fix: make encryption key optional for custom auth wallets (#5341)

## Problem solved

fixes CNCT-2269

<!-- start pr-codex -->

---

## PR-Codex overview
This PR focuses on making the `encryptionKey` optional for in-app and ecosystem wallets' custom authentication methods, enhancing security by discouraging hardcoding sensitive information.

### Detailed summary
- Updated `SingleStepAuthArgsType` to make `encryptionKey` optional for both `jwt` and `auth_endpoint` strategies.
- Removed hardcoded `encryptionKey` from various authentication examples in documentation.
- Emphasized the use of environment variables or user input for `encryptionKey`.

> ✨ Ask PR-Codex anything about this PR by commenting with `/codex {your question}`

<!-- end pr-codex -->

Author: joaquim-verges

.changeset/rich-kangaroos-sip.md

@@ -0,0 +1,5 @@
+---
+"thirdweb": patch
+---
+
+Make encryption key optional for in-app and ecosystem wallets custom auth

apps/portal/src/app/connect/in-app-wallet/custom-auth/configuration/page.mdx

@@ -67,7 +67,6 @@ const handlePostLogin = async (jwt: string) => {
 			client,
 			strategy: "jwt",
 			jwt,
-			encryptionKey: "your-encryption-key",
 		});
 		return wallet;
 	});
@@ -87,7 +86,6 @@ const account = await wallet.connect({
 	client,
 	strategy: "jwt",
 	jwt,
-	encryptionKey: "your-encryption-key",
 });
 
 // use the account to send transactions
@@ -96,10 +94,6 @@ const account = await wallet.connect({
 </TabsContent>
 </Tabs>
 
-You can set your `encryptionKey` in either a secret env variable or ask the user to enter a password for it.
-
-** Do not hardcode the `encryptionKey` in your code. **
-
 ## Generic auth
 
 Generic auth is a lower-level option that can be used when you have your own auth server that you use to authenticate users.
@@ -159,7 +153,6 @@ const handlePostLogin = async (jwt: string) => {
 			strategy: "auth_endpoint",
 			// This is the payload that is sent to the auth endpoint
 			payload,
-			encryptionKey: "your-encryption-key",
 		});
 		return wallet;
 	});
@@ -182,15 +175,10 @@ const account = await wallet.connect({
 	strategy: "auth_endpoint",
 	// This is the payload that is sent to the auth endpoint
 	payload,
-	encryptionKey: "your-encryption-key",
 });
 
 // use the account to send transactions
 ```
 
 </TabsContent>
 </Tabs>
-
-You can set your `encryptionKey` in either a secret env variable or ask the user to enter a password for it.
-
-**Do not hardcode the `encryptionKey` in your code. Use environment variables, server returned keys or user derived keys.**

apps/portal/src/app/connect/in-app-wallet/custom-auth/custom-auth-server/page.mdx

@@ -107,7 +107,6 @@ const handlePostLogin = async (jwt: string) => {
 			client,
 			strategy: "auth_endpoint",
 			payload: JSON.stringify({ userId: "ANY_RANDOM_ID_HERE" }),
-			encryptionKey: "your-encryption-key",
 		});
 		return wallet;
 	});
@@ -127,7 +126,6 @@ const account = await wallet.connect({
 	client,
 	strategy: "auth_endpoint",
 	payload: JSON.stringify({ userId: "ANY_RANDOM_ID_HERE" }),
-	encryptionKey: "your-encryption-key",
 });
 
 // use the account to send transactions
@@ -136,10 +134,6 @@ const account = await wallet.connect({
 </TabsContent>
 </Tabs>
 
-You can set your encryptionKey in either a secret env variable or ask the user to enter a password for it.
-
-** Do not hardcode the encryptionKey in your code. **
-
 A persistent, cross-platform wallet is now created for your user!
 
 Of course, you would use your own auth server instead of the one we provided. The rest of this guide will show you how to create your own auth server.

apps/portal/src/app/connect/in-app-wallet/custom-auth/firebase-auth/page.mdx

@@ -153,17 +153,12 @@ const connectInApp = async (jwt: string) => {
 			client,
 			strategy: "jwt",
 			jwt: await getFirebaseJWT(),
-			encryptionKey: "your-encryption-key",
 		});
 		return wallet;
 	});
 };
 ```
 
-You can set your `encryptionKey` in either a secret env variable or ask the user to enter a password for it.
-
-** Do not hardcode the `encryptionKey` in your code. **
-
 After the connectInApp function returns, the ThirdwebProvider will have connected a wallet thereby granting access to all hooks and functionalities.
 
 </Step>

apps/portal/src/app/dotnet/wallets/providers/in-app-wallet/page.mdx

@@ -64,10 +64,10 @@ var address = await wallet.LoginWithOauth(
 var address = await siweWallet.LoginWithSiwe(chainId: 1);
 
 // Custom Auth (JWT)
-var address = await wallet.LoginWithCustomAuth(jwt: "myjwt", encryptionkey: "myencryptionkey");
+var address = await wallet.LoginWithCustomAuth(jwt: "myjwt");
 
 // Custom Auth (AuthEndpoint)
-var address = await wallet.LoginWithAuthEndpoint(payload: "mypayload", encryptionkey: "myencryptionkey");
+var address = await wallet.LoginWithAuthEndpoint(payload: "mypayload");
 
 // Guest Login (Easy onboarding)
 var address = await wallet.LoginWithGuest();

packages/thirdweb/src/wallets/in-app/core/authentication/types.ts

@@ -34,8 +34,8 @@ export type SocialAuthArgsType = {
 
 export type SingleStepAuthArgsType =
   | SocialAuthArgsType
-  | { strategy: "jwt"; jwt: string; encryptionKey: string }
-  | { strategy: "auth_endpoint"; payload: string; encryptionKey: string }
+  | { strategy: "jwt"; jwt: string; encryptionKey?: string }
+  | { strategy: "auth_endpoint"; payload: string; encryptionKey?: string }
   | {
       /**
        * @deprecated