Merge branch 'master' of github.com:0xsequence/sequence.js into test-wdk

Author: Agusx1211

packages/services/identity-instrument/package.json

@@ -0,0 +1,27 @@
+{
+  "name": "@0xsequence/identity-instrument",
+  "version": "0.0.0",
+  "license": "Apache-2.0",
+  "type": "module",
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "test": "vitest run"
+  },
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    }
+  },
+  "devDependencies": {
+    "@repo/typescript-config": "workspace:^",
+    "@types/node": "^22.13.9",
+    "typescript": "^5.7.3",
+    "vitest": "^3.1.2"
+  },
+  "dependencies": {
+    "jwt-decode": "^4.0.0",
+    "ox": "^0.7.0"
+  }
+}

…ges/wallet/wdk/src/identity/challenge.ts …ces/identity-instrument/src/challenge.tspackages/wallet/wdk/src/identity/challenge.ts renamed to packages/services/identity-instrument/src/challenge.ts packages/wallet/wdk/src/identity/challenge.ts renamed to packages/services/identity-instrument/src/challenge.ts

@@ -1,16 +1,16 @@
 import { Bytes, Hash, Hex } from 'ox'
 import { jwtDecode } from 'jwt-decode'
-import { IdentityType, AuthMode } from './nitro/index.js'
+import { IdentityType, AuthMode } from './identity-instrument.gen.js'
 
-export interface CommitChallengeParams {
+interface CommitChallengeParams {
   authMode: AuthMode
   identityType: IdentityType
   handle?: string
   signer?: string
   metadata: { [key: string]: string }
 }
 
-export interface CompleteChallengeParams {
+interface CompleteChallengeParams {
   authMode: AuthMode
   identityType: IdentityType
   verifier: string

…dentity/nitro/identity-instrument.gen.ts …nstrument/src/identity-instrument.gen.tspackages/wallet/wdk/src/identity/nitro/identity-instrument.gen.ts renamed to packages/services/identity-instrument/src/identity-instrument.gen.ts packages/wallet/wdk/src/identity/nitro/identity-instrument.gen.ts renamed to packages/services/identity-instrument/src/identity-instrument.gen.ts

@@ -0,0 +1,69 @@
+import { Hex, Bytes } from 'ox'
+import {
+  CommitVerifierReturn,
+  CompleteAuthReturn,
+  IdentityInstrument as IdentityInstrumentRpc,
+  KeyType,
+  IdentityType,
+  AuthMode,
+} from './identity-instrument.gen.js'
+import { Challenge } from './challenge.js'
+
+export type { CommitVerifierReturn, CompleteAuthReturn }
+export { KeyType, IdentityType, AuthMode }
+export * from './challenge.js'
+
+export class IdentityInstrument {
+  private rpc: IdentityInstrumentRpc
+
+  constructor(hostname: string, fetch = window.fetch) {
+    this.rpc = new IdentityInstrumentRpc(hostname.endsWith('/') ? hostname.slice(0, -1) : hostname, fetch)
+  }
+
+  async commitVerifier(authKey: AuthKey, challenge: Challenge) {
+    return this.rpc.commitVerifier({
+      params: {
+        ...challenge.getCommitParams(),
+        authKey: {
+          publicKey: authKey.address,
+          keyType: authKey.keyType,
+        },
+      },
+    })
+  }
+
+  async completeAuth(authKey: AuthKey, challenge: Challenge) {
+    return this.rpc.completeAuth({
+      params: {
+        ...challenge.getCompleteParams(),
+        authKey: {
+          publicKey: authKey.address,
+          keyType: authKey.keyType,
+        },
+      },
+    })
+  }
+
+  async sign(authKey: AuthKey, digest: Bytes.Bytes) {
+    const res = await this.rpc.sign({
+      params: {
+        signer: authKey.signer,
+        digest: Hex.fromBytes(digest),
+        authKey: {
+          publicKey: authKey.address,
+          keyType: authKey.keyType,
+        },
+        signature: await authKey.sign(digest),
+      },
+    })
+    Hex.assert(res.signature)
+    return res.signature
+  }
+}
+
+export interface AuthKey {
+  signer: string
+  address: string
+  keyType: KeyType
+  sign(digest: Bytes.Bytes): Promise<Hex.Hex>
+}

packages/services/identity-instrument/src/index.ts

@@ -0,0 +1,194 @@
+import { describe, expect, it } from 'vitest'
+import { AuthCodeChallenge, AuthCodePkceChallenge, IdTokenChallenge, OtpChallenge } from '../src/challenge.js'
+import { IdentityType } from '../src/index.js'
+
+describe('IdTokenChallenge', () => {
+  const idToken =
+    'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiaXNzIjoiaHR0cHM6Ly9leGFtcGxlLmNvbSIsImF1ZCI6ImF1ZGllbmNlIiwiaWF0IjoxNzE2MjM5MDIyLCJleHAiOjE4MTYyMzkwMjJ9.vo-hzFNUd8uzKmMVEj04eIiqeXfOQahZu9ZWGnJPE74'
+
+  it('returns correct commit params', () => {
+    const challenge = new IdTokenChallenge('https://example.com', 'audience', idToken)
+    const params = challenge.getCommitParams()
+    expect(params).toBeDefined()
+    expect(params.authMode).toBe('IDToken')
+    expect(params.identityType).toBe('OIDC')
+    expect(params.handle).toBe('0x800fa2a1ca87f4a37d7f0a2e1858d36cd622cc2970d886e7e8a00f82edca3455')
+    expect(params.metadata).toBeDefined()
+    expect(params.metadata.iss).toBe('https://example.com')
+    expect(params.metadata.aud).toBe('audience')
+    expect(params.metadata.exp).toBe('1816239022')
+  })
+
+  it('returns correct complete params', () => {
+    const challenge = new IdTokenChallenge('https://example.com', 'audience', idToken)
+    const params = challenge.getCompleteParams()
+    expect(params).toBeDefined()
+    expect(params.authMode).toBe('IDToken')
+    expect(params.identityType).toBe('OIDC')
+    expect(params.verifier).toBe('0x800fa2a1ca87f4a37d7f0a2e1858d36cd622cc2970d886e7e8a00f82edca3455')
+    expect(params.answer).toBe(idToken)
+  })
+})
+
+describe('AuthCodeChallenge', () => {
+  const authCode = '1234567890'
+  const signer = '0x26F5B2b3Feed8f02051c0b1c5b40cc088107935e'
+
+  it('returns correct commit params', () => {
+    const challenge = new AuthCodeChallenge('https://example.com', 'audience', 'https://dapp.com/redirect', authCode)
+    const params = challenge.getCommitParams()
+    expect(params).toBeDefined()
+    expect(params.authMode).toBe('AuthCode')
+    expect(params.identityType).toBe('OIDC')
+    expect(params.handle).toBe('0x38301fb0b5fcf3aaa4b97c4771bb6c75546e313b4ce7057c51a8cc6a3ace9d7e')
+    expect(params.signer).toBeUndefined()
+    expect(params.metadata).toBeDefined()
+    expect(params.metadata.iss).toBe('https://example.com')
+    expect(params.metadata.aud).toBe('audience')
+    expect(params.metadata.redirect_uri).toBe('https://dapp.com/redirect')
+  })
+
+  it('returns correct commit params with signer', () => {
+    const challenge = new AuthCodeChallenge('https://example.com', 'audience', 'https://dapp.com/redirect', authCode)
+    const params = challenge.withSigner(signer).getCommitParams()
+    expect(params).toBeDefined()
+    expect(params.authMode).toBe('AuthCode')
+    expect(params.identityType).toBe('OIDC')
+    expect(params.signer).toBe(signer)
+    expect(params.handle).toBe('0x38301fb0b5fcf3aaa4b97c4771bb6c75546e313b4ce7057c51a8cc6a3ace9d7e')
+    expect(params.metadata).toBeDefined()
+    expect(params.metadata.iss).toBe('https://example.com')
+    expect(params.metadata.aud).toBe('audience')
+    expect(params.metadata.redirect_uri).toBe('https://dapp.com/redirect')
+  })
+
+  it('returns correct complete params', () => {
+    const challenge = new AuthCodeChallenge('https://example.com', 'audience', 'https://dapp.com/redirect', authCode)
+    const params = challenge.getCompleteParams()
+    expect(params).toBeDefined()
+    expect(params.authMode).toBe('AuthCode')
+    expect(params.identityType).toBe('OIDC')
+    expect(params.verifier).toBe('0x38301fb0b5fcf3aaa4b97c4771bb6c75546e313b4ce7057c51a8cc6a3ace9d7e')
+    expect(params.answer).toBe(authCode)
+  })
+})
+
+describe('AuthCodePkceChallenge', () => {
+  const challenge = new AuthCodePkceChallenge('https://example.com', 'audience', 'https://dapp.com/redirect')
+  const authCode = '1234567890'
+  const verifier = 'verifier'
+  const signer = '0x26F5B2b3Feed8f02051c0b1c5b40cc088107935e'
+
+  it('returns correct commit params', () => {
+    const params = challenge.getCommitParams()
+    expect(params).toBeDefined()
+    expect(params.authMode).toBe('AuthCodePKCE')
+    expect(params.identityType).toBe('OIDC')
+    expect(params.handle).toBeUndefined()
+    expect(params.metadata).toBeDefined()
+    expect(params.metadata.iss).toBe('https://example.com')
+    expect(params.metadata.aud).toBe('audience')
+    expect(params.metadata.redirect_uri).toBe('https://dapp.com/redirect')
+  })
+
+  it('returns correct commit params with signer', () => {
+    const params = challenge.withSigner(signer).getCommitParams()
+    expect(params).toBeDefined()
+    expect(params.authMode).toBe('AuthCodePKCE')
+    expect(params.identityType).toBe('OIDC')
+    expect(params.signer).toBe(signer)
+    expect(params.handle).toBeUndefined()
+    expect(params.metadata).toBeDefined()
+    expect(params.metadata.iss).toBe('https://example.com')
+    expect(params.metadata.aud).toBe('audience')
+    expect(params.metadata.redirect_uri).toBe('https://dapp.com/redirect')
+  })
+
+  it('returns correct complete params with answer and verifier', () => {
+    const params = challenge.withAnswer(verifier, authCode).getCompleteParams()
+    expect(params).toBeDefined()
+    expect(params.authMode).toBe('AuthCodePKCE')
+    expect(params.identityType).toBe('OIDC')
+    expect(params.verifier).toBe(verifier)
+    expect(params.answer).toBe(authCode)
+  })
+
+  it('throws if answer and verifier are not provided', () => {
+    expect(() => challenge.getCompleteParams()).toThrow()
+  })
+
+  it('throws if answer is not provided', () => {
+    expect(() => challenge.withAnswer(verifier, '').getCompleteParams()).toThrow()
+  })
+
+  it('throws if verifier is not provided', () => {
+    expect(() => challenge.withAnswer('', authCode).getCompleteParams()).toThrow()
+  })
+})
+
+describe('OtpChallenge', () => {
+  const otp = '123456'
+  const codeChallenge = 'codeChallenge'
+
+  // finalAnswer = keccak256(codeChallenge + otp)
+  const finalAnswer = '0xab1b443dd7ae1f1dd51f81f8d346565c1a63e7d090a1c220e44ed578183b08f5'
+
+  describe('fromRecipient', () => {
+    const recipient = 'test@example.com'
+
+    describe('getCommitParams', () => {
+      it('returns correct commit params', () => {
+        const challenge = OtpChallenge.fromRecipient(IdentityType.Email, recipient)
+        const params = challenge.getCommitParams()
+        expect(params).toBeDefined()
+        expect(params.authMode).toBe('OTP')
+        expect(params.identityType).toBe('Email')
+        expect(params.handle).toBe(recipient)
+        expect(params.signer).toBeUndefined()
+      })
+
+      it('throws if recipient is not provided', () => {
+        const challenge = OtpChallenge.fromRecipient(IdentityType.Email, '')
+        expect(() => challenge.getCommitParams()).toThrow()
+      })
+    })
+
+    describe('getCompleteParams', () => {
+      it('returns correct complete params', () => {
+        const challenge = OtpChallenge.fromRecipient(IdentityType.Email, recipient)
+        const params = challenge.withAnswer(codeChallenge, otp).getCompleteParams()
+        expect(params).toBeDefined()
+        expect(params.authMode).toBe('OTP')
+        expect(params.identityType).toBe('Email')
+        expect(params.verifier).toBe(recipient)
+        expect(params.answer).toBe(finalAnswer)
+      })
+
+      it('throws if answer is not provided', () => {
+        const challenge = OtpChallenge.fromRecipient(IdentityType.Email, recipient)
+        expect(() => challenge.getCompleteParams()).toThrow()
+      })
+    })
+  })
+
+  describe('fromSigner', () => {
+    const signer = '0x26F5B2b3Feed8f02051c0b1c5b40cc088107935e'
+
+    describe('getCommitParams', () => {
+      it('returns correct commit params', () => {
+        const challenge = OtpChallenge.fromSigner(IdentityType.Email, signer)
+        const params = challenge.getCommitParams()
+        expect(params).toBeDefined()
+        expect(params.authMode).toBe('OTP')
+        expect(params.identityType).toBe('Email')
+        expect(params.handle).toBeUndefined()
+        expect(params.signer).toBe(signer)
+      })
+
+      it('throws if signer is not provided', () => {
+        const challenge = OtpChallenge.fromSigner(IdentityType.Email, '')
+        expect(() => challenge.getCommitParams()).toThrow()
+      })
+    })
+  })
+})

packages/services/identity-instrument/test/challenge.test.ts

@@ -0,0 +1,10 @@
+{
+  "extends": "@repo/typescript-config/base.json",
+  "compilerOptions": {
+    "rootDir": "src",
+    "outDir": "dist",
+    "types": ["node"]
+  },
+  "include": ["src"],
+  "exclude": ["node_modules", "dist"]
+}

packages/services/identity-instrument/tsconfig.json

@@ -0,0 +1,8 @@
+import { defineConfig } from 'vitest/config'
+
+export default defineConfig({
+  test: {
+    environment: 'happy-dom',
+    globals: true,
+  },
+})

packages/services/identity-instrument/vitest.config.ts

@@ -24,6 +24,7 @@
     "vitest": "^3.1.2"
   },
   "dependencies": {
+    "@0xsequence/identity-instrument": "workspace:^",
     "@0xsequence/tee-verifier": "^0.1.0",
     "@0xsequence/wallet-core": "workspace:^",
     "@0xsequence/wallet-primitives": "workspace:^",