UNPKG

@turnkey/react-wallet-kit

Version:

The easiest and most powerful way to integrate Turnkey's Embedded Wallets into your React applications.

615 lines (614 loc) 386 kB
'use client'; import { slicedToArray as _slicedToArray, asyncToGenerator as _asyncToGenerator, regenerator as _regenerator, objectSpread2 as _objectSpread2, toConsumableArray as _toConsumableArray } from '../../_virtual/_rollupPluginBabelHelpers.mjs'; import { jsx } from 'react/jsx-runtime'; import { sha256 } from '@noble/hashes/sha2'; import { bytesToHex } from '@noble/hashes/utils'; import { storePKCEVerifier, storeOAuthAddProviderMetadata, clearAllOAuthData, getOAuthAddProviderMetadata, hasPKCEVerifier, OAUTH_INTENT_ADD_PROVIDER } from '../../utils/oauth/storage.mjs'; import '../../utils/oauth/config.mjs'; import { parseOAuthResponse, openOAuthPopup, buildOAuthUrl, redirectToOAuthProvider, cleanupOAuthUrlPreserveSearch, cleanupOAuthUrl } from '../../utils/oauth/url.mjs'; import { completeOAuthPopup, completeOAuthFlow, completePKCEFlow } from '../../utils/oauth/completion.mjs'; import { generateChallengePair, exchangeFacebookCodeForToken } from '../../utils/oauth/pkce.mjs'; import { capitalizeProviderName, getProviderIcon } from '../../utils/oauth/helpers.mjs'; import { useWalletProviderState, useDebouncedCallback, isValidSession, withTurnkeyErrorHandling, SESSION_WARNING_THRESHOLD_MS, mergeWalletsWithoutDuplicates } from '../../utils/utils.mjs'; import { clearKeys, clearAll, setCappedTimeoutInMap, clearKey, setTimeoutInMap } from '../../utils/timers.mjs'; import { resetPasskeyScope, DEFAULT_SESSION_EXPIRATION_IN_SECONDS, OtpType, applyPasskeyScope, buildSecondaryOauthProviders, TurnkeyClient, Chain, WalletInterfaceType, getAuthProxyConfig, WalletSource, buildSecondaryOidcClaims } from '@turnkey/core'; import { useState, useRef, useCallback, useEffect } from 'react'; import { TurnkeyError, TurnkeyErrorCodes, TurnkeyNetworkError, AuthAction, OAuthProviders, FiatOnRampCryptoCurrency, FiatOnRampBlockchainNetwork } from '@turnkey/sdk-types'; import { useModal } from '../modal/Hook.mjs'; import { AuthState, ClientState, AuthMethod, ExportType, ImportType } from '../../types/base.mjs'; import { AuthComponent } from '../../components/auth/index.mjs'; import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; import { ActionPage } from '../../components/auth/Action.mjs'; import { SignMessageModal } from '../../components/sign/Message.mjs'; import { ExportComponent } from '../../components/export/Export.mjs'; import { ImportComponent } from '../../components/import/Import.mjs'; import { SuccessPage } from '../../components/design/Success.mjs'; import { UpdateEmail } from '../../components/user/UpdateEmail.mjs'; import { UpdatePhoneNumber } from '../../components/user/UpdatePhoneNumber.mjs'; import { UpdateUserName } from '../../components/user/UpdateUserName.mjs'; import { RemoveOAuthProvider } from '../../components/user/RemoveOAuthProvider.mjs'; import { RemovePasskey } from '../../components/user/RemovePasskey.mjs'; import { ConnectWalletModal } from '../../components/user/ConnectWallet.mjs'; import { ClientContext } from './Types.mjs'; import { WalletConnectProvider } from '../WalletConnectProvider.mjs'; import { OtpVerification } from '../../components/auth/OTP.mjs'; import { RemoveEmail } from '../../components/user/RemoveEmail.mjs'; import { RemovePhoneNumber } from '../../components/user/RemovePhoneNumber.mjs'; import { VerifyPage } from '../../components/verify/Verify.mjs'; import { OnRampPage } from '../../components/onramp/OnRamp.mjs'; import { CoinbaseLogo, MoonPayLogo } from '../../components/design/Svg.mjs'; import { SendTransactionPage } from '../../components/send-transaction/SendTransaction.mjs'; import { getChainLogo } from '../../components/send-transaction/helpers.mjs'; /** * Provides Turnkey client authentication, session management, wallet operations, and user profile management * for the React Wallet Kit SDK. This context provider encapsulates all core authentication flows (Passkey, Wallet, OTP, OAuth), * session lifecycle (creation, expiration, refresh), wallet connecting/import/export, and user profile updates (email, phone, name). * * The provider automatically initializes the Turnkey client, fetches configuration (including proxy auth config if needed), * and synchronizes session and authentication state. It exposes a comprehensive set of methods for authentication flows, * wallet management, and user profile operations, as well as UI handlers for modal-driven flows. * * Features: * - Passkey, Wallet, OTP (Email/SMS), and OAuth (Google, Apple, Facebook, X, Discord) authentication and sign-up flows. * - Session management: creation, expiration scheduling, refresh, and clearing. * - Wallet management: fetch, connect, import, export, account management. * - User profile management: email, phone, name, OAuth provider, and passkey linking/removal. * - Modal-driven UI flows for authentication, wallet connecting, and profile updates. * - Error handling and callback integration for custom error and event responses. * * Usage: * Wrap your application with `TurnkeyProvider` to enable authentication and wallet features via context. * * @param config - The Turnkey provider configuration object. * @param children - React children to be rendered within the provider. * @param callbacks - Optional callbacks for error handling and session events. * * @returns A React context provider exposing authentication, wallet, and user management methods and state. */ var ClientProvider = function ClientProvider(_ref) { var _config$autoFetchWall, _masterConfig$auth31, _masterConfig$auth33, _masterConfig$auth35; var config = _ref.config, children = _ref.children, callbacks = _ref.callbacks; var _useState = useState(undefined), _useState2 = _slicedToArray(_useState, 2), client = _useState2[0], setClient = _useState2[1]; var _useState3 = useState(undefined), _useState4 = _slicedToArray(_useState3, 2), session = _useState4[0], setSession = _useState4[1]; var _useState5 = useState(undefined), _useState6 = _slicedToArray(_useState5, 2), masterConfig = _useState6[0], setMasterConfig = _useState6[1]; var _useState7 = useState([]), _useState8 = _slicedToArray(_useState7, 2), wallets = _useState8[0], setWallets = _useState8[1]; var _useState9 = useState(undefined), _useState0 = _slicedToArray(_useState9, 2), user = _useState0[0], setUser = _useState0[1]; var _useState1 = useState(), _useState10 = _slicedToArray(_useState1, 2), clientState = _useState10[0], setClientState = _useState10[1]; var _useState11 = useState(AuthState.Unauthenticated), _useState12 = _slicedToArray(_useState11, 2), authState = _useState12[0], setAuthState = _useState12[1]; // if there is no authProxyConfigId or if autoFetchWalletKitConfig is specifically // set to false, we don't need to fetch the config var shouldFetchWalletKitConfig = !!config.authProxyConfigId && ((_config$autoFetchWall = config.autoFetchWalletKitConfig) !== null && _config$autoFetchWall !== void 0 ? _config$autoFetchWall : true); // we use this custom hook to only update the state if the value is different // this is so our useEffect that calls `initializeWalletProviderListeners()` only runs when it needs to var _useWalletProviderSta = useWalletProviderState(), _useWalletProviderSta2 = _slicedToArray(_useWalletProviderSta, 2), walletProviders = _useWalletProviderSta2[0], setWalletProviders = _useWalletProviderSta2[1]; var expiryTimeoutsRef = useRef({}); var proxyAuthConfigRef = useRef(null); var _useState13 = useState(undefined), _useState14 = _slicedToArray(_useState13, 2), allSessions = _useState14[0], setAllSessions = _useState14[1]; var _useModal = useModal(), isMobile = _useModal.isMobile, pushPage = _useModal.pushPage, popPage = _useModal.popPage, closeModal = _useModal.closeModal; var completeRedirectOauth = /*#__PURE__*/function () { var _ref2 = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee1() { var withModalWrapper, result, code, provider, publicKey, oauthIntent, sessionKey, nonce, openModal, isAddProvider, metadata, completePKCERedirect, _masterConfig$auth2, _masterConfig$auth2$o, _masterConfig$auth2$o2, _masterConfig$auth$oa, _masterConfig$auth3, _masterConfig$auth3$o, _masterConfig$auth3$o2, _masterConfig$auth4, _masterConfig$auth4$o, clientId, secondaryClientIds, redirectURI, hasVerifier, _masterConfig$auth5, _masterConfig$auth5$o, _masterConfig$auth5$o2, _masterConfig$auth$oa2, _masterConfig$auth6, _masterConfig$auth6$o, _masterConfig$auth6$o2, _masterConfig$auth7, _masterConfig$auth7$o, _clientId, _secondaryClientIds, _redirectURI, _hasVerifier, _masterConfig$auth8, _masterConfig$auth8$o, _masterConfig$auth8$o2, _masterConfig$auth$oa3, _masterConfig$auth9, _masterConfig$auth9$o, _masterConfig$auth9$o2, _masterConfig$auth0, _masterConfig$auth0$o, _clientId2, _secondaryClientIds2, _redirectURI2, _hasVerifier2, _ref0, _masterConfig$auth1, _masterConfig$auth1$o, _masterConfig$auth1$o2, _masterConfig$auth10, _masterConfig$auth10$, _masterConfig$auth10$2, _result, idToken, _provider, _publicKey, _openModal, _sessionKey, _oauthIntent, _isAddProvider, _metadata, resolvedProvider, _secondaryClientIds3, action; return _regenerator().w(function (_context1) { while (1) switch (_context1.p = _context1.n) { case 0: _context1.p = 0; if (!(!window.location.hash && !window.location.search)) { _context1.n = 1; break; } return _context1.a(2); case 1: /** * Wraps an OAuth completion action with optional modal UI. * This is the key difference between redirect and popup flows: * - Popup: No modal needed (the popup window itself is the UI) * - Redirect: Optional modal to show loading/success states on return */ withModalWrapper = /*#__PURE__*/function () { var _ref3 = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee2(params) { var provider, isAddProvider, metadata, openModal, _action, providerDisplayName, icon; return _regenerator().w(function (_context2) { while (1) switch (_context2.n) { case 0: provider = params.provider, isAddProvider = params.isAddProvider, metadata = params.metadata, openModal = params.openModal, _action = params.action; providerDisplayName = capitalizeProviderName(provider); icon = getProviderIcon(provider); if (!(openModal === "true")) { _context2.n = 2; break; } _context2.n = 1; return new Promise(function (resolve, reject) { pushPage({ key: "".concat(providerDisplayName, " OAuth"), content: jsx(ActionPage, { closeOnComplete: isAddProvider ? false : true, title: isAddProvider ? "Adding ".concat(providerDisplayName, " provider...") : "Authenticating with ".concat(providerDisplayName, "..."), action: function () { var _action2 = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee() { var _metadata$successPage, _t; return _regenerator().w(function (_context) { while (1) switch (_context.p = _context.n) { case 0: _context.p = 0; _context.n = 1; return _action(); case 1: if (isAddProvider && metadata) { // Don't show success for auth. Not needed pushPage({ key: "OAuth Provider Added", content: jsx(SuccessPage, { text: "Successfully added ".concat(providerDisplayName, " OAuth provider!"), duration: (_metadata$successPage = metadata.successPageDuration) !== null && _metadata$successPage !== void 0 ? _metadata$successPage : 2000, onComplete: function onComplete() { closeModal(); } }), preventBack: true, showTitle: false }); } resolve(); _context.n = 3; break; case 2: _context.p = 2; _t = _context.v; reject(_t); popPage(); case 3: return _context.a(2); } }, _callee, null, [[0, 2]]); })); function action() { return _action2.apply(this, arguments); } return action; }(), icon: jsx(FontAwesomeIcon, { icon: icon, size: "3x" }) }), showTitle: false, onClose: function onClose() { reject(new TurnkeyError(isAddProvider ? "User canceled the ".concat(providerDisplayName, " add provider process.") : "User canceled the ".concat(providerDisplayName, " authentication process."), TurnkeyErrorCodes.USER_CANCELED)); } }); }); case 1: _context2.n = 3; break; case 2: _context2.n = 3; return _action(); case 3: return _context2.a(2); } }, _callee2); })); return function withModalWrapper(_x) { return _ref3.apply(this, arguments); }; }(); // Handle PKCE-based OAuth redirects (Facebook, Discord, X) with code in search parameters if (!(window.location.search && window.location.search.includes("code=") && window.location.search.includes("state="))) { _context1.n = 9; break; } // Parse the URL using our unified helper result = parseOAuthResponse(window.location.href); if (!(!result || !result.authCode || !result.publicKey)) { _context1.n = 2; break; } return _context1.a(2); case 2: if (!(result.flow !== "redirect")) { _context1.n = 3; break; } return _context1.a(2); case 3: code = result.authCode, provider = result.provider, publicKey = result.publicKey, oauthIntent = result.oauthIntent, sessionKey = result.sessionKey, nonce = result.nonce, openModal = result.openModal; isAddProvider = oauthIntent === OAUTH_INTENT_ADD_PROVIDER; metadata = isAddProvider ? getOAuthAddProviderMetadata() : null; /** * Helper to complete PKCE redirect flow with optional modal wrapper. * Uses handlePKCEFlow from oauth utils for the core logic. * We put this in a separate function to avoid duplicating for each provider. */ completePKCERedirect = /*#__PURE__*/function () { var _ref4 = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee5(providerName, exchangeCodeFn, secondaryClientIds) { var action; return _regenerator().w(function (_context5) { while (1) switch (_context5.n) { case 0: action = /*#__PURE__*/function () { var _ref5 = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee4() { var providerDisplayName, _t2; return _regenerator().w(function (_context4) { while (1) switch (_context4.p = _context4.n) { case 0: _context4.p = 0; _context4.n = 1; return completePKCEFlow({ publicKey: publicKey, providerName: providerName, sessionKey: sessionKey !== null && sessionKey !== void 0 ? sessionKey : undefined, callbacks: callbacks, completeOauth: function completeOauth(completionParams) { var _masterConfig$auth, _masterConfig$auth$cr, _completionParams$pro, _existingCreateSubOrg; var existingCreateSubOrgParams = masterConfig === null || masterConfig === void 0 ? void 0 : (_masterConfig$auth = masterConfig.auth) === null || _masterConfig$auth === void 0 ? void 0 : (_masterConfig$auth$cr = _masterConfig$auth.createSuborgParams) === null || _masterConfig$auth$cr === void 0 ? void 0 : _masterConfig$auth$cr.oauth; var secondaryProviders = buildSecondaryOauthProviders(completionParams.oidcToken, (_completionParams$pro = completionParams.providerName) !== null && _completionParams$pro !== void 0 ? _completionParams$pro : providerName, secondaryClientIds); return _completeOauth(_objectSpread2(_objectSpread2({}, completionParams), secondaryProviders.length > 0 && { createSubOrgParams: _objectSpread2(_objectSpread2({}, existingCreateSubOrgParams), {}, { oauthProviders: [].concat(_toConsumableArray((_existingCreateSubOrg = existingCreateSubOrgParams === null || existingCreateSubOrgParams === void 0 ? void 0 : existingCreateSubOrgParams.oauthProviders) !== null && _existingCreateSubOrg !== void 0 ? _existingCreateSubOrg : []), _toConsumableArray(secondaryProviders)) }) })); }, onAddProvider: // Only set onAddProvider if we are adding a provider and have metadata isAddProvider && metadata ? (/*#__PURE__*/function () { var _ref6 = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee3(oidcToken) { var oidcClaims; return _regenerator().w(function (_context3) { while (1) switch (_context3.n) { case 0: oidcClaims = buildSecondaryOidcClaims(oidcToken, secondaryClientIds); _context3.n = 1; return addOauthProvider(_objectSpread2(_objectSpread2({ providerName: provider, oidcToken: oidcToken }, oidcClaims.length > 0 && { oidcClaims: oidcClaims }), {}, { organizationId: metadata.organizationId, userId: metadata.userId }, metadata.stampWith && { stampWith: metadata.stampWith })); case 1: return _context3.a(2); } }, _callee3); })); return function (_x5) { return _ref6.apply(this, arguments); }; }()) : undefined, exchangeCodeForToken: exchangeCodeFn }); case 1: _context4.n = 3; break; case 2: _context4.p = 2; _t2 = _context4.v; if (callbacks !== null && callbacks !== void 0 && callbacks.onError) { providerDisplayName = capitalizeProviderName(providerName); callbacks.onError(_t2 instanceof TurnkeyError ? _t2 : new TurnkeyError("".concat(providerDisplayName, " authentication failed"), TurnkeyErrorCodes.OAUTH_SIGNUP_ERROR, _t2)); } throw _t2; case 3: return _context4.a(2); } }, _callee4, null, [[0, 2]]); })); return function action() { return _ref5.apply(this, arguments); }; }(); _context5.n = 1; return withModalWrapper({ provider: providerName, isAddProvider: isAddProvider, metadata: metadata, openModal: openModal, action: action }); case 1: // Clean up URL after successful completion cleanupOAuthUrl(); case 2: return _context5.a(2); } }, _callee5); })); return function completePKCERedirect(_x2, _x3, _x4) { return _ref4.apply(this, arguments); }; }(); // FACEBOOK if (!(provider === OAuthProviders.FACEBOOK)) { _context1.n = 5; break; } clientId = masterConfig === null || masterConfig === void 0 ? void 0 : (_masterConfig$auth2 = masterConfig.auth) === null || _masterConfig$auth2 === void 0 ? void 0 : (_masterConfig$auth2$o = _masterConfig$auth2.oauthConfig) === null || _masterConfig$auth2$o === void 0 ? void 0 : (_masterConfig$auth2$o2 = _masterConfig$auth2$o.facebook) === null || _masterConfig$auth2$o2 === void 0 ? void 0 : _masterConfig$auth2$o2.primaryClientId; secondaryClientIds = (_masterConfig$auth$oa = masterConfig === null || masterConfig === void 0 ? void 0 : (_masterConfig$auth3 = masterConfig.auth) === null || _masterConfig$auth3 === void 0 ? void 0 : (_masterConfig$auth3$o = _masterConfig$auth3.oauthConfig) === null || _masterConfig$auth3$o === void 0 ? void 0 : (_masterConfig$auth3$o2 = _masterConfig$auth3$o.facebook) === null || _masterConfig$auth3$o2 === void 0 ? void 0 : _masterConfig$auth3$o2.secondaryClientIds) !== null && _masterConfig$auth$oa !== void 0 ? _masterConfig$auth$oa : []; redirectURI = masterConfig === null || masterConfig === void 0 ? void 0 : (_masterConfig$auth4 = masterConfig.auth) === null || _masterConfig$auth4 === void 0 ? void 0 : (_masterConfig$auth4$o = _masterConfig$auth4.oauthConfig) === null || _masterConfig$auth4$o === void 0 ? void 0 : _masterConfig$auth4$o.oauthRedirectUri; hasVerifier = hasPKCEVerifier(OAuthProviders.FACEBOOK); if (!(clientId && redirectURI && hasVerifier)) { _context1.n = 4; break; } _context1.n = 4; return completePKCERedirect(OAuthProviders.FACEBOOK, /*#__PURE__*/function () { var _ref7 = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee6(codeVerifier) { var tokenResponse, oidcToken; return _regenerator().w(function (_context6) { while (1) switch (_context6.n) { case 0: _context6.n = 1; return exchangeFacebookCodeForToken(clientId, redirectURI, code, codeVerifier); case 1: tokenResponse = _context6.v; oidcToken = tokenResponse === null || tokenResponse === void 0 ? void 0 : tokenResponse.id_token; if (oidcToken) { _context6.n = 2; break; } throw new TurnkeyError("Missing OIDC token", TurnkeyErrorCodes.OAUTH_LOGIN_ERROR); case 2: return _context6.a(2, oidcToken); } }, _callee6); })); return function (_x6) { return _ref7.apply(this, arguments); }; }(), secondaryClientIds); case 4: return _context1.a(2); case 5: if (!(provider === OAuthProviders.DISCORD)) { _context1.n = 7; break; } _clientId = masterConfig === null || masterConfig === void 0 ? void 0 : (_masterConfig$auth5 = masterConfig.auth) === null || _masterConfig$auth5 === void 0 ? void 0 : (_masterConfig$auth5$o = _masterConfig$auth5.oauthConfig) === null || _masterConfig$auth5$o === void 0 ? void 0 : (_masterConfig$auth5$o2 = _masterConfig$auth5$o.discord) === null || _masterConfig$auth5$o2 === void 0 ? void 0 : _masterConfig$auth5$o2.primaryClientId; _secondaryClientIds = (_masterConfig$auth$oa2 = masterConfig === null || masterConfig === void 0 ? void 0 : (_masterConfig$auth6 = masterConfig.auth) === null || _masterConfig$auth6 === void 0 ? void 0 : (_masterConfig$auth6$o = _masterConfig$auth6.oauthConfig) === null || _masterConfig$auth6$o === void 0 ? void 0 : (_masterConfig$auth6$o2 = _masterConfig$auth6$o.discord) === null || _masterConfig$auth6$o2 === void 0 ? void 0 : _masterConfig$auth6$o2.secondaryClientIds) !== null && _masterConfig$auth$oa2 !== void 0 ? _masterConfig$auth$oa2 : []; _redirectURI = masterConfig === null || masterConfig === void 0 ? void 0 : (_masterConfig$auth7 = masterConfig.auth) === null || _masterConfig$auth7 === void 0 ? void 0 : (_masterConfig$auth7$o = _masterConfig$auth7.oauthConfig) === null || _masterConfig$auth7$o === void 0 ? void 0 : _masterConfig$auth7$o.oauthRedirectUri; _hasVerifier = hasPKCEVerifier(OAuthProviders.DISCORD); if (!(_clientId && _redirectURI && _hasVerifier && nonce)) { _context1.n = 6; break; } _context1.n = 6; return completePKCERedirect(OAuthProviders.DISCORD, /*#__PURE__*/function () { var _ref8 = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee7(codeVerifier) { var resp, oidcToken; return _regenerator().w(function (_context7) { while (1) switch (_context7.n) { case 0: _context7.n = 1; return client === null || client === void 0 ? void 0 : client.httpClient.proxyOAuth2Authenticate({ provider: "OAUTH2_PROVIDER_DISCORD", authCode: code, redirectUri: _redirectURI, codeVerifier: codeVerifier, clientId: _clientId, nonce: nonce }); case 1: resp = _context7.v; oidcToken = resp === null || resp === void 0 ? void 0 : resp.oidcToken; if (oidcToken) { _context7.n = 2; break; } throw new TurnkeyError("Missing OIDC token", TurnkeyErrorCodes.OAUTH_LOGIN_ERROR); case 2: return _context7.a(2, oidcToken); } }, _callee7); })); return function (_x7) { return _ref8.apply(this, arguments); }; }(), _secondaryClientIds); case 6: return _context1.a(2); case 7: if (!(provider === OAuthProviders.X)) { _context1.n = 9; break; } _clientId2 = masterConfig === null || masterConfig === void 0 ? void 0 : (_masterConfig$auth8 = masterConfig.auth) === null || _masterConfig$auth8 === void 0 ? void 0 : (_masterConfig$auth8$o = _masterConfig$auth8.oauthConfig) === null || _masterConfig$auth8$o === void 0 ? void 0 : (_masterConfig$auth8$o2 = _masterConfig$auth8$o.x) === null || _masterConfig$auth8$o2 === void 0 ? void 0 : _masterConfig$auth8$o2.primaryClientId; _secondaryClientIds2 = (_masterConfig$auth$oa3 = masterConfig === null || masterConfig === void 0 ? void 0 : (_masterConfig$auth9 = masterConfig.auth) === null || _masterConfig$auth9 === void 0 ? void 0 : (_masterConfig$auth9$o = _masterConfig$auth9.oauthConfig) === null || _masterConfig$auth9$o === void 0 ? void 0 : (_masterConfig$auth9$o2 = _masterConfig$auth9$o.x) === null || _masterConfig$auth9$o2 === void 0 ? void 0 : _masterConfig$auth9$o2.secondaryClientIds) !== null && _masterConfig$auth$oa3 !== void 0 ? _masterConfig$auth$oa3 : []; _redirectURI2 = masterConfig === null || masterConfig === void 0 ? void 0 : (_masterConfig$auth0 = masterConfig.auth) === null || _masterConfig$auth0 === void 0 ? void 0 : (_masterConfig$auth0$o = _masterConfig$auth0.oauthConfig) === null || _masterConfig$auth0$o === void 0 ? void 0 : _masterConfig$auth0$o.oauthRedirectUri; _hasVerifier2 = hasPKCEVerifier(OAuthProviders.X); if (!(_clientId2 && _redirectURI2 && _hasVerifier2 && nonce)) { _context1.n = 8; break; } _context1.n = 8; return completePKCERedirect(OAuthProviders.X, /*#__PURE__*/function () { var _ref9 = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee8(codeVerifier) { var resp, oidcToken; return _regenerator().w(function (_context8) { while (1) switch (_context8.n) { case 0: _context8.n = 1; return client === null || client === void 0 ? void 0 : client.httpClient.proxyOAuth2Authenticate({ provider: "OAUTH2_PROVIDER_X", authCode: code, redirectUri: _redirectURI2, codeVerifier: codeVerifier, clientId: _clientId2, nonce: nonce }); case 1: resp = _context8.v; oidcToken = resp === null || resp === void 0 ? void 0 : resp.oidcToken; if (oidcToken) { _context8.n = 2; break; } throw new TurnkeyError("Missing OIDC token", TurnkeyErrorCodes.OAUTH_LOGIN_ERROR); case 2: return _context8.a(2, oidcToken); } }, _callee8); })); return function (_x8) { return _ref9.apply(this, arguments); }; }(), _secondaryClientIds2); case 8: return _context1.a(2); case 9: if (!window.location.hash) { _context1.n = 12; break; } // Parse the URL using our unified helper _result = parseOAuthResponse(window.location.href); if (!(!_result || !_result.idToken || _result.flow !== "redirect" || !_result.publicKey)) { _context1.n = 10; break; } return _context1.a(2); case 10: idToken = _result.idToken, _provider = _result.provider, _publicKey = _result.publicKey, _openModal = _result.openModal, _sessionKey = _result.sessionKey, _oauthIntent = _result.oauthIntent; _isAddProvider = _oauthIntent === OAUTH_INTENT_ADD_PROVIDER; _metadata = _isAddProvider ? getOAuthAddProviderMetadata() : null; resolvedProvider = _provider || OAuthProviders.GOOGLE; // Grab Google/Apple secondary client IDs from config for use in completion _secondaryClientIds3 = (_ref0 = resolvedProvider === OAuthProviders.GOOGLE ? masterConfig === null || masterConfig === void 0 ? void 0 : (_masterConfig$auth1 = masterConfig.auth) === null || _masterConfig$auth1 === void 0 ? void 0 : (_masterConfig$auth1$o = _masterConfig$auth1.oauthConfig) === null || _masterConfig$auth1$o === void 0 ? void 0 : (_masterConfig$auth1$o2 = _masterConfig$auth1$o.google) === null || _masterConfig$auth1$o2 === void 0 ? void 0 : _masterConfig$auth1$o2.secondaryClientIds : resolvedProvider === OAuthProviders.APPLE ? masterConfig === null || masterConfig === void 0 ? void 0 : (_masterConfig$auth10 = masterConfig.auth) === null || _masterConfig$auth10 === void 0 ? void 0 : (_masterConfig$auth10$ = _masterConfig$auth10.oauthConfig) === null || _masterConfig$auth10$ === void 0 ? void 0 : (_masterConfig$auth10$2 = _masterConfig$auth10$.apple) === null || _masterConfig$auth10$2 === void 0 ? void 0 : _masterConfig$auth10$2.secondaryClientIds : undefined) !== null && _ref0 !== void 0 ? _ref0 : []; // Use completeOAuthFlow from utils for the core completion logic action = /*#__PURE__*/function () { var _ref1 = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee0() { return _regenerator().w(function (_context0) { while (1) switch (_context0.n) { case 0: _context0.n = 1; return completeOAuthFlow({ provider: resolvedProvider, publicKey: _publicKey, oidcToken: idToken, sessionKey: _sessionKey !== null && _sessionKey !== void 0 ? _sessionKey : undefined, callbacks: callbacks, completeOauth: function completeOauth(completionParams) { var _masterConfig$auth11, _masterConfig$auth11$, _completionParams$pro2, _existingCreateSubOrg2; var existingCreateSubOrgParams = masterConfig === null || masterConfig === void 0 ? void 0 : (_masterConfig$auth11 = masterConfig.auth) === null || _masterConfig$auth11 === void 0 ? void 0 : (_masterConfig$auth11$ = _masterConfig$auth11.createSuborgParams) === null || _masterConfig$auth11$ === void 0 ? void 0 : _masterConfig$auth11$.oauth; var secondaryProviders = buildSecondaryOauthProviders(completionParams.oidcToken, (_completionParams$pro2 = completionParams.providerName) !== null && _completionParams$pro2 !== void 0 ? _completionParams$pro2 : resolvedProvider, _secondaryClientIds3); return _completeOauth(_objectSpread2(_objectSpread2({}, completionParams), secondaryProviders.length > 0 && { createSubOrgParams: _objectSpread2(_objectSpread2({}, existingCreateSubOrgParams), {}, { oauthProviders: [].concat(_toConsumableArray((_existingCreateSubOrg2 = existingCreateSubOrgParams === null || existingCreateSubOrgParams === void 0 ? void 0 : existingCreateSubOrgParams.oauthProviders) !== null && _existingCreateSubOrg2 !== void 0 ? _existingCreateSubOrg2 : []), _toConsumableArray(secondaryProviders)) }) })); }, onAddProvider: _isAddProvider && _metadata ? (/*#__PURE__*/function () { var _ref10 = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee9(oidcToken) { var oidcClaims; return _regenerator().w(function (_context9) { while (1) switch (_context9.n) { case 0: oidcClaims = buildSecondaryOidcClaims(oidcToken, _secondaryClientIds3); _context9.n = 1; return addOauthProvider(_objectSpread2(_objectSpread2({ providerName: resolvedProvider, oidcToken: oidcToken }, oidcClaims.length > 0 && { oidcClaims: oidcClaims }), {}, { organizationId: _metadata.organizationId, userId: _metadata.userId }, _metadata.stampWith && { stampWith: _metadata.stampWith })); case 1: return _context9.a(2); } }, _callee9); })); return function (_x9) { return _ref10.apply(this, arguments); }; }()) : undefined }); case 1: return _context0.a(2); } }, _callee0); })); return function action() { return _ref1.apply(this, arguments); }; }(); _context1.n = 11; return withModalWrapper({ provider: resolvedProvider, isAddProvider: _isAddProvider, metadata: _metadata, openModal: _openModal !== null && _openModal !== void 0 ? _openModal : undefined, action: action }); case 11: // Clean up the URL after processing cleanupOAuthUrlPreserveSearch(); case 12: _context1.p = 12; clearAllOAuthData(); return _context1.f(12); case 13: return _context1.a(2); } }, _callee1, null, [[0,, 12, 13]]); })); return function completeRedirectOauth() { return _ref2.apply(this, arguments); }; }(); var buildConfig = function buildConfig(proxyAuthConfig) { var _config$ui$authModal$, _config$ui, _config$ui$authModal, _config$ui$authModal$2, _config$ui$authModal$3, _config$ui2, _config$ui2$authModal, _config$ui2$authModal2, _config$ui$authModal$4, _config$ui3, _config$ui3$authModal, _config$ui3$authModal2, _config$ui$authModal$5, _config$ui4, _config$ui4$authModal, _config$ui4$authModal2, _config$ui$authModal$6, _config$ui5, _config$ui5$authModal, _config$ui5$authModal2, _config$ui$authModal$7, _config$ui6, _config$ui6$authModal, _config$ui6$authModal2, _config$ui$authModal$8, _config$ui7, _config$ui7$authModal, _config$ui7$authModal2, _config$ui$authModal$9, _config$ui8, _config$ui8$authModal, _config$ui8$authModal2, _config$ui$authModal$0, _config$ui9, _config$ui9$authModal, _config$ui9$authModal2, _config$auth$oauthCon, _config$auth, _config$auth$oauthCon2, _config$auth$oauthCon3, _proxyAuthConfig$oaut, _config$auth$oauthCon4, _config$auth2, _config$auth2$oauthCo, _config$auth2$oauthCo2, _config$auth$oauthCon5, _config$auth3, _config$auth3$oauthCo, _config$auth3$oauthCo2, _proxyAuthConfig$oaut2, _config$auth$oauthCon6, _config$auth4, _config$auth4$oauthCo, _config$auth4$oauthCo2, _config$auth$oauthCon7, _config$auth5, _config$auth5$oauthCo, _config$auth5$oauthCo2, _proxyAuthConfig$oaut3, _config$auth$oauthCon8, _config$auth6, _config$auth6$oauthCo, _config$auth6$oauthCo2, _config$auth$oauthCon9, _config$auth7, _config$auth7$oauthCo, _config$auth7$oauthCo2, _proxyAuthConfig$oaut4, _config$auth$oauthCon0, _config$auth8, _config$auth8$oauthCo, _config$auth8$oauthCo2, _config$auth$oauthCon1, _config$auth9, _config$auth9$oauthCo, _config$auth9$oauthCo2, _proxyAuthConfig$oaut5, _config$auth$oauthCon10, _config$auth0, _config$auth0$oauthCo, _config$auth0$oauthCo2, _config$auth$oauthCon11, _config$auth1, _config$auth1$oauthCo, _config$ui$authModal$1, _config$ui0, _config$ui0$authModal, _config$ui$authModal$10, _config$ui1, _config$ui1$authModal, _proxyAuthConfig$sess, _config$auth13, _ref11, _proxyAuthConfig$otpA, _config$auth14, _ref12, _proxyAuthConfig$otpL, _config$auth15, _config$auth$scopePas, _config$auth16, _config$auth17, _config$auth18, _config$auth18$oauthC, _config$auth$autoRefr, _config$auth19, _config$ui10, _config$autoRefreshMa, _config$walletConfig, _ref13, _resolvedMethods$wall, _config$walletConfig2, _config$walletConfig3, _config$walletConfig$, _config$walletConfig4, _config$walletConfig5, _config$walletConfig6, _config$walletConfig7, _config$walletConfig8, _config$walletConfig$2, _config$walletConfig9, _config$walletConfig0, _config$walletConfig1, _config$walletConfig10, _config$walletConfig11, _config$walletConfig$3, _config$walletConfig12, _config$walletConfig13, _config$walletConfig14, _config$importIframeU, _config$exportIframeU; // Juggle the local overrides with the values set in the dashboard (proxyAuthConfig). var resolvedMethods = { emailOtpAuthEnabled: (_config$ui$authModal$ = (_config$ui = config.ui) === null || _config$ui === void 0 ? void 0 : (_config$ui$authModal = _config$ui.authModal) === null || _config$ui$authModal === void 0 ? void 0 : (_config$ui$authModal$2 = _config$ui$authModal.methods) === null || _config$ui$authModal$2 === void 0 ? void 0 : _config$ui$authModal$2.emailOtpAuthEnabled) !== null && _config$ui$authModal$ !== void 0 ? _config$ui$authModal$ : proxyAuthConfig === null || proxyAuthConfig === void 0 ? void 0 : proxyAuthConfig.enabledProviders.includes("email"), smsOtpAuthEnabled: (_config$ui$authModal$3 = (_config$ui2 = config.ui) === null || _config$ui2 === void 0 ? void 0 : (_config$ui2$authModal = _config$ui2.authModal) === null || _config$ui2$authModal === void 0 ? void 0 : (_config$ui2$authModal2 = _config$ui2$authModal.methods) === null || _config$ui2$authModal2 === void 0 ? void 0 : _config$ui2$authModal2.smsOtpAuthEnabled) !== null && _config$ui$authModal$3 !== void 0 ? _config$ui$authModal$3 : proxyAuthConfig === null || proxyAuthConfig === void 0 ? void 0 : proxyAuthConfig.enabledProviders.includes("sms"), passkeyAuthEnabled: (_config$ui$authModal$4 = (_config$ui3 = config.ui) === null || _config$ui3 === void 0 ? void 0 : (_config$ui3$authModal = _config$ui3.authModal) === null || _config$ui3$authModal === void 0 ? void 0 : (_config$ui3$authModal2 = _config$ui3$authModal.methods) === null || _config$ui3$authModal2 === void 0 ? void 0 : _config$ui3$authModal2.passkeyAuthEnabled) !== null && _config$ui$authModal$4 !== void 0 ? _config$ui$authModal$4 : proxyAuthConfig === null || proxyAuthConfig === void 0 ? void 0 : proxyAuthConfig.enabledProviders.includes("passkey"), walletAuthEnabled: (_config$ui$authModal$5 = (_config$ui4 = config.ui) === null || _config$ui4 === void 0 ? void 0 : (_config$ui4$authModal = _config$ui4.authModal) === null || _config$ui4$authModal === void 0 ? void 0 : (_config$ui4$authModal2 = _config$ui4$authModal.methods) === null || _config$ui4$authModal2 === void 0 ? void 0 : _config$ui4$authModal2.walletAuthEnabled) !== null && _config$ui$authModal$5 !== void 0 ? _config$ui$authModal$5 : proxyAuthConfig === null || proxyAuthConfig === void 0 ? void 0 : proxyAuthConfig.enabledProviders.includes("wallet"), googleOauthEnabled: (_config$ui$authModal$6 = (_config$ui5 = config.ui) === null || _config$ui5 === void 0 ? void 0 : (_config$ui5$authModal = _config$ui5.authModal) === null || _config$ui5$authModal === void 0 ? void 0 : (_config$ui5$authModal2 = _config$ui5$authModal.methods) === null || _config$ui5$authModal2 === void 0 ? void 0 : _config$ui5$authModal2.googleOauthEnabled) !== null && _config$ui$authModal$6 !== void 0 ? _config$ui$authModal$6 : proxyAuthConfig === null || proxyAuthConfig === void 0 ? void 0 : proxyAuthConfig.enabledProviders.includes("google"), xOauthEnabled: (_config$ui$authModal$7 = (_config$ui6 = config.ui) === null || _config$ui6 === void 0 ? void 0 : (_config$ui6$authModal = _config$ui6.authModal) === null || _config$ui6$authModal === void 0 ? void 0 : (_config$ui6$authModal2 = _config$ui6$authModal.methods) === null || _config$ui6$authModal2 === void 0 ? void 0 : _config$ui6$authModal2.xOauthEnabled) !== null && _config$ui$authModal$7 !== void 0 ? _config$ui$authModal$7 : proxyAuthConfig === null || proxyAuthConfig === void 0 ? void 0 : proxyAuthConfig.enabledProviders.includes("x"), discordOauthEnabled: (_config$ui$authModal$8 = (_config$ui7 = config.ui) === null || _config$ui7 === void 0 ? void 0 : (_config$ui7$authModal = _config$ui7.authModal) === null || _config$ui7$authModal === void 0 ? void 0 : (_config$ui7$authModal2 = _config$ui7$authModal.methods) === null || _config$ui7$authModal2 === void 0 ? void 0 : _config$ui7$authModal2.discordOauthEnabled) !== null && _config$ui$authModal$8 !== void 0 ? _config$ui$authModal$8 : proxyAuthConfig === null || proxyAuthConfig === void 0 ? void 0 : proxyAuthConfig.enabledProviders.includes("discord"), appleOauthEnabled: (_config$ui$authModal$9 = (_config$ui8 = config.ui) === null || _config$ui8 === void 0 ? void 0 : (_config$ui8$authModal = _config$ui8.authModal) === null || _config$ui8$authModal === void 0 ? void 0 : (_config$ui8$authModal2 = _config$ui8$authModal.methods) === null || _config$ui8$authModal2 === void 0 ? void 0 : _config$ui8$authModal2.appleOauthEnabled) !== null && _config$ui$authModal$9 !== void 0 ? _config$ui$authModal$9 : proxyAuthConfig === null || proxyAuthConfig === void 0 ? void 0 : proxyAuthConfig.enabledProviders.includes("apple"), facebookOauthEnabled: (_config$ui$authModal$0 = (_config$ui9 = config.ui) === null || _config$ui9 === void 0 ? void 0 : (_config$ui9$authModal = _config$ui9.authModal) === null || _config$ui9$authModal === void 0 ? void 0 : (_config$ui9$authModal2 = _config$ui9$authModal.methods) === null || _config$ui9$authModal2 === void 0 ? void 0 : _config$ui9$authModal2.facebookOauthEnabled) !== null && _config$ui$authModal$0 !== void 0 ? _config$ui$authModal$0 : proxyAuthConfig === null || proxyAuthConfig === void 0 ? void 0 : proxyAuthConfig.enabledProviders.includes("facebook") }; var resolvedOauthProviders = { google: { primaryClientId: (_config$auth$oauthCon = (_config$auth = config.auth) === null || _config$auth === void 0 ? void 0 : (_config$auth$oauthCon2 = _config$auth.oauthConfig) === null || _config$auth$oauthCon2 === void 0 ? void 0 : (_config$auth$oauthCon3 = _config$auth$oauthCon2.google) === null || _config$auth$oauthCon3 === void 0 ? void 0 : _config$auth$oauthCon3.primaryClientId) !== null && _config$auth$oauthCon !== void 0 ? _config$auth$oauthCon : proxyAuthConfig === null || proxyAuthConfig === void 0 ? void 0 : (_proxyAuthConfig$oaut = proxyAuthConfig.oauthClientIds) === null || _proxyAuthConfig$oaut === void 0 ? void 0 : _proxyAuthConfig$oaut.google, secondaryClientIds: (_config$auth$oauthCon4 = (_config$auth2 = config.auth) === null || _config$auth2 === void 0 ? void 0 : (_config$auth2$oauthCo = _config$auth2.oauthConfig) === null || _config$auth2$oauthCo === void 0 ? void 0 : (_config$auth2$oauthCo2 = _config$auth2$oauthCo.google) === null || _config$auth2$oauthCo2 === void 0 ? void 0 : _config$auth2$oauthCo2.secondaryClientIds) !== null && _config$auth$oauthCon4 !== void 0 ? _config$auth$oauthCon4 : [] }, apple: { primaryClientId: (_config$auth$oauthCon5 = (_config$auth3 = config.auth) === null || _config$auth3 === void 0 ? void 0 : (_config$auth3$oauthCo = _config$auth3.oauthConfig) === null || _config$auth3$oauthCo === void 0 ? void 0 : (_config$auth3$oauthCo2 = _config$auth3$oauthCo.apple) === null || _config$auth3$oauthCo2 === void 0 ? void 0 : _config$auth3$oauthCo2.primaryClientId) !== null && _config$auth$oauthCon5 !== void 0 ? _config$auth$oauthCon5 : proxyAuthConfig === null || proxyAuthConfig === void 0 ? void 0 : (_proxyAuthConfig$oaut2 = proxyAuthConfig.oauthClientIds) === null || _proxyAuthConfig$oaut2 ==