@dynamic-labs/sdk-react-core 4.25.4 → 4.25.6

package/src/lib/utils/hooks/useEmbeddedWalletSessionKeys/useEmbeddedWalletSessionKeys.cjs

@@ -38,27 +38,32 @@ var getPrimaryTurnkeyWalletId = require('../../functions/getPrimaryTurnkeyWallet
 const useEmbeddedWalletSessionKeys = ({ environmentId, projectSettings, }) => {
     const user = useOnboardingCompleteUser.useOnboardingCompleteUserProfile();
     // scenario 1: first time session register on first transaction.
-    // Keys will have been previously generated at this point in local storage but marked as not registered
-    // scenario 2: 2nd time register after expiration (key refresh)
-    // scenario 3: refresh/rerender page - session still active
-    // scenario 4: refresh/rerender page - session no longer active
+    // scenario 2: refresh/rerender page - session still active and registered (keys were previously generated
+    //             but never registered with the backend)
+    // scenario 3: session expired and needs to be refreshed
+    // Helper to get decoded session keys from storage
     const registerEmbeddedWalletSessionKey = (...args_1) => _tslib.__awaiter(void 0, [...args_1], void 0, function* ({ ignoreRestore = false, } = {}) {
+        if (!user) {
+            throw new Error('User not found');
+        }
         // check if session keys are already stored in session storage
-        const sessionKeysSS = utils.StorageService.getItem(localStorage.SECURE_ENCLAVE_WALLET_SESSION_KEYS, localStorage.SECURE_ENCLAVE_WALLET_SESSION_KEYS_STORAGE_OPTIONS);
-        const decodedSessionKeys = sessionKeysSS
-            ? JSON.parse(Buffer.from(sessionKeysSS, 'base64').toString())
-            : undefined;
+        let decodedSessionKeys = getDecodedSessionKeys();
         utils.tracing.logEvent('session-key', 'registerEmbeddedWalletSessionKey', utils.tracing.formatObject({
             hasDecodedSessionKeys: Boolean(decodedSessionKeys),
             publicKey: decodedSessionKeys === null || decodedSessionKeys === void 0 ? void 0 : decodedSessionKeys.publicKey,
         }));
         if (!decodedSessionKeys) {
-            walletConnectorCore.logger.warn('Could not find session keys. Re-authentication is required to create new session keys.');
-            dynamicEvents.dynamicEvents.emit('triggerLogout');
-            throw new Error('Could not find session keys. Re-authentication is required to create new session keys.');
-        }
-        if (!user) {
-            throw new Error('User not found');
+            // We should never be in a situation where we don't have session keys in storage.
+            // But right now we are in a situation where we don't have session keys in storage,
+            // in many situations.
+            // but this is a fallback to ensure that we always have session keys
+            // To note that this would only work if chaining is disabled in the backend
+            // since the original key was registered for chaining, and now we don't have it
+            // it will fail when interacting with the backend if chaining is enabled.
+            // This logic will be removed and reverted back to logging out once we find
+            // the culprit that cause many of these to happen.
+            walletConnectorCore.logger.error('Session keys not found in storage. Generating new session keys.', { userId: user === null || user === void 0 ? void 0 : user.userId });
+            decodedSessionKeys = yield generateSessionKey();
         }
         const isSessionKeyValid = decodedSessionKeys.expirationDate &&
             new Date() <= new Date(decodedSessionKeys.expirationDate) &&
@@ -67,7 +72,7 @@ const useEmbeddedWalletSessionKeys = ({ environmentId, projectSettings, }) => {
             isSessionKeyValid: Boolean(isSessionKeyValid),
         }));
         if (isSessionKeyValid) {
-            // scenario 3
+            // scenario 1 - session is valid and registered
             return decodedSessionKeys;
         }
         utils.tracing.logEvent('session-key', 'decodedSessionKeys', utils.tracing.formatObject({
@@ -79,48 +84,23 @@ const useEmbeddedWalletSessionKeys = ({ environmentId, projectSettings, }) => {
         let privateKeyJwk;
         let prevSessionKeySignature = undefined;
         if (!decodedSessionKeys.registered) {
-            // scenario 1
+            // scenario 2 - session needs to be registered
             ({ publicKey, privateKey, privateKeyJwk } = decodedSessionKeys);
         }
         else {
-            // scenario 2 and 4
-            const { publicKey: nextPublicKey, privateKey: nextPrivateKey, privateKeyJwk: nextPrivateKeyJwk, } = yield generateSessionKey();
-            publicKey = nextPublicKey;
-            privateKey = nextPrivateKey;
-            privateKeyJwk = nextPrivateKeyJwk;
+            // scenario 3 - session expired singing with the old key and generating a new one
             prevSessionKeySignature = yield keyService.p256Sign(decodedSessionKeys.privateKeyJwk, user.sessionId);
-            utils.tracing.logEvent('session-key', 'Loaded prevSessionKeySignature', utils.tracing.formatObject({ nextPublicKey, prevSessionKeySignature }));
-        }
-        let resp;
-        const primaryWalletId$1 = primaryWalletId.getPrimaryWalletId();
-        if (!primaryWalletId$1) {
-            throw new Error('Primary wallet ID not found');
-        }
-        const turnkeyWalletId = getPrimaryTurnkeyWalletId.getPrimaryTurnkeyWalletId(primaryWalletId$1, user.verifiedCredentials);
-        try {
-            resp = yield embeddedWallets.registerSessionKey({
-                environmentId,
-                prevSessionKeySignature,
-                publicKey,
-                walletId: turnkeyWalletId,
-            });
-        }
-        catch (error) {
-            if (error instanceof utils.InvalidEmbeddedWalletSessionKeyError) {
-                // this can happen if the public key passed during initial registration
-                // does not match the root session public key that the backend expects
-                walletConnectorCore.logger.warn('Invalid embedded wallet session key. Re-authentication is required to create new session keys.');
-                dynamicEvents.dynamicEvents.emit('triggerLogout');
-            }
-            throw error;
+            ({ publicKey, privateKey, privateKeyJwk } = yield generateSessionKey());
+            utils.tracing.logEvent('session-key', 'Loaded prevSessionKeySignature', utils.tracing.formatObject({ prevSessionKeySignature, publicKey }));
         }
-        const expirationDate = new Date(resp.expiresAt * 1000);
-        utils.tracing.logEvent('session-key', 'Created new session key', utils.tracing.formatObject({
-            expirationDate,
+        return registerHelper({
+            environmentId,
+            prevSessionKeySignature,
+            privateKey,
+            privateKeyJwk,
             publicKey,
-        }));
-        utils.StorageService.setItem(localStorage.SECURE_ENCLAVE_WALLET_SESSION_KEYS, keyService.toEncodedFormat(publicKey, privateKey, privateKeyJwk, true, expirationDate), localStorage.SECURE_ENCLAVE_WALLET_SESSION_KEYS_STORAGE_OPTIONS);
-        return { expirationDate, privateKey, publicKey };
+            user,
+        });
     });
     const generateSessionKey = () => _tslib.__awaiter(void 0, void 0, void 0, function* () {
         const { private: privateKey, public: publicKey, privateJwk, } = yield keyService.p256Keygen();
@@ -129,13 +109,15 @@ const useEmbeddedWalletSessionKeys = ({ environmentId, projectSettings, }) => {
             publicKey,
         }));
         utils.StorageService.setItem(localStorage.SECURE_ENCLAVE_WALLET_SESSION_KEYS, keyService.toEncodedFormat(publicKey, privateKey, privateJwk, false), localStorage.SECURE_ENCLAVE_WALLET_SESSION_KEYS_STORAGE_OPTIONS);
-        return { privateKey, privateKeyJwk: privateJwk, publicKey };
+        return {
+            privateKey,
+            privateKeyJwk: privateJwk,
+            publicKey,
+            registered: false,
+        };
     });
     const getSessionPublicKey = () => {
-        const sessionKeysSS = utils.StorageService.getItem(localStorage.SECURE_ENCLAVE_WALLET_SESSION_KEYS, localStorage.SECURE_ENCLAVE_WALLET_SESSION_KEYS_STORAGE_OPTIONS);
-        const decodedSessionKeys = sessionKeysSS
-            ? JSON.parse(Buffer.from(sessionKeysSS, 'base64').toString())
-            : undefined;
+        const decodedSessionKeys = getDecodedSessionKeys();
         if (!(decodedSessionKeys === null || decodedSessionKeys === void 0 ? void 0 : decodedSessionKeys.publicKey)) {
             utils.tracing.logEvent('session-key', 'getSessionPublicKey', 'Could not find session keys.');
             throw new Error('Could not find session keys.');
@@ -154,10 +136,7 @@ const useEmbeddedWalletSessionKeys = ({ environmentId, projectSettings, }) => {
         if (!sessionId) {
             throw new Error('Session ID not found');
         }
-        const sessionKeysSS = utils.StorageService.getItem(localStorage.SECURE_ENCLAVE_WALLET_SESSION_KEYS, localStorage.SECURE_ENCLAVE_WALLET_SESSION_KEYS_STORAGE_OPTIONS);
-        const decodedSessionKeys = sessionKeysSS
-            ? JSON.parse(Buffer.from(sessionKeysSS, 'base64').toString())
-            : undefined;
+        const decodedSessionKeys = getDecodedSessionKeys();
         if (!(decodedSessionKeys === null || decodedSessionKeys === void 0 ? void 0 : decodedSessionKeys.privateKeyJwk)) {
             throw new Error('Private key JWK not found');
         }
@@ -168,6 +147,47 @@ const useEmbeddedWalletSessionKeys = ({ environmentId, projectSettings, }) => {
         utils.tracing.logEvent('session-key', 'removeSessionKey');
         utils.StorageService.removeItem(localStorage.SECURE_ENCLAVE_WALLET_SESSION_KEYS, localStorage.SECURE_ENCLAVE_WALLET_SESSION_KEYS_STORAGE_OPTIONS);
     }, []);
+    /////////////////////
+    // Helper Methods ///
+    /////////////////////
+    const registerHelper = (_a) => _tslib.__awaiter(void 0, [_a], void 0, function* ({ environmentId, prevSessionKeySignature, publicKey, privateKey, privateKeyJwk, user, }) {
+        let resp;
+        const primaryWalletId$1 = primaryWalletId.getPrimaryWalletId();
+        if (!primaryWalletId$1) {
+            throw new Error('Primary wallet ID not found');
+        }
+        const turnkeyWalletId = getPrimaryTurnkeyWalletId.getPrimaryTurnkeyWalletId(primaryWalletId$1, user.verifiedCredentials);
+        try {
+            resp = yield embeddedWallets.registerSessionKey({
+                environmentId,
+                prevSessionKeySignature,
+                publicKey,
+                walletId: turnkeyWalletId,
+            });
+        }
+        catch (error) {
+            if (error instanceof utils.InvalidEmbeddedWalletSessionKeyError) {
+                // this can happen if the public key passed during initial registration
+                // does not match the root session public key that the backend expects
+                walletConnectorCore.logger.warn('Invalid embedded wallet session key. Re-authentication is required to create new session keys.');
+                dynamicEvents.dynamicEvents.emit('triggerLogout');
+            }
+            throw error;
+        }
+        const expirationDate = new Date(resp.expiresAt * 1000);
+        utils.tracing.logEvent('session-key', 'Created new session key', utils.tracing.formatObject({
+            expirationDate,
+            publicKey,
+        }));
+        utils.StorageService.setItem(localStorage.SECURE_ENCLAVE_WALLET_SESSION_KEYS, keyService.toEncodedFormat(publicKey, privateKey, privateKeyJwk, true, expirationDate), localStorage.SECURE_ENCLAVE_WALLET_SESSION_KEYS_STORAGE_OPTIONS);
+        return { expirationDate, privateKey, publicKey };
+    });
+    const getDecodedSessionKeys = () => {
+        const sessionKeysSS = utils.StorageService.getItem(localStorage.SECURE_ENCLAVE_WALLET_SESSION_KEYS, localStorage.SECURE_ENCLAVE_WALLET_SESSION_KEYS_STORAGE_OPTIONS);
+        return sessionKeysSS
+            ? JSON.parse(Buffer.from(sessionKeysSS, 'base64').toString())
+            : undefined;
+    };
     return {
         generateSessionKey,
         getSessionPublicKey,

package/src/lib/utils/hooks/useEmbeddedWalletSessionKeys/useEmbeddedWalletSessionKeys.d.ts

@@ -10,11 +10,7 @@ export declare const useEmbeddedWalletSessionKeys: ({ environmentId, projectSett
     environmentId: string;
     projectSettings?: ProjectSettings;
 }) => {
-    generateSessionKey: () => Promise<{
-        privateKey: string;
-        privateKeyJwk: JsonWebKey;
-        publicKey: string;
-    }>;
+    generateSessionKey: () => Promise<SessionKey>;
     getSessionPublicKey: () => string;
     getSignedSessionId: () => Promise<string>;
     registerEmbeddedWalletSessionKey: ({ ignoreRestore, }?: {

package/src/lib/utils/hooks/useEmbeddedWalletSessionKeys/useEmbeddedWalletSessionKeys.js

@@ -26,7 +26,7 @@ import '../../../locale/locale.js';
 import '../../../store/state/dynamicContextProps/dynamicContextProps.js';
 import { getPrimaryWalletId } from '../../../store/state/primaryWalletId/primaryWalletId.js';
 import '../../../store/state/connectedWalletsInfo/connectedWalletsInfo.js';
-import { p256Sign, toEncodedFormat, p256Keygen } from '../../functions/keyService/keyService.js';
+import { p256Sign, p256Keygen, toEncodedFormat } from '../../functions/keyService/keyService.js';
 import { dynamicEvents } from '../../../events/dynamicEvents.js';
 import { useOnboardingCompleteUserProfile } from '../../../client/extension/user/useOnboardingCompleteUser/useOnboardingCompleteUser.js';
 import { getPrimaryTurnkeyWalletId } from '../../functions/getPrimaryTurnkeyWalletId/getPrimaryTurnkeyWalletId.js';
@@ -34,27 +34,32 @@ import { getPrimaryTurnkeyWalletId } from '../../functions/getPrimaryTurnkeyWall
 const useEmbeddedWalletSessionKeys = ({ environmentId, projectSettings, }) => {
     const user = useOnboardingCompleteUserProfile();
     // scenario 1: first time session register on first transaction.
-    // Keys will have been previously generated at this point in local storage but marked as not registered
-    // scenario 2: 2nd time register after expiration (key refresh)
-    // scenario 3: refresh/rerender page - session still active
-    // scenario 4: refresh/rerender page - session no longer active
+    // scenario 2: refresh/rerender page - session still active and registered (keys were previously generated
+    //             but never registered with the backend)
+    // scenario 3: session expired and needs to be refreshed
+    // Helper to get decoded session keys from storage
     const registerEmbeddedWalletSessionKey = (...args_1) => __awaiter(void 0, [...args_1], void 0, function* ({ ignoreRestore = false, } = {}) {
+        if (!user) {
+            throw new Error('User not found');
+        }
         // check if session keys are already stored in session storage
-        const sessionKeysSS = StorageService.getItem(SECURE_ENCLAVE_WALLET_SESSION_KEYS, SECURE_ENCLAVE_WALLET_SESSION_KEYS_STORAGE_OPTIONS);
-        const decodedSessionKeys = sessionKeysSS
-            ? JSON.parse(Buffer.from(sessionKeysSS, 'base64').toString())
-            : undefined;
+        let decodedSessionKeys = getDecodedSessionKeys();
         tracing.logEvent('session-key', 'registerEmbeddedWalletSessionKey', tracing.formatObject({
             hasDecodedSessionKeys: Boolean(decodedSessionKeys),
             publicKey: decodedSessionKeys === null || decodedSessionKeys === void 0 ? void 0 : decodedSessionKeys.publicKey,
         }));
         if (!decodedSessionKeys) {
-            logger.warn('Could not find session keys. Re-authentication is required to create new session keys.');
-            dynamicEvents.emit('triggerLogout');
-            throw new Error('Could not find session keys. Re-authentication is required to create new session keys.');
-        }
-        if (!user) {
-            throw new Error('User not found');
+            // We should never be in a situation where we don't have session keys in storage.
+            // But right now we are in a situation where we don't have session keys in storage,
+            // in many situations.
+            // but this is a fallback to ensure that we always have session keys
+            // To note that this would only work if chaining is disabled in the backend
+            // since the original key was registered for chaining, and now we don't have it
+            // it will fail when interacting with the backend if chaining is enabled.
+            // This logic will be removed and reverted back to logging out once we find
+            // the culprit that cause many of these to happen.
+            logger.error('Session keys not found in storage. Generating new session keys.', { userId: user === null || user === void 0 ? void 0 : user.userId });
+            decodedSessionKeys = yield generateSessionKey();
         }
         const isSessionKeyValid = decodedSessionKeys.expirationDate &&
             new Date() <= new Date(decodedSessionKeys.expirationDate) &&
@@ -63,7 +68,7 @@ const useEmbeddedWalletSessionKeys = ({ environmentId, projectSettings, }) => {
             isSessionKeyValid: Boolean(isSessionKeyValid),
         }));
         if (isSessionKeyValid) {
-            // scenario 3
+            // scenario 1 - session is valid and registered
             return decodedSessionKeys;
         }
         tracing.logEvent('session-key', 'decodedSessionKeys', tracing.formatObject({
@@ -75,48 +80,23 @@ const useEmbeddedWalletSessionKeys = ({ environmentId, projectSettings, }) => {
         let privateKeyJwk;
         let prevSessionKeySignature = undefined;
         if (!decodedSessionKeys.registered) {
-            // scenario 1
+            // scenario 2 - session needs to be registered
             ({ publicKey, privateKey, privateKeyJwk } = decodedSessionKeys);
         }
         else {
-            // scenario 2 and 4
-            const { publicKey: nextPublicKey, privateKey: nextPrivateKey, privateKeyJwk: nextPrivateKeyJwk, } = yield generateSessionKey();
-            publicKey = nextPublicKey;
-            privateKey = nextPrivateKey;
-            privateKeyJwk = nextPrivateKeyJwk;
+            // scenario 3 - session expired singing with the old key and generating a new one
             prevSessionKeySignature = yield p256Sign(decodedSessionKeys.privateKeyJwk, user.sessionId);
-            tracing.logEvent('session-key', 'Loaded prevSessionKeySignature', tracing.formatObject({ nextPublicKey, prevSessionKeySignature }));
-        }
-        let resp;
-        const primaryWalletId = getPrimaryWalletId();
-        if (!primaryWalletId) {
-            throw new Error('Primary wallet ID not found');
-        }
-        const turnkeyWalletId = getPrimaryTurnkeyWalletId(primaryWalletId, user.verifiedCredentials);
-        try {
-            resp = yield registerSessionKey({
-                environmentId,
-                prevSessionKeySignature,
-                publicKey,
-                walletId: turnkeyWalletId,
-            });
-        }
-        catch (error) {
-            if (error instanceof InvalidEmbeddedWalletSessionKeyError) {
-                // this can happen if the public key passed during initial registration
-                // does not match the root session public key that the backend expects
-                logger.warn('Invalid embedded wallet session key. Re-authentication is required to create new session keys.');
-                dynamicEvents.emit('triggerLogout');
-            }
-            throw error;
+            ({ publicKey, privateKey, privateKeyJwk } = yield generateSessionKey());
+            tracing.logEvent('session-key', 'Loaded prevSessionKeySignature', tracing.formatObject({ prevSessionKeySignature, publicKey }));
         }
-        const expirationDate = new Date(resp.expiresAt * 1000);
-        tracing.logEvent('session-key', 'Created new session key', tracing.formatObject({
-            expirationDate,
+        return registerHelper({
+            environmentId,
+            prevSessionKeySignature,
+            privateKey,
+            privateKeyJwk,
             publicKey,
-        }));
-        StorageService.setItem(SECURE_ENCLAVE_WALLET_SESSION_KEYS, toEncodedFormat(publicKey, privateKey, privateKeyJwk, true, expirationDate), SECURE_ENCLAVE_WALLET_SESSION_KEYS_STORAGE_OPTIONS);
-        return { expirationDate, privateKey, publicKey };
+            user,
+        });
     });
     const generateSessionKey = () => __awaiter(void 0, void 0, void 0, function* () {
         const { private: privateKey, public: publicKey, privateJwk, } = yield p256Keygen();
@@ -125,13 +105,15 @@ const useEmbeddedWalletSessionKeys = ({ environmentId, projectSettings, }) => {
             publicKey,
         }));
         StorageService.setItem(SECURE_ENCLAVE_WALLET_SESSION_KEYS, toEncodedFormat(publicKey, privateKey, privateJwk, false), SECURE_ENCLAVE_WALLET_SESSION_KEYS_STORAGE_OPTIONS);
-        return { privateKey, privateKeyJwk: privateJwk, publicKey };
+        return {
+            privateKey,
+            privateKeyJwk: privateJwk,
+            publicKey,
+            registered: false,
+        };
     });
     const getSessionPublicKey = () => {
-        const sessionKeysSS = StorageService.getItem(SECURE_ENCLAVE_WALLET_SESSION_KEYS, SECURE_ENCLAVE_WALLET_SESSION_KEYS_STORAGE_OPTIONS);
-        const decodedSessionKeys = sessionKeysSS
-            ? JSON.parse(Buffer.from(sessionKeysSS, 'base64').toString())
-            : undefined;
+        const decodedSessionKeys = getDecodedSessionKeys();
         if (!(decodedSessionKeys === null || decodedSessionKeys === void 0 ? void 0 : decodedSessionKeys.publicKey)) {
             tracing.logEvent('session-key', 'getSessionPublicKey', 'Could not find session keys.');
             throw new Error('Could not find session keys.');
@@ -150,10 +132,7 @@ const useEmbeddedWalletSessionKeys = ({ environmentId, projectSettings, }) => {
         if (!sessionId) {
             throw new Error('Session ID not found');
         }
-        const sessionKeysSS = StorageService.getItem(SECURE_ENCLAVE_WALLET_SESSION_KEYS, SECURE_ENCLAVE_WALLET_SESSION_KEYS_STORAGE_OPTIONS);
-        const decodedSessionKeys = sessionKeysSS
-            ? JSON.parse(Buffer.from(sessionKeysSS, 'base64').toString())
-            : undefined;
+        const decodedSessionKeys = getDecodedSessionKeys();
         if (!(decodedSessionKeys === null || decodedSessionKeys === void 0 ? void 0 : decodedSessionKeys.privateKeyJwk)) {
             throw new Error('Private key JWK not found');
         }
@@ -164,6 +143,47 @@ const useEmbeddedWalletSessionKeys = ({ environmentId, projectSettings, }) => {
         tracing.logEvent('session-key', 'removeSessionKey');
         StorageService.removeItem(SECURE_ENCLAVE_WALLET_SESSION_KEYS, SECURE_ENCLAVE_WALLET_SESSION_KEYS_STORAGE_OPTIONS);
     }, []);
+    /////////////////////
+    // Helper Methods ///
+    /////////////////////
+    const registerHelper = (_a) => __awaiter(void 0, [_a], void 0, function* ({ environmentId, prevSessionKeySignature, publicKey, privateKey, privateKeyJwk, user, }) {
+        let resp;
+        const primaryWalletId = getPrimaryWalletId();
+        if (!primaryWalletId) {
+            throw new Error('Primary wallet ID not found');
+        }
+        const turnkeyWalletId = getPrimaryTurnkeyWalletId(primaryWalletId, user.verifiedCredentials);
+        try {
+            resp = yield registerSessionKey({
+                environmentId,
+                prevSessionKeySignature,
+                publicKey,
+                walletId: turnkeyWalletId,
+            });
+        }
+        catch (error) {
+            if (error instanceof InvalidEmbeddedWalletSessionKeyError) {
+                // this can happen if the public key passed during initial registration
+                // does not match the root session public key that the backend expects
+                logger.warn('Invalid embedded wallet session key. Re-authentication is required to create new session keys.');
+                dynamicEvents.emit('triggerLogout');
+            }
+            throw error;
+        }
+        const expirationDate = new Date(resp.expiresAt * 1000);
+        tracing.logEvent('session-key', 'Created new session key', tracing.formatObject({
+            expirationDate,
+            publicKey,
+        }));
+        StorageService.setItem(SECURE_ENCLAVE_WALLET_SESSION_KEYS, toEncodedFormat(publicKey, privateKey, privateKeyJwk, true, expirationDate), SECURE_ENCLAVE_WALLET_SESSION_KEYS_STORAGE_OPTIONS);
+        return { expirationDate, privateKey, publicKey };
+    });
+    const getDecodedSessionKeys = () => {
+        const sessionKeysSS = StorageService.getItem(SECURE_ENCLAVE_WALLET_SESSION_KEYS, SECURE_ENCLAVE_WALLET_SESSION_KEYS_STORAGE_OPTIONS);
+        return sessionKeysSS
+            ? JSON.parse(Buffer.from(sessionKeysSS, 'base64').toString())
+            : undefined;
+    };
     return {
         generateSessionKey,
         getSessionPublicKey,

package/src/lib/utils/hooks/useGetMfaToken/index.d.ts

@@ -0,0 +1 @@
+export { useGetMfaToken } from './useGetMfaToken';

package/src/lib/utils/hooks/useGetMfaToken/useGetMfaToken.cjs

@@ -0,0 +1,68 @@
+'use client'
+'use strict';
+
+Object.defineProperty(exports, '__esModule', { value: true });
+
+var _tslib = require('../../../../../_virtual/_tslib.cjs');
+var React = require('react');
+var client$1 = require('@dynamic-labs-sdk/client');
+var utils = require('@dynamic-labs/utils');
+var client = require('../../../client/client.cjs');
+require('@dynamic-labs/sdk-api-core');
+var logger = require('../../../shared/logger.cjs');
+require('@dynamic-labs/iconic');
+require('@dynamic-labs/wallet-connector-core');
+require('react/jsx-runtime');
+require('../../../context/ViewContext/ViewContext.cjs');
+require('@dynamic-labs/wallet-book');
+require('../../constants/colors.cjs');
+require('../../constants/values.cjs');
+require('../../../shared/consts/index.cjs');
+var projectSettings = require('../../../store/state/projectSettings/projectSettings.cjs');
+
+/**
+ * Get MFA token
+ *
+ * @returns Function to get MFA token
+ *
+ * @example
+ * ```tsx
+ * const App = () => {
+ *   const getMfaToken = useGetMfaToken();
+ *
+ *   return (
+ *     <button
+ *       onClick={() => getMfaToken({ mfaAction: MFAAction.UpdateUser })}
+ *     >
+ *       Get MFA token
+ *     </button>
+ *  );
+ * }
+ */
+const useGetMfaToken = () => {
+    const client$2 = client.useDynamicClient();
+    return React.useCallback((...args_1) => _tslib.__awaiter(void 0, [...args_1], void 0, function* ({ mfaAction } = {}) {
+        var _a, _b, _c;
+        const projectSettings$1 = projectSettings.getProjectSettings();
+        const isMfaRequiredForAction = (_c = (_b = (_a = projectSettings$1 === null || projectSettings$1 === void 0 ? void 0 : projectSettings$1.security) === null || _a === void 0 ? void 0 : _a.mfa) === null || _b === void 0 ? void 0 : _b.actions) === null || _c === void 0 ? void 0 : _c.some((action) => action.action === mfaAction && action.required);
+        if (mfaAction && !isMfaRequiredForAction) {
+            // if mfa token is not required, return undefined
+            return;
+        }
+        try {
+            const mfaToken = client$1.consumeMfaToken(client$2);
+            return mfaToken;
+        }
+        catch (error) {
+            if (!mfaAction) {
+                logger.logger.warn('No MFA token found', error);
+                return;
+            }
+            const errorMessage = `MFA Token required for this action: ${mfaAction}`;
+            logger.logger.error(errorMessage, error);
+            throw new utils.DynamicError(errorMessage);
+        }
+    }), [client$2]);
+};
+
+exports.useGetMfaToken = useGetMfaToken;

package/src/lib/utils/hooks/useGetMfaToken/useGetMfaToken.d.ts

@@ -0,0 +1,26 @@
+import { MFAAction } from '@dynamic-labs/sdk-api-core';
+type UseGetMfaTokenProps = {
+    mfaAction?: MFAAction;
+};
+type UseGetMfaToken = (props?: UseGetMfaTokenProps) => Promise<string | undefined>;
+/**
+ * Get MFA token
+ *
+ * @returns Function to get MFA token
+ *
+ * @example
+ * ```tsx
+ * const App = () => {
+ *   const getMfaToken = useGetMfaToken();
+ *
+ *   return (
+ *     <button
+ *       onClick={() => getMfaToken({ mfaAction: MFAAction.UpdateUser })}
+ *     >
+ *       Get MFA token
+ *     </button>
+ *  );
+ * }
+ */
+export declare const useGetMfaToken: () => UseGetMfaToken;
+export {};

package/src/lib/utils/hooks/useGetMfaToken/useGetMfaToken.js

@@ -0,0 +1,64 @@
+'use client'
+import { __awaiter } from '../../../../../_virtual/_tslib.js';
+import { useCallback } from 'react';
+import { consumeMfaToken } from '@dynamic-labs-sdk/client';
+import { DynamicError } from '@dynamic-labs/utils';
+import { useDynamicClient } from '../../../client/client.js';
+import '@dynamic-labs/sdk-api-core';
+import { logger } from '../../../shared/logger.js';
+import '@dynamic-labs/iconic';
+import '@dynamic-labs/wallet-connector-core';
+import 'react/jsx-runtime';
+import '../../../context/ViewContext/ViewContext.js';
+import '@dynamic-labs/wallet-book';
+import '../../constants/colors.js';
+import '../../constants/values.js';
+import '../../../shared/consts/index.js';
+import { getProjectSettings } from '../../../store/state/projectSettings/projectSettings.js';
+
+/**
+ * Get MFA token
+ *
+ * @returns Function to get MFA token
+ *
+ * @example
+ * ```tsx
+ * const App = () => {
+ *   const getMfaToken = useGetMfaToken();
+ *
+ *   return (
+ *     <button
+ *       onClick={() => getMfaToken({ mfaAction: MFAAction.UpdateUser })}
+ *     >
+ *       Get MFA token
+ *     </button>
+ *  );
+ * }
+ */
+const useGetMfaToken = () => {
+    const client = useDynamicClient();
+    return useCallback((...args_1) => __awaiter(void 0, [...args_1], void 0, function* ({ mfaAction } = {}) {
+        var _a, _b, _c;
+        const projectSettings = getProjectSettings();
+        const isMfaRequiredForAction = (_c = (_b = (_a = projectSettings === null || projectSettings === void 0 ? void 0 : projectSettings.security) === null || _a === void 0 ? void 0 : _a.mfa) === null || _b === void 0 ? void 0 : _b.actions) === null || _c === void 0 ? void 0 : _c.some((action) => action.action === mfaAction && action.required);
+        if (mfaAction && !isMfaRequiredForAction) {
+            // if mfa token is not required, return undefined
+            return;
+        }
+        try {
+            const mfaToken = consumeMfaToken(client);
+            return mfaToken;
+        }
+        catch (error) {
+            if (!mfaAction) {
+                logger.warn('No MFA token found', error);
+                return;
+            }
+            const errorMessage = `MFA Token required for this action: ${mfaAction}`;
+            logger.error(errorMessage, error);
+            throw new DynamicError(errorMessage);
+        }
+    }), [client]);
+};
+
+export { useGetMfaToken };