feat: Expose session api

Cargo.toml

@@ -16,7 +16,7 @@ authors = ["World Contributors"]
 
 [workspace.dependencies]
 # World ID protocol types
-world-id-primitives = { version = "0.6.0", default-features = false }
+world-id-primitives = { version = "0.11.0", default-features = false }
 
 # Serialization
 serde = { version = "1.0", features = ["derive"] }
@@ -60,9 +60,6 @@ alloy-sol-types = "0.8.0"
 alloy-primitives = "1.5.7"
 ruint = "1.11.1"
 
-# OPRF types
-taceo-oprf = { version = "0.8", default-features = false, features = ["types"] }
-
 # UniFFI
 uniffi = "0.31"
 

js/examples/nextjs/app/api/rp-signature/route.ts

@@ -3,21 +3,54 @@ import { signRequest } from "@worldcoin/idkit/signing";
 
 // export const runtime = "nodejs";
 
+type SignatureType = "request" | "create_session" | "session";
+
+function isSignatureType(value: unknown): value is SignatureType {
+  return (
+    value === "request" || value === "create_session" || value === "session"
+  );
+}
+
 export async function POST(request: Request): Promise<Response> {
   try {
     const body = (await request.json()) as {
-      action: string;
+      signature_type?: SignatureType;
+      action?: string;
       ttl?: number;
     };
 
+    const signatureType = body.signature_type ?? "request";
+    if (!isSignatureType(signatureType)) {
+      return NextResponse.json(
+        { error: "Invalid signature_type" },
+        { status: 400 },
+      );
+    }
+
+    if (body.action !== undefined && typeof body.action !== "string") {
+      return NextResponse.json(
+        { error: "action must be a string" },
+        { status: 400 },
+      );
+    }
+
+    const action = body.action?.trim() || undefined;
+    if (signatureType !== "request" && action) {
+      return NextResponse.json(
+        { error: "Session signatures must not include action" },
+        { status: 400 },
+      );
+    }
+
     const signingKey = process.env.RP_SIGNING_KEY;
     const { sig, nonce, createdAt, expiresAt } = signRequest({
-      action: body.action,
+      ...(signatureType === "request" && action ? { action } : {}),
       signingKeyHex: signingKey!,
       ttl: body.ttl,
     });
 
     console.log("Generated RP signature:", {
+      signatureType,
       sig,
       nonce,
       createdAt,