate credential creation options
+ * - `POST /register` — verify registration and store credential
+ * - `POST /login/options` — generate credential request options
+ * - `POST /login` — verify authentication
+ *
+ * @example
+ * ```ts
+ * import { Handler, Kv } from 'accounts/server'
+ *
+ * const handler = Handler.webAuthn({
+ *   kv: Kv.memory(),
+ *   origin: 'https://example.com',
+ *   rpId: 'example.com',
+ * })
+ *
+ * export default handler
+ * ```
+ *
+ * @param options - Options.
+ * @returns Request handler.
+ */
+export function webAuthn(options) {
+    const { challengeTtl = 300, kv, onAuthenticate, onRegister, path = '', rpId, ...rest } = options;
+    const origin = options.origin;
+    const router = from(rest);
+    router.post(`${path}/register/options`, async (c) => {
+        try {
+            const body = await c.req.raw.json();
+            const { excludeCredentialIds, name, userId } = body;
+            const { challenge, options } = Registration.getOptions({
+                excludeCredentialIds,
+                name,
+                rp: { id: rpId, name: rpId },
+                ...(userId ? { user: { id: new TextEncoder().encode(userId), name } } : undefined),
+            });
+            await kv.set(`challenge:${challenge}`, Date.now());
+            return Response.json({ options });
+        }
+        catch (error) {
+            return Response.json({ error: error.message }, { status: 400 });
+        }
+    });
+    router.post(`${path}/register`, async (c) => {
+        try {
+            const credential = (await c.req.raw.json());
+            const deserialized = Credential.deserialize(credential);
+            const clientData = JSON.parse(Bytes.toString(new Uint8Array(deserialized.clientDataJSON)));
+            const challenge = Hex.fromBytes(Base64.toBytes(clientData.challenge));
+            const stored = await kv.get(`challenge:${challenge}`);
+            if (!stored || Date.now() - stored > challengeTtl * 1_000)
+                throw new Error('Missing or expired challenge');
+            await kv.delete(`challenge:${challenge}`);
+            const result = Registration.verify(credential, {
+                challenge,
+                origin,
+                rpId,
+            });
+            const { publicKey } = result.credential;
+            const credentialId = credential.id;
+            await kv.set(`credential:${credentialId}`, { publicKey });
+            const json = { credentialId, publicKey };
+            const hook = await onRegister?.({ credentialId, publicKey, request: c.req.raw });
+            return mergeResponse(json, hook);
+        }
+        catch (error) {
+            return Response.json({ error: error.message }, { status: 400 });
+        }
+    });
+    router.post(`${path}/login/options`, async (c) => {
+        try {
+            const body = await c.req.raw.json();
+            const { allowCredentialIds, challenge: requestChallenge, credentialId, mediation, } = body;
+            const { challenge, options: authOptions } = Authentication.getOptions({
+                challenge: requestChallenge,
+                credentialId: allowCredentialIds ?? credentialId,
+                rpId,
+            });
+            const options = mediation ? { ...authOptions, mediation } : authOptions;
+            await kv.set(`challenge:${challenge}`, Date.now());
+            return Response.json({ options });
+        }
+        catch (error) {
+            return Response.json({ error: error.message }, { status: 400 });
+        }
+    });
+    router.post(`${path}/login`, async (c) => {
+        try {
+            const response = (await c.req.raw.json());
+            const clientData = JSON.parse(response.metadata.clientDataJSON);
+            const challenge = Hex.fromBytes(Base64.toBytes(clientData.challenge));
+            const stored = await kv.get(`challenge:${challenge}`);
+            if (!stored || Date.now() - stored > challengeTtl * 1_000)
+                throw new Error('Missing or expired challenge');
+            await kv.delete(`challenge:${challenge}`);
+            const credentialData = await kv.get(`credential:${response.id}`);
+            if (!credentialData)
+                throw new Error('Unknown credential');
+            const valid = Authentication.verify(response, {
+                challenge,
+                origin,
+                publicKey: credentialData.publicKey,
+                rpId,
+            });
+            if (!valid)
+                throw new Error('Authentication failed');
+            const rawResponse = response.raw?.response;
+            const userHandle = rawResponse?.userHandle;
+            const json = {
+                credentialId: response.id,
+                publicKey: credentialData.publicKey,
+                ...(userHandle && userHandle.length > 0 ? { userId: userHandle } : undefined),
+            };
+            const hook = await onAuthenticate?.({ ...json, request: c.req.raw });
+            return mergeResponse(json, hook);
+        }
+        catch (error) {
+            return Response.json({ error: error.message }, { status: 400 });
+        }
+    });
+    return router;
+}
+async function mergeResponse(json, hook) {
+    if (!hook)
+        return Response.json(json);
+    const extra = (await hook.json().catch(() => ({})));
+    const headers = new Headers(hook.headers);
+    headers.set('content-type', 'application/json');
+    return new Response(JSON.stringify({ ...json, ...extra }), {
+        headers,
+        status: hook.status,
+    });
+}
+//# sourceMappingURL=webAuthn.js.map

package/dist/server/internal/handlers/webAuthn.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"webAuthn.js","sourceRoot":"","sources":["../../../../src/server/internal/handlers/webAuthn.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,IAAI,CAAA;AACvC,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,OAAO,EACL,cAAc,EACd,YAAY,GAEb,MAAM,iBAAiB,CAAA;AAExB,OAAO,EAAgB,IAAI,EAAE,MAAM,kBAAkB,CAAA;AACrD,OAAO,KAAK,EAAE,MAAM,aAAa,CAAA;AAEjC;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,MAAM,UAAU,QAAQ,CAAC,OAAyB;IAChD,MAAM,EAAE,YAAY,GAAG,GAAG,EAAE,EAAE,EAAE,cAAc,EAAE,UAAU,EAAE,IAAI,GAAG,EAAE,EAAE,IAAI,EAAE,GAAG,IAAI,EAAE,GAAG,OAAO,CAAA;IAChG,MAAM,MAAM,GAAG,OAAO,CAAC,MAA2B,CAAA;IAElD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAA;IAEzB,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,mBAAmB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAClD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAA;YACnC,MAAM,EAAE,oBAAoB,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,IAI9C,CAAA;YAED,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,YAAY,CAAC,UAAU,CAAC;gBACrD,oBAAoB;gBACpB,IAAI;gBACJ,EAAE,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE;gBAC5B,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;aACnF,CAAC,CAAA;YAEF,MAAM,EAAE,CAAC,GAAG,CAAC,aAAa,SAAS,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,CAAA;YAElD,OAAO,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,CAAC,CAAA;QACnC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,QAAQ,CAAC,IAAI,CAAC,EAAE,KAAK,EAAG,KAAe,CAAC,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;QAC5E,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,WAAW,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC1C,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAkC,CAAA;YAC5E,MAAM,YAAY,GAAG,UAAU,CAAC,WAAW,CAAC,UAAU,CAAC,CAAA;YAEvD,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAC3B,KAAK,CAAC,QAAQ,CAAC,IAAI,UAAU,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC,CACnC,CAAA;YAC1B,MAAM,SAAS,GAAG,GAAG,CAAC,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAA;YACrE,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,GAAG,CAAS,aAAa,SAAS,EAAE,CAAC,CAAA;YAC7D,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,GAAG,YAAY,GAAG,KAAK;gBACvD,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAA;YACjD,MAAM,EAAE,CAAC,MAAM,CAAC,aAAa,SAAS,EAAE,CAAC,CAAA;YAEzC,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,UAAU,EAAE;gBAC7C,SAAS;gBACT,MAAM;gBACN,IAAI;aACL,CAAC,CAAA;YAEF,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC,UAAU,CAAA;YACvC,MAAM,YAAY,GAAG,UAAU,CAAC,EAAE,CAAA;YAElC,MAAM,EAAE,CAAC,GAAG,CAAC,cAAc,YAAY,EAAE,EAAE,EAAE,SAAS,EAAE,CAAC,CAAA;YAEzD,MAAM,IAAI,GAAG,EAAE,YAAY,EAAE,SAAS,EAAE,CAAA;YACxC,MAAM,IAAI,GAAG,MAAM,UAAU,EAAE,CAAC,EAAE,YAAY,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAA;YAChF,OAAO,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;QAClC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,QAAQ,CAAC,IAAI,CAAC,EAAE,KAAK,EAAG,KAAe,CAAC,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;QAC5E,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,gBAAgB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC/C,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAA;YACnC,MAAM,EACJ,kBAAkB,EAClB,SAAS,EAAE,gBAAgB,EAC3B,YAAY,EACZ,SAAS,GACV,GAAG,IAKH,CAAA;YAED,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,WAAW,EAAE,GAAG,cAAc,CAAC,UAAU,CAAC;gBACpE,SAAS,EAAE,gBAAgB;gBAC3B,YAAY,EAAE,kBAAkB,IAAI,YAAY;gBAChD,IAAI;aACL,CAAC,CAAA;YACF,MAAM,OAAO,GAAG,SAAS,CAAC,CAAC,CAAC,EAAE,GAAG,WAAW,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,WAAW,CAAA;YAEvE,MAAM,EAAE,CAAC,GAAG,CAAC,aAAa,SAAS,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,CAAA;YAElD,OAAO,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,CAAC,CAAA;QACnC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,QAAQ,CAAC,IAAI,CAAC,EAAE,KAAK,EAAG,KAAe,CAAC,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;QAC5E,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,QAAQ,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACvC,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAA4B,CAAA;YAEpE,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAE7D,CAAA;YACD,MAAM,SAAS,GAAG,GAAG,CAAC,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAA;YACrE,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,GAAG,CAAS,aAAa,SAAS,EAAE,CAAC,CAAA;YAC7D,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,GAAG,YAAY,GAAG,KAAK;gBACvD,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAA;YACjD,MAAM,EAAE,CAAC,MAAM,CAAC,aAAa,SAAS,EAAE,CAAC,CAAA;YAEzC,MAAM,cAAc,GAAG,MAAM,EAAE,CAAC,GAAG,CAAwB,cAAc,QAAQ,CAAC,EAAE,EAAE,CAAC,CAAA;YACvF,IAAI,CAAC,cAAc;gBAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAA;YAE1D,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,CAAC,QAAQ,EAAE;gBAC5C,SAAS;gBACT,MAAM;gBACN,SAAS,EAAE,cAAc,CAAC,SAA0B;gBACpD,IAAI;aACL,CAAC,CAAA;YACF,IAAI,CAAC,KAAK;gBAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAA;YAEpD,MAAM,WAAW,GAAG,QAAQ,CAAC,GAAG,EAAE,QAAyD,CAAA;YAC3F,MAAM,UAAU,GAAG,WAAW,EAAE,UAAU,CAAA;YAE1C,MAAM,IAAI,GAAG;gBACX,YAAY,EAAE,QAAQ,CAAC,EAAE;gBACzB,SAAS,EAAE,cAAc,CAAC,SAAS;gBACnC,GAAG,CAAC,UAAU,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;aAC9E,CAAA;YACD,MAAM,IAAI,GAAG,MAAM,cAAc,EAAE,CAAC,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAA;YACpE,OAAO,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;QAClC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,QAAQ,CAAC,IAAI,CAAC,EAAE,KAAK,EAAG,KAAe,CAAC,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;QAC5E,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,OAAO,MAAM,CAAA;AACf,CAAC;AA8BD,KAAK,UAAU,aAAa,CAC1B,IAA6B,EAC7B,IAAsB;IAEtB,IAAI,CAAC,IAAI;QAAE,OAAO,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IACrC,MAAM,KAAK,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAA4B,CAAA;IAC9E,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IACzC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAA;IAC/C,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,IAAI,EAAE,GAAG,KAAK,EAAE,CAAC,EAAE;QACzD,OAAO;QACP,MAAM,EAAE,IAAI,CAAC,MAAM;KACpB,CAAC,CAAA;AACJ,CAAC"}

package/package.json

@@ -2,13 +2,13 @@
   "name": "accounts",
   "description": "Tempo Accounts SDK",
   "type": "module",
-  "version": "0.6.1",
+  "version": "0.6.2",
   "dependencies": {
     "hono": "^4.12.12",
     "idb-keyval": "^6.2.2",
     "mipd": "^0.0.7",
     "mppx": "^0.5.10",
-    "ox": "~0.14.7",
+    "ox": "~0.14.15",
     "webauthx": "~0.1.0",
     "zod": "^4.3.6",
     "zustand": "^5.0.11"

package/src/core/Provider.connect.browser.test.ts

@@ -1,7 +1,7 @@
-import { Hex } from 'ox'
+import { Hex, WebCryptoP256 } from 'ox'
 import { type Address, createClient, defineChain, parseUnits } from 'viem'
 import { tempoLocalnet, tempoModerato } from 'viem/chains'
-import { Actions, Addresses } from 'viem/tempo'
+import { Account as TempoAccount, Actions, Addresses } from 'viem/tempo'
 import { afterEach, beforeAll, describe, expect, test } from 'vp/test'
 
 import { accounts, http } from '../../test/config.js'
@@ -311,6 +311,27 @@ describe('wallet_authorizeAccessKey', () => {
     )
     expect(result.keyAuthorization.address).toMatch(/^0x[0-9a-fA-F]{40}$/)
   })
+
+  test('behavior: authorizes an external p256 access key via iframe confirm', async () => {
+    provider = getProvider()
+    await connectViaIframe(provider)
+
+    const keyPair = await WebCryptoP256.createKeyPair()
+    const accessKeyAccount = TempoAccount.fromWebCryptoP256(keyPair)
+
+    const result = await interact(
+      provider.request({
+        method: 'wallet_authorizeAccessKey',
+        params: [{ ...accessKeyAccount, expiry: Expiry.days(1) }],
+      }),
+      async (iframe) => {
+        await iframe.getByTestId('confirm').click()
+      },
+    )
+
+    expect(result.keyAuthorization.keyId).toBe(accessKeyAccount.address)
+    expect(result.keyAuthorization.keyType).toMatchInlineSnapshot(`"p256"`)
+  })
 })
 
 describe('wallet_revokeAccessKey', () => {

package/src/core/adapters/dialog.ts

@@ -368,7 +368,12 @@ export function dialog(options: dialog.Options = {}): Adapter.Adapter {
 
           const result = await provider.request({
             ...request,
-            params: [z.encode(Rpc.wallet_connect.authorizeAccessKey, accessKey!.request)!],
+            params: [
+              z.encode(
+                Rpc.wallet_connect.authorizeAccessKey,
+                accessKey ? accessKey.request : parameters,
+              )!,
+            ],
           })
 
           if (accessKey) {

package/src/core/zod/rpc.ts

@@ -48,7 +48,7 @@ export const keyType = z.union([z.literal('secp256k1'), z.literal('p256'), z.lit
 export const keyAuthorization = z.object({
   address: u.address(),
   chainId: u.bigint(),
-  expiry: z.nullish(u.number()),
+  expiry: z.union([u.number(), z.null(), z.undefined()]),
   keyId: u.address(),
   keyType,
   limits: z.optional(z.readonly(z.array(z.object({ token: u.address(), limit: u.bigint() })))),

package/src/server/CliAuth.ts

@@ -17,7 +17,7 @@ export const keyType = z.union([z.literal('secp256k1'), z.literal('p256'), z.lit
 export const keyAuthorization = z.object({
   address: u.address(),
   chainId: u.bigint(),
-  expiry: z.nullish(u.number()),
+  expiry: z.union([u.number(), z.null(), z.undefined()]),
   keyId: u.address(),
   keyType,
   limits: z.optional(z.readonly(z.array(z.object({ token: u.address(), limit: u.bigint() })))),