Allow overriding stamper config in core

Author: amircheikh

packages/core/src/__clients__/core.ts

@@ -106,6 +106,9 @@ import {
   type BuildWalletLoginRequestParams,
   type VerifyAppProofsParams,
   type PollTransactionStatusParams,
+  type OverrideApiKeyStamperParams,
+  type OverridePasskeyStamperParams,
+  type OverrideWalletManagerParams,
 } from "../__types__";
 import {
   buildSignUpBody,
@@ -280,6 +283,104 @@ export class TurnkeyClient {
     });
   };
 
+  /**
+   * Overrides the API key stamper with a new temporary public key.
+   *
+   * - This function sets a temporary public key on the API key stamper or clears it if not provided.
+   * - Useful for dynamically changing the API key used for signing requests.
+   *
+   * @param params.temporaryPublicKey - temporary public key to use for the API key stamper.
+   * @returns A promise that resolves when the stamper and HTTP client have been updated.
+   * @throws {TurnkeyError} If there is an error initializing the new stamper.
+   */
+  overrideApiKeyStamper = async (
+    params?: OverrideApiKeyStamperParams,
+  ): Promise<void> => {
+    const { temporaryPublicKey } = params || {};
+    // Note: we can expand on this function in the future if we want
+    return withTurnkeyErrorHandling(
+      async () => {
+        if (temporaryPublicKey) {
+          this.apiKeyStamper?.setTemporaryPublicKey(temporaryPublicKey);
+        } else {
+          this.apiKeyStamper?.clearTemporaryPublicKey();
+        }
+      },
+      {
+        errorMessage: "Failed to override API key stamper",
+        errorCode: TurnkeyErrorCodes.INITIALIZE_API_KEY_STAMPER_ERROR,
+      },
+    );
+  };
+
+  /**
+   * Overrides the passkey stamper with a new configuration.
+   *
+   * - This function creates a new passkey stamper instance with the provided configuration.
+   * - Reinitializes the stamper and recreates the HTTP client with the new stamper.
+   * - Useful for dynamically changing passkey configuration (e.g., allowCredentials, rpId, timeout).
+   *
+   * @param params.newConfig - new passkey stamper configuration to use.
+   * @returns A promise that resolves when the stamper and HTTP client have been updated.
+   * @throws {TurnkeyError} If there is an error initializing the new stamper.
+   */
+  overridePasskeyStamper = async (
+    params: OverridePasskeyStamperParams,
+  ): Promise<void> => {
+    const { newConfig } = params;
+
+    return withTurnkeyErrorHandling(
+      async () => {
+        // Create a new passkey stamper with the new configuration
+        const passkeyStamper = new CrossPlatformPasskeyStamper(newConfig);
+
+        // Initialize the new stamper
+        await passkeyStamper.init();
+
+        // Set the new stamper
+        this.passkeyStamper = passkeyStamper;
+
+        // Recreate the HTTP client with the new stamper
+        this.httpClient = this.createHttpClient();
+      },
+      {
+        errorMessage: "Failed to override passkey stamper",
+        errorCode: TurnkeyErrorCodes.INITIALIZE_PASSKEY_STAMPER_ERROR,
+      },
+    );
+  };
+
+  /**
+   * Overrides the wallet manager with a new configuration.
+   *
+   * - This function creates a new wallet manager instance with the provided configuration.
+   * - Recreates the HTTP client with the new wallet manager's stamper.
+   * - Useful for dynamically changing wallet configuration (e.g., chains, features, WalletConnect settings).
+   *
+   * @param params.newConfig - new wallet manager configuration to use.
+   * @returns A promise that resolves when the wallet manager and HTTP client have been updated.
+   * @throws {TurnkeyError} If there is an error creating the new wallet manager.
+   */
+  overrideWalletManager = async (
+    params: OverrideWalletManagerParams,
+  ): Promise<void> => {
+    const { newConfig } = params;
+
+    return withTurnkeyErrorHandling(
+      async () => {
+        // Create a new wallet manager with the new configuration
+        this.walletManager = await createWalletManager(newConfig);
+
+        // Recreate the HTTP client with the new wallet manager
+        this.httpClient = this.createHttpClient();
+      },
+      {
+        errorMessage: "Failed to override wallet manager",
+        errorCode: TurnkeyErrorCodes.INITIALIZE_WALLET_MANAGER_ERROR,
+      },
+    );
+  };
+
   /**
    * Creates a new passkey authenticator for the user.
    *
@@ -421,6 +522,7 @@ export class TurnkeyClient {
    * @param params.sessionKey - session key to use for session creation (defaults to the default session key).
    * @param params.expirationSeconds - session expiration time in seconds (defaults to the configured default).
    * @param params.organizationId - organization ID to target (defaults to the session's organization ID or the parent organization ID).
+   * @param params.allowCredentials - optional list of allowed credentials for passkey authentication. This allows you to restrict which passkeys can be used for login.
    * @returns A promise that resolves to a {@link PasskeyAuthResult}, which includes:
    *          - `sessionToken`: the signed JWT session token.
    *          - `credentialId`: an empty string.
@@ -430,6 +532,12 @@ export class TurnkeyClient {
     params?: LoginWithPasskeyParams,
   ): Promise<PasskeyAuthResult> => {
     let generatedPublicKey: string | undefined = undefined;
+
+    const shouldOverrideConfig =
+      params?.allowCredentials && this.passkeyStamper;
+
+    const currentConfig = this.config.passkeyConfig;
+
     return await withTurnkeyErrorHandling(
       async () => {
         generatedPublicKey =
@@ -445,6 +553,16 @@ export class TurnkeyClient {
             TurnkeyErrorCodes.INTERNAL_ERROR,
           );
         }
+
+        if (shouldOverrideConfig) {
+          // Override passkey stamper config to include allowCredentials
+          const mergedConfig = {
+            ...currentConfig,
+            allowCredentials: params?.allowCredentials!, // Can safely assert non-null due to check above
+          };
+          await this.overridePasskeyStamper({ newConfig: mergedConfig });
+        }
+
         const sessionResponse = await this.httpClient.stampLogin(
           {
             publicKey: generatedPublicKey,
@@ -494,6 +612,13 @@ export class TurnkeyClient {
               );
             }
           }
+
+          if (shouldOverrideConfig) {
+            // Restore previous stamper after login attempt
+            await this.overridePasskeyStamper({
+              newConfig: currentConfig!, // can safely assert non-null since passkeyStamper exists
+            });
+          }
         },
       },
     );

packages/core/src/__types__/method-types/shared.ts

@@ -22,6 +22,8 @@ import type {
   WalletProvider,
   Wallet,
   TSignedRequest,
+  TPasskeyStamperConfig,
+  TWalletManagerConfig,
 } from "../index";
 
 export type CreateHttpClientParams = {
@@ -32,6 +34,18 @@ export type CreateHttpClientParams = {
   defaultStamperType?: StamperType | undefined;
 };
 
+export type OverrideApiKeyStamperParams = {
+  temporaryPublicKey?: string | undefined;
+};
+
+export type OverridePasskeyStamperParams = {
+  newConfig: TPasskeyStamperConfig;
+};
+
+export type OverrideWalletManagerParams = {
+  newConfig: TWalletManagerConfig;
+};
+
 export type CreatePasskeyParams = {
   name?: string;
   challenge?: string;
@@ -53,6 +67,7 @@ export type LoginWithPasskeyParams = {
   sessionKey?: string;
   expirationSeconds?: string;
   organizationId?: string;
+  allowCredentials?: PublicKeyCredentialDescriptor[];
 };
 
 export type SignUpWithPasskeyParams = {

packages/react-native-wallet-kit/src/providers/TurnkeyProvider.tsx

@@ -72,6 +72,9 @@ import {
   type VerifyAppProofsParams,
   type SignAndSendTransactionParams,
   type PollTransactionStatusParams,
+  type OverrideApiKeyStamperParams,
+  type OverridePasskeyStamperParams,
+  type OverrideWalletManagerParams,
 } from "@turnkey/core";
 import { ReactNode, useCallback, useEffect, useRef, useState } from "react";
 import { Platform } from "react-native";
@@ -729,6 +732,45 @@ export const TurnkeyProvider: React.FC<TurnkeyProviderProps> = ({
     [client],
   );
 
+  const overrideApiKeyStamper = useCallback(
+    (params?: OverrideApiKeyStamperParams): Promise<void> => {
+      if (!client) {
+        throw new TurnkeyError(
+          "Client is not initialized.",
+          TurnkeyErrorCodes.CLIENT_NOT_INITIALIZED,
+        );
+      }
+      return client.overrideApiKeyStamper(params);
+    },
+    [client],
+  );
+
+  const overridePasskeyStamper = useCallback(
+    (params: OverridePasskeyStamperParams): Promise<void> => {
+      if (!client) {
+        throw new TurnkeyError(
+          "Client is not initialized.",
+          TurnkeyErrorCodes.CLIENT_NOT_INITIALIZED,
+        );
+      }
+      return client.overridePasskeyStamper(params);
+    },
+    [client],
+  );
+
+  const overrideWalletManager = useCallback(
+    (params: OverrideWalletManagerParams): Promise<void> => {
+      if (!client) {
+        throw new TurnkeyError(
+          "Client is not initialized.",
+          TurnkeyErrorCodes.CLIENT_NOT_INITIALIZED,
+        );
+      }
+      return client.overrideWalletManager(params);
+    },
+    [client],
+  );
+
   const logout: (params?: LogoutParams) => Promise<void> = useCallback(
     async (params?: { sessionKey?: string }): Promise<void> => {
       if (!client) {
@@ -3325,6 +3367,9 @@ export const TurnkeyProvider: React.FC<TurnkeyProviderProps> = ({
         config: masterConfig,
         httpClient: client?.httpClient,
         createHttpClient,
+        overrideApiKeyStamper,
+        overridePasskeyStamper,
+        overrideWalletManager,
         createPasskey,
         logout,
         loginWithPasskey,

packages/react-wallet-kit/src/providers/client/Provider.tsx

@@ -102,6 +102,9 @@ import {
   type PollTransactionStatusParams,
   type SignAndSendTransactionParams,
   type EthTransaction,
+  type OverrideApiKeyStamperParams,
+  type OverridePasskeyStamperParams,
+  type OverrideWalletManagerParams,
 } from "@turnkey/core";
 import { ReactNode, useCallback, useEffect, useRef, useState } from "react";
 import {
@@ -1252,6 +1255,45 @@ export const ClientProvider: React.FC<ClientProviderProps> = ({
     [client],
   );
 
+  const overrideApiKeyStamper = useCallback(
+    (params?: OverrideApiKeyStamperParams): Promise<void> => {
+      if (!client) {
+        throw new TurnkeyError(
+          "Client is not initialized.",
+          TurnkeyErrorCodes.CLIENT_NOT_INITIALIZED,
+        );
+      }
+      return client.overrideApiKeyStamper(params);
+    },
+    [client],
+  );
+
+  const overridePasskeyStamper = useCallback(
+    (params: OverridePasskeyStamperParams): Promise<void> => {
+      if (!client) {
+        throw new TurnkeyError(
+          "Client is not initialized.",
+          TurnkeyErrorCodes.CLIENT_NOT_INITIALIZED,
+        );
+      }
+      return client.overridePasskeyStamper(params);
+    },
+    [client],
+  );
+
+  const overrideWalletManager = useCallback(
+    (params: OverrideWalletManagerParams): Promise<void> => {
+      if (!client) {
+        throw new TurnkeyError(
+          "Client is not initialized.",
+          TurnkeyErrorCodes.CLIENT_NOT_INITIALIZED,
+        );
+      }
+      return client.overrideWalletManager(params);
+    },
+    [client],
+  );
+
   const getActiveSessionKey = useCallback(async (): Promise<
     string | undefined
   > => {
@@ -6055,6 +6097,9 @@ export const ClientProvider: React.FC<ClientProviderProps> = ({
         config: masterConfig,
         httpClient: client?.httpClient,
         createHttpClient,
+        overrideApiKeyStamper,
+        overridePasskeyStamper,
+        overrideWalletManager,
         createPasskey,
         logout,
         loginWithPasskey,

packages/sdk-types/src/index.ts

@@ -131,6 +131,9 @@ export enum TurnkeyErrorCodes {
   INITIALIZE_IFRAME_ERROR = "INITIALIZE_IFRAME_ERROR",
   PLATFORM_MISMATCH = "PLATFORM_MISMATCH",
   UNSUPPORTED_PLATFORM = "UNSUPPORTED_PLATFORM",
+  INITIALIZE_API_KEY_STAMPER_ERROR = "INITIALIZE_API_KEY_STAMPER_ERROR",
+  INITIALIZE_PASSKEY_STAMPER_ERROR = "INITIALIZE_PASSKEY_STAMPER_ERROR",
+  INITIALIZE_WALLET_MANAGER_ERROR = "INITIALIZE_WALLET_MANAGER_ERROR",
 
   USER_CANCELED = "USER_CANCELED",
   BAD_RESPONSE = "BAD_RESPONSE",