Skip to content

fix: split web and native wallet connectors#233

Open
andrascodes wants to merge 5 commits into
mainfrom
andras/fix-split-web-and-native-wallet-connectors
Open

fix: split web and native wallet connectors#233
andrascodes wants to merge 5 commits into
mainfrom
andras/fix-split-web-and-native-wallet-connectors

Conversation

@andrascodes
Copy link
Copy Markdown
Collaborator

@andrascodes andrascodes commented May 26, 2026
edited
Loading

This PR is part of a stack created with Aviator.

Closes FS-2252

Summary

  • Split the React connector into shared core logic plus web/native wrappers.
  • Add React Native defaults that derive Origin: https://${rpId} from the connector config.
  • Remove rpId as a required prop from ZeroDevExportWebView; it now reads it from the ZeroDev wagmi connector.
  • Add a native core SDK wrapper that applies the same Turnkey Origin default.
  • Add separate Expo native/web typecheck configs.

Why

The connector now has platform-specific API needs. On React Native, consumers must provide native adapters and the SDK must send an Origin header that matches rpId so Turnkey and AA requests pass ACL checks. On web, browsers own the Origin header, so exposing fetchOptions for this path is misleading and does not solve the same problem.

Splitting the connector keeps the public API accurate for each platform while preserving one shared implementation for the actual wagmi connector behavior. The native wrapper can require the RN-only adapter fields and derive the Origin header automatically, while the web wrapper can keep the browser API smaller and avoid exposing options that do not apply there.

If Passkeys are used rpId needs to be a domain associated with the app - the KMS also enforces that the Passkey requests come from the same domain. So it makes sense to default the Origin header and the Passkey rpId to the same domain and have 1 source of truth.

  • When developing locally on a ZD project where an Origin allowlist is defined the developer can pass the localhost URL (for example http://localhost:3000) as the rpId and that will work for basic KMS requests (OTP email, Google OAuth). To use Passkeys or OTP Magic Link the user needs to set up Universal Links (with a domain association) and then the developer should use the same domain as the rpId as well. This way requests coming from the app, on the KMS's side will look like they're coming from the associated domain (Origin is set to the domain).

Testing

  • Tested the zerodev-signer-demo on web, the expo-example on both web and Android. All working.

@vercel
Copy link
Copy Markdown

vercel Bot commented May 26, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
zerodev-signer-demo Ready Ready Preview, Comment May 28, 2026 3:04pm

Request Review

@andrascodes andrascodes marked this pull request as ready for review May 26, 2026 17:21
@andrascodes andrascodes mentioned this pull request May 28, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@andrascodes