@getpara/core-sdk 2.0.0-alpha.52 → 2.0.0-alpha.54

package/dist/esm/ParaCore.js

@@ -7,8 +7,8 @@ import {
   __privateSet,
   __spreadProps,
   __spreadValues
-} from "./chunk-7B52C2XE.js";
-var _authInfo, _ParaCore_instances, assertPartner_fn, guestWalletIds_get, guestWalletIdsArray_get, toAuthInfo_fn, setAuthInfo_fn, getPartner_fn, assertIsLinkingAccount_fn, assertIsLinkingAccountOrStart_fn, getOAuthUrl_fn, createPregenWallet_fn, _isCreateGuestWalletsPending, prepareAuthState_fn, prepareLoginState_fn, prepareSignUpState_fn;
+} from "./chunk-W5CT3TVS.js";
+var _authInfo, _ParaCore_instances, assertPartner_fn, guestWalletIds_get, guestWalletIdsArray_get, toAuthInfo_fn, setAuthInfo_fn, getPartner_fn, assertIsLinkingAccount_fn, assertIsLinkingAccountOrStart_fn, getOAuthUrl_fn, createPregenWallet_fn, _isCreateGuestWalletsPending, prepareAuthState_fn, prepareDoneState_fn, prepareVerificationState_fn, prepareLoginState_fn, prepareSignUpState_fn;
 import { Buffer as NodeBuffer } from "buffer";
 if (typeof global !== "undefined") {
   global.Buffer = global.Buffer || NodeBuffer;
@@ -21,9 +21,8 @@ if (typeof global !== "undefined") {
 }
 import {
   AuthMethod,
-  PublicKeyStatus,
+  AuthMethodStatus,
   PublicKeyType,
-  PasswordStatus,
   extractAuthInfo,
   isEmail,
   isPhone,
@@ -75,13 +74,16 @@ import {
 } from "./utils/index.js";
 import { TransactionReviewDenied, TransactionReviewTimeout } from "./errors.js";
 import * as constants from "./constants.js";
+import { EnclaveClient } from "./shares/enclave.js";
 const _ParaCore = class _ParaCore {
   constructor(envOrApiKey, apiKeyOrOpts, opts) {
     __privateAdd(this, _ParaCore_instances);
+    this.popupWindow = null;
     __privateAdd(this, _authInfo);
     this.isNativePasskey = false;
     this.isReady = false;
     this.accountLinkInProgress = void 0;
+    this.isEnclaveUser = false;
     this.isAwaitingAccountCreation = false;
     this.isAwaitingLogin = false;
     this.isAwaitingFarcaster = false;
@@ -117,6 +119,12 @@ const _ParaCore = class _ParaCore {
     this.retrieveSessionCookie = () => {
       return this.sessionCookie;
     };
+    this.retrieveEnclaveJwt = () => {
+      return this.enclaveJwt;
+    };
+    this.retrieveEnclaveRefreshJwt = () => {
+      return this.enclaveRefreshJwt;
+    };
     /**
      * Remove all local storage and prefixed session storage.
      * @param {'local' | 'session' | 'secure' | 'all'} type - Type of storage to clear. Defaults to 'all'.
@@ -175,6 +183,7 @@ const _ParaCore = class _ParaCore {
       this.updateWalletIdsFromStorage();
       this.updateSessionCookieFromStorage();
       this.updateLoginEncryptionKeyPairFromStorage();
+      this.updateEnclaveJwtFromStorage();
     };
     this.updateAuthInfoFromStorage = () => {
       var _a;
@@ -194,6 +203,10 @@ const _ParaCore = class _ParaCore {
       }
       __privateSet(this, _authInfo, authInfo);
     };
+    this.updateEnclaveJwtFromStorage = () => {
+      this.enclaveJwt = this.localStorageGetItem(constants.LOCAL_STORAGE_ENCLAVE_JWT) || this.sessionStorageGetItem(constants.LOCAL_STORAGE_ENCLAVE_JWT) || void 0;
+      this.enclaveRefreshJwt = this.localStorageGetItem(constants.LOCAL_STORAGE_ENCLAVE_REFRESH_JWT) || this.sessionStorageGetItem(constants.LOCAL_STORAGE_ENCLAVE_REFRESH_JWT) || void 0;
+    };
     this.updateUserIdFromStorage = () => {
       this.userId = this.localStorageGetItem(constants.LOCAL_STORAGE_USER_ID) || void 0;
     };
@@ -345,18 +358,41 @@ const _ParaCore = class _ParaCore {
         cookie
       );
     };
+    this.persistEnclaveJwt = (jwt) => {
+      this.enclaveJwt = jwt;
+      (opts.useSessionStorage ? this.sessionStorageSetItem : this.localStorageSetItem)(
+        constants.LOCAL_STORAGE_ENCLAVE_JWT,
+        jwt
+      );
+    };
+    this.persistEnclaveRefreshJwt = (refreshJwt) => {
+      this.enclaveRefreshJwt = refreshJwt;
+      (opts.useSessionStorage ? this.sessionStorageSetItem : this.localStorageSetItem)(
+        constants.LOCAL_STORAGE_ENCLAVE_REFRESH_JWT,
+        refreshJwt
+      );
+    };
+    const client = initClient({
+      env,
+      version: _ParaCore.version,
+      apiKey,
+      partnerId: this.isPortal(env) ? opts.portalPartnerId : void 0,
+      useFetchAdapter: !!opts.disableWorkers,
+      retrieveSessionCookie: this.retrieveSessionCookie,
+      persistSessionCookie: this.persistSessionCookie
+    });
+    const enclaveClient = new EnclaveClient({
+      userManagementClient: client,
+      retrieveJwt: this.retrieveEnclaveJwt,
+      persistJwt: this.persistEnclaveJwt,
+      retrieveRefreshJwt: this.retrieveEnclaveRefreshJwt,
+      persistRefreshJwt: this.persistEnclaveRefreshJwt
+    });
     this.ctx = {
       env,
       apiKey,
-      client: initClient({
-        env,
-        version: _ParaCore.version,
-        apiKey,
-        partnerId: this.isPortal(env) ? opts.portalPartnerId : void 0,
-        useFetchAdapter: !!opts.disableWorkers,
-        retrieveSessionCookie: this.retrieveSessionCookie,
-        persistSessionCookie: this.persistSessionCookie
-      }),
+      client,
+      enclaveClient,
       disableWorkers: opts.disableWorkers,
       offloadMPCComputationURL: opts.offloadMPCComputationURL,
       useLocalFiles: opts.useLocalFiles,
@@ -391,6 +427,9 @@ const _ParaCore = class _ParaCore {
       ]);
     }
   }
+  setModalError(_error) {
+    return;
+  }
   get authInfo() {
     return __privateGet(this, _authInfo);
   }
@@ -675,23 +714,30 @@ const _ParaCore = class _ParaCore {
   constructPortalUrl(_0) {
     return __async(this, arguments, function* (type, opts = {}) {
       var _a, _b, _c, _d, _e, _f, _g, _h, _i, _j, _k, _l, _m;
-      const [isCreate, isLogin, isOnRamp] = [
+      const [isCreate, isLogin, isOnRamp, isOAuth, isOAuthCallback, isTelegramLogin, isFarcasterLogin] = [
         ["createAuth", "createPassword", "createPIN"].includes(type),
-        ["loginAuth", "loginPassword", "loginPIN"].includes(type),
-        type === "onRamp"
+        ["loginAuth", "loginPassword", "loginPIN", "loginOTP"].includes(type),
+        type === "onRamp",
+        type === "oAuth",
+        type === "oAuthCallback",
+        ["telegramLogin", "telegramLoginVerify"].includes(type),
+        type === "loginFarcaster"
       ];
+      if (isOAuth && !opts.oAuthMethod) {
+        throw new Error("oAuthMethod is required for oAuth portal URLs");
+      }
       if (isCreate || isLogin) {
         this.assertIsAuthSet();
       }
       let sessionId = opts.sessionId;
-      if ((isLogin || isOnRamp) && !sessionId) {
+      if ((isLogin || isOnRamp || isTelegramLogin || isFarcasterLogin) && !sessionId) {
         const session = yield this.touchSession(true);
         sessionId = session.sessionId;
       }
       if (!this.loginEncryptionKeyPair) {
         yield this.setLoginEncryptionKeyPair();
       }
-      const base = type === "onRamp" || type === "telegramLogin" ? getPortalBaseURL(this.ctx, type === "telegramLogin") : yield this.getPortalURL();
+      const base = type === "onRamp" || isTelegramLogin ? getPortalBaseURL(this.ctx, isTelegramLogin) : yield this.getPortalURL();
       let path;
       switch (type) {
         case "createPassword": {
@@ -726,10 +772,30 @@ const _ParaCore = class _ParaCore {
           path = `/web/users/${this.userId}/on-ramp-transaction/v2/${opts.pathId}`;
           break;
         }
+        case "telegramLoginVerify": {
+          path = `/auth/telegram/verify`;
+          break;
+        }
         case "telegramLogin": {
           path = `/auth/telegram`;
           break;
         }
+        case "oAuth": {
+          path = `/auth/${opts.oAuthMethod.toLowerCase()}`;
+          break;
+        }
+        case "oAuthCallback": {
+          path = `/auth/${opts.oAuthMethod.toLowerCase()}/callback`;
+          break;
+        }
+        case "loginOTP": {
+          path = "/auth/otp";
+          break;
+        }
+        case "loginFarcaster": {
+          path = "/auth/farcaster";
+          break;
+        }
         default: {
           throw new Error(`invalid URL type ${type}`);
         }
@@ -748,7 +814,7 @@ const _ParaCore = class _ParaCore {
         encryptionKey: getPublicKeyHex(this.loginEncryptionKeyPair),
         sessionId
       };
-      const params = __spreadValues(__spreadValues(__spreadValues(__spreadValues(__spreadValues({
+      const params = __spreadValues(__spreadValues(__spreadValues(__spreadValues(__spreadValues(__spreadValues({
         apiKey: this.ctx.apiKey,
         partnerId: partner == null ? void 0 : partner.id,
         portalFont: ((_b = opts.portalTheme) == null ? void 0 : _b.font) || (partner == null ? void 0 : partner.font) || ((_c = this.portalTheme) == null ? void 0 : _c.font),
@@ -766,7 +832,7 @@ const _ParaCore = class _ParaCore {
       }, isPhone(this.authInfo.auth) ? splitPhoneNumber(this.authInfo.auth.phone) : this.authInfo.auth), {
         pfpUrl: this.authInfo.pfpUrl,
         displayName: this.authInfo.displayName
-      }) : {}), isOnRamp ? { origin: typeof window !== "undefined" ? window.location.origin : void 0, email: this.email } : {}), isLogin ? __spreadProps(__spreadValues({
+      }) : {}), isOnRamp ? { origin: typeof window !== "undefined" ? window.location.origin : void 0, email: this.email } : {}), isLogin || isOAuth || isOAuthCallback || isTelegramLogin || isFarcasterLogin ? __spreadProps(__spreadValues({
         sessionId: thisDevice.sessionId,
         encryptionKey: thisDevice.encryptionKey
       }, opts.newDevice ? {
@@ -774,7 +840,9 @@ const _ParaCore = class _ParaCore {
         newDeviceEncryptionKey: opts.newDevice.encryptionKey
       } : {}), {
         pregenIds: JSON.stringify(this.pregenIds)
-      }) : {}), type === "telegramLogin" ? { isEmbed: "true" } : {}), opts.params || {});
+      }) : {}), isOAuth || isOAuthCallback || isFarcasterLogin ? {
+        appScheme: opts.appScheme
+      } : {}), isTelegramLogin ? { isEmbed: "true" } : {}), opts.params || {});
       const url = constructUrl({ base, path, params });
       if (opts.shorten) {
         return shortenUrl(this.ctx, url);
@@ -803,16 +871,25 @@ const _ParaCore = class _ParaCore {
   }
   touchSession(regenerate = false) {
     return __async(this, null, function* () {
-      var _a, _b, _c, _d;
+      var _a, _b, _c, _d, _e;
       if (!this.isWorkerInitialized) {
         this.initializeWorker();
       }
       if (!this.isReady) {
         yield this.ready();
       }
-      const session = yield this.ctx.client.touchSession(regenerate);
+      let session;
+      try {
+        session = yield this.ctx.client.touchSession(regenerate);
+      } catch (error) {
+        this.handleTouchSessionError(error);
+        throw error;
+      }
       if (!this.partner || ((_a = this.partner) == null ? void 0 : _a.id) !== session.partnerId || !supportedWalletTypesEq(((_b = this.partner) == null ? void 0 : _b.supportedWalletTypes) || [], session.supportedWalletTypes) || (((_c = this.partner) == null ? void 0 : _c.cosmosPrefix) || "cosmos") !== session.cosmosPrefix) {
         if (!session.partnerId) {
+          this.displayModalError(
+            `Invalid API Key. Please ensure you have a valid API key for the current environment: ${(_d = this.ctx.env) == null ? void 0 : _d.toUpperCase()}.`
+          );
           console.error(`
 \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
 \u{1F6A8} PARA SDK CONFIGURATION ERROR \u{1F6A8}
@@ -830,11 +907,12 @@ SOLUTION:
 \u2022 If your API key doesn't contain an environment prefix, ensure your API key is the correct key for your target environment
 
 Current Environment: ${this.ctx.env}
-API Key Prefix: ${((_d = this.ctx.apiKey) == null ? void 0 : _d.split("_")[0].toUpperCase()) || "None"}
+API Key Prefix: ${((_e = this.ctx.apiKey) == null ? void 0 : _e.split("_")[0].toUpperCase()) || "None"}
 
 Need help? Visit: https://docs.getpara.com or contact support
 \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
         `);
+          throw new Error("Invalid API Key.");
         } else {
           yield __privateMethod(this, _ParaCore_instances, getPartner_fn).call(this, session.partnerId);
         }
@@ -936,6 +1014,33 @@ Need help? Visit: https://docs.getpara.com or contact support
       return __privateGet(this, _authInfo);
     });
   }
+  /**
+   * Display an error message in the modal (if available)
+   * @internal
+   */
+  displayModalError(error) {
+    if (this.ctx.env !== Environment.PROD) {
+      this.setModalError(error);
+    }
+  }
+  /**
+   * Handle specific touchSession errors with user-friendly messages
+   * @private
+   */
+  handleTouchSessionError(error) {
+    const errorStr = String(error);
+    const errorMessage = error instanceof Error ? error.message : "";
+    if (errorStr.includes("blocked by CORS policy") && errorStr.includes("Access-Control-Allow-Origin")) {
+      this.displayModalError("Request rate limit reached. Please wait a couple of minutes and try again.");
+      return;
+    }
+    if (error.status === 403 && errorMessage.includes("origin not authorized")) {
+      this.displayModalError(
+        "The current origin is not allowed. Update your allowed origins in the Para developer portal to allow the current origin."
+      );
+      return;
+    }
+  }
   assertUserId({ allowGuestMode = false } = {}) {
     if (!this.userId || !allowGuestMode && this.isGuestMode) {
       throw new Error("no userId is set");
@@ -1477,6 +1582,7 @@ Need help? Visit: https://docs.getpara.com or contact support
       return accounts;
     });
   }
+  // TELEGRAM
   /**
    * Validates the response received from an attempted Telegram login for authenticity, then
    * creates or retrieves the corresponding Para user and prepares the Para instance to sign in with that user.
@@ -1486,19 +1592,28 @@ Need help? Visit: https://docs.getpara.com or contact support
   verifyTelegramProcess(_e) {
     return __async(this, null, function* () {
       var _f = _e, {
+        serverAuthState: optsServerAuthState,
         telegramAuthResponse,
         isLinkAccount
       } = _f, urlOptions = __objRest(_f, [
+        "serverAuthState",
         "telegramAuthResponse",
         "isLinkAccount"
       ]);
       try {
         switch (isLinkAccount) {
           case false: {
-            const serverAuthState = yield this.ctx.client.verifyTelegram(telegramAuthResponse);
-            return __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, urlOptions);
+            if (!optsServerAuthState && !telegramAuthResponse) {
+              throw new Error("one of serverAuthState or telegramAuthResponse are required for verifying telegram");
+            }
+            const serverAuthState = optsServerAuthState != null ? optsServerAuthState : yield this.ctx.client.verifyTelegram({ authObject: telegramAuthResponse });
+            const { sessionLookupId } = yield this.touchSession();
+            return __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, __spreadProps(__spreadValues({}, urlOptions), { sessionLookupId }));
           }
           case true: {
+            if (!telegramAuthResponse) {
+              throw new Error("telegramAuthResponse is required for verifying telegram link");
+            }
             const accountLinkInProgress = yield __privateMethod(this, _ParaCore_instances, assertIsLinkingAccountOrStart_fn).call(this, "TELEGRAM");
             const accounts = yield this.verifyLink({
               accountLinkInProgress,
@@ -1508,7 +1623,8 @@ Need help? Visit: https://docs.getpara.com or contact support
           }
         }
       } catch (e) {
-        throw new Error(e.message);
+        const errorMessage = e instanceof Error ? e.message : e ? String(e) : "Unknown error occurred";
+        throw new Error(errorMessage);
       }
     });
   }
@@ -1753,6 +1869,7 @@ Need help? Visit: https://docs.getpara.com or contact support
       return connectUri;
     });
   }
+  // FARCASTER
   /**
    * Awaits the response from a user's attempt to log in with Farcaster.
    * If successful, this returns the user's Farcaster username and profile picture and indicates whether the user already exists.
@@ -1765,14 +1882,20 @@ Need help? Visit: https://docs.getpara.com or contact support
         onConnectUri,
         onCancel,
         onPoll,
-        isLinkAccount
+        isLinkAccount,
+        serverAuthState: optsServerAuthState
       } = _h, urlOptions = __objRest(_h, [
         "isCanceled",
         "onConnectUri",
         "onCancel",
         "onPoll",
-        "isLinkAccount"
+        "isLinkAccount",
+        "serverAuthState"
       ]);
+      if (optsServerAuthState) {
+        const authState = yield __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, optsServerAuthState, urlOptions);
+        return authState;
+      }
       let accountLinkInProgress;
       if (isLinkAccount) {
         accountLinkInProgress = yield __privateMethod(this, _ParaCore_instances, assertIsLinkingAccountOrStart_fn).call(this, "FARCASTER");
@@ -1868,10 +1991,9 @@ Need help? Visit: https://docs.getpara.com or contact support
         "onOAuthPopup",
         "isLinkAccount"
       ]);
-      let popupWindow;
       if (onOAuthPopup) {
         try {
-          popupWindow = yield this.platformUtils.openPopup("about:blank", { type: PopupType.OAUTH });
+          this.popupWindow = yield this.platformUtils.openPopup("about:blank", { type: PopupType.OAUTH });
         } catch (error) {
           throw new Error(`Failed to open OAuth popup: ${error}`);
         }
@@ -1890,9 +2012,9 @@ Need help? Visit: https://docs.getpara.com or contact support
             onOAuthUrl(oAuthUrl);
             break;
           }
-          case (!!onOAuthPopup && !!popupWindow): {
-            popupWindow.location.href = oAuthUrl;
-            onOAuthPopup(popupWindow);
+          case (!!onOAuthPopup && !!this.popupWindow): {
+            this.popupWindow.location.href = oAuthUrl;
+            onOAuthPopup(this.popupWindow);
             break;
           }
         }
@@ -2122,7 +2244,9 @@ Need help? Visit: https://docs.getpara.com or contact support
         userId: this.userId,
         walletId,
         userShare: userSigner,
-        emailProps: this.getBackupKitEmailProps()
+        emailProps: this.getBackupKitEmailProps(),
+        isEnclaveUser: this.isEnclaveUser,
+        walletScheme: this.wallets[walletId].scheme
       });
       return recoveryShare;
     });
@@ -2250,7 +2374,9 @@ Need help? Visit: https://docs.getpara.com or contact support
         ignoreRedistributingBackupEncryptedShare: !redistributeBackupEncryptedShares,
         emailProps: this.getBackupKitEmailProps(),
         partnerId: newPartnerId,
-        protocolId
+        protocolId,
+        isEnclaveUser: this.isEnclaveUser,
+        walletScheme: this.wallets[walletId].scheme
       });
       return { signer, recoverySecret, protocolId };
     });
@@ -2316,7 +2442,9 @@ Need help? Visit: https://docs.getpara.com or contact support
           userId: this.userId,
           walletId: wallet.id,
           userShare: signer,
-          emailProps: this.getBackupKitEmailProps()
+          emailProps: this.getBackupKitEmailProps(),
+          isEnclaveUser: this.isEnclaveUser,
+          walletScheme: wallet.scheme
         });
       }
       yield this.setCurrentWalletIds(__spreadProps(__spreadValues({}, this.currentWalletIds), {
@@ -2397,7 +2525,9 @@ Need help? Visit: https://docs.getpara.com or contact support
             walletId: wallet.id,
             userShare: this.wallets[wallet.id].signer,
             emailProps: this.getBackupKitEmailProps(),
-            partnerId: wallet.partnerId
+            partnerId: wallet.partnerId,
+            isEnclaveUser: this.isEnclaveUser,
+            walletScheme: wallet.scheme
           });
           if (distributeRes.length > 0) {
             newRecoverySecret = distributeRes;
@@ -2888,8 +3018,16 @@ Need help? Visit: https://docs.getpara.com or contact support
   }
   issueJwt() {
     return __async(this, arguments, function* ({ keyIndex = 0 } = {}) {
-      const res = yield this.ctx.client.issueJwt({ keyIndex });
-      return res;
+      try {
+        return yield this.ctx.client.issueJwt({ keyIndex });
+      } catch (error) {
+        if (error.status === 403 || error.status === 401) {
+          const errorMessage = "The user needs to be logged in to issue a JWT. Please log in and try again.";
+          this.displayModalError(errorMessage);
+          console.warn(errorMessage);
+        }
+        throw error;
+      }
     });
   }
   /**
@@ -2997,7 +3135,7 @@ Need help? Visit: https://docs.getpara.com or contact support
           ({
             data: { id: credentialId }
           } = yield this.ctx.client.addSessionPublicKey(this.userId, {
-            status: PublicKeyStatus.PENDING,
+            status: AuthMethodStatus.PENDING,
             type: PublicKeyType.WEB
           }));
           urlType = "createAuth";
@@ -3006,7 +3144,7 @@ Need help? Visit: https://docs.getpara.com or contact support
           ({
             data: { id: credentialId }
           } = yield this.ctx.client.addSessionPasswordPublicKey(this.userId, {
-            status: PasswordStatus.PENDING
+            status: AuthMethodStatus.PENDING
           }));
           urlType = "createPassword";
           break;
@@ -3014,7 +3152,7 @@ Need help? Visit: https://docs.getpara.com or contact support
           ({
             data: { id: credentialId }
           } = yield this.ctx.client.addSessionPasswordPublicKey(this.userId, {
-            status: PasswordStatus.PENDING
+            status: AuthMethodStatus.PENDING
           }));
           urlType = "createPIN";
           break;
@@ -3029,7 +3167,7 @@ Need help? Visit: https://docs.getpara.com or contact support
     });
   }
   /**
-   * Returns a Para Portal URL for logging in with a WebAuth passkey, password or PIN.
+   * Returns a Para Portal URL for logging in with a WebAuth passkey, password, PIN or OTP.
    * @param {Object} opts the options object
    * @param {String} opts.auth - the user auth to sign up or log in with, in the form ` { email: string } | { phone: `+${number}` } `
    * @param {boolean} opts.useShortUrls - whether to shorten the generated portal URLs
@@ -3058,6 +3196,9 @@ Need help? Visit: https://docs.getpara.com or contact support
         case "PIN":
           urlType = "loginPIN";
           break;
+        case "BASIC_LOGIN":
+          urlType = "loginOTP";
+          break;
         default:
           throw new Error(`invalid authentication method: '${authMethod}'`);
       }
@@ -3081,7 +3222,17 @@ Need help? Visit: https://docs.getpara.com or contact support
   signUpOrLogIn(_k) {
     return __async(this, null, function* () {
       var _l = _k, { auth } = _l, urlOptions = __objRest(_l, ["auth"]);
-      const serverAuthState = yield this.ctx.client.signUpOrLogIn(__spreadValues(__spreadValues({}, auth), this.getVerificationEmailProps()));
+      let serverAuthState;
+      try {
+        serverAuthState = yield this.ctx.client.signUpOrLogIn(__spreadValues(__spreadValues({}, auth), this.getVerificationEmailProps()));
+      } catch (error) {
+        if (error.message.includes("max beta users reached")) {
+          this.displayModalError(
+            `50 user limit reached. [Go to Production.](https://docs.getpara.com/v2/general/checklist#go-live-checklist)`
+          );
+        }
+        throw error;
+      }
       const authInfo = serverAuthState.auth;
       if (this.fetchPregenWalletsOverride && isPregenAuth(authInfo)) {
         const { userShare } = yield this.fetchPregenWalletsOverride({ pregenId: authInfo });
@@ -3089,7 +3240,7 @@ Need help? Visit: https://docs.getpara.com or contact support
           yield this.setUserShare(userShare);
         }
       }
-      return __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, urlOptions);
+      return __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, __spreadValues({}, urlOptions));
     });
   }
   verifyNewAccount(_m) {
@@ -3104,7 +3255,7 @@ Need help? Visit: https://docs.getpara.com or contact support
       const serverAuthState = yield this.ctx.client.verifyAccount(userId, {
         verificationCode
       });
-      if (serverAuthState.stage === "login") {
+      if (serverAuthState.stage === "login" || serverAuthState.stage === "done") {
         throw new Error("Account already exists.");
       }
       return __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, urlOptions);
@@ -3225,6 +3376,16 @@ Need help? Visit: https://docs.getpara.com or contact support
       return accounts;
     });
   }
+  getProfileBalance() {
+    return __async(this, arguments, function* ({ config, refetch = false } = {}) {
+      const { balance } = yield this.ctx.client.getProfileBalance({
+        config,
+        wallets: this.availableWallets.map(({ type, address }) => ({ type, address })),
+        refetch
+      });
+      return balance;
+    });
+  }
   sendLoginCode() {
     return __async(this, null, function* () {
       const { userId } = yield this.ctx.client.sendLoginVerificationCode(this.authInfo);
@@ -3338,30 +3499,43 @@ assertIsLinkingAccountOrStart_fn = function(type) {
     return yield this.linkAccount({ type });
   });
 };
-/**
- * Generates a URL for the user to log in with OAuth using a desire method.
- *
- * @param {Object} opts the options object
- * @param {TOAuthMethod} opts.method the third-party service to use for OAuth.
- * @param {string} [opts.appScheme] the app scheme to redirect to after the OAuth flow. This is for mobile only.
- * @returns {string} the URL for the user to log in with OAuth.
- */
-getOAuthUrl_fn = function({
-  method,
-  appScheme,
-  accountLinkInProgress,
-  sessionLookupId
-}) {
-  return constructUrl({
-    base: getBaseOAuthUrl(this.ctx.env),
-    path: `/auth/${method}`,
-    params: __spreadValues({
-      apiKey: this.ctx.apiKey,
-      sessionLookupId,
-      appScheme
-    }, accountLinkInProgress ? {
-      linkedAccountId: this.accountLinkInProgress.id
-    } : {})
+getOAuthUrl_fn = function(_0) {
+  return __async(this, arguments, function* ({
+    method,
+    appScheme,
+    accountLinkInProgress,
+    sessionLookupId,
+    encryptionKey
+  }) {
+    if (!accountLinkInProgress && !this.isPortal()) {
+      return yield this.constructPortalUrl("oAuth", { sessionId: sessionLookupId, oAuthMethod: method, appScheme });
+    }
+    let portalSessionLookupId;
+    if (this.isPortal()) {
+      portalSessionLookupId = (yield this.touchSession(true)).sessionLookupId;
+    }
+    return constructUrl({
+      base: getBaseOAuthUrl(this.ctx.env),
+      path: `/auth/${method.toLowerCase()}`,
+      params: __spreadProps(__spreadValues({
+        apiKey: this.ctx.apiKey,
+        sessionLookupId,
+        portalSessionLookupId,
+        appScheme
+      }, accountLinkInProgress ? {
+        linkedAccountId: this.accountLinkInProgress.id
+      } : {}), {
+        callback: !accountLinkInProgress && (yield this.constructPortalUrl("oAuthCallback", {
+          sessionId: sessionLookupId,
+          oAuthMethod: method,
+          appScheme,
+          thisDevice: {
+            sessionId: sessionLookupId,
+            encryptionKey
+          }
+        }))
+      })
+    });
   });
 };
 createPregenWallet_fn = function(opts) {
@@ -3437,8 +3611,14 @@ prepareAuthState_fn = function(_0) {
     }
     let authState;
     switch (serverAuthState.stage) {
+      case "done": {
+        authState = yield __privateMethod(this, _ParaCore_instances, prepareDoneState_fn).call(this, serverAuthState);
+        break;
+      }
       case "verify":
-        authState = serverAuthState;
+        authState = yield __privateMethod(this, _ParaCore_instances, prepareVerificationState_fn).call(this, serverAuthState, __spreadProps(__spreadValues({}, opts), {
+          sessionLookupId: opts.sessionLookupId
+        }));
         break;
       case "login":
         if (externalWallet && !(externalWallet == null ? void 0 : externalWallet.withFullParaAuth)) {
@@ -3458,6 +3638,36 @@ prepareAuthState_fn = function(_0) {
     return authState;
   });
 };
+prepareDoneState_fn = function(doneState) {
+  return __async(this, null, function* () {
+    let isSLOPossible = doneState.authMethods.includes(AuthMethod.BASIC_LOGIN);
+    this.isEnclaveUser = isSLOPossible;
+    return doneState;
+  });
+};
+prepareVerificationState_fn = function(_0, _1) {
+  return __async(this, arguments, function* (verifyState, {
+    useShortUrls: shorten = false,
+    portalTheme,
+    sessionLookupId
+  }) {
+    let isSLOPossible = false;
+    if (verifyState.nextStage === "login") {
+      isSLOPossible = verifyState.loginAuthMethods.includes(AuthMethod.BASIC_LOGIN);
+    } else if (verifyState.nextStage === "signup") {
+      isSLOPossible = verifyState.signupAuthMethods.includes(AuthMethod.BASIC_LOGIN);
+    }
+    this.isEnclaveUser = isSLOPossible;
+    return __spreadValues(__spreadValues({}, verifyState), isSLOPossible ? {
+      loginUrl: yield this.getLoginUrl({
+        authMethod: AuthMethod.BASIC_LOGIN,
+        sessionId: sessionLookupId,
+        shorten,
+        portalTheme
+      })
+    } : {});
+  });
+};
 prepareLoginState_fn = function(_0, _1) {
   return __async(this, arguments, function* (loginState, {
     useShortUrls: shorten = false,