comments

Author: t-vila

examples/wallet-auth/README.md

@@ -9,15 +9,15 @@ It contains two separate implementations:
 
 **Auth Proxy Highlights**
 
-- **Simplified setup:** No need to host or maintain your own authentication backend. The Auth Proxy is a managed, multi-tenant service that handles signing and forwarding authentication requests.
-- **Built-in security:** Proxy keys are HPKE-encrypted inside Turnkey’s enclave and decrypted only in memory per request. Includes strict origin validation and CORS enforcement.
-- **Centralized configuration:** Manage allowed origins, session lifetimes, email/SMS templates, and OAuth settings directly from the Turnkey Dashboard.
-- **Faster development:** The frontend calls Auth Proxy endpoints directly — no backend endpoints needed for OTP, OAuth, or signup flows.
+- No need to host or maintain your own authentication backend. The Auth Proxy is a managed, multi-tenant service that handles signing and forwarding authentication requests.
+- Proxy keys are HPKE-encrypted inside Turnkey’s enclave and decrypted only in memory per request. Includes strict origin validation and CORS enforcement.
+- Manage allowed origins, session lifetimes, email/SMS templates, and OAuth settings directly from the Turnkey Dashboard.
+- The frontend calls Auth Proxy endpoints directly — no backend endpoints needed for OTP, OAuth, or signup flows.
 
 **Custom Backend Highlights**
 
 You could:
 
-- **User data:** Store and retrieve user data associated with Turnkey sub-organizations.
-- **Metrics and monitoring:** Add custom validations, rate limiting, and logging.
-- **Co-signing capabilities:** Enable 2/2 signing patterns where your application is a co-signer.
+- Store and retrieve user data associated with Turnkey sub-organizations.
+- Add custom validations, rate limiting, and logging.
+- Enable 2/2 signing patterns where your application is a co-signer.

examples/wallet-auth/with-backend/README.md

@@ -13,10 +13,10 @@ A high-level summary of the user experience and what appears on screen:
 
 Once logged in, access a dashboard with two panels:
 
-**Left:** sign messages and simple demo transactions for both Ethereum and Solana using the **selected** embedded **or** connected wallet. The signing and broadcasting behavior differs slightly depending on wallet type:
+**Left:** sign messages and simple demo testnet transactions for both Ethereum (Sepolia testnet) and Solana (Devnet) using the **selected** embedded **or** connected wallet. The signing and broadcasting behavior differs slightly depending on wallet type:
 
 - **Connected wallets**
-  - Ethereum: delegates to the wallet’s native `signAndSendTransaction` method. Does not require an rpcUrl (the wallet handles broadcasting).
+  - Ethereum: delegates to the wallet’s native `signAndSendTransaction` method. Does not require an rpcUrl (the external wallet provider handles broadcasting).
   - Solana: signs locally with the connected wallet but requires an rpcUrl for broadcasting.
 
 - **Embedded wallets**
@@ -27,15 +27,16 @@ Once logged in, access a dashboard with two panels:
 Notes:
 
 > In this demo, you can configure these URLs using `NEXT_PUBLIC_RPC_ETH` and `NEXT_PUBLIC_RPC_SOL`.
-> Both Ethereum and Solana demo transactions are send-to-self transfers with zero value, purely for demonstration purposes.
+> Both Ethereum and Solana demo testnet transactions are send-to-self transfers with zero value, purely for demonstration purposes.
 
 **Right:** view all the sub-organization embedded and connected wallets.
 
 ## How it works
 
 1. Build and sign a wallet login request **without submitting it to Turnkey** using [buildWalletLoginRequest()](https://github.com/tkhq/sdk/blob/fa54063a394bfef7ead9f64b72a093c5e696a401/packages/core/src/__clients__/core.ts#L797). This function performs the following:
 
-- Initializes the wallet stamper, ensures a valid session public key (generating one if needed), and signs the login intent with the connected wallet.
+- Generates a new key pair to serve as the session key and has the connected wallet sign a login intent containing the public key. This resulting stamped request can then be sent to Turnkey to register that key pair as a session key pair.
+
 - For **Ethereum wallets**, the public key cannot be derived from the wallet address alone — it’s extracted from the signature included in the stamped login request.
 - For **Solana wallets**, the wallet address itself is the public key, so it’s retrieved directly from the connected wallet.
 - Returns both:

examples/wallet-auth/with-backend/package.json

@@ -15,6 +15,7 @@
     "@tailwindcss/postcss": "4.1.13",
     "@turnkey/react-wallet-kit": "workspace:*",
     "@turnkey/sdk-server": "workspace:*",
+    "@turnkey/encoding": "workspace:*",
     "@types/node": "20.3.1",
     "@types/react": "18.2.14",
     "@types/react-dom": "18.2.6",

examples/wallet-auth/with-backend/src/app/dashboard/page.tsx

@@ -25,6 +25,7 @@ import {
   VersionedTransaction,
   clusterApiUrl,
 } from "@solana/web3.js";
+import { uint8ArrayToHexString } from "@turnkey/encoding";
 
 // ---------- Utils ----------
 function safeStringify(x: unknown) {
@@ -35,13 +36,6 @@ function safeStringify(x: unknown) {
   );
 }
 
-// Uint8Array -> hex
-function toHex(u8: Uint8Array) {
-  return Array.from(u8)
-    .map((b) => b.toString(16).padStart(2, "0"))
-    .join("");
-}
-
 // Build a Solana v0 unsigned transaction and return HEX
 async function buildUnsignedSolanaTxHex(fromAddress: string, rpcUrl?: string) {
   const connection = new Connection(
@@ -69,7 +63,7 @@ async function buildUnsignedSolanaTxHex(fromAddress: string, rpcUrl?: string) {
 
   // Serialize without requiring signatures; then hex-encode
   const bytes = unsignedTx.serialize();
-  return toHex(bytes);
+  return uint8ArrayToHexString(bytes);
 }
 
 // Build an EVM demo tx (send-to-self, 0 value) with a fresh nonce

examples/wallet-auth/without-backend/.env.local.example

@@ -1,5 +1,6 @@
 NEXT_PUBLIC_ORGANIZATION_ID="<Turnkey organization ID>"
 NEXT_PUBLIC_BASE_URL="https://api.turnkey.com"
+NEXT_PUBLIC_AUTH_PROXY_BASE_URL="https://authproxy.turnkey.com"
 NEXT_PUBLIC_AUTH_PROXY_CONFIG_ID="<Auth Proxy Config ID>"
 NEXT_PUBLIC_RPC_SOL="<Solana Devnet RPC URL>"
 NEXT_PUBLIC_RPC_ETH="<Ethereum Sepolia RPC URL>"

examples/wallet-auth/without-backend/README.md

@@ -13,10 +13,10 @@ A high-level summary of the user experience and what appears on screen:
 
 Once logged in, access a dashboard with two panels:
 
-**Left:** sign messages and simple demo transactions for both Ethereum and Solana using the **selected** embedded **or** connected wallet. The signing and broadcasting behavior differs slightly depending on wallet type:
+**Left:** sign messages and simple testnet demo transactions for both Ethereum (Sepolia testnet) and Solana (Devnet) using the **selected** embedded **or** connected wallet. The signing and broadcasting behavior differs slightly depending on wallet type:
 
 - **Connected wallets**
-  - Ethereum: delegates to the wallet’s native `signAndSendTransaction` method. Does not require an rpcUrl (the wallet handles broadcasting).
+  - Ethereum: delegates to the wallet’s native `signAndSendTransaction` method. Does not require an rpcUrl (the external wallet provider handles broadcasting).
   - Solana: signs locally with the connected wallet but requires an rpcUrl for broadcasting.
 
 - **Embedded wallets**
@@ -76,6 +76,7 @@ Now open `.env.local` and add the missing environment variables:
 - `NEXT_PUBLIC_BASE_URL`
 - `NEXT_PUBLIC_ORGANIZATION_ID`
 - `NEXT_PUBLIC_AUTH_PROXY_CONFIG_ID`
+- `NEXT_PUBLIC_AUTH_PROXY_BASE_URL`
 - `NEXT_PUBLIC_RPC_SOL`
 - `NEXT_PUBLIC_RPC_ETH`
 

examples/wallet-auth/without-backend/package.json

@@ -15,6 +15,7 @@
     "@tailwindcss/postcss": "4.1.13",
     "@turnkey/react-wallet-kit": "workspace:*",
     "@turnkey/sdk-server": "workspace:*",
+    "@turnkey/encoding": "workspace:*",
     "@types/node": "20.3.1",
     "@types/react": "18.2.14",
     "@types/react-dom": "18.2.6",

examples/wallet-auth/without-backend/src/app/dashboard/page.tsx

@@ -25,6 +25,7 @@ import {
   VersionedTransaction,
   clusterApiUrl,
 } from "@solana/web3.js";
+import { uint8ArrayToHexString } from "@turnkey/encoding";
 
 // ---------- Utils ----------
 function safeStringify(x: unknown) {
@@ -35,13 +36,6 @@ function safeStringify(x: unknown) {
   );
 }
 
-// Uint8Array -> hex
-function toHex(u8: Uint8Array) {
-  return Array.from(u8)
-    .map((b) => b.toString(16).padStart(2, "0"))
-    .join("");
-}
-
 // Build a Solana v0 unsigned transaction and return HEX
 async function buildUnsignedSolanaTxHex(fromAddress: string, rpcUrl?: string) {
   const connection = new Connection(
@@ -69,7 +63,7 @@ async function buildUnsignedSolanaTxHex(fromAddress: string, rpcUrl?: string) {
 
   // Serialize without requiring signatures; then hex-encode
   const bytes = unsignedTx.serialize();
-  return toHex(bytes);
+  return uint8ArrayToHexString(bytes);
 }
 
 // Build an EVM demo tx (send-to-self, 0 value) with a fresh nonce

examples/wallet-auth/without-backend/src/app/providers.tsx

@@ -39,6 +39,9 @@ export function Providers({ children }: { children: React.ReactNode }) {
   const turnkeyConfig: TurnkeyProviderConfig = {
     organizationId: process.env.NEXT_PUBLIC_ORGANIZATION_ID!,
     authProxyConfigId: process.env.NEXT_PUBLIC_AUTH_PROXY_CONFIG_ID!,
+    authProxyUrl:
+      process.env.NEXT_PUBLIC_AUTH_PROXY_BASE_URL ||
+      "https://authproxy.turnkey.com",
     auth: {
       methods: {
         emailOtpAuthEnabled: false,