Merge pull-request #520

adds support for multiple sessions by allowing sessions to be created with a custom sessionKey instead of using a single default session

Author: moeodeh3

.changeset/healthy-teachers-battle.md

@@ -0,0 +1,13 @@
+---
+"@turnkey/sdk-react-native": major
+---
+
+This breaking change adds support for multiple sessions:
+
+- The concept of a **selected session** has been introduced:
+  - Users can switch between sessions using `setSelectedSession({ sessionKey: <key> })`.
+  - The selected session determines the active `client`, `user`, and `session` state.
+  - API calls such as `updateUser`, `createWallet`, and `signRawPayload` now apply to the selected session.
+- A session limit of **15 active sessions** has been enforced:
+  - If the limit is reached, users must remove an existing session before creating a new one.
+  - Expired or invalid sessions are automatically cleaned up.

packages/sdk-react-native/README.md

@@ -4,6 +4,8 @@
 
 The `@turnkey/sdk-react-native` package simplifies the integration of the Turnkey API into React Native applications. It provides secure session management, authentication, and cryptographic operations using [`react-native-keychain`](https://github.com/oblador/react-native-keychain), [`@turnkey/crypto`](../crypto/), [`@turnkey/api-key-stamper`](../api-key-stamper/), and [`@turnkey/http`](../http/).
 
+---
+
 ## **Installation**
 
 - Install the following dependencies in your React Native project:
@@ -35,17 +37,20 @@ export const AppProviders = ({ children }: { children: React.ReactNode }) => {
 
   const turnkeyConfig = {
     apiBaseUrl: "https://api.turnkey.com",
-    organizationId: <"your organization id">
-    onSessionCreated: () => {
-      console.log("Session Created");
+    organizationId: "<your organization id>",
+    onSessionCreated: (session) => {
+      console.log("Session Created", session);
+    },
+    onSessionSelected: (session) => {
+      console.log("Session Selected", session);
       router.replace("/dashboard");
     },
-    onSessionExpired: () => {
-      console.log("Session Expired");
+    onSessionExpired: (session) => {
+      console.log("Session Expired", session);
       router.push("/");
     },
-    onSessionCleared: () => {
-      console.log("Session Cleared");
+    onSessionCleared: (session) => {
+      console.log("Session Cleared", session);
       router.push("/");
     },
   };
@@ -56,78 +61,74 @@ export const AppProviders = ({ children }: { children: React.ReactNode }) => {
 
 ---
 
+## **Session Storage**
+
+To enable secure authentication, the following storage keys are used:
+
+- `@turnkey/embedded-key`: Stores the private key that corresponds to the public key used when initiating the session request to Turnkey.
+- `@turnkey/session`: Default session storage key, storing the session credentials, including the private key, public key, and expiry time, which are decrypted from the credential bundle after a session is created.
+- `@turnkey/session-keys`: Stores the list of stored session keys.
+- `@turnkey/selected-session`: Stores the currently selected session key.
+
+---
+
 ## **Functions Provided by the Turnkey Provider**
 
 ### **Session Management**
 
 - `createEmbeddedKey()`: Generates a new embedded key pair and securely stores the private key.
-- `createSession(bundle, expiry?)`: Creates a session from a given credential bundle with an optional expiry time.
-- `clearSession()`: Clears the current session, removing all stored credentials and session data.
+- `createSession({ bundle, expirationSeconds?, sessionKey? })`: Creates a session. [(API Docs)](https://docs.turnkey.com/api#tag/Sessions/operation/CreateReadWriteSession)
+  - If `sessionKey` is provided, the session will be stored under that key in secure storage.
+  - If no session exists, the first session created is **automatically selected**.
+  - If a session with the same `sessionKey` already exists in secure storage, an error is thrown.
+- `setSelectedSession({ sessionKey })`: Selects a session by its key (Used when handling multiple sessions).
+- `clearSession({ sessionKey? })`: Removes the specified session from secure storage. If no `sessionKey` is provided, the currently selected session is removed.
+- `clearAllSessions()`: Clears all sessions from secure storage.
+
+---
 
 ### **User Management**
 
-- `updateUser()`: Updates the user's email and/or phone number.
-- `refreshUser()`: Fetches the latest user data and updates the session state.
+- `updateUser({ email?, phone? })`: Updates the user's email and/or phone number. [(API Docs)](https://docs.turnkey.com/api#tag/Users/operation/UpdateUser)
+- `refreshUser()`: Fetches the latest user data. [(API Docs)](https://docs.turnkey.com/api#tag/Sessions)
+
+---
 
 ### **Wallet Management**
 
-- `createWallet()`: Creates a new wallet with the specified name and accounts. Optionally, a mnemonic length can be provided (defaults to 12).
-- `importWallet()`: Imports a wallet using a provided mnemonic and creates accounts.
-- `exportWallet()`: Exports an existing wallet by decrypting the stored mnemonic phrase.
+- `createWallet({ walletName, accounts, mnemonicLength? })`: Creates a wallet. [(API Docs)](https://docs.turnkey.com/api#tag/Wallets/operation/CreateWallet)
+- `importWallet({ walletName, mnemonic, accounts })`: Imports a wallet. [(API Docs)](https://docs.turnkey.com/api#tag/Wallets/operation/ImportWallet)
+- `exportWallet({ walletId })`: Exports a wallet mnemonic. [(API Docs)](https://docs.turnkey.com/api#tag/Wallets/operation/ExportWallet)
 
 ### **Transaction Signing**
 
-- `signRawPayload()`: Signs a raw payload using the specified signing key and encoding parameters.
+- `signRawPayload({ signWith, payload, encoding, hashFunction })`: Signs a payload. [(API Docs)](https://docs.turnkey.com/api#tag/Signing/operation/SignRawPayload)
 
 ---
 
-### **Creating a new Session**
+## **Handling Multiple Sessions**
 
-```tsx
-import { useTurnkey } from "@turnkey/sdk-react-native";
-import { PasskeyStamper } from "@turnkey/react-native-passkey-stamper";
-import { TurnkeyClient } from "@turnkey/http";
-
-const { createEmbeddedKey, createSession } = useTurnkey();
-
-const loginWithPasskey = async () => {
-  try {
-    const stamper = new PasskeyStamper({ rpId: RP_ID });
-    const httpClient = new TurnkeyClient({ baseUrl: TURNKEY_API_URL }, stamper);
-
-    const targetPublicKey = await createEmbeddedKey();
-
-    const sessionResponse = await httpClient.createReadWriteSession({
-      type: "ACTIVITY_TYPE_CREATE_READ_WRITE_SESSION_V2",
-      timestampMs: Date.now().toString(),
-      organizationId: TURNKEY_PARENT_ORG_ID,
-      parameters: { targetPublicKey },
-    });
-
-    const credentialBundle =
-      sessionResponse.activity.result.createReadWriteSessionResultV2
-        ?.credentialBundle;
-
-    if (credentialBundle) {
-      await createSession(credentialBundle);
-    }
-  } catch (error) {
-    console.error("Error during passkey login:", error);
-  }
-};
-```
+Most users won't need multiple sessions, but if your app requires switching between multiple sessions, here’s what you need to know:
 
----
+This SDK supports **multiple sessions**, allowing you to create and switch between different session keys using `setSelectedSession({ sessionKey })`. When a session is selected, the client, user, and session information are updated accordingly, so that all subsequent function calls (like `updateUser` or `createWallet`) apply to the selected session.
 
-### **Session Storage**
+- **Creating a Session with a Custom Id**: You can pass a `sessionKey` when calling `createSession`. If provided, the session will be stored in secure storage under that ID, allowing for multiple sessions.
+- **Switching Sessions**: Use `setSelectedSession({ sessionKey })` to switch between stored sessions. The client, user, and session information will automatically update.
+- **Session Expiry Management**: Each session has an expiry time, and expired sessions will be automatically cleared.
+- **Callbacks for Session Events**:
+  - `onSessionCreated`: Called when a session is created.
+  - `onSessionSelected`: Called when a session is selected.
+  - `onSessionExpired`: Called when a session expires.
+  - `onSessionCleared`: Called when a session is cleared.
 
-To enable secure authentication, two separate keychain entries are used:
+**When are multiple sessions useful?**
 
-- `turnkey-embedded-key`: Stores the private key that corresponds to the public key used when initiating the session request to Turnkey.
-- `turnkey-session`: Stores the session credentials, including the private key, public key, and expiry time, which are decrypted from the credential bundle after a session is created.
+Using multiple sessions can be beneficial when enabling different authentication methods for various operations. For example, you might authenticate a user with OTP for login while using a passkey-based session for signing transactions.
 
 ---
 
 ## **Demo App**
 
-Check out [this repository](https://github.com/tkhq/react-native-demo-wallet) for a full working example of session management in React Native.
+Check out [this repository](https://github.com/tkhq/react-native-demo-wallet) for a full working example.
+
+---

packages/sdk-react-native/package.json

@@ -50,12 +50,11 @@
     "@turnkey/api-key-stamper": "workspace:*",
     "@turnkey/crypto": "workspace:*",
     "@turnkey/encoding": "workspace:*",
-    "@turnkey/http": "workspace:*",
-    "react": "18.3.1",
-    "react-native": "^0.76.5",
-    "react-native-keychain": "^8.1.0"
+    "@turnkey/http": "workspace:*"
   },
-  "devDependencies": {
-    "@types/react": "^18.2.6"
+  "peerDependencies": {
+    "@types/react": "^18.2.75",
+    "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+    "react-native-keychain": "^8.1.0 || ^9.2.2"
   }
 }

packages/sdk-react-native/src/constant.ts

@@ -0,0 +1,9 @@
+export enum StorageKeys {
+  DefaultSession = "@turnkey/session",
+  EmbeddedKey = "@turnkey/embedded-key",
+  SessionKeys = "@turnkey/session-keys",
+  SelectedSession = "@turnkey/selected-session",
+}
+
+export const OTP_AUTH_DEFAULT_EXPIRATION_SECONDS = 15 * 60;
+export const MAX_SESSIONS = 15;