@dynamic-labs/sdk-react-core 4.78.1 → 4.79.0

package/CHANGELOG.md

@@ -1,4 +1,16 @@
 
+## [4.79.0](https://github.com/dynamic-labs/dynamic-auth/compare/v4.78.1...v4.79.0) (2026-04-30)
+
+
+### Features
+
+* **sdk-react-core:** two-layer Google Drive backup access defense [DYNT-754] ([#11069](https://github.com/dynamic-labs/dynamic-auth/issues/11069)) ([1ff8b83](https://github.com/dynamic-labs/dynamic-auth/commit/1ff8b83f9c7ba077c586513a250f6aed114e4b07))
+
+
+### Bug Fixes
+
+* **solana-core,sui-core:** prevent RangeError on send balance ([#11071](https://github.com/dynamic-labs/dynamic-auth/issues/11071)) ([21f5f97](https://github.com/dynamic-labs/dynamic-auth/commit/21f5f9724c788053774ce5eaa19f073af9a33d27))
+
 ### [4.78.1](https://github.com/dynamic-labs/dynamic-auth/compare/v4.78.0...v4.78.1) (2026-04-29)
 
 

package/package.cjs

@@ -3,11 +3,11 @@
 
 Object.defineProperty(exports, '__esModule', { value: true });
 
-var version = "4.78.1";
+var version = "4.79.0";
 var dependencies = {
-	"@dynamic-labs/sdk-api-core": "0.0.927",
-	"@dynamic-labs-sdk/client": "0.24.0",
-	"@dynamic-labs-wallet/browser-wallet-client": "0.0.314",
+	"@dynamic-labs/sdk-api-core": "0.0.956",
+	"@dynamic-labs-sdk/client": "0.26.2",
+	"@dynamic-labs-wallet/browser-wallet-client": "0.0.325",
 	"@hcaptcha/react-hcaptcha": "1.4.4",
 	"@thumbmarkjs/thumbmarkjs": "0.16.0",
 	"country-list": "2.3.0",

package/package.js

@@ -1,9 +1,9 @@
 'use client'
-var version = "4.78.1";
+var version = "4.79.0";
 var dependencies = {
-	"@dynamic-labs/sdk-api-core": "0.0.927",
-	"@dynamic-labs-sdk/client": "0.24.0",
-	"@dynamic-labs-wallet/browser-wallet-client": "0.0.314",
+	"@dynamic-labs/sdk-api-core": "0.0.956",
+	"@dynamic-labs-sdk/client": "0.26.2",
+	"@dynamic-labs-wallet/browser-wallet-client": "0.0.325",
 	"@hcaptcha/react-hcaptcha": "1.4.4",
 	"@thumbmarkjs/thumbmarkjs": "0.16.0",
 	"country-list": "2.3.0",

package/package.json

@@ -1,10 +1,10 @@
 {
   "name": "@dynamic-labs/sdk-react-core",
-  "version": "4.78.1",
+  "version": "4.79.0",
   "dependencies": {
-    "@dynamic-labs/sdk-api-core": "0.0.927",
-    "@dynamic-labs-sdk/client": "0.24.0",
-    "@dynamic-labs-wallet/browser-wallet-client": "0.0.314",
+    "@dynamic-labs/sdk-api-core": "0.0.956",
+    "@dynamic-labs-sdk/client": "0.26.2",
+    "@dynamic-labs-wallet/browser-wallet-client": "0.0.325",
     "@hcaptcha/react-hcaptcha": "1.4.4",
     "@thumbmarkjs/thumbmarkjs": "0.16.0",
     "country-list": "2.3.0",
@@ -16,17 +16,17 @@
     "yup": "0.32.11",
     "react-international-phone": "4.5.0",
     "bs58": "5.0.0",
-    "@dynamic-labs/assert-package-version": "4.78.1",
-    "@dynamic-labs/iconic": "4.78.1",
-    "@dynamic-labs/locale": "4.78.1",
-    "@dynamic-labs/logger": "4.78.1",
-    "@dynamic-labs/multi-wallet": "4.78.1",
-    "@dynamic-labs/rpc-providers": "4.78.1",
-    "@dynamic-labs/store": "4.78.1",
-    "@dynamic-labs/types": "4.78.1",
-    "@dynamic-labs/utils": "4.78.1",
-    "@dynamic-labs/wallet-book": "4.78.1",
-    "@dynamic-labs/wallet-connector-core": "4.78.1",
+    "@dynamic-labs/assert-package-version": "4.79.0",
+    "@dynamic-labs/iconic": "4.79.0",
+    "@dynamic-labs/locale": "4.79.0",
+    "@dynamic-labs/logger": "4.79.0",
+    "@dynamic-labs/multi-wallet": "4.79.0",
+    "@dynamic-labs/rpc-providers": "4.79.0",
+    "@dynamic-labs/store": "4.79.0",
+    "@dynamic-labs/types": "4.79.0",
+    "@dynamic-labs/utils": "4.79.0",
+    "@dynamic-labs/wallet-book": "4.79.0",
+    "@dynamic-labs/wallet-connector-core": "4.79.0",
     "eventemitter3": "5.0.1"
   },
   "devDependencies": {

package/src/index.cjs

@@ -138,6 +138,8 @@ require('./lib/widgets/DynamicWidget/components/PasskeyCard/PasskeyCard.cjs');
 var useEmbeddedReveal = require('./lib/utils/hooks/useEmbeddedReveal/useEmbeddedReveal.cjs');
 var useWalletBackup = require('./lib/utils/hooks/useWalletBackup/useWalletBackup.cjs');
 var types = require('./lib/utils/hooks/useWalletBackup/types.cjs');
+var googleDriveScopes = require('./lib/utils/hooks/useWalletBackup/googleDriveScopes.cjs');
+var googleDriveBackupErrors = require('./lib/utils/hooks/useWalletBackup/googleDriveBackupErrors.cjs');
 var useEmbeddedWalletAuthenticator = require('./lib/utils/hooks/useEmbeddedWalletAuthenticator/useEmbeddedWalletAuthenticator.cjs');
 require('./lib/utils/hooks/useWalletBackup/cloudProviders.cjs');
 require('./lib/widgets/DynamicWidget/views/CryptoComOnramp/CryptoComOnramp.cjs');
@@ -188,6 +190,7 @@ var useGetUserMfaMethods = require('./lib/utils/hooks/useGetUserMfaMethods/useGe
 var usePromptMfaAuth = require('./lib/utils/hooks/usePromptMfaAuth/usePromptMfaAuth.cjs');
 var useUpgradeToDynamicWaasFlow = require('./lib/utils/hooks/useUpgradeToDynamicWaasFlow/useUpgradeToDynamicWaasFlow.cjs');
 var useIsMfaRequiredForAction = require('./lib/utils/hooks/useIsMfaRequiredForAction/useIsMfaRequiredForAction.cjs');
+var useGoogleDriveBackupReadiness = require('./lib/utils/hooks/useGoogleDriveBackupReadiness/useGoogleDriveBackupReadiness.cjs');
 var useRefreshAuth = require('./lib/utils/hooks/useRefreshAuth/useRefreshAuth.cjs');
 var useWalletPassword = require('./lib/utils/hooks/useWalletPassword/useWalletPassword.cjs');
 var useGetWalletPassword = require('./lib/utils/hooks/useGetWalletPassword/useGetWalletPassword.cjs');
@@ -304,6 +307,10 @@ exports.isWalletBackedUp = useWalletBackup.isWalletBackedUp;
 exports.useBackupWallets = useWalletBackup.useBackupWallets;
 exports.useWalletBackup = useWalletBackup.useWalletBackup;
 exports.CloudBackupProvider = types.CloudBackupProvider;
+exports.GOOGLE_DRIVE_BACKUP_REQUIRED_SCOPES = googleDriveScopes.GOOGLE_DRIVE_BACKUP_REQUIRED_SCOPES;
+exports.findMissingGoogleDriveBackupScopes = googleDriveScopes.findMissingGoogleDriveBackupScopes;
+exports.hasAllGoogleDriveBackupScopes = googleDriveScopes.hasAllGoogleDriveBackupScopes;
+exports.isInsufficientGoogleDriveScopesError = googleDriveBackupErrors.isInsufficientGoogleDriveScopesError;
 exports.useEmbeddedWalletAuthenticator = useEmbeddedWalletAuthenticator.useEmbeddedWalletAuthenticator;
 exports.FilterAndSortWallets = index$2.FilterAndSortWallets;
 exports.FilterBridgeChainsName = index$2.FilterBridgeChainsName;
@@ -354,6 +361,7 @@ exports.useGetUserMfaMethods = useGetUserMfaMethods.useGetUserMfaMethods;
 exports.usePromptMfaAuth = usePromptMfaAuth.usePromptMfaAuth;
 exports.useUpgradeToDynamicWaasFlow = useUpgradeToDynamicWaasFlow.useUpgradeToDynamicWaasFlow;
 exports.useIsMfaRequiredForAction = useIsMfaRequiredForAction.useIsMfaRequiredForAction;
+exports.useGoogleDriveBackupReadiness = useGoogleDriveBackupReadiness.useGoogleDriveBackupReadiness;
 exports.useRefreshAuth = useRefreshAuth.useRefreshAuth;
 exports.useWalletPassword = useWalletPassword.useWalletPassword;
 exports.useGetWalletPassword = useGetWalletPassword.useGetWalletPassword;

package/src/index.d.ts

@@ -123,7 +123,8 @@ export { FilterAndSortWallets, FilterBridgeChainsName, FilterChain, FilterWallet
 export { 
 /** @deprecated */
 DynamicWidgetContextProvider, } from './lib/widgets/DynamicWidget/context';
-export { useWalletItemActions, useAuthenticateConnectedUser, useSocialAccounts, useEmbeddedWallet, useEmbeddedWalletAuthenticator, usePasskeyRecovery, useEmbeddedReveal, useIsLoggedIn, useDynamicModals, useMfa, useTokenBalances, useMultichainTokenBalances, useSwitchWallet, useRpcProviders, useRefreshUser, useRefreshAuth, useResetWaasSession, useWalletOptions, useSmartWallets, useSignEip7702Authorization, EmbeddedWalletVersion, useTelegramLogin, useUpgradeEmbeddedWallet, useEVMTransactionSimulation, useSVMTransactionSimulation, useDeleteUserAccount, useDynamicWaas, useGetPasskeys, useDeletePasskey, useRegisterPasskey, useAuthenticatePasskeyMFA, useGetUserMfaMethods, usePromptMfaAuth, useUpgradeToDynamicWaasFlow, useGetMfaToken, useGetWalletPassword, useWalletPassword, useIsMfaRequiredForAction, useWalletDelegation, useWalletBackup, useBackupWallets, isWalletBackedUp, CloudBackupProvider, useExchangeAccounts, useStepUpAuthentication, } from './lib/utils/hooks';
+export { useWalletItemActions, useAuthenticateConnectedUser, useSocialAccounts, useEmbeddedWallet, useEmbeddedWalletAuthenticator, usePasskeyRecovery, useEmbeddedReveal, useIsLoggedIn, useDynamicModals, useMfa, useTokenBalances, useMultichainTokenBalances, useSwitchWallet, useRpcProviders, useRefreshUser, useRefreshAuth, useResetWaasSession, useWalletOptions, useSmartWallets, useSignEip7702Authorization, EmbeddedWalletVersion, useTelegramLogin, useUpgradeEmbeddedWallet, useEVMTransactionSimulation, useSVMTransactionSimulation, useDeleteUserAccount, useDynamicWaas, useGetPasskeys, useDeletePasskey, useRegisterPasskey, useAuthenticatePasskeyMFA, useGetUserMfaMethods, usePromptMfaAuth, useUpgradeToDynamicWaasFlow, useGetMfaToken, useGetWalletPassword, useWalletPassword, useIsMfaRequiredForAction, useWalletDelegation, useWalletBackup, useBackupWallets, isWalletBackedUp, CloudBackupProvider, GOOGLE_DRIVE_BACKUP_REQUIRED_SCOPES, findMissingGoogleDriveBackupScopes, hasAllGoogleDriveBackupScopes, isInsufficientGoogleDriveScopesError, useGoogleDriveBackupReadiness, useExchangeAccounts, useStepUpAuthentication, } from './lib/utils/hooks';
+export type { GoogleDriveBackupAccessError, GoogleDriveBackupReadiness, GoogleDriveBackupReadinessStatus, UseGoogleDriveBackupReadinessReturn, } from './lib/utils/hooks';
 export type { IsStepUpRequiredParams, PromptMfaParams, StepUpAuthenticationState, UseStepUpAuthenticationParams, UseStepUpAuthenticationReturn, VerifyOtpParams, VerifyPasskeyMfaParams, VerifyRecoveryCodeParams, VerifySocialParams, VerifyTotpMfaParams, VerifyWalletParams, } from './lib/utils/hooks';
 export { 
 /** @deprecated use useOnramp instead */

package/src/index.js

@@ -134,6 +134,8 @@ import './lib/widgets/DynamicWidget/components/PasskeyCard/PasskeyCard.js';
 export { useEmbeddedReveal } from './lib/utils/hooks/useEmbeddedReveal/useEmbeddedReveal.js';
 export { isWalletBackedUp, useBackupWallets, useWalletBackup } from './lib/utils/hooks/useWalletBackup/useWalletBackup.js';
 export { CloudBackupProvider } from './lib/utils/hooks/useWalletBackup/types.js';
+export { GOOGLE_DRIVE_BACKUP_REQUIRED_SCOPES, findMissingGoogleDriveBackupScopes, hasAllGoogleDriveBackupScopes } from './lib/utils/hooks/useWalletBackup/googleDriveScopes.js';
+export { isInsufficientGoogleDriveScopesError } from './lib/utils/hooks/useWalletBackup/googleDriveBackupErrors.js';
 export { useEmbeddedWalletAuthenticator } from './lib/utils/hooks/useEmbeddedWalletAuthenticator/useEmbeddedWalletAuthenticator.js';
 import './lib/utils/hooks/useWalletBackup/cloudProviders.js';
 import './lib/widgets/DynamicWidget/views/CryptoComOnramp/CryptoComOnramp.js';
@@ -184,6 +186,7 @@ export { useGetUserMfaMethods } from './lib/utils/hooks/useGetUserMfaMethods/use
 export { usePromptMfaAuth } from './lib/utils/hooks/usePromptMfaAuth/usePromptMfaAuth.js';
 export { useUpgradeToDynamicWaasFlow } from './lib/utils/hooks/useUpgradeToDynamicWaasFlow/useUpgradeToDynamicWaasFlow.js';
 export { useIsMfaRequiredForAction } from './lib/utils/hooks/useIsMfaRequiredForAction/useIsMfaRequiredForAction.js';
+export { useGoogleDriveBackupReadiness } from './lib/utils/hooks/useGoogleDriveBackupReadiness/useGoogleDriveBackupReadiness.js';
 export { useRefreshAuth } from './lib/utils/hooks/useRefreshAuth/useRefreshAuth.js';
 export { useWalletPassword } from './lib/utils/hooks/useWalletPassword/useWalletPassword.js';
 export { useGetWalletPassword } from './lib/utils/hooks/useGetWalletPassword/useGetWalletPassword.js';

package/src/lib/utils/hooks/index.d.ts

@@ -98,8 +98,9 @@ export { useUpgradeToDynamicWaasFlow } from './useUpgradeToDynamicWaasFlow';
 export { useGetMfaToken } from './useGetMfaToken';
 export { useIsMfaRequiredForAction } from './useIsMfaRequiredForAction';
 export { useWalletDelegation } from './useWalletDelegation';
-export { CloudBackupProvider, isWalletBackedUp, useBackupWallets, useWalletBackup, } from './useWalletBackup';
-export type { WalletBackupStatus, WalletOperationState, WalletToBackup, WalletWithBackupStatus, } from './useWalletBackup';
+export { CloudBackupProvider, GOOGLE_DRIVE_BACKUP_REQUIRED_SCOPES, findMissingGoogleDriveBackupScopes, hasAllGoogleDriveBackupScopes, isInsufficientGoogleDriveScopesError, isWalletBackedUp, useBackupWallets, useWalletBackup, } from './useWalletBackup';
+export type { GoogleDriveBackupAccessError, WalletBackupStatus, WalletOperationState, WalletToBackup, WalletWithBackupStatus, } from './useWalletBackup';
+export { useGoogleDriveBackupReadiness, type GoogleDriveBackupReadiness, type GoogleDriveBackupReadinessStatus, type UseGoogleDriveBackupReadinessReturn, } from './useGoogleDriveBackupReadiness';
 export { useRefreshAuth } from './useRefreshAuth';
 export { useSetupPassword, PASSWORD_SETUP_CANCELLED_ERROR, } from './useSetupPassword';
 export { useWalletUnlock } from './useWalletUnlock';

package/src/lib/utils/hooks/useGoogleDriveBackupReadiness/index.d.ts

@@ -0,0 +1 @@
+export { useGoogleDriveBackupReadiness, type GoogleDriveBackupReadiness, type GoogleDriveBackupReadinessStatus, type UseGoogleDriveBackupReadinessReturn, } from './useGoogleDriveBackupReadiness';

package/src/lib/utils/hooks/useGoogleDriveBackupReadiness/useGoogleDriveBackupReadiness.cjs

@@ -0,0 +1,222 @@
+'use client'
+'use strict';
+
+Object.defineProperty(exports, '__esModule', { value: true });
+
+var _tslib = require('../../../../../_virtual/_tslib.cjs');
+var React = require('react');
+var sdkApiCore = require('@dynamic-labs/sdk-api-core');
+require('@dynamic-labs-sdk/client/core');
+require('eventemitter3');
+require('@dynamic-labs/utils');
+require('@dynamic-labs-sdk/client');
+require('../../../config/ApiEndpoint.cjs');
+require('@dynamic-labs/iconic');
+require('@dynamic-labs/wallet-connector-core');
+require('react/jsx-runtime');
+require('../../../context/ViewContext/ViewContext.cjs');
+require('../../../shared/logger.cjs');
+require('@dynamic-labs/wallet-book');
+require('../../constants/colors.cjs');
+require('../../constants/values.cjs');
+require('../../../shared/consts/index.cjs');
+require('@dynamic-labs/multi-wallet');
+require('react-international-phone');
+require('../../../store/state/nonce/nonce.cjs');
+var api = require('../../../data/api/api.cjs');
+require('@dynamic-labs/locale');
+var dynamicContextProps = require('../../../store/state/dynamicContextProps/dynamicContextProps.cjs');
+require('../../../store/state/primaryWalletId/primaryWalletId.cjs');
+require('../../../store/state/connectedWalletsInfo/connectedWalletsInfo.cjs');
+require('../../functions/getWaasAddressTypeLabel/getWaasAddressTypeLabel.cjs');
+require('../../../events/dynamicEvents.cjs');
+var useUser = require('../../../client/extension/user/useUser/useUser.cjs');
+var useRefreshAuth = require('../useRefreshAuth/useRefreshAuth.cjs');
+var useSocialAccounts = require('../useSocialAccounts/useSocialAccounts.cjs');
+var googleDriveScopes = require('../useWalletBackup/googleDriveScopes.cjs');
+
+const IDLE = {
+    isChecking: false,
+    missingScopes: [],
+    status: 'idle',
+};
+// Returns the UUID of the user_oauth_accounts row backing the linked Google
+// credential. The path param of /sdk/.../oauthAccounts/:id/accessToken expects
+// this UUID — *not* the third-party `oauthAccountId` (Google's numeric profile
+// ID), which is what JwtVerifiedCredential.oauthAccountId stores.
+const findGoogleOauthAccountId = (credentials) => {
+    var _a, _b;
+    return (_b = (_a = credentials === null || credentials === void 0 ? void 0 : credentials.find((cred) => cred.format === 'oauth' && cred.oauthProvider === sdkApiCore.ProviderEnum.Google)) === null || _a === void 0 ? void 0 : _a.id) !== null && _b !== void 0 ? _b : undefined;
+};
+/**
+ * Pre-flight readiness check for backing up MPC keyshares to Google Drive.
+ *
+ * Recommended pattern: call `check()` when the user opens the "Backup to
+ * Google Drive" CTA. If `status` is `'needs-access'`, prompt the user and
+ * call `requestAccess()` to re-prompt the Google consent screen. Then
+ * proceed with `useWalletBackup().backupWallet(...)`.
+ *
+ * Status values:
+ * - `'idle'`: never checked / after `reset()`.
+ * - `'ready'`: stored scopes include both required Drive scopes; backup
+ *   should succeed (barring transient errors).
+ * - `'needs-access'`: backup likely won't succeed without user intervention.
+ *   Covers (a) missing scopes — `missingScopes` lists the gap, (b) no Google
+ *   account linked — `missingScopes` is populated with the full required set
+ *   so callers can render copy directly, and (c) legacy tokens captured
+ *   before scope tracking shipped (`scopes: []` from the API) — indicated
+ *   by an empty `missingScopes` array. Call `requestAccess()` to recover.
+ * - `'error'`: the underlying fetch or relink rejected. `error` holds
+ *   the cause.
+ *
+ * `isChecking` is true while a `check()` or `requestAccess()` is in flight.
+ *
+ * `missingScopes` lists the scopes the user still needs to grant. When no
+ * Google account is linked, this is the full required set; when scopes are
+ * known to be partially missing, only the missing ones; for legacy
+ * "unknown scopes" tokens, the array is empty.
+ *
+ * @example
+ * ```tsx
+ * function BackupButton({ wallet }) {
+ *   const { status, missingScopes, isChecking, check, requestAccess } =
+ *     useGoogleDriveBackupReadiness();
+ *   const { backupWallet, lastBackupError, clearBackupError } = useWalletBackup();
+ *
+ *   // Layer 2: post-flight fallback — needed for legacy users where the stored
+ *   // `scopes` is empty so pre-flight returned 'unknown'. Because `lastBackupError`
+ *   // is React state it won't update until the next render; read it in a
+ *   // useEffect rather than synchronously after `await backupWallet(...)`.
+ *   useEffect(() => {
+ *     if (lastBackupError && isInsufficientGoogleDriveScopesError(lastBackupError)) {
+ *       clearBackupError();
+ *       requestAccess(); // re-prompt consent, then caller can retry backupWallet
+ *     }
+ *   }, [lastBackupError]);
+ *
+ *   const onBackup = async () => {
+ *     // Layer 1: pre-flight readiness — saves an MPC reshare ceremony when
+ *     // we can already tell the upload will fail.
+ *     let r = await check();
+ *     if (r.status === 'needs-access') {
+ *       r = await requestAccess(); // popup re-consent
+ *       if (r.status !== 'ready') return; // user cancelled or relink failed
+ *     }
+ *
+ *     await backupWallet(wallet, 'GoogleDrive');
+ *     // If the backup failed due to missing scopes, the useEffect above will
+ *     // fire on the next render with the updated lastBackupError.
+ *   };
+ *
+ *   return (
+ *     <>
+ *       {status === 'needs-access' && (
+ *         <p>We need access to: {missingScopes.join(', ')}</p>
+ *       )}
+ *       <button onClick={onBackup} disabled={isChecking}>Backup to Drive</button>
+ *     </>
+ *   );
+ * }
+ * ```
+ */
+const useGoogleDriveBackupReadiness = () => {
+    const user = useUser.useUser();
+    const environmentId = dynamicContextProps.useEnvironmentId();
+    const refresh = useRefreshAuth.useRefreshAuth();
+    const { linkSocialAccount } = useSocialAccounts.useSocialAccounts();
+    const [readiness, setReadiness] = React.useState(IDLE);
+    const performCheck = React.useCallback((verifiedCredentials) => _tslib.__awaiter(void 0, void 0, void 0, function* () {
+        const oauthAccountId = findGoogleOauthAccountId(verifiedCredentials);
+        if (!oauthAccountId) {
+            // No Google credential linked — every required scope is effectively
+            // missing, so populate the full set so callers can render
+            // "we need access to ..." UX without checking the empty case.
+            const result = {
+                isChecking: false,
+                missingScopes: googleDriveScopes.GOOGLE_DRIVE_BACKUP_REQUIRED_SCOPES,
+                status: 'needs-access',
+            };
+            setReadiness(result);
+            return result;
+        }
+        try {
+            const { accessToken, scopes } = yield api.sdkApi().getEndUserOauthAccessToken({
+                environmentId,
+                oauthAccountId,
+            });
+            // Empty scopes = legacy token captured before scope tracking; we
+            // can't confirm the upload will work, so surface as needs-access
+            // (with empty missingScopes to differentiate from the explicit
+            // missing case). requestAccess() forces a fresh token so the
+            // column populates.
+            if (scopes.length === 0) {
+                const result = {
+                    accessToken,
+                    isChecking: false,
+                    missingScopes: [],
+                    status: 'needs-access',
+                };
+                setReadiness(result);
+                return result;
+            }
+            const missing = googleDriveScopes.findMissingGoogleDriveBackupScopes(scopes);
+            const result = missing.length === 0
+                ? {
+                    accessToken,
+                    isChecking: false,
+                    missingScopes: [],
+                    status: 'ready',
+                }
+                : {
+                    accessToken,
+                    isChecking: false,
+                    missingScopes: missing,
+                    status: 'needs-access',
+                };
+            setReadiness(result);
+            return result;
+        }
+        catch (error) {
+            const result = {
+                error,
+                isChecking: false,
+                missingScopes: [],
+                status: 'error',
+            };
+            setReadiness(result);
+            return result;
+        }
+    }), [environmentId]);
+    const check = React.useCallback(() => _tslib.__awaiter(void 0, void 0, void 0, function* () {
+        setReadiness((prev) => (Object.assign(Object.assign({}, prev), { isChecking: true })));
+        return performCheck(user === null || user === void 0 ? void 0 : user.verifiedCredentials);
+    }), [performCheck, user]);
+    const requestAccess = React.useCallback(() => _tslib.__awaiter(void 0, void 0, void 0, function* () {
+        var _a;
+        setReadiness((prev) => (Object.assign(Object.assign({}, prev), { isChecking: true })));
+        try {
+            yield linkSocialAccount(sdkApiCore.ProviderEnum.Google, {
+                forcePopup: true,
+                showWidgetAfterConnection: false,
+            });
+            const updatedUser = yield refresh();
+            return performCheck((_a = updatedUser === null || updatedUser === void 0 ? void 0 : updatedUser.verifiedCredentials) !== null && _a !== void 0 ? _a : user === null || user === void 0 ? void 0 : user.verifiedCredentials);
+        }
+        catch (error) {
+            const result = {
+                error,
+                isChecking: false,
+                missingScopes: [],
+                status: 'error',
+            };
+            setReadiness(result);
+            return result;
+        }
+    }), [linkSocialAccount, performCheck, refresh, user]);
+    const reset = React.useCallback(() => setReadiness(IDLE), []);
+    return Object.assign(Object.assign({}, readiness), { check,
+        requestAccess,
+        reset });
+};
+
+exports.useGoogleDriveBackupReadiness = useGoogleDriveBackupReadiness;

package/src/lib/utils/hooks/useGoogleDriveBackupReadiness/useGoogleDriveBackupReadiness.d.ts

@@ -0,0 +1,85 @@
+export type GoogleDriveBackupReadinessStatus = 'idle' | 'ready' | 'needs-access' | 'error';
+export type GoogleDriveBackupReadiness = {
+    status: GoogleDriveBackupReadinessStatus;
+    isChecking: boolean;
+    missingScopes: readonly string[];
+    accessToken?: string;
+    error?: unknown;
+};
+export type UseGoogleDriveBackupReadinessReturn = GoogleDriveBackupReadiness & {
+    check: () => Promise<GoogleDriveBackupReadiness>;
+    requestAccess: () => Promise<GoogleDriveBackupReadiness>;
+    reset: () => void;
+};
+/**
+ * Pre-flight readiness check for backing up MPC keyshares to Google Drive.
+ *
+ * Recommended pattern: call `check()` when the user opens the "Backup to
+ * Google Drive" CTA. If `status` is `'needs-access'`, prompt the user and
+ * call `requestAccess()` to re-prompt the Google consent screen. Then
+ * proceed with `useWalletBackup().backupWallet(...)`.
+ *
+ * Status values:
+ * - `'idle'`: never checked / after `reset()`.
+ * - `'ready'`: stored scopes include both required Drive scopes; backup
+ *   should succeed (barring transient errors).
+ * - `'needs-access'`: backup likely won't succeed without user intervention.
+ *   Covers (a) missing scopes — `missingScopes` lists the gap, (b) no Google
+ *   account linked — `missingScopes` is populated with the full required set
+ *   so callers can render copy directly, and (c) legacy tokens captured
+ *   before scope tracking shipped (`scopes: []` from the API) — indicated
+ *   by an empty `missingScopes` array. Call `requestAccess()` to recover.
+ * - `'error'`: the underlying fetch or relink rejected. `error` holds
+ *   the cause.
+ *
+ * `isChecking` is true while a `check()` or `requestAccess()` is in flight.
+ *
+ * `missingScopes` lists the scopes the user still needs to grant. When no
+ * Google account is linked, this is the full required set; when scopes are
+ * known to be partially missing, only the missing ones; for legacy
+ * "unknown scopes" tokens, the array is empty.
+ *
+ * @example
+ * ```tsx
+ * function BackupButton({ wallet }) {
+ *   const { status, missingScopes, isChecking, check, requestAccess } =
+ *     useGoogleDriveBackupReadiness();
+ *   const { backupWallet, lastBackupError, clearBackupError } = useWalletBackup();
+ *
+ *   // Layer 2: post-flight fallback — needed for legacy users where the stored
+ *   // `scopes` is empty so pre-flight returned 'unknown'. Because `lastBackupError`
+ *   // is React state it won't update until the next render; read it in a
+ *   // useEffect rather than synchronously after `await backupWallet(...)`.
+ *   useEffect(() => {
+ *     if (lastBackupError && isInsufficientGoogleDriveScopesError(lastBackupError)) {
+ *       clearBackupError();
+ *       requestAccess(); // re-prompt consent, then caller can retry backupWallet
+ *     }
+ *   }, [lastBackupError]);
+ *
+ *   const onBackup = async () => {
+ *     // Layer 1: pre-flight readiness — saves an MPC reshare ceremony when
+ *     // we can already tell the upload will fail.
+ *     let r = await check();
+ *     if (r.status === 'needs-access') {
+ *       r = await requestAccess(); // popup re-consent
+ *       if (r.status !== 'ready') return; // user cancelled or relink failed
+ *     }
+ *
+ *     await backupWallet(wallet, 'GoogleDrive');
+ *     // If the backup failed due to missing scopes, the useEffect above will
+ *     // fire on the next render with the updated lastBackupError.
+ *   };
+ *
+ *   return (
+ *     <>
+ *       {status === 'needs-access' && (
+ *         <p>We need access to: {missingScopes.join(', ')}</p>
+ *       )}
+ *       <button onClick={onBackup} disabled={isChecking}>Backup to Drive</button>
+ *     </>
+ *   );
+ * }
+ * ```
+ */
+export declare const useGoogleDriveBackupReadiness: () => UseGoogleDriveBackupReadinessReturn;

package/src/lib/utils/hooks/useGoogleDriveBackupReadiness/useGoogleDriveBackupReadiness.js

@@ -0,0 +1,218 @@
+'use client'
+import { __awaiter } from '../../../../../_virtual/_tslib.js';
+import { useState, useCallback } from 'react';
+import { ProviderEnum } from '@dynamic-labs/sdk-api-core';
+import '@dynamic-labs-sdk/client/core';
+import 'eventemitter3';
+import '@dynamic-labs/utils';
+import '@dynamic-labs-sdk/client';
+import '../../../config/ApiEndpoint.js';
+import '@dynamic-labs/iconic';
+import '@dynamic-labs/wallet-connector-core';
+import 'react/jsx-runtime';
+import '../../../context/ViewContext/ViewContext.js';
+import '../../../shared/logger.js';
+import '@dynamic-labs/wallet-book';
+import '../../constants/colors.js';
+import '../../constants/values.js';
+import '../../../shared/consts/index.js';
+import '@dynamic-labs/multi-wallet';
+import 'react-international-phone';
+import '../../../store/state/nonce/nonce.js';
+import { sdkApi } from '../../../data/api/api.js';
+import '@dynamic-labs/locale';
+import { useEnvironmentId } from '../../../store/state/dynamicContextProps/dynamicContextProps.js';
+import '../../../store/state/primaryWalletId/primaryWalletId.js';
+import '../../../store/state/connectedWalletsInfo/connectedWalletsInfo.js';
+import '../../functions/getWaasAddressTypeLabel/getWaasAddressTypeLabel.js';
+import '../../../events/dynamicEvents.js';
+import { useUser } from '../../../client/extension/user/useUser/useUser.js';
+import { useRefreshAuth } from '../useRefreshAuth/useRefreshAuth.js';
+import { useSocialAccounts } from '../useSocialAccounts/useSocialAccounts.js';
+import { findMissingGoogleDriveBackupScopes, GOOGLE_DRIVE_BACKUP_REQUIRED_SCOPES } from '../useWalletBackup/googleDriveScopes.js';
+
+const IDLE = {
+    isChecking: false,
+    missingScopes: [],
+    status: 'idle',
+};
+// Returns the UUID of the user_oauth_accounts row backing the linked Google
+// credential. The path param of /sdk/.../oauthAccounts/:id/accessToken expects
+// this UUID — *not* the third-party `oauthAccountId` (Google's numeric profile
+// ID), which is what JwtVerifiedCredential.oauthAccountId stores.
+const findGoogleOauthAccountId = (credentials) => {
+    var _a, _b;
+    return (_b = (_a = credentials === null || credentials === void 0 ? void 0 : credentials.find((cred) => cred.format === 'oauth' && cred.oauthProvider === ProviderEnum.Google)) === null || _a === void 0 ? void 0 : _a.id) !== null && _b !== void 0 ? _b : undefined;
+};
+/**
+ * Pre-flight readiness check for backing up MPC keyshares to Google Drive.
+ *
+ * Recommended pattern: call `check()` when the user opens the "Backup to
+ * Google Drive" CTA. If `status` is `'needs-access'`, prompt the user and
+ * call `requestAccess()` to re-prompt the Google consent screen. Then
+ * proceed with `useWalletBackup().backupWallet(...)`.
+ *
+ * Status values:
+ * - `'idle'`: never checked / after `reset()`.
+ * - `'ready'`: stored scopes include both required Drive scopes; backup
+ *   should succeed (barring transient errors).
+ * - `'needs-access'`: backup likely won't succeed without user intervention.
+ *   Covers (a) missing scopes — `missingScopes` lists the gap, (b) no Google
+ *   account linked — `missingScopes` is populated with the full required set
+ *   so callers can render copy directly, and (c) legacy tokens captured
+ *   before scope tracking shipped (`scopes: []` from the API) — indicated
+ *   by an empty `missingScopes` array. Call `requestAccess()` to recover.
+ * - `'error'`: the underlying fetch or relink rejected. `error` holds
+ *   the cause.
+ *
+ * `isChecking` is true while a `check()` or `requestAccess()` is in flight.
+ *
+ * `missingScopes` lists the scopes the user still needs to grant. When no
+ * Google account is linked, this is the full required set; when scopes are
+ * known to be partially missing, only the missing ones; for legacy
+ * "unknown scopes" tokens, the array is empty.
+ *
+ * @example
+ * ```tsx
+ * function BackupButton({ wallet }) {
+ *   const { status, missingScopes, isChecking, check, requestAccess } =
+ *     useGoogleDriveBackupReadiness();
+ *   const { backupWallet, lastBackupError, clearBackupError } = useWalletBackup();
+ *
+ *   // Layer 2: post-flight fallback — needed for legacy users where the stored
+ *   // `scopes` is empty so pre-flight returned 'unknown'. Because `lastBackupError`
+ *   // is React state it won't update until the next render; read it in a
+ *   // useEffect rather than synchronously after `await backupWallet(...)`.
+ *   useEffect(() => {
+ *     if (lastBackupError && isInsufficientGoogleDriveScopesError(lastBackupError)) {
+ *       clearBackupError();
+ *       requestAccess(); // re-prompt consent, then caller can retry backupWallet
+ *     }
+ *   }, [lastBackupError]);
+ *
+ *   const onBackup = async () => {
+ *     // Layer 1: pre-flight readiness — saves an MPC reshare ceremony when
+ *     // we can already tell the upload will fail.
+ *     let r = await check();
+ *     if (r.status === 'needs-access') {
+ *       r = await requestAccess(); // popup re-consent
+ *       if (r.status !== 'ready') return; // user cancelled or relink failed
+ *     }
+ *
+ *     await backupWallet(wallet, 'GoogleDrive');
+ *     // If the backup failed due to missing scopes, the useEffect above will
+ *     // fire on the next render with the updated lastBackupError.
+ *   };
+ *
+ *   return (
+ *     <>
+ *       {status === 'needs-access' && (
+ *         <p>We need access to: {missingScopes.join(', ')}</p>
+ *       )}
+ *       <button onClick={onBackup} disabled={isChecking}>Backup to Drive</button>
+ *     </>
+ *   );
+ * }
+ * ```
+ */
+const useGoogleDriveBackupReadiness = () => {
+    const user = useUser();
+    const environmentId = useEnvironmentId();
+    const refresh = useRefreshAuth();
+    const { linkSocialAccount } = useSocialAccounts();
+    const [readiness, setReadiness] = useState(IDLE);
+    const performCheck = useCallback((verifiedCredentials) => __awaiter(void 0, void 0, void 0, function* () {
+        const oauthAccountId = findGoogleOauthAccountId(verifiedCredentials);
+        if (!oauthAccountId) {
+            // No Google credential linked — every required scope is effectively
+            // missing, so populate the full set so callers can render
+            // "we need access to ..." UX without checking the empty case.
+            const result = {
+                isChecking: false,
+                missingScopes: GOOGLE_DRIVE_BACKUP_REQUIRED_SCOPES,
+                status: 'needs-access',
+            };
+            setReadiness(result);
+            return result;
+        }
+        try {
+            const { accessToken, scopes } = yield sdkApi().getEndUserOauthAccessToken({
+                environmentId,
+                oauthAccountId,
+            });
+            // Empty scopes = legacy token captured before scope tracking; we
+            // can't confirm the upload will work, so surface as needs-access
+            // (with empty missingScopes to differentiate from the explicit
+            // missing case). requestAccess() forces a fresh token so the
+            // column populates.
+            if (scopes.length === 0) {
+                const result = {
+                    accessToken,
+                    isChecking: false,
+                    missingScopes: [],
+                    status: 'needs-access',
+                };
+                setReadiness(result);
+                return result;
+            }
+            const missing = findMissingGoogleDriveBackupScopes(scopes);
+            const result = missing.length === 0
+                ? {
+                    accessToken,
+                    isChecking: false,
+                    missingScopes: [],
+                    status: 'ready',
+                }
+                : {
+                    accessToken,
+                    isChecking: false,
+                    missingScopes: missing,
+                    status: 'needs-access',
+                };
+            setReadiness(result);
+            return result;
+        }
+        catch (error) {
+            const result = {
+                error,
+                isChecking: false,
+                missingScopes: [],
+                status: 'error',
+            };
+            setReadiness(result);
+            return result;
+        }
+    }), [environmentId]);
+    const check = useCallback(() => __awaiter(void 0, void 0, void 0, function* () {
+        setReadiness((prev) => (Object.assign(Object.assign({}, prev), { isChecking: true })));
+        return performCheck(user === null || user === void 0 ? void 0 : user.verifiedCredentials);
+    }), [performCheck, user]);
+    const requestAccess = useCallback(() => __awaiter(void 0, void 0, void 0, function* () {
+        var _a;
+        setReadiness((prev) => (Object.assign(Object.assign({}, prev), { isChecking: true })));
+        try {
+            yield linkSocialAccount(ProviderEnum.Google, {
+                forcePopup: true,
+                showWidgetAfterConnection: false,
+            });
+            const updatedUser = yield refresh();
+            return performCheck((_a = updatedUser === null || updatedUser === void 0 ? void 0 : updatedUser.verifiedCredentials) !== null && _a !== void 0 ? _a : user === null || user === void 0 ? void 0 : user.verifiedCredentials);
+        }
+        catch (error) {
+            const result = {
+                error,
+                isChecking: false,
+                missingScopes: [],
+                status: 'error',
+            };
+            setReadiness(result);
+            return result;
+        }
+    }), [linkSocialAccount, performCheck, refresh, user]);
+    const reset = useCallback(() => setReadiness(IDLE), []);
+    return Object.assign(Object.assign({}, readiness), { check,
+        requestAccess,
+        reset });
+};
+
+export { useGoogleDriveBackupReadiness };

package/src/lib/utils/hooks/useWalletBackup/googleDriveBackupErrors.cjs

@@ -0,0 +1,33 @@
+'use client'
+'use strict';
+
+Object.defineProperty(exports, '__esModule', { value: true });
+
+/**
+ * Stable phrase the waas-sdk includes in Google Drive 401 / scope-insufficient
+ * upload failure messages (see dynamic-waas-sdk
+ * packages/browser/src/backup/providers/googleDrive.ts mapGoogleDriveUploadError).
+ *
+ * We match by `.includes(...)` rather than `.startsWith(...)` because the
+ * iframe message-handler fallback path
+ * (browser-wallet-client/src/services/iframeMessageHandler.ts:
+ * handleIframeMessageResponseError) rewraps the original error as
+ * `new Error(String(response.error))`, which prefixes the message with
+ * "Error: " and drops the original `isRetryable` field. The phrase remains
+ * unique to the auth/scope case across all reasons mapGoogleDriveUploadError
+ * produces (rate-limit, storage-full, 5xx, and network all use distinct
+ * prefixes), so message-only matching is sufficient to discriminate.
+ *
+ * TODO: switch to a stable `error.code` once dynamic-waas-sdk attaches one
+ * (see DYNT-754 follow-up).
+ */
+const ACCESS_DENIED_PHRASE = 'Google Drive access denied';
+/**
+ * Type-guard for Google Drive backup failures caused by missing/insufficient
+ * OAuth scopes (or otherwise denied access). Recover by re-prompting consent
+ * via `linkSocialAccount(ProviderEnum.Google, { forcePopup: true })` and
+ * retrying the backup.
+ */
+const isInsufficientGoogleDriveScopesError = (err) => err instanceof Error && err.message.includes(ACCESS_DENIED_PHRASE);
+
+exports.isInsufficientGoogleDriveScopesError = isInsufficientGoogleDriveScopesError;

package/src/lib/utils/hooks/useWalletBackup/googleDriveBackupErrors.d.ts

@@ -0,0 +1,8 @@
+export type GoogleDriveBackupAccessError = Error;
+/**
+ * Type-guard for Google Drive backup failures caused by missing/insufficient
+ * OAuth scopes (or otherwise denied access). Recover by re-prompting consent
+ * via `linkSocialAccount(ProviderEnum.Google, { forcePopup: true })` and
+ * retrying the backup.
+ */
+export declare const isInsufficientGoogleDriveScopesError: (err: unknown) => err is Error;

package/src/lib/utils/hooks/useWalletBackup/googleDriveBackupErrors.js

@@ -0,0 +1,29 @@
+'use client'
+/**
+ * Stable phrase the waas-sdk includes in Google Drive 401 / scope-insufficient
+ * upload failure messages (see dynamic-waas-sdk
+ * packages/browser/src/backup/providers/googleDrive.ts mapGoogleDriveUploadError).
+ *
+ * We match by `.includes(...)` rather than `.startsWith(...)` because the
+ * iframe message-handler fallback path
+ * (browser-wallet-client/src/services/iframeMessageHandler.ts:
+ * handleIframeMessageResponseError) rewraps the original error as
+ * `new Error(String(response.error))`, which prefixes the message with
+ * "Error: " and drops the original `isRetryable` field. The phrase remains
+ * unique to the auth/scope case across all reasons mapGoogleDriveUploadError
+ * produces (rate-limit, storage-full, 5xx, and network all use distinct
+ * prefixes), so message-only matching is sufficient to discriminate.
+ *
+ * TODO: switch to a stable `error.code` once dynamic-waas-sdk attaches one
+ * (see DYNT-754 follow-up).
+ */
+const ACCESS_DENIED_PHRASE = 'Google Drive access denied';
+/**
+ * Type-guard for Google Drive backup failures caused by missing/insufficient
+ * OAuth scopes (or otherwise denied access). Recover by re-prompting consent
+ * via `linkSocialAccount(ProviderEnum.Google, { forcePopup: true })` and
+ * retrying the backup.
+ */
+const isInsufficientGoogleDriveScopesError = (err) => err instanceof Error && err.message.includes(ACCESS_DENIED_PHRASE);
+
+export { isInsufficientGoogleDriveScopesError };

package/src/lib/utils/hooks/useWalletBackup/googleDriveScopes.cjs

@@ -0,0 +1,22 @@
+'use client'
+'use strict';
+
+Object.defineProperty(exports, '__esModule', { value: true });
+
+/**
+ * OAuth scopes that must be granted on the user's Google account in order
+ * for the keyshare backup upload to Google Drive to succeed.
+ *
+ * Exported so host apps can pre-flight check / display these in their own
+ * UX if they want to. Kept as a `readonly` tuple to discourage mutation.
+ */
+const GOOGLE_DRIVE_BACKUP_REQUIRED_SCOPES = [
+    'https://www.googleapis.com/auth/drive.appdata',
+    'https://www.googleapis.com/auth/drive.file',
+];
+const findMissingGoogleDriveBackupScopes = (grantedScopes) => GOOGLE_DRIVE_BACKUP_REQUIRED_SCOPES.filter((required) => !grantedScopes.includes(required));
+const hasAllGoogleDriveBackupScopes = (grantedScopes) => findMissingGoogleDriveBackupScopes(grantedScopes).length === 0;
+
+exports.GOOGLE_DRIVE_BACKUP_REQUIRED_SCOPES = GOOGLE_DRIVE_BACKUP_REQUIRED_SCOPES;
+exports.findMissingGoogleDriveBackupScopes = findMissingGoogleDriveBackupScopes;
+exports.hasAllGoogleDriveBackupScopes = hasAllGoogleDriveBackupScopes;

package/src/lib/utils/hooks/useWalletBackup/googleDriveScopes.d.ts

@@ -0,0 +1,10 @@
+/**
+ * OAuth scopes that must be granted on the user's Google account in order
+ * for the keyshare backup upload to Google Drive to succeed.
+ *
+ * Exported so host apps can pre-flight check / display these in their own
+ * UX if they want to. Kept as a `readonly` tuple to discourage mutation.
+ */
+export declare const GOOGLE_DRIVE_BACKUP_REQUIRED_SCOPES: readonly ["https://www.googleapis.com/auth/drive.appdata", "https://www.googleapis.com/auth/drive.file"];
+export declare const findMissingGoogleDriveBackupScopes: (grantedScopes: readonly string[]) => string[];
+export declare const hasAllGoogleDriveBackupScopes: (grantedScopes: readonly string[]) => boolean;

package/src/lib/utils/hooks/useWalletBackup/googleDriveScopes.js

@@ -0,0 +1,16 @@
+'use client'
+/**
+ * OAuth scopes that must be granted on the user's Google account in order
+ * for the keyshare backup upload to Google Drive to succeed.
+ *
+ * Exported so host apps can pre-flight check / display these in their own
+ * UX if they want to. Kept as a `readonly` tuple to discourage mutation.
+ */
+const GOOGLE_DRIVE_BACKUP_REQUIRED_SCOPES = [
+    'https://www.googleapis.com/auth/drive.appdata',
+    'https://www.googleapis.com/auth/drive.file',
+];
+const findMissingGoogleDriveBackupScopes = (grantedScopes) => GOOGLE_DRIVE_BACKUP_REQUIRED_SCOPES.filter((required) => !grantedScopes.includes(required));
+const hasAllGoogleDriveBackupScopes = (grantedScopes) => findMissingGoogleDriveBackupScopes(grantedScopes).length === 0;
+
+export { GOOGLE_DRIVE_BACKUP_REQUIRED_SCOPES, findMissingGoogleDriveBackupScopes, hasAllGoogleDriveBackupScopes };

package/src/lib/utils/hooks/useWalletBackup/index.d.ts

@@ -1,2 +1,4 @@
 export { useWalletBackup, useBackupWallets, useDownloadKeyShares, isWalletBackedUp, type WalletToBackup, type WalletWithBackupStatus, type WalletBackupStatus, type WalletOperationState, } from './useWalletBackup';
 export { CloudBackupProvider } from './types';
+export { GOOGLE_DRIVE_BACKUP_REQUIRED_SCOPES, findMissingGoogleDriveBackupScopes, hasAllGoogleDriveBackupScopes, } from './googleDriveScopes';
+export { isInsufficientGoogleDriveScopesError, type GoogleDriveBackupAccessError, } from './googleDriveBackupErrors';

package/src/lib/utils/hooks/useWalletBackup/useWalletBackup.cjs

@@ -148,6 +148,8 @@ const useWalletBackup = () => {
         isProcessing: false,
         totalWallets: 0,
     });
+    const [lastBackupError, setLastBackupError] = React.useState(undefined);
+    const clearBackupError = React.useCallback(() => setLastBackupError(undefined), []);
     const timeoutRef = React.useRef(null);
     React.useEffect(() => () => {
         if (timeoutRef.current) {
@@ -234,6 +236,7 @@ const useWalletBackup = () => {
         }
     }), [getWaasWalletConnector]);
     const backupWallet = React.useCallback((walletToBackup_1, ...args_1) => _tslib.__awaiter(void 0, [walletToBackup_1, ...args_1], void 0, function* (walletToBackup, provider = types.CloudBackupProvider.GoogleDrive, displayContainer) {
+        setLastBackupError(undefined);
         try {
             const waasConnector = getWaasWalletConnector(walletToBackup.chain);
             if (!waasConnector) {
@@ -259,6 +262,7 @@ const useWalletBackup = () => {
                 address: walletToBackup.address,
                 error,
             });
+            setLastBackupError(error);
             return false;
         }
     }), [getWaasWalletConnector]);
@@ -319,6 +323,7 @@ const useWalletBackup = () => {
         return true;
     }, [isGoogleLinked]);
     const backupToCloudProvider = React.useCallback((options, walletToBackup) => _tslib.__awaiter(void 0, void 0, void 0, function* () {
+        setLastBackupError(undefined);
         try {
             const { provider, password } = options;
             const waasConnector = getWaasWalletConnector(walletToBackup.chain);
@@ -344,6 +349,7 @@ const useWalletBackup = () => {
         }
         catch (error) {
             logger.logger.warn('Error backing up to cloud provider', { error, options });
+            setLastBackupError(error);
             return false;
         }
     }), [getWaasWalletConnector]);
@@ -355,6 +361,7 @@ const useWalletBackup = () => {
         backupToCloudProvider,
         backupWallet,
         checkICloudAuth,
+        clearBackupError,
         ensureGoogleLinked,
         ensureProviderLinked,
         getSupportedProviders,
@@ -364,6 +371,7 @@ const useWalletBackup = () => {
         initBackupProcess,
         isGoogleLinked,
         isProviderLinked,
+        lastBackupError,
         showICloudAuth,
         startBackup,
     };

package/src/lib/utils/hooks/useWalletBackup/useWalletBackup.d.ts

@@ -24,6 +24,7 @@ export declare const useWalletBackup: () => {
     readonly backupToCloudProvider: (options: CloudProviderBackupOptions, walletToBackup: WalletToBackup) => Promise<boolean>;
     readonly backupWallet: (walletToBackup: WalletToBackup, provider?: CloudBackupProvider, displayContainer?: HTMLElement) => Promise<boolean>;
     readonly checkICloudAuth: (walletChain: ChainEnum) => Promise<boolean>;
+    readonly clearBackupError: () => void;
     readonly ensureGoogleLinked: () => Promise<boolean>;
     readonly ensureProviderLinked: (provider: CloudBackupProvider) => Promise<boolean>;
     readonly getSupportedProviders: () => import("./cloudProviders").CloudProviderConfigWithIcon[];
@@ -33,6 +34,7 @@ export declare const useWalletBackup: () => {
     readonly initBackupProcess: () => void;
     readonly isGoogleLinked: boolean;
     readonly isProviderLinked: (provider: CloudBackupProvider) => boolean;
+    readonly lastBackupError: unknown;
     readonly showICloudAuth: (displayContainer: HTMLElement, walletChain: ChainEnum) => Promise<boolean>;
     readonly startBackup: (onComplete?: () => void, fromIndex?: number, provider?: CloudBackupProvider, displayContainer?: HTMLElement) => Promise<void>;
 };

package/src/lib/utils/hooks/useWalletBackup/useWalletBackup.js

@@ -1,6 +1,6 @@
 'use client'
 import { __awaiter } from '../../../../../_virtual/_tslib.js';
-import { useMemo, useState, useRef, useEffect, useCallback } from 'react';
+import { useMemo, useState, useCallback, useRef, useEffect } from 'react';
 import { WaasBackupOptionsEnum, ProviderEnum } from '@dynamic-labs/sdk-api-core';
 import '@dynamic-labs-sdk/client/core';
 import 'eventemitter3';
@@ -144,6 +144,8 @@ const useWalletBackup = () => {
         isProcessing: false,
         totalWallets: 0,
     });
+    const [lastBackupError, setLastBackupError] = useState(undefined);
+    const clearBackupError = useCallback(() => setLastBackupError(undefined), []);
     const timeoutRef = useRef(null);
     useEffect(() => () => {
         if (timeoutRef.current) {
@@ -230,6 +232,7 @@ const useWalletBackup = () => {
         }
     }), [getWaasWalletConnector]);
     const backupWallet = useCallback((walletToBackup_1, ...args_1) => __awaiter(void 0, [walletToBackup_1, ...args_1], void 0, function* (walletToBackup, provider = CloudBackupProvider.GoogleDrive, displayContainer) {
+        setLastBackupError(undefined);
         try {
             const waasConnector = getWaasWalletConnector(walletToBackup.chain);
             if (!waasConnector) {
@@ -255,6 +258,7 @@ const useWalletBackup = () => {
                 address: walletToBackup.address,
                 error,
             });
+            setLastBackupError(error);
             return false;
         }
     }), [getWaasWalletConnector]);
@@ -315,6 +319,7 @@ const useWalletBackup = () => {
         return true;
     }, [isGoogleLinked]);
     const backupToCloudProvider = useCallback((options, walletToBackup) => __awaiter(void 0, void 0, void 0, function* () {
+        setLastBackupError(undefined);
         try {
             const { provider, password } = options;
             const waasConnector = getWaasWalletConnector(walletToBackup.chain);
@@ -340,6 +345,7 @@ const useWalletBackup = () => {
         }
         catch (error) {
             logger.warn('Error backing up to cloud provider', { error, options });
+            setLastBackupError(error);
             return false;
         }
     }), [getWaasWalletConnector]);
@@ -351,6 +357,7 @@ const useWalletBackup = () => {
         backupToCloudProvider,
         backupWallet,
         checkICloudAuth,
+        clearBackupError,
         ensureGoogleLinked,
         ensureProviderLinked,
         getSupportedProviders: getSupportedProviders$1,
@@ -360,6 +367,7 @@ const useWalletBackup = () => {
         initBackupProcess,
         isGoogleLinked,
         isProviderLinked,
+        lastBackupError,
         showICloudAuth,
         startBackup,
     };