npm - @abstraxn/signer-react - Versions diffs - 2.2.1 → 2.2.3 - Mend

@abstraxn/signer-react 2.2.1 → 2.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -5,6 +5,34 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [2.2.3] - 2026-03-24
+### Changed
+- **API key in header** - Changed API key handling to send the API key in request headers.
+- **Social login API flow** - Changed social login flow to call API directly instead of redirecting.
+### Added
+- **MFA hooks (enable/disable)** – Added `useEnableMfa` and `useDisableMfa` as state-machine hooks for MFA setup and disable flows with cleaner, minimal APIs.
+### Fixed
+- **MFA enable endpoint payload** – Removed transaction API/sign-payload dependency from MFA enable flow so `mfa/enable` is called directly without transaction payload requirements.
+### Other changes
+- **Cookie-based refresh flow** - Updated session refresh handling to call `/auth/refresh` without a refresh token body and rely on backend HttpOnly cookie rotation, while keeping access token updates in SDK state.
+- **OAuth callback query handling** - Updated callback/onboarding URL parsing to consume `success`, `loginCode`, `loginCodeExpiresIn`, optional `mfaRequired`, and `error`.
+## [2.2.2] - 2026-03-20
+### Fixed
+- **Onboarding error text formatting** – Removed forced curly-brace wrapping from onboarding error messages (email, OTP, MFA, and generic error states) in both React and Web onboarding UIs.
+- **MFA/setup and onboarding error prefixes** – Normalized displayed error text to remove leading `Network error:` so users see direct backend messages (for example, `Invalid TOTP code`).
+- **MFA enable API contract update** – Updated MFA enable flow to call `mfa/enable` without transaction-sign payload fields, matching the backend contract where the endpoint now accepts no request payload.
 ## [2.2.1] - 2026-03-20
 ### Changed

package/dist/src/components/AbstraxnProvider/AbstraxnProviderInner.js CHANGED Viewed

@@ -649,7 +649,7 @@ export function AbstraxnProviderInner({ config, children, base, wagmi, solana, }
                     // Clear OAuth callback params from URL so app shows connected state without refresh
                     if (typeof window !== "undefined") {
                         const url = new URL(window.location.href);
-                        const keys = ["success", "mfaRequired", "user", "accessToken", "refreshToken", "turnkeyPublicKey", "error", "provider", "authProvider"];
+                        const keys = ["success", "mfaRequired", "loginCode", "loginCodeExpiresIn", "turnkeyPublicKey", "error", "provider", "authProvider"];
                         keys.forEach((k) => url.searchParams.delete(k));
                         window.history.replaceState({}, document.title, url.pathname + url.search);
                     }
@@ -683,7 +683,7 @@ export function AbstraxnProviderInner({ config, children, base, wagmi, solana, }
                     url.searchParams.delete("state");
                     url.searchParams.delete("error");
                     url.searchParams.delete("success");
-                    url.searchParams.delete("accessToken");
+                    url.searchParams.delete("loginCode");
                     url.searchParams.delete("provider");
                     url.searchParams.delete("authProvider");
                     window.history.replaceState({}, document.title, url.toString());
@@ -712,7 +712,7 @@ export function AbstraxnProviderInner({ config, children, base, wagmi, solana, }
                     url.searchParams.delete("state");
                     url.searchParams.delete("error");
                     url.searchParams.delete("success");
-                    url.searchParams.delete("accessToken");
+                    url.searchParams.delete("loginCode");
                     url.searchParams.delete("provider");
                     url.searchParams.delete("authProvider");
                     window.history.replaceState({}, document.title, url.toString());
@@ -741,7 +741,7 @@ export function AbstraxnProviderInner({ config, children, base, wagmi, solana, }
                     url.searchParams.delete("state");
                     url.searchParams.delete("error");
                     url.searchParams.delete("success");
-                    url.searchParams.delete("accessToken");
+                    url.searchParams.delete("loginCode");
                     url.searchParams.delete("provider");
                     url.searchParams.delete("authProvider");
                     window.history.replaceState({}, document.title, url.toString());
@@ -887,25 +887,7 @@ export function AbstraxnProviderInner({ config, children, base, wagmi, solana, }
         const hasAuthParams = (params) => params.get("success") === "true" ||
             params.get("error") ||
             params.get("code") ||
-            params.get("accessToken");
-        const getAuthProviderFromToken = (token) => {
-            try {
-                const base64Url = token.split(".")[1];
-                const base64 = base64Url.replace(/-/g, "+").replace(/_/g, "/");
-                const jsonPayload = decodeURIComponent(window
-                    .atob(base64)
-                    .split("")
-                    .map(function (c) {
-                    return "%" + ("00" + c.charCodeAt(0).toString(16)).slice(-2);
-                })
-                    .join(""));
-                const payload = JSON.parse(jsonPayload);
-                return (payload.authProvider || payload.provider || "").toLowerCase();
-            }
-            catch (e) {
-                return null;
-            }
-        };
+            params.get("loginCode");
         const matchesProvider = (provider, params) => {
             const providerParam = (params.get("provider") ||
                 params.get("authProvider") ||
@@ -917,17 +899,6 @@ export function AbstraxnProviderInner({ config, children, base, wagmi, solana, }
                 }
                 return providerParam === provider;
             }
-            // Check accessToken for provider
-            const accessToken = params.get("accessToken");
-            if (accessToken) {
-                const tokenProvider = getAuthProviderFromToken(accessToken);
-                if (tokenProvider) {
-                    if (provider === "twitter") {
-                        return tokenProvider === "twitter" || tokenProvider === "x";
-                    }
-                    return tokenProvider === provider;
-                }
-            }
             if (provider === "twitter") {
                 return path.includes("/twitter") || path.includes("/x");
             }
@@ -1821,6 +1792,21 @@ export function AbstraxnProviderInner({ config, children, base, wagmi, solana, }
         setError(new Error("Session expired"));
         await disconnect();
     }, [disconnect]);
+    const withSessionGuard = useCallback(async (action, fallbackMessage = "Operation failed") => {
+        try {
+            return await action();
+        }
+        catch (err) {
+            const alreadyConnected = Boolean(walletRef.current?.isConnected || isConnected);
+            if (alreadyConnected && isSessionExpiredError(err)) {
+                await handleSessionExpired();
+                throw new Error("Session expired");
+            }
+            const error = err instanceof Error ? err : new Error(fallbackMessage);
+            setError(error);
+            throw error;
+        }
+    }, [handleSessionExpired, isConnected]);
     // Hide onboarding UI
     const hideOnboarding = useCallback(() => {
         setError(null); // Clear any previous errors
@@ -2084,21 +2070,12 @@ export function AbstraxnProviderInner({ config, children, base, wagmi, solana, }
         setLoading(true);
         setError(null);
         try {
-            return await walletRef.current.signTransactionViaAPI(unsignedTransaction, fromAddress);
-        }
-        catch (err) {
-            if (isSessionExpiredError(err)) {
-                await handleSessionExpired();
-                throw new Error("Session expired");
-            }
-            const error = err instanceof Error ? err : new Error("Failed to sign transaction");
-            setError(error);
-            throw error;
+            return await withSessionGuard(() => walletRef.current.signTransactionViaAPI(unsignedTransaction, fromAddress), "Failed to sign transaction");
         }
         finally {
             setLoading(false);
         }
-    }, [handleSessionExpired]);
+    }, [withSessionGuard]);
     // Sign Solana transaction via API (returns signed transaction)
     const signSolanaTransactionViaAPI = useCallback(async (unsignedTransaction, fromAddress) => {
         if (!walletRef.current)
@@ -2110,21 +2087,12 @@ export function AbstraxnProviderInner({ config, children, base, wagmi, solana, }
             if (typeof walletAny.signSolanaTransactionViaAPI !== "function") {
                 throw new Error("Solana transaction signing is not supported by this wallet");
             }
-            return await walletAny.signSolanaTransactionViaAPI(unsignedTransaction, fromAddress);
-        }
-        catch (err) {
-            if (isSessionExpiredError(err)) {
-                await handleSessionExpired();
-                throw new Error("Session expired");
-            }
-            const error = err instanceof Error ? err : new Error("Failed to sign Solana transaction");
-            setError(error);
-            throw error;
+            return await withSessionGuard(() => walletAny.signSolanaTransactionViaAPI(unsignedTransaction, fromAddress), "Failed to sign Solana transaction");
         }
         finally {
             setLoading(false);
         }
-    }, [handleSessionExpired]);
+    }, [withSessionGuard]);
     // Sign typed data / raw payload via API (same flow as signTransactionViaAPI, payload: from, unsignedTransaction, encoding, hashFunction)
     const signTypedTxViaAPI = useCallback(async (fromAddress, unsignedTransaction, encoding, hashFunction) => {
         if (!walletRef.current)
@@ -2132,21 +2100,12 @@ export function AbstraxnProviderInner({ config, children, base, wagmi, solana, }
         setLoading(true);
         setError(null);
         try {
-            return await walletRef.current.signTypedTxViaAPI(fromAddress, unsignedTransaction, encoding, hashFunction);
-        }
-        catch (err) {
-            if (isSessionExpiredError(err)) {
-                await handleSessionExpired();
-                throw new Error("Session expired");
-            }
-            const error = err instanceof Error ? err : new Error("Failed to sign typed payload");
-            setError(error);
-            throw error;
+            return await withSessionGuard(() => walletRef.current.signTypedTxViaAPI(fromAddress, unsignedTransaction, encoding, hashFunction), "Failed to sign typed payload");
         }
         finally {
             setLoading(false);
         }
-    }, [handleSessionExpired]);
+    }, [withSessionGuard]);
     // Sign and send transaction using backend API
     const signAndSendTransaction = useCallback(async (unsignedTransaction, fromAddress, rpcUrl) => {
         if (!walletRef.current)
@@ -2154,23 +2113,12 @@ export function AbstraxnProviderInner({ config, children, base, wagmi, solana, }
         setLoading(true);
         setError(null);
         try {
-            return await walletRef.current.signAndSendTransaction(unsignedTransaction, fromAddress, rpcUrl);
-        }
-        catch (err) {
-            if (isSessionExpiredError(err)) {
-                await handleSessionExpired();
-                throw new Error("Session expired");
-            }
-            const error = err instanceof Error
-                ? err
-                : new Error("Failed to sign and send transaction");
-            setError(error);
-            throw error;
+            return await withSessionGuard(() => walletRef.current.signAndSendTransaction(unsignedTransaction, fromAddress, rpcUrl), "Failed to sign and send transaction");
         }
         finally {
             setLoading(false);
         }
-    }, [handleSessionExpired]);
+    }, [withSessionGuard]);
     // Login with email OTP (initiate OTP)
     const loginWithOTP = useCallback(async (email) => {
         if (!walletRef.current)
@@ -2328,7 +2276,7 @@ export function AbstraxnProviderInner({ config, children, base, wagmi, solana, }
         setLoading(true);
         setError(null);
         try {
-            const whoamiInfo = await walletRef.current.refreshWhoami();
+            const whoamiInfo = await withSessionGuard(() => walletRef.current.refreshWhoami(), "Failed to refresh whoami");
             if (whoamiInfo) {
                 setWhoami(whoamiInfo);
                 // Update address if available in whoami response
@@ -2338,15 +2286,10 @@ export function AbstraxnProviderInner({ config, children, base, wagmi, solana, }
             }
             return whoamiInfo;
         }
-        catch (err) {
-            const error = err instanceof Error ? err : new Error("Failed to refresh whoami");
-            setError(error);
-            throw error;
-        }
         finally {
             setLoading(false);
         }
-    }, [isExternalWalletConnected]);
+    }, [isExternalWalletConnected, withSessionGuard]);
     const getSupportedAuthMethods = useCallback(async () => {
         if (!walletRef.current?.isConnected) {
             throw new Error("Wallet not connected");
@@ -3489,7 +3432,7 @@ export function AbstraxnProviderInner({ config, children, base, wagmi, solana, }
                 // Clear OAuth callback params from URL so app shows connected state without refresh
                 if (typeof window !== "undefined") {
                     const url = new URL(window.location.href);
-                    const keys = ["success", "mfaRequired", "user", "accessToken", "refreshToken", "turnkeyPublicKey", "error", "provider", "authProvider"];
+                    const keys = ["success", "mfaRequired", "loginCode", "loginCodeExpiresIn", "turnkeyPublicKey", "error", "provider", "authProvider"];
                     keys.forEach((k) => url.searchParams.delete(k));
                     window.history.replaceState({}, document.title, url.pathname + url.search);
                 }