@turnkey/react-wallet-kit
Version:
The easiest and most powerful way to integrate Turnkey's Embedded Wallets into your React applications.
615 lines (614 loc) • 386 kB
JavaScript
'use client';
import { slicedToArray as _slicedToArray, asyncToGenerator as _asyncToGenerator, regenerator as _regenerator, objectSpread2 as _objectSpread2, toConsumableArray as _toConsumableArray } from '../../_virtual/_rollupPluginBabelHelpers.mjs';
import { jsx } from 'react/jsx-runtime';
import { sha256 } from '@noble/hashes/sha2';
import { bytesToHex } from '@noble/hashes/utils';
import { storePKCEVerifier, storeOAuthAddProviderMetadata, clearAllOAuthData, getOAuthAddProviderMetadata, hasPKCEVerifier, OAUTH_INTENT_ADD_PROVIDER } from '../../utils/oauth/storage.mjs';
import '../../utils/oauth/config.mjs';
import { parseOAuthResponse, openOAuthPopup, buildOAuthUrl, redirectToOAuthProvider, cleanupOAuthUrlPreserveSearch, cleanupOAuthUrl } from '../../utils/oauth/url.mjs';
import { completeOAuthPopup, completeOAuthFlow, completePKCEFlow } from '../../utils/oauth/completion.mjs';
import { generateChallengePair, exchangeFacebookCodeForToken } from '../../utils/oauth/pkce.mjs';
import { capitalizeProviderName, getProviderIcon } from '../../utils/oauth/helpers.mjs';
import { useWalletProviderState, useDebouncedCallback, isValidSession, withTurnkeyErrorHandling, SESSION_WARNING_THRESHOLD_MS, mergeWalletsWithoutDuplicates } from '../../utils/utils.mjs';
import { clearKeys, clearAll, setCappedTimeoutInMap, clearKey, setTimeoutInMap } from '../../utils/timers.mjs';
import { resetPasskeyScope, DEFAULT_SESSION_EXPIRATION_IN_SECONDS, OtpType, applyPasskeyScope, buildSecondaryOauthProviders, TurnkeyClient, Chain, WalletInterfaceType, getAuthProxyConfig, WalletSource, buildSecondaryOidcClaims } from '@turnkey/core';
import { useState, useRef, useCallback, useEffect } from 'react';
import { TurnkeyError, TurnkeyErrorCodes, TurnkeyNetworkError, AuthAction, OAuthProviders, FiatOnRampCryptoCurrency, FiatOnRampBlockchainNetwork } from '@turnkey/sdk-types';
import { useModal } from '../modal/Hook.mjs';
import { AuthState, ClientState, AuthMethod, ExportType, ImportType } from '../../types/base.mjs';
import { AuthComponent } from '../../components/auth/index.mjs';
import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';
import { ActionPage } from '../../components/auth/Action.mjs';
import { SignMessageModal } from '../../components/sign/Message.mjs';
import { ExportComponent } from '../../components/export/Export.mjs';
import { ImportComponent } from '../../components/import/Import.mjs';
import { SuccessPage } from '../../components/design/Success.mjs';
import { UpdateEmail } from '../../components/user/UpdateEmail.mjs';
import { UpdatePhoneNumber } from '../../components/user/UpdatePhoneNumber.mjs';
import { UpdateUserName } from '../../components/user/UpdateUserName.mjs';
import { RemoveOAuthProvider } from '../../components/user/RemoveOAuthProvider.mjs';
import { RemovePasskey } from '../../components/user/RemovePasskey.mjs';
import { ConnectWalletModal } from '../../components/user/ConnectWallet.mjs';
import { ClientContext } from './Types.mjs';
import { WalletConnectProvider } from '../WalletConnectProvider.mjs';
import { OtpVerification } from '../../components/auth/OTP.mjs';
import { RemoveEmail } from '../../components/user/RemoveEmail.mjs';
import { RemovePhoneNumber } from '../../components/user/RemovePhoneNumber.mjs';
import { VerifyPage } from '../../components/verify/Verify.mjs';
import { OnRampPage } from '../../components/onramp/OnRamp.mjs';
import { CoinbaseLogo, MoonPayLogo } from '../../components/design/Svg.mjs';
import { SendTransactionPage } from '../../components/send-transaction/SendTransaction.mjs';
import { getChainLogo } from '../../components/send-transaction/helpers.mjs';
/**
* Provides Turnkey client authentication, session management, wallet operations, and user profile management
* for the React Wallet Kit SDK. This context provider encapsulates all core authentication flows (Passkey, Wallet, OTP, OAuth),
* session lifecycle (creation, expiration, refresh), wallet connecting/import/export, and user profile updates (email, phone, name).
*
* The provider automatically initializes the Turnkey client, fetches configuration (including proxy auth config if needed),
* and synchronizes session and authentication state. It exposes a comprehensive set of methods for authentication flows,
* wallet management, and user profile operations, as well as UI handlers for modal-driven flows.
*
* Features:
* - Passkey, Wallet, OTP (Email/SMS), and OAuth (Google, Apple, Facebook, X, Discord) authentication and sign-up flows.
* - Session management: creation, expiration scheduling, refresh, and clearing.
* - Wallet management: fetch, connect, import, export, account management.
* - User profile management: email, phone, name, OAuth provider, and passkey linking/removal.
* - Modal-driven UI flows for authentication, wallet connecting, and profile updates.
* - Error handling and callback integration for custom error and event responses.
*
* Usage:
* Wrap your application with `TurnkeyProvider` to enable authentication and wallet features via context.
*
* @param config - The Turnkey provider configuration object.
* @param children - React children to be rendered within the provider.
* @param callbacks - Optional callbacks for error handling and session events.
*
* @returns A React context provider exposing authentication, wallet, and user management methods and state.
*/
var ClientProvider = function ClientProvider(_ref) {
var _config$autoFetchWall, _masterConfig$auth31, _masterConfig$auth33, _masterConfig$auth35;
var config = _ref.config,
children = _ref.children,
callbacks = _ref.callbacks;
var _useState = useState(undefined),
_useState2 = _slicedToArray(_useState, 2),
client = _useState2[0],
setClient = _useState2[1];
var _useState3 = useState(undefined),
_useState4 = _slicedToArray(_useState3, 2),
session = _useState4[0],
setSession = _useState4[1];
var _useState5 = useState(undefined),
_useState6 = _slicedToArray(_useState5, 2),
masterConfig = _useState6[0],
setMasterConfig = _useState6[1];
var _useState7 = useState([]),
_useState8 = _slicedToArray(_useState7, 2),
wallets = _useState8[0],
setWallets = _useState8[1];
var _useState9 = useState(undefined),
_useState0 = _slicedToArray(_useState9, 2),
user = _useState0[0],
setUser = _useState0[1];
var _useState1 = useState(),
_useState10 = _slicedToArray(_useState1, 2),
clientState = _useState10[0],
setClientState = _useState10[1];
var _useState11 = useState(AuthState.Unauthenticated),
_useState12 = _slicedToArray(_useState11, 2),
authState = _useState12[0],
setAuthState = _useState12[1];
// if there is no authProxyConfigId or if autoFetchWalletKitConfig is specifically
// set to false, we don't need to fetch the config
var shouldFetchWalletKitConfig = !!config.authProxyConfigId && ((_config$autoFetchWall = config.autoFetchWalletKitConfig) !== null && _config$autoFetchWall !== void 0 ? _config$autoFetchWall : true);
// we use this custom hook to only update the state if the value is different
// this is so our useEffect that calls `initializeWalletProviderListeners()` only runs when it needs to
var _useWalletProviderSta = useWalletProviderState(),
_useWalletProviderSta2 = _slicedToArray(_useWalletProviderSta, 2),
walletProviders = _useWalletProviderSta2[0],
setWalletProviders = _useWalletProviderSta2[1];
var expiryTimeoutsRef = useRef({});
var proxyAuthConfigRef = useRef(null);
var _useState13 = useState(undefined),
_useState14 = _slicedToArray(_useState13, 2),
allSessions = _useState14[0],
setAllSessions = _useState14[1];
var _useModal = useModal(),
isMobile = _useModal.isMobile,
pushPage = _useModal.pushPage,
popPage = _useModal.popPage,
closeModal = _useModal.closeModal;
var completeRedirectOauth = /*#__PURE__*/function () {
var _ref2 = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee1() {
var withModalWrapper, result, code, provider, publicKey, oauthIntent, sessionKey, nonce, openModal, isAddProvider, metadata, completePKCERedirect, _masterConfig$auth2, _masterConfig$auth2$o, _masterConfig$auth2$o2, _masterConfig$auth$oa, _masterConfig$auth3, _masterConfig$auth3$o, _masterConfig$auth3$o2, _masterConfig$auth4, _masterConfig$auth4$o, clientId, secondaryClientIds, redirectURI, hasVerifier, _masterConfig$auth5, _masterConfig$auth5$o, _masterConfig$auth5$o2, _masterConfig$auth$oa2, _masterConfig$auth6, _masterConfig$auth6$o, _masterConfig$auth6$o2, _masterConfig$auth7, _masterConfig$auth7$o, _clientId, _secondaryClientIds, _redirectURI, _hasVerifier, _masterConfig$auth8, _masterConfig$auth8$o, _masterConfig$auth8$o2, _masterConfig$auth$oa3, _masterConfig$auth9, _masterConfig$auth9$o, _masterConfig$auth9$o2, _masterConfig$auth0, _masterConfig$auth0$o, _clientId2, _secondaryClientIds2, _redirectURI2, _hasVerifier2, _ref0, _masterConfig$auth1, _masterConfig$auth1$o, _masterConfig$auth1$o2, _masterConfig$auth10, _masterConfig$auth10$, _masterConfig$auth10$2, _result, idToken, _provider, _publicKey, _openModal, _sessionKey, _oauthIntent, _isAddProvider, _metadata, resolvedProvider, _secondaryClientIds3, action;
return _regenerator().w(function (_context1) {
while (1) switch (_context1.p = _context1.n) {
case 0:
_context1.p = 0;
if (!(!window.location.hash && !window.location.search)) {
_context1.n = 1;
break;
}
return _context1.a(2);
case 1:
/**
* Wraps an OAuth completion action with optional modal UI.
* This is the key difference between redirect and popup flows:
* - Popup: No modal needed (the popup window itself is the UI)
* - Redirect: Optional modal to show loading/success states on return
*/
withModalWrapper = /*#__PURE__*/function () {
var _ref3 = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee2(params) {
var provider, isAddProvider, metadata, openModal, _action, providerDisplayName, icon;
return _regenerator().w(function (_context2) {
while (1) switch (_context2.n) {
case 0:
provider = params.provider, isAddProvider = params.isAddProvider, metadata = params.metadata, openModal = params.openModal, _action = params.action;
providerDisplayName = capitalizeProviderName(provider);
icon = getProviderIcon(provider);
if (!(openModal === "true")) {
_context2.n = 2;
break;
}
_context2.n = 1;
return new Promise(function (resolve, reject) {
pushPage({
key: "".concat(providerDisplayName, " OAuth"),
content: jsx(ActionPage, {
closeOnComplete: isAddProvider ? false : true,
title: isAddProvider ? "Adding ".concat(providerDisplayName, " provider...") : "Authenticating with ".concat(providerDisplayName, "..."),
action: function () {
var _action2 = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee() {
var _metadata$successPage, _t;
return _regenerator().w(function (_context) {
while (1) switch (_context.p = _context.n) {
case 0:
_context.p = 0;
_context.n = 1;
return _action();
case 1:
if (isAddProvider && metadata) {
// Don't show success for auth. Not needed
pushPage({
key: "OAuth Provider Added",
content: jsx(SuccessPage, {
text: "Successfully added ".concat(providerDisplayName, " OAuth provider!"),
duration: (_metadata$successPage = metadata.successPageDuration) !== null && _metadata$successPage !== void 0 ? _metadata$successPage : 2000,
onComplete: function onComplete() {
closeModal();
}
}),
preventBack: true,
showTitle: false
});
}
resolve();
_context.n = 3;
break;
case 2:
_context.p = 2;
_t = _context.v;
reject(_t);
popPage();
case 3:
return _context.a(2);
}
}, _callee, null, [[0, 2]]);
}));
function action() {
return _action2.apply(this, arguments);
}
return action;
}(),
icon: jsx(FontAwesomeIcon, {
icon: icon,
size: "3x"
})
}),
showTitle: false,
onClose: function onClose() {
reject(new TurnkeyError(isAddProvider ? "User canceled the ".concat(providerDisplayName, " add provider process.") : "User canceled the ".concat(providerDisplayName, " authentication process."), TurnkeyErrorCodes.USER_CANCELED));
}
});
});
case 1:
_context2.n = 3;
break;
case 2:
_context2.n = 3;
return _action();
case 3:
return _context2.a(2);
}
}, _callee2);
}));
return function withModalWrapper(_x) {
return _ref3.apply(this, arguments);
};
}(); // Handle PKCE-based OAuth redirects (Facebook, Discord, X) with code in search parameters
if (!(window.location.search && window.location.search.includes("code=") && window.location.search.includes("state="))) {
_context1.n = 9;
break;
}
// Parse the URL using our unified helper
result = parseOAuthResponse(window.location.href);
if (!(!result || !result.authCode || !result.publicKey)) {
_context1.n = 2;
break;
}
return _context1.a(2);
case 2:
if (!(result.flow !== "redirect")) {
_context1.n = 3;
break;
}
return _context1.a(2);
case 3:
code = result.authCode, provider = result.provider, publicKey = result.publicKey, oauthIntent = result.oauthIntent, sessionKey = result.sessionKey, nonce = result.nonce, openModal = result.openModal;
isAddProvider = oauthIntent === OAUTH_INTENT_ADD_PROVIDER;
metadata = isAddProvider ? getOAuthAddProviderMetadata() : null;
/**
* Helper to complete PKCE redirect flow with optional modal wrapper.
* Uses handlePKCEFlow from oauth utils for the core logic.
* We put this in a separate function to avoid duplicating for each provider.
*/
completePKCERedirect = /*#__PURE__*/function () {
var _ref4 = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee5(providerName, exchangeCodeFn, secondaryClientIds) {
var action;
return _regenerator().w(function (_context5) {
while (1) switch (_context5.n) {
case 0:
action = /*#__PURE__*/function () {
var _ref5 = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee4() {
var providerDisplayName, _t2;
return _regenerator().w(function (_context4) {
while (1) switch (_context4.p = _context4.n) {
case 0:
_context4.p = 0;
_context4.n = 1;
return completePKCEFlow({
publicKey: publicKey,
providerName: providerName,
sessionKey: sessionKey !== null && sessionKey !== void 0 ? sessionKey : undefined,
callbacks: callbacks,
completeOauth: function completeOauth(completionParams) {
var _masterConfig$auth, _masterConfig$auth$cr, _completionParams$pro, _existingCreateSubOrg;
var existingCreateSubOrgParams = masterConfig === null || masterConfig === void 0 ? void 0 : (_masterConfig$auth = masterConfig.auth) === null || _masterConfig$auth === void 0 ? void 0 : (_masterConfig$auth$cr = _masterConfig$auth.createSuborgParams) === null || _masterConfig$auth$cr === void 0 ? void 0 : _masterConfig$auth$cr.oauth;
var secondaryProviders = buildSecondaryOauthProviders(completionParams.oidcToken, (_completionParams$pro = completionParams.providerName) !== null && _completionParams$pro !== void 0 ? _completionParams$pro : providerName, secondaryClientIds);
return _completeOauth(_objectSpread2(_objectSpread2({}, completionParams), secondaryProviders.length > 0 && {
createSubOrgParams: _objectSpread2(_objectSpread2({}, existingCreateSubOrgParams), {}, {
oauthProviders: [].concat(_toConsumableArray((_existingCreateSubOrg = existingCreateSubOrgParams === null || existingCreateSubOrgParams === void 0 ? void 0 : existingCreateSubOrgParams.oauthProviders) !== null && _existingCreateSubOrg !== void 0 ? _existingCreateSubOrg : []), _toConsumableArray(secondaryProviders))
})
}));
},
onAddProvider:
// Only set onAddProvider if we are adding a provider and have metadata
isAddProvider && metadata ? (/*#__PURE__*/function () {
var _ref6 = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee3(oidcToken) {
var oidcClaims;
return _regenerator().w(function (_context3) {
while (1) switch (_context3.n) {
case 0:
oidcClaims = buildSecondaryOidcClaims(oidcToken, secondaryClientIds);
_context3.n = 1;
return addOauthProvider(_objectSpread2(_objectSpread2({
providerName: provider,
oidcToken: oidcToken
}, oidcClaims.length > 0 && {
oidcClaims: oidcClaims
}), {}, {
organizationId: metadata.organizationId,
userId: metadata.userId
}, metadata.stampWith && {
stampWith: metadata.stampWith
}));
case 1:
return _context3.a(2);
}
}, _callee3);
}));
return function (_x5) {
return _ref6.apply(this, arguments);
};
}()) : undefined,
exchangeCodeForToken: exchangeCodeFn
});
case 1:
_context4.n = 3;
break;
case 2:
_context4.p = 2;
_t2 = _context4.v;
if (callbacks !== null && callbacks !== void 0 && callbacks.onError) {
providerDisplayName = capitalizeProviderName(providerName);
callbacks.onError(_t2 instanceof TurnkeyError ? _t2 : new TurnkeyError("".concat(providerDisplayName, " authentication failed"), TurnkeyErrorCodes.OAUTH_SIGNUP_ERROR, _t2));
}
throw _t2;
case 3:
return _context4.a(2);
}
}, _callee4, null, [[0, 2]]);
}));
return function action() {
return _ref5.apply(this, arguments);
};
}();
_context5.n = 1;
return withModalWrapper({
provider: providerName,
isAddProvider: isAddProvider,
metadata: metadata,
openModal: openModal,
action: action
});
case 1:
// Clean up URL after successful completion
cleanupOAuthUrl();
case 2:
return _context5.a(2);
}
}, _callee5);
}));
return function completePKCERedirect(_x2, _x3, _x4) {
return _ref4.apply(this, arguments);
};
}(); // FACEBOOK
if (!(provider === OAuthProviders.FACEBOOK)) {
_context1.n = 5;
break;
}
clientId = masterConfig === null || masterConfig === void 0 ? void 0 : (_masterConfig$auth2 = masterConfig.auth) === null || _masterConfig$auth2 === void 0 ? void 0 : (_masterConfig$auth2$o = _masterConfig$auth2.oauthConfig) === null || _masterConfig$auth2$o === void 0 ? void 0 : (_masterConfig$auth2$o2 = _masterConfig$auth2$o.facebook) === null || _masterConfig$auth2$o2 === void 0 ? void 0 : _masterConfig$auth2$o2.primaryClientId;
secondaryClientIds = (_masterConfig$auth$oa = masterConfig === null || masterConfig === void 0 ? void 0 : (_masterConfig$auth3 = masterConfig.auth) === null || _masterConfig$auth3 === void 0 ? void 0 : (_masterConfig$auth3$o = _masterConfig$auth3.oauthConfig) === null || _masterConfig$auth3$o === void 0 ? void 0 : (_masterConfig$auth3$o2 = _masterConfig$auth3$o.facebook) === null || _masterConfig$auth3$o2 === void 0 ? void 0 : _masterConfig$auth3$o2.secondaryClientIds) !== null && _masterConfig$auth$oa !== void 0 ? _masterConfig$auth$oa : [];
redirectURI = masterConfig === null || masterConfig === void 0 ? void 0 : (_masterConfig$auth4 = masterConfig.auth) === null || _masterConfig$auth4 === void 0 ? void 0 : (_masterConfig$auth4$o = _masterConfig$auth4.oauthConfig) === null || _masterConfig$auth4$o === void 0 ? void 0 : _masterConfig$auth4$o.oauthRedirectUri;
hasVerifier = hasPKCEVerifier(OAuthProviders.FACEBOOK);
if (!(clientId && redirectURI && hasVerifier)) {
_context1.n = 4;
break;
}
_context1.n = 4;
return completePKCERedirect(OAuthProviders.FACEBOOK, /*#__PURE__*/function () {
var _ref7 = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee6(codeVerifier) {
var tokenResponse, oidcToken;
return _regenerator().w(function (_context6) {
while (1) switch (_context6.n) {
case 0:
_context6.n = 1;
return exchangeFacebookCodeForToken(clientId, redirectURI, code, codeVerifier);
case 1:
tokenResponse = _context6.v;
oidcToken = tokenResponse === null || tokenResponse === void 0 ? void 0 : tokenResponse.id_token;
if (oidcToken) {
_context6.n = 2;
break;
}
throw new TurnkeyError("Missing OIDC token", TurnkeyErrorCodes.OAUTH_LOGIN_ERROR);
case 2:
return _context6.a(2, oidcToken);
}
}, _callee6);
}));
return function (_x6) {
return _ref7.apply(this, arguments);
};
}(), secondaryClientIds);
case 4:
return _context1.a(2);
case 5:
if (!(provider === OAuthProviders.DISCORD)) {
_context1.n = 7;
break;
}
_clientId = masterConfig === null || masterConfig === void 0 ? void 0 : (_masterConfig$auth5 = masterConfig.auth) === null || _masterConfig$auth5 === void 0 ? void 0 : (_masterConfig$auth5$o = _masterConfig$auth5.oauthConfig) === null || _masterConfig$auth5$o === void 0 ? void 0 : (_masterConfig$auth5$o2 = _masterConfig$auth5$o.discord) === null || _masterConfig$auth5$o2 === void 0 ? void 0 : _masterConfig$auth5$o2.primaryClientId;
_secondaryClientIds = (_masterConfig$auth$oa2 = masterConfig === null || masterConfig === void 0 ? void 0 : (_masterConfig$auth6 = masterConfig.auth) === null || _masterConfig$auth6 === void 0 ? void 0 : (_masterConfig$auth6$o = _masterConfig$auth6.oauthConfig) === null || _masterConfig$auth6$o === void 0 ? void 0 : (_masterConfig$auth6$o2 = _masterConfig$auth6$o.discord) === null || _masterConfig$auth6$o2 === void 0 ? void 0 : _masterConfig$auth6$o2.secondaryClientIds) !== null && _masterConfig$auth$oa2 !== void 0 ? _masterConfig$auth$oa2 : [];
_redirectURI = masterConfig === null || masterConfig === void 0 ? void 0 : (_masterConfig$auth7 = masterConfig.auth) === null || _masterConfig$auth7 === void 0 ? void 0 : (_masterConfig$auth7$o = _masterConfig$auth7.oauthConfig) === null || _masterConfig$auth7$o === void 0 ? void 0 : _masterConfig$auth7$o.oauthRedirectUri;
_hasVerifier = hasPKCEVerifier(OAuthProviders.DISCORD);
if (!(_clientId && _redirectURI && _hasVerifier && nonce)) {
_context1.n = 6;
break;
}
_context1.n = 6;
return completePKCERedirect(OAuthProviders.DISCORD, /*#__PURE__*/function () {
var _ref8 = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee7(codeVerifier) {
var resp, oidcToken;
return _regenerator().w(function (_context7) {
while (1) switch (_context7.n) {
case 0:
_context7.n = 1;
return client === null || client === void 0 ? void 0 : client.httpClient.proxyOAuth2Authenticate({
provider: "OAUTH2_PROVIDER_DISCORD",
authCode: code,
redirectUri: _redirectURI,
codeVerifier: codeVerifier,
clientId: _clientId,
nonce: nonce
});
case 1:
resp = _context7.v;
oidcToken = resp === null || resp === void 0 ? void 0 : resp.oidcToken;
if (oidcToken) {
_context7.n = 2;
break;
}
throw new TurnkeyError("Missing OIDC token", TurnkeyErrorCodes.OAUTH_LOGIN_ERROR);
case 2:
return _context7.a(2, oidcToken);
}
}, _callee7);
}));
return function (_x7) {
return _ref8.apply(this, arguments);
};
}(), _secondaryClientIds);
case 6:
return _context1.a(2);
case 7:
if (!(provider === OAuthProviders.X)) {
_context1.n = 9;
break;
}
_clientId2 = masterConfig === null || masterConfig === void 0 ? void 0 : (_masterConfig$auth8 = masterConfig.auth) === null || _masterConfig$auth8 === void 0 ? void 0 : (_masterConfig$auth8$o = _masterConfig$auth8.oauthConfig) === null || _masterConfig$auth8$o === void 0 ? void 0 : (_masterConfig$auth8$o2 = _masterConfig$auth8$o.x) === null || _masterConfig$auth8$o2 === void 0 ? void 0 : _masterConfig$auth8$o2.primaryClientId;
_secondaryClientIds2 = (_masterConfig$auth$oa3 = masterConfig === null || masterConfig === void 0 ? void 0 : (_masterConfig$auth9 = masterConfig.auth) === null || _masterConfig$auth9 === void 0 ? void 0 : (_masterConfig$auth9$o = _masterConfig$auth9.oauthConfig) === null || _masterConfig$auth9$o === void 0 ? void 0 : (_masterConfig$auth9$o2 = _masterConfig$auth9$o.x) === null || _masterConfig$auth9$o2 === void 0 ? void 0 : _masterConfig$auth9$o2.secondaryClientIds) !== null && _masterConfig$auth$oa3 !== void 0 ? _masterConfig$auth$oa3 : [];
_redirectURI2 = masterConfig === null || masterConfig === void 0 ? void 0 : (_masterConfig$auth0 = masterConfig.auth) === null || _masterConfig$auth0 === void 0 ? void 0 : (_masterConfig$auth0$o = _masterConfig$auth0.oauthConfig) === null || _masterConfig$auth0$o === void 0 ? void 0 : _masterConfig$auth0$o.oauthRedirectUri;
_hasVerifier2 = hasPKCEVerifier(OAuthProviders.X);
if (!(_clientId2 && _redirectURI2 && _hasVerifier2 && nonce)) {
_context1.n = 8;
break;
}
_context1.n = 8;
return completePKCERedirect(OAuthProviders.X, /*#__PURE__*/function () {
var _ref9 = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee8(codeVerifier) {
var resp, oidcToken;
return _regenerator().w(function (_context8) {
while (1) switch (_context8.n) {
case 0:
_context8.n = 1;
return client === null || client === void 0 ? void 0 : client.httpClient.proxyOAuth2Authenticate({
provider: "OAUTH2_PROVIDER_X",
authCode: code,
redirectUri: _redirectURI2,
codeVerifier: codeVerifier,
clientId: _clientId2,
nonce: nonce
});
case 1:
resp = _context8.v;
oidcToken = resp === null || resp === void 0 ? void 0 : resp.oidcToken;
if (oidcToken) {
_context8.n = 2;
break;
}
throw new TurnkeyError("Missing OIDC token", TurnkeyErrorCodes.OAUTH_LOGIN_ERROR);
case 2:
return _context8.a(2, oidcToken);
}
}, _callee8);
}));
return function (_x8) {
return _ref9.apply(this, arguments);
};
}(), _secondaryClientIds2);
case 8:
return _context1.a(2);
case 9:
if (!window.location.hash) {
_context1.n = 12;
break;
}
// Parse the URL using our unified helper
_result = parseOAuthResponse(window.location.href);
if (!(!_result || !_result.idToken || _result.flow !== "redirect" || !_result.publicKey)) {
_context1.n = 10;
break;
}
return _context1.a(2);
case 10:
idToken = _result.idToken, _provider = _result.provider, _publicKey = _result.publicKey, _openModal = _result.openModal, _sessionKey = _result.sessionKey, _oauthIntent = _result.oauthIntent;
_isAddProvider = _oauthIntent === OAUTH_INTENT_ADD_PROVIDER;
_metadata = _isAddProvider ? getOAuthAddProviderMetadata() : null;
resolvedProvider = _provider || OAuthProviders.GOOGLE; // Grab Google/Apple secondary client IDs from config for use in completion
_secondaryClientIds3 = (_ref0 = resolvedProvider === OAuthProviders.GOOGLE ? masterConfig === null || masterConfig === void 0 ? void 0 : (_masterConfig$auth1 = masterConfig.auth) === null || _masterConfig$auth1 === void 0 ? void 0 : (_masterConfig$auth1$o = _masterConfig$auth1.oauthConfig) === null || _masterConfig$auth1$o === void 0 ? void 0 : (_masterConfig$auth1$o2 = _masterConfig$auth1$o.google) === null || _masterConfig$auth1$o2 === void 0 ? void 0 : _masterConfig$auth1$o2.secondaryClientIds : resolvedProvider === OAuthProviders.APPLE ? masterConfig === null || masterConfig === void 0 ? void 0 : (_masterConfig$auth10 = masterConfig.auth) === null || _masterConfig$auth10 === void 0 ? void 0 : (_masterConfig$auth10$ = _masterConfig$auth10.oauthConfig) === null || _masterConfig$auth10$ === void 0 ? void 0 : (_masterConfig$auth10$2 = _masterConfig$auth10$.apple) === null || _masterConfig$auth10$2 === void 0 ? void 0 : _masterConfig$auth10$2.secondaryClientIds : undefined) !== null && _ref0 !== void 0 ? _ref0 : []; // Use completeOAuthFlow from utils for the core completion logic
action = /*#__PURE__*/function () {
var _ref1 = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee0() {
return _regenerator().w(function (_context0) {
while (1) switch (_context0.n) {
case 0:
_context0.n = 1;
return completeOAuthFlow({
provider: resolvedProvider,
publicKey: _publicKey,
oidcToken: idToken,
sessionKey: _sessionKey !== null && _sessionKey !== void 0 ? _sessionKey : undefined,
callbacks: callbacks,
completeOauth: function completeOauth(completionParams) {
var _masterConfig$auth11, _masterConfig$auth11$, _completionParams$pro2, _existingCreateSubOrg2;
var existingCreateSubOrgParams = masterConfig === null || masterConfig === void 0 ? void 0 : (_masterConfig$auth11 = masterConfig.auth) === null || _masterConfig$auth11 === void 0 ? void 0 : (_masterConfig$auth11$ = _masterConfig$auth11.createSuborgParams) === null || _masterConfig$auth11$ === void 0 ? void 0 : _masterConfig$auth11$.oauth;
var secondaryProviders = buildSecondaryOauthProviders(completionParams.oidcToken, (_completionParams$pro2 = completionParams.providerName) !== null && _completionParams$pro2 !== void 0 ? _completionParams$pro2 : resolvedProvider, _secondaryClientIds3);
return _completeOauth(_objectSpread2(_objectSpread2({}, completionParams), secondaryProviders.length > 0 && {
createSubOrgParams: _objectSpread2(_objectSpread2({}, existingCreateSubOrgParams), {}, {
oauthProviders: [].concat(_toConsumableArray((_existingCreateSubOrg2 = existingCreateSubOrgParams === null || existingCreateSubOrgParams === void 0 ? void 0 : existingCreateSubOrgParams.oauthProviders) !== null && _existingCreateSubOrg2 !== void 0 ? _existingCreateSubOrg2 : []), _toConsumableArray(secondaryProviders))
})
}));
},
onAddProvider: _isAddProvider && _metadata ? (/*#__PURE__*/function () {
var _ref10 = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee9(oidcToken) {
var oidcClaims;
return _regenerator().w(function (_context9) {
while (1) switch (_context9.n) {
case 0:
oidcClaims = buildSecondaryOidcClaims(oidcToken, _secondaryClientIds3);
_context9.n = 1;
return addOauthProvider(_objectSpread2(_objectSpread2({
providerName: resolvedProvider,
oidcToken: oidcToken
}, oidcClaims.length > 0 && {
oidcClaims: oidcClaims
}), {}, {
organizationId: _metadata.organizationId,
userId: _metadata.userId
}, _metadata.stampWith && {
stampWith: _metadata.stampWith
}));
case 1:
return _context9.a(2);
}
}, _callee9);
}));
return function (_x9) {
return _ref10.apply(this, arguments);
};
}()) : undefined
});
case 1:
return _context0.a(2);
}
}, _callee0);
}));
return function action() {
return _ref1.apply(this, arguments);
};
}();
_context1.n = 11;
return withModalWrapper({
provider: resolvedProvider,
isAddProvider: _isAddProvider,
metadata: _metadata,
openModal: _openModal !== null && _openModal !== void 0 ? _openModal : undefined,
action: action
});
case 11:
// Clean up the URL after processing
cleanupOAuthUrlPreserveSearch();
case 12:
_context1.p = 12;
clearAllOAuthData();
return _context1.f(12);
case 13:
return _context1.a(2);
}
}, _callee1, null, [[0,, 12, 13]]);
}));
return function completeRedirectOauth() {
return _ref2.apply(this, arguments);
};
}();
var buildConfig = function buildConfig(proxyAuthConfig) {
var _config$ui$authModal$, _config$ui, _config$ui$authModal, _config$ui$authModal$2, _config$ui$authModal$3, _config$ui2, _config$ui2$authModal, _config$ui2$authModal2, _config$ui$authModal$4, _config$ui3, _config$ui3$authModal, _config$ui3$authModal2, _config$ui$authModal$5, _config$ui4, _config$ui4$authModal, _config$ui4$authModal2, _config$ui$authModal$6, _config$ui5, _config$ui5$authModal, _config$ui5$authModal2, _config$ui$authModal$7, _config$ui6, _config$ui6$authModal, _config$ui6$authModal2, _config$ui$authModal$8, _config$ui7, _config$ui7$authModal, _config$ui7$authModal2, _config$ui$authModal$9, _config$ui8, _config$ui8$authModal, _config$ui8$authModal2, _config$ui$authModal$0, _config$ui9, _config$ui9$authModal, _config$ui9$authModal2, _config$auth$oauthCon, _config$auth, _config$auth$oauthCon2, _config$auth$oauthCon3, _proxyAuthConfig$oaut, _config$auth$oauthCon4, _config$auth2, _config$auth2$oauthCo, _config$auth2$oauthCo2, _config$auth$oauthCon5, _config$auth3, _config$auth3$oauthCo, _config$auth3$oauthCo2, _proxyAuthConfig$oaut2, _config$auth$oauthCon6, _config$auth4, _config$auth4$oauthCo, _config$auth4$oauthCo2, _config$auth$oauthCon7, _config$auth5, _config$auth5$oauthCo, _config$auth5$oauthCo2, _proxyAuthConfig$oaut3, _config$auth$oauthCon8, _config$auth6, _config$auth6$oauthCo, _config$auth6$oauthCo2, _config$auth$oauthCon9, _config$auth7, _config$auth7$oauthCo, _config$auth7$oauthCo2, _proxyAuthConfig$oaut4, _config$auth$oauthCon0, _config$auth8, _config$auth8$oauthCo, _config$auth8$oauthCo2, _config$auth$oauthCon1, _config$auth9, _config$auth9$oauthCo, _config$auth9$oauthCo2, _proxyAuthConfig$oaut5, _config$auth$oauthCon10, _config$auth0, _config$auth0$oauthCo, _config$auth0$oauthCo2, _config$auth$oauthCon11, _config$auth1, _config$auth1$oauthCo, _config$ui$authModal$1, _config$ui0, _config$ui0$authModal, _config$ui$authModal$10, _config$ui1, _config$ui1$authModal, _proxyAuthConfig$sess, _config$auth13, _ref11, _proxyAuthConfig$otpA, _config$auth14, _ref12, _proxyAuthConfig$otpL, _config$auth15, _config$auth$scopePas, _config$auth16, _config$auth17, _config$auth18, _config$auth18$oauthC, _config$auth$autoRefr, _config$auth19, _config$ui10, _config$autoRefreshMa, _config$walletConfig, _ref13, _resolvedMethods$wall, _config$walletConfig2, _config$walletConfig3, _config$walletConfig$, _config$walletConfig4, _config$walletConfig5, _config$walletConfig6, _config$walletConfig7, _config$walletConfig8, _config$walletConfig$2, _config$walletConfig9, _config$walletConfig0, _config$walletConfig1, _config$walletConfig10, _config$walletConfig11, _config$walletConfig$3, _config$walletConfig12, _config$walletConfig13, _config$walletConfig14, _config$importIframeU, _config$exportIframeU;
// Juggle the local overrides with the values set in the dashboard (proxyAuthConfig).
var resolvedMethods = {
emailOtpAuthEnabled: (_config$ui$authModal$ = (_config$ui = config.ui) === null || _config$ui === void 0 ? void 0 : (_config$ui$authModal = _config$ui.authModal) === null || _config$ui$authModal === void 0 ? void 0 : (_config$ui$authModal$2 = _config$ui$authModal.methods) === null || _config$ui$authModal$2 === void 0 ? void 0 : _config$ui$authModal$2.emailOtpAuthEnabled) !== null && _config$ui$authModal$ !== void 0 ? _config$ui$authModal$ : proxyAuthConfig === null || proxyAuthConfig === void 0 ? void 0 : proxyAuthConfig.enabledProviders.includes("email"),
smsOtpAuthEnabled: (_config$ui$authModal$3 = (_config$ui2 = config.ui) === null || _config$ui2 === void 0 ? void 0 : (_config$ui2$authModal = _config$ui2.authModal) === null || _config$ui2$authModal === void 0 ? void 0 : (_config$ui2$authModal2 = _config$ui2$authModal.methods) === null || _config$ui2$authModal2 === void 0 ? void 0 : _config$ui2$authModal2.smsOtpAuthEnabled) !== null && _config$ui$authModal$3 !== void 0 ? _config$ui$authModal$3 : proxyAuthConfig === null || proxyAuthConfig === void 0 ? void 0 : proxyAuthConfig.enabledProviders.includes("sms"),
passkeyAuthEnabled: (_config$ui$authModal$4 = (_config$ui3 = config.ui) === null || _config$ui3 === void 0 ? void 0 : (_config$ui3$authModal = _config$ui3.authModal) === null || _config$ui3$authModal === void 0 ? void 0 : (_config$ui3$authModal2 = _config$ui3$authModal.methods) === null || _config$ui3$authModal2 === void 0 ? void 0 : _config$ui3$authModal2.passkeyAuthEnabled) !== null && _config$ui$authModal$4 !== void 0 ? _config$ui$authModal$4 : proxyAuthConfig === null || proxyAuthConfig === void 0 ? void 0 : proxyAuthConfig.enabledProviders.includes("passkey"),
walletAuthEnabled: (_config$ui$authModal$5 = (_config$ui4 = config.ui) === null || _config$ui4 === void 0 ? void 0 : (_config$ui4$authModal = _config$ui4.authModal) === null || _config$ui4$authModal === void 0 ? void 0 : (_config$ui4$authModal2 = _config$ui4$authModal.methods) === null || _config$ui4$authModal2 === void 0 ? void 0 : _config$ui4$authModal2.walletAuthEnabled) !== null && _config$ui$authModal$5 !== void 0 ? _config$ui$authModal$5 : proxyAuthConfig === null || proxyAuthConfig === void 0 ? void 0 : proxyAuthConfig.enabledProviders.includes("wallet"),
googleOauthEnabled: (_config$ui$authModal$6 = (_config$ui5 = config.ui) === null || _config$ui5 === void 0 ? void 0 : (_config$ui5$authModal = _config$ui5.authModal) === null || _config$ui5$authModal === void 0 ? void 0 : (_config$ui5$authModal2 = _config$ui5$authModal.methods) === null || _config$ui5$authModal2 === void 0 ? void 0 : _config$ui5$authModal2.googleOauthEnabled) !== null && _config$ui$authModal$6 !== void 0 ? _config$ui$authModal$6 : proxyAuthConfig === null || proxyAuthConfig === void 0 ? void 0 : proxyAuthConfig.enabledProviders.includes("google"),
xOauthEnabled: (_config$ui$authModal$7 = (_config$ui6 = config.ui) === null || _config$ui6 === void 0 ? void 0 : (_config$ui6$authModal = _config$ui6.authModal) === null || _config$ui6$authModal === void 0 ? void 0 : (_config$ui6$authModal2 = _config$ui6$authModal.methods) === null || _config$ui6$authModal2 === void 0 ? void 0 : _config$ui6$authModal2.xOauthEnabled) !== null && _config$ui$authModal$7 !== void 0 ? _config$ui$authModal$7 : proxyAuthConfig === null || proxyAuthConfig === void 0 ? void 0 : proxyAuthConfig.enabledProviders.includes("x"),
discordOauthEnabled: (_config$ui$authModal$8 = (_config$ui7 = config.ui) === null || _config$ui7 === void 0 ? void 0 : (_config$ui7$authModal = _config$ui7.authModal) === null || _config$ui7$authModal === void 0 ? void 0 : (_config$ui7$authModal2 = _config$ui7$authModal.methods) === null || _config$ui7$authModal2 === void 0 ? void 0 : _config$ui7$authModal2.discordOauthEnabled) !== null && _config$ui$authModal$8 !== void 0 ? _config$ui$authModal$8 : proxyAuthConfig === null || proxyAuthConfig === void 0 ? void 0 : proxyAuthConfig.enabledProviders.includes("discord"),
appleOauthEnabled: (_config$ui$authModal$9 = (_config$ui8 = config.ui) === null || _config$ui8 === void 0 ? void 0 : (_config$ui8$authModal = _config$ui8.authModal) === null || _config$ui8$authModal === void 0 ? void 0 : (_config$ui8$authModal2 = _config$ui8$authModal.methods) === null || _config$ui8$authModal2 === void 0 ? void 0 : _config$ui8$authModal2.appleOauthEnabled) !== null && _config$ui$authModal$9 !== void 0 ? _config$ui$authModal$9 : proxyAuthConfig === null || proxyAuthConfig === void 0 ? void 0 : proxyAuthConfig.enabledProviders.includes("apple"),
facebookOauthEnabled: (_config$ui$authModal$0 = (_config$ui9 = config.ui) === null || _config$ui9 === void 0 ? void 0 : (_config$ui9$authModal = _config$ui9.authModal) === null || _config$ui9$authModal === void 0 ? void 0 : (_config$ui9$authModal2 = _config$ui9$authModal.methods) === null || _config$ui9$authModal2 === void 0 ? void 0 : _config$ui9$authModal2.facebookOauthEnabled) !== null && _config$ui$authModal$0 !== void 0 ? _config$ui$authModal$0 : proxyAuthConfig === null || proxyAuthConfig === void 0 ? void 0 : proxyAuthConfig.enabledProviders.includes("facebook")
};
var resolvedOauthProviders = {
google: {
primaryClientId: (_config$auth$oauthCon = (_config$auth = config.auth) === null || _config$auth === void 0 ? void 0 : (_config$auth$oauthCon2 = _config$auth.oauthConfig) === null || _config$auth$oauthCon2 === void 0 ? void 0 : (_config$auth$oauthCon3 = _config$auth$oauthCon2.google) === null || _config$auth$oauthCon3 === void 0 ? void 0 : _config$auth$oauthCon3.primaryClientId) !== null && _config$auth$oauthCon !== void 0 ? _config$auth$oauthCon : proxyAuthConfig === null || proxyAuthConfig === void 0 ? void 0 : (_proxyAuthConfig$oaut = proxyAuthConfig.oauthClientIds) === null || _proxyAuthConfig$oaut === void 0 ? void 0 : _proxyAuthConfig$oaut.google,
secondaryClientIds: (_config$auth$oauthCon4 = (_config$auth2 = config.auth) === null || _config$auth2 === void 0 ? void 0 : (_config$auth2$oauthCo = _config$auth2.oauthConfig) === null || _config$auth2$oauthCo === void 0 ? void 0 : (_config$auth2$oauthCo2 = _config$auth2$oauthCo.google) === null || _config$auth2$oauthCo2 === void 0 ? void 0 : _config$auth2$oauthCo2.secondaryClientIds) !== null && _config$auth$oauthCon4 !== void 0 ? _config$auth$oauthCon4 : []
},
apple: {
primaryClientId: (_config$auth$oauthCon5 = (_config$auth3 = config.auth) === null || _config$auth3 === void 0 ? void 0 : (_config$auth3$oauthCo = _config$auth3.oauthConfig) === null || _config$auth3$oauthCo === void 0 ? void 0 : (_config$auth3$oauthCo2 = _config$auth3$oauthCo.apple) === null || _config$auth3$oauthCo2 === void 0 ? void 0 : _config$auth3$oauthCo2.primaryClientId) !== null && _config$auth$oauthCon5 !== void 0 ? _config$auth$oauthCon5 : proxyAuthConfig === null || proxyAuthConfig === void 0 ? void 0 : (_proxyAuthConfig$oaut2 = proxyAuthConfig.oauthClientIds) === null || _proxyAuthConfig$oaut2 ==