@dynamic-labs-sdk/client 1.17.0 → 1.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (186) hide show
  1. package/dist/core.cjs +7 -5
  2. package/dist/core.cjs.map +1 -1
  3. package/dist/core.esm.js +8 -8
  4. package/dist/core.esm.js.map +1 -1
  5. package/dist/core.native.esm.js +8 -8
  6. package/dist/core.native.esm.js.map +1 -1
  7. package/dist/errors/DeviceRegistrationIdentityMismatchError.d.ts +5 -0
  8. package/dist/errors/DeviceRegistrationIdentityMismatchError.d.ts.map +1 -0
  9. package/dist/errors/UnsafeDeeplinkUrlError.d.ts +17 -0
  10. package/dist/errors/UnsafeDeeplinkUrlError.d.ts.map +1 -0
  11. package/dist/errors/UnsafeNavigationUrlError.d.ts +16 -0
  12. package/dist/errors/UnsafeNavigationUrlError.d.ts.map +1 -0
  13. package/dist/errors/WalletScreeningBlockedError.d.ts +14 -0
  14. package/dist/errors/WalletScreeningBlockedError.d.ts.map +1 -0
  15. package/dist/exports/core.d.ts +4 -0
  16. package/dist/exports/core.d.ts.map +1 -1
  17. package/dist/exports/index.d.ts +7 -2
  18. package/dist/exports/index.d.ts.map +1 -1
  19. package/dist/{getNetworkProviderFromNetworkId-DC1bhMuB.native.esm.js → getNetworkProviderFromNetworkId-C6DBO0OX.native.esm.js} +96 -13
  20. package/dist/getNetworkProviderFromNetworkId-C6DBO0OX.native.esm.js.map +1 -0
  21. package/dist/{getNetworkProviderFromNetworkId-BVVs3arj.esm.js → getNetworkProviderFromNetworkId-CEs4SGW4.esm.js} +105 -22
  22. package/dist/getNetworkProviderFromNetworkId-CEs4SGW4.esm.js.map +1 -0
  23. package/dist/{getNetworkProviderFromNetworkId-DzzocxRc.cjs → getNetworkProviderFromNetworkId-CMIgKqEH.cjs} +119 -18
  24. package/dist/getNetworkProviderFromNetworkId-CMIgKqEH.cjs.map +1 -0
  25. package/dist/{getSignedSessionId-Bnuz2Aqc.esm.js → getSignedSessionId-CUqILBh8.esm.js} +3 -3
  26. package/dist/{getSignedSessionId-Bnuz2Aqc.esm.js.map → getSignedSessionId-CUqILBh8.esm.js.map} +1 -1
  27. package/dist/{getSignedSessionId-Dx0qQLMP.cjs → getSignedSessionId-De_N_Ofg.cjs} +3 -3
  28. package/dist/{getSignedSessionId-Dx0qQLMP.cjs.map → getSignedSessionId-De_N_Ofg.cjs.map} +1 -1
  29. package/dist/{getSignedSessionId-Pc_5wscD.native.esm.js → getSignedSessionId-Hp1nSbaW.native.esm.js} +3 -3
  30. package/dist/{getSignedSessionId-Pc_5wscD.native.esm.js.map → getSignedSessionId-Hp1nSbaW.native.esm.js.map} +1 -1
  31. package/dist/{getWalletProviderByKey-BL3u0e-d.esm.js → getWalletProviderByKey-CKORCA8l.esm.js} +2 -2
  32. package/dist/{getWalletProviderByKey-BL3u0e-d.esm.js.map → getWalletProviderByKey-CKORCA8l.esm.js.map} +1 -1
  33. package/dist/{getWalletProviderByKey-BLWcueTR.cjs → getWalletProviderByKey-D3e0XMjs.cjs} +2 -2
  34. package/dist/{getWalletProviderByKey-BLWcueTR.cjs.map → getWalletProviderByKey-D3e0XMjs.cjs.map} +1 -1
  35. package/dist/{getWalletProviderByKey-DhqKzh7g.native.esm.js → getWalletProviderByKey-D5M801xH.native.esm.js} +2 -2
  36. package/dist/{getWalletProviderByKey-DhqKzh7g.native.esm.js.map → getWalletProviderByKey-D5M801xH.native.esm.js.map} +1 -1
  37. package/dist/index.cjs +253 -72
  38. package/dist/index.cjs.map +1 -1
  39. package/dist/index.esm.js +248 -94
  40. package/dist/index.esm.js.map +1 -1
  41. package/dist/index.native.esm.js +248 -94
  42. package/dist/index.native.esm.js.map +1 -1
  43. package/dist/{isDynamicWaasEnabled-BEn7FcD9.cjs → isDynamicWaasEnabled-BQuXZne_.cjs} +4 -6
  44. package/dist/isDynamicWaasEnabled-BQuXZne_.cjs.map +1 -0
  45. package/dist/{isDynamicWaasEnabled-DYy0TvLy.esm.js → isDynamicWaasEnabled-BaY09iv6.native.esm.js} +3 -5
  46. package/dist/isDynamicWaasEnabled-BaY09iv6.native.esm.js.map +1 -0
  47. package/dist/{isDynamicWaasEnabled-CvBaMGlR.native.esm.js → isDynamicWaasEnabled-BlVIlXMZ.esm.js} +3 -5
  48. package/dist/isDynamicWaasEnabled-BlVIlXMZ.esm.js.map +1 -0
  49. package/dist/{isMfaRequiredForAction-CJ9qbBUz.native.esm.js → isMfaRequiredForAction-CwOGwiDz.native.esm.js} +3 -5
  50. package/dist/isMfaRequiredForAction-CwOGwiDz.native.esm.js.map +1 -0
  51. package/dist/{isMfaRequiredForAction-CaNdGc-m.cjs → isMfaRequiredForAction-Dghiguch.cjs} +13 -6
  52. package/dist/isMfaRequiredForAction-Dghiguch.cjs.map +1 -0
  53. package/dist/{isMfaRequiredForAction-B7wNkqQf.esm.js → isMfaRequiredForAction-r9aDdmK5.esm.js} +13 -6
  54. package/dist/isMfaRequiredForAction-r9aDdmK5.esm.js.map +1 -0
  55. package/dist/{isUserOnboardingComplete-FRAIuxdi.native.esm.js → isUserOnboardingComplete-BMNAbXk1.esm.js} +6 -3
  56. package/dist/isUserOnboardingComplete-BMNAbXk1.esm.js.map +1 -0
  57. package/dist/{isUserOnboardingComplete-CGz-9Iyw.esm.js → isUserOnboardingComplete-C-ioFLRR.native.esm.js} +6 -3
  58. package/dist/isUserOnboardingComplete-C-ioFLRR.native.esm.js.map +1 -0
  59. package/dist/{isUserOnboardingComplete-w1IkCC_p.cjs → isUserOnboardingComplete-j4b_q9Pf.cjs} +7 -4
  60. package/dist/isUserOnboardingComplete-j4b_q9Pf.cjs.map +1 -0
  61. package/dist/{migrateFromFireblocks-DXs3odF_.esm.js → migrateFromFireblocks-D--uqWp5.esm.js} +3 -3
  62. package/dist/{migrateFromFireblocks-DXs3odF_.esm.js.map → migrateFromFireblocks-D--uqWp5.esm.js.map} +1 -1
  63. package/dist/{migrateFromFireblocks-C-IqJz3q.native.esm.js → migrateFromFireblocks-D8Y5h0hz.native.esm.js} +3 -3
  64. package/dist/{migrateFromFireblocks-C-IqJz3q.native.esm.js.map → migrateFromFireblocks-D8Y5h0hz.native.esm.js.map} +1 -1
  65. package/dist/{migrateFromFireblocks-CjQWJPZW.cjs → migrateFromFireblocks-D9pJIgt5.cjs} +3 -3
  66. package/dist/{migrateFromFireblocks-CjQWJPZW.cjs.map → migrateFromFireblocks-D9pJIgt5.cjs.map} +1 -1
  67. package/dist/modules/auth/externalAuth/requestExternalAuthElevatedToken/requestExternalAuthElevatedToken.d.ts +0 -1
  68. package/dist/modules/auth/externalAuth/requestExternalAuthElevatedToken/requestExternalAuthElevatedToken.d.ts.map +1 -1
  69. package/dist/modules/auth/externalAuth/signInWithExternalJwt/signInWithExternalJwt.d.ts +0 -1
  70. package/dist/modules/auth/externalAuth/signInWithExternalJwt/signInWithExternalJwt.d.ts.map +1 -1
  71. package/dist/modules/auth/logoutWithReason/logoutWithReason.d.ts.map +1 -1
  72. package/dist/modules/auth/passkeys/registerPasskey/registerPasskey.d.ts +0 -1
  73. package/dist/modules/auth/passkeys/registerPasskey/registerPasskey.d.ts.map +1 -1
  74. package/dist/modules/auth/passkeys/signInWithPasskey/signInWithPasskey.d.ts +0 -1
  75. package/dist/modules/auth/passkeys/signInWithPasskey/signInWithPasskey.d.ts.map +1 -1
  76. package/dist/modules/auth/social/oauth/signInWithSocialRedirect/buildOAuthUrl/getOAuthBaseUrl/getOAuthBaseUrl.d.ts.map +1 -1
  77. package/dist/modules/auth/social/oauth/unlinkSocialAccount/unlinkSocialAccount.d.ts +0 -1
  78. package/dist/modules/auth/social/oauth/unlinkSocialAccount/unlinkSocialAccount.d.ts.map +1 -1
  79. package/dist/modules/auth/updateAuthFromVerifyResponse/updateAuthFromVerifyResponse.d.ts.map +1 -1
  80. package/dist/modules/captcha/getCaptchaSettings/getCaptchaSettings.d.ts +14 -0
  81. package/dist/modules/captcha/getCaptchaSettings/getCaptchaSettings.d.ts.map +1 -0
  82. package/dist/modules/captcha/getCaptchaSettings/index.d.ts +3 -0
  83. package/dist/modules/captcha/getCaptchaSettings/index.d.ts.map +1 -0
  84. package/dist/modules/captcha/isCaptchaRequired/isCaptchaRequired.d.ts.map +1 -1
  85. package/dist/modules/captcha/setCaptchaToken/setCaptchaToken.d.ts +0 -1
  86. package/dist/modules/captcha/setCaptchaToken/setCaptchaToken.d.ts.map +1 -1
  87. package/dist/modules/deviceRegistration/completeDeviceRegistration/completeDeviceRegistration.d.ts.map +1 -1
  88. package/dist/modules/deviceRegistration/isDeviceRegistrationRequired/isDeviceRegistrationRequired.d.ts +1 -0
  89. package/dist/modules/deviceRegistration/isDeviceRegistrationRequired/isDeviceRegistrationRequired.d.ts.map +1 -1
  90. package/dist/modules/flow/attachFlowSource/attachFlowSource.d.ts.map +1 -1
  91. package/dist/modules/flow/attachFlowSource/attachFlowSource.instrumentation.d.ts +9 -0
  92. package/dist/modules/flow/attachFlowSource/attachFlowSource.instrumentation.d.ts.map +1 -0
  93. package/dist/modules/flow/broadcastFlow/broadcastFlow.instrumentation.d.ts +9 -0
  94. package/dist/modules/flow/broadcastFlow/broadcastFlow.instrumentation.d.ts.map +1 -0
  95. package/dist/modules/flow/cancelFlow/cancelFlow.instrumentation.d.ts +8 -0
  96. package/dist/modules/flow/cancelFlow/cancelFlow.instrumentation.d.ts.map +1 -0
  97. package/dist/modules/flow/prepareFlowSigning/prepareFlowSigning.instrumentation.d.ts +9 -0
  98. package/dist/modules/flow/prepareFlowSigning/prepareFlowSigning.instrumentation.d.ts.map +1 -0
  99. package/dist/modules/flow/submitFlowTransaction/submitFlowTransaction.instrumentation.d.ts +9 -0
  100. package/dist/modules/flow/submitFlowTransaction/submitFlowTransaction.instrumentation.d.ts.map +1 -0
  101. package/dist/modules/funding/moonpay/getMoonPayUrl/getMoonPayUrl.d.ts +0 -4
  102. package/dist/modules/funding/moonpay/getMoonPayUrl/getMoonPayUrl.d.ts.map +1 -1
  103. package/dist/modules/mfa/consumeMfaToken/consumeMfaToken.d.ts +0 -1
  104. package/dist/modules/mfa/consumeMfaToken/consumeMfaToken.d.ts.map +1 -1
  105. package/dist/modules/mfa/createNewMfaRecoveryCodes/createNewMfaRecoveryCodes.d.ts +0 -1
  106. package/dist/modules/mfa/createNewMfaRecoveryCodes/createNewMfaRecoveryCodes.d.ts.map +1 -1
  107. package/dist/modules/mfa/isPendingRecoveryCodesAcknowledgment/isPendingRecoveryCodesAcknowledgment.d.ts +1 -0
  108. package/dist/modules/mfa/isPendingRecoveryCodesAcknowledgment/isPendingRecoveryCodesAcknowledgment.d.ts.map +1 -1
  109. package/dist/modules/mfa/isUserMissingMfaAuth/isUserMissingMfaAuth.d.ts +1 -0
  110. package/dist/modules/mfa/isUserMissingMfaAuth/isUserMissingMfaAuth.d.ts.map +1 -1
  111. package/dist/modules/mfa/registerTotpMfaDevice/registerTotpMfaDevice.d.ts +0 -3
  112. package/dist/modules/mfa/registerTotpMfaDevice/registerTotpMfaDevice.d.ts.map +1 -1
  113. package/dist/modules/otp/sendEmailOTP/sendEmailOTP.d.ts +0 -1
  114. package/dist/modules/otp/sendEmailOTP/sendEmailOTP.d.ts.map +1 -1
  115. package/dist/modules/otp/sendSmsOTP/sendSmsOTP.d.ts +0 -1
  116. package/dist/modules/otp/sendSmsOTP/sendSmsOTP.d.ts.map +1 -1
  117. package/dist/modules/otp/verifyOTP/verifyOTP.d.ts +0 -1
  118. package/dist/modules/otp/verifyOTP/verifyOTP.d.ts.map +1 -1
  119. package/dist/modules/sessionKeys/generateSessionKeys/generateSessionKeys.d.ts.map +1 -1
  120. package/dist/modules/user/isUserOnboardingComplete/isUserOnboardingComplete.d.ts +1 -0
  121. package/dist/modules/user/isUserOnboardingComplete/isUserOnboardingComplete.d.ts.map +1 -1
  122. package/dist/modules/user/refreshAuth/refreshAuth.d.ts +0 -1
  123. package/dist/modules/user/refreshAuth/refreshAuth.d.ts.map +1 -1
  124. package/dist/modules/user/updateUser/updateUser.d.ts +0 -1
  125. package/dist/modules/user/updateUser/updateUser.d.ts.map +1 -1
  126. package/dist/modules/wallets/getWalletProviderDataByKey/getWalletProviderDataByKey.d.ts +2 -1
  127. package/dist/modules/wallets/getWalletProviderDataByKey/getWalletProviderDataByKey.d.ts.map +1 -1
  128. package/dist/modules/wallets/networks/getTransactionHistory/getTransactionHistory.d.ts +1 -1
  129. package/dist/modules/wallets/networks/getTransactionHistory/getTransactionHistory.d.ts.map +1 -1
  130. package/dist/modules/wallets/verifyMessageSignatureOwnership/verifyMessageSignatureOwnership.d.ts +2 -0
  131. package/dist/modules/wallets/verifyMessageSignatureOwnership/verifyMessageSignatureOwnership.d.ts.map +1 -1
  132. package/dist/modules/wallets/walletProviderRegistry/events.d.ts +2 -1
  133. package/dist/modules/wallets/walletProviderRegistry/events.d.ts.map +1 -1
  134. package/dist/services/instrumentation/createInstrumentation/createInstrumentation.d.ts.map +1 -1
  135. package/dist/services/instrumentation/instrumentFunction/instrumentFunction.d.ts +40 -34
  136. package/dist/services/instrumentation/instrumentFunction/instrumentFunction.d.ts.map +1 -1
  137. package/dist/services/instrumentation/instrumentation.types.d.ts +50 -19
  138. package/dist/services/instrumentation/instrumentation.types.d.ts.map +1 -1
  139. package/dist/services/keychain/createKeychainService/createKeychainService.d.ts.map +1 -1
  140. package/dist/services/navigate/createNavigationHandler/createNavigationHandler.d.ts.map +1 -1
  141. package/dist/services/openDeeplink/createWebDeeplinkOpener/createWebDeeplinkOpener.d.ts.map +1 -1
  142. package/dist/tsconfig.lib.tsbuildinfo +1 -1
  143. package/dist/{updateAuthFromVerifyResponse-BdokPJ21.esm.js → updateAuthFromVerifyResponse-BQes11vz.esm.js} +145 -145
  144. package/dist/updateAuthFromVerifyResponse-BQes11vz.esm.js.map +1 -0
  145. package/dist/{updateAuthFromVerifyResponse-CUnvs5Af.cjs → updateAuthFromVerifyResponse-Deg9em9o.cjs} +151 -145
  146. package/dist/updateAuthFromVerifyResponse-Deg9em9o.cjs.map +1 -0
  147. package/dist/{updateAuthFromVerifyResponse-DW-tPgdV.native.esm.js → updateAuthFromVerifyResponse-wVY_DoiL.native.esm.js} +145 -145
  148. package/dist/updateAuthFromVerifyResponse-wVY_DoiL.native.esm.js.map +1 -0
  149. package/dist/utils/assertSafeDeeplinkUrl/assertSafeDeeplinkUrl.d.ts +12 -0
  150. package/dist/utils/assertSafeDeeplinkUrl/assertSafeDeeplinkUrl.d.ts.map +1 -0
  151. package/dist/utils/assertSafeDeeplinkUrl/index.d.ts +2 -0
  152. package/dist/utils/assertSafeDeeplinkUrl/index.d.ts.map +1 -0
  153. package/dist/utils/assertSafeNavigationUrl/assertSafeNavigationUrl.d.ts +12 -0
  154. package/dist/utils/assertSafeNavigationUrl/assertSafeNavigationUrl.d.ts.map +1 -0
  155. package/dist/utils/assertSafeNavigationUrl/index.d.ts +2 -0
  156. package/dist/utils/assertSafeNavigationUrl/index.d.ts.map +1 -0
  157. package/dist/utils/getSecureCookieAttribute/getSecureCookieAttribute.d.ts +18 -0
  158. package/dist/utils/getSecureCookieAttribute/getSecureCookieAttribute.d.ts.map +1 -0
  159. package/dist/utils/getSecureCookieAttribute/index.d.ts +2 -0
  160. package/dist/utils/getSecureCookieAttribute/index.d.ts.map +1 -0
  161. package/dist/waas.cjs +5 -5
  162. package/dist/waas.esm.js +4 -4
  163. package/dist/waas.native.esm.js +4 -4
  164. package/dist/waasCore.cjs +6 -6
  165. package/dist/waasCore.esm.js +6 -6
  166. package/dist/waasCore.native.esm.js +6 -6
  167. package/package.json +3 -3
  168. package/dist/getNetworkProviderFromNetworkId-BVVs3arj.esm.js.map +0 -1
  169. package/dist/getNetworkProviderFromNetworkId-DC1bhMuB.native.esm.js.map +0 -1
  170. package/dist/getNetworkProviderFromNetworkId-DzzocxRc.cjs.map +0 -1
  171. package/dist/isDynamicWaasEnabled-BEn7FcD9.cjs.map +0 -1
  172. package/dist/isDynamicWaasEnabled-CvBaMGlR.native.esm.js.map +0 -1
  173. package/dist/isDynamicWaasEnabled-DYy0TvLy.esm.js.map +0 -1
  174. package/dist/isMfaRequiredForAction-B7wNkqQf.esm.js.map +0 -1
  175. package/dist/isMfaRequiredForAction-CJ9qbBUz.native.esm.js.map +0 -1
  176. package/dist/isMfaRequiredForAction-CaNdGc-m.cjs.map +0 -1
  177. package/dist/isUserOnboardingComplete-CGz-9Iyw.esm.js.map +0 -1
  178. package/dist/isUserOnboardingComplete-FRAIuxdi.native.esm.js.map +0 -1
  179. package/dist/isUserOnboardingComplete-w1IkCC_p.cjs.map +0 -1
  180. package/dist/services/instrumentation/instrumentFunction/extractParams/extractParams.d.ts +0 -28
  181. package/dist/services/instrumentation/instrumentFunction/extractParams/extractParams.d.ts.map +0 -1
  182. package/dist/services/instrumentation/instrumentFunction/scrubResolvedValue/scrubResolvedValue.d.ts +0 -15
  183. package/dist/services/instrumentation/instrumentFunction/scrubResolvedValue/scrubResolvedValue.d.ts.map +0 -1
  184. package/dist/updateAuthFromVerifyResponse-BdokPJ21.esm.js.map +0 -1
  185. package/dist/updateAuthFromVerifyResponse-CUnvs5Af.cjs.map +0 -1
  186. package/dist/updateAuthFromVerifyResponse-DW-tPgdV.native.esm.js.map +0 -1
@@ -1,5 +1,5 @@
1
- const require_isMfaRequiredForAction = require('./isMfaRequiredForAction-CaNdGc-m.cjs');
2
- const require_updateAuthFromVerifyResponse = require('./updateAuthFromVerifyResponse-CUnvs5Af.cjs');
1
+ const require_isMfaRequiredForAction = require('./isMfaRequiredForAction-Dghiguch.cjs');
2
+ const require_updateAuthFromVerifyResponse = require('./updateAuthFromVerifyResponse-Deg9em9o.cjs');
3
3
  let _dynamic_labs_sdk_api_core = require("@dynamic-labs/sdk-api-core");
4
4
 
5
5
  //#region src/modules/user/refreshAuth/refreshAuth.ts
@@ -12,7 +12,6 @@ let _dynamic_labs_sdk_api_core = require("@dynamic-labs/sdk-api-core");
12
12
  * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.
13
13
  * @returns A promise that resolves to the verify response.
14
14
  * @instrumented
15
- * @redact-params
16
15
  */
17
16
  const refreshAuth = async (client = require_updateAuthFromVerifyResponse.getDefaultClient()) => {
18
17
  const core = require_updateAuthFromVerifyResponse.getCore(client);
@@ -30,8 +29,7 @@ const __refreshAuth_wrapped = require_updateAuthFromVerifyResponse.instrumentFun
30
29
  } catch {
31
30
  return;
32
31
  }
33
- },
34
- redactAll: true
32
+ }
35
33
  });
36
34
 
37
35
  //#endregion
@@ -85,4 +83,4 @@ Object.defineProperty(exports, 'isDynamicWaasEnabled', {
85
83
  return isDynamicWaasEnabled;
86
84
  }
87
85
  });
88
- //# sourceMappingURL=isDynamicWaasEnabled-BEn7FcD9.cjs.map
86
+ //# sourceMappingURL=isDynamicWaasEnabled-BQuXZne_.cjs.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"isDynamicWaasEnabled-BQuXZne_.cjs","names":["BaseError","getDefaultClient","EmbeddedWalletVersionEnum"],"sources":["../src/modules/user/refreshAuth/refreshAuth.ts","../src/errors/NotWaasWalletAccountError.ts","../src/modules/waas/isDynamicWaasEnabled/isDynamicWaasEnabled.ts"],"sourcesContent":["import type { VerifyResponse } from '@dynamic-labs/sdk-api-core';\n\nimport { getCore } from '../../../client/core/getCore';\nimport { getDefaultClient } from '../../../client/defaultClient';\nimport { createApiClient } from '../../apiClient';\nimport { updateAuthFromVerifyResponse } from '../../auth/updateAuthFromVerifyResponse';\n\n/**\n * Refreshes the current user's data from the server.\n *\n * This function fetches the latest user information and token from the backend\n * updating the local user and token states with any changes.\n *\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns A promise that resolves to the verify response.\n * @instrumented\n */\nexport const refreshAuth = async (\n client = getDefaultClient()\n): Promise<VerifyResponse> => {\n const core = getCore(client);\n const apiClient = createApiClient({}, client);\n\n const response = await apiClient.refreshAuth({\n environmentId: core.environmentId,\n });\n\n updateAuthFromVerifyResponse({ response }, client);\n\n return response;\n};\n","import { BaseError } from './base';\n\ntype NotWaasWalletAccountErrorParams = {\n walletAddress: string;\n};\n\nexport class NotWaasWalletAccountError extends BaseError {\n constructor({ walletAddress }: NotWaasWalletAccountErrorParams) {\n super({\n cause: null,\n code: 'not_waas_wallet_account_error',\n docsUrl: null,\n name: 'NotWaasWalletAccountError',\n shortMessage: `Wallet account ${walletAddress} is not a Dynamic WaaS wallet account`,\n });\n }\n}\n","import { EmbeddedWalletVersionEnum } from '@dynamic-labs/sdk-api-core';\n\nimport { getDefaultClient } from '../../../client/defaultClient';\nimport { assertDefined } from '../../../utils/assertDefined';\n\n/**\n * Checks if Dynamic WaaS (Wallet as a Service) is enabled for the current project.\n *\n * This function examines the project settings to determine if Dynamic WaaS is\n * enabled in the Dynamic Dashboard or not.\n *\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns True if Dynamic WaaS is enabled, false otherwise.\n * @notInstrumented\n */\nexport const isDynamicWaasEnabled = (client = getDefaultClient()) => {\n const projectSettings = client.projectSettings;\n\n assertDefined(projectSettings, 'Project settings are not available');\n\n const embeddedWalletSettings = projectSettings.sdk.embeddedWallets;\n\n const dynamicWaasIsEnabled =\n embeddedWalletSettings?.defaultWalletVersion ===\n EmbeddedWalletVersionEnum.V3;\n\n return dynamicWaasIsEnabled;\n};\n"],"mappings":";;;;;;;;;;;;;;;AAoBA,MAAE,cAAa,OACb,SAAM,uDAAY;CAElB,MAAM,OAAA,6CAAW,OAAM;wBACN,qDAAK,EAAa,EAAA,OAAA,eAGnC,eAAA,KAAA;AAGD,mEAAA,EAAA,UAAA,EAAA,OAAA;;;;;;;;;;;;;;;;;;ACxBD,IAAa,4BAAb,cAA+CA,+CAAU;CACvD,YAAY,EAAE,iBAAkD;AAC9D,QAAM;GACJ,OAAO;GACP,MAAM;GACN,SAAS;GACT,MAAM;GACN,cAAc,kBAAkB,cAAc;GAC/C,CAAC;;;;;;;;;;;;;;;;ACCN,MAAa,wBAAwB,SAASC,uDAAkB,KAAK;CACnE,MAAM,kBAAkB,OAAO;AAE/B,oDAAc,iBAAiB,qCAAqC;AAQpE,QAN+B,gBAAgB,IAAI,iBAGzB,yBACxBC,qDAA0B"}
@@ -1,4 +1,4 @@
1
- import { K as createApiClient, _t as getCore, gt as BaseError, ot as assertDefined, pt as getDefaultClient, t as updateAuthFromVerifyResponse, v as instrumentFunction } from "./updateAuthFromVerifyResponse-BdokPJ21.esm.js";
1
+ import { _t as BaseError, mt as getDefaultClient, q as createApiClient, st as assertDefined, t as updateAuthFromVerifyResponse, v as instrumentFunction, vt as getCore } from "./updateAuthFromVerifyResponse-wVY_DoiL.native.esm.js";
2
2
  import { EmbeddedWalletVersionEnum } from "@dynamic-labs/sdk-api-core";
3
3
 
4
4
  //#region src/modules/user/refreshAuth/refreshAuth.ts
@@ -11,7 +11,6 @@ import { EmbeddedWalletVersionEnum } from "@dynamic-labs/sdk-api-core";
11
11
  * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.
12
12
  * @returns A promise that resolves to the verify response.
13
13
  * @instrumented
14
- * @redact-params
15
14
  */
16
15
  const refreshAuth = async (client = getDefaultClient()) => {
17
16
  const core = getCore(client);
@@ -29,8 +28,7 @@ const __refreshAuth_wrapped = instrumentFunction({
29
28
  } catch {
30
29
  return;
31
30
  }
32
- },
33
- redactAll: true
31
+ }
34
32
  });
35
33
 
36
34
  //#endregion
@@ -67,4 +65,4 @@ const isDynamicWaasEnabled = (client = getDefaultClient()) => {
67
65
 
68
66
  //#endregion
69
67
  export { NotWaasWalletAccountError as n, __refreshAuth_wrapped as r, isDynamicWaasEnabled as t };
70
- //# sourceMappingURL=isDynamicWaasEnabled-DYy0TvLy.esm.js.map
68
+ //# sourceMappingURL=isDynamicWaasEnabled-BaY09iv6.native.esm.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"isDynamicWaasEnabled-BaY09iv6.native.esm.js","names":[],"sources":["../src/modules/user/refreshAuth/refreshAuth.ts","../src/errors/NotWaasWalletAccountError.ts","../src/modules/waas/isDynamicWaasEnabled/isDynamicWaasEnabled.ts"],"sourcesContent":["import type { VerifyResponse } from '@dynamic-labs/sdk-api-core';\n\nimport { getCore } from '../../../client/core/getCore';\nimport { getDefaultClient } from '../../../client/defaultClient';\nimport { createApiClient } from '../../apiClient';\nimport { updateAuthFromVerifyResponse } from '../../auth/updateAuthFromVerifyResponse';\n\n/**\n * Refreshes the current user's data from the server.\n *\n * This function fetches the latest user information and token from the backend\n * updating the local user and token states with any changes.\n *\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns A promise that resolves to the verify response.\n * @instrumented\n */\nexport const refreshAuth = async (\n client = getDefaultClient()\n): Promise<VerifyResponse> => {\n const core = getCore(client);\n const apiClient = createApiClient({}, client);\n\n const response = await apiClient.refreshAuth({\n environmentId: core.environmentId,\n });\n\n updateAuthFromVerifyResponse({ response }, client);\n\n return response;\n};\n","import { BaseError } from './base';\n\ntype NotWaasWalletAccountErrorParams = {\n walletAddress: string;\n};\n\nexport class NotWaasWalletAccountError extends BaseError {\n constructor({ walletAddress }: NotWaasWalletAccountErrorParams) {\n super({\n cause: null,\n code: 'not_waas_wallet_account_error',\n docsUrl: null,\n name: 'NotWaasWalletAccountError',\n shortMessage: `Wallet account ${walletAddress} is not a Dynamic WaaS wallet account`,\n });\n }\n}\n","import { EmbeddedWalletVersionEnum } from '@dynamic-labs/sdk-api-core';\n\nimport { getDefaultClient } from '../../../client/defaultClient';\nimport { assertDefined } from '../../../utils/assertDefined';\n\n/**\n * Checks if Dynamic WaaS (Wallet as a Service) is enabled for the current project.\n *\n * This function examines the project settings to determine if Dynamic WaaS is\n * enabled in the Dynamic Dashboard or not.\n *\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns True if Dynamic WaaS is enabled, false otherwise.\n * @notInstrumented\n */\nexport const isDynamicWaasEnabled = (client = getDefaultClient()) => {\n const projectSettings = client.projectSettings;\n\n assertDefined(projectSettings, 'Project settings are not available');\n\n const embeddedWalletSettings = projectSettings.sdk.embeddedWallets;\n\n const dynamicWaasIsEnabled =\n embeddedWalletSettings?.defaultWalletVersion ===\n EmbeddedWalletVersionEnum.V3;\n\n return dynamicWaasIsEnabled;\n};\n"],"mappings":";;;;;;;;;;;;;;AAoBA,MAAE,cAAa,OACb,SAAM,kBAAY;CAElB,MAAM,OAAA,QAAW,OAAM;wBACN,gBAAK,EAAa,EAAA,OAAA,eAGnC,eAAA,KAAA;AAGD,8BAAA,EAAA,UAAA,EAAA,OAAA;;;;;;;;;;;;;;;;;;ACxBD,IAAa,4BAAb,cAA+C,UAAU;CACvD,YAAY,EAAE,iBAAkD;AAC9D,QAAM;GACJ,OAAO;GACP,MAAM;GACN,SAAS;GACT,MAAM;GACN,cAAc,kBAAkB,cAAc;GAC/C,CAAC;;;;;;;;;;;;;;;;ACCN,MAAa,wBAAwB,SAAS,kBAAkB,KAAK;CACnE,MAAM,kBAAkB,OAAO;AAE/B,eAAc,iBAAiB,qCAAqC;AAQpE,QAN+B,gBAAgB,IAAI,iBAGzB,yBACxB,0BAA0B"}
@@ -1,4 +1,4 @@
1
- import { K as createApiClient, _t as getCore, gt as BaseError, ot as assertDefined, pt as getDefaultClient, t as updateAuthFromVerifyResponse, v as instrumentFunction } from "./updateAuthFromVerifyResponse-DW-tPgdV.native.esm.js";
1
+ import { _t as BaseError, mt as getDefaultClient, q as createApiClient, st as assertDefined, t as updateAuthFromVerifyResponse, v as instrumentFunction, vt as getCore } from "./updateAuthFromVerifyResponse-BQes11vz.esm.js";
2
2
  import { EmbeddedWalletVersionEnum } from "@dynamic-labs/sdk-api-core";
3
3
 
4
4
  //#region src/modules/user/refreshAuth/refreshAuth.ts
@@ -11,7 +11,6 @@ import { EmbeddedWalletVersionEnum } from "@dynamic-labs/sdk-api-core";
11
11
  * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.
12
12
  * @returns A promise that resolves to the verify response.
13
13
  * @instrumented
14
- * @redact-params
15
14
  */
16
15
  const refreshAuth = async (client = getDefaultClient()) => {
17
16
  const core = getCore(client);
@@ -29,8 +28,7 @@ const __refreshAuth_wrapped = instrumentFunction({
29
28
  } catch {
30
29
  return;
31
30
  }
32
- },
33
- redactAll: true
31
+ }
34
32
  });
35
33
 
36
34
  //#endregion
@@ -67,4 +65,4 @@ const isDynamicWaasEnabled = (client = getDefaultClient()) => {
67
65
 
68
66
  //#endregion
69
67
  export { NotWaasWalletAccountError as n, __refreshAuth_wrapped as r, isDynamicWaasEnabled as t };
70
- //# sourceMappingURL=isDynamicWaasEnabled-CvBaMGlR.native.esm.js.map
68
+ //# sourceMappingURL=isDynamicWaasEnabled-BlVIlXMZ.esm.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"isDynamicWaasEnabled-BlVIlXMZ.esm.js","names":[],"sources":["../src/modules/user/refreshAuth/refreshAuth.ts","../src/errors/NotWaasWalletAccountError.ts","../src/modules/waas/isDynamicWaasEnabled/isDynamicWaasEnabled.ts"],"sourcesContent":["import type { VerifyResponse } from '@dynamic-labs/sdk-api-core';\n\nimport { getCore } from '../../../client/core/getCore';\nimport { getDefaultClient } from '../../../client/defaultClient';\nimport { createApiClient } from '../../apiClient';\nimport { updateAuthFromVerifyResponse } from '../../auth/updateAuthFromVerifyResponse';\n\n/**\n * Refreshes the current user's data from the server.\n *\n * This function fetches the latest user information and token from the backend\n * updating the local user and token states with any changes.\n *\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns A promise that resolves to the verify response.\n * @instrumented\n */\nexport const refreshAuth = async (\n client = getDefaultClient()\n): Promise<VerifyResponse> => {\n const core = getCore(client);\n const apiClient = createApiClient({}, client);\n\n const response = await apiClient.refreshAuth({\n environmentId: core.environmentId,\n });\n\n updateAuthFromVerifyResponse({ response }, client);\n\n return response;\n};\n","import { BaseError } from './base';\n\ntype NotWaasWalletAccountErrorParams = {\n walletAddress: string;\n};\n\nexport class NotWaasWalletAccountError extends BaseError {\n constructor({ walletAddress }: NotWaasWalletAccountErrorParams) {\n super({\n cause: null,\n code: 'not_waas_wallet_account_error',\n docsUrl: null,\n name: 'NotWaasWalletAccountError',\n shortMessage: `Wallet account ${walletAddress} is not a Dynamic WaaS wallet account`,\n });\n }\n}\n","import { EmbeddedWalletVersionEnum } from '@dynamic-labs/sdk-api-core';\n\nimport { getDefaultClient } from '../../../client/defaultClient';\nimport { assertDefined } from '../../../utils/assertDefined';\n\n/**\n * Checks if Dynamic WaaS (Wallet as a Service) is enabled for the current project.\n *\n * This function examines the project settings to determine if Dynamic WaaS is\n * enabled in the Dynamic Dashboard or not.\n *\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns True if Dynamic WaaS is enabled, false otherwise.\n * @notInstrumented\n */\nexport const isDynamicWaasEnabled = (client = getDefaultClient()) => {\n const projectSettings = client.projectSettings;\n\n assertDefined(projectSettings, 'Project settings are not available');\n\n const embeddedWalletSettings = projectSettings.sdk.embeddedWallets;\n\n const dynamicWaasIsEnabled =\n embeddedWalletSettings?.defaultWalletVersion ===\n EmbeddedWalletVersionEnum.V3;\n\n return dynamicWaasIsEnabled;\n};\n"],"mappings":";;;;;;;;;;;;;;AAoBA,MAAE,cAAa,OACb,SAAM,kBAAY;CAElB,MAAM,OAAA,QAAW,OAAM;wBACN,gBAAK,EAAa,EAAA,OAAA,eAGnC,eAAA,KAAA;AAGD,8BAAA,EAAA,UAAA,EAAA,OAAA;;;;;;;;;;;;;;;;;;ACxBD,IAAa,4BAAb,cAA+C,UAAU;CACvD,YAAY,EAAE,iBAAkD;AAC9D,QAAM;GACJ,OAAO;GACP,MAAM;GACN,SAAS;GACT,MAAM;GACN,cAAc,kBAAkB,cAAc;GAC/C,CAAC;;;;;;;;;;;;;;;;ACCN,MAAa,wBAAwB,SAAS,kBAAkB,KAAK;CACnE,MAAM,kBAAkB,OAAO;AAE/B,eAAc,iBAAiB,qCAAqC;AAQpE,QAN+B,gBAAgB,IAAI,iBAGzB,yBACxB,0BAA0B"}
@@ -1,4 +1,4 @@
1
- import { K as createApiClient, _t as getCore, gt as BaseError, ot as assertDefined, pt as getDefaultClient, v as instrumentFunction } from "./updateAuthFromVerifyResponse-DW-tPgdV.native.esm.js";
1
+ import { _t as BaseError, mt as getDefaultClient, q as createApiClient, st as assertDefined, v as instrumentFunction, vt as getCore } from "./updateAuthFromVerifyResponse-wVY_DoiL.native.esm.js";
2
2
 
3
3
  //#region src/errors/NativeModuleNotLinkedError.ts
4
4
  var NativeModuleNotLinkedError = class extends BaseError {
@@ -40,7 +40,6 @@ var NativeModuleNotLinkedError = class extends BaseError {
40
40
  * @returns The MFA token that was consumed.
41
41
  * @throws Error if no MFA token is found.
42
42
  * @instrumented
43
- * @redact-params
44
43
  */
45
44
  const consumeMfaToken = (client = getDefaultClient()) => {
46
45
  const core = getCore(client);
@@ -59,8 +58,7 @@ const __consumeMfaToken_wrapped = instrumentFunction({
59
58
  } catch {
60
59
  return;
61
60
  }
62
- },
63
- redactAll: true
61
+ }
64
62
  });
65
63
 
66
64
  //#endregion
@@ -105,4 +103,4 @@ const isMfaRequiredForAction = async ({ mfaAction }, client = getDefaultClient()
105
103
 
106
104
  //#endregion
107
105
  export { NativeModuleNotLinkedError as i, getMfaMethods as n, __consumeMfaToken_wrapped as r, isMfaRequiredForAction as t };
108
- //# sourceMappingURL=isMfaRequiredForAction-CJ9qbBUz.native.esm.js.map
106
+ //# sourceMappingURL=isMfaRequiredForAction-CwOGwiDz.native.esm.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"isMfaRequiredForAction-CwOGwiDz.native.esm.js","names":[],"sources":["../src/errors/NativeModuleNotLinkedError.ts","../src/modules/mfa/consumeMfaToken/consumeMfaToken.ts","../src/modules/mfa/getMfaMethods/getMfaMethods.ts","../src/modules/mfa/isMfaRequiredForAction/isMfaRequiredForAction.ts"],"sourcesContent":["import { BaseError } from './base';\n\ntype NativeModuleNotLinkedErrorParams = {\n moduleName: string;\n};\n\nexport class NativeModuleNotLinkedError extends BaseError {\n constructor({ moduleName }: NativeModuleNotLinkedErrorParams) {\n super({\n cause: null,\n code: 'native_module_not_linked_error',\n details: [\n `The \"${moduleName}\" TurboModule is not registered with React Native.`,\n 'This usually means the native module was not autolinked into the host app,',\n 'or the app binary was not rebuilt after installing the SDK.',\n '',\n 'To resolve:',\n ' 1. Ensure \"@dynamic-labs-sdk/client\" is a direct dependency of the app',\n ' and reinstall (e.g. `pnpm install`).',\n ' 2. Rebuild the native app:',\n ' iOS: `cd ios && pod install && cd .. && npx react-native run-ios`',\n ' Android: `npx react-native run-android`',\n ' Expo: `npx expo prebuild --clean` then run the app.',\n ' 3. Confirm autolinking sees the package:',\n ' `npx expo-modules-autolinking react-native-config --json`',\n ].join('\\n'),\n docsUrl: null,\n name: 'NativeModuleNotLinkedError',\n shortMessage: `Native TurboModule \"${moduleName}\" is not linked.`,\n });\n }\n}\n","import { getCore } from '../../../client/core/getCore';\nimport { getDefaultClient } from '../../../client/defaultClient';\nimport { assertDefined } from '../../../utils/assertDefined';\n\n/**\n * Consumes and clears the current MFA token from the client state.\n *\n * This function retrieves the MFA token obtained from a successful MFA authentication,\n * and removes it from the client, to prevent it from being used again.\n *\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns The MFA token that was consumed.\n * @throws Error if no MFA token is found.\n * @instrumented\n */\nexport const consumeMfaToken = (client = getDefaultClient()) => {\n const core = getCore(client);\n\n const mfaToken = core.state.get().mfaToken;\n\n assertDefined(mfaToken, 'No MFA token found');\n\n core.state.set({\n mfaToken: null,\n });\n\n return mfaToken;\n};\n","import { getCore } from '../../../client/core/getCore';\nimport { getDefaultClient } from '../../../client/defaultClient';\nimport { createApiClient } from '../../apiClient';\n\n/**\n * Retrieves the available MFA methods for the current user.\n *\n * This function fetches information about which multi-factor authentication\n * methods are available and configured for the user's account.\n *\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns A promise that resolves to the user's MFA methods configuration.\n * @notInstrumented\n */\nexport const getMfaMethods = async (client = getDefaultClient()) => {\n const core = getCore(client);\n const apiClient = createApiClient({}, client);\n\n const userMfaMethods = await apiClient.getUserMfaMethods({\n environmentId: core.environmentId,\n verifiedOnly: true,\n });\n\n return userMfaMethods;\n};\n","import type { MFAAction } from '@dynamic-labs/sdk-api-core';\n\nimport { getDefaultClient } from '../../../client/defaultClient';\nimport { getMfaMethods } from '../getMfaMethods';\n\ntype IsMfaRequiredForActionParams = {\n mfaAction: MFAAction;\n};\n\n/**\n * Checks if MFA is required for a specific action.\n *\n * This function determines whether multi-factor authentication is required\n * for the specified action based on project settings and user configuration.\n *\n * @param params.mfaAction - The action to check MFA requirements for.\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns A promise that resolves to true if MFA is required for the action, false otherwise.\n * @notInstrumented\n */\nexport const isMfaRequiredForAction = async (\n { mfaAction }: IsMfaRequiredForActionParams,\n client = getDefaultClient()\n) => {\n const projectSettings = client.projectSettings;\n\n const isRequiredForAction = projectSettings?.security?.mfa?.actions?.some(\n (action) => action.action === mfaAction && action.required\n );\n\n // if mfa is not required for the action, return false\n // no matter if general mfa is set to required or not\n if (!isRequiredForAction) {\n return false;\n }\n\n const isMfaMethodRequired = projectSettings?.security?.mfa?.required;\n\n // if mfa is required for the action and also set as required in general, return true\n if (isMfaMethodRequired) {\n return true;\n }\n\n const mfaMethods = await getMfaMethods(client);\n // if general mfa is optional, but user has registered methods,\n // then it should be required for the action\n return mfaMethods.userHasVerifiedMfaMethods;\n};\n"],"mappings":";;;AAMA,IAAa,6BAAb,cAAgD,UAAU;CACxD,YAAY,EAAE,cAAgD;AAC5D,QAAM;GACJ,OAAO;GACP,MAAM;GACN,SAAS;IACP,QAAQ,WAAW;IACnB;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACD,CAAC,KAAK,KAAK;GACZ,SAAS;GACT,MAAM;GACN,cAAc,uBAAuB,WAAW;GACjD,CAAC;;;;;;;;;;;;;;;;;ACXN,MAAE,mBAAsB,SAAU,kBAAU,KAAA;;;AAK1C,eAAY,UAAI,qBAAA;kBAGhB,UAAO,MACR,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACbD,MAAa,gBAAgB,OAAO,SAAS,kBAAkB,KAAK;CAClE,MAAM,OAAO,QAAQ,OAAO;AAQ5B,QALuB,MAFL,gBAAgB,EAAE,EAAE,OAAO,CAEN,kBAAkB;EACvD,eAAe,KAAK;EACpB,cAAc;EACf,CAAC;;;;;;;;;;;;;;;;ACDJ,MAAa,yBAAyB,OACpC,EAAE,aACF,SAAS,kBAAkB,KACxB;CACH,MAAM,kBAAkB,OAAO;AAQ/B,KAAI,CANwB,iBAAiB,UAAU,KAAK,SAAS,MAClE,WAAW,OAAO,WAAW,aAAa,OAAO,SACnD,CAKC,QAAO;AAMT,KAH4B,iBAAiB,UAAU,KAAK,SAI1D,QAAO;AAMT,SAHmB,MAAM,cAAc,OAAO,EAG5B"}
@@ -25,7 +25,7 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
25
25
  }) : target, mod));
26
26
 
27
27
  //#endregion
28
- const require_updateAuthFromVerifyResponse = require('./updateAuthFromVerifyResponse-CUnvs5Af.cjs');
28
+ const require_updateAuthFromVerifyResponse = require('./updateAuthFromVerifyResponse-Deg9em9o.cjs');
29
29
  let zod_mini = require("zod/mini");
30
30
  zod_mini = __toESM(zod_mini);
31
31
 
@@ -146,10 +146,19 @@ const fetchProjectSettings = async (client = require_updateAuthFromVerifyRespons
146
146
  /** @notInstrumented */
147
147
  const generateSessionKeys = async (client) => {
148
148
  const core = require_updateAuthFromVerifyResponse.getCore(client);
149
+ const currentState = core.state.get();
150
+ const isRotation = Boolean(currentState.sessionKeys);
151
+ const logContext = {
152
+ environmentId: core.environmentId,
153
+ operation: isRotation ? "rotate" : "create",
154
+ userId: currentState.user?.id ?? null
155
+ };
156
+ core.logger.info(isRotation ? "[generateSessionKeys] Rotating session key..." : "[generateSessionKeys] Creating session key...", logContext);
149
157
  await core.keychain.removeKey("session");
150
158
  const publicKey = await core.keychain.generateKey("session");
151
159
  require_updateAuthFromVerifyResponse.assertDefined(publicKey, "Public key not found");
152
160
  core.state.set({ sessionKeys: publicKey });
161
+ core.logger.info(isRotation ? "[generateSessionKeys] Session key rotated" : "[generateSessionKeys] Session key created", logContext);
153
162
  return { publicKey };
154
163
  };
155
164
 
@@ -233,7 +242,7 @@ const logoutWithReason = async ({ reason }, client) => {
233
242
  * This deletes the auth cookie if it exists.
234
243
  * If the cookie doesn't exist, this sets a new cookie that expires immediately.
235
244
  */
236
- if (require_updateAuthFromVerifyResponse.isCookieEnabled(client)) require_updateAuthFromVerifyResponse.setCookie(`${require_updateAuthFromVerifyResponse.DYNAMIC_AUTH_COOKIE_NAME}=; Max-Age=-99999999; path=/; SameSite=Lax`);
245
+ if (require_updateAuthFromVerifyResponse.isCookieEnabled(client)) require_updateAuthFromVerifyResponse.setCookie(`${require_updateAuthFromVerifyResponse.DYNAMIC_AUTH_COOKIE_NAME}=; Max-Age=-99999999; path=/; SameSite=Lax${require_updateAuthFromVerifyResponse.getSecureCookieAttribute()}`);
237
246
  }
238
247
  await core.keychain.removeKey("session");
239
248
  core.state.set({
@@ -279,7 +288,6 @@ const __logoutWithReason_wrapped = require_updateAuthFromVerifyResponse.instrume
279
288
  * @returns The MFA token that was consumed.
280
289
  * @throws Error if no MFA token is found.
281
290
  * @instrumented
282
- * @redact-params
283
291
  */
284
292
  const consumeMfaToken = (client = require_updateAuthFromVerifyResponse.getDefaultClient()) => {
285
293
  const core = require_updateAuthFromVerifyResponse.getCore(client);
@@ -298,8 +306,7 @@ const __consumeMfaToken_wrapped = require_updateAuthFromVerifyResponse.instrumen
298
306
  } catch {
299
307
  return;
300
308
  }
301
- },
302
- redactAll: true
309
+ }
303
310
  });
304
311
 
305
312
  //#endregion
@@ -403,4 +410,4 @@ Object.defineProperty(exports, 'retryOnFail', {
403
410
  return retryOnFail;
404
411
  }
405
412
  });
406
- //# sourceMappingURL=isMfaRequiredForAction-CaNdGc-m.cjs.map
413
+ //# sourceMappingURL=isMfaRequiredForAction-Dghiguch.cjs.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"isMfaRequiredForAction-Dghiguch.cjs","names":["BaseError","getDefaultClient","getWalletAccounts","z","getDefaultClient","getCore","createApiClient","CLIENT_SDK_NAME","getCore","getCore","walletProvidersMap: Map<string, WalletProvider>","getWalletAccounts","getWalletProviderFromWalletAccount","getCore","getDefaultClient","getCore","createApiClient","getDefaultClient"],"sources":["../src/utils/retryOnFail/InvalidRetryOnFailCallError.ts","../src/utils/retryOnFail/retryOnFail.ts","../src/modules/auth/isSignedIn/isSignedIn.ts","../src/services/storage/createStorageKeySchema/createStorageKeySchema.ts","../src/modules/projectSettings/fetchProjectSettings/projectSettingsExpirationScheme.ts","../src/modules/projectSettings/fetchProjectSettings/fetchProjectSettings.ts","../src/modules/sessionKeys/generateSessionKeys/generateSessionKeys.ts","../src/modules/wallets/utils/getAvailableWalletProvidersFromWalletAccounts/getAvailableWalletProvidersFromWalletAccounts.ts","../src/modules/wallets/destroyWalletProviders/destroyWalletProviders.ts","../src/modules/auth/logoutWithReason/logoutWithReason.ts","../src/modules/mfa/consumeMfaToken/consumeMfaToken.ts","../src/modules/mfa/getMfaMethods/getMfaMethods.ts","../src/modules/mfa/isMfaRequiredForAction/isMfaRequiredForAction.ts"],"sourcesContent":["import { BaseError } from '../../errors/base';\n\n/**\n * This error is thrown when the `retryOnFail` function is called with an invalid\n * number of retries (i.e. less than 0).\n */\nexport class InvalidRetryOnFailCallError extends BaseError {\n // eslint-disable-next-line custom-rules/require-single-object-param\n constructor(maxRetries: number) {\n super({\n cause: null,\n code: 'invalid_retry_on_fail_call_error',\n docsUrl: null,\n name: 'InvalidRetryOnFailCallError',\n shortMessage: `Invalid retries parameter for retryOnFail call: ${maxRetries}`,\n });\n }\n}\n","import { InvalidRetryOnFailCallError } from './InvalidRetryOnFailCallError';\n\nexport type RetryOnFailParams<T> = {\n /**\n * The delay between retries in milliseconds.\n */\n delay?: number;\n /**\n * The function to call.\n */\n fn: () => Promise<T>;\n /**\n * The maximum number of retries.\n *\n * When set to 0, the function will be called only once and is\n * therefore equivalent to calling the function directly.\n */\n maxRetries: number;\n};\n\n/** @notInstrumented */\nexport const retryOnFail = async <T>({\n delay = 0,\n fn,\n maxRetries,\n}: RetryOnFailParams<T>) => {\n for (let retry = 0; retry <= maxRetries; retry++) {\n try {\n return await fn();\n } catch (error) {\n if (retry >= maxRetries) {\n throw error;\n }\n\n if (delay > 0) {\n await new Promise((resolve) => setTimeout(resolve, delay));\n }\n }\n }\n\n /**\n * Reaching this point should never happen and this\n * error is thrown to help us debug the issue.\n */\n throw new InvalidRetryOnFailCallError(maxRetries);\n};\n","import { getDefaultClient } from '../../../client/defaultClient';\nimport { getWalletAccounts } from '../../wallets/getWalletAccounts';\n\n/**\n * Checks if the user is currently signed in to the Dynamic client.\n *\n * The client is considered to be in a signed in state if a user has\n * authenticated or if the client has at least one wallet connected.\n *\n * @deprecated What counts as \"signed in\" is your app's business logic, not the\n * SDK's. This helper bakes in one opinion (a user OR any connected wallet),\n * which rarely matches every app and forces a dependency on us for every\n * variation. Compose your own check from the underlying primitives instead —\n * e.g. `Boolean(client.user) || isAnyWalletAccountConnected(client)` — and\n * layer in whatever your app requires (device registration, completed\n * onboarding, satisfied MFA, a required embedded wallet, …). See the\n * \"Check if signed in\" guide:\n * https://www.dynamic.xyz/docs/javascript/user-session-management\n *\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns True if the user is signed in, false otherwise.\n * @notInstrumented\n */\nexport const isSignedIn = (client = getDefaultClient()) =>\n Boolean(client.user || getWalletAccounts(client).length > 0);\n","import type * as z from 'zod/mini';\n\nimport type { StorageKeySchema, StorageKeySchemaConfig } from '../storage.types';\n\n/** @notInstrumented */\nexport const createStorageKeySchema = <T>(params: {\n config?: StorageKeySchemaConfig;\n key: string;\n schema: z.ZodMiniType<T>;\n}): StorageKeySchema<T> => {\n return params;\n};\n","import * as z from 'zod/mini';\n\nimport { createStorageKeySchema } from '../../../services/storage';\n\n/**\n * The schema to track the expiration time of the project settings.\n */\nexport const projectSettingsExpirationStorageKeySchema = createStorageKeySchema(\n {\n key: 'projectSettingsExpiration',\n schema: z.number(),\n }\n);\n","import { getCore } from '../../../client/core/getCore';\nimport { getDefaultClient } from '../../../client/defaultClient';\nimport { retryOnFail } from '../../../utils/retryOnFail';\nimport { createApiClient } from '../../apiClient';\nimport { CLIENT_SDK_NAME } from '../../apiClient/constants';\nimport { isSignedIn } from '../../auth/isSignedIn';\nimport { projectSettingsExpirationStorageKeySchema } from './projectSettingsExpirationScheme';\n\n/**\n * Expiration time of the project settings in milliseconds.\n */\nexport const PROJECT_SETTINGS_EXPIRATION_TIME = 1000 * 60 * 5; // 5 minutes\n\n/**\n * Fetches and updates the project settings from the API.\n *\n * This function retrieves the latest project configuration settings\n * from Dynamic's servers, including authentication options, enabled chains,\n * and security configurations. The settings are cached for performance.\n *\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns A promise that resolves to the updated project settings.\n * @notInstrumented\n * @noHook Internal settings fetch that is not part of the public hook surface.\n */\nexport const fetchProjectSettings = async (client = getDefaultClient()) => {\n const core = getCore(client);\n\n const currentExpiration = await core.storage.getItem(\n projectSettingsExpirationStorageKeySchema\n );\n\n const hasProjectSettings = Boolean(client.projectSettings);\n const isExpired = currentExpiration && currentExpiration < Date.now();\n\n // We want to cache the project settings if its valid and user is connected.\n // This avoids unnecessary API calls and speeds up the initial load.\n if (hasProjectSettings && !isExpired && isSignedIn(client)) {\n return client.projectSettings;\n }\n\n const apiClient = createApiClient({}, client);\n\n core.logger.debug('[fetchProjectSettings] Fetching project settings...');\n\n const doFetch = async () =>\n apiClient.getEnvironmentSettings(\n {\n environmentId: core.environmentId,\n sdkVersion: `${CLIENT_SDK_NAME}/${core.version}`,\n },\n {\n credentials: 'omit',\n }\n );\n\n const projectSettings = await retryOnFail({\n fn: doFetch,\n maxRetries: 2,\n });\n\n core.state.set({ projectSettings: projectSettings ?? null });\n\n await core.storage.setItem(\n projectSettingsExpirationStorageKeySchema,\n Date.now() + PROJECT_SETTINGS_EXPIRATION_TIME\n );\n\n return projectSettings;\n};\n","import { getCore } from '../../../client/core/getCore';\nimport type { DynamicClient } from '../../../client/types';\nimport { assertDefined } from '../../../utils/assertDefined';\nimport type { SessionKeys } from '../sessionKeys.types';\n\n/** @notInstrumented */\nexport const generateSessionKeys = async (\n client: DynamicClient\n): Promise<SessionKeys> => {\n const core = getCore(client);\n\n const currentState = core.state.get();\n\n const isRotation = Boolean(currentState.sessionKeys);\n\n const logContext = {\n environmentId: core.environmentId,\n operation: isRotation ? 'rotate' : 'create',\n userId: currentState.user?.id ?? null,\n };\n\n core.logger.info(\n isRotation\n ? '[generateSessionKeys] Rotating session key...'\n : '[generateSessionKeys] Creating session key...',\n logContext\n );\n\n await core.keychain.removeKey('session');\n\n const publicKey = await core.keychain.generateKey('session');\n\n assertDefined(publicKey, 'Public key not found');\n\n core.state.set({\n sessionKeys: publicKey,\n });\n\n core.logger.info(\n isRotation\n ? '[generateSessionKeys] Session key rotated'\n : '[generateSessionKeys] Session key created',\n logContext\n );\n\n return { publicKey };\n};\n","import { getCore } from '../../../../client/core/getCore';\nimport type { DynamicClient } from '../../../../client/types';\nimport { getWalletAccounts } from '../../getWalletAccounts';\nimport type { WalletProvider } from '../../walletProvider';\nimport { getWalletProviderFromWalletAccount } from '../getWalletProviderFromWalletAccount';\n\n/** @notInstrumented */\nexport const getAvailableWalletProvidersFromWalletAccounts = (\n client: DynamicClient\n) => {\n const core = getCore(client);\n\n const walletProvidersMap: Map<string, WalletProvider> = new Map();\n\n const walletAccounts = getWalletAccounts(client);\n\n walletAccounts.forEach((walletAccount) => {\n if (walletProvidersMap.has(walletAccount.walletProviderKey)) {\n return;\n }\n\n try {\n const walletProvider = getWalletProviderFromWalletAccount(\n {\n walletAccount,\n },\n client\n );\n\n walletProvidersMap.set(walletAccount.walletProviderKey, walletProvider);\n } catch (error) {\n core.logger.debug('Wallet provider not found for wallet account', {\n error,\n walletAccount: walletAccount.address,\n });\n }\n });\n\n return Array.from(walletProvidersMap.values());\n};\n","import { getCore } from '../../../client/core/getCore';\nimport type { DynamicClient } from '../../../client/types/DynamicClient';\nimport type { LogoutReason } from '../../auth/logoutReason';\nimport { getAvailableWalletProvidersFromWalletAccounts } from '../utils/getAvailableWalletProvidersFromWalletAccounts';\n\n/**\n * Tear down every wallet provider on the client.\n *\n * Each provider's `destroy` is responsible for its own local + remote\n * cleanup. We swallow errors so a failing destroy on one provider does not\n * block teardown of the others (e.g. during logout).\n *\n * @notInstrumented\n */\nexport const destroyWalletProviders = async (\n { reason }: { reason?: LogoutReason },\n client: DynamicClient\n) => {\n const core = getCore(client);\n\n const walletProviders = getAvailableWalletProvidersFromWalletAccounts(client);\n\n await Promise.all(\n walletProviders.map(async (walletProvider) => {\n if (!walletProvider.destroy) return;\n try {\n await walletProvider.destroy({ reason });\n } catch (err) {\n core.logger.error(\n `Error destroying wallet provider ${walletProvider.key}`,\n err\n );\n }\n })\n );\n};\n","import type { DynamicClient } from '../../../client/types';\nimport { getCore } from '../../../client/core/getCore';\nimport { getSecureCookieAttribute } from '../../../utils/getSecureCookieAttribute';\nimport { setCookie } from '../../../utils/setCookie';\nimport { createApiClient } from '../../apiClient';\nimport { emitEvent } from '../../clientEvents';\nimport { fetchProjectSettings } from '../../projectSettings/fetchProjectSettings';\nimport { isCookieEnabled } from '../../projectSettings/isCookieEnabled';\nimport { generateSessionKeys } from '../../sessionKeys/generateSessionKeys';\nimport { destroyWalletProviders } from '../../wallets/destroyWalletProviders';\nimport { DYNAMIC_AUTH_COOKIE_NAME } from '../consts';\nimport type { LogoutReason } from '../logoutReason';\n\n/**\n * Logs the user out with an explicit reason.\n *\n * Revokes the session, clears auth state, terminates wallet providers, and\n * emits the `logout` client event with the given reason. The reason is also\n * captured as an argument on the function-instrumentation event, which is\n * how Datadog distinguishes between different logout causes.\n *\n * Use this instead of the public `logout` when triggering a logout from\n * internal or extension code — the caller owns the reason string, so the\n * telemetry correctly attributes *why* the logout happened.\n *\n * @param params - The logout params.\n * @param params.reason - Why the logout is being triggered. Extension authors\n * needing a reason outside the SDK catalog can cast with `as LogoutReason`.\n * @param client - The Dynamic client instance.\n * @instrumented\n */\nexport const logoutWithReason = async (\n { reason }: { reason: LogoutReason },\n client: DynamicClient\n) => {\n const core = getCore(client);\n\n core.logger.debug('[logoutWithReason] Logging out...', { reason });\n\n await destroyWalletProviders({ reason }, client);\n\n if (client.user !== null) {\n const apiClient = createApiClient({}, client);\n\n try {\n await apiClient.revokeSession({\n environmentId: core.environmentId,\n });\n } catch (error) {\n core.logger.error('Failed to revoke session', error);\n }\n\n /**\n * This deletes the auth cookie if it exists.\n * If the cookie doesn't exist, this sets a new cookie that expires immediately.\n */\n if (isCookieEnabled(client)) {\n // Match the Secure attribute used when the cookie was written so the\n // deletion cookie is accepted consistently in a secure context.\n const secureAttribute = getSecureCookieAttribute();\n\n setCookie(\n `${DYNAMIC_AUTH_COOKIE_NAME}=; Max-Age=-99999999; path=/; SameSite=Lax${secureAttribute}`\n );\n }\n }\n\n await core.keychain.removeKey('session');\n\n core.state.set({\n captchaToken: null,\n elevatedAccessTokens: [],\n legacyToken: null,\n mfaToken: null,\n sessionExpiresAt: null,\n sessionKeys: null,\n token: null,\n unverifiedWalletAccounts: [],\n user: null,\n });\n\n emitEvent({ args: { reason }, event: 'logout' }, client);\n\n // Refetch project settings\n void fetchProjectSettings(client);\n\n // Regenerate session keys\n void generateSessionKeys(client);\n};\n","import { getCore } from '../../../client/core/getCore';\nimport { getDefaultClient } from '../../../client/defaultClient';\nimport { assertDefined } from '../../../utils/assertDefined';\n\n/**\n * Consumes and clears the current MFA token from the client state.\n *\n * This function retrieves the MFA token obtained from a successful MFA authentication,\n * and removes it from the client, to prevent it from being used again.\n *\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns The MFA token that was consumed.\n * @throws Error if no MFA token is found.\n * @instrumented\n */\nexport const consumeMfaToken = (client = getDefaultClient()) => {\n const core = getCore(client);\n\n const mfaToken = core.state.get().mfaToken;\n\n assertDefined(mfaToken, 'No MFA token found');\n\n core.state.set({\n mfaToken: null,\n });\n\n return mfaToken;\n};\n","import { getCore } from '../../../client/core/getCore';\nimport { getDefaultClient } from '../../../client/defaultClient';\nimport { createApiClient } from '../../apiClient';\n\n/**\n * Retrieves the available MFA methods for the current user.\n *\n * This function fetches information about which multi-factor authentication\n * methods are available and configured for the user's account.\n *\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns A promise that resolves to the user's MFA methods configuration.\n * @notInstrumented\n */\nexport const getMfaMethods = async (client = getDefaultClient()) => {\n const core = getCore(client);\n const apiClient = createApiClient({}, client);\n\n const userMfaMethods = await apiClient.getUserMfaMethods({\n environmentId: core.environmentId,\n verifiedOnly: true,\n });\n\n return userMfaMethods;\n};\n","import type { MFAAction } from '@dynamic-labs/sdk-api-core';\n\nimport { getDefaultClient } from '../../../client/defaultClient';\nimport { getMfaMethods } from '../getMfaMethods';\n\ntype IsMfaRequiredForActionParams = {\n mfaAction: MFAAction;\n};\n\n/**\n * Checks if MFA is required for a specific action.\n *\n * This function determines whether multi-factor authentication is required\n * for the specified action based on project settings and user configuration.\n *\n * @param params.mfaAction - The action to check MFA requirements for.\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns A promise that resolves to true if MFA is required for the action, false otherwise.\n * @notInstrumented\n */\nexport const isMfaRequiredForAction = async (\n { mfaAction }: IsMfaRequiredForActionParams,\n client = getDefaultClient()\n) => {\n const projectSettings = client.projectSettings;\n\n const isRequiredForAction = projectSettings?.security?.mfa?.actions?.some(\n (action) => action.action === mfaAction && action.required\n );\n\n // if mfa is not required for the action, return false\n // no matter if general mfa is set to required or not\n if (!isRequiredForAction) {\n return false;\n }\n\n const isMfaMethodRequired = projectSettings?.security?.mfa?.required;\n\n // if mfa is required for the action and also set as required in general, return true\n if (isMfaMethodRequired) {\n return true;\n }\n\n const mfaMethods = await getMfaMethods(client);\n // if general mfa is optional, but user has registered methods,\n // then it should be required for the action\n return mfaMethods.userHasVerifiedMfaMethods;\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAMA,IAAa,8BAAb,cAAiDA,+CAAU;CAEzD,YAAY,YAAoB;AAC9B,QAAM;GACJ,OAAO;GACP,MAAM;GACN,SAAS;GACT,MAAM;GACN,cAAc,mDAAmD;GAClE,CAAC;;;;;;;ACMN,MAAa,cAAc,OAAU,EACnC,QAAQ,GACR,IACA,iBAC0B;AAC1B,MAAK,IAAI,QAAQ,GAAG,SAAS,YAAY,QACvC,KAAI;AACF,SAAO,MAAM,IAAI;UACV,OAAO;AACd,MAAI,SAAS,WACX,OAAM;AAGR,MAAI,QAAQ,EACV,OAAM,IAAI,SAAS,YAAY,WAAW,SAAS,MAAM,CAAC;;;;;;AAShE,OAAM,IAAI,4BAA4B,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;ACrBnD,MAAa,cAAc,SAASC,uDAAkB,KACpD,QAAQ,OAAO,QAAQC,uDAAkB,OAAO,CAAC,SAAS,EAAE;;;;;ACnB9D,MAAa,0BAA6B,WAIf;AACzB,QAAO;;;;;;;;ACHT,MAAa,4CAA4C,uBACvD;CACE,KAAK;CACL,QAAQC,SAAE,QAAQ;CACnB,CACF;;;;;;;ACDD,MAAa,mCAAmC,MAAO,KAAK;;;;;;;;;;;;;AAc5D,MAAa,uBAAuB,OAAO,SAASC,uDAAkB,KAAK;CACzE,MAAM,OAAOC,6CAAQ,OAAO;CAE5B,MAAM,oBAAoB,MAAM,KAAK,QAAQ,QAC3C,0CACD;AAOD,KAL2B,QAAQ,OAAO,gBAAgB,IAKhC,EAJR,qBAAqB,oBAAoB,KAAK,KAAK,KAI7B,WAAW,OAAO,CACxD,QAAO,OAAO;CAGhB,MAAM,YAAYC,qDAAgB,EAAE,EAAE,OAAO;AAE7C,MAAK,OAAO,MAAM,sDAAsD;CAExE,MAAM,UAAU,YACd,UAAU,uBACR;EACE,eAAe,KAAK;EACpB,YAAY,GAAGC,qDAAgB,GAAG,KAAK;EACxC,EACD,EACE,aAAa,QACd,CACF;CAEH,MAAM,kBAAkB,MAAM,YAAY;EACxC,IAAI;EACJ,YAAY;EACb,CAAC;AAEF,MAAK,MAAM,IAAI,EAAE,iBAAiB,mBAAmB,MAAM,CAAC;AAE5D,OAAM,KAAK,QAAQ,QACjB,2CACA,KAAK,KAAK,GAAG,iCACd;AAED,QAAO;;;;;;AC9DT,MAAa,sBAAsB,OACjC,WACyB;CACzB,MAAM,OAAOC,6CAAQ,OAAO;CAE5B,MAAM,eAAe,KAAK,MAAM,KAAK;CAErC,MAAM,aAAa,QAAQ,aAAa,YAAY;CAEpD,MAAM,aAAa;EACjB,eAAe,KAAK;EACpB,WAAW,aAAa,WAAW;EACnC,QAAQ,aAAa,MAAM,MAAM;EAClC;AAED,MAAK,OAAO,KACV,aACI,kDACA,iDACJ,WACD;AAED,OAAM,KAAK,SAAS,UAAU,UAAU;CAExC,MAAM,YAAY,MAAM,KAAK,SAAS,YAAY,UAAU;AAE5D,oDAAc,WAAW,uBAAuB;AAEhD,MAAK,MAAM,IAAI,EACb,aAAa,WACd,CAAC;AAEF,MAAK,OAAO,KACV,aACI,8CACA,6CACJ,WACD;AAED,QAAO,EAAE,WAAW;;;;;;ACtCtB,MAAa,iDACX,WACG;CACH,MAAM,OAAOC,6CAAQ,OAAO;CAE5B,MAAMC,qCAAkD,IAAI,KAAK;AAIjE,CAFuBC,uDAAkB,OAAO,CAEjC,SAAS,kBAAkB;AACxC,MAAI,mBAAmB,IAAI,cAAc,kBAAkB,CACzD;AAGF,MAAI;GACF,MAAM,iBAAiBC,wEACrB,EACE,eACD,EACD,OACD;AAED,sBAAmB,IAAI,cAAc,mBAAmB,eAAe;WAChE,OAAO;AACd,QAAK,OAAO,MAAM,gDAAgD;IAChE;IACA,eAAe,cAAc;IAC9B,CAAC;;GAEJ;AAEF,QAAO,MAAM,KAAK,mBAAmB,QAAQ,CAAC;;;;;;;;;;;;;;ACxBhD,MAAa,yBAAyB,OACpC,EAAE,UACF,WACG;CACH,MAAM,OAAOC,6CAAQ,OAAO;CAE5B,MAAM,kBAAkB,8CAA8C,OAAO;AAE7E,OAAM,QAAQ,IACZ,gBAAgB,IAAI,OAAO,mBAAmB;AAC5C,MAAI,CAAC,eAAe,QAAS;AAC7B,MAAI;AACF,SAAM,eAAe,QAAQ,EAAE,QAAQ,CAAC;WACjC,KAAK;AACZ,QAAK,OAAO,MACV,oCAAoC,eAAe,OACnD,IACD;;GAEH,CACH;;;;;;;;;;;;;;;;;;;;;;;ACAH,MAAK,mBAAA,OACH,EAAA,qBAEA;;;AAKA,OAAE,uBAAkB,EAAA,QAAmB,EAAC,OAAO;AAE/C,KAAE,OAAI,SAAA,MAAA;EACJ,MAAE,YAAgB,qDAAc,EAAA,EAAA,OAAA;AAEhC,MAAI;AACF,SAAM,UAAQ,cAAA,EACd,eAAiB,KAAE,eACrB,CAAA;;AAEE,QAAA,OAAA,MAAA,4BAAA,MAAA;;;;;;AAOF,MAAE,qDAAM,OAAkB,CAK1B,gDACF,GAAA,8DAAA,4CAHS,+DAA6C;;AAQtD,OAAE,KAAA,SAAkB,UAAA,UAAA;AAEpB,MAAE,MAAA,IAAa;EACb,cAAc;EACd,sBAAsB,EAAA;EACtB,aAAa;EACb,UAAO;EACP,kBAAA;EACA,aAAU;EACV,OAAA;;EAEF,MAAA;;AAGA,gDAAK;EAAA,MAAA,EAAA,QAAqB;EAAA,OAAO;EAAA,EAAA,OAAA;AAGjC,CAAK,qBAAoB,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACrElC,MAAE,mBAAsB,SAAU,uDAAU,KAAA;;;AAK1C,oDAAY,UAAI,qBAAA;kBAGhB,UAAO,MACR,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACbD,MAAa,gBAAgB,OAAO,SAASC,uDAAkB,KAAK;CAClE,MAAM,OAAOC,6CAAQ,OAAO;AAQ5B,QALuB,MAFLC,qDAAgB,EAAE,EAAE,OAAO,CAEN,kBAAkB;EACvD,eAAe,KAAK;EACpB,cAAc;EACf,CAAC;;;;;;;;;;;;;;;;ACDJ,MAAa,yBAAyB,OACpC,EAAE,aACF,SAASC,uDAAkB,KACxB;CACH,MAAM,kBAAkB,OAAO;AAQ/B,KAAI,CANwB,iBAAiB,UAAU,KAAK,SAAS,MAClE,WAAW,OAAO,WAAW,aAAa,OAAO,SACnD,CAKC,QAAO;AAMT,KAH4B,iBAAiB,UAAU,KAAK,SAI1D,QAAO;AAMT,SAHmB,MAAM,cAAc,OAAO,EAG5B"}
@@ -1,4 +1,4 @@
1
- import { B as emitEvent, E as getWalletProviderFromWalletAccount, K as createApiClient, T as DYNAMIC_AUTH_COOKIE_NAME, W as setCookie, _t as getCore, at as isCookieEnabled, gt as BaseError, j as getWalletAccounts, ot as assertDefined, pt as getDefaultClient, ut as CLIENT_SDK_NAME, v as instrumentFunction } from "./updateAuthFromVerifyResponse-BdokPJ21.esm.js";
1
+ import { B as emitEvent, E as getWalletProviderFromWalletAccount, G as getSecureCookieAttribute, T as DYNAMIC_AUTH_COOKIE_NAME, W as setCookie, _t as BaseError, dt as CLIENT_SDK_NAME, j as getWalletAccounts, mt as getDefaultClient, ot as isCookieEnabled, q as createApiClient, st as assertDefined, v as instrumentFunction, vt as getCore } from "./updateAuthFromVerifyResponse-BQes11vz.esm.js";
2
2
  import * as z from "zod/mini";
3
3
 
4
4
  //#region src/utils/retryOnFail/InvalidRetryOnFailCallError.ts
@@ -118,10 +118,19 @@ const fetchProjectSettings = async (client = getDefaultClient()) => {
118
118
  /** @notInstrumented */
119
119
  const generateSessionKeys = async (client) => {
120
120
  const core = getCore(client);
121
+ const currentState = core.state.get();
122
+ const isRotation = Boolean(currentState.sessionKeys);
123
+ const logContext = {
124
+ environmentId: core.environmentId,
125
+ operation: isRotation ? "rotate" : "create",
126
+ userId: currentState.user?.id ?? null
127
+ };
128
+ core.logger.info(isRotation ? "[generateSessionKeys] Rotating session key..." : "[generateSessionKeys] Creating session key...", logContext);
121
129
  await core.keychain.removeKey("session");
122
130
  const publicKey = await core.keychain.generateKey("session");
123
131
  assertDefined(publicKey, "Public key not found");
124
132
  core.state.set({ sessionKeys: publicKey });
133
+ core.logger.info(isRotation ? "[generateSessionKeys] Session key rotated" : "[generateSessionKeys] Session key created", logContext);
125
134
  return { publicKey };
126
135
  };
127
136
 
@@ -205,7 +214,7 @@ const logoutWithReason = async ({ reason }, client) => {
205
214
  * This deletes the auth cookie if it exists.
206
215
  * If the cookie doesn't exist, this sets a new cookie that expires immediately.
207
216
  */
208
- if (isCookieEnabled(client)) setCookie(`${DYNAMIC_AUTH_COOKIE_NAME}=; Max-Age=-99999999; path=/; SameSite=Lax`);
217
+ if (isCookieEnabled(client)) setCookie(`${DYNAMIC_AUTH_COOKIE_NAME}=; Max-Age=-99999999; path=/; SameSite=Lax${getSecureCookieAttribute()}`);
209
218
  }
210
219
  await core.keychain.removeKey("session");
211
220
  core.state.set({
@@ -251,7 +260,6 @@ const __logoutWithReason_wrapped = instrumentFunction({
251
260
  * @returns The MFA token that was consumed.
252
261
  * @throws Error if no MFA token is found.
253
262
  * @instrumented
254
- * @redact-params
255
263
  */
256
264
  const consumeMfaToken = (client = getDefaultClient()) => {
257
265
  const core = getCore(client);
@@ -270,8 +278,7 @@ const __consumeMfaToken_wrapped = instrumentFunction({
270
278
  } catch {
271
279
  return;
272
280
  }
273
- },
274
- redactAll: true
281
+ }
275
282
  });
276
283
 
277
284
  //#endregion
@@ -316,4 +323,4 @@ const isMfaRequiredForAction = async ({ mfaAction }, client = getDefaultClient()
316
323
 
317
324
  //#endregion
318
325
  export { generateSessionKeys as a, isSignedIn as c, __logoutWithReason_wrapped as i, retryOnFail as l, getMfaMethods as n, fetchProjectSettings as o, __consumeMfaToken_wrapped as r, createStorageKeySchema as s, isMfaRequiredForAction as t };
319
- //# sourceMappingURL=isMfaRequiredForAction-B7wNkqQf.esm.js.map
326
+ //# sourceMappingURL=isMfaRequiredForAction-r9aDdmK5.esm.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"isMfaRequiredForAction-r9aDdmK5.esm.js","names":["walletProvidersMap: Map<string, WalletProvider>"],"sources":["../src/utils/retryOnFail/InvalidRetryOnFailCallError.ts","../src/utils/retryOnFail/retryOnFail.ts","../src/modules/auth/isSignedIn/isSignedIn.ts","../src/services/storage/createStorageKeySchema/createStorageKeySchema.ts","../src/modules/projectSettings/fetchProjectSettings/projectSettingsExpirationScheme.ts","../src/modules/projectSettings/fetchProjectSettings/fetchProjectSettings.ts","../src/modules/sessionKeys/generateSessionKeys/generateSessionKeys.ts","../src/modules/wallets/utils/getAvailableWalletProvidersFromWalletAccounts/getAvailableWalletProvidersFromWalletAccounts.ts","../src/modules/wallets/destroyWalletProviders/destroyWalletProviders.ts","../src/modules/auth/logoutWithReason/logoutWithReason.ts","../src/modules/mfa/consumeMfaToken/consumeMfaToken.ts","../src/modules/mfa/getMfaMethods/getMfaMethods.ts","../src/modules/mfa/isMfaRequiredForAction/isMfaRequiredForAction.ts"],"sourcesContent":["import { BaseError } from '../../errors/base';\n\n/**\n * This error is thrown when the `retryOnFail` function is called with an invalid\n * number of retries (i.e. less than 0).\n */\nexport class InvalidRetryOnFailCallError extends BaseError {\n // eslint-disable-next-line custom-rules/require-single-object-param\n constructor(maxRetries: number) {\n super({\n cause: null,\n code: 'invalid_retry_on_fail_call_error',\n docsUrl: null,\n name: 'InvalidRetryOnFailCallError',\n shortMessage: `Invalid retries parameter for retryOnFail call: ${maxRetries}`,\n });\n }\n}\n","import { InvalidRetryOnFailCallError } from './InvalidRetryOnFailCallError';\n\nexport type RetryOnFailParams<T> = {\n /**\n * The delay between retries in milliseconds.\n */\n delay?: number;\n /**\n * The function to call.\n */\n fn: () => Promise<T>;\n /**\n * The maximum number of retries.\n *\n * When set to 0, the function will be called only once and is\n * therefore equivalent to calling the function directly.\n */\n maxRetries: number;\n};\n\n/** @notInstrumented */\nexport const retryOnFail = async <T>({\n delay = 0,\n fn,\n maxRetries,\n}: RetryOnFailParams<T>) => {\n for (let retry = 0; retry <= maxRetries; retry++) {\n try {\n return await fn();\n } catch (error) {\n if (retry >= maxRetries) {\n throw error;\n }\n\n if (delay > 0) {\n await new Promise((resolve) => setTimeout(resolve, delay));\n }\n }\n }\n\n /**\n * Reaching this point should never happen and this\n * error is thrown to help us debug the issue.\n */\n throw new InvalidRetryOnFailCallError(maxRetries);\n};\n","import { getDefaultClient } from '../../../client/defaultClient';\nimport { getWalletAccounts } from '../../wallets/getWalletAccounts';\n\n/**\n * Checks if the user is currently signed in to the Dynamic client.\n *\n * The client is considered to be in a signed in state if a user has\n * authenticated or if the client has at least one wallet connected.\n *\n * @deprecated What counts as \"signed in\" is your app's business logic, not the\n * SDK's. This helper bakes in one opinion (a user OR any connected wallet),\n * which rarely matches every app and forces a dependency on us for every\n * variation. Compose your own check from the underlying primitives instead —\n * e.g. `Boolean(client.user) || isAnyWalletAccountConnected(client)` — and\n * layer in whatever your app requires (device registration, completed\n * onboarding, satisfied MFA, a required embedded wallet, …). See the\n * \"Check if signed in\" guide:\n * https://www.dynamic.xyz/docs/javascript/user-session-management\n *\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns True if the user is signed in, false otherwise.\n * @notInstrumented\n */\nexport const isSignedIn = (client = getDefaultClient()) =>\n Boolean(client.user || getWalletAccounts(client).length > 0);\n","import type * as z from 'zod/mini';\n\nimport type { StorageKeySchema, StorageKeySchemaConfig } from '../storage.types';\n\n/** @notInstrumented */\nexport const createStorageKeySchema = <T>(params: {\n config?: StorageKeySchemaConfig;\n key: string;\n schema: z.ZodMiniType<T>;\n}): StorageKeySchema<T> => {\n return params;\n};\n","import * as z from 'zod/mini';\n\nimport { createStorageKeySchema } from '../../../services/storage';\n\n/**\n * The schema to track the expiration time of the project settings.\n */\nexport const projectSettingsExpirationStorageKeySchema = createStorageKeySchema(\n {\n key: 'projectSettingsExpiration',\n schema: z.number(),\n }\n);\n","import { getCore } from '../../../client/core/getCore';\nimport { getDefaultClient } from '../../../client/defaultClient';\nimport { retryOnFail } from '../../../utils/retryOnFail';\nimport { createApiClient } from '../../apiClient';\nimport { CLIENT_SDK_NAME } from '../../apiClient/constants';\nimport { isSignedIn } from '../../auth/isSignedIn';\nimport { projectSettingsExpirationStorageKeySchema } from './projectSettingsExpirationScheme';\n\n/**\n * Expiration time of the project settings in milliseconds.\n */\nexport const PROJECT_SETTINGS_EXPIRATION_TIME = 1000 * 60 * 5; // 5 minutes\n\n/**\n * Fetches and updates the project settings from the API.\n *\n * This function retrieves the latest project configuration settings\n * from Dynamic's servers, including authentication options, enabled chains,\n * and security configurations. The settings are cached for performance.\n *\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns A promise that resolves to the updated project settings.\n * @notInstrumented\n * @noHook Internal settings fetch that is not part of the public hook surface.\n */\nexport const fetchProjectSettings = async (client = getDefaultClient()) => {\n const core = getCore(client);\n\n const currentExpiration = await core.storage.getItem(\n projectSettingsExpirationStorageKeySchema\n );\n\n const hasProjectSettings = Boolean(client.projectSettings);\n const isExpired = currentExpiration && currentExpiration < Date.now();\n\n // We want to cache the project settings if its valid and user is connected.\n // This avoids unnecessary API calls and speeds up the initial load.\n if (hasProjectSettings && !isExpired && isSignedIn(client)) {\n return client.projectSettings;\n }\n\n const apiClient = createApiClient({}, client);\n\n core.logger.debug('[fetchProjectSettings] Fetching project settings...');\n\n const doFetch = async () =>\n apiClient.getEnvironmentSettings(\n {\n environmentId: core.environmentId,\n sdkVersion: `${CLIENT_SDK_NAME}/${core.version}`,\n },\n {\n credentials: 'omit',\n }\n );\n\n const projectSettings = await retryOnFail({\n fn: doFetch,\n maxRetries: 2,\n });\n\n core.state.set({ projectSettings: projectSettings ?? null });\n\n await core.storage.setItem(\n projectSettingsExpirationStorageKeySchema,\n Date.now() + PROJECT_SETTINGS_EXPIRATION_TIME\n );\n\n return projectSettings;\n};\n","import { getCore } from '../../../client/core/getCore';\nimport type { DynamicClient } from '../../../client/types';\nimport { assertDefined } from '../../../utils/assertDefined';\nimport type { SessionKeys } from '../sessionKeys.types';\n\n/** @notInstrumented */\nexport const generateSessionKeys = async (\n client: DynamicClient\n): Promise<SessionKeys> => {\n const core = getCore(client);\n\n const currentState = core.state.get();\n\n const isRotation = Boolean(currentState.sessionKeys);\n\n const logContext = {\n environmentId: core.environmentId,\n operation: isRotation ? 'rotate' : 'create',\n userId: currentState.user?.id ?? null,\n };\n\n core.logger.info(\n isRotation\n ? '[generateSessionKeys] Rotating session key...'\n : '[generateSessionKeys] Creating session key...',\n logContext\n );\n\n await core.keychain.removeKey('session');\n\n const publicKey = await core.keychain.generateKey('session');\n\n assertDefined(publicKey, 'Public key not found');\n\n core.state.set({\n sessionKeys: publicKey,\n });\n\n core.logger.info(\n isRotation\n ? '[generateSessionKeys] Session key rotated'\n : '[generateSessionKeys] Session key created',\n logContext\n );\n\n return { publicKey };\n};\n","import { getCore } from '../../../../client/core/getCore';\nimport type { DynamicClient } from '../../../../client/types';\nimport { getWalletAccounts } from '../../getWalletAccounts';\nimport type { WalletProvider } from '../../walletProvider';\nimport { getWalletProviderFromWalletAccount } from '../getWalletProviderFromWalletAccount';\n\n/** @notInstrumented */\nexport const getAvailableWalletProvidersFromWalletAccounts = (\n client: DynamicClient\n) => {\n const core = getCore(client);\n\n const walletProvidersMap: Map<string, WalletProvider> = new Map();\n\n const walletAccounts = getWalletAccounts(client);\n\n walletAccounts.forEach((walletAccount) => {\n if (walletProvidersMap.has(walletAccount.walletProviderKey)) {\n return;\n }\n\n try {\n const walletProvider = getWalletProviderFromWalletAccount(\n {\n walletAccount,\n },\n client\n );\n\n walletProvidersMap.set(walletAccount.walletProviderKey, walletProvider);\n } catch (error) {\n core.logger.debug('Wallet provider not found for wallet account', {\n error,\n walletAccount: walletAccount.address,\n });\n }\n });\n\n return Array.from(walletProvidersMap.values());\n};\n","import { getCore } from '../../../client/core/getCore';\nimport type { DynamicClient } from '../../../client/types/DynamicClient';\nimport type { LogoutReason } from '../../auth/logoutReason';\nimport { getAvailableWalletProvidersFromWalletAccounts } from '../utils/getAvailableWalletProvidersFromWalletAccounts';\n\n/**\n * Tear down every wallet provider on the client.\n *\n * Each provider's `destroy` is responsible for its own local + remote\n * cleanup. We swallow errors so a failing destroy on one provider does not\n * block teardown of the others (e.g. during logout).\n *\n * @notInstrumented\n */\nexport const destroyWalletProviders = async (\n { reason }: { reason?: LogoutReason },\n client: DynamicClient\n) => {\n const core = getCore(client);\n\n const walletProviders = getAvailableWalletProvidersFromWalletAccounts(client);\n\n await Promise.all(\n walletProviders.map(async (walletProvider) => {\n if (!walletProvider.destroy) return;\n try {\n await walletProvider.destroy({ reason });\n } catch (err) {\n core.logger.error(\n `Error destroying wallet provider ${walletProvider.key}`,\n err\n );\n }\n })\n );\n};\n","import type { DynamicClient } from '../../../client/types';\nimport { getCore } from '../../../client/core/getCore';\nimport { getSecureCookieAttribute } from '../../../utils/getSecureCookieAttribute';\nimport { setCookie } from '../../../utils/setCookie';\nimport { createApiClient } from '../../apiClient';\nimport { emitEvent } from '../../clientEvents';\nimport { fetchProjectSettings } from '../../projectSettings/fetchProjectSettings';\nimport { isCookieEnabled } from '../../projectSettings/isCookieEnabled';\nimport { generateSessionKeys } from '../../sessionKeys/generateSessionKeys';\nimport { destroyWalletProviders } from '../../wallets/destroyWalletProviders';\nimport { DYNAMIC_AUTH_COOKIE_NAME } from '../consts';\nimport type { LogoutReason } from '../logoutReason';\n\n/**\n * Logs the user out with an explicit reason.\n *\n * Revokes the session, clears auth state, terminates wallet providers, and\n * emits the `logout` client event with the given reason. The reason is also\n * captured as an argument on the function-instrumentation event, which is\n * how Datadog distinguishes between different logout causes.\n *\n * Use this instead of the public `logout` when triggering a logout from\n * internal or extension code — the caller owns the reason string, so the\n * telemetry correctly attributes *why* the logout happened.\n *\n * @param params - The logout params.\n * @param params.reason - Why the logout is being triggered. Extension authors\n * needing a reason outside the SDK catalog can cast with `as LogoutReason`.\n * @param client - The Dynamic client instance.\n * @instrumented\n */\nexport const logoutWithReason = async (\n { reason }: { reason: LogoutReason },\n client: DynamicClient\n) => {\n const core = getCore(client);\n\n core.logger.debug('[logoutWithReason] Logging out...', { reason });\n\n await destroyWalletProviders({ reason }, client);\n\n if (client.user !== null) {\n const apiClient = createApiClient({}, client);\n\n try {\n await apiClient.revokeSession({\n environmentId: core.environmentId,\n });\n } catch (error) {\n core.logger.error('Failed to revoke session', error);\n }\n\n /**\n * This deletes the auth cookie if it exists.\n * If the cookie doesn't exist, this sets a new cookie that expires immediately.\n */\n if (isCookieEnabled(client)) {\n // Match the Secure attribute used when the cookie was written so the\n // deletion cookie is accepted consistently in a secure context.\n const secureAttribute = getSecureCookieAttribute();\n\n setCookie(\n `${DYNAMIC_AUTH_COOKIE_NAME}=; Max-Age=-99999999; path=/; SameSite=Lax${secureAttribute}`\n );\n }\n }\n\n await core.keychain.removeKey('session');\n\n core.state.set({\n captchaToken: null,\n elevatedAccessTokens: [],\n legacyToken: null,\n mfaToken: null,\n sessionExpiresAt: null,\n sessionKeys: null,\n token: null,\n unverifiedWalletAccounts: [],\n user: null,\n });\n\n emitEvent({ args: { reason }, event: 'logout' }, client);\n\n // Refetch project settings\n void fetchProjectSettings(client);\n\n // Regenerate session keys\n void generateSessionKeys(client);\n};\n","import { getCore } from '../../../client/core/getCore';\nimport { getDefaultClient } from '../../../client/defaultClient';\nimport { assertDefined } from '../../../utils/assertDefined';\n\n/**\n * Consumes and clears the current MFA token from the client state.\n *\n * This function retrieves the MFA token obtained from a successful MFA authentication,\n * and removes it from the client, to prevent it from being used again.\n *\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns The MFA token that was consumed.\n * @throws Error if no MFA token is found.\n * @instrumented\n */\nexport const consumeMfaToken = (client = getDefaultClient()) => {\n const core = getCore(client);\n\n const mfaToken = core.state.get().mfaToken;\n\n assertDefined(mfaToken, 'No MFA token found');\n\n core.state.set({\n mfaToken: null,\n });\n\n return mfaToken;\n};\n","import { getCore } from '../../../client/core/getCore';\nimport { getDefaultClient } from '../../../client/defaultClient';\nimport { createApiClient } from '../../apiClient';\n\n/**\n * Retrieves the available MFA methods for the current user.\n *\n * This function fetches information about which multi-factor authentication\n * methods are available and configured for the user's account.\n *\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns A promise that resolves to the user's MFA methods configuration.\n * @notInstrumented\n */\nexport const getMfaMethods = async (client = getDefaultClient()) => {\n const core = getCore(client);\n const apiClient = createApiClient({}, client);\n\n const userMfaMethods = await apiClient.getUserMfaMethods({\n environmentId: core.environmentId,\n verifiedOnly: true,\n });\n\n return userMfaMethods;\n};\n","import type { MFAAction } from '@dynamic-labs/sdk-api-core';\n\nimport { getDefaultClient } from '../../../client/defaultClient';\nimport { getMfaMethods } from '../getMfaMethods';\n\ntype IsMfaRequiredForActionParams = {\n mfaAction: MFAAction;\n};\n\n/**\n * Checks if MFA is required for a specific action.\n *\n * This function determines whether multi-factor authentication is required\n * for the specified action based on project settings and user configuration.\n *\n * @param params.mfaAction - The action to check MFA requirements for.\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns A promise that resolves to true if MFA is required for the action, false otherwise.\n * @notInstrumented\n */\nexport const isMfaRequiredForAction = async (\n { mfaAction }: IsMfaRequiredForActionParams,\n client = getDefaultClient()\n) => {\n const projectSettings = client.projectSettings;\n\n const isRequiredForAction = projectSettings?.security?.mfa?.actions?.some(\n (action) => action.action === mfaAction && action.required\n );\n\n // if mfa is not required for the action, return false\n // no matter if general mfa is set to required or not\n if (!isRequiredForAction) {\n return false;\n }\n\n const isMfaMethodRequired = projectSettings?.security?.mfa?.required;\n\n // if mfa is required for the action and also set as required in general, return true\n if (isMfaMethodRequired) {\n return true;\n }\n\n const mfaMethods = await getMfaMethods(client);\n // if general mfa is optional, but user has registered methods,\n // then it should be required for the action\n return mfaMethods.userHasVerifiedMfaMethods;\n};\n"],"mappings":";;;;;;;;AAMA,IAAa,8BAAb,cAAiD,UAAU;CAEzD,YAAY,YAAoB;AAC9B,QAAM;GACJ,OAAO;GACP,MAAM;GACN,SAAS;GACT,MAAM;GACN,cAAc,mDAAmD;GAClE,CAAC;;;;;;;ACMN,MAAa,cAAc,OAAU,EACnC,QAAQ,GACR,IACA,iBAC0B;AAC1B,MAAK,IAAI,QAAQ,GAAG,SAAS,YAAY,QACvC,KAAI;AACF,SAAO,MAAM,IAAI;UACV,OAAO;AACd,MAAI,SAAS,WACX,OAAM;AAGR,MAAI,QAAQ,EACV,OAAM,IAAI,SAAS,YAAY,WAAW,SAAS,MAAM,CAAC;;;;;;AAShE,OAAM,IAAI,4BAA4B,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;ACrBnD,MAAa,cAAc,SAAS,kBAAkB,KACpD,QAAQ,OAAO,QAAQ,kBAAkB,OAAO,CAAC,SAAS,EAAE;;;;;ACnB9D,MAAa,0BAA6B,WAIf;AACzB,QAAO;;;;;;;;ACHT,MAAa,4CAA4C,uBACvD;CACE,KAAK;CACL,QAAQ,EAAE,QAAQ;CACnB,CACF;;;;;;;ACDD,MAAa,mCAAmC,MAAO,KAAK;;;;;;;;;;;;;AAc5D,MAAa,uBAAuB,OAAO,SAAS,kBAAkB,KAAK;CACzE,MAAM,OAAO,QAAQ,OAAO;CAE5B,MAAM,oBAAoB,MAAM,KAAK,QAAQ,QAC3C,0CACD;AAOD,KAL2B,QAAQ,OAAO,gBAAgB,IAKhC,EAJR,qBAAqB,oBAAoB,KAAK,KAAK,KAI7B,WAAW,OAAO,CACxD,QAAO,OAAO;CAGhB,MAAM,YAAY,gBAAgB,EAAE,EAAE,OAAO;AAE7C,MAAK,OAAO,MAAM,sDAAsD;CAExE,MAAM,UAAU,YACd,UAAU,uBACR;EACE,eAAe,KAAK;EACpB,YAAY,GAAG,gBAAgB,GAAG,KAAK;EACxC,EACD,EACE,aAAa,QACd,CACF;CAEH,MAAM,kBAAkB,MAAM,YAAY;EACxC,IAAI;EACJ,YAAY;EACb,CAAC;AAEF,MAAK,MAAM,IAAI,EAAE,iBAAiB,mBAAmB,MAAM,CAAC;AAE5D,OAAM,KAAK,QAAQ,QACjB,2CACA,KAAK,KAAK,GAAG,iCACd;AAED,QAAO;;;;;;AC9DT,MAAa,sBAAsB,OACjC,WACyB;CACzB,MAAM,OAAO,QAAQ,OAAO;CAE5B,MAAM,eAAe,KAAK,MAAM,KAAK;CAErC,MAAM,aAAa,QAAQ,aAAa,YAAY;CAEpD,MAAM,aAAa;EACjB,eAAe,KAAK;EACpB,WAAW,aAAa,WAAW;EACnC,QAAQ,aAAa,MAAM,MAAM;EAClC;AAED,MAAK,OAAO,KACV,aACI,kDACA,iDACJ,WACD;AAED,OAAM,KAAK,SAAS,UAAU,UAAU;CAExC,MAAM,YAAY,MAAM,KAAK,SAAS,YAAY,UAAU;AAE5D,eAAc,WAAW,uBAAuB;AAEhD,MAAK,MAAM,IAAI,EACb,aAAa,WACd,CAAC;AAEF,MAAK,OAAO,KACV,aACI,8CACA,6CACJ,WACD;AAED,QAAO,EAAE,WAAW;;;;;;ACtCtB,MAAa,iDACX,WACG;CACH,MAAM,OAAO,QAAQ,OAAO;CAE5B,MAAMA,qCAAkD,IAAI,KAAK;AAIjE,CAFuB,kBAAkB,OAAO,CAEjC,SAAS,kBAAkB;AACxC,MAAI,mBAAmB,IAAI,cAAc,kBAAkB,CACzD;AAGF,MAAI;GACF,MAAM,iBAAiB,mCACrB,EACE,eACD,EACD,OACD;AAED,sBAAmB,IAAI,cAAc,mBAAmB,eAAe;WAChE,OAAO;AACd,QAAK,OAAO,MAAM,gDAAgD;IAChE;IACA,eAAe,cAAc;IAC9B,CAAC;;GAEJ;AAEF,QAAO,MAAM,KAAK,mBAAmB,QAAQ,CAAC;;;;;;;;;;;;;;ACxBhD,MAAa,yBAAyB,OACpC,EAAE,UACF,WACG;CACH,MAAM,OAAO,QAAQ,OAAO;CAE5B,MAAM,kBAAkB,8CAA8C,OAAO;AAE7E,OAAM,QAAQ,IACZ,gBAAgB,IAAI,OAAO,mBAAmB;AAC5C,MAAI,CAAC,eAAe,QAAS;AAC7B,MAAI;AACF,SAAM,eAAe,QAAQ,EAAE,QAAQ,CAAC;WACjC,KAAK;AACZ,QAAK,OAAO,MACV,oCAAoC,eAAe,OACnD,IACD;;GAEH,CACH;;;;;;;;;;;;;;;;;;;;;;;ACAH,MAAK,mBAAA,OACH,EAAA,qBAEA;;;AAKA,OAAE,uBAAkB,EAAA,QAAmB,EAAC,OAAO;AAE/C,KAAE,OAAI,SAAA,MAAA;EACJ,MAAE,YAAgB,gBAAc,EAAA,EAAA,OAAA;AAEhC,MAAI;AACF,SAAM,UAAQ,cAAA,EACd,eAAiB,KAAE,eACrB,CAAA;;AAEE,QAAA,OAAA,MAAA,4BAAA,MAAA;;;;;;AAOF,MAAE,gBAAM,OAAkB,CAK1B,WACF,GAAA,yBAAA,4CAHS,0BAA6C;;AAQtD,OAAE,KAAA,SAAkB,UAAA,UAAA;AAEpB,MAAE,MAAA,IAAa;EACb,cAAc;EACd,sBAAsB,EAAA;EACtB,aAAa;EACb,UAAO;EACP,kBAAA;EACA,aAAU;EACV,OAAA;;EAEF,MAAA;;AAGA,WAAK;EAAA,MAAA,EAAA,QAAqB;EAAA,OAAO;EAAA,EAAA,OAAA;AAGjC,CAAK,qBAAoB,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACrElC,MAAE,mBAAsB,SAAU,kBAAU,KAAA;;;AAK1C,eAAY,UAAI,qBAAA;kBAGhB,UAAO,MACR,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACbD,MAAa,gBAAgB,OAAO,SAAS,kBAAkB,KAAK;CAClE,MAAM,OAAO,QAAQ,OAAO;AAQ5B,QALuB,MAFL,gBAAgB,EAAE,EAAE,OAAO,CAEN,kBAAkB;EACvD,eAAe,KAAK;EACpB,cAAc;EACf,CAAC;;;;;;;;;;;;;;;;ACDJ,MAAa,yBAAyB,OACpC,EAAE,aACF,SAAS,kBAAkB,KACxB;CACH,MAAM,kBAAkB,OAAO;AAQ/B,KAAI,CANwB,iBAAiB,UAAU,KAAK,SAAS,MAClE,WAAW,OAAO,WAAW,aAAa,OAAO,SACnD,CAKC,QAAO;AAMT,KAH4B,iBAAiB,UAAU,KAAK,SAI1D,QAAO;AAMT,SAHmB,MAAM,cAAc,OAAO,EAG5B"}
@@ -1,5 +1,5 @@
1
- import { _t as getCore, at as isCookieEnabled, gt as BaseError, l as DEFAULT_WAAS_BASE_API_URL, ot as assertDefined, p as isUserMissingMfaAuth, pt as getDefaultClient } from "./updateAuthFromVerifyResponse-DW-tPgdV.native.esm.js";
2
- import { t as isDynamicWaasEnabled } from "./isDynamicWaasEnabled-CvBaMGlR.native.esm.js";
1
+ import { _t as BaseError, l as DEFAULT_WAAS_BASE_API_URL, mt as getDefaultClient, ot as isCookieEnabled, p as isUserMissingMfaAuth, st as assertDefined, vt as getCore } from "./updateAuthFromVerifyResponse-BQes11vz.esm.js";
2
+ import { t as isDynamicWaasEnabled } from "./isDynamicWaasEnabled-BlVIlXMZ.esm.js";
3
3
  import { MfaBackupCodeAcknowledgement } from "@dynamic-labs/sdk-api-core";
4
4
  import { preconnectWaasIframe } from "@dynamic-labs-wallet/browser-wallet-client";
5
5
 
@@ -65,6 +65,7 @@ const preconnectWaasIframe$1 = (client) => {
65
65
  * @param user - The user to check.
66
66
  * @returns True if device registration is required, false otherwise.
67
67
  * @notInstrumented
68
+ * @hook Exposed as a hook so consumers reactively know when this device must be registered, updated when the user changes.
68
69
  */
69
70
  const isDeviceRegistrationRequired = (user) => Boolean(user.scope?.includes("device:register"));
70
71
 
@@ -79,6 +80,7 @@ const isDeviceRegistrationRequired = (user) => Boolean(user.scope?.includes("dev
79
80
  * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.
80
81
  * @returns True if recovery codes are pending acknowledgment, false otherwise.
81
82
  * @notInstrumented
83
+ * @hook Exposed as a hook so consumers reactively know when recovery codes await acknowledgment, updated when the user changes.
82
84
  */
83
85
  const isPendingRecoveryCodesAcknowledgment = (client = getDefaultClient()) => {
84
86
  const user = client.user;
@@ -105,6 +107,7 @@ const isPendingRecoveryCodesAcknowledgment = (client = getDefaultClient()) => {
105
107
  * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.
106
108
  * @returns True if onboarding is complete (no pending requirements), false if there are pending requirements.
107
109
  * @notInstrumented
110
+ * @hook Exposed as a hook so consumers reactively know when onboarding is complete, updated when the user changes.
108
111
  */
109
112
  const isUserOnboardingComplete = (client = getDefaultClient()) => {
110
113
  const user = client.user;
@@ -118,4 +121,4 @@ const isUserOnboardingComplete = (client = getDefaultClient()) => {
118
121
 
119
122
  //#endregion
120
123
  export { WaasOnboardingIncompleteError as a, preconnectWaasIframe$1 as i, isPendingRecoveryCodesAcknowledgment as n, isDeviceRegistrationRequired as r, isUserOnboardingComplete as t };
121
- //# sourceMappingURL=isUserOnboardingComplete-FRAIuxdi.native.esm.js.map
124
+ //# sourceMappingURL=isUserOnboardingComplete-BMNAbXk1.esm.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"isUserOnboardingComplete-BMNAbXk1.esm.js","names":["preconnectWaasIframe"],"sources":["../src/errors/WaasOnboardingIncompleteError.ts","../src/modules/waas/preconnectWaasIframe/preconnectWaasIframe.ts","../src/modules/deviceRegistration/isDeviceRegistrationRequired/isDeviceRegistrationRequired.ts","../src/modules/mfa/isPendingRecoveryCodesAcknowledgment/isPendingRecoveryCodesAcknowledgment.ts","../src/modules/user/isUserOnboardingComplete/isUserOnboardingComplete.ts"],"sourcesContent":["import { BaseError } from './base';\n\n/**\n * Thrown when the embedded (WaaS) wallet client is requested before the user\n * has completed onboarding — i.e. the JWT has not upgraded to `user:basic`\n * because MFA, KYC, recovery-codes acknowledgment, or device registration is\n * still pending.\n *\n * The WaaS iframe's init-time room-cache pre-warm fires `createRooms` using the\n * token captured at client construction (before any per-operation token\n * resync). Building the client during this window lets that pre-warm fire with\n * a pre-`user:basic` token, get a 401, and the iframe's unauthorized handler\n * force-logs-out the user. Throwing here surfaces a clear, recoverable reason\n * instead — wait for onboarding to complete and retry.\n */\nexport class WaasOnboardingIncompleteError extends BaseError {\n constructor() {\n super({\n cause: null,\n code: 'waas_onboarding_incomplete',\n docsUrl: null,\n name: 'WaasOnboardingIncompleteError',\n shortMessage:\n 'Cannot create or access the embedded wallet until onboarding is complete (pending MFA, KYC, recovery-codes acknowledgment, or device registration).',\n });\n }\n}\n","import type { AuthMode } from '@dynamic-labs-wallet/browser-wallet-client';\nimport { preconnectWaasIframe as preconnectWaasIframeOrigin } from '@dynamic-labs-wallet/browser-wallet-client';\n\nimport { getCore } from '../../../client/core/getCore';\nimport type { DynamicClient } from '../../../client/types';\nimport { isCookieEnabled } from '../../projectSettings/isCookieEnabled';\nimport { DEFAULT_WAAS_BASE_API_URL } from '../constants';\nimport { isDynamicWaasEnabled } from '../isDynamicWaasEnabled';\n\n/**\n * Warms the browser's connection (DNS + TCP + TLS) to the embedded-wallet\n * iframe origin so the iframe mounted after authentication completes loads on\n * a hot connection. Called when an auth flow starts (OTP send/verify, social\n * callback). Safe to call repeatedly; no-op on React Native / SSR and when\n * Dynamic WaaS is not enabled.\n *\n * @param client - The Dynamic client instance.\n * @notInstrumented\n */\nexport const preconnectWaasIframe = (client: DynamicClient): void => {\n const core = getCore(client);\n try {\n if (!isDynamicWaasEnabled(client)) return;\n\n preconnectWaasIframeOrigin({\n authMode: (isCookieEnabled(client) ? 'cookie' : 'header') as AuthMode,\n baseApiUrl: (core.apiBaseUrl || DEFAULT_WAAS_BASE_API_URL).replace(\n '/api/v0',\n ''\n ),\n });\n } catch (error) {\n // Best-effort: never break the auth flow (also swallows the assertion\n // from isDynamicWaasEnabled when project settings are not loaded yet).\n core.logger.warn('[preconnectWaasIframe] skipped', error);\n }\n};\n","import type { User } from '../../user/user.types';\n\n/**\n * Checks if device registration is required for the given user.\n *\n * This function determines if the user has the deviceRegistration\n * scope, indicating that device registration is required.\n *\n * @param user - The user to check.\n * @returns True if device registration is required, false otherwise.\n * @notInstrumented\n * @hook Exposed as a hook so consumers reactively know when this device must be registered, updated when the user changes.\n */\nexport const isDeviceRegistrationRequired = (user: User) =>\n Boolean(user.scope?.includes('device:register'));\n","import { MfaBackupCodeAcknowledgement } from '@dynamic-labs/sdk-api-core';\n\nimport { getDefaultClient } from '../../../client/defaultClient';\nimport { assertDefined } from '../../../utils/assertDefined';\n\n/**\n * Checks if the user is still pending acknowledgment of their MFA recovery codes.\n *\n * This function determines whether the user has been presented with recovery\n * codes that they have not yet acknowledged as saved or backed up.\n *\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns True if recovery codes are pending acknowledgment, false otherwise.\n * @notInstrumented\n * @hook Exposed as a hook so consumers reactively know when recovery codes await acknowledgment, updated when the user changes.\n */\nexport const isPendingRecoveryCodesAcknowledgment = (\n client = getDefaultClient()\n) => {\n const user = client.user;\n\n assertDefined(user, 'User not logged in');\n\n return (\n user.mfaBackupCodeAcknowledgement === MfaBackupCodeAcknowledgement.Pending\n );\n};\n","import { getDefaultClient } from '../../../client/defaultClient';\nimport { assertDefined } from '../../../utils/assertDefined';\nimport { isDeviceRegistrationRequired } from '../../deviceRegistration/isDeviceRegistrationRequired';\nimport { isPendingRecoveryCodesAcknowledgment } from '../../mfa/isPendingRecoveryCodesAcknowledgment';\nimport { isUserMissingMfaAuth } from '../../mfa/isUserMissingMfaAuth';\n\n/**\n * Checks if the user has completed all onboarding requirements.\n *\n * This function verifies whether a user has fulfilled all necessary requirements\n * including KYC fields (Know Your Customer information), MFA setup\n * (Multi-Factor Authentication including recovery codes acknowledgment), and\n * device registration.\n *\n * A `false` result means the user still has an outstanding onboarding step, so\n * any feature that requires a fully onboarded (`user:basic`) user should hold\n * off until it returns `true`. Creating or accessing an embedded (WaaS) wallet\n * is one such feature — its backend calls reject a pre-`user:basic` token — but\n * this predicate is general and not specific to embedded wallets.\n *\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns True if onboarding is complete (no pending requirements), false if there are pending requirements.\n * @notInstrumented\n * @hook Exposed as a hook so consumers reactively know when onboarding is complete, updated when the user changes.\n */\nexport const isUserOnboardingComplete = (client = getDefaultClient()) => {\n const user = client.user;\n\n assertDefined(user, 'User not logged in');\n\n const hasMissingKycFields = Boolean(user.missingFields?.length);\n const hasPendingMfaAuth = isUserMissingMfaAuth(client);\n const hasPendingRecoveryCodes = isPendingRecoveryCodesAcknowledgment(client);\n const hasPendingDeviceRegistration = isDeviceRegistrationRequired(user);\n\n const userOnboardingComplete =\n !hasMissingKycFields &&\n !hasPendingMfaAuth &&\n !hasPendingRecoveryCodes &&\n !hasPendingDeviceRegistration;\n\n return userOnboardingComplete;\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAeA,IAAa,gCAAb,cAAmD,UAAU;CAC3D,cAAc;AACZ,QAAM;GACJ,OAAO;GACP,MAAM;GACN,SAAS;GACT,MAAM;GACN,cACE;GACH,CAAC;;;;;;;;;;;;;;;;ACLN,MAAaA,0BAAwB,WAAgC;CACnE,MAAM,OAAO,QAAQ,OAAO;AAC5B,KAAI;AACF,MAAI,CAAC,qBAAqB,OAAO,CAAE;AAEnC,uBAA2B;GACzB,UAAW,gBAAgB,OAAO,GAAG,WAAW;GAChD,aAAa,KAAK,cAAc,2BAA2B,QACzD,WACA,GACD;GACF,CAAC;UACK,OAAO;AAGd,OAAK,OAAO,KAAK,kCAAkC,MAAM;;;;;;;;;;;;;;;;;ACrB7D,MAAa,gCAAgC,SAC3C,QAAQ,KAAK,OAAO,SAAS,kBAAkB,CAAC;;;;;;;;;;;;;;;ACElD,MAAa,wCACX,SAAS,kBAAkB,KACxB;CACH,MAAM,OAAO,OAAO;AAEpB,eAAc,MAAM,qBAAqB;AAEzC,QACE,KAAK,iCAAiC,6BAA6B;;;;;;;;;;;;;;;;;;;;;;;;ACCvE,MAAa,4BAA4B,SAAS,kBAAkB,KAAK;CACvE,MAAM,OAAO,OAAO;AAEpB,eAAc,MAAM,qBAAqB;CAEzC,MAAM,sBAAsB,QAAQ,KAAK,eAAe,OAAO;CAC/D,MAAM,oBAAoB,qBAAqB,OAAO;CACtD,MAAM,0BAA0B,qCAAqC,OAAO;CAC5E,MAAM,+BAA+B,6BAA6B,KAAK;AAQvE,QALE,CAAC,uBACD,CAAC,qBACD,CAAC,2BACD,CAAC"}
@@ -1,5 +1,5 @@
1
- import { _t as getCore, at as isCookieEnabled, gt as BaseError, l as DEFAULT_WAAS_BASE_API_URL, ot as assertDefined, p as isUserMissingMfaAuth, pt as getDefaultClient } from "./updateAuthFromVerifyResponse-BdokPJ21.esm.js";
2
- import { t as isDynamicWaasEnabled } from "./isDynamicWaasEnabled-DYy0TvLy.esm.js";
1
+ import { _t as BaseError, l as DEFAULT_WAAS_BASE_API_URL, mt as getDefaultClient, ot as isCookieEnabled, p as isUserMissingMfaAuth, st as assertDefined, vt as getCore } from "./updateAuthFromVerifyResponse-wVY_DoiL.native.esm.js";
2
+ import { t as isDynamicWaasEnabled } from "./isDynamicWaasEnabled-BaY09iv6.native.esm.js";
3
3
  import { MfaBackupCodeAcknowledgement } from "@dynamic-labs/sdk-api-core";
4
4
  import { preconnectWaasIframe } from "@dynamic-labs-wallet/browser-wallet-client";
5
5
 
@@ -65,6 +65,7 @@ const preconnectWaasIframe$1 = (client) => {
65
65
  * @param user - The user to check.
66
66
  * @returns True if device registration is required, false otherwise.
67
67
  * @notInstrumented
68
+ * @hook Exposed as a hook so consumers reactively know when this device must be registered, updated when the user changes.
68
69
  */
69
70
  const isDeviceRegistrationRequired = (user) => Boolean(user.scope?.includes("device:register"));
70
71
 
@@ -79,6 +80,7 @@ const isDeviceRegistrationRequired = (user) => Boolean(user.scope?.includes("dev
79
80
  * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.
80
81
  * @returns True if recovery codes are pending acknowledgment, false otherwise.
81
82
  * @notInstrumented
83
+ * @hook Exposed as a hook so consumers reactively know when recovery codes await acknowledgment, updated when the user changes.
82
84
  */
83
85
  const isPendingRecoveryCodesAcknowledgment = (client = getDefaultClient()) => {
84
86
  const user = client.user;
@@ -105,6 +107,7 @@ const isPendingRecoveryCodesAcknowledgment = (client = getDefaultClient()) => {
105
107
  * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.
106
108
  * @returns True if onboarding is complete (no pending requirements), false if there are pending requirements.
107
109
  * @notInstrumented
110
+ * @hook Exposed as a hook so consumers reactively know when onboarding is complete, updated when the user changes.
108
111
  */
109
112
  const isUserOnboardingComplete = (client = getDefaultClient()) => {
110
113
  const user = client.user;
@@ -118,4 +121,4 @@ const isUserOnboardingComplete = (client = getDefaultClient()) => {
118
121
 
119
122
  //#endregion
120
123
  export { WaasOnboardingIncompleteError as a, preconnectWaasIframe$1 as i, isPendingRecoveryCodesAcknowledgment as n, isDeviceRegistrationRequired as r, isUserOnboardingComplete as t };
121
- //# sourceMappingURL=isUserOnboardingComplete-CGz-9Iyw.esm.js.map
124
+ //# sourceMappingURL=isUserOnboardingComplete-C-ioFLRR.native.esm.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"isUserOnboardingComplete-C-ioFLRR.native.esm.js","names":["preconnectWaasIframe"],"sources":["../src/errors/WaasOnboardingIncompleteError.ts","../src/modules/waas/preconnectWaasIframe/preconnectWaasIframe.ts","../src/modules/deviceRegistration/isDeviceRegistrationRequired/isDeviceRegistrationRequired.ts","../src/modules/mfa/isPendingRecoveryCodesAcknowledgment/isPendingRecoveryCodesAcknowledgment.ts","../src/modules/user/isUserOnboardingComplete/isUserOnboardingComplete.ts"],"sourcesContent":["import { BaseError } from './base';\n\n/**\n * Thrown when the embedded (WaaS) wallet client is requested before the user\n * has completed onboarding — i.e. the JWT has not upgraded to `user:basic`\n * because MFA, KYC, recovery-codes acknowledgment, or device registration is\n * still pending.\n *\n * The WaaS iframe's init-time room-cache pre-warm fires `createRooms` using the\n * token captured at client construction (before any per-operation token\n * resync). Building the client during this window lets that pre-warm fire with\n * a pre-`user:basic` token, get a 401, and the iframe's unauthorized handler\n * force-logs-out the user. Throwing here surfaces a clear, recoverable reason\n * instead — wait for onboarding to complete and retry.\n */\nexport class WaasOnboardingIncompleteError extends BaseError {\n constructor() {\n super({\n cause: null,\n code: 'waas_onboarding_incomplete',\n docsUrl: null,\n name: 'WaasOnboardingIncompleteError',\n shortMessage:\n 'Cannot create or access the embedded wallet until onboarding is complete (pending MFA, KYC, recovery-codes acknowledgment, or device registration).',\n });\n }\n}\n","import type { AuthMode } from '@dynamic-labs-wallet/browser-wallet-client';\nimport { preconnectWaasIframe as preconnectWaasIframeOrigin } from '@dynamic-labs-wallet/browser-wallet-client';\n\nimport { getCore } from '../../../client/core/getCore';\nimport type { DynamicClient } from '../../../client/types';\nimport { isCookieEnabled } from '../../projectSettings/isCookieEnabled';\nimport { DEFAULT_WAAS_BASE_API_URL } from '../constants';\nimport { isDynamicWaasEnabled } from '../isDynamicWaasEnabled';\n\n/**\n * Warms the browser's connection (DNS + TCP + TLS) to the embedded-wallet\n * iframe origin so the iframe mounted after authentication completes loads on\n * a hot connection. Called when an auth flow starts (OTP send/verify, social\n * callback). Safe to call repeatedly; no-op on React Native / SSR and when\n * Dynamic WaaS is not enabled.\n *\n * @param client - The Dynamic client instance.\n * @notInstrumented\n */\nexport const preconnectWaasIframe = (client: DynamicClient): void => {\n const core = getCore(client);\n try {\n if (!isDynamicWaasEnabled(client)) return;\n\n preconnectWaasIframeOrigin({\n authMode: (isCookieEnabled(client) ? 'cookie' : 'header') as AuthMode,\n baseApiUrl: (core.apiBaseUrl || DEFAULT_WAAS_BASE_API_URL).replace(\n '/api/v0',\n ''\n ),\n });\n } catch (error) {\n // Best-effort: never break the auth flow (also swallows the assertion\n // from isDynamicWaasEnabled when project settings are not loaded yet).\n core.logger.warn('[preconnectWaasIframe] skipped', error);\n }\n};\n","import type { User } from '../../user/user.types';\n\n/**\n * Checks if device registration is required for the given user.\n *\n * This function determines if the user has the deviceRegistration\n * scope, indicating that device registration is required.\n *\n * @param user - The user to check.\n * @returns True if device registration is required, false otherwise.\n * @notInstrumented\n * @hook Exposed as a hook so consumers reactively know when this device must be registered, updated when the user changes.\n */\nexport const isDeviceRegistrationRequired = (user: User) =>\n Boolean(user.scope?.includes('device:register'));\n","import { MfaBackupCodeAcknowledgement } from '@dynamic-labs/sdk-api-core';\n\nimport { getDefaultClient } from '../../../client/defaultClient';\nimport { assertDefined } from '../../../utils/assertDefined';\n\n/**\n * Checks if the user is still pending acknowledgment of their MFA recovery codes.\n *\n * This function determines whether the user has been presented with recovery\n * codes that they have not yet acknowledged as saved or backed up.\n *\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns True if recovery codes are pending acknowledgment, false otherwise.\n * @notInstrumented\n * @hook Exposed as a hook so consumers reactively know when recovery codes await acknowledgment, updated when the user changes.\n */\nexport const isPendingRecoveryCodesAcknowledgment = (\n client = getDefaultClient()\n) => {\n const user = client.user;\n\n assertDefined(user, 'User not logged in');\n\n return (\n user.mfaBackupCodeAcknowledgement === MfaBackupCodeAcknowledgement.Pending\n );\n};\n","import { getDefaultClient } from '../../../client/defaultClient';\nimport { assertDefined } from '../../../utils/assertDefined';\nimport { isDeviceRegistrationRequired } from '../../deviceRegistration/isDeviceRegistrationRequired';\nimport { isPendingRecoveryCodesAcknowledgment } from '../../mfa/isPendingRecoveryCodesAcknowledgment';\nimport { isUserMissingMfaAuth } from '../../mfa/isUserMissingMfaAuth';\n\n/**\n * Checks if the user has completed all onboarding requirements.\n *\n * This function verifies whether a user has fulfilled all necessary requirements\n * including KYC fields (Know Your Customer information), MFA setup\n * (Multi-Factor Authentication including recovery codes acknowledgment), and\n * device registration.\n *\n * A `false` result means the user still has an outstanding onboarding step, so\n * any feature that requires a fully onboarded (`user:basic`) user should hold\n * off until it returns `true`. Creating or accessing an embedded (WaaS) wallet\n * is one such feature — its backend calls reject a pre-`user:basic` token — but\n * this predicate is general and not specific to embedded wallets.\n *\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns True if onboarding is complete (no pending requirements), false if there are pending requirements.\n * @notInstrumented\n * @hook Exposed as a hook so consumers reactively know when onboarding is complete, updated when the user changes.\n */\nexport const isUserOnboardingComplete = (client = getDefaultClient()) => {\n const user = client.user;\n\n assertDefined(user, 'User not logged in');\n\n const hasMissingKycFields = Boolean(user.missingFields?.length);\n const hasPendingMfaAuth = isUserMissingMfaAuth(client);\n const hasPendingRecoveryCodes = isPendingRecoveryCodesAcknowledgment(client);\n const hasPendingDeviceRegistration = isDeviceRegistrationRequired(user);\n\n const userOnboardingComplete =\n !hasMissingKycFields &&\n !hasPendingMfaAuth &&\n !hasPendingRecoveryCodes &&\n !hasPendingDeviceRegistration;\n\n return userOnboardingComplete;\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAeA,IAAa,gCAAb,cAAmD,UAAU;CAC3D,cAAc;AACZ,QAAM;GACJ,OAAO;GACP,MAAM;GACN,SAAS;GACT,MAAM;GACN,cACE;GACH,CAAC;;;;;;;;;;;;;;;;ACLN,MAAaA,0BAAwB,WAAgC;CACnE,MAAM,OAAO,QAAQ,OAAO;AAC5B,KAAI;AACF,MAAI,CAAC,qBAAqB,OAAO,CAAE;AAEnC,uBAA2B;GACzB,UAAW,gBAAgB,OAAO,GAAG,WAAW;GAChD,aAAa,KAAK,cAAc,2BAA2B,QACzD,WACA,GACD;GACF,CAAC;UACK,OAAO;AAGd,OAAK,OAAO,KAAK,kCAAkC,MAAM;;;;;;;;;;;;;;;;;ACrB7D,MAAa,gCAAgC,SAC3C,QAAQ,KAAK,OAAO,SAAS,kBAAkB,CAAC;;;;;;;;;;;;;;;ACElD,MAAa,wCACX,SAAS,kBAAkB,KACxB;CACH,MAAM,OAAO,OAAO;AAEpB,eAAc,MAAM,qBAAqB;AAEzC,QACE,KAAK,iCAAiC,6BAA6B;;;;;;;;;;;;;;;;;;;;;;;;ACCvE,MAAa,4BAA4B,SAAS,kBAAkB,KAAK;CACvE,MAAM,OAAO,OAAO;AAEpB,eAAc,MAAM,qBAAqB;CAEzC,MAAM,sBAAsB,QAAQ,KAAK,eAAe,OAAO;CAC/D,MAAM,oBAAoB,qBAAqB,OAAO;CACtD,MAAM,0BAA0B,qCAAqC,OAAO;CAC5E,MAAM,+BAA+B,6BAA6B,KAAK;AAQvE,QALE,CAAC,uBACD,CAAC,qBACD,CAAC,2BACD,CAAC"}
@@ -1,6 +1,6 @@
1
- const require_isMfaRequiredForAction = require('./isMfaRequiredForAction-CaNdGc-m.cjs');
2
- const require_updateAuthFromVerifyResponse = require('./updateAuthFromVerifyResponse-CUnvs5Af.cjs');
3
- const require_isDynamicWaasEnabled = require('./isDynamicWaasEnabled-BEn7FcD9.cjs');
1
+ const require_isMfaRequiredForAction = require('./isMfaRequiredForAction-Dghiguch.cjs');
2
+ const require_updateAuthFromVerifyResponse = require('./updateAuthFromVerifyResponse-Deg9em9o.cjs');
3
+ const require_isDynamicWaasEnabled = require('./isDynamicWaasEnabled-BQuXZne_.cjs');
4
4
  let _dynamic_labs_sdk_api_core = require("@dynamic-labs/sdk-api-core");
5
5
  let _dynamic_labs_wallet_browser_wallet_client = require("@dynamic-labs-wallet/browser-wallet-client");
6
6
 
@@ -66,6 +66,7 @@ const preconnectWaasIframe = (client) => {
66
66
  * @param user - The user to check.
67
67
  * @returns True if device registration is required, false otherwise.
68
68
  * @notInstrumented
69
+ * @hook Exposed as a hook so consumers reactively know when this device must be registered, updated when the user changes.
69
70
  */
70
71
  const isDeviceRegistrationRequired = (user) => Boolean(user.scope?.includes("device:register"));
71
72
 
@@ -80,6 +81,7 @@ const isDeviceRegistrationRequired = (user) => Boolean(user.scope?.includes("dev
80
81
  * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.
81
82
  * @returns True if recovery codes are pending acknowledgment, false otherwise.
82
83
  * @notInstrumented
84
+ * @hook Exposed as a hook so consumers reactively know when recovery codes await acknowledgment, updated when the user changes.
83
85
  */
84
86
  const isPendingRecoveryCodesAcknowledgment = (client = require_updateAuthFromVerifyResponse.getDefaultClient()) => {
85
87
  const user = client.user;
@@ -106,6 +108,7 @@ const isPendingRecoveryCodesAcknowledgment = (client = require_updateAuthFromVer
106
108
  * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.
107
109
  * @returns True if onboarding is complete (no pending requirements), false if there are pending requirements.
108
110
  * @notInstrumented
111
+ * @hook Exposed as a hook so consumers reactively know when onboarding is complete, updated when the user changes.
109
112
  */
110
113
  const isUserOnboardingComplete = (client = require_updateAuthFromVerifyResponse.getDefaultClient()) => {
111
114
  const user = client.user;
@@ -148,4 +151,4 @@ Object.defineProperty(exports, 'preconnectWaasIframe', {
148
151
  return preconnectWaasIframe;
149
152
  }
150
153
  });
151
- //# sourceMappingURL=isUserOnboardingComplete-w1IkCC_p.cjs.map
154
+ //# sourceMappingURL=isUserOnboardingComplete-j4b_q9Pf.cjs.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"isUserOnboardingComplete-j4b_q9Pf.cjs","names":["BaseError","getCore","isDynamicWaasEnabled","isCookieEnabled","DEFAULT_WAAS_BASE_API_URL","getDefaultClient","MfaBackupCodeAcknowledgement","getDefaultClient","isUserMissingMfaAuth"],"sources":["../src/errors/WaasOnboardingIncompleteError.ts","../src/modules/waas/preconnectWaasIframe/preconnectWaasIframe.ts","../src/modules/deviceRegistration/isDeviceRegistrationRequired/isDeviceRegistrationRequired.ts","../src/modules/mfa/isPendingRecoveryCodesAcknowledgment/isPendingRecoveryCodesAcknowledgment.ts","../src/modules/user/isUserOnboardingComplete/isUserOnboardingComplete.ts"],"sourcesContent":["import { BaseError } from './base';\n\n/**\n * Thrown when the embedded (WaaS) wallet client is requested before the user\n * has completed onboarding — i.e. the JWT has not upgraded to `user:basic`\n * because MFA, KYC, recovery-codes acknowledgment, or device registration is\n * still pending.\n *\n * The WaaS iframe's init-time room-cache pre-warm fires `createRooms` using the\n * token captured at client construction (before any per-operation token\n * resync). Building the client during this window lets that pre-warm fire with\n * a pre-`user:basic` token, get a 401, and the iframe's unauthorized handler\n * force-logs-out the user. Throwing here surfaces a clear, recoverable reason\n * instead — wait for onboarding to complete and retry.\n */\nexport class WaasOnboardingIncompleteError extends BaseError {\n constructor() {\n super({\n cause: null,\n code: 'waas_onboarding_incomplete',\n docsUrl: null,\n name: 'WaasOnboardingIncompleteError',\n shortMessage:\n 'Cannot create or access the embedded wallet until onboarding is complete (pending MFA, KYC, recovery-codes acknowledgment, or device registration).',\n });\n }\n}\n","import type { AuthMode } from '@dynamic-labs-wallet/browser-wallet-client';\nimport { preconnectWaasIframe as preconnectWaasIframeOrigin } from '@dynamic-labs-wallet/browser-wallet-client';\n\nimport { getCore } from '../../../client/core/getCore';\nimport type { DynamicClient } from '../../../client/types';\nimport { isCookieEnabled } from '../../projectSettings/isCookieEnabled';\nimport { DEFAULT_WAAS_BASE_API_URL } from '../constants';\nimport { isDynamicWaasEnabled } from '../isDynamicWaasEnabled';\n\n/**\n * Warms the browser's connection (DNS + TCP + TLS) to the embedded-wallet\n * iframe origin so the iframe mounted after authentication completes loads on\n * a hot connection. Called when an auth flow starts (OTP send/verify, social\n * callback). Safe to call repeatedly; no-op on React Native / SSR and when\n * Dynamic WaaS is not enabled.\n *\n * @param client - The Dynamic client instance.\n * @notInstrumented\n */\nexport const preconnectWaasIframe = (client: DynamicClient): void => {\n const core = getCore(client);\n try {\n if (!isDynamicWaasEnabled(client)) return;\n\n preconnectWaasIframeOrigin({\n authMode: (isCookieEnabled(client) ? 'cookie' : 'header') as AuthMode,\n baseApiUrl: (core.apiBaseUrl || DEFAULT_WAAS_BASE_API_URL).replace(\n '/api/v0',\n ''\n ),\n });\n } catch (error) {\n // Best-effort: never break the auth flow (also swallows the assertion\n // from isDynamicWaasEnabled when project settings are not loaded yet).\n core.logger.warn('[preconnectWaasIframe] skipped', error);\n }\n};\n","import type { User } from '../../user/user.types';\n\n/**\n * Checks if device registration is required for the given user.\n *\n * This function determines if the user has the deviceRegistration\n * scope, indicating that device registration is required.\n *\n * @param user - The user to check.\n * @returns True if device registration is required, false otherwise.\n * @notInstrumented\n * @hook Exposed as a hook so consumers reactively know when this device must be registered, updated when the user changes.\n */\nexport const isDeviceRegistrationRequired = (user: User) =>\n Boolean(user.scope?.includes('device:register'));\n","import { MfaBackupCodeAcknowledgement } from '@dynamic-labs/sdk-api-core';\n\nimport { getDefaultClient } from '../../../client/defaultClient';\nimport { assertDefined } from '../../../utils/assertDefined';\n\n/**\n * Checks if the user is still pending acknowledgment of their MFA recovery codes.\n *\n * This function determines whether the user has been presented with recovery\n * codes that they have not yet acknowledged as saved or backed up.\n *\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns True if recovery codes are pending acknowledgment, false otherwise.\n * @notInstrumented\n * @hook Exposed as a hook so consumers reactively know when recovery codes await acknowledgment, updated when the user changes.\n */\nexport const isPendingRecoveryCodesAcknowledgment = (\n client = getDefaultClient()\n) => {\n const user = client.user;\n\n assertDefined(user, 'User not logged in');\n\n return (\n user.mfaBackupCodeAcknowledgement === MfaBackupCodeAcknowledgement.Pending\n );\n};\n","import { getDefaultClient } from '../../../client/defaultClient';\nimport { assertDefined } from '../../../utils/assertDefined';\nimport { isDeviceRegistrationRequired } from '../../deviceRegistration/isDeviceRegistrationRequired';\nimport { isPendingRecoveryCodesAcknowledgment } from '../../mfa/isPendingRecoveryCodesAcknowledgment';\nimport { isUserMissingMfaAuth } from '../../mfa/isUserMissingMfaAuth';\n\n/**\n * Checks if the user has completed all onboarding requirements.\n *\n * This function verifies whether a user has fulfilled all necessary requirements\n * including KYC fields (Know Your Customer information), MFA setup\n * (Multi-Factor Authentication including recovery codes acknowledgment), and\n * device registration.\n *\n * A `false` result means the user still has an outstanding onboarding step, so\n * any feature that requires a fully onboarded (`user:basic`) user should hold\n * off until it returns `true`. Creating or accessing an embedded (WaaS) wallet\n * is one such feature — its backend calls reject a pre-`user:basic` token — but\n * this predicate is general and not specific to embedded wallets.\n *\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns True if onboarding is complete (no pending requirements), false if there are pending requirements.\n * @notInstrumented\n * @hook Exposed as a hook so consumers reactively know when onboarding is complete, updated when the user changes.\n */\nexport const isUserOnboardingComplete = (client = getDefaultClient()) => {\n const user = client.user;\n\n assertDefined(user, 'User not logged in');\n\n const hasMissingKycFields = Boolean(user.missingFields?.length);\n const hasPendingMfaAuth = isUserMissingMfaAuth(client);\n const hasPendingRecoveryCodes = isPendingRecoveryCodesAcknowledgment(client);\n const hasPendingDeviceRegistration = isDeviceRegistrationRequired(user);\n\n const userOnboardingComplete =\n !hasMissingKycFields &&\n !hasPendingMfaAuth &&\n !hasPendingRecoveryCodes &&\n !hasPendingDeviceRegistration;\n\n return userOnboardingComplete;\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAeA,IAAa,gCAAb,cAAmDA,+CAAU;CAC3D,cAAc;AACZ,QAAM;GACJ,OAAO;GACP,MAAM;GACN,SAAS;GACT,MAAM;GACN,cACE;GACH,CAAC;;;;;;;;;;;;;;;;ACLN,MAAa,wBAAwB,WAAgC;CACnE,MAAM,OAAOC,6CAAQ,OAAO;AAC5B,KAAI;AACF,MAAI,CAACC,kDAAqB,OAAO,CAAE;AAEnC,uEAA2B;GACzB,UAAWC,qDAAgB,OAAO,GAAG,WAAW;GAChD,aAAa,KAAK,cAAcC,gEAA2B,QACzD,WACA,GACD;GACF,CAAC;UACK,OAAO;AAGd,OAAK,OAAO,KAAK,kCAAkC,MAAM;;;;;;;;;;;;;;;;;ACrB7D,MAAa,gCAAgC,SAC3C,QAAQ,KAAK,OAAO,SAAS,kBAAkB,CAAC;;;;;;;;;;;;;;;ACElD,MAAa,wCACX,SAASC,uDAAkB,KACxB;CACH,MAAM,OAAO,OAAO;AAEpB,oDAAc,MAAM,qBAAqB;AAEzC,QACE,KAAK,iCAAiCC,wDAA6B;;;;;;;;;;;;;;;;;;;;;;;;ACCvE,MAAa,4BAA4B,SAASC,uDAAkB,KAAK;CACvE,MAAM,OAAO,OAAO;AAEpB,oDAAc,MAAM,qBAAqB;CAEzC,MAAM,sBAAsB,QAAQ,KAAK,eAAe,OAAO;CAC/D,MAAM,oBAAoBC,0DAAqB,OAAO;CACtD,MAAM,0BAA0B,qCAAqC,OAAO;CAC5E,MAAM,+BAA+B,6BAA6B,KAAK;AAQvE,QALE,CAAC,uBACD,CAAC,qBACD,CAAC,2BACD,CAAC"}
@@ -1,5 +1,5 @@
1
- import { A as NoWalletProviderFoundError, E as getWalletProviderFromWalletAccount, c as isWaasWalletProvider, d as DYNAMIC_WAAS_METADATA, f as getWalletProviders, gt as BaseError, pt as getDefaultClient } from "./updateAuthFromVerifyResponse-BdokPJ21.esm.js";
2
- import { n as NotWaasWalletAccountError, r as __refreshAuth_wrapped } from "./isDynamicWaasEnabled-DYy0TvLy.esm.js";
1
+ import { A as NoWalletProviderFoundError, E as getWalletProviderFromWalletAccount, _t as BaseError, c as isWaasWalletProvider, d as DYNAMIC_WAAS_METADATA, f as getWalletProviders, mt as getDefaultClient } from "./updateAuthFromVerifyResponse-BQes11vz.esm.js";
2
+ import { n as NotWaasWalletAccountError, r as __refreshAuth_wrapped } from "./isDynamicWaasEnabled-BlVIlXMZ.esm.js";
3
3
 
4
4
  //#region src/errors/NotWaasWalletProviderError.ts
5
5
  var NotWaasWalletProviderError = class extends BaseError {
@@ -62,4 +62,4 @@ const migrateFromFireblocks = async ({ coinTypes, deviceId, expectedAddresses, j
62
62
 
63
63
  //#endregion
64
64
  export { getWaasWalletProviderFromWalletAccount as n, NotWaasWalletProviderError as r, migrateFromFireblocks as t };
65
- //# sourceMappingURL=migrateFromFireblocks-DXs3odF_.esm.js.map
65
+ //# sourceMappingURL=migrateFromFireblocks-D--uqWp5.esm.js.map