signet-login 0.5.0 → 0.7.0

package/dist/amber.d.ts

@@ -0,0 +1,61 @@
+/**
+ * Amber (NIP-55) sign-in flow.
+ *
+ * NIP-55 is Android-only: web pages open `nostrsigner:` URLs which the
+ * Android intent system routes to Amber (or any compatible signer). The
+ * page navigates away during sign-in; Amber signs the event and redirects
+ * the browser back to the app's callback URL with the signed event encoded
+ * in a `event=` parameter.
+ *
+ * v1 scope: sign-in only. Each kind-21236 auth event takes one round-trip
+ * through Amber. Subsequent event signing during the session is not
+ * supported in v1 — every sign would require another `nostrsigner:` round
+ * trip, which is awful in-flow UX. Amber sessions surface as auth-only via
+ * `EphemeralSigner`, mirroring the same-tab Signet redirect flow.
+ *
+ * NEEDS-ANDROID-VERIFICATION: this code is unverifiable from a desktop dev
+ * environment. Smoke test on a real Android device with Amber installed
+ * before promoting to production.
+ */
+import type { SignetSession } from './types.js';
+/** True when running on a likely-Android browser. Lets the picker hide the
+ *  Amber option on iOS/desktop where the `nostrsigner:` scheme is unhandled. */
+export declare function isAndroid(): boolean;
+export interface AmberStartOptions {
+    appName: string;
+    challenge: string;
+    origin: string;
+    /** Optional override for the callback URL. Defaults to current page origin. */
+    redirectCallback?: string;
+}
+/**
+ * Build the `nostrsigner:` URL that Android dispatches to Amber. The auth
+ * event is base64-encoded in the path, params control return shape + the
+ * callback URL the browser navigates back to.
+ */
+export declare function buildAmberSignerUrl(opts: AmberStartOptions): string;
+/**
+ * Persist pending state, navigate to Amber. Mirror of `startRedirect` but
+ * the destination is a `nostrsigner:` URL handled by Amber rather than a
+ * web URL handled by signet-app. The promise never resolves — the page is
+ * gone before it can.
+ */
+export declare function startAmberSignIn(opts: AmberStartOptions): Promise<never>;
+export type ConsumeAmberResult = {
+    kind: 'session';
+    session: SignetSession;
+} | {
+    kind: 'denied';
+} | {
+    kind: 'no-callback';
+} | {
+    kind: 'invalid';
+    reason: string;
+};
+/**
+ * Consume an Amber callback. Detects `?event=<base64-or-json>` (or the
+ * `signet_amber=1` flag) on the URL and reconstructs a session. Idempotent:
+ * a second call after a successful consume returns 'no-callback' because
+ * the params have been stripped.
+ */
+export declare function consumeAmberCallback(): ConsumeAmberResult;

package/dist/amber.js

@@ -0,0 +1,181 @@
+import { PENDING_REDIRECT_TTL_MS } from './types.js';
+import { clearPendingRedirect, loadPendingRedirect, savePendingRedirect, } from './storage.js';
+import { EphemeralSigner } from './signers.js';
+/** True when running on a likely-Android browser. Lets the picker hide the
+ *  Amber option on iOS/desktop where the `nostrsigner:` scheme is unhandled. */
+export function isAndroid() {
+    if (typeof navigator === 'undefined')
+        return false;
+    return /android/i.test(navigator.userAgent);
+}
+const HEX_64 = /^[0-9a-f]{64}$/i;
+/**
+ * Build the unsigned kind-21236 auth event template Amber will sign. The
+ * shape mirrors what every other path produces, so server-side verification
+ * is uniform regardless of which signer the user picked.
+ */
+function buildAuthEventTemplate(opts) {
+    return {
+        kind: 21236,
+        content: '',
+        created_at: Math.floor(Date.now() / 1000),
+        tags: [
+            ['challenge', opts.challenge],
+            ['origin', opts.origin],
+            ['app', opts.appName],
+        ],
+    };
+}
+/**
+ * Build the `nostrsigner:` URL that Android dispatches to Amber. The auth
+ * event is base64-encoded in the path, params control return shape + the
+ * callback URL the browser navigates back to.
+ */
+export function buildAmberSignerUrl(opts) {
+    const template = buildAuthEventTemplate(opts);
+    const json = JSON.stringify(template);
+    // btoa handles ASCII; the JSON above is pure ASCII (hex challenge, origin
+    // URL, app name passes through if ASCII) so plain btoa is correct here.
+    // For non-ASCII appName we'd need TextEncoder + base64 of bytes.
+    const eventB64 = typeof btoa === 'function'
+        ? btoa(json)
+        : Buffer.from(json, 'utf-8').toString('base64');
+    const callback = opts.redirectCallback ?? `${opts.origin}/?signet_amber=1`;
+    const params = new URLSearchParams({
+        type: 'sign_event',
+        compressionType: 'base64',
+        returnType: 'event',
+        callbackUrl: callback,
+    });
+    return `nostrsigner:${eventB64}?${params.toString()}`;
+}
+/**
+ * Persist pending state, navigate to Amber. Mirror of `startRedirect` but
+ * the destination is a `nostrsigner:` URL handled by Amber rather than a
+ * web URL handled by signet-app. The promise never resolves — the page is
+ * gone before it can.
+ */
+export function startAmberSignIn(opts) {
+    if (typeof window === 'undefined') {
+        throw new Error('signet-login: amber mode requires a browser environment');
+    }
+    const pending = {
+        challenge: opts.challenge,
+        origin: opts.origin,
+        appName: opts.appName,
+        createdAt: Date.now(),
+    };
+    savePendingRedirect(pending);
+    window.location.href = buildAmberSignerUrl(opts);
+    return new Promise(() => { });
+}
+function cleanupAmberCallbackUrl() {
+    if (typeof window === 'undefined')
+        return;
+    const url = new URL(window.location.href);
+    let touched = false;
+    for (const key of ['event', 'signet_amber', 'error']) {
+        if (url.searchParams.has(key)) {
+            url.searchParams.delete(key);
+            touched = true;
+        }
+    }
+    if (!touched)
+        return;
+    const newHref = url.pathname + (url.search ? url.search : '') + url.hash;
+    try {
+        window.history.replaceState(window.history.state, document.title, newHref);
+    }
+    catch {
+        // history API blocked — leave URL alone
+    }
+}
+/**
+ * Consume an Amber callback. Detects `?event=<base64-or-json>` (or the
+ * `signet_amber=1` flag) on the URL and reconstructs a session. Idempotent:
+ * a second call after a successful consume returns 'no-callback' because
+ * the params have been stripped.
+ */
+export function consumeAmberCallback() {
+    if (typeof window === 'undefined')
+        return { kind: 'no-callback' };
+    const params = new URLSearchParams(window.location.search);
+    const flagged = params.has('signet_amber') || params.has('event');
+    if (!flagged)
+        return { kind: 'no-callback' };
+    const finalize = (result) => {
+        clearPendingRedirect();
+        cleanupAmberCallbackUrl();
+        return result;
+    };
+    if (params.get('error') === 'denied') {
+        return finalize({ kind: 'denied' });
+    }
+    const pending = loadPendingRedirect();
+    if (!pending) {
+        return finalize({ kind: 'invalid', reason: 'no-pending-state' });
+    }
+    if (pending.origin !== window.location.origin) {
+        return finalize({ kind: 'invalid', reason: 'origin-mismatch' });
+    }
+    if (Date.now() - pending.createdAt > PENDING_REDIRECT_TTL_MS) {
+        return finalize({ kind: 'invalid', reason: 'pending-stale' });
+    }
+    const eventRaw = params.get('event');
+    if (!eventRaw) {
+        return finalize({ kind: 'invalid', reason: 'no-event-param' });
+    }
+    // Amber returns the signed event JSON, base64-encoded by default. Try
+    // base64 first; fall back to plain JSON if the consumer overrode the
+    // compressionType param.
+    let parsed;
+    try {
+        let json;
+        try {
+            json = typeof atob === 'function'
+                ? atob(eventRaw)
+                : Buffer.from(eventRaw, 'base64').toString('utf-8');
+        }
+        catch {
+            json = eventRaw;
+        }
+        parsed = JSON.parse(json);
+    }
+    catch {
+        return finalize({ kind: 'invalid', reason: 'event-malformed' });
+    }
+    if (typeof parsed !== 'object' || parsed === null) {
+        return finalize({ kind: 'invalid', reason: 'event-not-object' });
+    }
+    const ev = parsed;
+    if (typeof ev.id !== 'string' || !HEX_64.test(ev.id) ||
+        typeof ev.pubkey !== 'string' || !HEX_64.test(ev.pubkey) ||
+        typeof ev.sig !== 'string' || !/^[0-9a-f]{128}$/i.test(ev.sig) ||
+        typeof ev.created_at !== 'number' ||
+        !Array.isArray(ev.tags) ||
+        ev.kind !== 21236 ||
+        typeof ev.content !== 'string') {
+        return finalize({ kind: 'invalid', reason: 'event-shape-invalid' });
+    }
+    const challengeTag = ev.tags.find(t => Array.isArray(t) && t[0] === 'challenge');
+    if (!challengeTag || challengeTag[1] !== pending.challenge) {
+        return finalize({ kind: 'invalid', reason: 'challenge-mismatch' });
+    }
+    const authEvent = {
+        id: ev.id.toLowerCase(),
+        pubkey: ev.pubkey.toLowerCase(),
+        kind: 21236,
+        created_at: ev.created_at,
+        tags: ev.tags,
+        content: ev.content,
+        sig: ev.sig.toLowerCase(),
+    };
+    const ephemeral = new EphemeralSigner(authEvent.pubkey, authEvent);
+    const session = {
+        pubkey: authEvent.pubkey,
+        method: 'amber',
+        signer: ephemeral,
+        authEvent,
+    };
+    return finalize({ kind: 'session', session });
+}

package/dist/modal.js

@@ -5,7 +5,8 @@
  * top-layer placement, theme-aware colours, no third-party UI deps.
  */
 import { DEFAULTS } from './types.js';
-import { hasNip07, createNip07Signer, createBunkerSigner, EphemeralSigner, createLocalSignerFromNsec } from './signers.js';
+import { hasNip07, createNip07Signer, createBunkerSigner, createBunkerSignerFromNostrConnect, buildNostrConnectUri, EphemeralSigner, createLocalSignerFromNsec } from './signers.js';
+import { isAndroid, startAmberSignIn } from './amber.js';
 import { waitForAuthResponse } from 'signet-verify';
 import { schnorr } from '@noble/curves/secp256k1';
 import { bytesToHex } from '@noble/hashes/utils';
@@ -61,14 +62,17 @@ function renderPicker(refs, appName, theme) {
     const dark = isDarkMode(theme);
     const muted = dark ? '#888' : '#666';
     const showNip07 = hasNip07();
+    const showAmber = isAndroid();
     refs.dialog.innerHTML = `
     <h2 style="margin:0 0 8px;font-size:1.3rem;">Sign in to ${escapeHtml(appName)}</h2>
     <p style="margin:0 0 24px;color:${muted};font-size:0.9rem;">Choose how you want to sign in. Your keys never leave your control.</p>
     <div style="display:flex;flex-direction:column;">
       ${showNip07 ? `<button data-choice="nip07" style="${buttonStyle(dark, true)}"><span style="font-size:1.2rem;">🌐</span><span><strong>Browser extension</strong><br><span style="font-size:0.8rem;opacity:0.8;">bark, Alby, nos2x</span></span></button>` : ''}
+      ${showAmber ? `<button data-choice="amber" style="${buttonStyle(dark)}"><span style="font-size:1.2rem;">🤖</span><span><strong>Sign in with Amber</strong><br><span style="font-size:0.8rem;color:${muted};">Android signer (NIP-55)</span></span></button>` : ''}
       <button data-choice="redirect" style="${buttonStyle(dark)}"><span style="font-size:1.2rem;">🪪</span><span><strong>Sign in with Signet</strong><br><span style="font-size:0.8rem;color:${muted};">Open Signet on this device</span></span></button>
       <button data-choice="qr" style="${buttonStyle(dark)}"><span style="font-size:1.2rem;">📱</span><span><strong>Signet on another device</strong><br><span style="font-size:0.8rem;color:${muted};">Scan QR with your phone</span></span></button>
       <button data-choice="bunker" style="${buttonStyle(dark)}"><span style="font-size:1.2rem;">🔑</span><span><strong>Paste bunker URI</strong><br><span style="font-size:0.8rem;color:${muted};">For NIP-46 power users</span></span></button>
+      <button data-choice="nostrconnect" style="${buttonStyle(dark)}"><span style="font-size:1.2rem;">📡</span><span><strong>Connect a Nostr signer</strong><br><span style="font-size:0.8rem;color:${muted};">Scan with nsec.app, Amber, Keychat…</span></span></button>
       <button data-choice="nsec" style="${buttonStyle(dark)}"><span style="font-size:1.2rem;">⚠️</span><span><strong>Paste private key</strong><br><span style="font-size:0.8rem;color:${muted};">In-memory only — risky, last resort</span></span></button>
     </div>
     <button data-choice="cancel" style="background:none;border:0;color:${muted};padding:12px;cursor:pointer;font-size:0.85rem;margin-top:8px;">Cancel</button>
@@ -309,6 +313,85 @@ async function runBunkerFlow(refs, opts) {
         });
     });
 }
+// ── Connect a Nostr signer (NostrConnect URI, app-initiated NIP-46) ──────────
+/**
+ * App-initiated NIP-46. Mirror image of bunker URI: instead of the user
+ * pasting a bunker URI from their signer, we generate a `nostrconnect://`
+ * URI and the user scans it with their signer (nsec.app, Amber, Keychat…).
+ * The signer connects to our chosen relay and signs ad-hoc from there.
+ */
+async function runNostrConnectFlow(refs, opts) {
+    const dark = isDarkMode(opts.theme);
+    const muted = dark ? '#888' : '#666';
+    const sk = schnorr.utils.randomPrivateKey();
+    const clientPubkey = bytesToHex(schnorr.getPublicKey(sk));
+    const secret = bytesToHex(schnorr.utils.randomPrivateKey()).slice(0, 32);
+    const uri = buildNostrConnectUri({
+        clientPubkeyHex: clientPubkey,
+        relayUrl: opts.relayUrl,
+        secret,
+        perms: ['sign_event', 'nip44_encrypt', 'nip44_decrypt'],
+        appName: opts.appName,
+        appUrl: opts.origin,
+    });
+    refs.dialog.innerHTML = `
+    <h2 style="margin:0 0 8px;font-size:1.2rem;">Connect a Nostr signer</h2>
+    <p style="margin:0 0 16px;color:${muted};font-size:0.85rem;">Scan or paste this into your signer (nsec.app, Amber, Keychat…). The connection happens over your relay.</p>
+    <div style="background:${dark ? '#0f0f1f' : '#f5f5f8'};border-radius:8px;padding:16px;margin-bottom:16px;">
+      <canvas id="signet-login-nc-qr" width="200" height="200" style="display:block;width:200px;height:200px;margin:0 auto 12px;background:#ffffff;border-radius:6px;box-sizing:border-box;"></canvas>
+      <button data-action="copy" style="${buttonStyle(dark)}width:auto;font-size:0.75rem;padding:6px 10px;margin:0 auto;display:block;">Copy URI</button>
+    </div>
+    <p id="signet-login-nc-status" style="margin:0 0 12px;color:${muted};font-size:0.85rem;">Waiting for signer to connect…</p>
+    <div style="display:flex;gap:8px;justify-content:space-between;">
+      <button data-action="back" style="${buttonStyle(dark)}width:auto;flex:0 0 auto;padding:8px 16px;">← Back</button>
+      <button data-action="cancel" style="${buttonStyle(dark)}width:auto;flex:0 0 auto;padding:8px 16px;">Cancel</button>
+    </div>
+  `;
+    const qrCanvas = refs.dialog.querySelector('#signet-login-nc-qr');
+    if (qrCanvas) {
+        void QRCode.toCanvas(qrCanvas, uri, {
+            width: 200, margin: 1, errorCorrectionLevel: 'M',
+            color: { dark: '#0a0418', light: '#ffffff' },
+        }).catch(() => { });
+    }
+    const copyBtn = refs.dialog.querySelector('[data-action="copy"]');
+    copyBtn?.addEventListener('click', () => {
+        void navigator.clipboard?.writeText(uri).then(() => {
+            copyBtn.textContent = 'Copied ✓';
+            window.setTimeout(() => { copyBtn.textContent = 'Copy URI'; }, 1500);
+        });
+    });
+    const ac = new AbortController();
+    const status = refs.dialog.querySelector('#signet-login-nc-status');
+    return new Promise(resolve => {
+        let settled = false;
+        const settle = (v) => {
+            if (settled)
+                return;
+            settled = true;
+            resolve(v);
+        };
+        refs.dialog.querySelector('[data-action="back"]')?.addEventListener('click', () => {
+            ac.abort();
+            settle(null);
+        });
+        refs.dialog.querySelector('[data-action="cancel"]')?.addEventListener('click', () => {
+            ac.abort();
+            settle(null);
+        });
+        createBunkerSignerFromNostrConnect({ uri, clientSecretKey: sk, abortSignal: ac.signal })
+            .then(signer => settle(signer))
+            .catch(err => {
+            if (settled)
+                return; // already cancelled
+            if (status) {
+                status.textContent = `✗ ${err instanceof Error ? err.message : String(err)}`;
+                status.style.color = '#d04848';
+            }
+            // Don't auto-settle on error — user clicks Back/Cancel.
+        });
+    });
+}
 // ── Paste nsec (in-memory only) ───────────────────────────────────────────────
 async function runNsecFlow(refs, opts) {
     const dark = isDarkMode(opts.theme);
@@ -441,6 +524,18 @@ export async function showLoginModal(opts) {
                 });
                 return null; // unreachable
             }
+            if (choice === 'amber') {
+                // Same-tab navigation to a `nostrsigner:` URL. Android dispatches
+                // it to Amber; the page comes back via callbackUrl with the signed
+                // event in `?event=`. Picked up on next boot by handleRedirectCallback.
+                await startAmberSignIn({
+                    appName: resolved.appName,
+                    challenge: resolved.challenge,
+                    origin: resolved.origin,
+                    ...(resolved.redirectCallback !== undefined ? { redirectCallback: resolved.redirectCallback } : {}),
+                });
+                return null; // unreachable
+            }
             if (choice === 'qr') {
                 const result = await runRedirectFlow(refs, resolved);
                 if (!result) {
@@ -483,6 +578,33 @@ export async function showLoginModal(opts) {
                     authEvent,
                 };
             }
+            if (choice === 'nostrconnect') {
+                const signer = await runNostrConnectFlow(refs, resolved);
+                if (!signer) {
+                    if (resolved.preferredMethod)
+                        return null;
+                    continue;
+                }
+                const authEvent = await signer.signEvent({
+                    kind: 21236,
+                    content: '',
+                    tags: [
+                        ['challenge', resolved.challenge],
+                        ['origin', resolved.origin],
+                        ['app', resolved.appName],
+                    ],
+                });
+                // Surfaces as 'bunker' since the session shape is identical to a
+                // bunker URI session — same signer, same persistence path, same
+                // capabilities. The picker choice routed us here; from this point
+                // on the rest of the SDK doesn't care about the initiation direction.
+                return {
+                    pubkey: signer.pubkey,
+                    method: 'bunker',
+                    signer,
+                    authEvent,
+                };
+            }
             if (choice === 'nsec') {
                 const signer = await runNsecFlow(refs, resolved);
                 if (!signer) {

package/dist/signers.d.ts

@@ -54,6 +54,35 @@ export declare class BunkerSignerImpl implements SignetSigner {
     signEvent(template: EventTemplate): Promise<NostrEvent>;
     close(): Promise<void>;
 }
+/**
+ * App-initiated NIP-46: we generate a `nostrconnect://` URI containing our
+ * client pubkey, relay, secret, and requested perms. The user pastes/scans
+ * it into their signer, which then connects to the relay and acks. Returns
+ * a BunkerSignerImpl once the handshake completes (or rejects on abort).
+ *
+ *   uri              — the nostrconnect:// URI shown to the user (built by
+ *                      the caller via buildNostrConnectUri)
+ *   clientSecretKey  — the 32-byte session key the URI was built with
+ *   abortSignal      — cancel a long-running wait when the modal closes
+ */
+export declare function createBunkerSignerFromNostrConnect(input: {
+    uri: string;
+    clientSecretKey: Uint8Array;
+    abortSignal?: AbortSignal;
+}): Promise<BunkerSignerImpl>;
+/**
+ * Build a NIP-46 `nostrconnect://` URI for the app-initiated flow. The
+ * `secret` is echoed back by the bunker on connect so the app can verify
+ * it's talking to the right peer; it must be unguessable.
+ */
+export declare function buildNostrConnectUri(input: {
+    clientPubkeyHex: string;
+    relayUrl: string;
+    secret: string;
+    perms?: string[];
+    appName?: string;
+    appUrl?: string;
+}): string;
 /**
  * Connect a bunker session from a `bunker://` or `nostr+connect://` URI (or a
  * NIP-05 identifier). Generates a fresh client secret key for the session.

package/dist/signers.js

@@ -80,6 +80,51 @@ export class BunkerSignerImpl {
         await this.bunker.close();
     }
 }
+/**
+ * App-initiated NIP-46: we generate a `nostrconnect://` URI containing our
+ * client pubkey, relay, secret, and requested perms. The user pastes/scans
+ * it into their signer, which then connects to the relay and acks. Returns
+ * a BunkerSignerImpl once the handshake completes (or rejects on abort).
+ *
+ *   uri              — the nostrconnect:// URI shown to the user (built by
+ *                      the caller via buildNostrConnectUri)
+ *   clientSecretKey  — the 32-byte session key the URI was built with
+ *   abortSignal      — cancel a long-running wait when the modal closes
+ */
+export async function createBunkerSignerFromNostrConnect(input) {
+    const { uri, clientSecretKey, abortSignal } = input;
+    if (clientSecretKey.length !== 32)
+        throw new Error('invalid-client-secret-key');
+    const bunker = abortSignal
+        ? await BunkerSigner.fromURI(clientSecretKey, uri, undefined, abortSignal)
+        : await BunkerSigner.fromURI(clientSecretKey, uri);
+    const pubkey = await bunker.getPublicKey();
+    if (!/^[0-9a-f]{64}$/i.test(pubkey)) {
+        await bunker.close().catch(() => { });
+        throw new Error('invalid-pubkey-from-bunker');
+    }
+    return new BunkerSignerImpl(pubkey.toLowerCase(), bunker, uri, clientSecretKey);
+}
+/**
+ * Build a NIP-46 `nostrconnect://` URI for the app-initiated flow. The
+ * `secret` is echoed back by the bunker on connect so the app can verify
+ * it's talking to the right peer; it must be unguessable.
+ */
+export function buildNostrConnectUri(input) {
+    const { clientPubkeyHex, relayUrl, secret } = input;
+    if (!/^[0-9a-f]{64}$/i.test(clientPubkeyHex))
+        throw new Error('invalid-client-pubkey');
+    if (!/^wss?:\/\//.test(relayUrl))
+        throw new Error('invalid-relay-url');
+    const params = new URLSearchParams({ relay: relayUrl, secret });
+    if (input.perms && input.perms.length > 0)
+        params.set('perms', input.perms.join(','));
+    if (input.appName)
+        params.set('name', input.appName);
+    if (input.appUrl)
+        params.set('url', input.appUrl);
+    return `nostrconnect://${clientPubkeyHex}?${params.toString()}`;
+}
 /**
  * Connect a bunker session from a `bunker://` or `nostr+connect://` URI (or a
  * NIP-05 identifier). Generates a fresh client secret key for the session.

package/dist/signet-login.d.ts

@@ -16,10 +16,13 @@
  */
 export type { NostrEvent, EventTemplate, LoginMethod, SignerCapabilities, SignetSigner, SignetAuthEvent, SignetSession, LoginOptions, RestoreOptions, } from './types.js';
 import type { LoginOptions, RestoreOptions, SignetSession } from './types.js';
+import { type ConsumeAmberResult } from './amber.js';
 import { handleCallback as handlePopupCallback } from './callback.js';
 import type { ConsumeCallbackResult } from './redirect.js';
 export type { CallbackResult } from './callback.js';
 export type { ConsumeCallbackResult } from './redirect.js';
+export type { ConsumeAmberResult } from './amber.js';
+export { isAndroid } from './amber.js';
 /**
  * Show the login picker and resolve to a SignetSession on success, or null on
  * cancel / timeout.
@@ -80,7 +83,7 @@ export declare const handleCallback: typeof handlePopupCallback;
  * code that consumes `restoreSession()` doesn't need to care which path
  * authenticated the user.
  */
-export declare function handleRedirectCallback(): Promise<ConsumeCallbackResult>;
+export declare function handleRedirectCallback(): Promise<ConsumeCallbackResult | ConsumeAmberResult>;
 /**
  * Clear the stored session and close the active signer.
  */