@getpara/core-sdk 2.0.0-alpha.6 → 2.0.0-alpha.61

package/dist/esm/ParaCore.js

@@ -7,8 +7,8 @@ import {
   __privateSet,
   __spreadProps,
   __spreadValues
-} from "./chunk-7B52C2XE.js";
-var _authInfo, _partner, _ParaCore_instances, assertPartner_fn, guestWalletIds_get, guestWalletIdsArray_get, toAuthInfo_fn, setAuthInfo_fn, getPartner_fn, createPregenWallet_fn, _isCreateGuestWalletsPending, prepareAuthState_fn, prepareLogin_fn, prepareLoginState_fn, prepareSignUpState_fn;
+} from "./chunk-W5CT3TVS.js";
+var _authInfo, _ParaCore_instances, assertPartner_fn, guestWalletIds_get, guestWalletIdsArray_get, toAuthInfo_fn, setAuthInfo_fn, getPartner_fn, assertIsLinkingAccount_fn, assertIsLinkingAccountOrStart_fn, getOAuthUrl_fn, createPregenWallet_fn, _isCreateGuestWalletsPending, prepareAuthState_fn, prepareDoneState_fn, prepareVerificationState_fn, prepareLoginState_fn, prepareSignUpState_fn;
 import { Buffer as NodeBuffer } from "buffer";
 if (typeof global !== "undefined") {
   global.Buffer = global.Buffer || NodeBuffer;
@@ -21,10 +21,8 @@ if (typeof global !== "undefined") {
 }
 import {
   AuthMethod,
-  PublicKeyStatus,
+  AuthMethodStatus,
   PublicKeyType,
-  extractWalletRef,
-  PasswordStatus,
   extractAuthInfo,
   isEmail,
   isPhone,
@@ -33,7 +31,9 @@ import {
   toPregenTypeAndId,
   toPregenIds,
   isExternalWallet,
-  WALLET_TYPES
+  WALLET_TYPES,
+  LINKED_ACCOUNT_TYPES,
+  isPregenAuth
 } from "@getpara/user-management-client";
 import forge from "node-forge";
 const { pki, jsbn } = forge;
@@ -44,7 +44,8 @@ import { distributeNewShare } from "./shares/shareDistribution.js";
 import {
   Environment,
   PopupType,
-  ParaEvent
+  ParaEvent,
+  AccountLinkError
 } from "./types/index.js";
 import { sendRecoveryForShare } from "./shares/recovery.js";
 import {
@@ -73,23 +74,21 @@ import {
 } from "./utils/index.js";
 import { TransactionReviewDenied, TransactionReviewTimeout } from "./errors.js";
 import * as constants from "./constants.js";
+import { EnclaveClient } from "./shares/enclave.js";
 const _ParaCore = class _ParaCore {
-  /**
-   * Constructs a new `ParaCore` instance.
-   * @param env - `Environment` to use.
-   * @param apiKey - API key to use.
-   * @param opts - Additional constructor options; see `ConstructorOpts`.
-   * @returns - A new ParaCore instance.
-   */
-  constructor(env, apiKey, opts) {
+  constructor(envOrApiKey, apiKeyOrOpts, opts) {
     __privateAdd(this, _ParaCore_instances);
+    this.popupWindow = null;
     __privateAdd(this, _authInfo);
     this.isNativePasskey = false;
-    __privateAdd(this, _partner);
+    this.isReady = false;
+    this.accountLinkInProgress = void 0;
+    this.isEnclaveUser = false;
     this.isAwaitingAccountCreation = false;
     this.isAwaitingLogin = false;
     this.isAwaitingFarcaster = false;
     this.isAwaitingOAuth = false;
+    this.isWorkerInitialized = false;
     /**
      * The IDs of the currently active wallets, for each supported wallet type. Any signer integrations will default to the first viable wallet ID in this dictionary.
      */
@@ -98,6 +97,7 @@ const _ParaCore = class _ParaCore {
      * Wallets associated with the `ParaCore` instance.
      */
     this.externalWallets = {};
+    this.onRampPopup = void 0;
     this.localStorageGetItem = (key) => {
       return this.platformUtils.localStorage.get(key);
     };
@@ -119,16 +119,29 @@ const _ParaCore = class _ParaCore {
     this.retrieveSessionCookie = () => {
       return this.sessionCookie;
     };
+    this.retrieveEnclaveJwt = () => {
+      return this.enclaveJwt;
+    };
+    this.retrieveEnclaveRefreshJwt = () => {
+      return this.enclaveRefreshJwt;
+    };
     /**
      * Remove all local storage and prefixed session storage.
      * @param {'local' | 'session' | 'secure' | 'all'} type - Type of storage to clear. Defaults to 'all'.
      */
     this.clearStorage = (type = "all") => __async(this, null, function* () {
       const isAll = type === "all";
-      (isAll || type === "local") && this.platformUtils.localStorage.clear(constants.PREFIX);
-      (isAll || type === "session") && this.platformUtils.sessionStorage.clear(constants.PREFIX);
+      if (isAll || type === "local") {
+        this.platformUtils.localStorage.clear(constants.PREFIX);
+        this.platformUtils.localStorage.clear(constants.PARA_PREFIX);
+      }
+      if (isAll || type === "session") {
+        this.platformUtils.sessionStorage.clear(constants.PREFIX);
+        this.platformUtils.sessionStorage.clear(constants.PARA_PREFIX);
+      }
       if ((isAll || type === "secure") && this.platformUtils.secureStorage) {
         this.platformUtils.secureStorage.clear(constants.PREFIX);
+        this.platformUtils.secureStorage.clear(constants.PARA_PREFIX);
       }
     });
     this.trackError = (methodName, err) => __async(this, null, function* () {
@@ -170,6 +183,7 @@ const _ParaCore = class _ParaCore {
       this.updateWalletIdsFromStorage();
       this.updateSessionCookieFromStorage();
       this.updateLoginEncryptionKeyPairFromStorage();
+      this.updateEnclaveJwtFromStorage();
     };
     this.updateAuthInfoFromStorage = () => {
       var _a;
@@ -189,6 +203,10 @@ const _ParaCore = class _ParaCore {
       }
       __privateSet(this, _authInfo, authInfo);
     };
+    this.updateEnclaveJwtFromStorage = () => {
+      this.enclaveJwt = this.localStorageGetItem(constants.LOCAL_STORAGE_ENCLAVE_JWT) || this.sessionStorageGetItem(constants.LOCAL_STORAGE_ENCLAVE_JWT) || void 0;
+      this.enclaveRefreshJwt = this.localStorageGetItem(constants.LOCAL_STORAGE_ENCLAVE_REFRESH_JWT) || this.sessionStorageGetItem(constants.LOCAL_STORAGE_ENCLAVE_REFRESH_JWT) || void 0;
+    };
     this.updateUserIdFromStorage = () => {
       this.userId = this.localStorageGetItem(constants.LOCAL_STORAGE_USER_ID) || void 0;
     };
@@ -249,6 +267,16 @@ const _ParaCore = class _ParaCore {
       const _externalWallets = JSON.parse(stringExternalWallets || "{}");
       this.setExternalWallets(_externalWallets);
     };
+    this.initializeWorker = () => __async(this, null, function* () {
+      if (!this.isWorkerInitialized && !this.ctx.disableWebSockets && !this.ctx.disableWorkers) {
+        try {
+          this.isWorkerInitialized = true;
+          yield this.platformUtils.initializeWorker(this.ctx);
+        } catch (e) {
+          this.devLog("error initializing worker:", e);
+        }
+      }
+    });
     /**
      * Creates several new wallets with the desired types. If no types are provided, this method
      * will create one for each of the non-optional types specified in the instance's `supportedWalletTypes`
@@ -265,8 +293,29 @@ const _ParaCore = class _ParaCore {
     }) {
       return (yield this.ctx.client.getWalletBalance({ walletId, rpcUrl })).balance;
     });
-    if (!apiKey) {
-      throw new Error("A Para API key is required.");
+    let env, apiKey;
+    const actualArgs = Array.from(arguments).filter((arg) => arg !== void 0);
+    const actualArgumentCount = actualArgs.length;
+    if (actualArgumentCount === 1) {
+      if (Object.values(Environment).includes(envOrApiKey)) {
+        throw new Error("A Para API key is required.");
+      }
+      env = _ParaCore.resolveEnvironment(void 0, actualArgs[0]);
+      apiKey = actualArgs[0];
+      opts = void 0;
+    } else if (actualArgumentCount === 2) {
+      if (typeof apiKeyOrOpts === "object" && apiKeyOrOpts !== null) {
+        env = _ParaCore.resolveEnvironment(void 0, envOrApiKey);
+        apiKey = envOrApiKey;
+        opts = apiKeyOrOpts;
+      } else {
+        env = _ParaCore.resolveEnvironment(envOrApiKey, apiKeyOrOpts);
+        apiKey = apiKeyOrOpts;
+        opts = void 0;
+      }
+    } else {
+      env = _ParaCore.resolveEnvironment(envOrApiKey, apiKeyOrOpts);
+      apiKey = apiKeyOrOpts;
     }
     if (!opts) opts = {};
     let isE2E = false;
@@ -289,6 +338,7 @@ const _ParaCore = class _ParaCore {
     this.portalTheme = opts.portalTheme;
     this.platformUtils = this.getPlatformUtils();
     this.disableProviderModal = this.platformUtils.disableProviderModal;
+    this.fetchPregenWalletsOverride = opts.fetchPregenWalletsOverride;
     if (opts.useStorageOverrides) {
       this.localStorageGetItem = opts.localStorageGetItemOverride;
       this.localStorageSetItem = opts.localStorageSetItemOverride;
@@ -308,18 +358,41 @@ const _ParaCore = class _ParaCore {
         cookie
       );
     };
+    this.persistEnclaveJwt = (jwt) => {
+      this.enclaveJwt = jwt;
+      (opts.useSessionStorage ? this.sessionStorageSetItem : this.localStorageSetItem)(
+        constants.LOCAL_STORAGE_ENCLAVE_JWT,
+        jwt
+      );
+    };
+    this.persistEnclaveRefreshJwt = (refreshJwt) => {
+      this.enclaveRefreshJwt = refreshJwt;
+      (opts.useSessionStorage ? this.sessionStorageSetItem : this.localStorageSetItem)(
+        constants.LOCAL_STORAGE_ENCLAVE_REFRESH_JWT,
+        refreshJwt
+      );
+    };
+    const client = initClient({
+      env,
+      version: _ParaCore.version,
+      apiKey,
+      partnerId: this.isPortal(env) ? opts.portalPartnerId : void 0,
+      useFetchAdapter: !!opts.disableWorkers,
+      retrieveSessionCookie: this.retrieveSessionCookie,
+      persistSessionCookie: this.persistSessionCookie
+    });
+    const enclaveClient = new EnclaveClient({
+      userManagementClient: client,
+      retrieveJwt: this.retrieveEnclaveJwt,
+      persistJwt: this.persistEnclaveJwt,
+      retrieveRefreshJwt: this.retrieveEnclaveRefreshJwt,
+      persistRefreshJwt: this.persistEnclaveRefreshJwt
+    });
     this.ctx = {
       env,
       apiKey,
-      client: initClient({
-        env,
-        version: _ParaCore.version,
-        apiKey,
-        partnerId: this.isPortal(env) ? opts.portalPartnerId : void 0,
-        useFetchAdapter: !!opts.disableWorkers,
-        retrieveSessionCookie: this.retrieveSessionCookie,
-        persistSessionCookie: this.persistSessionCookie
-      }),
+      client,
+      enclaveClient,
       disableWorkers: opts.disableWorkers,
       offloadMPCComputationURL: opts.offloadMPCComputationURL,
       useLocalFiles: opts.useLocalFiles,
@@ -354,6 +427,9 @@ const _ParaCore = class _ParaCore {
       ]);
     }
   }
+  setModalError(_error) {
+    return;
+  }
   get authInfo() {
     return __privateGet(this, _authInfo);
   }
@@ -380,8 +456,15 @@ const _ParaCore = class _ParaCore {
   get externalWalletConnectionType() {
     if (this.isExternalWalletAuth) {
       return "AUTHENTICATED";
+    } else if (this.isExternalWalletWithVerification) {
+      return "VERIFICATION";
     } else if (!!Object.keys(this.externalWallets).length) {
-      return "CONNECTION_ONLY";
+      const hasEmbeddedWallets = Object.keys(this.wallets).some((id) => !this.wallets[id].isExternal);
+      if (hasEmbeddedWallets) {
+        return "NONE";
+      } else {
+        return "CONNECTION_ONLY";
+      }
     }
     return "NONE";
   }
@@ -402,16 +485,28 @@ const _ParaCore = class _ParaCore {
     return isTelegram((_a = this.authInfo) == null ? void 0 : _a.auth);
   }
   get isExternalWalletAuth() {
-    var _a;
-    return isExternalWallet((_a = __privateGet(this, _authInfo)) == null ? void 0 : _a.auth);
+    var _a, _b, _c;
+    return isExternalWallet((_a = __privateGet(this, _authInfo)) == null ? void 0 : _a.auth) && !!((_c = (_b = __privateGet(this, _authInfo)) == null ? void 0 : _b.externalWallet) == null ? void 0 : _c.withFullParaAuth);
+  }
+  get isExternalWalletWithVerification() {
+    var _a, _b, _c;
+    return isExternalWallet((_a = __privateGet(this, _authInfo)) == null ? void 0 : _a.auth) && !!((_c = (_b = __privateGet(this, _authInfo)) == null ? void 0 : _b.externalWallet) == null ? void 0 : _c.withVerification);
   }
   get partnerId() {
     var _a;
-    return (_a = __privateGet(this, _partner)) == null ? void 0 : _a.id;
+    return (_a = this.partner) == null ? void 0 : _a.id;
+  }
+  get partnerName() {
+    var _a;
+    return (_a = this.partner) == null ? void 0 : _a.displayName;
+  }
+  get partnerLogo() {
+    var _a;
+    return (_a = this.partner) == null ? void 0 : _a.logoUrl;
   }
   get currentWalletIdsArray() {
     var _a, _b;
-    return ((_b = (_a = __privateGet(this, _partner)) == null ? void 0 : _a.supportedWalletTypes) != null ? _b : Object.keys(this.currentWalletIds).map((type) => ({ type }))).reduce(
+    return ((_b = (_a = this.partner) == null ? void 0 : _a.supportedWalletTypes) != null ? _b : Object.keys(this.currentWalletIds).map((type) => ({ type }))).reduce(
       (acc, { type }) => {
         var _a2;
         return [
@@ -451,19 +546,23 @@ const _ParaCore = class _ParaCore {
   }
   get isNoWalletConfig() {
     var _a;
-    return !!((_a = __privateGet(this, _partner)) == null ? void 0 : _a.supportedWalletTypes) && __privateGet(this, _partner).supportedWalletTypes.length === 0;
+    return !!((_a = this.partner) == null ? void 0 : _a.supportedWalletTypes) && this.partner.supportedWalletTypes.length === 0;
   }
   get supportedWalletTypes() {
     var _a, _b;
-    return (_b = (_a = __privateGet(this, _partner)) == null ? void 0 : _a.supportedWalletTypes) != null ? _b : [];
+    return (_b = (_a = this.partner) == null ? void 0 : _a.supportedWalletTypes) != null ? _b : [];
   }
   get cosmosPrefix() {
     var _a;
-    return (_a = __privateGet(this, _partner)) == null ? void 0 : _a.cosmosPrefix;
+    return (_a = this.partner) == null ? void 0 : _a.cosmosPrefix;
+  }
+  get supportedAccountLinks() {
+    var _a, _b;
+    return (_b = (_a = this.partner) == null ? void 0 : _a.supportedAccountLinks) != null ? _b : [...LINKED_ACCOUNT_TYPES];
   }
   get isWalletTypeEnabled() {
     var _a;
-    return (((_a = __privateGet(this, _partner)) == null ? void 0 : _a.supportedWalletTypes) || []).reduce((acc, { type }) => {
+    return (((_a = this.partner) == null ? void 0 : _a.supportedWalletTypes) || []).reduce((acc, { type }) => {
       return __spreadProps(__spreadValues({}, acc), { [type]: true });
     }, {});
   }
@@ -497,6 +596,12 @@ const _ParaCore = class _ParaCore {
     if (typeof window === "undefined") return false;
     return !!((_a = window.location) == null ? void 0 : _a.host) && getPortalBaseURL(envOverride ? { env: envOverride } : this.ctx).includes(window.location.host);
   }
+  isRecoveryPortal(envOverride) {
+    var _a, _b;
+    if (typeof window === "undefined") return false;
+    const normalizedUrl = (_b = (_a = window.location) == null ? void 0 : _a.host) == null ? void 0 : _b.replace("getpara", "usecapsule");
+    return !!normalizedUrl && getPortalBaseURL(envOverride ? { env: envOverride } : this.ctx).includes(normalizedUrl);
+  }
   isParaConnect() {
     var _a;
     if (typeof window === "undefined") return false;
@@ -512,7 +617,7 @@ const _ParaCore = class _ParaCore {
   }
   isWalletSupported(wallet) {
     var _a, _b;
-    return !((_a = __privateGet(this, _partner)) == null ? void 0 : _a.supportedWalletTypes) || isWalletSupported((_b = __privateGet(this, _partner).supportedWalletTypes.map(({ type }) => type)) != null ? _b : [], wallet);
+    return !((_a = this.partner) == null ? void 0 : _a.supportedWalletTypes) || isWalletSupported((_b = this.partner.supportedWalletTypes.map(({ type }) => type)) != null ? _b : [], wallet);
   }
   isWalletOwned(wallet) {
     return this.isWalletSupported(wallet) && !(wallet == null ? void 0 : wallet.pregenIdentifier) && !(wallet == null ? void 0 : wallet.pregenIdentifierType) && !!this.userId && (wallet == null ? void 0 : wallet.userId) === this.userId;
@@ -538,12 +643,12 @@ const _ParaCore = class _ParaCore {
     } else {
       const wallet = this.wallets[walletId];
       const [isUnclaimed, isOwned] = [this.isPregenWalletUnclaimed(wallet), this.isWalletOwned(wallet)];
-      if (forbidPregen && isUnclaimed) {
+      if (forbidPregen && isUnclaimed && wallet.pregenIdentifierType !== "GUEST_ID") {
         error = `pre-generated wallet with id ${wallet == null ? void 0 : wallet.id} cannot be selected`;
       } else if (!isOwned && !isUnclaimed) {
         error = `wallet with id ${wallet == null ? void 0 : wallet.id} is not owned by the current user`;
       } else if (!this.isWalletSupported(wallet)) {
-        error = `wallet with id ${wallet.id} and type ${wallet.type} is not supported, supported types are: ${(((_b = __privateGet(this, _partner)) == null ? void 0 : _b.supportedWalletTypes) || []).map(({ type }) => type).join(", ")}`;
+        error = `wallet with id ${wallet.id} and type ${wallet.type} is not supported, supported types are: ${(((_b = this.partner) == null ? void 0 : _b.supportedWalletTypes) || []).map(({ type }) => type).join(", ")}`;
       } else if (types && (!getEquivalentTypes(types).includes(wallet == null ? void 0 : wallet.type) || isOwned && !types.some((type) => {
         var _a2, _b2;
         return (_b2 = (_a2 = this.currentWalletIds) == null ? void 0 : _a2[type]) == null ? void 0 : _b2.includes(walletId);
@@ -574,7 +679,7 @@ const _ParaCore = class _ParaCore {
     if (this.externalWallets[walletId]) {
       const wallet2 = this.externalWallets[walletId];
       return options.truncate ? truncateAddress(wallet2.address, wallet2.type, {
-        prefix: (_a = __privateGet(this, _partner)) == null ? void 0 : _a.cosmosPrefix,
+        prefix: (_a = this.partner) == null ? void 0 : _a.cosmosPrefix,
         targetLength: options.targetLength
       }) : wallet2.address;
     }
@@ -586,7 +691,7 @@ const _ParaCore = class _ParaCore {
     let prefix;
     switch (wallet.type) {
       case "COSMOS":
-        prefix = (_d = (_c = options.cosmosPrefix) != null ? _c : (_b = __privateGet(this, _partner)) == null ? void 0 : _b.cosmosPrefix) != null ? _d : "cosmos";
+        prefix = (_d = (_c = options.cosmosPrefix) != null ? _c : (_b = this.partner) == null ? void 0 : _b.cosmosPrefix) != null ? _d : "cosmos";
         str = getCosmosAddress(wallet.publicKey, prefix);
         break;
       default:
@@ -620,29 +725,40 @@ const _ParaCore = class _ParaCore {
   constructPortalUrl(_0) {
     return __async(this, arguments, function* (type, opts = {}) {
       var _a, _b, _c, _d, _e, _f, _g, _h, _i, _j, _k, _l, _m;
-      const [isCreate, isLogin, isOnRamp] = [
-        ["createAuth", "createPassword"].includes(type),
-        ["loginAuth", "loginPassword"].includes(type),
-        type === "onRamp"
+      const [isCreate, isLogin, isOnRamp, isOAuth, isOAuthCallback, isTelegramLogin, isFarcasterLogin] = [
+        ["createAuth", "createPassword", "createPIN"].includes(type),
+        ["loginAuth", "loginPassword", "loginPIN", "loginOTP"].includes(type),
+        type === "onRamp",
+        type === "oAuth",
+        type === "oAuthCallback",
+        ["telegramLogin", "telegramLoginVerify"].includes(type),
+        type === "loginFarcaster"
       ];
+      if (isOAuth && !opts.oAuthMethod) {
+        throw new Error("oAuthMethod is required for oAuth portal URLs");
+      }
       if (isCreate || isLogin) {
         this.assertIsAuthSet();
       }
       let sessionId = opts.sessionId;
-      if ((isLogin || isOnRamp) && !sessionId) {
+      if ((isLogin || isOnRamp || isTelegramLogin || isFarcasterLogin) && !sessionId) {
         const session = yield this.touchSession(true);
         sessionId = session.sessionId;
       }
       if (!this.loginEncryptionKeyPair) {
         yield this.setLoginEncryptionKeyPair();
       }
-      const base = type === "onRamp" ? getPortalBaseURL(this.ctx) : yield this.getPortalURL();
+      const base = type === "onRamp" || isTelegramLogin ? getPortalBaseURL(this.ctx, isTelegramLogin) : yield this.getPortalURL();
       let path;
       switch (type) {
         case "createPassword": {
           path = `/web/users/${this.userId}/passwords/${opts.pathId}`;
           break;
         }
+        case "createPIN": {
+          path = `/web/users/${this.userId}/pin/${opts.pathId}`;
+          break;
+        }
         case "createAuth": {
           path = `/web/users/${this.userId}/biometrics/${opts.pathId}`;
           break;
@@ -655,32 +771,69 @@ const _ParaCore = class _ParaCore {
           path = "/web/biometrics/login";
           break;
         }
+        case "loginPIN": {
+          path = "/web/pin/login";
+          break;
+        }
         case "txReview": {
           path = `/web/users/${this.userId}/transaction-review/${opts.pathId}`;
           break;
         }
         case "onRamp": {
-          path = `/web/users/${this.userId}/on-ramp-transaction/${opts.pathId}`;
+          path = `/web/users/${this.userId}/on-ramp-transaction/v2/${opts.pathId}`;
+          break;
+        }
+        case "telegramLoginVerify": {
+          path = `/auth/telegram/verify`;
+          break;
+        }
+        case "telegramLogin": {
+          path = `/auth/telegram`;
+          break;
+        }
+        case "oAuth": {
+          path = `/auth/${opts.oAuthMethod.toLowerCase()}`;
+          break;
+        }
+        case "oAuthCallback": {
+          path = `/auth/${opts.oAuthMethod.toLowerCase()}/callback`;
+          break;
+        }
+        case "loginOTP": {
+          path = "/auth/otp";
+          break;
+        }
+        case "loginFarcaster": {
+          path = "/auth/farcaster";
           break;
         }
         default: {
           throw new Error(`invalid URL type ${type}`);
         }
       }
-      const partner = yield __privateMethod(this, _ParaCore_instances, assertPartner_fn).call(this);
+      let partner = void 0;
+      try {
+        partner = yield __privateMethod(this, _ParaCore_instances, assertPartner_fn).call(this);
+      } catch (e) {
+        if (this.isPartnerOptional) {
+          partner = void 0;
+        } else {
+          throw e;
+        }
+      }
       const thisDevice = (_a = opts.thisDevice) != null ? _a : {
         encryptionKey: getPublicKeyHex(this.loginEncryptionKeyPair),
         sessionId
       };
-      const params = __spreadValues(__spreadValues(__spreadValues(__spreadValues({
+      const params = __spreadValues(__spreadValues(__spreadValues(__spreadValues(__spreadValues(__spreadValues({
         apiKey: this.ctx.apiKey,
-        partnerId: partner.id,
-        portalFont: ((_b = opts.portalTheme) == null ? void 0 : _b.font) || (partner == null ? void 0 : partner.font) || ((_c = this.portalTheme) == null ? void 0 : _c.font),
+        partnerId: partner == null ? void 0 : partner.id,
+        portalFont: ((_b = opts.portalTheme) == null ? void 0 : _b.font) || ((_c = this.portalTheme) == null ? void 0 : _c.font) || (partner == null ? void 0 : partner.font),
         portalBorderRadius: ((_d = opts.portalTheme) == null ? void 0 : _d.borderRadius) || ((_e = this.portalTheme) == null ? void 0 : _e.borderRadius),
-        portalThemeMode: ((_f = opts.portalTheme) == null ? void 0 : _f.mode) || (partner == null ? void 0 : partner.themeMode) || ((_g = this.portalTheme) == null ? void 0 : _g.mode),
-        portalAccentColor: ((_h = opts.portalTheme) == null ? void 0 : _h.accentColor) || (partner == null ? void 0 : partner.accentColor) || ((_i = this.portalTheme) == null ? void 0 : _i.accentColor),
-        portalForegroundColor: ((_j = opts.portalTheme) == null ? void 0 : _j.foregroundColor) || (partner == null ? void 0 : partner.foregroundColor) || ((_k = this.portalTheme) == null ? void 0 : _k.foregroundColor),
-        portalBackgroundColor: ((_l = opts.portalTheme) == null ? void 0 : _l.backgroundColor) || (partner == null ? void 0 : partner.backgroundColor) || this.portalBackgroundColor || ((_m = this.portalTheme) == null ? void 0 : _m.backgroundColor),
+        portalThemeMode: ((_f = opts.portalTheme) == null ? void 0 : _f.mode) || ((_g = this.portalTheme) == null ? void 0 : _g.mode) || (partner == null ? void 0 : partner.themeMode),
+        portalAccentColor: ((_h = opts.portalTheme) == null ? void 0 : _h.accentColor) || ((_i = this.portalTheme) == null ? void 0 : _i.accentColor) || (partner == null ? void 0 : partner.accentColor),
+        portalForegroundColor: ((_j = opts.portalTheme) == null ? void 0 : _j.foregroundColor) || ((_k = this.portalTheme) == null ? void 0 : _k.foregroundColor) || (partner == null ? void 0 : partner.foregroundColor),
+        portalBackgroundColor: ((_l = opts.portalTheme) == null ? void 0 : _l.backgroundColor) || ((_m = this.portalTheme) == null ? void 0 : _m.backgroundColor) || (partner == null ? void 0 : partner.backgroundColor) || this.portalBackgroundColor,
         portalPrimaryButtonColor: this.portalPrimaryButtonColor,
         portalTextColor: this.portalTextColor,
         portalPrimaryButtonTextColor: this.portalPrimaryButtonTextColor,
@@ -690,7 +843,7 @@ const _ParaCore = class _ParaCore {
       }, isPhone(this.authInfo.auth) ? splitPhoneNumber(this.authInfo.auth.phone) : this.authInfo.auth), {
         pfpUrl: this.authInfo.pfpUrl,
         displayName: this.authInfo.displayName
-      }) : {}), isOnRamp ? { sessionId } : {}), isLogin ? __spreadProps(__spreadValues({
+      }) : {}), isOnRamp ? { origin: typeof window !== "undefined" ? window.location.origin : void 0, email: this.email } : {}), isLogin || isOAuth || isOAuthCallback || isTelegramLogin || isFarcasterLogin ? __spreadProps(__spreadValues({
         sessionId: thisDevice.sessionId,
         encryptionKey: thisDevice.encryptionKey
       }, opts.newDevice ? {
@@ -698,7 +851,9 @@ const _ParaCore = class _ParaCore {
         newDeviceEncryptionKey: opts.newDevice.encryptionKey
       } : {}), {
         pregenIds: JSON.stringify(this.pregenIds)
-      }) : {}), opts.params || {});
+      }) : {}), isOAuth || isOAuthCallback || isFarcasterLogin ? {
+        appScheme: opts.appScheme
+      } : {}), isTelegramLogin ? { isEmbed: "true" } : {}), opts.params || {});
       const url = constructUrl({ base, path, params });
       if (opts.shorten) {
         return shortenUrl(this.ctx, url);
@@ -706,12 +861,72 @@ const _ParaCore = class _ParaCore {
       return url;
     });
   }
+  static resolveEnvironment(env, apiKey) {
+    var _a;
+    if (!apiKey) {
+      throw new Error("A Para API key is required.");
+    }
+    if (apiKey.includes("_")) {
+      const validEnvironmentPrefixes = Object.values(Environment);
+      const envPrefix = (_a = apiKey.split("_")[0]) == null ? void 0 : _a.toUpperCase();
+      const hasValidPrefix = validEnvironmentPrefixes.some((envValue) => envValue === envPrefix);
+      if (!hasValidPrefix) {
+        throw new Error(`Invalid API key environment prefix.`);
+      }
+      return envPrefix;
+    }
+    if (!env) {
+      throw new Error("Environment parameter is required.");
+    }
+    return env;
+  }
   touchSession(regenerate = false) {
     return __async(this, null, function* () {
-      var _a, _b, _c;
-      const session = yield this.ctx.client.touchSession(regenerate);
-      if (!__privateGet(this, _partner) || ((_a = __privateGet(this, _partner)) == null ? void 0 : _a.id) !== session.partnerId || !supportedWalletTypesEq(((_b = __privateGet(this, _partner)) == null ? void 0 : _b.supportedWalletTypes) || [], session.supportedWalletTypes) || (((_c = __privateGet(this, _partner)) == null ? void 0 : _c.cosmosPrefix) || "cosmos") !== session.cosmosPrefix) {
-        yield __privateMethod(this, _ParaCore_instances, getPartner_fn).call(this, session.partnerId);
+      var _a, _b, _c, _d, _e;
+      if (!this.isWorkerInitialized) {
+        this.initializeWorker();
+      }
+      if (!this.isReady) {
+        yield this.ready();
+      }
+      let session;
+      try {
+        session = yield this.ctx.client.touchSession(regenerate);
+      } catch (error) {
+        this.handleTouchSessionError(error);
+        throw error;
+      }
+      if (!this.partner || ((_a = this.partner) == null ? void 0 : _a.id) !== session.partnerId || !supportedWalletTypesEq(((_b = this.partner) == null ? void 0 : _b.supportedWalletTypes) || [], session.supportedWalletTypes) || (((_c = this.partner) == null ? void 0 : _c.cosmosPrefix) || "cosmos") !== session.cosmosPrefix) {
+        if (!session.partnerId && !this.isRecoveryPortal()) {
+          this.displayModalError(
+            `Invalid API Key. Please ensure you have a valid API key for the current environment: ${(_d = this.ctx.env) == null ? void 0 : _d.toUpperCase()}.`
+          );
+          console.error(`
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+\u{1F6A8} PARA SDK CONFIGURATION ERROR \u{1F6A8}
+
+INVALID API KEY FOR CONFIGURED ENVIRONMENT
+
+Your API key does not match the configured environment. This usually means:
+
+1. You're using a production API key with a development environment
+2. You're using a development API key with a production environment  
+3. Your API key is invalid or has been regenerated
+
+SOLUTION:
+\u2022 Verify your API key at: https://developer.getpara.com
+\u2022 If your API key doesn't contain an environment prefix, ensure your API key is the correct key for your target environment
+
+Current Environment: ${this.ctx.env}
+API Key Prefix: ${((_e = this.ctx.apiKey) == null ? void 0 : _e.split("_")[0].toUpperCase()) || "None"}
+
+Need help? Visit: https://docs.getpara.com or contact support
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+        `);
+          throw new Error("Invalid API Key.");
+        } else {
+          yield __privateMethod(this, _ParaCore_instances, getPartner_fn).call(this, session.partnerId);
+        }
       }
       return session;
     });
@@ -810,8 +1025,35 @@ const _ParaCore = class _ParaCore {
       return __privateGet(this, _authInfo);
     });
   }
-  assertUserId() {
-    if (!this.userId) {
+  /**
+   * Display an error message in the modal (if available)
+   * @internal
+   */
+  displayModalError(error) {
+    if (this.ctx.env !== Environment.PROD) {
+      this.setModalError(error);
+    }
+  }
+  /**
+   * Handle specific touchSession errors with user-friendly messages
+   * @private
+   */
+  handleTouchSessionError(error) {
+    const errorStr = String(error);
+    const errorMessage = error instanceof Error ? error.message : "";
+    if (errorStr.includes("blocked by CORS policy") && errorStr.includes("Access-Control-Allow-Origin")) {
+      this.displayModalError("Request rate limit reached. Please wait a couple of minutes and try again.");
+      return;
+    }
+    if (error.status === 403 && errorMessage.includes("origin not authorized")) {
+      this.displayModalError(
+        "The current origin is not allowed. Update your allowed origins in the Para developer portal to allow the current origin."
+      );
+      return;
+    }
+  }
+  assertUserId({ allowGuestMode = false } = {}) {
+    if (!this.userId || !allowGuestMode && this.isGuestMode) {
       throw new Error("no userId is set");
     }
     return this.userId;
@@ -867,19 +1109,75 @@ const _ParaCore = class _ParaCore {
    * @param externalAddress - External wallet address to set.
    * @param externalType - Type of external wallet to set.
    */
-  setExternalWallet(_0) {
-    return __async(this, arguments, function* ({ address, type, provider, addressBech32, withFullParaAuth }) {
-      this.externalWallets = {
-        [address]: {
-          id: address,
-          address: addressBech32 != null ? addressBech32 : address,
+  setExternalWallet(externalWallet) {
+    return __async(this, null, function* () {
+      const { id: partnerId, supportedWalletTypes } = yield __privateMethod(this, _ParaCore_instances, assertPartner_fn).call(this);
+      this.externalWallets = (Array.isArray(externalWallet) ? externalWallet : [externalWallet]).reduce(
+        (acc, {
+          partnerId: wPartnerId,
+          address,
           type,
-          name: provider,
-          isExternal: true,
-          isExternalWithParaAuth: withFullParaAuth,
-          signer: ""
+          provider,
+          providerId,
+          addressBech32,
+          withFullParaAuth,
+          isConnectionOnly,
+          withVerification
+        }) => {
+          if (partnerId === wPartnerId && supportedWalletTypes.some(({ type: supportedType }) => supportedType === type)) {
+            return __spreadProps(__spreadValues({}, acc), {
+              [address]: {
+                id: address,
+                partnerId,
+                address: addressBech32 != null ? addressBech32 : address,
+                type,
+                name: provider,
+                isExternal: true,
+                isExternalWithParaAuth: withFullParaAuth,
+                externalProviderId: providerId,
+                signer: "",
+                isExternalConnectionOnly: isConnectionOnly,
+                isExternalWithVerification: withVerification
+              }
+            });
+          }
+          return acc;
+        },
+        {}
+      ), this.setExternalWallets(this.externalWallets);
+      dispatchEvent(ParaEvent.EXTERNAL_WALLET_CHANGE_EVENT, null);
+    });
+  }
+  addExternalWallets(externalWallets) {
+    return __async(this, null, function* () {
+      const { id: partnerId, supportedWalletTypes } = yield __privateMethod(this, _ParaCore_instances, assertPartner_fn).call(this);
+      this.externalWallets = __spreadValues(__spreadValues({}, Object.entries(this.externalWallets).reduce((acc, [address, wallet]) => {
+        if (partnerId === wallet.partnerId && supportedWalletTypes.some(({ type }) => type === wallet.type)) {
+          return __spreadProps(__spreadValues({}, acc), {
+            [address]: wallet
+          });
         }
-      };
+        return acc;
+      }, {})), externalWallets.reduce(
+        (acc, { address, type, provider, providerId, addressBech32, withFullParaAuth, isConnectionOnly, withVerification }) => {
+          return __spreadProps(__spreadValues({}, acc), {
+            [address]: {
+              id: address,
+              partnerId,
+              address: addressBech32 != null ? addressBech32 : address,
+              type,
+              name: provider,
+              isExternal: true,
+              isExternalWithParaAuth: withFullParaAuth,
+              externalProviderId: providerId,
+              signer: "",
+              isExternalConnectionOnly: isConnectionOnly,
+              isExternalWithVerification: withVerification
+            }
+          });
+        },
+        {}
+      ));
       this.setExternalWallets(this.externalWallets);
       dispatchEvent(ParaEvent.EXTERNAL_WALLET_CHANGE_EVENT, null);
     });
@@ -910,12 +1208,16 @@ const _ParaCore = class _ParaCore {
   }
   /**
    * Sets the external wallets associated with the `ParaCore` instance.
-   * @param externalWallets - External wallets to set.
+   * @param externalWallets - External wallets to set, or a function that modifies the current wallets.
    */
   setExternalWallets(externalWallets) {
     return __async(this, null, function* () {
-      this.externalWallets = externalWallets;
-      yield this.localStorageSetItem(constants.LOCAL_STORAGE_EXTERNAL_WALLETS, JSON.stringify(externalWallets));
+      if (typeof externalWallets === "function") {
+        this.externalWallets = externalWallets(this.externalWallets);
+      } else {
+        this.externalWallets = externalWallets;
+      }
+      yield this.localStorageSetItem(constants.LOCAL_STORAGE_EXTERNAL_WALLETS, JSON.stringify(this.externalWallets));
     });
   }
   /**
@@ -991,6 +1293,7 @@ const _ParaCore = class _ParaCore {
   /**
    * Fetches the most recent OAuth account metadata for the signed-in user.
    * If applicable, this will include the user's most recent metadata from their Google, Apple, Facebook, X, Discord, Farcaster, or Telegram account, the last time they signed in to your app.
+   * @deprecated use `para.getLinkedAccounts({ withMetadata: true })` instead.
    * @returns {Promise<AccountMetadata>} the user's account metadata.
    */
   getAccountMetadata() {
@@ -1136,8 +1439,15 @@ const _ParaCore = class _ParaCore {
   }
   getPartnerURL() {
     return __async(this, null, function* () {
-      const { portalUrl } = yield __privateMethod(this, _ParaCore_instances, assertPartner_fn).call(this);
-      return portalUrl;
+      try {
+        const { portalUrl } = yield __privateMethod(this, _ParaCore_instances, assertPartner_fn).call(this);
+        return portalUrl;
+      } catch (e) {
+        if (this.isPartnerOptional) {
+          return void 0;
+        }
+        throw e;
+      }
     });
   }
   /**
@@ -1223,15 +1533,27 @@ const _ParaCore = class _ParaCore {
       } = _b, urlOptions = __objRest(_b, [
         "externalWallet"
       ]);
-      if (this.externalWalletConnectionOnly) {
-        externalWallet.withFullParaAuth = false;
-        yield this.setExternalWallet(externalWallet);
+      const externalWallets = Array.isArray(externalWallet) ? externalWallet : [externalWallet];
+      if (this.externalWalletConnectionOnly || externalWallets.every((wallet) => wallet.isConnectionOnly)) {
+        yield this.addExternalWallets(
+          externalWallets.map((wallet) => __spreadProps(__spreadValues({}, wallet), {
+            withFullParaAuth: false
+          }))
+        );
         return Promise.resolve({
           userId: constants.EXTERNAL_WALLET_CONNECTION_ONLY_USER_ID
         });
       }
+      if (Array.isArray(externalWallet)) {
+        throw new Error(
+          "Cannot authenticate multiple external wallets at once. To connect multiple wallets at once, use CONNECTION_ONLY mode."
+        );
+      }
       this.requireApiKey();
       const serverAuthState = yield this.ctx.client.loginExternalWallet({ externalWallet });
+      if (!externalWallet.withFullParaAuth && externalWallet.withVerification) {
+        yield this.touchSession(true);
+      }
       return __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, urlOptions);
     });
   }
@@ -1248,36 +1570,89 @@ const _ParaCore = class _ParaCore {
         "cosmosPublicKeyHex",
         "cosmosSigner"
       ]);
+      var _a;
       const serverAuthState = yield this.ctx.client.verifyExternalWallet(this.userId, {
         externalWallet,
         signedMessage,
         cosmosPublicKeyHex,
         cosmosSigner
       });
+      if (serverAuthState.stage === "login" && ((_a = serverAuthState.loginAuthMethods) == null ? void 0 : _a.includes(AuthMethod.PIN))) {
+        const { sessionLookupId } = yield this.touchSession();
+        return __privateMethod(this, _ParaCore_instances, prepareLoginState_fn).call(this, serverAuthState, __spreadProps(__spreadValues({}, urlOptions), { sessionLookupId }));
+      }
       return __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, urlOptions);
     });
   }
+  verifyExternalWalletLink(opts) {
+    return __async(this, null, function* () {
+      const accountLinkInProgress = yield __privateMethod(this, _ParaCore_instances, assertIsLinkingAccount_fn).call(this, ["EXTERNAL_WALLET"]);
+      if (!accountLinkInProgress.externalWallet) {
+        throw new Error("no external wallet account link in progress");
+      }
+      const accounts = yield this.verifyLink(__spreadValues({
+        accountLinkInProgress,
+        externalWallet: accountLinkInProgress.externalWallet
+      }, opts));
+      return accounts;
+    });
+  }
+  // TELEGRAM
   /**
    * Validates the response received from an attempted Telegram login for authenticity, then
    * creates or retrieves the corresponding Para user and prepares the Para instance to sign in with that user.
    * @param authResponse - the response JSON object received from the Telegram widget.
    * @returns `{ isValid: boolean; telegramUserId?: string; userId?: string; isNewUser?: boolean; supportedAuthMethods?: AuthMethod[]; biometricHints?: BiometricLocationHint[] }`
    */
-  verifyTelegram(_e) {
+  verifyTelegramProcess(_e) {
     return __async(this, null, function* () {
       var _f = _e, {
-        telegramAuthResponse
+        serverAuthState: optsServerAuthState,
+        telegramAuthResponse,
+        isLinkAccount
       } = _f, urlOptions = __objRest(_f, [
-        "telegramAuthResponse"
+        "serverAuthState",
+        "telegramAuthResponse",
+        "isLinkAccount"
       ]);
       try {
-        const serverAuthState = yield this.ctx.client.verifyTelegram(telegramAuthResponse);
-        return __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, urlOptions);
+        switch (isLinkAccount) {
+          case false: {
+            if (!optsServerAuthState && !telegramAuthResponse) {
+              throw new Error("one of serverAuthState or telegramAuthResponse are required for verifying telegram");
+            }
+            const serverAuthState = optsServerAuthState != null ? optsServerAuthState : yield this.ctx.client.verifyTelegram({ authObject: telegramAuthResponse });
+            const { sessionLookupId } = yield this.touchSession();
+            return __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, __spreadProps(__spreadValues({}, urlOptions), { sessionLookupId }));
+          }
+          case true: {
+            if (!telegramAuthResponse) {
+              throw new Error("telegramAuthResponse is required for verifying telegram link");
+            }
+            const accountLinkInProgress = yield __privateMethod(this, _ParaCore_instances, assertIsLinkingAccountOrStart_fn).call(this, "TELEGRAM");
+            const accounts = yield this.verifyLink({
+              accountLinkInProgress,
+              telegramAuthResponse
+            });
+            return accounts;
+          }
+        }
       } catch (e) {
-        throw new Error(e.message);
+        const errorMessage = e instanceof Error ? e.message : e ? String(e) : "Unknown error occurred";
+        throw new Error(errorMessage);
       }
     });
   }
+  verifyTelegram(opts) {
+    return __async(this, null, function* () {
+      return yield this.verifyTelegramProcess(__spreadProps(__spreadValues({}, opts), { isLinkAccount: false }));
+    });
+  }
+  verifyTelegramLink(opts) {
+    return __async(this, null, function* () {
+      return yield this.verifyTelegramProcess(__spreadProps(__spreadValues({}, opts), { isLinkAccount: true }));
+    });
+  }
   /**
    * Performs 2FA verification.
    * @param {Object} opts the options object
@@ -1321,10 +1696,35 @@ const _ParaCore = class _ParaCore {
   /**
    * Resend a verification email for the current user.
    */
-  resendVerificationCode() {
-    return __async(this, null, function* () {
+  resendVerificationCode(_0) {
+    return __async(this, arguments, function* ({
+      type: reason = "SIGNUP"
+    }) {
+      let type, linkedAccountId;
+      switch (reason) {
+        case "SIGNUP":
+        case "LOGIN":
+          {
+            const authInfo = this.assertIsAuthSet(["email", "phone"]);
+            type = authInfo.authType.toUpperCase();
+          }
+          break;
+        case "LINK_ACCOUNT":
+          {
+            const accountLinkInProgress = __privateMethod(this, _ParaCore_instances, assertIsLinkingAccount_fn).call(this, ["EMAIL", "PHONE"]);
+            linkedAccountId = accountLinkInProgress.id;
+            type = accountLinkInProgress.type;
+          }
+          break;
+      }
+      const userId = this.assertUserId({ allowGuestMode: true });
+      if (type !== "EMAIL" && type !== "PHONE") {
+        throw new Error("invalid auth type for verification code");
+      }
       yield this.ctx.client.resendVerificationCode(__spreadValues({
-        userId: this.userId
+        userId,
+        type,
+        linkedAccountId
       }, this.getVerificationEmailProps()));
     });
   }
@@ -1337,7 +1737,14 @@ const _ParaCore = class _ParaCore {
       if (this.externalWalletConnectionType === "CONNECTION_ONLY") {
         return true;
       }
-      const { isAuthenticated } = yield this.touchSession();
+      const { isAuthenticated, verifiedExternalWalletAddresses } = yield this.touchSession();
+      if (this.externalWalletConnectionType === "VERIFICATION") {
+        if (!verifiedExternalWalletAddresses) {
+          return false;
+        }
+        const externalAddresses = Object.values(this.externalWallets).map((w) => w.id);
+        return externalAddresses.every((address) => verifiedExternalWalletAddresses.includes(address));
+      }
       return !!isAuthenticated;
     });
   }
@@ -1348,12 +1755,18 @@ const _ParaCore = class _ParaCore {
   isFullyLoggedIn() {
     return __async(this, null, function* () {
       if (this.externalWalletConnectionType === "CONNECTION_ONLY") {
+        if (!this.isReady) {
+          yield this.ready();
+        }
         return true;
       }
       if (this.isGuestMode) {
         return true;
       }
       const isSessionActive = yield this.isSessionActive();
+      if (this.externalWalletConnectionType === "VERIFICATION") {
+        return isSessionActive;
+      }
       return isSessionActive && (this.isNoWalletConfig || this.currentWalletIdsArray.length > 0 && this.currentWalletIdsArray.reduce((acc, [id]) => acc && !!this.wallets[id], true));
     });
   }
@@ -1361,10 +1774,13 @@ const _ParaCore = class _ParaCore {
     return __privateGet(this, _ParaCore_instances, guestWalletIdsArray_get).length > 0 && Object.values(this.wallets).every(
       ({ userId, partnerId }) => {
         var _a;
-        return partnerId === ((_a = __privateGet(this, _partner)) == null ? void 0 : _a.id) && (!userId || userId !== this.userId);
+        return partnerId === ((_a = this.partner) == null ? void 0 : _a.id) && (!userId || userId !== this.userId);
       }
     );
   }
+  /**
+   * Get the auth methods available to an existing user
+   */
   supportedAuthMethods(auth) {
     return __async(this, null, function* () {
       const { supportedAuthMethods } = yield this.ctx.client.getSupportedAuthMethods(auth);
@@ -1458,36 +1874,47 @@ const _ParaCore = class _ParaCore {
     });
   }
   /**
-   * Initiates a Farcaster login attempt and return the URI for the user to connect.
+   * Initiates a Farcaster login attempt and returns the URL for the user to connect.
    * You can create a QR code with this URI that works with Farcaster's mobile app.
    * @return {string} the Farcaster connect URI
    */
   getFarcasterConnectUri() {
-    return __async(this, null, function* () {
-      const {
-        data: { connect_uri: connectUri }
-      } = yield this.ctx.client.initializeFarcasterLogin();
+    return __async(this, arguments, function* ({ appScheme } = {}) {
+      const { connect_uri: connectUri } = yield this.ctx.client.initializeFarcasterLogin({ appScheme });
       return connectUri;
     });
   }
+  // FARCASTER
   /**
    * Awaits the response from a user's attempt to log in with Farcaster.
    * If successful, this returns the user's Farcaster username and profile picture and indicates whether the user already exists.
    * @return {Object} `{userExists: boolean; username: string; pfpUrl?: string | null }` - the user's information and whether the user already exists.
    */
-  verifyFarcaster(_g) {
+  verifyFarcasterProcess(_g) {
     return __async(this, null, function* () {
       var _h = _g, {
         isCanceled = () => false,
         onConnectUri,
         onCancel,
-        onPoll
+        onPoll,
+        isLinkAccount,
+        serverAuthState: optsServerAuthState
       } = _h, urlOptions = __objRest(_h, [
         "isCanceled",
         "onConnectUri",
         "onCancel",
-        "onPoll"
+        "onPoll",
+        "isLinkAccount",
+        "serverAuthState"
       ]);
+      if (optsServerAuthState) {
+        const authState = yield __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, optsServerAuthState, urlOptions);
+        return authState;
+      }
+      let accountLinkInProgress;
+      if (isLinkAccount) {
+        accountLinkInProgress = yield __privateMethod(this, _ParaCore_instances, assertIsLinkingAccountOrStart_fn).call(this, "FARCASTER");
+      }
       if (onConnectUri) {
         const connectUri = yield this.getFarcasterConnectUri();
         onConnectUri(connectUri);
@@ -1499,53 +1926,55 @@ const _ParaCore = class _ParaCore {
             try {
               if (isCanceled() || Date.now() - startedAt > constants.POLLING_TIMEOUT_MS) {
                 onCancel == null ? void 0 : onCancel();
-                return reject("canceled");
+                return reject("CANCELED");
               }
               yield new Promise((_resolve) => setTimeout(_resolve, constants.POLLING_INTERVAL_MS));
-              const serverAuthState = yield this.ctx.client.getFarcasterAuthStatus();
-              if (isServerAuthState(serverAuthState)) {
-                const authState = yield __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, urlOptions);
-                return resolve(authState);
+              switch (isLinkAccount) {
+                case false:
+                  {
+                    const serverAuthState = yield this.ctx.client.getFarcasterAuthStatus();
+                    if (isServerAuthState(serverAuthState)) {
+                      const authState = yield __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, urlOptions);
+                      return resolve(authState);
+                    }
+                  }
+                  break;
+                case true: {
+                  const result = yield this.verifyLink({
+                    accountLinkInProgress
+                  });
+                  if ("isConflict" in result) {
+                    throw new Error(AccountLinkError.Conflict);
+                  }
+                  return resolve(result);
+                }
               }
               onPoll == null ? void 0 : onPoll();
             } catch (e) {
-              console.error(e);
-              return reject(e);
+              if (!isLinkAccount || e.message === AccountLinkError.Conflict) {
+                return reject(e.message);
+              }
             }
           }
         }))();
       });
     });
   }
-  /**
-   * Generates a URL for the user to log in with OAuth using a desire method.
-   *
-   * @param {Object} opts the options object
-   * @param {TOAuthMethod} opts.method the third-party service to use for OAuth.
-   * @param {string} [opts.deeplinkUrl] the deeplink to redirect to after the OAuth flow. This is for mobile only.
-   * @returns {string} the URL for the user to log in with OAuth.
-   */
-  getOAuthUrl(_i) {
+  verifyFarcaster(opts) {
+    return __async(this, null, function* () {
+      return yield this.verifyFarcasterProcess(__spreadProps(__spreadValues({}, opts), { isLinkAccount: false }));
+    });
+  }
+  verifyFarcasterLink(opts) {
+    return __async(this, null, function* () {
+      return yield this.verifyFarcasterProcess(__spreadProps(__spreadValues({}, opts), { isLinkAccount: true }));
+    });
+  }
+  getOAuthUrl(opts) {
     return __async(this, null, function* () {
-      var _j = _i, { method, deeplinkUrl } = _j, params = __objRest(_j, ["method", "deeplinkUrl"]);
       var _a;
-      if (deeplinkUrl) {
-        try {
-          new URL(deeplinkUrl);
-        } catch (e) {
-          throw new Error("Invalid deeplink URL");
-        }
-      }
-      const sessionLookupId = (_a = params.sessionLookupId) != null ? _a : yield __privateMethod(this, _ParaCore_instances, prepareLogin_fn).call(this);
-      return constructUrl({
-        base: getBaseOAuthUrl(this.ctx.env),
-        path: `/auth/${method}`,
-        params: {
-          apiKey: this.ctx.apiKey,
-          sessionLookupId,
-          deeplinkUrl
-        }
-      });
+      const sessionLookupId = (_a = opts.sessionLookupId) != null ? _a : yield this.prepareLogin();
+      return __privateMethod(this, _ParaCore_instances, getOAuthUrl_fn).call(this, __spreadProps(__spreadValues({}, opts), { sessionLookupId }));
     });
   }
   /**
@@ -1556,28 +1985,54 @@ const _ParaCore = class _ParaCore {
    * @param {Window} [opts.popupWindow] the popup window being used for login.
    * @return {Object} `{ email?: string; isError?: boolean; userExists: boolean; }` the result data
    */
-  verifyOAuth(_k) {
+  verifyOAuthProcess(_i) {
     return __async(this, null, function* () {
-      var _l = _k, {
+      var _j = _i, {
         method,
-        deeplinkUrl,
+        appScheme,
         isCanceled = () => false,
         onCancel,
         onPoll,
-        onOAuthUrl
-      } = _l, urlOptions = __objRest(_l, [
+        onOAuthUrl,
+        onOAuthPopup,
+        isLinkAccount
+      } = _j, urlOptions = __objRest(_j, [
         "method",
-        "deeplinkUrl",
+        "appScheme",
         "isCanceled",
         "onCancel",
         "onPoll",
-        "onOAuthUrl"
+        "onOAuthUrl",
+        "onOAuthPopup",
+        "isLinkAccount"
       ]);
-      let sessionLookupId;
-      if (onOAuthUrl) {
-        sessionLookupId = yield __privateMethod(this, _ParaCore_instances, prepareLogin_fn).call(this);
-        const oAuthUrl = yield this.getOAuthUrl({ method, deeplinkUrl, sessionLookupId });
-        onOAuthUrl(oAuthUrl);
+      if (onOAuthPopup) {
+        try {
+          this.popupWindow = yield this.platformUtils.openPopup("about:blank", { type: PopupType.OAUTH });
+        } catch (error) {
+          throw new Error(`Failed to open OAuth popup: ${error}`);
+        }
+      }
+      let sessionLookupId, accountLinkInProgress;
+      if (onOAuthUrl || onOAuthPopup) {
+        if (isLinkAccount) {
+          accountLinkInProgress = yield __privateMethod(this, _ParaCore_instances, assertIsLinkingAccountOrStart_fn).call(this, method);
+          sessionLookupId = (yield this.touchSession()).sessionLookupId;
+        } else {
+          sessionLookupId = yield this.prepareLogin();
+        }
+        const oAuthUrl = yield __privateMethod(this, _ParaCore_instances, getOAuthUrl_fn).call(this, { method, appScheme, sessionLookupId, accountLinkInProgress });
+        switch (true) {
+          case !!onOAuthUrl: {
+            onOAuthUrl(oAuthUrl);
+            break;
+          }
+          case (!!onOAuthPopup && !!this.popupWindow): {
+            this.popupWindow.location.href = oAuthUrl;
+            onOAuthPopup(this.popupWindow);
+            break;
+          }
+        }
       } else {
         ({ sessionLookupId } = yield this.touchSession());
       }
@@ -1588,17 +2043,29 @@ const _ParaCore = class _ParaCore {
             try {
               if (isCanceled() || Date.now() - startedAt > constants.POLLING_TIMEOUT_MS) {
                 onCancel == null ? void 0 : onCancel();
-                return reject("canceled");
+                return reject(AccountLinkError.Canceled);
               }
               yield new Promise((_resolve) => setTimeout(_resolve, constants.POLLING_INTERVAL_MS));
-              const serverAuthState = yield this.ctx.client.verifyOAuth();
-              if (isServerAuthState(serverAuthState)) {
-                const authState = yield __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, __spreadProps(__spreadValues({}, urlOptions), { sessionLookupId }));
-                return resolve(authState);
+              switch (isLinkAccount) {
+                case false:
+                  {
+                    const serverAuthState = yield this.ctx.client.verifyOAuth();
+                    if (isServerAuthState(serverAuthState)) {
+                      const authState = yield __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, __spreadProps(__spreadValues({}, urlOptions), { sessionLookupId }));
+                      return resolve(authState);
+                    }
+                  }
+                  break;
+                case true: {
+                  const accounts = yield this.verifyLink({ accountLinkInProgress });
+                  return resolve(accounts);
+                }
               }
               onPoll == null ? void 0 : onPoll();
             } catch (err) {
-              console.error(err);
+              if (isLinkAccount && err.message === AccountLinkError.Conflict) {
+                return reject(err.message);
+              }
               onPoll == null ? void 0 : onPoll();
             }
           }
@@ -1606,6 +2073,16 @@ const _ParaCore = class _ParaCore {
       });
     });
   }
+  verifyOAuth(opts) {
+    return __async(this, null, function* () {
+      return yield this.verifyOAuthProcess(__spreadProps(__spreadValues({}, opts), { isLinkAccount: false }));
+    });
+  }
+  verifyOAuthLink(opts) {
+    return __async(this, null, function* () {
+      return yield this.verifyOAuthProcess(__spreadProps(__spreadValues({}, opts), { isLinkAccount: true }));
+    });
+  }
   /**
    * Waits for the session to be active and sets up the user.
    *
@@ -1691,7 +2168,7 @@ const _ParaCore = class _ParaCore {
         sessionId
       });
       if (shouldOpenPopup) {
-        this.platformUtils.openPopup(link);
+        yield this.platformUtils.openPopup(link);
       }
       return link;
     });
@@ -1782,7 +2259,9 @@ const _ParaCore = class _ParaCore {
         userId: this.userId,
         walletId,
         userShare: userSigner,
-        emailProps: this.getBackupKitEmailProps()
+        emailProps: this.getBackupKitEmailProps(),
+        isEnclaveUser: this.isEnclaveUser,
+        walletScheme: this.wallets[walletId].scheme
       });
       return recoveryShare;
     });
@@ -1910,7 +2389,9 @@ const _ParaCore = class _ParaCore {
         ignoreRedistributingBackupEncryptedShare: !redistributeBackupEncryptedShares,
         emailProps: this.getBackupKitEmailProps(),
         partnerId: newPartnerId,
-        protocolId
+        protocolId,
+        isEnclaveUser: this.isEnclaveUser,
+        walletScheme: this.wallets[walletId].scheme
       });
       return { signer, recoverySecret, protocolId };
     });
@@ -1976,7 +2457,9 @@ const _ParaCore = class _ParaCore {
           userId: this.userId,
           walletId: wallet.id,
           userShare: signer,
-          emailProps: this.getBackupKitEmailProps()
+          emailProps: this.getBackupKitEmailProps(),
+          isEnclaveUser: this.isEnclaveUser,
+          walletScheme: wallet.scheme
         });
       }
       yield this.setCurrentWalletIds(__spreadProps(__spreadValues({}, this.currentWalletIds), {
@@ -2057,7 +2540,9 @@ const _ParaCore = class _ParaCore {
             walletId: wallet.id,
             userShare: this.wallets[wallet.id].signer,
             emailProps: this.getBackupKitEmailProps(),
-            partnerId: wallet.partnerId
+            partnerId: wallet.partnerId,
+            isEnclaveUser: this.isEnclaveUser,
+            walletScheme: wallet.scheme
           });
           if (distributeRes.length > 0) {
             newRecoverySecret = distributeRes;
@@ -2235,25 +2720,12 @@ const _ParaCore = class _ParaCore {
       });
     });
   }
-  getOnRampTransactionUrl(_m) {
-    return __async(this, null, function* () {
-      var _n = _m, {
-        purchaseId,
-        providerKey
-      } = _n, walletParams = __objRest(_n, [
-        "purchaseId",
-        "providerKey"
-      ]);
-      const { sessionId } = yield this.touchSession();
-      const [key, identifier] = extractWalletRef(walletParams);
+  getOnRampTransactionUrl(_0) {
+    return __async(this, arguments, function* ({
+      purchaseId
+    }) {
       return this.constructPortalUrl("onRamp", {
-        pathId: purchaseId,
-        sessionId,
-        params: {
-          [key]: identifier,
-          providerKey,
-          currentWalletIds: JSON.stringify(this.currentWalletIds)
-        }
+        pathId: purchaseId
       });
     });
   }
@@ -2278,6 +2750,7 @@ const _ParaCore = class _ParaCore {
       onCancel,
       onPoll
     }) {
+      var _a;
       this.assertIsValidWalletId(walletId);
       const wallet = this.wallets[walletId];
       let signerId = this.userId;
@@ -2287,7 +2760,7 @@ const _ParaCore = class _ParaCore {
       let signRes = yield this.signMessageInner({ wallet, signerId, messageBase64, cosmosSignDocBase64 });
       let timeStart = Date.now();
       if (signRes.pendingTransactionId) {
-        this.platformUtils.openPopup(
+        yield this.platformUtils.openPopup(
           yield this.getTransactionReviewUrl(signRes.pendingTransactionId, timeoutMs),
           { type: cosmosSignDocBase64 ? PopupType.SIGN_TRANSACTION_REVIEW : PopupType.SIGN_MESSAGE_REVIEW }
         );
@@ -2301,18 +2774,19 @@ const _ParaCore = class _ParaCore {
           break;
         }
         yield new Promise((resolve) => setTimeout(resolve, constants.POLLING_INTERVAL_MS));
+        let pendingTransaction;
         try {
-          yield this.ctx.client.getPendingTransaction(this.userId, signRes.pendingTransactionId);
+          pendingTransaction = (_a = (yield this.ctx.client.getPendingTransaction(this.userId, signRes.pendingTransactionId)).data) == null ? void 0 : _a.pendingTransaction;
         } catch (err) {
           const error = new TransactionReviewDenied();
           dispatchEvent(ParaEvent.SIGN_MESSAGE_EVENT, signRes, error.message);
           throw error;
         }
-        signRes = yield this.signMessageInner({ wallet, signerId, messageBase64, cosmosSignDocBase64 });
-        if (signRes.pendingTransactionId) {
+        if (!(pendingTransaction == null ? void 0 : pendingTransaction.approvedAt)) {
           onPoll == null ? void 0 : onPoll();
           continue;
         } else {
+          signRes = yield this.signMessageInner({ wallet, signerId, messageBase64, cosmosSignDocBase64 });
           break;
         }
       }
@@ -2381,6 +2855,7 @@ const _ParaCore = class _ParaCore {
       onCancel,
       onPoll
     }) {
+      var _a;
       this.assertIsValidWalletId(walletId);
       const wallet = this.wallets[walletId];
       let signerId = this.userId;
@@ -2399,7 +2874,7 @@ const _ParaCore = class _ParaCore {
       );
       let timeStart = Date.now();
       if (signRes.pendingTransactionId) {
-        this.platformUtils.openPopup(
+        yield this.platformUtils.openPopup(
           yield this.getTransactionReviewUrl(signRes.pendingTransactionId, timeoutMs),
           { type: PopupType.SIGN_TRANSACTION_REVIEW }
         );
@@ -2413,27 +2888,28 @@ const _ParaCore = class _ParaCore {
           break;
         }
         yield new Promise((resolve) => setTimeout(resolve, constants.POLLING_INTERVAL_MS));
+        let pendingTransaction;
         try {
-          yield this.ctx.client.getPendingTransaction(this.userId, signRes.pendingTransactionId);
+          pendingTransaction = (_a = (yield this.ctx.client.getPendingTransaction(this.userId, signRes.pendingTransactionId)).data) == null ? void 0 : _a.pendingTransaction;
         } catch (err) {
           const error = new TransactionReviewDenied();
           dispatchEvent(ParaEvent.SIGN_TRANSACTION_EVENT, signRes, error.message);
           throw error;
         }
-        signRes = yield this.platformUtils.signTransaction(
-          this.ctx,
-          signerId,
-          walletId,
-          this.wallets[walletId].signer,
-          rlpEncodedTxBase64,
-          chainId,
-          this.retrieveSessionCookie(),
-          wallet.scheme === "DKLS"
-        );
-        if (signRes.pendingTransactionId) {
+        if (!(pendingTransaction == null ? void 0 : pendingTransaction.approvedAt)) {
           onPoll == null ? void 0 : onPoll();
           continue;
         } else {
+          signRes = yield this.platformUtils.signTransaction(
+            this.ctx,
+            signerId,
+            walletId,
+            this.wallets[walletId].signer,
+            rlpEncodedTxBase64,
+            chainId,
+            this.retrieveSessionCookie(),
+            wallet.scheme === "DKLS"
+          );
           break;
         }
       }
@@ -2475,7 +2951,8 @@ const _ParaCore = class _ParaCore {
         providerKey: onRampPurchase.providerKey
       }, walletParams));
       if (shouldOpenPopup) {
-        this.platformUtils.openPopup(portalUrl, { type: PopupType.ON_RAMP_TRANSACTION });
+        const onRampWindow = yield this.platformUtils.openPopup(portalUrl, { type: PopupType.ON_RAMP_TRANSACTION });
+        this.onRampPopup = { window: onRampWindow, onRampPurchase };
       }
       return { onRampPurchase, portalUrl };
     });
@@ -2558,6 +3035,20 @@ const _ParaCore = class _ParaCore {
       return sessionLookupId;
     });
   }
+  issueJwt() {
+    return __async(this, arguments, function* ({ keyIndex = 0 } = {}) {
+      try {
+        return yield this.ctx.client.issueJwt({ keyIndex });
+      } catch (error) {
+        if (error.status === 403 || error.status === 401) {
+          const errorMessage = "The user needs to be logged in to issue a JWT. Please log in and try again.";
+          this.displayModalError(errorMessage);
+          console.warn(errorMessage);
+        }
+        throw error;
+      }
+    });
+  }
   /**
    * Logs the user out.
    * @param {Object} opts the options object.
@@ -2565,6 +3056,7 @@ const _ParaCore = class _ParaCore {
    **/
   logout() {
     return __async(this, arguments, function* ({ clearPregenWallets = false } = {}) {
+      const shouldDispatchLogoutEvent = yield this.isSessionActive();
       yield this.ctx.client.logout();
       yield this.clearStorage();
       if (!clearPregenWallets) {
@@ -2581,22 +3073,17 @@ const _ParaCore = class _ParaCore {
       this.externalWallets = {};
       this.loginEncryptionKeyPair = void 0;
       __privateSet(this, _authInfo, void 0);
+      this.accountLinkInProgress = void 0;
       this.userId = void 0;
       this.sessionCookie = void 0;
-      dispatchEvent(ParaEvent.LOGOUT_EVENT, null);
-    });
-  }
-  /** @deprecated */
-  getSupportedCreateAuthMethods() {
-    return __async(this, null, function* () {
-      const partner = yield __privateMethod(this, _ParaCore_instances, assertPartner_fn).call(this);
-      let supportedAuthMethods = /* @__PURE__ */ new Set();
-      for (const authMethod of partner.supportedAuthMethods) {
-        supportedAuthMethods.add(AuthMethod[authMethod]);
+      if (shouldDispatchLogoutEvent) {
+        dispatchEvent(ParaEvent.LOGOUT_EVENT, null);
       }
-      return supportedAuthMethods;
     });
   }
+  get toStringAdditions() {
+    return {};
+  }
   /**
    * Converts to a string, removing sensitive data when logging this class.
    *
@@ -2620,10 +3107,10 @@ const _ParaCore = class _ParaCore {
       }),
       {}
     );
-    const obj = {
-      partnerId: (_a = __privateGet(this, _partner)) == null ? void 0 : _a.id,
-      supportedWalletTypes: (_b = __privateGet(this, _partner)) == null ? void 0 : _b.supportedWalletTypes,
-      cosmosPrefix: (_c = __privateGet(this, _partner)) == null ? void 0 : _c.cosmosPrefix,
+    const obj = __spreadProps(__spreadValues({
+      partnerId: (_a = this.partner) == null ? void 0 : _a.id,
+      supportedWalletTypes: (_b = this.partner) == null ? void 0 : _b.supportedWalletTypes,
+      cosmosPrefix: (_c = this.partner) == null ? void 0 : _c.cosmosPrefix,
       authInfo: __privateGet(this, _authInfo),
       isGuestMode: this.isGuestMode,
       userId: this.userId,
@@ -2633,6 +3120,8 @@ const _ParaCore = class _ParaCore {
       wallets: redactedWallets,
       externalWallets: redactedExternalWallets,
       loginEncryptionKeyPair: this.loginEncryptionKeyPair ? "[REDACTED]" : void 0,
+      isReady: this.isReady
+    }, this.toStringAdditions), {
       ctx: {
         apiKey: this.ctx.apiKey,
         disableWorkers: this.ctx.disableWorkers,
@@ -2643,9 +3132,14 @@ const _ParaCore = class _ParaCore {
         useDKLS: this.ctx.useDKLS,
         cosmosPrefix: this.ctx.cosmosPrefix
       }
-    };
+    });
     return `Para ${JSON.stringify(obj, null, 2)}`;
   }
+  devLog(...s) {
+    if (this.ctx.env === Environment.DEV || this.ctx.env === Environment.SANDBOX) {
+      console.log(...s);
+    }
+  }
   getNewCredentialAndUrl() {
     return __async(this, arguments, function* ({
       authMethod = "PASSKEY",
@@ -2660,7 +3154,7 @@ const _ParaCore = class _ParaCore {
           ({
             data: { id: credentialId }
           } = yield this.ctx.client.addSessionPublicKey(this.userId, {
-            status: PublicKeyStatus.PENDING,
+            status: AuthMethodStatus.PENDING,
             type: PublicKeyType.WEB
           }));
           urlType = "createAuth";
@@ -2669,10 +3163,18 @@ const _ParaCore = class _ParaCore {
           ({
             data: { id: credentialId }
           } = yield this.ctx.client.addSessionPasswordPublicKey(this.userId, {
-            status: PasswordStatus.PENDING
+            status: AuthMethodStatus.PENDING
           }));
           urlType = "createPassword";
           break;
+        case "PIN":
+          ({
+            data: { id: credentialId }
+          } = yield this.ctx.client.addSessionPasswordPublicKey(this.userId, {
+            status: AuthMethodStatus.PENDING
+          }));
+          urlType = "createPIN";
+          break;
       }
       const url = this.isNativePasskey && urlType === "createAuth" ? void 0 : yield this.constructPortalUrl(urlType, {
         isForNewDevice,
@@ -2684,7 +3186,7 @@ const _ParaCore = class _ParaCore {
     });
   }
   /**
-   * Returns a Para Portal URL for logging in with a WebAuth passkey or a password.
+   * Returns a Para Portal URL for logging in with a WebAuth passkey, password, PIN or OTP.
    * @param {Object} opts the options object
    * @param {String} opts.auth - the user auth to sign up or log in with, in the form ` { email: string } | { phone: `+${number}` } `
    * @param {boolean} opts.useShortUrls - whether to shorten the generated portal URLs
@@ -2710,6 +3212,12 @@ const _ParaCore = class _ParaCore {
         case "PASSWORD":
           urlType = "loginPassword";
           break;
+        case "PIN":
+          urlType = "loginPIN";
+          break;
+        case "BASIC_LOGIN":
+          urlType = "loginOTP";
+          break;
         default:
           throw new Error(`invalid authentication method: '${authMethod}'`);
       }
@@ -2720,53 +3228,214 @@ const _ParaCore = class _ParaCore {
       });
     });
   }
-  signUpOrLogIn(_o) {
+  prepareLogin() {
     return __async(this, null, function* () {
-      var _p = _o, { auth } = _p, urlOptions = __objRest(_p, ["auth"]);
-      const serverAuthState = yield this.ctx.client.signUpOrLogIn(__spreadValues(__spreadValues({}, auth), this.getVerificationEmailProps()));
-      return __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, urlOptions);
+      yield this.logout();
+      const { sessionLookupId } = yield this.touchSession(true);
+      if (!this.loginEncryptionKeyPair) {
+        yield this.setLoginEncryptionKeyPair();
+      }
+      return sessionLookupId;
     });
   }
-  verifyNewAccount(_q) {
+  signUpOrLogIn(_k) {
     return __async(this, null, function* () {
-      var _r = _q, {
+      var _l = _k, { auth } = _l, urlOptions = __objRest(_l, ["auth"]);
+      let serverAuthState;
+      try {
+        serverAuthState = yield this.ctx.client.signUpOrLogIn(__spreadValues(__spreadValues({}, auth), this.getVerificationEmailProps()));
+      } catch (error) {
+        if (error.message.includes("max beta users reached")) {
+          this.displayModalError(
+            `50 user limit reached. [Go to Production.](https://docs.getpara.com/v2/general/checklist#go-live-checklist)`
+          );
+        }
+        throw error;
+      }
+      const authInfo = serverAuthState.auth;
+      if (this.fetchPregenWalletsOverride && isPregenAuth(authInfo)) {
+        const { userShare } = yield this.fetchPregenWalletsOverride({ pregenId: authInfo });
+        if (userShare) {
+          yield this.setUserShare(userShare);
+        }
+      }
+      return __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, __spreadValues({}, urlOptions));
+    });
+  }
+  verifyNewAccount(_m) {
+    return __async(this, null, function* () {
+      var _n = _m, {
         verificationCode
-      } = _r, urlOptions = __objRest(_r, [
+      } = _n, urlOptions = __objRest(_n, [
         "verificationCode"
       ]);
       this.assertIsAuthSet(["email", "phone"]);
-      const userId = this.assertUserId();
-      const serverAuthState = yield this.ctx.client.verifyNewAccount(userId, {
+      const userId = this.assertUserId({ allowGuestMode: true });
+      const serverAuthState = yield this.ctx.client.verifyAccount(userId, {
         verificationCode
       });
+      if (serverAuthState.stage === "login" || serverAuthState.stage === "done") {
+        throw new Error("Account already exists.");
+      }
+      yield this.touchSession(true);
       return __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, urlOptions);
     });
   }
+  getLinkedAccounts() {
+    return __async(this, arguments, function* ({
+      withMetadata = false
+    } = {}) {
+      const userId = this.assertUserId();
+      const { accounts } = yield this.ctx.client.getLinkedAccounts({ userId, withMetadata });
+      return __spreadValues({
+        userId
+      }, accounts);
+    });
+  }
+  linkAccount(opts) {
+    return __async(this, null, function* () {
+      const { supportedAccountLinks = [...LINKED_ACCOUNT_TYPES] } = yield __privateMethod(this, _ParaCore_instances, assertPartner_fn).call(this);
+      let type, identifier, externalWallet, isPermitted;
+      switch (true) {
+        case "auth" in opts:
+          {
+            const authInfo = extractAuthInfo(opts.auth, { isRequired: true });
+            if (authInfo.auth === this.authInfo.auth) {
+              throw new Error(AccountLinkError.Conflict);
+            }
+            type = authInfo.authType.toUpperCase();
+            identifier = authInfo.identifier;
+            isPermitted = supportedAccountLinks.includes(type);
+          }
+          break;
+        case "externalWallet" in opts:
+          {
+            externalWallet = opts.externalWallet;
+            type = "EXTERNAL_WALLET";
+            isPermitted = supportedAccountLinks.includes("EXTERNAL_WALLET") || supportedAccountLinks.includes(externalWallet.providerId);
+          }
+          break;
+        case "type" in opts:
+          {
+            type = opts.type;
+            if (type === "X") {
+              type = "TWITTER";
+            }
+            isPermitted = supportedAccountLinks.includes(type);
+          }
+          break;
+        default:
+          throw new Error("Invalid parameters for linking account, must pass `auth` or `type` or `externalWallet`");
+      }
+      if (!isPermitted) {
+        throw new Error(`Account linking for type '${type}' is not supported by the current API key configuration`);
+      }
+      const userId = this.assertUserId();
+      const result = yield this.ctx.client.linkAccount(__spreadValues(__spreadValues({
+        userId,
+        type
+      }, identifier ? { identifier } : {}), externalWallet ? { externalWallet } : {}));
+      if ("isConflict" in result) {
+        throw new Error(AccountLinkError.Conflict);
+      }
+      const { linkedAccountId, signatureVerificationMessage } = result;
+      this.accountLinkInProgress = __spreadValues(__spreadValues({
+        id: linkedAccountId,
+        type,
+        isComplete: false
+      }, identifier ? { identifier } : {}), signatureVerificationMessage && externalWallet ? {
+        externalWallet: __spreadProps(__spreadValues({}, externalWallet), {
+          signatureVerificationMessage
+        })
+      } : {});
+      return this.accountLinkInProgress;
+    });
+  }
+  unlinkAccount(_0) {
+    return __async(this, arguments, function* ({
+      linkedAccountId
+    }) {
+      if (!linkedAccountId) {
+        throw new Error("No linked account ID provided");
+      }
+      const userId = this.assertUserId();
+      const accounts = yield this.ctx.client.unlinkAccount({ linkedAccountId, userId });
+      return accounts;
+    });
+  }
+  verifyLink() {
+    return __async(this, arguments, function* (_o = {}) {
+      var _p = _o, {
+        accountLinkInProgress = __privateMethod(this, _ParaCore_instances, assertIsLinkingAccount_fn).call(this)
+      } = _p, opts = __objRest(_p, [
+        "accountLinkInProgress"
+      ]);
+      try {
+        const userId = this.assertUserId(), result = yield this.ctx.client.verifyLink(__spreadValues({
+          linkedAccountId: accountLinkInProgress.id,
+          userId
+        }, opts));
+        if ("isConflict" in result) {
+          throw new Error(AccountLinkError.Conflict);
+        }
+        this.accountLinkInProgress = void 0;
+        return result.accounts;
+      } catch (e) {
+        throw new Error(e.message === AccountLinkError.Conflict ? AccountLinkError.Conflict : e.message);
+      }
+    });
+  }
+  verifyEmailOrPhoneLink(_0) {
+    return __async(this, arguments, function* ({
+      verificationCode
+    }) {
+      const accounts = yield this.verifyLink({
+        accountLinkInProgress: __privateMethod(this, _ParaCore_instances, assertIsLinkingAccount_fn).call(this, ["EMAIL", "PHONE"]),
+        verificationCode
+      });
+      return accounts;
+    });
+  }
+  getProfileBalance() {
+    return __async(this, arguments, function* ({ config, refetch = false } = {}) {
+      const { balance } = yield this.ctx.client.getProfileBalance({
+        config,
+        wallets: this.availableWallets.map(({ type, address }) => ({ type, address })),
+        refetch
+      });
+      return balance;
+    });
+  }
+  sendLoginCode() {
+    return __async(this, null, function* () {
+      const { userId } = yield this.ctx.client.sendLoginVerificationCode(this.authInfo);
+      this.setUserId(userId);
+    });
+  }
 };
 _authInfo = new WeakMap();
-_partner = new WeakMap();
 _ParaCore_instances = new WeakSet();
 assertPartner_fn = function() {
   return __async(this, null, function* () {
     var _a, _b;
-    if (!__privateGet(this, _partner)) {
+    if (!this.partner) {
       yield this.touchSession();
     }
-    if (((_a = __privateGet(this, _partner)) == null ? void 0 : _a.cosmosPrefix) && this.ctx.cosmosPrefix !== __privateGet(this, _partner).cosmosPrefix) {
-      this.ctx.cosmosPrefix = (_b = __privateGet(this, _partner)) == null ? void 0 : _b.cosmosPrefix;
+    if (((_a = this.partner) == null ? void 0 : _a.cosmosPrefix) && this.ctx.cosmosPrefix !== this.partner.cosmosPrefix) {
+      this.ctx.cosmosPrefix = (_b = this.partner) == null ? void 0 : _b.cosmosPrefix;
     }
-    return __privateGet(this, _partner);
+    return this.partner;
   });
 };
 guestWalletIds_get = function() {
   var _a, _b, _c;
-  if (!((_a = __privateGet(this, _partner)) == null ? void 0 : _a.supportedWalletTypes)) {
+  if (!((_a = this.partner) == null ? void 0 : _a.supportedWalletTypes)) {
     return {};
   }
   const guestId = (_c = (_b = this.pregenIds) == null ? void 0 : _b.GUEST_ID) == null ? void 0 : _c[0];
   return !!guestId ? Object.entries(this.wallets).reduce((acc, [id, wallet]) => {
     if (wallet.isPregen && !wallet.userId && wallet.pregenIdentifierType === "GUEST_ID" && wallet.pregenIdentifier === guestId) {
-      return __spreadValues(__spreadValues({}, acc), getEquivalentTypes(wallet.type).filter((type) => __privateGet(this, _partner).supportedWalletTypes.some((entry) => entry.type === type)).reduce((acc2, eqType) => {
+      return __spreadValues(__spreadValues({}, acc), getEquivalentTypes(wallet.type).filter((type) => this.partner.supportedWalletTypes.some((entry) => entry.type === type)).reduce((acc2, eqType) => {
         var _a2;
         return __spreadProps(__spreadValues({}, acc2), { [eqType]: [.../* @__PURE__ */ new Set([...(_a2 = acc2[eqType]) != null ? _a2 : [], id])] });
       }, {}));
@@ -2823,9 +3492,70 @@ setAuthInfo_fn = function(authInfo) {
 };
 getPartner_fn = function(partnerId) {
   return __async(this, null, function* () {
+    if (this.isPartnerOptional && !partnerId) {
+      return void 0;
+    }
     const res = yield this.ctx.client.getPartner(partnerId);
-    __privateSet(this, _partner, res.data.partner);
-    return __privateGet(this, _partner);
+    this.partner = res.data.partner;
+    return this.partner;
+  });
+};
+assertIsLinkingAccount_fn = function(types) {
+  if (!this.accountLinkInProgress || this.accountLinkInProgress.isComplete) {
+    throw new Error("no account linking in progress");
+  }
+  if (types && !types.includes(this.accountLinkInProgress.type)) {
+    throw new Error(
+      `account linking in progress for type ${this.accountLinkInProgress.type}, expected one of ${types.join(", ")}`
+    );
+  }
+  return this.accountLinkInProgress;
+};
+assertIsLinkingAccountOrStart_fn = function(type) {
+  return __async(this, null, function* () {
+    if (this.accountLinkInProgress && !this.accountLinkInProgress.isComplete) {
+      return __privateMethod(this, _ParaCore_instances, assertIsLinkingAccount_fn).call(this, [type]);
+    }
+    return yield this.linkAccount({ type });
+  });
+};
+getOAuthUrl_fn = function(_0) {
+  return __async(this, arguments, function* ({
+    method,
+    appScheme,
+    accountLinkInProgress,
+    sessionLookupId,
+    encryptionKey
+  }) {
+    if (!accountLinkInProgress && !this.isPortal()) {
+      return yield this.constructPortalUrl("oAuth", { sessionId: sessionLookupId, oAuthMethod: method, appScheme });
+    }
+    let portalSessionLookupId;
+    if (this.isPortal()) {
+      portalSessionLookupId = (yield this.touchSession(true)).sessionLookupId;
+    }
+    return constructUrl({
+      base: getBaseOAuthUrl(this.ctx.env),
+      path: `/auth/${method.toLowerCase()}`,
+      params: __spreadProps(__spreadValues({
+        apiKey: this.ctx.apiKey,
+        sessionLookupId,
+        portalSessionLookupId,
+        appScheme
+      }, accountLinkInProgress ? {
+        linkedAccountId: this.accountLinkInProgress.id
+      } : {}), {
+        callback: !accountLinkInProgress && (yield this.constructPortalUrl("oAuthCallback", {
+          sessionId: sessionLookupId,
+          oAuthMethod: method,
+          appScheme,
+          thisDevice: {
+            sessionId: sessionLookupId,
+            encryptionKey
+          }
+        }))
+      })
+    });
   });
 };
 createPregenWallet_fn = function(opts) {
@@ -2878,8 +3608,9 @@ createPregenWallet_fn = function(opts) {
 _isCreateGuestWalletsPending = new WeakMap();
 prepareAuthState_fn = function(_0) {
   return __async(this, arguments, function* (serverAuthState, opts = {}) {
-    if (!opts.sessionLookupId && serverAuthState.stage === "login") {
-      opts.sessionLookupId = yield __privateMethod(this, _ParaCore_instances, prepareLogin_fn).call(this);
+    var _a, _b;
+    if (!opts.sessionLookupId && serverAuthState.stage === "login" && (!serverAuthState.externalWallet || !(((_a = serverAuthState.externalWallet) == null ? void 0 : _a.withFullParaAuth) && ((_b = serverAuthState.loginAuthMethods) == null ? void 0 : _b.includes(AuthMethod.PIN))))) {
+      opts.sessionLookupId = yield this.prepareLogin();
     }
     const { auth, externalWallet, userId, displayName, pfpUrl, username } = serverAuthState;
     const authInfo = __spreadValues(__spreadValues({}, extractAuthInfo(auth, { isRequired: true })), Object.fromEntries(
@@ -2893,34 +3624,68 @@ prepareAuthState_fn = function(_0) {
     yield __privateMethod(this, _ParaCore_instances, setAuthInfo_fn).call(this, authInfo);
     yield this.assertIsAuthSet();
     if (!!externalWallet) {
-      yield this.setExternalWallet(externalWallet);
+      yield this.setExternalWallet([externalWallet]);
     }
     if (!!userId) {
       yield this.setUserId(userId);
     }
     let authState;
     switch (serverAuthState.stage) {
+      case "done": {
+        authState = yield __privateMethod(this, _ParaCore_instances, prepareDoneState_fn).call(this, serverAuthState);
+        break;
+      }
       case "verify":
-        authState = serverAuthState;
+        authState = yield __privateMethod(this, _ParaCore_instances, prepareVerificationState_fn).call(this, serverAuthState, __spreadProps(__spreadValues({}, opts), {
+          sessionLookupId: opts.sessionLookupId
+        }));
         break;
       case "login":
+        if (externalWallet && !(externalWallet == null ? void 0 : externalWallet.withFullParaAuth)) {
+          authState = serverAuthState;
+          break;
+        }
         authState = yield __privateMethod(this, _ParaCore_instances, prepareLoginState_fn).call(this, serverAuthState, __spreadProps(__spreadValues({}, opts), { sessionLookupId: opts.sessionLookupId }));
         break;
       case "signup":
+        if (externalWallet && !(externalWallet == null ? void 0 : externalWallet.withFullParaAuth)) {
+          authState = serverAuthState;
+          break;
+        }
         authState = yield __privateMethod(this, _ParaCore_instances, prepareSignUpState_fn).call(this, serverAuthState, opts);
         break;
     }
     return authState;
   });
 };
-prepareLogin_fn = function() {
+prepareDoneState_fn = function(doneState) {
   return __async(this, null, function* () {
-    yield this.logout();
-    const { sessionLookupId } = yield this.touchSession(true);
-    if (!this.loginEncryptionKeyPair) {
-      yield this.setLoginEncryptionKeyPair();
+    let isSLOPossible = doneState.authMethods.includes(AuthMethod.BASIC_LOGIN);
+    this.isEnclaveUser = isSLOPossible;
+    return doneState;
+  });
+};
+prepareVerificationState_fn = function(_0, _1) {
+  return __async(this, arguments, function* (verifyState, {
+    useShortUrls: shorten = false,
+    portalTheme,
+    sessionLookupId
+  }) {
+    let isSLOPossible = false;
+    if (verifyState.nextStage === "login") {
+      isSLOPossible = verifyState.loginAuthMethods.includes(AuthMethod.BASIC_LOGIN);
+    } else if (verifyState.nextStage === "signup") {
+      isSLOPossible = verifyState.signupAuthMethods.includes(AuthMethod.BASIC_LOGIN);
     }
-    return sessionLookupId;
+    this.isEnclaveUser = isSLOPossible;
+    return __spreadValues(__spreadValues({}, verifyState), isSLOPossible ? {
+      loginUrl: yield this.getLoginUrl({
+        authMethod: AuthMethod.BASIC_LOGIN,
+        sessionId: sessionLookupId,
+        shorten,
+        portalTheme
+      })
+    } : {});
   });
 };
 prepareLoginState_fn = function(_0, _1) {
@@ -2929,8 +3694,12 @@ prepareLoginState_fn = function(_0, _1) {
     portalTheme,
     sessionLookupId
   }) {
-    const _a = loginState, { loginAuthMethods } = _a, authState = __objRest(_a, ["loginAuthMethods"]);
-    return __spreadValues(__spreadValues(__spreadValues({}, authState), !this.isNativePasskey && loginAuthMethods.includes(AuthMethod.PASSKEY) ? {
+    const _a = loginState, { loginAuthMethods = [], hasPasswordWithoutPIN } = _a, authState = __objRest(_a, ["loginAuthMethods", "hasPasswordWithoutPIN"]);
+    const isPasskeySupported = yield this.isPasskeySupported(), isPasskeyPossible = loginAuthMethods.includes(AuthMethod.PASSKEY) && !this.isNativePasskey, isPasswordPossible = loginAuthMethods.includes(AuthMethod.PASSWORD) && hasPasswordWithoutPIN, isPINPossible = loginAuthMethods.includes(AuthMethod.PIN);
+    return __spreadValues(__spreadValues(__spreadValues(__spreadProps(__spreadValues({}, authState), {
+      isPasskeySupported,
+      loginAuthMethods
+    }), isPasskeyPossible ? {
       passkeyUrl: yield this.getLoginUrl({ sessionId: sessionLookupId, shorten, portalTheme }),
       passkeyKnownDeviceUrl: yield this.constructPortalUrl("loginAuth", {
         sessionId: sessionLookupId,
@@ -2941,28 +3710,41 @@ prepareLoginState_fn = function(_0, _1) {
         shorten,
         portalTheme
       })
-    } : {}), loginAuthMethods.includes(AuthMethod.PASSWORD) ? {
+    } : {}), isPasswordPossible ? {
       passwordUrl: yield this.constructPortalUrl("loginPassword", {
         sessionId: sessionLookupId,
         shorten,
-        portalTheme
+        portalTheme,
+        params: { isEmbedded: `${!loginState.isWalletSelectionNeeded}` }
+      })
+    } : {}), isPINPossible ? {
+      pinUrl: yield this.constructPortalUrl("loginPIN", {
+        sessionId: sessionLookupId,
+        shorten,
+        portalTheme,
+        params: { isEmbedded: `${!loginState.isWalletSelectionNeeded}` }
       })
     } : {});
   });
 };
 prepareSignUpState_fn = function(_0, _1) {
   return __async(this, arguments, function* (serverSignupState, { useShortUrls: shorten = false, portalTheme }) {
-    const _a = serverSignupState, { signupAuthMethods } = _a, authState = __objRest(_a, ["signupAuthMethods"]);
-    const [isPasskey, isPassword] = [
+    const _a = serverSignupState, { signupAuthMethods = [] } = _a, authState = __objRest(_a, ["signupAuthMethods"]);
+    const isPasskeySupported = yield this.isPasskeySupported();
+    const [isPasskey, isPassword, isPIN] = [
       signupAuthMethods.includes(AuthMethod.PASSKEY),
-      signupAuthMethods.includes(AuthMethod.PASSWORD)
+      signupAuthMethods.includes(AuthMethod.PASSWORD) || !isPasskeySupported,
+      signupAuthMethods.includes(AuthMethod.PIN)
     ];
-    if (!isPasskey && !isPassword) {
+    if (!isPasskey && !isPassword && !isPIN) {
       throw new Error(
-        "No supported authentication methods found. Please ensure you have enabled either WebAuth passkeys or passwords in your Developer Portal settings."
+        "No supported authentication methods found. Please ensure you have enabled either WebAuth passkeys, passwords or PINs in your Developer Portal settings."
       );
     }
-    const signupState = authState;
+    const signupState = __spreadProps(__spreadValues({}, authState), {
+      isPasskeySupported,
+      signupAuthMethods
+    });
     if (isPasskey) {
       const { url: passkeyUrl, credentialId: passkeyId } = yield this.getNewCredentialAndUrl({
         authMethod: "PASSKEY",
@@ -2980,6 +3762,15 @@ prepareSignUpState_fn = function(_0, _1) {
       signupState.passwordUrl = passwordUrl;
       signupState.passwordId = passwordId;
     }
+    if (isPIN) {
+      const { url: pinUrl, credentialId: pinId } = yield this.getNewCredentialAndUrl({
+        authMethod: "PIN",
+        portalTheme,
+        shorten
+      });
+      signupState.pinUrl = pinUrl;
+      signupState.pinId = pinId;
+    }
     return signupState;
   });
 };