wdk: account federation (#980)

* wdk: account federation

* wdk: address review comments; refactor auth commitments

* wdk: update tests

* fix test

Author: patrislav

packages/wallet/wdk/src/dbs/auth-commitments.ts

@@ -3,16 +3,19 @@ import { IDBPDatabase, IDBPTransaction } from 'idb'
 
 const TABLE_NAME = 'auth-commitments'
 
+export type CommitAuthArgs =
+  | { type: 'auth'; state?: string }
+  | { type: 'reauth'; state: string; signer: string }
+  | { type: 'add-signer'; wallet: string; state?: string }
+
 export type AuthCommitment = {
   id: string
   kind: 'google-pkce' | 'apple' | `custom-${string}`
   metadata: { [key: string]: string }
   verifier?: string
   challenge?: string
   target: string
-  isSignUp: boolean
-  signer?: string
-}
+} & ({ type: 'auth' } | { type: 'reauth'; signer: string } | { type: 'add-signer'; wallet: string })
 
 export class AuthCommitments extends Generic<AuthCommitment, 'id'> {
   constructor(dbName: string = 'sequence-auth-commitments') {

packages/wallet/wdk/src/dbs/index.ts

@@ -1,4 +1,4 @@
-export type { AuthCommitment } from './auth-commitments.js'
+export type { AuthCommitment, CommitAuthArgs } from './auth-commitments.js'
 export { AuthCommitments } from './auth-commitments.js'
 
 export type { AuthKey } from './auth-keys.js'

packages/wallet/wdk/src/sequence/handlers/authcode-pkce.ts

@@ -6,6 +6,7 @@ import * as Identity from '@0xsequence/identity-instrument'
 import { IdentitySigner } from '../../identity/signer.js'
 import { AuthCodeHandler } from './authcode.js'
 import type { WdkEnv } from '../../env.js'
+import type { CommitAuthArgs } from '../../dbs/auth-commitments.js'
 
 export class AuthCodePkceHandler extends AuthCodeHandler implements Handler {
   constructor(
@@ -22,25 +23,30 @@ export class AuthCodePkceHandler extends AuthCodeHandler implements Handler {
     super(signupKind, issuer, oauthUrl, audience, nitro, signatures, commitments, authKeys, env)
   }
 
-  public async commitAuth(target: string, isSignUp: boolean, state?: string, signer?: string) {
+  public async commitAuth(target: string, args: CommitAuthArgs) {
     let challenge = new Identity.AuthCodePkceChallenge(this.issuer, this.audience, this.redirectUri)
-    if (signer) {
-      challenge = challenge.withSigner({ address: signer, keyType: Identity.KeyType.Ethereum_Secp256k1 })
+    if (args.type === 'reauth') {
+      challenge = challenge.withSigner({ address: args.signer, keyType: Identity.KeyType.Ethereum_Secp256k1 })
     }
     const { verifier, loginHint, challenge: codeChallenge } = await this.nitroCommitVerifier(challenge)
-    if (!state) {
-      state = Hex.fromBytes(Bytes.random(32))
-    }
+    const state = args.state ?? Hex.fromBytes(Bytes.random(32))
 
-    await this.commitments.set({
+    const base = {
       id: state,
-      kind: this.signupKind,
+      kind: this.signupKind as Db.AuthCommitment['kind'],
       verifier,
       challenge: codeChallenge,
       target,
       metadata: {},
-      isSignUp,
-    })
+    }
+
+    if (args.type === 'reauth') {
+      await this.commitments.set({ ...base, type: 'reauth', signer: args.signer })
+    } else if (args.type === 'add-signer') {
+      await this.commitments.set({ ...base, type: 'add-signer', wallet: args.wallet })
+    } else {
+      await this.commitments.set({ ...base, type: 'auth' })
+    }
 
     const searchParams = this.serializeQuery({
       code_challenge: codeChallenge,

packages/wallet/wdk/src/sequence/handlers/authcode.ts

@@ -8,6 +8,7 @@ import { IdentitySigner } from '../../identity/signer.js'
 import { IdentityHandler } from './identity.js'
 import { Kinds } from '../types/signer.js'
 import type { NavigationLike, WdkEnv } from '../../env.js'
+import type { CommitAuthArgs } from '../../dbs/auth-commitments.js'
 
 export class AuthCodeHandler extends IdentityHandler implements Handler {
   protected redirectUri: string = ''
@@ -39,19 +40,23 @@ export class AuthCodeHandler extends IdentityHandler implements Handler {
     this.redirectUri = redirectUri
   }
 
-  public async commitAuth(target: string, isSignUp: boolean, state?: string, signer?: string) {
-    if (!state) {
-      state = Hex.fromBytes(Bytes.random(32))
-    }
+  public async commitAuth(target: string, args: CommitAuthArgs) {
+    const state = args.state ?? Hex.fromBytes(Bytes.random(32))
 
-    await this.commitments.set({
+    const base = {
       id: state,
-      kind: this.signupKind,
-      signer,
+      kind: this.signupKind as Db.AuthCommitment['kind'],
       target,
       metadata: {},
-      isSignUp,
-    })
+    }
+
+    if (args.type === 'reauth') {
+      await this.commitments.set({ ...base, type: 'reauth', signer: args.signer })
+    } else if (args.type === 'add-signer') {
+      await this.commitments.set({ ...base, type: 'add-signer', wallet: args.wallet })
+    } else {
+      await this.commitments.set({ ...base, type: 'auth' })
+    }
 
     const searchParams = this.serializeQuery({
       client_id: this.audience,
@@ -69,7 +74,7 @@ export class AuthCodeHandler extends IdentityHandler implements Handler {
     code: string,
   ): Promise<[IdentitySigner, { [key: string]: string }]> {
     let challenge = new Identity.AuthCodeChallenge(this.issuer, this.audience, this.redirectUri, code)
-    if (commitment.signer) {
+    if (commitment.type === 'reauth') {
       challenge = challenge.withSigner({ address: commitment.signer, keyType: Identity.KeyType.Ethereum_Secp256k1 })
     }
     await this.nitroCommitVerifier(challenge)
@@ -103,7 +108,11 @@ export class AuthCodeHandler extends IdentityHandler implements Handler {
       message: 'request-redirect',
       handle: async () => {
         const navigation = this.getNavigation()
-        const url = await this.commitAuth(navigation.getPathname(), false, request.id, address)
+        const url = await this.commitAuth(navigation.getPathname(), {
+          type: 'reauth',
+          state: request.id,
+          signer: address,
+        })
         navigation.redirect(url)
         return true
       },

packages/wallet/wdk/src/sequence/index.ts

@@ -9,12 +9,15 @@ export { Sessions } from './sessions.js'
 export { Signatures } from './signatures.js'
 export type {
   StartSignUpWithRedirectArgs,
+  StartAddLoginSignerWithRedirectArgs,
   CommonSignupArgs,
   PasskeySignupArgs,
   MnemonicSignupArgs,
   EmailOtpSignupArgs,
   CompleteRedirectArgs,
   SignupArgs,
+  AddLoginSignerArgs,
+  RemoveLoginSignerArgs,
   LoginToWalletArgs,
   LoginToMnemonicArgs,
   LoginToPasskeyArgs,

packages/wallet/wdk/src/sequence/types/signature-request.ts

@@ -13,6 +13,8 @@ export type ActionToPayload = {
   [Actions.Recovery]: Payload.Recovery<Payload.Calls>
   [Actions.AddRecoverySigner]: Payload.ConfigUpdate
   [Actions.RemoveRecoverySigner]: Payload.ConfigUpdate
+  [Actions.AddLoginSigner]: Payload.ConfigUpdate
+  [Actions.RemoveLoginSigner]: Payload.ConfigUpdate
   [Actions.SessionImplicitAuthorize]: Payload.SessionImplicitAuthorize
 }
 
@@ -26,6 +28,8 @@ export const Actions = {
   Recovery: 'recovery',
   AddRecoverySigner: 'add-recovery-signer',
   RemoveRecoverySigner: 'remove-recovery-signer',
+  AddLoginSigner: 'add-login-signer',
+  RemoveLoginSigner: 'remove-login-signer',
   SessionImplicitAuthorize: 'session-implicit-authorize',
 } as const