@dxos/client-services 0.5.1-main.f02b2c7 → 0.5.1-main.f81ddc4

package/src/packlets/invitations/invitations-handler.ts

@@ -2,31 +2,31 @@
 // Copyright 2022 DXOS.org
 //
 
-import { PushStream, scheduleTask, TimeoutError, Trigger } from '@dxos/async';
-import { AuthenticatingInvitation, INVITATION_TIMEOUT } from '@dxos/client-protocol';
-import { Context } from '@dxos/context';
+import { Mutex, type PushStream, scheduleTask, TimeoutError, type Trigger } from '@dxos/async';
+import { INVITATION_TIMEOUT } from '@dxos/client-protocol';
+import { type Context, ContextDisposedError } from '@dxos/context';
 import { createKeyPair, sign } from '@dxos/crypto';
 import { invariant } from '@dxos/invariant';
 import { PublicKey } from '@dxos/keys';
 import { log } from '@dxos/log';
-import {
-  createTeleportProtocolFactory,
-  type NetworkManager,
-  StarTopology,
-  type SwarmConnection,
-} from '@dxos/network-manager';
+import { createTeleportProtocolFactory, type NetworkManager, type SwarmConnection } from '@dxos/network-manager';
 import { InvalidInvitationExtensionRoleError, trace } from '@dxos/protocols';
 import { type AdmissionKeypair, Invitation } from '@dxos/protocols/proto/dxos/client/services';
 import { type DeviceProfileDocument } from '@dxos/protocols/proto/dxos/halo/credentials';
 import { AuthenticationResponse, type IntroductionResponse } from '@dxos/protocols/proto/dxos/halo/invitations';
+import { Options } from '@dxos/protocols/proto/dxos/halo/invitations';
+import { type ExtensionContext, type TeleportExtension, type TeleportParams } from '@dxos/teleport';
+import { ComplexSet } from '@dxos/util';
 
-import {
-  InvitationGuestExtension,
-  InvitationHostExtension,
-  isAuthenticationRequired,
-  MAX_OTP_ATTEMPTS,
-} from './invitation-extension';
+import { InvitationGuestExtension } from './invitation-guest-extenstion';
+import { InvitationHostExtension, isAuthenticationRequired, MAX_OTP_ATTEMPTS } from './invitation-host-extension';
 import { type InvitationProtocol } from './invitation-protocol';
+import { InvitationTopology } from './invitation-topology';
+import { stateToString } from './utils';
+
+const MAX_DELEGATED_INVITATION_HOST_TRIES = 3;
+
+type InvitationExtension = InvitationHostExtension | InvitationGuestExtension;
 
 /**
  * Generic handler for Halo and Space invitations.
@@ -35,31 +35,35 @@ import { type InvitationProtocol } from './invitation-protocol';
  * Host
  * - Creates an invitation containing a swarm topic (which can be shared via a URL, QR code, or direct message).
  * - Joins the swarm with the topic and waits for guest's introduction.
- * - Wait for guest to authenticate with OTP.
+ * - Wait for guest to authenticate with challenge specified in the invitation.
  * - Waits for guest to present credentials (containing local device and feed keys).
- * - Writes credentials to control feed then exits.
+ * - Writes credentials to control feed then exits or waits for more guests (multi use invitations).
  *
  * Guest
  * - Joins the swarm with the topic.
  * - Sends an introduction.
- * - Sends authentication OTP.
+ * - Submits the challenge.
  * - If Space handler then creates a local cloned space (with genesis block).
  * - Sends admission credentials.
- *
- * TODO(burdon): Show proxy/service relationship and reference design doc/diagram.
- *
  *  ```
  *  [Guest]                                          [Host]
  *   |------------------------------------Introduce-->|
  *   |-------------------------------[Authenticate]-->|
  *   |----------------------------------------Admit-->|
  *  ```
+ *
+ *  TODO: consider refactoring using xstate making the logic separation more explicit:
+ *  TODO: the flow logic should either be contained in invitations-handler or in extensions, not be split across
+ *  TODO: potentially re-evaluate host-side API to allow multiple concurrent connection, so that mutex can be removed
  */
 export class InvitationsHandler {
   /**
    * @internal
    */
-  constructor(private readonly _networkManager: NetworkManager) {}
+  constructor(
+    private readonly _networkManager: NetworkManager,
+    private readonly _defaultTeleportParams?: Partial<TeleportParams>,
+  ) {}
 
   handleInvitationFlow(
     ctx: Context,
@@ -67,18 +71,17 @@ export class InvitationsHandler {
     protocol: InvitationProtocol,
     invitation: Invitation,
   ): void {
+    const guardedState = this._createGuardedState(ctx, invitation, stream);
     // Called for every connecting peer.
     const createExtension = (): InvitationHostExtension => {
-      const extension = new InvitationHostExtension({
-        onStateUpdate: (invitation) => {
-          stream.next({ ...invitation, state: Invitation.State.READY_FOR_AUTHENTICATION });
+      const extension = new InvitationHostExtension(guardedState.mutex, {
+        get activeInvitation() {
+          return ctx.disposed ? null : guardedState.current;
         },
 
-        resolveInvitation: async ({ invitationId }) => {
-          if (invitationId && invitationId !== invitation.invitationId) {
-            return undefined;
-          }
-          return invitation;
+        onStateUpdate: (newState: Invitation.State): Invitation => {
+          guardedState.set(extension, newState);
+          return guardedState.current;
         },
 
         admit: async (admissionRequest) => {
@@ -93,50 +96,62 @@ export class InvitationsHandler {
             return admissionResponse;
           } catch (err: any) {
             // TODO(burdon): Generic RPC callback to report error to client.
-            stream.error(err);
+            guardedState.error(extension, err);
             throw err; // Propagate error to guest.
           }
         },
 
-        onOpen: () => {
-          scheduleTask(ctx, async () => {
+        onOpen: (connectionCtx: Context, extensionsCtx: ExtensionContext) => {
+          let admitted = false;
+          connectionCtx.onDispose(() => {
+            if (!admitted) {
+              guardedState.error(extension, new ContextDisposedError());
+            }
+          });
+
+          scheduleTask(connectionCtx, async () => {
             const traceId = PublicKey.random().toHex();
             try {
               log.trace('dxos.sdk.invitations-handler.host.onOpen', trace.begin({ id: traceId }));
               log('connected', { ...protocol.toJSON() });
-              stream.next({ ...invitation, state: Invitation.State.CONNECTED });
               const deviceKey = await extension.completedTrigger.wait({ timeout: invitation.timeout });
               log('admitted guest', { guest: deviceKey, ...protocol.toJSON() });
-              stream.next({ ...invitation, state: Invitation.State.SUCCESS });
+              guardedState.set(extension, Invitation.State.SUCCESS);
               log.trace('dxos.sdk.invitations-handler.host.onOpen', trace.end({ id: traceId }));
+              admitted = true;
+
+              if (!invitation.multiUse) {
+                await ctx.dispose();
+              }
             } catch (err: any) {
               if (err instanceof TimeoutError) {
-                log('timeout', { ...protocol.toJSON() });
-                stream.next({ ...invitation, state: Invitation.State.TIMEOUT });
+                if (guardedState.set(extension, Invitation.State.TIMEOUT)) {
+                  log('timeout', { ...protocol.toJSON() });
+                }
               } else {
-                log.error('failed', err);
-                stream.error(err);
+                if (guardedState.error(extension, err)) {
+                  log.error('failed', err);
+                }
               }
               log.trace('dxos.sdk.invitations-handler.host.onOpen', trace.error({ id: traceId, error: err }));
-            } finally {
-              if (!invitation.multiUse) {
-                // Wait for graceful close before disposing.
-                await swarmConnection.close();
-                await ctx.dispose();
-              }
+              // Close connection
+              extensionsCtx.close(err);
             }
           });
         },
         onError: (err) => {
           if (err instanceof InvalidInvitationExtensionRoleError) {
+            log('invalid role', { ...err.context });
             return;
           }
           if (err instanceof TimeoutError) {
-            log('timeout', { ...protocol.toJSON() });
-            stream.next({ ...invitation, state: Invitation.State.TIMEOUT });
+            if (guardedState.set(extension, Invitation.State.TIMEOUT)) {
+              log('timeout', { err });
+            }
           } else {
-            log.error('failed', err);
-            stream.error(err);
+            if (guardedState.error(extension, err)) {
+              log.error('failed', err);
+            }
           }
         },
       });
@@ -153,7 +168,7 @@ export class InvitationsHandler {
           async () => {
             // ensure the swarm is closed before changing state and closing the stream.
             await swarmConnection.close();
-            stream.next({ ...invitation, state: Invitation.State.EXPIRED });
+            guardedState.set(null, Invitation.State.EXPIRED);
             await ctx.dispose();
           },
           invitation.created.getTime() + invitation.lifetime * 1000 - Date.now(),
@@ -162,100 +177,91 @@ export class InvitationsHandler {
     }
 
     let swarmConnection: SwarmConnection;
-    const invitationLabel =
-      'invitation host for ' +
-      (invitation.kind === Invitation.Kind.DEVICE ? 'device' : `space ${invitation.spaceKey?.truncate()}`);
     scheduleTask(ctx, async () => {
-      const topic = invitation.swarmKey!;
-      swarmConnection = await this._networkManager.joinSwarm({
-        topic,
-        peerId: topic,
-        protocolProvider: createTeleportProtocolFactory(async (teleport) => {
-          teleport.addExtension('dxos.halo.invitations', createExtension());
-        }),
-        topology: new StarTopology(topic),
-        label: invitationLabel,
-      });
-      ctx.onDispose(() => swarmConnection.close());
-
-      stream.next({ ...invitation, state: Invitation.State.CONNECTING });
+      swarmConnection = await this._joinSwarm(ctx, invitation, Options.Role.HOST, createExtension);
+      guardedState.set(null, Invitation.State.CONNECTING);
     });
   }
 
   acceptInvitation(
+    ctx: Context,
+    stream: PushStream<Invitation>,
     protocol: InvitationProtocol,
     invitation: Invitation,
+    otpEnteredTrigger: Trigger<string>,
     deviceProfile?: DeviceProfileDocument,
-  ): AuthenticatingInvitation {
+  ): void {
     const { timeout = INVITATION_TIMEOUT } = invitation;
-    invariant(protocol);
 
     if (deviceProfile) {
       invariant(invitation.kind === Invitation.Kind.DEVICE, 'deviceProfile provided for non-device invitation');
     }
-    const authenticated = new Trigger<string>();
 
-    // TODO(dmaretskyi): Turn into state?
-    // Whether the Host has already admitted us and the remote connection is no longer needed.
-    let admitted = false;
+    const triedPeersIds = new ComplexSet(PublicKey.hash);
+    const guardedState = this._createGuardedState(ctx, invitation, stream);
 
-    let currentState: Invitation.State;
-    const stream = new PushStream<Invitation>();
-    const setState = (newData: Partial<Invitation>) => {
-      invariant(newData.state !== undefined);
-      currentState = newData.state;
-      stream.next({ ...invitation, ...newData });
+    const shouldCancelInvitationFlow = (extension: InvitationGuestExtension) => {
+      const isLockedByAnotherConnection = guardedState.mutex.isLocked() && !extension.hasFlowLock();
+      log('should cancel invitation flow', {
+        isLockedByAnotherConnection,
+        invitationType: Invitation.Type.DELEGATED,
+        triedPeers: triedPeersIds.size,
+      });
+      if (isLockedByAnotherConnection) {
+        return false;
+      }
+      // for delegated invitations we might try with other hosts and will dispose either after
+      // a timeout or when the number of tries was exceeded
+      return invitation.type !== Invitation.Type.DELEGATED || triedPeersIds.size >= MAX_DELEGATED_INVITATION_HOST_TRIES;
     };
 
-    const ctx = new Context({
-      onError: (err) => {
-        if (err instanceof TimeoutError) {
-          log('timeout', { ...protocol.toJSON() });
-          setState({ state: Invitation.State.TIMEOUT });
-        } else {
-          log.warn('auth failed', err);
-          stream.error(err);
-        }
-        void ctx.dispose();
-      },
-    });
-
-    ctx.onDispose(() => {
-      log('complete', { ...protocol.toJSON() });
-      stream.complete();
-    });
-
+    let admitted = false;
     const createExtension = (): InvitationGuestExtension => {
-      let connectionCount = 0;
+      const extension = new InvitationGuestExtension(guardedState.mutex, {
+        onStateUpdate: (newState: Invitation.State) => {
+          guardedState.set(extension, newState);
+        },
+        onOpen: (connectionCtx: Context, extensionCtx: ExtensionContext) => {
+          triedPeersIds.add(extensionCtx.remotePeerId);
+
+          if (admitted) {
+            extensionCtx.close();
+            return;
+          }
 
-      const extension = new InvitationGuestExtension({
-        onOpen: (extensionCtx) => {
-          extensionCtx.onDispose(async () => {
-            log('extension disposed', { currentState });
+          connectionCtx.onDispose(async () => {
+            log('extension disposed', { admitted, currentState: guardedState.current.state });
             if (!admitted) {
-              stream.error(new Error('Remote peer disconnected.'));
+              guardedState.error(extension, new ContextDisposedError());
+              if (shouldCancelInvitationFlow(extension)) {
+                await ctx.dispose();
+              }
             }
           });
 
-          scheduleTask(ctx, async () => {
+          scheduleTask(connectionCtx, async () => {
             const traceId = PublicKey.random().toHex();
             try {
               log.trace('dxos.sdk.invitations-handler.guest.onOpen', trace.begin({ id: traceId }));
-              // TODO(burdon): Bug where guest may create multiple connections.
-              if (++connectionCount > 1) {
-                throw new Error(`multiple connections detected: ${connectionCount}`);
-              }
 
-              scheduleTask(ctx, () => ctx.raise(new TimeoutError(timeout)), timeout);
+              scheduleTask(
+                connectionCtx,
+                () => {
+                  guardedState.set(extension, Invitation.State.TIMEOUT);
+                  extensionCtx.close();
+                },
+                timeout,
+              );
 
               log('connected', { ...protocol.toJSON() });
-              setState({ state: Invitation.State.CONNECTED });
+              guardedState.set(extension, Invitation.State.CONNECTED);
 
               // 1. Introduce guest to host.
               log('introduce', { ...protocol.toJSON() });
-              const introductionResponse = await extension.rpc.InvitationHostService.introduce(
-                protocol.createIntroduction(),
-              );
+              const introductionResponse = await extension.rpc.InvitationHostService.introduce({
+                invitationId: invitation.invitationId,
+                ...protocol.createIntroduction(),
+              });
               log('introduce response', { ...protocol.toJSON(), response: introductionResponse });
               invitation.authMethod = introductionResponse.authMethod;
 
@@ -263,10 +269,20 @@ export class InvitationsHandler {
               if (isAuthenticationRequired(invitation)) {
                 switch (invitation.authMethod) {
                   case Invitation.AuthMethod.SHARED_SECRET:
-                    await this._handleGuestOtpAuth(extension, setState, authenticated, { timeout });
+                    await this._handleGuestOtpAuth(
+                      extension,
+                      (state) => guardedState.set(extension, state),
+                      otpEnteredTrigger,
+                      { timeout },
+                    );
                     break;
                   case Invitation.AuthMethod.KNOWN_PUBLIC_KEY:
-                    await this._handleGuestKpkAuth(extension, setState, invitation, introductionResponse);
+                    await this._handleGuestKpkAuth(
+                      extension,
+                      (state) => guardedState.set(extension, state),
+                      invitation,
+                      introductionResponse,
+                    );
                     break;
                 }
               }
@@ -284,19 +300,22 @@ export class InvitationsHandler {
 
               // 5. Success.
               log('admitted by host', { ...protocol.toJSON() });
-              setState({ ...result, target: invitation.target, state: Invitation.State.SUCCESS });
+              await guardedState.complete({
+                ...guardedState.current,
+                ...result,
+                state: Invitation.State.SUCCESS,
+              });
               log.trace('dxos.sdk.invitations-handler.guest.onOpen', trace.end({ id: traceId }));
             } catch (err: any) {
               if (err instanceof TimeoutError) {
                 log('timeout', { ...protocol.toJSON() });
-                setState({ state: Invitation.State.TIMEOUT });
+                guardedState.set(extension, Invitation.State.TIMEOUT);
               } else {
                 log('auth failed', err);
-                stream.error(err);
+                guardedState.error(extension, err);
               }
+              extensionCtx.close(err);
               log.trace('dxos.sdk.invitations-handler.guest.onOpen', trace.error({ id: traceId, error: err }));
-            } finally {
-              await ctx.dispose();
             }
           });
         },
@@ -306,10 +325,10 @@ export class InvitationsHandler {
           }
           if (err instanceof TimeoutError) {
             log('timeout', { ...protocol.toJSON() });
-            setState({ state: Invitation.State.TIMEOUT });
+            guardedState.set(extension, Invitation.State.TIMEOUT);
           } else {
             log('auth failed', err);
-            stream.error(err);
+            guardedState.error(extension, err);
           }
         },
       });
@@ -321,53 +340,131 @@ export class InvitationsHandler {
       const error = protocol.checkInvitation(invitation);
       if (error) {
         stream.error(error);
+        await ctx.dispose();
       } else {
         invariant(invitation.swarmKey);
-        const topic = invitation.swarmKey;
-        const swarmConnection = await this._networkManager.joinSwarm({
-          topic,
-          peerId: PublicKey.random(),
-          protocolProvider: createTeleportProtocolFactory(async (teleport) => {
-            teleport.addExtension('dxos.halo.invitations', createExtension());
-          }),
-          topology: new StarTopology(topic),
-          label: 'invitation guest',
-        });
-        ctx.onDispose(() => swarmConnection.close());
-
-        setState({ state: Invitation.State.CONNECTING });
+        await this._joinSwarm(ctx, invitation, Options.Role.GUEST, createExtension);
+        guardedState.set(null, Invitation.State.CONNECTING);
       }
     });
+  }
 
-    const observable = new AuthenticatingInvitation({
-      initialInvitation: invitation,
-      subscriber: stream.observable,
-      onCancel: async () => {
-        setState({ state: Invitation.State.CANCELLED });
-        await ctx.dispose();
+  private async _joinSwarm(
+    ctx: Context,
+    invitation: Invitation,
+    role: Options.Role,
+    extensionFactory: () => TeleportExtension,
+  ): Promise<SwarmConnection> {
+    let label: string;
+    if (role === Options.Role.GUEST) {
+      label = 'invitation guest';
+    } else if (invitation.kind === Invitation.Kind.DEVICE) {
+      label = 'invitation host for device';
+    } else {
+      label = `invitation host for space ${invitation.spaceKey?.truncate()}`;
+    }
+    const swarmConnection = await this._networkManager.joinSwarm({
+      topic: invitation.swarmKey,
+      peerId: PublicKey.random(),
+      protocolProvider: createTeleportProtocolFactory(async (teleport) => {
+        teleport.addExtension('dxos.halo.invitations', extensionFactory());
+      }, this._defaultTeleportParams),
+      topology: new InvitationTopology(role),
+      label,
+    });
+    ctx.onDispose(() => swarmConnection.close());
+    return swarmConnection;
+  }
+
+  /**
+   * A utility object for serializing invitation state changes by multiple concurrent
+   * invitation flow connections.
+   */
+  private _createGuardedState(ctx: Context, invitation: Invitation, stream: PushStream<Invitation>) {
+    // the mutex guards invitation flow on host and guest side, making sure only one flow is currently active
+    // deadlocks seem very unlikely because hosts don't initiate multiple connections
+    // even if this somehow happens that there are 2 guests (A, B) and 2 hosts (1, 2) and:
+    //  A has lock for flow with 1, B has lock for flow with 2
+    //  1 has lock for flow with B, 2 has lock for flow with A
+    // there'll be a 10-second introduction timeout after which connection will be closed and deadlock broken
+    const mutex = new Mutex();
+    let lastActiveExtension: any = null;
+    let currentInvitation = { ...invitation };
+    const isStateChangeAllowed = (extension: InvitationExtension | null) => {
+      if (ctx.disposed || (extension !== null && mutex.isLocked() && !extension.hasFlowLock())) {
+        return false;
+      }
+      // don't allow transitions from a terminal state unless a new extension acquired mutex
+      // handles a case when error occurs (e.g. connection is closed) after we completed the flow
+      // successfully or already reported another error
+      return extension == null || lastActiveExtension !== extension || this._isNotTerminal(currentInvitation.state);
+    };
+    return {
+      mutex,
+      get current() {
+        return currentInvitation;
       },
-      onAuthenticate: async (code: string) => {
-        // TODO(burdon): Reset creates a race condition? Event?
-        authenticated.wake(code);
+      // disposing context prevents any further state updates
+      complete: (newState: Partial<Invitation>) => {
+        currentInvitation = { ...currentInvitation, ...newState };
+        stream.next(currentInvitation);
+        return ctx.dispose();
       },
+      set: (extension: InvitationExtension | null, newState: Invitation.State): boolean => {
+        if (isStateChangeAllowed(extension)) {
+          this._logStateUpdate(currentInvitation, extension, newState);
+          currentInvitation = { ...currentInvitation, state: newState };
+          stream.next(currentInvitation);
+          lastActiveExtension = extension;
+          return true;
+        }
+        return false;
+      },
+      error: (extension: InvitationExtension | null, error: any): boolean => {
+        if (isStateChangeAllowed(extension)) {
+          this._logStateUpdate(currentInvitation, extension, Invitation.State.ERROR);
+          currentInvitation = { ...currentInvitation, state: Invitation.State.ERROR };
+          stream.next(currentInvitation);
+          stream.error(error);
+          lastActiveExtension = extension;
+          return true;
+        }
+        return false;
+      },
+    };
+  }
+
+  private _logStateUpdate(invitation: Invitation, actor: any, newState: Invitation.State) {
+    log('invitation state update', {
+      actor: actor?.constructor.name,
+      newState: stateToString(newState),
+      oldState: stateToString(invitation.state),
     });
+  }
 
-    return observable;
+  private _isNotTerminal(currentState: Invitation.State): boolean {
+    return ![
+      Invitation.State.SUCCESS,
+      Invitation.State.ERROR,
+      Invitation.State.CANCELLED,
+      Invitation.State.TIMEOUT,
+      Invitation.State.EXPIRED,
+    ].includes(currentState);
   }
 
   private async _handleGuestOtpAuth(
     extension: InvitationGuestExtension,
-    setState: (newState: Partial<Invitation>) => void,
+    setState: (newState: Invitation.State) => void,
     authenticated: Trigger<string>,
     options: { timeout: number },
   ) {
     for (let attempt = 1; attempt <= MAX_OTP_ATTEMPTS; attempt++) {
       log('guest waiting for authentication code...');
-      setState({ state: Invitation.State.READY_FOR_AUTHENTICATION });
+      setState(Invitation.State.READY_FOR_AUTHENTICATION);
       const authCode = await authenticated.wait(options);
 
       log('sending authentication request');
-      setState({ state: Invitation.State.AUTHENTICATING });
+      setState(Invitation.State.AUTHENTICATING);
       const response = await extension.rpc.InvitationHostService.authenticate({ authCode });
       if (response.status === undefined || response.status === AuthenticationResponse.Status.OK) {
         break;
@@ -386,7 +483,7 @@ export class InvitationsHandler {
 
   private async _handleGuestKpkAuth(
     extension: InvitationGuestExtension,
-    setState: (newState: Partial<Invitation>) => void,
+    setState: (newState: Invitation.State) => void,
     invitation: Invitation,
     introductionResponse: IntroductionResponse,
   ) {
@@ -397,7 +494,7 @@ export class InvitationsHandler {
       throw new Error('challenge missing in the introduction');
     }
     log('sending authentication request');
-    setState({ state: Invitation.State.AUTHENTICATING });
+    setState(Invitation.State.AUTHENTICATING);
     const signature = sign(Buffer.from(introductionResponse.challenge), invitation.guestKeypair.privateKey);
     const response = await extension.rpc.InvitationHostService.authenticate({
       signedChallenge: signature,

package/src/packlets/invitations/invitations-manager.ts

@@ -2,9 +2,9 @@
 // Copyright 2024 DXOS.org
 //
 
-import { Event, PushStream } from '@dxos/async';
+import { Event, PushStream, TimeoutError, Trigger } from '@dxos/async';
 import {
-  type AuthenticatingInvitation,
+  AuthenticatingInvitation,
   AUTHENTICATION_CODE_LENGTH,
   CancellableInvitation,
   INVITATION_TIMEOUT,
@@ -117,7 +117,8 @@ export class InvitationsManager {
     }
 
     const handler = this._getHandler(options);
-    const invitation = this._invitationsHandler.acceptInvitation(handler, options, request.deviceProfile);
+    const { ctx, invitation, stream, otpEnteredTrigger } = this._createObservableAcceptingInvitation(handler, options);
+    this._invitationsHandler.acceptInvitation(ctx, stream, handler, options, otpEnteredTrigger, request.deviceProfile);
     this._acceptInvitations.set(invitation.get().invitationId, invitation);
     this.invitationAccepted.emit(invitation.get());
 
@@ -149,6 +150,10 @@ export class InvitationsManager {
       if (created.get().persistent) {
         await this._metadataStore.removeInvitation(invitationId);
       }
+      if (created.get().type === Invitation.Type.DELEGATED) {
+        const handler = this._getHandler(created.get());
+        await handler.cancelDelegation(created.get());
+      }
       await created.cancel();
       this._createInvitations.delete(invitationId);
       this.removedCreated.emit(created.get());
@@ -239,6 +244,40 @@ export class InvitationsManager {
     return { ctx, stream, observableInvitation };
   }
 
+  private _createObservableAcceptingInvitation(handler: InvitationProtocol, initialState: Invitation) {
+    const otpEnteredTrigger = new Trigger<string>();
+    const stream = new PushStream<Invitation>();
+    const ctx = new Context({
+      onError: (err) => {
+        if (err instanceof TimeoutError) {
+          log('timeout', { ...handler.toJSON() });
+          stream.next({ ...initialState, state: Invitation.State.TIMEOUT });
+        } else {
+          log.warn('auth failed', err);
+          stream.next({ ...initialState, state: Invitation.State.ERROR });
+        }
+        void ctx.dispose();
+      },
+    });
+    ctx.onDispose(() => {
+      log('complete', { ...handler.toJSON() });
+      stream.complete();
+    });
+    const invitation = new AuthenticatingInvitation({
+      initialInvitation: initialState,
+      subscriber: stream.observable,
+      onCancel: async () => {
+        stream.next({ ...initialState, state: Invitation.State.CANCELLED });
+        await ctx.dispose();
+      },
+      onAuthenticate: async (code: string) => {
+        // TODO(burdon): Reset creates a race condition? Event?
+        otpEnteredTrigger.wake(code);
+      },
+    });
+    return { ctx, invitation, stream, otpEnteredTrigger };
+  }
+
   private async _persistIfRequired(
     handler: InvitationProtocol,
     changeStream: PushStream<Invitation>,