Security News
Introducing the Socket Python SDK
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
By Douglas Coburn - Sep 13, 2024
@turnkey/iframe-stamper
Advanced tools
@turnkey/iframe-stamper
This package contains functions to stamp a Turnkey request through credentials contained in an iframe. It is meant to be used with @turnkey/http to build flows. To stamp the request, use the Recovery and Auth flows to request and inject a credential bundle.
Usage:
Recovery and Auth
import { IframeStamper } from "@turnkey/iframe-stamper";
import { TurnkeyClient } from "@turnkey/http";
const TurnkeyIframeContainerId = "turnkey-iframe-container";
const TurnkeyIframeElementId = "turnkey-iframe";
const iframeStamper = new IframeStamper({
iframeUrl: process.env.AUTH_IFRAME_URL!,
iframeContainer: document.getElementById(TurnkeyIframeContainerId),
iframeElementId: TurnkeyIframeElementId,
});
// This inserts the iframe in the DOM and returns the public key
const publicKey = await iframeStamper.init();
// Injects a new credential in the iframe
const injected = await iframeStamper.injectCredentialBundle(credentialBundle);
// New HTTP client able to sign with the credentials inside of the iframe
const httpClient = new TurnkeyClient(
{ baseUrl: "https://api.turnkey.com" },
iframeStamper
);
Key or Wallet Export
import { IframeStamper } from "@turnkey/iframe-stamper";
import { TurnkeyClient } from "@turnkey/http";
const TurnkeyIframeContainerId = "turnkey-iframe-container";
const TurnkeyIframeElementId = "turnkey-iframe";
const iframeStamper = new IframeStamper({
iframeUrl: process.env.EXPORT_IFRAME_URL!,
iframeContainer: document.getElementById(TurnkeyIframeContainerId),
iframeElementId: TurnkeyIframeElementId,
});
// This inserts the iframe in the DOM and returns the public key
const publicKey = await iframeStamper.init();
// Injects a bundle containing the encrypted wallet seedphrase into the iframe
// `exportBundle` is the response from requesting ACTIVITY_TYPE_EXPORT_WALLET
const injected = await iframeStamper.injectWalletExportBundle(exportBundle);
// If the bundle is successfully injected, the iframe is now displaying the
// wallet seedphrase to the user
if (injected !== true) {
throw new Error("unexpected error while injecting export bundle");
}
// Display the iframe to the user with their seedphrase.
setIframeDisplay("block");
Key or Wallet Import
import { IframeStamper } from "@turnkey/iframe-stamper";
import { TurnkeyClient } from "@turnkey/http";
const TurnkeyIframeContainerId = "turnkey-iframe-container";
const TurnkeyIframeElementId = "turnkey-iframe";
const iframeStamper = new IframeStamper({
iframeUrl: process.env.IMPORT_IFRAME_URL!,
iframeContainer: document.getElementById(TurnkeyIframeContainerId),
iframeElementId: TurnkeyIframeElementId,
});
// This inserts the iframe in the DOM
await iframeStamper.init();
// Injects a bundle containing the secure enclave's public key into the iframe's local storage
// `importBundle` is the response from requesting ACTIVITY_TYPE_INIT_IMPORT_WALLET
const injected = await iframeStamper.injectImportBundle(importBundle);
if (injected !== true) {
throw new Error("unexpected error while injecting import bundle");
}
// Display the text input that the user can enter their seedphrase into
setIframeDisplay("block");
// Once the user has entered their seedphrase, trigger this call to the iframe that
// 1) encrypts their seedphrase using the secure enclave's public key from the previous step
// 2) sends this ciphertext and a public key generated by the client to your page
const encryptedBundle = await iframeStamper.extractWalletEncryptedBundle();
// Now you can pass this encryptedBundle as a request to ACTIVITY_TYPE_IMPORT_WALLET.
FAQs
Iframe-based stamper for @turnkey/http
The npm package @turnkey/iframe-stamper receives a total of 18,983 weekly downloads. As such, @turnkey/iframe-stamper popularity was classified as popular.
We found that @turnkey/iframe-stamper demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 8 open source maintainers collaborating on the project.
Package last updated on 15 Mar 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
The Wildcard Gamble: Understanding the Risks of Floating Dependency Ranges in npm
Floating dependency ranges in npm can introduce instability and security risks into your project by allowing unverified or incompatible versions to be installed automatically, leading to unpredictable behavior and potential conflicts.
By Sarah Gooding - Sep 13, 2024
Security News
New Rust RFC Proposes Adding Support for Trusted Publishing to Crates.io
A new Rust RFC proposes "Trusted Publishing" for Crates.io, introducing short-lived access tokens via OIDC to improve security and reduce risks associated with long-lived API tokens.
By Sarah Gooding - Sep 12, 2024