@dynamic-labs/sdk-react-core 4.65.0 → 4.67.0

package/src/lib/utils/hooks/useSignEip7702Authorization/useSignEip7702Authorization.js

@@ -0,0 +1,158 @@
+'use client'
+import { __awaiter } from '../../../../../_virtual/_tslib.js';
+import { useCallback } from 'react';
+import { DynamicError } from '@dynamic-labs/utils';
+import '../../../context/DynamicContext/DynamicContext.js';
+import '../../../store/state/loadingAndLifecycle/loadingAndLifecycle.js';
+import '@dynamic-labs/iconic';
+import '@dynamic-labs/wallet-connector-core';
+import 'react/jsx-runtime';
+import '../../../context/ViewContext/ViewContext.js';
+import '../../../shared/logger.js';
+import '@dynamic-labs/wallet-book';
+import '../../constants/colors.js';
+import '../../constants/values.js';
+import '@dynamic-labs/sdk-api-core';
+import '../../../shared/consts/index.js';
+import '../../../events/dynamicEvents.js';
+import '../../../context/CaptchaContext/CaptchaContext.js';
+import '../../../context/ErrorContext/ErrorContext.js';
+import '@dynamic-labs/multi-wallet';
+import 'react-international-phone';
+import '../../../store/state/nonce/nonce.js';
+import '@dynamic-labs-sdk/client/core';
+import '../../../client/client.js';
+import '@dynamic-labs-sdk/client';
+import '../../../config/ApiEndpoint.js';
+import '@dynamic-labs/locale';
+import '../../../store/state/dynamicContextProps/dynamicContextProps.js';
+import '../../../store/state/primaryWalletId/primaryWalletId.js';
+import '../../../store/state/connectedWalletsInfo/connectedWalletsInfo.js';
+import '../../functions/getWaasAddressTypeLabel/getWaasAddressTypeLabel.js';
+import '../../../context/AccessDeniedContext/AccessDeniedContext.js';
+import '../../../context/AccountExistsContext/AccountExistsContext.js';
+import '../../../context/UserWalletsContext/UserWalletsContext.js';
+import '../../../store/state/authMode/authMode.js';
+import '../../../context/VerificationContext/VerificationContext.js';
+import 'react-dom';
+import '../../functions/compareChains/compareChains.js';
+import '../../../views/Passkey/utils/findPrimaryEmbeddedChain/findPrimaryEmbeddedChain.js';
+import '../../../context/ThemeContext/ThemeContext.js';
+import '../useUserUpdateRequest/useUpdateUser/userFieldsSchema.js';
+import 'bs58';
+import '@dynamic-labs/types';
+import '../../../context/SocialRedirectContext/SocialRedirectContext.js';
+import '../../../context/LoadingContext/LoadingContext.js';
+import '../../../context/WalletContext/WalletContext.js';
+import '../useEmbeddedWallet/useSecureEnclaveEmbeddedWallet/constants.js';
+import 'yup';
+import '../../../context/MockContext/MockContext.js';
+import '../../../views/CollectUserDataView/useFields.js';
+import '../../../context/FieldsStateContext/FieldsStateContext.js';
+import '../../../context/UserFieldEditorContext/UserFieldEditorContext.js';
+import '@dynamic-labs/rpc-providers';
+import '../../../store/state/walletOptions/walletOptions.js';
+import 'react-i18next';
+import '../../../components/Accordion/components/AccordionItem/AccordionItem.js';
+import '../../../components/Alert/Alert.js';
+import '../../../components/ShadowDOM/ShadowDOM.js';
+import '../../../components/IconButton/IconButton.js';
+import '../../../components/InlineWidget/InlineWidget.js';
+import '../../../components/Input/Input.js';
+import '../../../components/IsBrowser/IsBrowser.js';
+import '../../../components/MenuList/Dropdown/Dropdown.js';
+import '../../../components/OverlayCard/OverlayCard.js';
+import '../../../components/Transition/ZoomTransition/ZoomTransition.js';
+import '../../../components/Transition/SlideInUpTransition/SlideInUpTransition.js';
+import '../../../components/Transition/OpacityTransition/OpacityTransition.js';
+import '../../../components/PasskeyCreatedSuccessBanner/PasskeyCreatedSuccessBanner.js';
+import '../../../components/Popper/Popper/Popper.js';
+import '../../../components/Popper/PopperContext/PopperContext.js';
+import 'react-focus-lock';
+import 'qrcode';
+import 'formik';
+import '../useSubdomainCheck/useSubdomainCheck.js';
+import '../../../context/WalletGroupContext/WalletGroupContext.js';
+import '../../../widgets/DynamicWidget/context/DynamicWidgetContext.js';
+import '../useWalletBackup/useWalletBackup.js';
+import '../useWalletBackup/types.js';
+import '../useWalletBackup/cloudProviders.js';
+import '../../../context/IpConfigurationContext/IpConfigurationContext.js';
+import '../../../context/ConnectWithOtpContext/ConnectWithOtpContext.js';
+import '../../../widgets/DynamicBridgeWidget/views/WalletsView/components/SecondaryWallets/SecondaryWallets.js';
+import '@hcaptcha/react-hcaptcha';
+import '../../../widgets/DynamicWidget/helpers/convertExchangeKeyAndProviderEnum.js';
+import '../../../views/ExchangeWhitelistWarning/ExchangeWhitelistWarning.js';
+import '../../../context/ErrorContext/hooks/useErrorText/useErrorText.js';
+import '../../../context/FooterAnimationContext/index.js';
+import '../../../views/MfaChooseDeviceView/useGetMfaOptions/useGetMfaOptions.js';
+import '../../../context/PasskeyContext/PasskeyContext.js';
+import '../../../context/OnrampContext/OnrampContext.js';
+import '../../../store/state/sendBalances.js';
+import '../../../store/state/connectorsInitializing/connectorsInitializing.js';
+import '../../../components/OverlayCardBase/OverlayCardTarget/OverlayCardTarget.js';
+import '../../../widgets/DynamicWidget/components/DynamicWidgetHeader/DynamicWidgetHeader.js';
+import '../../../views/TransactionConfirmationView/TransactionConfirmationView.js';
+import '../../../widgets/DynamicWidget/components/PasskeyCard/PasskeyCard.js';
+import '../../../widgets/DynamicWidget/views/CryptoComOnramp/CryptoComOnramp.js';
+import '../../../../index.js';
+import '../../../widgets/DynamicWidget/views/ReceiveWalletFunds/ReceiveWalletFunds.js';
+import '../../../store/state/tokenBalances.js';
+import '../../../store/state/multichainBalances.js';
+import '../../../shared/utils/functions/getInitialUrl/getInitialUrl.js';
+import { useInternalDynamicContext } from '../../../context/DynamicContext/useDynamicContext/useInternalDynamicContext/useInternalDynamicContext.js';
+
+/**
+ * Hook for signing EIP-7702 authorizations for ZeroDev kernel delegation.
+ *
+ * This hook provides a way to sign EIP-7702 authorizations that enable
+ * single-use MFA flows where the authorization signing step is separated
+ * from the transaction execution step.
+ *
+ * The signed authorization can be passed to kernel account client creation
+ * functions like `createEcdsaKernelAccountClientWith7702`.
+ *
+ * @returns An object containing the `signEip7702Authorization` function
+ *
+ * @example
+ * ```tsx
+ * import { useSignEip7702Authorization } from '@dynamic-labs/sdk-react-core';
+ *
+ * function MyComponent() {
+ *   const { signEip7702Authorization } = useSignEip7702Authorization();
+ *
+ *   const handleSign = async () => {
+ *     try {
+ *       const auth = await signEip7702Authorization();
+ *       console.log('Signed authorization:', auth);
+ *       // Use auth with kernel client creation
+ *     } catch (error) {
+ *       console.error('Failed to sign authorization:', error);
+ *     }
+ *   };
+ *
+ *   return <button onClick={handleSign}>Sign Authorization</button>;
+ * }
+ * ```
+ */
+const useSignEip7702Authorization = () => {
+    const { primaryWallet } = useInternalDynamicContext();
+    const signEip7702Auth = useCallback((params) => __awaiter(void 0, void 0, void 0, function* () {
+        var _a;
+        const { wallet: providedWallet, chainId: providedChainId } = params !== null && params !== void 0 ? params : {};
+        // Use provided wallet or fallback to primary wallet
+        const wallet = providedWallet !== null && providedWallet !== void 0 ? providedWallet : primaryWallet;
+        if (!wallet) {
+            throw new DynamicError('No wallet available. Please connect a wallet first.');
+        }
+        if (((_a = wallet.connector) === null || _a === void 0 ? void 0 : _a.key) !== 'zerodev') {
+            throw new DynamicError('The wallet connector must be a ZeroDev connector to sign EIP-7702 authorizations.');
+        }
+        return wallet.connector.signEip7702PreAuth(providedChainId);
+    }), [primaryWallet]);
+    return {
+        signEip7702Authorization: signEip7702Auth,
+    };
+};
+
+export { useSignEip7702Authorization };

package/src/lib/utils/hooks/useStepUpAuthentication/index.d.ts

@@ -1,2 +1,2 @@
 export { useStepUpAuthentication } from './useStepUpAuthentication';
-export type { StepUpAuthenticationState, UseStepUpAuthenticationParams, UseStepUpAuthenticationReturn, VerifyOtpParams, VerifyWalletParams, } from './useStepUpAuthentication';
+export type { IsStepUpRequiredParams, StepUpAuthenticationState, UseStepUpAuthenticationParams, UseStepUpAuthenticationReturn, VerifyOtpParams, VerifyPasskeyMfaParams, VerifyTotpMfaParams, VerifyWalletParams, } from './useStepUpAuthentication';

package/src/lib/utils/hooks/useStepUpAuthentication/useStepUpAuthentication.cjs

@@ -24,12 +24,13 @@ require('@dynamic-labs/multi-wallet');
 require('react-international-phone');
 require('../../../store/state/nonce/nonce.cjs');
 require('@dynamic-labs/locale');
-require('../../../store/state/dynamicContextProps/dynamicContextProps.cjs');
+var dynamicContextProps = require('../../../store/state/dynamicContextProps/dynamicContextProps.cjs');
 require('../../../store/state/primaryWalletId/primaryWalletId.cjs');
 require('../../../store/state/connectedWalletsInfo/connectedWalletsInfo.cjs');
 require('../../functions/getWaasAddressTypeLabel/getWaasAddressTypeLabel.cjs');
 require('../../../events/dynamicEvents.cjs');
 var useUser = require('../../../client/extension/user/useUser/useUser.cjs');
+var hasElevatedAccessToken = require('../../../client/extension/functions/hasElevatedAccessToken/hasElevatedAccessToken.cjs');
 var useConnectAndSign = require('../authenticationHooks/useConnectAndSign/useConnectAndSign.cjs');
 var UserWalletsContext = require('../../../context/UserWalletsContext/UserWalletsContext.cjs');
 
@@ -72,47 +73,55 @@ const dispatchOtp = (credential) => _tslib.__awaiter(void 0, void 0, void 0, fun
         : sendSmsOtp(credential);
 });
 /**
- * Perform step-up authentication for an already-authenticated user via OTP.
+ * Perform step-up authentication for an already-authenticated user.
  *
- * Automatically selects the first sign-in enabled email or SMS credential on
- * the user, or targets a specific credential when `credentialId` is provided.
+ * Supports multiple verification methods:
+ * - **OTP** (email/SMS): `sendOtp()` then `verifyOtp()`
+ * - **Wallet**: `verifyWallet()` for wallet signature verification
+ * - **Passkey MFA**: `verifyPasskeyMfa()` for passkey-based MFA
+ * - **TOTP MFA**: `verifyTotpMfa()` for authenticator app codes
  *
- * @param params.credentialId - Optional id of a specific verified credential to
- *   use. Must be an email or SMS credential. Defaults to the first sign-in
- *   enabled email or SMS credential on the authenticated user.
+ * For OTP and wallet methods, automatically selects the first sign-in enabled
+ * credential, or targets a specific one when `credentialId` is provided.
  *
- * @returns `sendOtp` – sends the OTP to the resolved credential.
- * @returns `verifyOtp` – verifies the OTP code supplied by the user.
- * @returns `state` – current loading / error / otpVerification state.
- * @returns `resetState` – resets state back to its initial value.
+ * @param params.credentialId - Optional id of a specific verified credential or
+ *   wallet to use. For OTP, must be an email or SMS credential. Defaults to the
+ *   first sign-in enabled email or SMS credential on the authenticated user.
  *
  * @example
  * ```tsx
- * const { sendOtp, verifyOtp, state } = useStepUpAuthentication();
- *
- * // Step 1: send OTP
+ * // OTP flow
+ * const { sendOtp, verifyOtp } = useStepUpAuthentication();
  * await sendOtp();
+ * const result = await verifyOtp({ verificationToken: '123456', requestedScopes: ['wallet:export'] });
+ *
+ * // Passkey MFA flow
+ * const { verifyPasskeyMfa } = useStepUpAuthentication();
+ * const result = await verifyPasskeyMfa({ requestedScopes: ['wallet:export'] });
  *
- * // Step 2: after the user enters the code
- * const result = await verifyOtp({ verificationToken: '123456' });
+ * // TOTP MFA flow
+ * const { verifyTotpMfa } = useStepUpAuthentication();
+ * const result = await verifyTotpMfa({ code: '123456', requestedScopes: ['wallet:export'] });
  * ```
  */
 const useStepUpAuthentication = ({ credentialId, } = {}) => {
     const user = useUser.useUser();
+    const environmentId = dynamicContextProps.useEnvironmentId();
     const [state, setState] = React.useState(INITIAL_STATE);
     const connectAndSign = useConnectAndSign.useConnectAndSign();
     const { userWallets } = UserWalletsContext.useInternalUserWallets();
     // Ref keeps the latest otpVerification available inside the verifyOtp
     // callback without creating a stale closure over state.
     const otpVerificationRef = React.useRef(null);
+    const isStepUpRequired = React.useCallback(({ scope }) => !hasElevatedAccessToken.hasElevatedAccessToken(scope), []);
     const resetState = React.useCallback(() => {
         otpVerificationRef.current = null;
         setState(INITIAL_STATE);
     }, []);
     const setError = React.useCallback((errorMessage) => {
         setState((prev) => (Object.assign(Object.assign({}, prev), { error: errorMessage, isLoading: false })));
-        logger.logger.error(errorMessage);
-    }, []);
+        logger.logger.error(errorMessage, { environmentId, userId: user === null || user === void 0 ? void 0 : user.id });
+    }, [environmentId, user === null || user === void 0 ? void 0 : user.id]);
     const sendOtp = React.useCallback(() => _tslib.__awaiter(void 0, void 0, void 0, function* () {
         const credentials = user === null || user === void 0 ? void 0 : user.verifiedCredentials;
         if (!(credentials === null || credentials === void 0 ? void 0 : credentials.length)) {
@@ -138,10 +147,20 @@ const useStepUpAuthentication = ({ credentialId, } = {}) => {
         catch (error) {
             const errorMessage = error instanceof Error ? error.message : 'Failed to send OTP';
             setState((prev) => (Object.assign(Object.assign({}, prev), { error: errorMessage, isLoading: false })));
-            logger.logger.error('Failed to send OTP for step-up authentication', { error });
+            logger.logger.error('Failed to send OTP for step-up authentication', {
+                environmentId,
+                error,
+                userId: user === null || user === void 0 ? void 0 : user.id,
+            });
             return null;
         }
-    }), [credentialId, setError, user === null || user === void 0 ? void 0 : user.verifiedCredentials]);
+    }), [
+        credentialId,
+        environmentId,
+        setError,
+        user === null || user === void 0 ? void 0 : user.id,
+        user === null || user === void 0 ? void 0 : user.verifiedCredentials,
+    ]);
     const verifyOtp = React.useCallback((_a) => _tslib.__awaiter(void 0, [_a], void 0, function* ({ requestedScopes, verificationToken, }) {
         const otpVerification = otpVerificationRef.current;
         if (!otpVerification) {
@@ -162,11 +181,13 @@ const useStepUpAuthentication = ({ credentialId, } = {}) => {
             const errorMessage = error instanceof Error ? error.message : 'Failed to verify OTP';
             setState((prev) => (Object.assign(Object.assign({}, prev), { error: errorMessage, isLoading: false })));
             logger.logger.error('Failed to verify OTP for step-up authentication', {
+                environmentId,
                 error,
+                userId: user === null || user === void 0 ? void 0 : user.id,
             });
             return null;
         }
-    }), [setError]);
+    }), [environmentId, setError, user === null || user === void 0 ? void 0 : user.id]);
     const verifyWallet = React.useCallback((_b) => _tslib.__awaiter(void 0, [_b], void 0, function* ({ requestedScopes }) {
         setState((prev) => (Object.assign(Object.assign({}, prev), { error: null, isLoading: true })));
         const wallet = userWallets.find((w) => w.id === credentialId);
@@ -187,11 +208,69 @@ const useStepUpAuthentication = ({ credentialId, } = {}) => {
                 : 'Failed to verify wallet for step-up authentication';
             setState((prev) => (Object.assign(Object.assign({}, prev), { error: errorMessage, isLoading: false })));
             logger.logger.error('Failed to verify wallet for step-up authentication', {
+                environmentId,
                 error,
+                userId: user === null || user === void 0 ? void 0 : user.id,
+            });
+        }
+    }), [
+        connectAndSign,
+        credentialId,
+        environmentId,
+        setError,
+        user === null || user === void 0 ? void 0 : user.id,
+        userWallets,
+    ]);
+    const verifyPasskeyMfa = React.useCallback((_c) => _tslib.__awaiter(void 0, [_c], void 0, function* ({ requestedScopes, }) {
+        setState((prev) => (Object.assign(Object.assign({}, prev), { error: null, isLoading: true })));
+        try {
+            // requestedScopes is available in @dynamic-labs-sdk/client >= 0.14.0
+            const response = yield client.authenticatePasskeyMFA({
+                requestedScopes,
             });
+            setState((prev) => (Object.assign(Object.assign({}, prev), { error: null, isLoading: false })));
+            return response;
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error
+                ? error.message
+                : 'Failed to authenticate passkey for step-up authentication';
+            setState((prev) => (Object.assign(Object.assign({}, prev), { error: errorMessage, isLoading: false })));
+            logger.logger.error('Failed to authenticate passkey for step-up authentication', { environmentId, error, userId: user === null || user === void 0 ? void 0 : user.id });
+            return null;
+        }
+    }), [environmentId, user === null || user === void 0 ? void 0 : user.id]);
+    const verifyTotpMfa = React.useCallback((_d) => _tslib.__awaiter(void 0, [_d], void 0, function* ({ code, deviceId, requestedScopes, }) {
+        setState((prev) => (Object.assign(Object.assign({}, prev), { error: null, isLoading: true })));
+        try {
+            // requestedScopes is available in @dynamic-labs-sdk/client >= 0.14.0
+            const response = yield client.authenticateTotpMfaDevice({
+                code,
+                deviceId,
+                requestedScopes,
+            });
+            setState((prev) => (Object.assign(Object.assign({}, prev), { error: null, isLoading: false })));
+            return response;
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error
+                ? error.message
+                : 'Failed to authenticate TOTP device for step-up authentication';
+            setState((prev) => (Object.assign(Object.assign({}, prev), { error: errorMessage, isLoading: false })));
+            logger.logger.error('Failed to authenticate TOTP device for step-up authentication', { environmentId, error, userId: user === null || user === void 0 ? void 0 : user.id });
+            return null;
         }
-    }), [connectAndSign, credentialId, setError, userWallets]);
-    return { resetState, sendOtp, state, verifyOtp, verifyWallet };
+    }), [environmentId, user === null || user === void 0 ? void 0 : user.id]);
+    return {
+        isStepUpRequired,
+        resetState,
+        sendOtp,
+        state,
+        verifyOtp,
+        verifyPasskeyMfa,
+        verifyTotpMfa,
+        verifyWallet,
+    };
 };
 
 exports.useStepUpAuthentication = useStepUpAuthentication;

package/src/lib/utils/hooks/useStepUpAuthentication/useStepUpAuthentication.d.ts

@@ -12,40 +12,60 @@ export type VerifyOtpParams = {
 export type VerifyWalletParams = {
     requestedScopes?: TokenScope[];
 };
+export type VerifyPasskeyMfaParams = {
+    requestedScopes?: TokenScope[];
+};
+export type VerifyTotpMfaParams = {
+    code: string;
+    deviceId?: string;
+    requestedScopes?: TokenScope[];
+};
+export type IsStepUpRequiredParams = {
+    scope: TokenScope;
+};
 export type UseStepUpAuthenticationParams = {
     credentialId?: string;
 };
 export type UseStepUpAuthenticationReturn = {
+    isStepUpRequired: (params: IsStepUpRequiredParams) => boolean;
     resetState: () => void;
     sendOtp: () => Promise<OTPVerification | null>;
     state: StepUpAuthenticationState;
     verifyOtp: (params: VerifyOtpParams) => Promise<VerifyResponse | null>;
+    verifyPasskeyMfa: (params: VerifyPasskeyMfaParams) => Promise<VerifyResponse | null>;
+    verifyTotpMfa: (params: VerifyTotpMfaParams) => Promise<VerifyResponse | null>;
     verifyWallet: (params: VerifyWalletParams) => Promise<void>;
 };
 /**
- * Perform step-up authentication for an already-authenticated user via OTP.
+ * Perform step-up authentication for an already-authenticated user.
  *
- * Automatically selects the first sign-in enabled email or SMS credential on
- * the user, or targets a specific credential when `credentialId` is provided.
+ * Supports multiple verification methods:
+ * - **OTP** (email/SMS): `sendOtp()` then `verifyOtp()`
+ * - **Wallet**: `verifyWallet()` for wallet signature verification
+ * - **Passkey MFA**: `verifyPasskeyMfa()` for passkey-based MFA
+ * - **TOTP MFA**: `verifyTotpMfa()` for authenticator app codes
  *
- * @param params.credentialId - Optional id of a specific verified credential to
- *   use. Must be an email or SMS credential. Defaults to the first sign-in
- *   enabled email or SMS credential on the authenticated user.
+ * For OTP and wallet methods, automatically selects the first sign-in enabled
+ * credential, or targets a specific one when `credentialId` is provided.
  *
- * @returns `sendOtp` – sends the OTP to the resolved credential.
- * @returns `verifyOtp` – verifies the OTP code supplied by the user.
- * @returns `state` – current loading / error / otpVerification state.
- * @returns `resetState` – resets state back to its initial value.
+ * @param params.credentialId - Optional id of a specific verified credential or
+ *   wallet to use. For OTP, must be an email or SMS credential. Defaults to the
+ *   first sign-in enabled email or SMS credential on the authenticated user.
  *
  * @example
  * ```tsx
- * const { sendOtp, verifyOtp, state } = useStepUpAuthentication();
- *
- * // Step 1: send OTP
+ * // OTP flow
+ * const { sendOtp, verifyOtp } = useStepUpAuthentication();
  * await sendOtp();
+ * const result = await verifyOtp({ verificationToken: '123456', requestedScopes: ['wallet:export'] });
+ *
+ * // Passkey MFA flow
+ * const { verifyPasskeyMfa } = useStepUpAuthentication();
+ * const result = await verifyPasskeyMfa({ requestedScopes: ['wallet:export'] });
  *
- * // Step 2: after the user enters the code
- * const result = await verifyOtp({ verificationToken: '123456' });
+ * // TOTP MFA flow
+ * const { verifyTotpMfa } = useStepUpAuthentication();
+ * const result = await verifyTotpMfa({ code: '123456', requestedScopes: ['wallet:export'] });
  * ```
  */
 export declare const useStepUpAuthentication: ({ credentialId, }?: UseStepUpAuthenticationParams) => UseStepUpAuthenticationReturn;

package/src/lib/utils/hooks/useStepUpAuthentication/useStepUpAuthentication.js

@@ -1,7 +1,7 @@
 'use client'
 import { __awaiter } from '../../../../../_virtual/_tslib.js';
 import { useState, useRef, useCallback } from 'react';
-import { verifyOTP, sendEmailOTP, supportedCountries, sendSmsOTP } from '@dynamic-labs-sdk/client';
+import { verifyOTP, authenticatePasskeyMFA, authenticateTotpMfaDevice, sendEmailOTP, supportedCountries, sendSmsOTP } from '@dynamic-labs-sdk/client';
 import { JwtVerifiedCredentialFormatEnum } from '@dynamic-labs/sdk-api-core';
 import '@dynamic-labs-sdk/client/core';
 import '../../../client/client.js';
@@ -20,12 +20,13 @@ import '@dynamic-labs/multi-wallet';
 import 'react-international-phone';
 import '../../../store/state/nonce/nonce.js';
 import '@dynamic-labs/locale';
-import '../../../store/state/dynamicContextProps/dynamicContextProps.js';
+import { useEnvironmentId } from '../../../store/state/dynamicContextProps/dynamicContextProps.js';
 import '../../../store/state/primaryWalletId/primaryWalletId.js';
 import '../../../store/state/connectedWalletsInfo/connectedWalletsInfo.js';
 import '../../functions/getWaasAddressTypeLabel/getWaasAddressTypeLabel.js';
 import '../../../events/dynamicEvents.js';
 import { useUser } from '../../../client/extension/user/useUser/useUser.js';
+import { hasElevatedAccessToken } from '../../../client/extension/functions/hasElevatedAccessToken/hasElevatedAccessToken.js';
 import { useConnectAndSign } from '../authenticationHooks/useConnectAndSign/useConnectAndSign.js';
 import { useInternalUserWallets } from '../../../context/UserWalletsContext/UserWalletsContext.js';
 
@@ -68,47 +69,55 @@ const dispatchOtp = (credential) => __awaiter(void 0, void 0, void 0, function*
         : sendSmsOtp(credential);
 });
 /**
- * Perform step-up authentication for an already-authenticated user via OTP.
+ * Perform step-up authentication for an already-authenticated user.
  *
- * Automatically selects the first sign-in enabled email or SMS credential on
- * the user, or targets a specific credential when `credentialId` is provided.
+ * Supports multiple verification methods:
+ * - **OTP** (email/SMS): `sendOtp()` then `verifyOtp()`
+ * - **Wallet**: `verifyWallet()` for wallet signature verification
+ * - **Passkey MFA**: `verifyPasskeyMfa()` for passkey-based MFA
+ * - **TOTP MFA**: `verifyTotpMfa()` for authenticator app codes
  *
- * @param params.credentialId - Optional id of a specific verified credential to
- *   use. Must be an email or SMS credential. Defaults to the first sign-in
- *   enabled email or SMS credential on the authenticated user.
+ * For OTP and wallet methods, automatically selects the first sign-in enabled
+ * credential, or targets a specific one when `credentialId` is provided.
  *
- * @returns `sendOtp` – sends the OTP to the resolved credential.
- * @returns `verifyOtp` – verifies the OTP code supplied by the user.
- * @returns `state` – current loading / error / otpVerification state.
- * @returns `resetState` – resets state back to its initial value.
+ * @param params.credentialId - Optional id of a specific verified credential or
+ *   wallet to use. For OTP, must be an email or SMS credential. Defaults to the
+ *   first sign-in enabled email or SMS credential on the authenticated user.
  *
  * @example
  * ```tsx
- * const { sendOtp, verifyOtp, state } = useStepUpAuthentication();
- *
- * // Step 1: send OTP
+ * // OTP flow
+ * const { sendOtp, verifyOtp } = useStepUpAuthentication();
  * await sendOtp();
+ * const result = await verifyOtp({ verificationToken: '123456', requestedScopes: ['wallet:export'] });
+ *
+ * // Passkey MFA flow
+ * const { verifyPasskeyMfa } = useStepUpAuthentication();
+ * const result = await verifyPasskeyMfa({ requestedScopes: ['wallet:export'] });
  *
- * // Step 2: after the user enters the code
- * const result = await verifyOtp({ verificationToken: '123456' });
+ * // TOTP MFA flow
+ * const { verifyTotpMfa } = useStepUpAuthentication();
+ * const result = await verifyTotpMfa({ code: '123456', requestedScopes: ['wallet:export'] });
  * ```
  */
 const useStepUpAuthentication = ({ credentialId, } = {}) => {
     const user = useUser();
+    const environmentId = useEnvironmentId();
     const [state, setState] = useState(INITIAL_STATE);
     const connectAndSign = useConnectAndSign();
     const { userWallets } = useInternalUserWallets();
     // Ref keeps the latest otpVerification available inside the verifyOtp
     // callback without creating a stale closure over state.
     const otpVerificationRef = useRef(null);
+    const isStepUpRequired = useCallback(({ scope }) => !hasElevatedAccessToken(scope), []);
     const resetState = useCallback(() => {
         otpVerificationRef.current = null;
         setState(INITIAL_STATE);
     }, []);
     const setError = useCallback((errorMessage) => {
         setState((prev) => (Object.assign(Object.assign({}, prev), { error: errorMessage, isLoading: false })));
-        logger.error(errorMessage);
-    }, []);
+        logger.error(errorMessage, { environmentId, userId: user === null || user === void 0 ? void 0 : user.id });
+    }, [environmentId, user === null || user === void 0 ? void 0 : user.id]);
     const sendOtp = useCallback(() => __awaiter(void 0, void 0, void 0, function* () {
         const credentials = user === null || user === void 0 ? void 0 : user.verifiedCredentials;
         if (!(credentials === null || credentials === void 0 ? void 0 : credentials.length)) {
@@ -134,10 +143,20 @@ const useStepUpAuthentication = ({ credentialId, } = {}) => {
         catch (error) {
             const errorMessage = error instanceof Error ? error.message : 'Failed to send OTP';
             setState((prev) => (Object.assign(Object.assign({}, prev), { error: errorMessage, isLoading: false })));
-            logger.error('Failed to send OTP for step-up authentication', { error });
+            logger.error('Failed to send OTP for step-up authentication', {
+                environmentId,
+                error,
+                userId: user === null || user === void 0 ? void 0 : user.id,
+            });
             return null;
         }
-    }), [credentialId, setError, user === null || user === void 0 ? void 0 : user.verifiedCredentials]);
+    }), [
+        credentialId,
+        environmentId,
+        setError,
+        user === null || user === void 0 ? void 0 : user.id,
+        user === null || user === void 0 ? void 0 : user.verifiedCredentials,
+    ]);
     const verifyOtp = useCallback((_a) => __awaiter(void 0, [_a], void 0, function* ({ requestedScopes, verificationToken, }) {
         const otpVerification = otpVerificationRef.current;
         if (!otpVerification) {
@@ -158,11 +177,13 @@ const useStepUpAuthentication = ({ credentialId, } = {}) => {
             const errorMessage = error instanceof Error ? error.message : 'Failed to verify OTP';
             setState((prev) => (Object.assign(Object.assign({}, prev), { error: errorMessage, isLoading: false })));
             logger.error('Failed to verify OTP for step-up authentication', {
+                environmentId,
                 error,
+                userId: user === null || user === void 0 ? void 0 : user.id,
             });
             return null;
         }
-    }), [setError]);
+    }), [environmentId, setError, user === null || user === void 0 ? void 0 : user.id]);
     const verifyWallet = useCallback((_b) => __awaiter(void 0, [_b], void 0, function* ({ requestedScopes }) {
         setState((prev) => (Object.assign(Object.assign({}, prev), { error: null, isLoading: true })));
         const wallet = userWallets.find((w) => w.id === credentialId);
@@ -183,11 +204,69 @@ const useStepUpAuthentication = ({ credentialId, } = {}) => {
                 : 'Failed to verify wallet for step-up authentication';
             setState((prev) => (Object.assign(Object.assign({}, prev), { error: errorMessage, isLoading: false })));
             logger.error('Failed to verify wallet for step-up authentication', {
+                environmentId,
                 error,
+                userId: user === null || user === void 0 ? void 0 : user.id,
+            });
+        }
+    }), [
+        connectAndSign,
+        credentialId,
+        environmentId,
+        setError,
+        user === null || user === void 0 ? void 0 : user.id,
+        userWallets,
+    ]);
+    const verifyPasskeyMfa = useCallback((_c) => __awaiter(void 0, [_c], void 0, function* ({ requestedScopes, }) {
+        setState((prev) => (Object.assign(Object.assign({}, prev), { error: null, isLoading: true })));
+        try {
+            // requestedScopes is available in @dynamic-labs-sdk/client >= 0.14.0
+            const response = yield authenticatePasskeyMFA({
+                requestedScopes,
             });
+            setState((prev) => (Object.assign(Object.assign({}, prev), { error: null, isLoading: false })));
+            return response;
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error
+                ? error.message
+                : 'Failed to authenticate passkey for step-up authentication';
+            setState((prev) => (Object.assign(Object.assign({}, prev), { error: errorMessage, isLoading: false })));
+            logger.error('Failed to authenticate passkey for step-up authentication', { environmentId, error, userId: user === null || user === void 0 ? void 0 : user.id });
+            return null;
+        }
+    }), [environmentId, user === null || user === void 0 ? void 0 : user.id]);
+    const verifyTotpMfa = useCallback((_d) => __awaiter(void 0, [_d], void 0, function* ({ code, deviceId, requestedScopes, }) {
+        setState((prev) => (Object.assign(Object.assign({}, prev), { error: null, isLoading: true })));
+        try {
+            // requestedScopes is available in @dynamic-labs-sdk/client >= 0.14.0
+            const response = yield authenticateTotpMfaDevice({
+                code,
+                deviceId,
+                requestedScopes,
+            });
+            setState((prev) => (Object.assign(Object.assign({}, prev), { error: null, isLoading: false })));
+            return response;
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error
+                ? error.message
+                : 'Failed to authenticate TOTP device for step-up authentication';
+            setState((prev) => (Object.assign(Object.assign({}, prev), { error: errorMessage, isLoading: false })));
+            logger.error('Failed to authenticate TOTP device for step-up authentication', { environmentId, error, userId: user === null || user === void 0 ? void 0 : user.id });
+            return null;
         }
-    }), [connectAndSign, credentialId, setError, userWallets]);
-    return { resetState, sendOtp, state, verifyOtp, verifyWallet };
+    }), [environmentId, user === null || user === void 0 ? void 0 : user.id]);
+    return {
+        isStepUpRequired,
+        resetState,
+        sendOtp,
+        state,
+        verifyOtp,
+        verifyPasskeyMfa,
+        verifyTotpMfa,
+        verifyWallet,
+    };
 };
 
 export { useStepUpAuthentication };