@getpara/core-sdk 2.0.0-alpha.7 → 2.0.0-alpha.70

package/dist/cjs/ParaCore.js

@@ -99,7 +99,8 @@ var import_recovery = require("./shares/recovery.js");
 var import_utils2 = require("./utils/index.js");
 var import_errors = require("./errors.js");
 var constants = __toESM(require("./constants.js"));
-var _authInfo, _partner, _ParaCore_instances, assertPartner_fn, guestWalletIds_get, guestWalletIdsArray_get, toAuthInfo_fn, setAuthInfo_fn, getPartner_fn, createPregenWallet_fn, _isCreateGuestWalletsPending, prepareAuthState_fn, prepareLogin_fn, prepareLoginState_fn, prepareSignUpState_fn;
+var import_enclave = require("./shares/enclave.js");
+var _authInfo, _ParaCore_instances, assertPartner_fn, guestWalletIds_get, guestWalletIdsArray_get, toAuthInfo_fn, setAuthInfo_fn, getPartner_fn, assertIsLinkingAccount_fn, assertIsLinkingAccountOrStart_fn, getOAuthUrl_fn, waitForLoginProcess_fn, createPregenWallet_fn, _isCreateGuestWalletsPending, prepareAuthState_fn, prepareDoneState_fn, prepareVerificationState_fn, prepareLoginState_fn, prepareSignUpState_fn;
 if (typeof global !== "undefined") {
   global.Buffer = global.Buffer || import_buffer.Buffer;
 } else if (typeof window !== "undefined") {
@@ -111,22 +112,20 @@ if (typeof global !== "undefined") {
 }
 const { pki, jsbn } = import_node_forge.default;
 const _ParaCore = class _ParaCore {
-  /**
-   * Constructs a new `ParaCore` instance.
-   * @param env - `Environment` to use.
-   * @param apiKey - API key to use.
-   * @param opts - Additional constructor options; see `ConstructorOpts`.
-   * @returns - A new ParaCore instance.
-   */
-  constructor(env, apiKey, opts) {
+  constructor(envOrApiKey, apiKeyOrOpts, opts) {
     __privateAdd(this, _ParaCore_instances);
+    this.popupWindow = null;
     __privateAdd(this, _authInfo);
+    this.isSwitchingWallets = false;
     this.isNativePasskey = false;
-    __privateAdd(this, _partner);
+    this.isReady = false;
+    this.accountLinkInProgress = void 0;
+    this.isEnclaveUser = false;
     this.isAwaitingAccountCreation = false;
     this.isAwaitingLogin = false;
     this.isAwaitingFarcaster = false;
     this.isAwaitingOAuth = false;
+    this.isWorkerInitialized = false;
     /**
      * The IDs of the currently active wallets, for each supported wallet type. Any signer integrations will default to the first viable wallet ID in this dictionary.
      */
@@ -135,20 +134,34 @@ const _ParaCore = class _ParaCore {
      * Wallets associated with the `ParaCore` instance.
      */
     this.externalWallets = {};
+    this.onRampPopup = void 0;
+    this.nonPersistedStorageKeys = [];
     this.localStorageGetItem = (key) => {
-      return this.platformUtils.localStorage.get(key);
+      var _a;
+      if (!((_a = this.nonPersistedStorageKeys) != null ? _a : []).includes(key)) {
+        return this.platformUtils.localStorage.get(key);
+      }
     };
     this.localStorageSetItem = (key, value) => {
-      return this.platformUtils.localStorage.set(key, value);
+      var _a;
+      if (!((_a = this.nonPersistedStorageKeys) != null ? _a : []).includes(key)) {
+        return this.platformUtils.localStorage.set(key, value);
+      }
     };
     this.localStorageRemoveItem = (key) => {
       return this.platformUtils.localStorage.removeItem(key);
     };
     this.sessionStorageGetItem = (key) => {
-      return this.platformUtils.sessionStorage.get(key);
+      var _a;
+      if (!((_a = this.nonPersistedStorageKeys) != null ? _a : []).includes(key)) {
+        return this.platformUtils.sessionStorage.get(key);
+      }
     };
     this.sessionStorageSetItem = (key, value) => {
-      return this.platformUtils.sessionStorage.set(key, value);
+      var _a;
+      if (!((_a = this.nonPersistedStorageKeys) != null ? _a : []).includes(key)) {
+        return this.platformUtils.sessionStorage.set(key, value);
+      }
     };
     this.sessionStorageRemoveItem = (key) => {
       return this.platformUtils.sessionStorage.removeItem(key);
@@ -156,16 +169,29 @@ const _ParaCore = class _ParaCore {
     this.retrieveSessionCookie = () => {
       return this.sessionCookie;
     };
+    this.retrieveEnclaveJwt = () => {
+      return this.enclaveJwt;
+    };
+    this.retrieveEnclaveRefreshJwt = () => {
+      return this.enclaveRefreshJwt;
+    };
     /**
      * Remove all local storage and prefixed session storage.
      * @param {'local' | 'session' | 'secure' | 'all'} type - Type of storage to clear. Defaults to 'all'.
      */
     this.clearStorage = (type = "all") => __async(this, null, function* () {
       const isAll = type === "all";
-      (isAll || type === "local") && this.platformUtils.localStorage.clear(constants.PREFIX);
-      (isAll || type === "session") && this.platformUtils.sessionStorage.clear(constants.PREFIX);
+      if (isAll || type === "local") {
+        this.platformUtils.localStorage.clear(constants.PREFIX);
+        this.platformUtils.localStorage.clear(constants.PARA_PREFIX);
+      }
+      if (isAll || type === "session") {
+        this.platformUtils.sessionStorage.clear(constants.PREFIX);
+        this.platformUtils.sessionStorage.clear(constants.PARA_PREFIX);
+      }
       if ((isAll || type === "secure") && this.platformUtils.secureStorage) {
         this.platformUtils.secureStorage.clear(constants.PREFIX);
+        this.platformUtils.secureStorage.clear(constants.PARA_PREFIX);
       }
     });
     this.trackError = (methodName, err) => __async(this, null, function* () {
@@ -207,6 +233,7 @@ const _ParaCore = class _ParaCore {
       this.updateWalletIdsFromStorage();
       this.updateSessionCookieFromStorage();
       this.updateLoginEncryptionKeyPairFromStorage();
+      this.updateEnclaveJwtFromStorage();
     };
     this.updateAuthInfoFromStorage = () => {
       var _a;
@@ -226,6 +253,10 @@ const _ParaCore = class _ParaCore {
       }
       __privateSet(this, _authInfo, authInfo);
     };
+    this.updateEnclaveJwtFromStorage = () => {
+      this.enclaveJwt = this.localStorageGetItem(constants.LOCAL_STORAGE_ENCLAVE_JWT) || this.sessionStorageGetItem(constants.LOCAL_STORAGE_ENCLAVE_JWT) || void 0;
+      this.enclaveRefreshJwt = this.localStorageGetItem(constants.LOCAL_STORAGE_ENCLAVE_REFRESH_JWT) || this.sessionStorageGetItem(constants.LOCAL_STORAGE_ENCLAVE_REFRESH_JWT) || void 0;
+    };
     this.updateUserIdFromStorage = () => {
       this.userId = this.localStorageGetItem(constants.LOCAL_STORAGE_USER_ID) || void 0;
     };
@@ -286,6 +317,16 @@ const _ParaCore = class _ParaCore {
       const _externalWallets = JSON.parse(stringExternalWallets || "{}");
       this.setExternalWallets(_externalWallets);
     };
+    this.initializeWorker = () => __async(this, null, function* () {
+      if (!this.isWorkerInitialized && !this.ctx.disableWebSockets && !this.ctx.disableWorkers && !this.isPortal()) {
+        try {
+          this.isWorkerInitialized = true;
+          yield this.platformUtils.initializeWorker(this.ctx);
+        } catch (e) {
+          this.devLog("error initializing worker:", e);
+        }
+      }
+    });
     /**
      * Creates several new wallets with the desired types. If no types are provided, this method
      * will create one for each of the non-optional types specified in the instance's `supportedWalletTypes`
@@ -302,8 +343,29 @@ const _ParaCore = class _ParaCore {
     }) {
       return (yield this.ctx.client.getWalletBalance({ walletId, rpcUrl })).balance;
     });
-    if (!apiKey) {
-      throw new Error("A Para API key is required.");
+    let env, apiKey;
+    const actualArgs = Array.from(arguments).filter((arg) => arg !== void 0);
+    const actualArgumentCount = actualArgs.length;
+    if (actualArgumentCount === 1) {
+      if (Object.values(import_types.Environment).includes(envOrApiKey)) {
+        throw new Error("A Para API key is required.");
+      }
+      env = _ParaCore.resolveEnvironment(void 0, actualArgs[0]);
+      apiKey = actualArgs[0];
+      opts = void 0;
+    } else if (actualArgumentCount === 2) {
+      if (typeof apiKeyOrOpts === "object" && apiKeyOrOpts !== null) {
+        env = _ParaCore.resolveEnvironment(void 0, envOrApiKey);
+        apiKey = envOrApiKey;
+        opts = apiKeyOrOpts;
+      } else {
+        env = _ParaCore.resolveEnvironment(envOrApiKey, apiKeyOrOpts);
+        apiKey = apiKeyOrOpts;
+        opts = void 0;
+      }
+    } else {
+      env = _ParaCore.resolveEnvironment(envOrApiKey, apiKeyOrOpts);
+      apiKey = apiKeyOrOpts;
     }
     if (!opts) opts = {};
     let isE2E = false;
@@ -326,6 +388,7 @@ const _ParaCore = class _ParaCore {
     this.portalTheme = opts.portalTheme;
     this.platformUtils = this.getPlatformUtils();
     this.disableProviderModal = this.platformUtils.disableProviderModal;
+    this.fetchPregenWalletsOverride = opts.fetchPregenWalletsOverride;
     if (opts.useStorageOverrides) {
       this.localStorageGetItem = opts.localStorageGetItemOverride;
       this.localStorageSetItem = opts.localStorageSetItemOverride;
@@ -345,18 +408,41 @@ const _ParaCore = class _ParaCore {
         cookie
       );
     };
+    this.persistEnclaveJwt = (jwt) => {
+      this.enclaveJwt = jwt;
+      (opts.useSessionStorage ? this.sessionStorageSetItem : this.localStorageSetItem)(
+        constants.LOCAL_STORAGE_ENCLAVE_JWT,
+        jwt
+      );
+    };
+    this.persistEnclaveRefreshJwt = (refreshJwt) => {
+      this.enclaveRefreshJwt = refreshJwt;
+      (opts.useSessionStorage ? this.sessionStorageSetItem : this.localStorageSetItem)(
+        constants.LOCAL_STORAGE_ENCLAVE_REFRESH_JWT,
+        refreshJwt
+      );
+    };
+    const client = (0, import_userManagementClient.initClient)({
+      env,
+      version: _ParaCore.version,
+      apiKey,
+      partnerId: this.isPortal(env) ? opts.portalPartnerId : void 0,
+      useFetchAdapter: !!opts.disableWorkers,
+      retrieveSessionCookie: this.retrieveSessionCookie,
+      persistSessionCookie: this.persistSessionCookie
+    });
+    const enclaveClient = new import_enclave.EnclaveClient({
+      userManagementClient: client,
+      retrieveJwt: this.retrieveEnclaveJwt,
+      persistJwt: this.persistEnclaveJwt,
+      retrieveRefreshJwt: this.retrieveEnclaveRefreshJwt,
+      persistRefreshJwt: this.persistEnclaveRefreshJwt
+    });
     this.ctx = {
       env,
       apiKey,
-      client: (0, import_userManagementClient.initClient)({
-        env,
-        version: _ParaCore.version,
-        apiKey,
-        partnerId: this.isPortal(env) ? opts.portalPartnerId : void 0,
-        useFetchAdapter: !!opts.disableWorkers,
-        retrieveSessionCookie: this.retrieveSessionCookie,
-        persistSessionCookie: this.persistSessionCookie
-      }),
+      client,
+      enclaveClient,
       disableWorkers: opts.disableWorkers,
       offloadMPCComputationURL: opts.offloadMPCComputationURL,
       useLocalFiles: opts.useLocalFiles,
@@ -391,6 +477,9 @@ const _ParaCore = class _ParaCore {
       ]);
     }
   }
+  setModalError(_error) {
+    return;
+  }
   get authInfo() {
     return __privateGet(this, _authInfo);
   }
@@ -417,8 +506,15 @@ const _ParaCore = class _ParaCore {
   get externalWalletConnectionType() {
     if (this.isExternalWalletAuth) {
       return "AUTHENTICATED";
+    } else if (this.isExternalWalletWithVerification) {
+      return "VERIFICATION";
     } else if (!!Object.keys(this.externalWallets).length) {
-      return "CONNECTION_ONLY";
+      const hasEmbeddedWallets = Object.keys(this.wallets).some((id) => !this.wallets[id].isExternal);
+      if (hasEmbeddedWallets) {
+        return "NONE";
+      } else {
+        return "CONNECTION_ONLY";
+      }
     }
     return "NONE";
   }
@@ -439,16 +535,28 @@ const _ParaCore = class _ParaCore {
     return (0, import_user_management_client.isTelegram)((_a = this.authInfo) == null ? void 0 : _a.auth);
   }
   get isExternalWalletAuth() {
-    var _a;
-    return (0, import_user_management_client.isExternalWallet)((_a = __privateGet(this, _authInfo)) == null ? void 0 : _a.auth);
+    var _a, _b, _c;
+    return (0, import_user_management_client.isExternalWallet)((_a = __privateGet(this, _authInfo)) == null ? void 0 : _a.auth) && !!((_c = (_b = __privateGet(this, _authInfo)) == null ? void 0 : _b.externalWallet) == null ? void 0 : _c.withFullParaAuth);
+  }
+  get isExternalWalletWithVerification() {
+    var _a, _b, _c;
+    return (0, import_user_management_client.isExternalWallet)((_a = __privateGet(this, _authInfo)) == null ? void 0 : _a.auth) && !!((_c = (_b = __privateGet(this, _authInfo)) == null ? void 0 : _b.externalWallet) == null ? void 0 : _c.withVerification);
   }
   get partnerId() {
     var _a;
-    return (_a = __privateGet(this, _partner)) == null ? void 0 : _a.id;
+    return (_a = this.partner) == null ? void 0 : _a.id;
+  }
+  get partnerName() {
+    var _a;
+    return (_a = this.partner) == null ? void 0 : _a.displayName;
+  }
+  get partnerLogo() {
+    var _a;
+    return (_a = this.partner) == null ? void 0 : _a.logoUrl;
   }
   get currentWalletIdsArray() {
     var _a, _b;
-    return ((_b = (_a = __privateGet(this, _partner)) == null ? void 0 : _a.supportedWalletTypes) != null ? _b : Object.keys(this.currentWalletIds).map((type) => ({ type }))).reduce(
+    return ((_b = (_a = this.partner) == null ? void 0 : _a.supportedWalletTypes) != null ? _b : Object.keys(this.currentWalletIds).map((type) => ({ type }))).reduce(
       (acc, { type }) => {
         var _a2;
         return [
@@ -488,19 +596,23 @@ const _ParaCore = class _ParaCore {
   }
   get isNoWalletConfig() {
     var _a;
-    return !!((_a = __privateGet(this, _partner)) == null ? void 0 : _a.supportedWalletTypes) && __privateGet(this, _partner).supportedWalletTypes.length === 0;
+    return !!((_a = this.partner) == null ? void 0 : _a.supportedWalletTypes) && this.partner.supportedWalletTypes.length === 0;
   }
   get supportedWalletTypes() {
     var _a, _b;
-    return (_b = (_a = __privateGet(this, _partner)) == null ? void 0 : _a.supportedWalletTypes) != null ? _b : [];
+    return (_b = (_a = this.partner) == null ? void 0 : _a.supportedWalletTypes) != null ? _b : [];
   }
   get cosmosPrefix() {
     var _a;
-    return (_a = __privateGet(this, _partner)) == null ? void 0 : _a.cosmosPrefix;
+    return (_a = this.partner) == null ? void 0 : _a.cosmosPrefix;
+  }
+  get supportedAccountLinks() {
+    var _a, _b;
+    return (_b = (_a = this.partner) == null ? void 0 : _a.supportedAccountLinks) != null ? _b : [...import_user_management_client.LINKED_ACCOUNT_TYPES];
   }
   get isWalletTypeEnabled() {
     var _a;
-    return (((_a = __privateGet(this, _partner)) == null ? void 0 : _a.supportedWalletTypes) || []).reduce((acc, { type }) => {
+    return (((_a = this.partner) == null ? void 0 : _a.supportedWalletTypes) || []).reduce((acc, { type }) => {
       return __spreadProps(__spreadValues({}, acc), { [type]: true });
     }, {});
   }
@@ -530,9 +642,7 @@ const _ParaCore = class _ParaCore {
     };
   }
   isPortal(envOverride) {
-    var _a;
-    if (typeof window === "undefined") return false;
-    return !!((_a = window.location) == null ? void 0 : _a.host) && (0, import_utils2.getPortalBaseURL)(envOverride ? { env: envOverride } : this.ctx).includes(window.location.host);
+    return (0, import_utils2.isPortal)(this.ctx, envOverride);
   }
   isParaConnect() {
     var _a;
@@ -549,7 +659,7 @@ const _ParaCore = class _ParaCore {
   }
   isWalletSupported(wallet) {
     var _a, _b;
-    return !((_a = __privateGet(this, _partner)) == null ? void 0 : _a.supportedWalletTypes) || (0, import_utils2.isWalletSupported)((_b = __privateGet(this, _partner).supportedWalletTypes.map(({ type }) => type)) != null ? _b : [], wallet);
+    return !((_a = this.partner) == null ? void 0 : _a.supportedWalletTypes) || (0, import_utils2.isWalletSupported)((_b = this.partner.supportedWalletTypes.map(({ type }) => type)) != null ? _b : [], wallet);
   }
   isWalletOwned(wallet) {
     return this.isWalletSupported(wallet) && !(wallet == null ? void 0 : wallet.pregenIdentifier) && !(wallet == null ? void 0 : wallet.pregenIdentifierType) && !!this.userId && (wallet == null ? void 0 : wallet.userId) === this.userId;
@@ -575,12 +685,12 @@ const _ParaCore = class _ParaCore {
     } else {
       const wallet = this.wallets[walletId];
       const [isUnclaimed, isOwned] = [this.isPregenWalletUnclaimed(wallet), this.isWalletOwned(wallet)];
-      if (forbidPregen && isUnclaimed) {
+      if (forbidPregen && isUnclaimed && wallet.pregenIdentifierType !== "GUEST_ID") {
         error = `pre-generated wallet with id ${wallet == null ? void 0 : wallet.id} cannot be selected`;
       } else if (!isOwned && !isUnclaimed) {
         error = `wallet with id ${wallet == null ? void 0 : wallet.id} is not owned by the current user`;
       } else if (!this.isWalletSupported(wallet)) {
-        error = `wallet with id ${wallet.id} and type ${wallet.type} is not supported, supported types are: ${(((_b = __privateGet(this, _partner)) == null ? void 0 : _b.supportedWalletTypes) || []).map(({ type }) => type).join(", ")}`;
+        error = `wallet with id ${wallet.id} and type ${wallet.type} is not supported, supported types are: ${(((_b = this.partner) == null ? void 0 : _b.supportedWalletTypes) || []).map(({ type }) => type).join(", ")}`;
       } else if (types && (!(0, import_utils2.getEquivalentTypes)(types).includes(wallet == null ? void 0 : wallet.type) || isOwned && !types.some((type) => {
         var _a2, _b2;
         return (_b2 = (_a2 = this.currentWalletIds) == null ? void 0 : _a2[type]) == null ? void 0 : _b2.includes(walletId);
@@ -598,6 +708,9 @@ const _ParaCore = class _ParaCore {
     }
     return true;
   }
+  truncateAddress(...args) {
+    return (0, import_utils2.truncateAddress)(args[0], args[1], __spreadValues({ prefix: this.cosmosPrefix }, args[2] || {}));
+  }
   /**
    * Returns the formatted address for the desired wallet ID, depending on your app settings.
    * @param {string} walletId the ID of the wallet address to display.
@@ -611,7 +724,7 @@ const _ParaCore = class _ParaCore {
     if (this.externalWallets[walletId]) {
       const wallet2 = this.externalWallets[walletId];
       return options.truncate ? (0, import_utils2.truncateAddress)(wallet2.address, wallet2.type, {
-        prefix: (_a = __privateGet(this, _partner)) == null ? void 0 : _a.cosmosPrefix,
+        prefix: (_a = this.partner) == null ? void 0 : _a.cosmosPrefix,
         targetLength: options.targetLength
       }) : wallet2.address;
     }
@@ -623,7 +736,7 @@ const _ParaCore = class _ParaCore {
     let prefix;
     switch (wallet.type) {
       case "COSMOS":
-        prefix = (_d = (_c = options.cosmosPrefix) != null ? _c : (_b = __privateGet(this, _partner)) == null ? void 0 : _b.cosmosPrefix) != null ? _d : "cosmos";
+        prefix = (_d = (_c = options.cosmosPrefix) != null ? _c : (_b = this.partner) == null ? void 0 : _b.cosmosPrefix) != null ? _d : "cosmos";
         str = (0, import_utils2.getCosmosAddress)(wallet.publicKey, prefix);
         break;
       default:
@@ -656,30 +769,55 @@ const _ParaCore = class _ParaCore {
   }
   constructPortalUrl(_0) {
     return __async(this, arguments, function* (type, opts = {}) {
-      var _a, _b, _c, _d, _e, _f, _g, _h, _i, _j, _k, _l, _m;
-      const [isCreate, isLogin, isOnRamp] = [
-        ["createAuth", "createPassword"].includes(type),
-        ["loginAuth", "loginPassword"].includes(type),
-        type === "onRamp"
+      var _a, _b, _c, _d, _e, _f, _g, _h, _i, _j, _k, _l, _m, _n;
+      const [
+        isCreate,
+        isLogin,
+        isOnRamp,
+        isOAuth,
+        isOAuthCallback,
+        isTelegramLogin,
+        isFarcasterLogin,
+        isAddNewCredential,
+        isSwitchWallets,
+        isExportPrivateKey
+      ] = [
+        ["createAuth", "createPassword", "createPIN"].includes(type),
+        ["loginAuth", "loginPassword", "loginPIN", "loginOTP", "switchWallets", "loginExternalWallet"].includes(type),
+        type === "onRamp",
+        type === "oAuth",
+        type === "oAuthCallback",
+        ["telegramLogin", "telegramLoginVerify"].includes(type),
+        type === "loginFarcaster",
+        type === "addNewCredential",
+        type === "switchWallets",
+        type === "exportPrivateKey"
       ];
+      if (isOAuth && !opts.oAuthMethod) {
+        throw new Error("oAuthMethod is required for oAuth portal URLs");
+      }
       if (isCreate || isLogin) {
         this.assertIsAuthSet();
       }
       let sessionId = opts.sessionId;
-      if ((isLogin || isOnRamp) && !sessionId) {
+      if ((isLogin || isOnRamp || isTelegramLogin || isFarcasterLogin || isExportPrivateKey) && !sessionId) {
         const session = yield this.touchSession(true);
         sessionId = session.sessionId;
       }
       if (!this.loginEncryptionKeyPair) {
         yield this.setLoginEncryptionKeyPair();
       }
-      const base = type === "onRamp" ? (0, import_utils2.getPortalBaseURL)(this.ctx) : yield this.getPortalURL();
+      const base = type === "onRamp" || isTelegramLogin ? (0, import_utils2.getPortalBaseURL)(this.ctx, isTelegramLogin) : yield this.getPortalURL();
       let path;
       switch (type) {
         case "createPassword": {
           path = `/web/users/${this.userId}/passwords/${opts.pathId}`;
           break;
         }
+        case "createPIN": {
+          path = `/web/users/${this.userId}/pin/${opts.pathId}`;
+          break;
+        }
         case "createAuth": {
           path = `/web/users/${this.userId}/biometrics/${opts.pathId}`;
           break;
@@ -692,42 +830,102 @@ const _ParaCore = class _ParaCore {
           path = "/web/biometrics/login";
           break;
         }
+        case "loginPIN": {
+          path = "/web/pin/login";
+          break;
+        }
         case "txReview": {
           path = `/web/users/${this.userId}/transaction-review/${opts.pathId}`;
           break;
         }
         case "onRamp": {
-          path = `/web/users/${this.userId}/on-ramp-transaction/${opts.pathId}`;
+          path = `/web/users/${this.userId}/on-ramp-transaction/v2/${opts.pathId}`;
+          break;
+        }
+        case "telegramLoginVerify": {
+          path = `/auth/telegram/verify`;
+          break;
+        }
+        case "telegramLogin": {
+          path = `/auth/telegram`;
+          break;
+        }
+        case "oAuth": {
+          path = `/auth/${opts.oAuthMethod.toLowerCase()}`;
+          break;
+        }
+        case "oAuthCallback": {
+          path = `/auth/${opts.oAuthMethod.toLowerCase()}/callback`;
+          break;
+        }
+        case "loginOTP": {
+          path = "/auth/otp";
+          break;
+        }
+        case "loginFarcaster": {
+          path = "/auth/farcaster";
+          break;
+        }
+        case "switchWallets": {
+          path = `/auth/wallets`;
+          break;
+        }
+        case "addNewCredential": {
+          path = "/auth/add-new-credential";
+          break;
+        }
+        case "exportPrivateKey": {
+          path = `/web/users/${this.userId}/private-key/${opts.pathId}`;
+          break;
+        }
+        case "loginExternalWallet": {
+          path = "/auth/external-wallet";
+          break;
+        }
+        case "connectExternalWallet": {
+          path = "/auth/connect-external-wallet";
           break;
         }
         default: {
           throw new Error(`invalid URL type ${type}`);
         }
       }
-      const partner = yield __privateMethod(this, _ParaCore_instances, assertPartner_fn).call(this);
+      let partner = void 0;
+      try {
+        partner = yield __privateMethod(this, _ParaCore_instances, assertPartner_fn).call(this);
+      } catch (e) {
+        if (this.isPartnerOptional) {
+          partner = void 0;
+        } else {
+          throw e;
+        }
+      }
       const thisDevice = (_a = opts.thisDevice) != null ? _a : {
         encryptionKey: (0, import_utils.getPublicKeyHex)(this.loginEncryptionKeyPair),
         sessionId
       };
-      const params = __spreadValues(__spreadValues(__spreadValues(__spreadValues({
+      const params = __spreadValues(__spreadValues(__spreadValues(__spreadValues(__spreadValues(__spreadValues(__spreadValues(__spreadValues(__spreadValues(__spreadValues(__spreadProps(__spreadValues({
         apiKey: this.ctx.apiKey,
-        partnerId: partner.id,
-        portalFont: ((_b = opts.portalTheme) == null ? void 0 : _b.font) || (partner == null ? void 0 : partner.font) || ((_c = this.portalTheme) == null ? void 0 : _c.font),
-        portalBorderRadius: ((_d = opts.portalTheme) == null ? void 0 : _d.borderRadius) || ((_e = this.portalTheme) == null ? void 0 : _e.borderRadius),
-        portalThemeMode: ((_f = opts.portalTheme) == null ? void 0 : _f.mode) || (partner == null ? void 0 : partner.themeMode) || ((_g = this.portalTheme) == null ? void 0 : _g.mode),
-        portalAccentColor: ((_h = opts.portalTheme) == null ? void 0 : _h.accentColor) || (partner == null ? void 0 : partner.accentColor) || ((_i = this.portalTheme) == null ? void 0 : _i.accentColor),
-        portalForegroundColor: ((_j = opts.portalTheme) == null ? void 0 : _j.foregroundColor) || (partner == null ? void 0 : partner.foregroundColor) || ((_k = this.portalTheme) == null ? void 0 : _k.foregroundColor),
-        portalBackgroundColor: ((_l = opts.portalTheme) == null ? void 0 : _l.backgroundColor) || (partner == null ? void 0 : partner.backgroundColor) || this.portalBackgroundColor || ((_m = this.portalTheme) == null ? void 0 : _m.backgroundColor),
+        origin: typeof window !== "undefined" ? window.location.origin : void 0,
+        partnerId: partner == null ? void 0 : partner.id
+      }, typeof window !== "undefined" && ((_b = window.location) == null ? void 0 : _b.origin) ? { origin: window.location.origin } : {}), {
+        portalFont: ((_c = opts.portalTheme) == null ? void 0 : _c.font) || ((_d = this.portalTheme) == null ? void 0 : _d.font) || (partner == null ? void 0 : partner.font),
+        portalBorderRadius: ((_e = opts.portalTheme) == null ? void 0 : _e.borderRadius) || ((_f = this.portalTheme) == null ? void 0 : _f.borderRadius),
+        portalThemeMode: ((_g = opts.portalTheme) == null ? void 0 : _g.mode) || ((_h = this.portalTheme) == null ? void 0 : _h.mode) || (partner == null ? void 0 : partner.themeMode),
+        portalAccentColor: ((_i = opts.portalTheme) == null ? void 0 : _i.accentColor) || ((_j = this.portalTheme) == null ? void 0 : _j.accentColor) || (partner == null ? void 0 : partner.accentColor),
+        portalForegroundColor: ((_k = opts.portalTheme) == null ? void 0 : _k.foregroundColor) || ((_l = this.portalTheme) == null ? void 0 : _l.foregroundColor) || (partner == null ? void 0 : partner.foregroundColor),
+        portalBackgroundColor: ((_m = opts.portalTheme) == null ? void 0 : _m.backgroundColor) || ((_n = this.portalTheme) == null ? void 0 : _n.backgroundColor) || (partner == null ? void 0 : partner.backgroundColor) || this.portalBackgroundColor,
         portalPrimaryButtonColor: this.portalPrimaryButtonColor,
         portalTextColor: this.portalTextColor,
         portalPrimaryButtonTextColor: this.portalPrimaryButtonTextColor,
         isForNewDevice: opts.isForNewDevice ? opts.isForNewDevice.toString() : void 0
-      }, isCreate || isLogin ? __spreadProps(__spreadValues({
+      }), this.authInfo && (isCreate || isLogin || isAddNewCredential || isOAuthCallback || isSwitchWallets || isExportPrivateKey) ? __spreadProps(__spreadValues({
         authInfo: JSON.stringify(this.authInfo)
       }, (0, import_user_management_client.isPhone)(this.authInfo.auth) ? (0, import_utils2.splitPhoneNumber)(this.authInfo.auth.phone) : this.authInfo.auth), {
         pfpUrl: this.authInfo.pfpUrl,
-        displayName: this.authInfo.displayName
-      }) : {}), isOnRamp ? { sessionId } : {}), isLogin ? __spreadProps(__spreadValues({
+        displayName: this.authInfo.displayName,
+        userId: this.userId
+      }) : {}), isOnRamp ? { email: this.email } : {}), isLogin || isOAuth || isOAuthCallback || isTelegramLogin || isFarcasterLogin || isAddNewCredential ? __spreadProps(__spreadValues({
         sessionId: thisDevice.sessionId,
         encryptionKey: thisDevice.encryptionKey
       }, opts.newDevice ? {
@@ -735,7 +933,17 @@ const _ParaCore = class _ParaCore {
         newDeviceEncryptionKey: opts.newDevice.encryptionKey
       } : {}), {
         pregenIds: JSON.stringify(this.pregenIds)
-      }) : {}), opts.params || {});
+      }) : {}), isOAuth || isOAuthCallback || isFarcasterLogin ? {
+        appScheme: opts.appScheme
+      } : {}), isTelegramLogin ? { isEmbed: "true" } : {}), isSwitchWallets ? __spreadValues(__spreadValues({}, this.currentWalletIds ? { currentWalletIds: JSON.stringify(this.currentWalletIds) } : {}), this.userId ? { userId: this.userId } : {}) : {}), opts.params || {}), isAddNewCredential ? __spreadProps(__spreadValues({}, opts.addNewCredentialType && { addNewCredentialType: opts.addNewCredentialType.toString() }), {
+        addNewCredentialPasskeyId: opts.addNewCredentialPasskeyId,
+        addNewCredentialPasswordId: opts.addNewCredentialPasswordId
+      }) : {}), isLogin && {
+        // Prior versions won't have this param which will skip the upgrade prompt
+        isBasicLoginUpgradeVersion: "true"
+      }), isExportPrivateKey ? {
+        sessionId: thisDevice.sessionId
+      } : {});
       const url = (0, import_utils2.constructUrl)({ base, path, params });
       if (opts.shorten) {
         return (0, import_utils2.shortenUrl)(this.ctx, url);
@@ -743,12 +951,75 @@ const _ParaCore = class _ParaCore {
       return url;
     });
   }
+  static resolveEnvironment(env, apiKey) {
+    var _a;
+    if (!apiKey) {
+      throw new Error("A Para API key is required.");
+    }
+    if (apiKey.includes("_")) {
+      const validEnvironmentPrefixes = Object.values(import_types.Environment);
+      const envPrefix = (_a = apiKey.split("_")[0]) == null ? void 0 : _a.toUpperCase();
+      const hasValidPrefix = validEnvironmentPrefixes.some((envValue) => envValue === envPrefix);
+      if (!hasValidPrefix) {
+        throw new Error(`Invalid API key environment prefix.`);
+      }
+      return envPrefix;
+    }
+    if (!env) {
+      throw new Error("Environment parameter is required.");
+    }
+    return env;
+  }
   touchSession(regenerate = false) {
     return __async(this, null, function* () {
-      var _a, _b, _c;
-      const session = yield this.ctx.client.touchSession(regenerate);
-      if (!__privateGet(this, _partner) || ((_a = __privateGet(this, _partner)) == null ? void 0 : _a.id) !== session.partnerId || !(0, import_utils2.supportedWalletTypesEq)(((_b = __privateGet(this, _partner)) == null ? void 0 : _b.supportedWalletTypes) || [], session.supportedWalletTypes) || (((_c = __privateGet(this, _partner)) == null ? void 0 : _c.cosmosPrefix) || "cosmos") !== session.cosmosPrefix) {
-        yield __privateMethod(this, _ParaCore_instances, getPartner_fn).call(this, session.partnerId);
+      var _a, _b, _c, _d, _e;
+      if (!this.isWorkerInitialized) {
+        this.initializeWorker();
+      }
+      if (!this.isReady) {
+        yield this.ready();
+      }
+      let session;
+      try {
+        session = yield this.ctx.client.touchSession(regenerate);
+      } catch (error) {
+        this.handleTouchSessionError(error);
+        throw error;
+      }
+      if (!this.partner || ((_a = this.partner) == null ? void 0 : _a.id) !== session.partnerId || !(0, import_utils2.supportedWalletTypesEq)(((_b = this.partner) == null ? void 0 : _b.supportedWalletTypes) || [], session.supportedWalletTypes) || (((_c = this.partner) == null ? void 0 : _c.cosmosPrefix) || "cosmos") !== session.cosmosPrefix) {
+        if (!session.partnerId && !this.isPortal()) {
+          this.displayModalError(
+            `Invalid API Key. Please ensure you have a valid API key for the current environment: ${(_d = this.ctx.env) == null ? void 0 : _d.toUpperCase()}.`
+          );
+          console.error(`
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+\u{1F6A8} PARA SDK CONFIGURATION ERROR \u{1F6A8}
+
+INVALID API KEY FOR CONFIGURED ENVIRONMENT
+
+Your API key does not match the configured environment. This usually means:
+
+1. You're using a production API key with a development environment
+2. You're using a development API key with a production environment  
+3. Your API key is invalid or has been regenerated
+
+SOLUTION:
+\u2022 Verify your API key at: https://developer.getpara.com
+\u2022 If your API key doesn't contain an environment prefix, ensure your API key is the correct key for your target environment
+
+Current Environment: ${this.ctx.env}
+API Key Prefix: ${((_e = this.ctx.apiKey) == null ? void 0 : _e.split("_")[0].toUpperCase()) || "None"}
+
+Need help? Visit: https://docs.getpara.com or contact support
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+        `);
+          throw new Error("Invalid API Key.");
+        } else {
+          yield __privateMethod(this, _ParaCore_instances, getPartner_fn).call(this, session.partnerId);
+        }
+      }
+      if (session.currentWalletIds && !(0, import_utils2.currentWalletIdsEq)(session.currentWalletIds, this.currentWalletIds)) {
+        yield this.setCurrentWalletIds(session.currentWalletIds);
       }
       return session;
     });
@@ -847,8 +1118,35 @@ const _ParaCore = class _ParaCore {
       return __privateGet(this, _authInfo);
     });
   }
-  assertUserId() {
-    if (!this.userId) {
+  /**
+   * Display an error message in the modal (if available)
+   * @internal
+   */
+  displayModalError(error) {
+    if (this.ctx.env !== import_types.Environment.PROD) {
+      this.setModalError(error);
+    }
+  }
+  /**
+   * Handle specific touchSession errors with user-friendly messages
+   * @private
+   */
+  handleTouchSessionError(error) {
+    const errorStr = String(error);
+    const errorMessage = error instanceof Error ? error.message : "";
+    if (errorStr.includes("blocked by CORS policy") && errorStr.includes("Access-Control-Allow-Origin")) {
+      this.displayModalError("Request rate limit reached. Please wait a couple of minutes and try again.");
+      return;
+    }
+    if (error.status === 403 && errorMessage.includes("origin not authorized")) {
+      this.displayModalError(
+        "The current origin is not allowed. Update your allowed origins in the Para developer portal to allow the current origin."
+      );
+      return;
+    }
+  }
+  assertUserId({ allowGuestMode = false } = {}) {
+    if (!this.userId || !allowGuestMode && this.isGuestMode) {
       throw new Error("no userId is set");
     }
     return this.userId;
@@ -904,19 +1202,75 @@ const _ParaCore = class _ParaCore {
    * @param externalAddress - External wallet address to set.
    * @param externalType - Type of external wallet to set.
    */
-  setExternalWallet(_0) {
-    return __async(this, arguments, function* ({ address, type, provider, addressBech32, withFullParaAuth }) {
-      this.externalWallets = {
-        [address]: {
-          id: address,
-          address: addressBech32 != null ? addressBech32 : address,
+  setExternalWallet(externalWallet) {
+    return __async(this, null, function* () {
+      const { id: partnerId, supportedWalletTypes } = yield __privateMethod(this, _ParaCore_instances, assertPartner_fn).call(this);
+      this.externalWallets = (Array.isArray(externalWallet) ? externalWallet : [externalWallet]).reduce(
+        (acc, {
+          partnerId: wPartnerId,
+          address,
           type,
-          name: provider,
-          isExternal: true,
-          isExternalWithParaAuth: withFullParaAuth,
-          signer: ""
+          provider,
+          providerId,
+          addressBech32,
+          withFullParaAuth,
+          isConnectionOnly,
+          withVerification
+        }) => {
+          if (partnerId === wPartnerId && supportedWalletTypes.some(({ type: supportedType }) => supportedType === type)) {
+            return __spreadProps(__spreadValues({}, acc), {
+              [address]: {
+                id: address,
+                partnerId,
+                address: addressBech32 != null ? addressBech32 : address,
+                type,
+                name: provider,
+                isExternal: true,
+                isExternalWithParaAuth: withFullParaAuth,
+                externalProviderId: providerId,
+                signer: "",
+                isExternalConnectionOnly: isConnectionOnly,
+                isExternalWithVerification: withVerification
+              }
+            });
+          }
+          return acc;
+        },
+        {}
+      ), this.setExternalWallets(this.externalWallets);
+      (0, import_utils2.dispatchEvent)(import_types.ParaEvent.EXTERNAL_WALLET_CHANGE_EVENT, null);
+    });
+  }
+  addExternalWallets(externalWallets) {
+    return __async(this, null, function* () {
+      const { id: partnerId, supportedWalletTypes } = yield __privateMethod(this, _ParaCore_instances, assertPartner_fn).call(this);
+      this.externalWallets = __spreadValues(__spreadValues({}, Object.entries(this.externalWallets).reduce((acc, [address, wallet]) => {
+        if (partnerId === wallet.partnerId && supportedWalletTypes.some(({ type }) => type === wallet.type)) {
+          return __spreadProps(__spreadValues({}, acc), {
+            [address]: wallet
+          });
         }
-      };
+        return acc;
+      }, {})), externalWallets.reduce(
+        (acc, { address, type, provider, providerId, addressBech32, withFullParaAuth, isConnectionOnly, withVerification }) => {
+          return __spreadProps(__spreadValues({}, acc), {
+            [address]: {
+              id: address,
+              partnerId,
+              address: addressBech32 != null ? addressBech32 : address,
+              type,
+              name: provider,
+              isExternal: true,
+              isExternalWithParaAuth: withFullParaAuth,
+              externalProviderId: providerId,
+              signer: "",
+              isExternalConnectionOnly: isConnectionOnly,
+              isExternalWithVerification: withVerification
+            }
+          });
+        },
+        {}
+      ));
       this.setExternalWallets(this.externalWallets);
       (0, import_utils2.dispatchEvent)(import_types.ParaEvent.EXTERNAL_WALLET_CHANGE_EVENT, null);
     });
@@ -947,12 +1301,16 @@ const _ParaCore = class _ParaCore {
   }
   /**
    * Sets the external wallets associated with the `ParaCore` instance.
-   * @param externalWallets - External wallets to set.
+   * @param externalWallets - External wallets to set, or a function that modifies the current wallets.
    */
   setExternalWallets(externalWallets) {
     return __async(this, null, function* () {
-      this.externalWallets = externalWallets;
-      yield this.localStorageSetItem(constants.LOCAL_STORAGE_EXTERNAL_WALLETS, JSON.stringify(externalWallets));
+      if (typeof externalWallets === "function") {
+        this.externalWallets = externalWallets(this.externalWallets);
+      } else {
+        this.externalWallets = externalWallets;
+      }
+      yield this.localStorageSetItem(constants.LOCAL_STORAGE_EXTERNAL_WALLETS, JSON.stringify(this.externalWallets));
     });
   }
   /**
@@ -1028,6 +1386,7 @@ const _ParaCore = class _ParaCore {
   /**
    * Fetches the most recent OAuth account metadata for the signed-in user.
    * If applicable, this will include the user's most recent metadata from their Google, Apple, Facebook, X, Discord, Farcaster, or Telegram account, the last time they signed in to your app.
+   * @deprecated use `para.getLinkedAccounts({ withMetadata: true })` instead.
    * @returns {Promise<AccountMetadata>} the user's account metadata.
    */
   getAccountMetadata() {
@@ -1120,14 +1479,27 @@ const _ParaCore = class _ParaCore {
       ...[...this.currentWalletIdsArray, ...__privateGet(this, _ParaCore_instances, guestWalletIdsArray_get)].map(([address, type]) => [address, type, false]).map(([id, type]) => {
         const wallet = this.findWallet(id, type);
         if (!wallet) return null;
+        const name = wallet.name;
+        const address = this.getDisplayAddress(id, { addressType: type });
+        const addressShort = this.getDisplayAddress(id, { addressType: type, truncate: true });
         return {
           id: wallet.id,
+          partner: wallet.partner,
           type,
-          address: this.getDisplayAddress(id, { addressType: type }),
-          name: wallet.name
+          address,
+          name,
+          addressShort,
+          displayName: name != null ? name : addressShort,
+          ensName: wallet.ensName,
+          ensAvatar: wallet.ensAvatar
         };
       }).filter((obj) => obj !== null),
-      ...Object.values((_a = this.externalWallets) != null ? _a : {})
+      ...Object.values((_a = this.externalWallets) != null ? _a : {}).map((wallet) => {
+        return __spreadProps(__spreadValues({}, wallet), {
+          addressShort: (0, import_utils2.truncateAddress)(wallet.address, wallet.type, { prefix: this.cosmosPrefix }),
+          displayName: wallet.externalProviderId
+        });
+      })
     ];
   }
   /**
@@ -1173,8 +1545,15 @@ const _ParaCore = class _ParaCore {
   }
   getPartnerURL() {
     return __async(this, null, function* () {
-      const { portalUrl } = yield __privateMethod(this, _ParaCore_instances, assertPartner_fn).call(this);
-      return portalUrl;
+      try {
+        const { portalUrl } = yield __privateMethod(this, _ParaCore_instances, assertPartner_fn).call(this);
+        return portalUrl;
+      } catch (e) {
+        if (this.isPartnerOptional) {
+          return void 0;
+        }
+        throw e;
+      }
     });
   }
   /**
@@ -1219,13 +1598,13 @@ const _ParaCore = class _ParaCore {
     return __async(this, null, function* () {
       const res = yield this.isPortal() || this.isParaConnect() ? this.ctx.client.getAllWallets(this.userId) : this.ctx.client.getWallets(this.userId, true);
       return res.data.wallets.filter(
-        (wallet) => !!wallet.address && (this.isParaConnect() || !this.isParaConnect() && this.isWalletSupported((0, import_utils2.entityToWallet)(wallet)))
+        (wallet) => !!wallet.address && wallet.sharesPersisted && (this.isParaConnect() || !this.isParaConnect() && this.isWalletSupported((0, import_utils2.entityToWallet)(wallet)))
       );
     });
   }
   populateWalletAddresses() {
     return __async(this, null, function* () {
-      const res = yield this.ctx.client.getWallets(this.userId, true);
+      const res = yield (this.isPortal() ? this.ctx.client.getAllWallets : this.ctx.client.getWallets)(this.userId, true);
       const wallets = res.data.wallets;
       wallets.forEach((entity) => {
         if (this.wallets[entity.id]) {
@@ -1256,65 +1635,143 @@ const _ParaCore = class _ParaCore {
   loginExternalWallet(_a) {
     return __async(this, null, function* () {
       var _b = _a, {
-        externalWallet
+        externalWallet,
+        chainId,
+        uri
       } = _b, urlOptions = __objRest(_b, [
-        "externalWallet"
+        "externalWallet",
+        "chainId",
+        "uri"
       ]);
-      if (this.externalWalletConnectionOnly) {
-        externalWallet.withFullParaAuth = false;
-        yield this.setExternalWallet(externalWallet);
+      const externalWallets = Array.isArray(externalWallet) ? externalWallet : [externalWallet];
+      if (this.externalWalletConnectionOnly || externalWallets.every((wallet) => wallet.isConnectionOnly)) {
+        yield this.addExternalWallets(
+          externalWallets.map((wallet) => __spreadProps(__spreadValues({}, wallet), {
+            withFullParaAuth: false
+          }))
+        );
         return Promise.resolve({
           userId: constants.EXTERNAL_WALLET_CONNECTION_ONLY_USER_ID
         });
       }
+      if (Array.isArray(externalWallet)) {
+        throw new Error(
+          "Cannot authenticate multiple external wallets at once. To connect multiple wallets at once, use CONNECTION_ONLY mode."
+        );
+      }
       this.requireApiKey();
-      const serverAuthState = yield this.ctx.client.loginExternalWallet({ externalWallet });
+      const serverAuthState = yield this.ctx.client.loginExternalWallet({ externalWallet, chainId, uri });
+      if (!externalWallet.withFullParaAuth && externalWallet.withVerification) {
+        yield this.touchSession(true);
+      }
+      if (externalWallet.withFullParaAuth) {
+        yield this.ctx.client.sessionAddPortalVerification();
+      }
       return __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, urlOptions);
     });
   }
-  verifyExternalWallet(_c) {
+  verifyExternalWallet(params) {
     return __async(this, null, function* () {
-      var _d = _c, {
-        externalWallet,
-        signedMessage,
-        cosmosPublicKeyHex,
-        cosmosSigner
-      } = _d, urlOptions = __objRest(_d, [
-        "externalWallet",
-        "signedMessage",
-        "cosmosPublicKeyHex",
-        "cosmosSigner"
-      ]);
-      const serverAuthState = yield this.ctx.client.verifyExternalWallet(this.userId, {
-        externalWallet,
-        signedMessage,
-        cosmosPublicKeyHex,
-        cosmosSigner
-      });
-      return __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, urlOptions);
+      var _c;
+      let serverAuthState;
+      let urlOptions;
+      if ("serverAuthState" in params && params.serverAuthState !== void 0) {
+        const _a = params, { serverAuthState: optsServerAuthState } = _a, rest = __objRest(_a, ["serverAuthState"]);
+        serverAuthState = optsServerAuthState;
+        urlOptions = rest;
+      } else if ("externalWallet" in params) {
+        const _b = params, { externalWallet, signedMessage, cosmosPublicKeyHex, cosmosSigner } = _b, rest = __objRest(_b, ["externalWallet", "signedMessage", "cosmosPublicKeyHex", "cosmosSigner"]);
+        const _serverAuthState = yield this.ctx.client.verifyExternalWallet(this.userId, {
+          externalWallet,
+          signedMessage,
+          cosmosPublicKeyHex,
+          cosmosSigner
+        });
+        serverAuthState = _serverAuthState;
+        urlOptions = rest;
+      }
+      if (serverAuthState.stage === "login" && ((_c = serverAuthState.loginAuthMethods) == null ? void 0 : _c.includes(import_user_management_client.AuthMethod.PIN))) {
+        const { sessionLookupId } = yield this.touchSession();
+        return yield __privateMethod(this, _ParaCore_instances, prepareLoginState_fn).call(this, serverAuthState, __spreadProps(__spreadValues({}, urlOptions), { sessionLookupId }));
+      }
+      let state;
+      try {
+        state = yield __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, urlOptions);
+      } catch (err) {
+        console.error("Error prepping state:", err);
+      }
+      return state;
+    });
+  }
+  verifyExternalWalletLink(opts) {
+    return __async(this, null, function* () {
+      const accountLinkInProgress = yield __privateMethod(this, _ParaCore_instances, assertIsLinkingAccount_fn).call(this, ["EXTERNAL_WALLET"]);
+      if (!accountLinkInProgress.externalWallet) {
+        throw new Error("no external wallet account link in progress");
+      }
+      const accounts = yield this.verifyLink(__spreadValues({
+        accountLinkInProgress,
+        externalWallet: accountLinkInProgress.externalWallet
+      }, opts));
+      return accounts;
     });
   }
+  // TELEGRAM
   /**
    * Validates the response received from an attempted Telegram login for authenticity, then
    * creates or retrieves the corresponding Para user and prepares the Para instance to sign in with that user.
    * @param authResponse - the response JSON object received from the Telegram widget.
    * @returns `{ isValid: boolean; telegramUserId?: string; userId?: string; isNewUser?: boolean; supportedAuthMethods?: AuthMethod[]; biometricHints?: BiometricLocationHint[] }`
    */
-  verifyTelegram(_e) {
+  verifyTelegramProcess(_c) {
     return __async(this, null, function* () {
-      var _f = _e, {
-        telegramAuthResponse
-      } = _f, urlOptions = __objRest(_f, [
-        "telegramAuthResponse"
+      var _d = _c, {
+        serverAuthState: optsServerAuthState,
+        telegramAuthResponse,
+        isLinkAccount
+      } = _d, urlOptions = __objRest(_d, [
+        "serverAuthState",
+        "telegramAuthResponse",
+        "isLinkAccount"
       ]);
       try {
-        const serverAuthState = yield this.ctx.client.verifyTelegram(telegramAuthResponse);
-        return __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, urlOptions);
+        switch (isLinkAccount) {
+          case false: {
+            if (!optsServerAuthState && !telegramAuthResponse) {
+              throw new Error("one of serverAuthState or telegramAuthResponse are required for verifying telegram");
+            }
+            const serverAuthState = optsServerAuthState != null ? optsServerAuthState : yield this.ctx.client.verifyTelegram({ authObject: telegramAuthResponse });
+            const { sessionLookupId } = yield this.touchSession();
+            return __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, __spreadProps(__spreadValues({}, urlOptions), { sessionLookupId }));
+          }
+          case true: {
+            if (!telegramAuthResponse) {
+              throw new Error("telegramAuthResponse is required for verifying telegram link");
+            }
+            const accountLinkInProgress = yield __privateMethod(this, _ParaCore_instances, assertIsLinkingAccountOrStart_fn).call(this, "TELEGRAM");
+            const accounts = yield this.verifyLink({
+              accountLinkInProgress,
+              telegramAuthResponse
+            });
+            return accounts;
+          }
+        }
       } catch (e) {
-        throw new Error(e.message);
+        const errorMessage = e instanceof Error ? e.message : e ? String(e) : "Unknown error occurred";
+        throw new Error(errorMessage);
       }
     });
   }
+  verifyTelegram(opts) {
+    return __async(this, null, function* () {
+      return yield this.verifyTelegramProcess(__spreadProps(__spreadValues({}, opts), { isLinkAccount: false }));
+    });
+  }
+  verifyTelegramLink(opts) {
+    return __async(this, null, function* () {
+      return yield this.verifyTelegramProcess(__spreadProps(__spreadValues({}, opts), { isLinkAccount: true }));
+    });
+  }
   /**
    * Performs 2FA verification.
    * @param {Object} opts the options object
@@ -1358,10 +1815,35 @@ const _ParaCore = class _ParaCore {
   /**
    * Resend a verification email for the current user.
    */
-  resendVerificationCode() {
-    return __async(this, null, function* () {
+  resendVerificationCode(_0) {
+    return __async(this, arguments, function* ({
+      type: reason = "SIGNUP"
+    }) {
+      let type, linkedAccountId;
+      switch (reason) {
+        case "SIGNUP":
+        case "LOGIN":
+          {
+            const authInfo = this.assertIsAuthSet(["email", "phone"]);
+            type = authInfo.authType.toUpperCase();
+          }
+          break;
+        case "LINK_ACCOUNT":
+          {
+            const accountLinkInProgress = __privateMethod(this, _ParaCore_instances, assertIsLinkingAccount_fn).call(this, ["EMAIL", "PHONE"]);
+            linkedAccountId = accountLinkInProgress.id;
+            type = accountLinkInProgress.type;
+          }
+          break;
+      }
+      const userId = this.assertUserId({ allowGuestMode: true });
+      if (type !== "EMAIL" && type !== "PHONE") {
+        throw new Error("invalid auth type for verification code");
+      }
       yield this.ctx.client.resendVerificationCode(__spreadValues({
-        userId: this.userId
+        userId,
+        type,
+        linkedAccountId
       }, this.getVerificationEmailProps()));
     });
   }
@@ -1374,7 +1856,14 @@ const _ParaCore = class _ParaCore {
       if (this.externalWalletConnectionType === "CONNECTION_ONLY") {
         return true;
       }
-      const { isAuthenticated } = yield this.touchSession();
+      const { isAuthenticated, verifiedExternalWalletAddresses } = yield this.touchSession();
+      if (this.externalWalletConnectionType === "VERIFICATION") {
+        if (!verifiedExternalWalletAddresses) {
+          return false;
+        }
+        const externalAddresses = Object.values(this.externalWallets).map((w) => w.id);
+        return externalAddresses.every((address) => verifiedExternalWalletAddresses.includes(address));
+      }
       return !!isAuthenticated;
     });
   }
@@ -1385,23 +1874,57 @@ const _ParaCore = class _ParaCore {
   isFullyLoggedIn() {
     return __async(this, null, function* () {
       if (this.externalWalletConnectionType === "CONNECTION_ONLY") {
+        if (!this.isReady) {
+          yield this.ready();
+        }
         return true;
       }
       if (this.isGuestMode) {
         return true;
       }
       const isSessionActive = yield this.isSessionActive();
-      return isSessionActive && (this.isNoWalletConfig || this.currentWalletIdsArray.length > 0 && this.currentWalletIdsArray.reduce((acc, [id]) => acc && !!this.wallets[id], true));
+      if (this.externalWalletConnectionType === "VERIFICATION") {
+        return isSessionActive;
+      }
+      if (this.isSwitchingWallets) {
+        return isSessionActive;
+      }
+      if (!isSessionActive) {
+        return false;
+      }
+      if (this.isNoWalletConfig) {
+        return true;
+      }
+      const { supportedWalletTypes } = yield __privateMethod(this, _ParaCore_instances, assertPartner_fn).call(this);
+      const requiredWalletTypes = supportedWalletTypes.filter(({ optional }) => !optional);
+      for (const { type } of requiredWalletTypes) {
+        const hasWalletForType = this.currentWalletIdsArray.some(([walletId, walletType]) => {
+          try {
+            const wallet = this.wallets[walletId];
+            return wallet && walletType === type && typeof wallet.address === "string";
+          } catch (e) {
+            return false;
+          }
+        });
+        if (!hasWalletForType) {
+          return false;
+        }
+      }
+      return true;
     });
   }
   get isGuestMode() {
     return __privateGet(this, _ParaCore_instances, guestWalletIdsArray_get).length > 0 && Object.values(this.wallets).every(
       ({ userId, partnerId }) => {
         var _a;
-        return partnerId === ((_a = __privateGet(this, _partner)) == null ? void 0 : _a.id) && (!userId || userId !== this.userId);
+        return partnerId === ((_a = this.partner) == null ? void 0 : _a.id) && (!userId || userId !== this.userId);
       }
     );
   }
+  /**
+   * Get the auth methods available to an existing user
+   * @deprecated Use supportedUserAuthMethods instead
+   */
   supportedAuthMethods(auth) {
     return __async(this, null, function* () {
       const { supportedAuthMethods } = yield this.ctx.client.getSupportedAuthMethods(auth);
@@ -1419,6 +1942,37 @@ const _ParaCore = class _ParaCore {
       return authMethods;
     });
   }
+  /**
+   * Get the auth methods available to an existing user
+   */
+  supportedUserAuthMethods() {
+    return __async(this, null, function* () {
+      yield this.assertIsAuthSet();
+      const { supportedAuthMethods, hasPasswordWithoutPIN } = yield this.ctx.client.getSupportedAuthMethodsV2(
+        this.authInfo.auth
+      );
+      const authMethods = /* @__PURE__ */ new Set();
+      for (const type of supportedAuthMethods) {
+        switch (type) {
+          case "PASSWORD":
+            if (hasPasswordWithoutPIN) {
+              authMethods.add(import_user_management_client.AuthMethod.PASSWORD);
+            }
+            break;
+          case "PASSKEY":
+            authMethods.add(import_user_management_client.AuthMethod.PASSKEY);
+            break;
+          case "PIN":
+            authMethods.add(import_user_management_client.AuthMethod.PIN);
+            break;
+          case "BASIC_LOGIN":
+            authMethods.add(import_user_management_client.AuthMethod.BASIC_LOGIN);
+            break;
+        }
+      }
+      return authMethods;
+    });
+  }
   /**
    * Get hints associated with the users stored biometrics.
    * @deprecated
@@ -1495,36 +2049,47 @@ const _ParaCore = class _ParaCore {
     });
   }
   /**
-   * Initiates a Farcaster login attempt and return the URI for the user to connect.
+   * Initiates a Farcaster login attempt and returns the URL for the user to connect.
    * You can create a QR code with this URI that works with Farcaster's mobile app.
    * @return {string} the Farcaster connect URI
    */
   getFarcasterConnectUri() {
-    return __async(this, null, function* () {
-      const {
-        data: { connect_uri: connectUri }
-      } = yield this.ctx.client.initializeFarcasterLogin();
+    return __async(this, arguments, function* ({ appScheme } = {}) {
+      const { connect_uri: connectUri } = yield this.ctx.client.initializeFarcasterLogin({ appScheme });
       return connectUri;
     });
   }
+  // FARCASTER
   /**
    * Awaits the response from a user's attempt to log in with Farcaster.
    * If successful, this returns the user's Farcaster username and profile picture and indicates whether the user already exists.
    * @return {Object} `{userExists: boolean; username: string; pfpUrl?: string | null }` - the user's information and whether the user already exists.
    */
-  verifyFarcaster(_g) {
+  verifyFarcasterProcess(_e) {
     return __async(this, null, function* () {
-      var _h = _g, {
+      var _f = _e, {
         isCanceled = () => false,
         onConnectUri,
         onCancel,
-        onPoll
-      } = _h, urlOptions = __objRest(_h, [
+        onPoll,
+        isLinkAccount,
+        serverAuthState: optsServerAuthState
+      } = _f, urlOptions = __objRest(_f, [
         "isCanceled",
         "onConnectUri",
         "onCancel",
-        "onPoll"
+        "onPoll",
+        "isLinkAccount",
+        "serverAuthState"
       ]);
+      if (optsServerAuthState) {
+        const authState = yield __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, optsServerAuthState, urlOptions);
+        return authState;
+      }
+      let accountLinkInProgress;
+      if (isLinkAccount) {
+        accountLinkInProgress = yield __privateMethod(this, _ParaCore_instances, assertIsLinkingAccountOrStart_fn).call(this, "FARCASTER");
+      }
       if (onConnectUri) {
         const connectUri = yield this.getFarcasterConnectUri();
         onConnectUri(connectUri);
@@ -1536,85 +2101,113 @@ const _ParaCore = class _ParaCore {
             try {
               if (isCanceled() || Date.now() - startedAt > constants.POLLING_TIMEOUT_MS) {
                 onCancel == null ? void 0 : onCancel();
-                return reject("canceled");
+                return reject("CANCELED");
               }
               yield new Promise((_resolve) => setTimeout(_resolve, constants.POLLING_INTERVAL_MS));
-              const serverAuthState = yield this.ctx.client.getFarcasterAuthStatus();
-              if ((0, import_utils2.isServerAuthState)(serverAuthState)) {
-                const authState = yield __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, urlOptions);
-                return resolve(authState);
+              switch (isLinkAccount) {
+                case false:
+                  {
+                    const serverAuthState = yield this.ctx.client.getFarcasterAuthStatus();
+                    if ((0, import_utils2.isServerAuthState)(serverAuthState)) {
+                      const authState = yield __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, urlOptions);
+                      return resolve(authState);
+                    }
+                  }
+                  break;
+                case true: {
+                  const result = yield this.verifyLink({
+                    accountLinkInProgress
+                  });
+                  if ("isConflict" in result) {
+                    throw new Error(import_types.AccountLinkError.Conflict);
+                  }
+                  return resolve(result);
+                }
               }
               onPoll == null ? void 0 : onPoll();
             } catch (e) {
-              console.error(e);
-              return reject(e);
+              if (!isLinkAccount || e.message === import_types.AccountLinkError.Conflict) {
+                return reject(e.message);
+              }
             }
           }
         }))();
       });
     });
   }
-  /**
-   * Generates a URL for the user to log in with OAuth using a desire method.
-   *
-   * @param {Object} opts the options object
-   * @param {TOAuthMethod} opts.method the third-party service to use for OAuth.
-   * @param {string} [opts.deeplinkUrl] the deeplink to redirect to after the OAuth flow. This is for mobile only.
-   * @returns {string} the URL for the user to log in with OAuth.
-   */
-  getOAuthUrl(_i) {
+  verifyFarcaster(opts) {
     return __async(this, null, function* () {
-      var _j = _i, { method, deeplinkUrl } = _j, params = __objRest(_j, ["method", "deeplinkUrl"]);
-      var _a;
-      if (deeplinkUrl) {
-        try {
-          new URL(deeplinkUrl);
-        } catch (e) {
-          throw new Error("Invalid deeplink URL");
-        }
-      }
-      const sessionLookupId = (_a = params.sessionLookupId) != null ? _a : yield __privateMethod(this, _ParaCore_instances, prepareLogin_fn).call(this);
-      return (0, import_utils2.constructUrl)({
-        base: (0, import_userManagementClient.getBaseOAuthUrl)(this.ctx.env),
-        path: `/auth/${method}`,
-        params: {
-          apiKey: this.ctx.apiKey,
-          sessionLookupId,
-          deeplinkUrl
-        }
-      });
+      return yield this.verifyFarcasterProcess(__spreadProps(__spreadValues({}, opts), { isLinkAccount: false }));
     });
   }
-  /**
-   * Awaits the response from a user's attempt to log in with OAuth.
+  verifyFarcasterLink(opts) {
+    return __async(this, null, function* () {
+      return yield this.verifyFarcasterProcess(__spreadProps(__spreadValues({}, opts), { isLinkAccount: true }));
+    });
+  }
+  getOAuthUrl(opts) {
+    return __async(this, null, function* () {
+      var _a;
+      const sessionLookupId = (_a = opts.sessionLookupId) != null ? _a : yield this.prepareLogin();
+      return __privateMethod(this, _ParaCore_instances, getOAuthUrl_fn).call(this, __spreadProps(__spreadValues({}, opts), { sessionLookupId }));
+    });
+  }
+  /**
+   * Awaits the response from a user's attempt to log in with OAuth.
    * If successful, this returns the user's email address and indicates whether the user already exists.
    *
    * @param {Object} opts the options object.
    * @param {Window} [opts.popupWindow] the popup window being used for login.
    * @return {Object} `{ email?: string; isError?: boolean; userExists: boolean; }` the result data
    */
-  verifyOAuth(_k) {
+  verifyOAuthProcess(_g) {
     return __async(this, null, function* () {
-      var _l = _k, {
+      var _h = _g, {
         method,
-        deeplinkUrl,
+        appScheme,
         isCanceled = () => false,
         onCancel,
         onPoll,
-        onOAuthUrl
-      } = _l, urlOptions = __objRest(_l, [
+        onOAuthUrl,
+        onOAuthPopup,
+        isLinkAccount
+      } = _h, urlOptions = __objRest(_h, [
         "method",
-        "deeplinkUrl",
+        "appScheme",
         "isCanceled",
         "onCancel",
         "onPoll",
-        "onOAuthUrl"
+        "onOAuthUrl",
+        "onOAuthPopup",
+        "isLinkAccount"
       ]);
-      let sessionLookupId;
-      if (onOAuthUrl) {
-        sessionLookupId = yield __privateMethod(this, _ParaCore_instances, prepareLogin_fn).call(this);
-        const oAuthUrl = yield this.getOAuthUrl({ method, deeplinkUrl, sessionLookupId });
-        onOAuthUrl(oAuthUrl);
+      if (onOAuthPopup) {
+        try {
+          this.popupWindow = yield this.platformUtils.openPopup("about:blank", { type: import_types.PopupType.OAUTH });
+        } catch (error) {
+          throw new Error(`Failed to open OAuth popup: ${error}`);
+        }
+      }
+      let sessionLookupId, accountLinkInProgress;
+      if (onOAuthUrl || onOAuthPopup) {
+        if (isLinkAccount) {
+          accountLinkInProgress = yield __privateMethod(this, _ParaCore_instances, assertIsLinkingAccountOrStart_fn).call(this, method);
+          sessionLookupId = (yield this.touchSession()).sessionLookupId;
+        } else {
+          sessionLookupId = yield this.prepareLogin();
+        }
+        const oAuthUrl = yield __privateMethod(this, _ParaCore_instances, getOAuthUrl_fn).call(this, { method, appScheme, sessionLookupId, accountLinkInProgress });
+        switch (true) {
+          case !!onOAuthUrl: {
+            onOAuthUrl(oAuthUrl);
+            break;
+          }
+          case (!!onOAuthPopup && !!this.popupWindow): {
+            this.popupWindow.location.href = oAuthUrl;
+            onOAuthPopup(this.popupWindow);
+            break;
+          }
+        }
       } else {
         ({ sessionLookupId } = yield this.touchSession());
       }
@@ -1625,17 +2218,29 @@ const _ParaCore = class _ParaCore {
             try {
               if (isCanceled() || Date.now() - startedAt > constants.POLLING_TIMEOUT_MS) {
                 onCancel == null ? void 0 : onCancel();
-                return reject("canceled");
+                return reject(import_types.AccountLinkError.Canceled);
               }
               yield new Promise((_resolve) => setTimeout(_resolve, constants.POLLING_INTERVAL_MS));
-              const serverAuthState = yield this.ctx.client.verifyOAuth();
-              if ((0, import_utils2.isServerAuthState)(serverAuthState)) {
-                const authState = yield __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, __spreadProps(__spreadValues({}, urlOptions), { sessionLookupId }));
-                return resolve(authState);
+              switch (isLinkAccount) {
+                case false:
+                  {
+                    const serverAuthState = yield this.ctx.client.verifyOAuth();
+                    if ((0, import_utils2.isServerAuthState)(serverAuthState)) {
+                      const authState = yield __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, __spreadProps(__spreadValues({}, urlOptions), { sessionLookupId }));
+                      return resolve(authState);
+                    }
+                  }
+                  break;
+                case true: {
+                  const accounts = yield this.verifyLink({ accountLinkInProgress });
+                  return resolve(accounts);
+                }
               }
               onPoll == null ? void 0 : onPoll();
             } catch (err) {
-              console.error(err);
+              if (isLinkAccount && err.message === import_types.AccountLinkError.Conflict) {
+                return reject(err.message);
+              }
               onPoll == null ? void 0 : onPoll();
             }
           }
@@ -1643,6 +2248,16 @@ const _ParaCore = class _ParaCore {
       });
     });
   }
+  verifyOAuth(opts) {
+    return __async(this, null, function* () {
+      return yield this.verifyOAuthProcess(__spreadProps(__spreadValues({}, opts), { isLinkAccount: false }));
+    });
+  }
+  verifyOAuthLink(opts) {
+    return __async(this, null, function* () {
+      return yield this.verifyOAuthProcess(__spreadProps(__spreadValues({}, opts), { isLinkAccount: true }));
+    });
+  }
   /**
    * Waits for the session to be active and sets up the user.
    *
@@ -1651,61 +2266,26 @@ const _ParaCore = class _ParaCore {
    * @param {boolean} [opts.skipSessionRefresh] whether to skip refreshing the session.
    * @returns {Object} `{ isComplete: boolean; isError: boolean; needsWallet: boolean; partnerId: string; }` the result data
    **/
-  waitForLogin() {
-    return __async(this, arguments, function* ({
-      isCanceled = () => false,
-      onCancel,
-      onPoll,
-      skipSessionRefresh = false
-    } = {}) {
-      const startedAt = Date.now();
-      return new Promise((resolve, reject) => {
-        (() => __async(this, null, function* () {
-          var _a;
-          if (!this.isExternalWalletAuth) {
-            this.externalWallets = {};
-          }
-          while (true) {
-            if (isCanceled() || Date.now() - startedAt > constants.POLLING_TIMEOUT_MS) {
-              (0, import_utils2.dispatchEvent)(import_types.ParaEvent.LOGIN_EVENT, { isComplete: false }, "failed to setup user");
-              onCancel == null ? void 0 : onCancel();
-              return reject("canceled");
-            }
-            yield new Promise((resolve2) => setTimeout(resolve2, constants.POLLING_INTERVAL_MS));
-            try {
-              let session = yield this.touchSession();
-              if (!session.isAuthenticated) {
-                onPoll == null ? void 0 : onPoll();
-                continue;
-              }
-              session = yield this.userSetupAfterLogin();
-              const needsWallet = (_a = session.needsWallet) != null ? _a : false;
-              if (!needsWallet) {
-                if (this.currentWalletIdsArray.length === 0) {
-                  onPoll == null ? void 0 : onPoll();
-                  continue;
-                }
-              }
-              const fetchedWallets = yield this.fetchWallets();
-              const tempSharesRes = yield this.getTransmissionKeyShares();
-              if (tempSharesRes.data.temporaryShares.length === fetchedWallets.length) {
-                yield this.setupAfterLogin({ temporaryShares: tempSharesRes.data.temporaryShares, skipSessionRefresh });
-                yield this.claimPregenWallets();
-                const resp = {
-                  needsWallet: needsWallet || Object.values(this.wallets).length === 0,
-                  partnerId: session.partnerId
-                };
-                (0, import_utils2.dispatchEvent)(import_types.ParaEvent.LOGIN_EVENT, resp);
-                return resolve(resp);
-              }
-              onPoll == null ? void 0 : onPoll();
-            } catch (err) {
-              console.error(err);
-              onPoll == null ? void 0 : onPoll();
-            }
-          }
-        }))();
-      });
+  waitForLogin(args) {
+    return __async(this, null, function* () {
+      return yield __privateMethod(this, _ParaCore_instances, waitForLoginProcess_fn).call(this, args);
+    });
+  }
+  waitForWalletSwitching(args) {
+    return __async(this, null, function* () {
+      return yield __privateMethod(this, _ParaCore_instances, waitForLoginProcess_fn).call(this, __spreadProps(__spreadValues({}, args), { isSwitchingWallets: true }));
+    });
+  }
+  /**
+   * Gets the switch wallets URL for wallet selection.
+   * The authMethod is automatically included in the URL if available.
+   *
+   * @returns {Promise<{ url: string; authMethod: TAuthMethod }>} The switch wallets URL and authMethod
+   */
+  getSwitchWalletsUrl() {
+    return __async(this, null, function* () {
+      const url = yield this.constructPortalUrl("switchWallets");
+      return url;
     });
   }
   /**
@@ -1728,7 +2308,7 @@ const _ParaCore = class _ParaCore {
         sessionId
       });
       if (shouldOpenPopup) {
-        this.platformUtils.openPopup(link);
+        yield this.platformUtils.openPopup(link);
       }
       return link;
     });
@@ -1819,7 +2399,9 @@ const _ParaCore = class _ParaCore {
         userId: this.userId,
         walletId,
         userShare: userSigner,
-        emailProps: this.getBackupKitEmailProps()
+        emailProps: this.getBackupKitEmailProps(),
+        isEnclaveUser: this.isEnclaveUser,
+        walletScheme: this.wallets[walletId].scheme
       });
       return recoveryShare;
     });
@@ -1833,7 +2415,7 @@ const _ParaCore = class _ParaCore {
             break;
           }
           ++maxPolls;
-          const res = yield this.ctx.client.getWallets(this.userId);
+          const res = yield (this.isPortal() ? this.ctx.client.getAllWallets : this.ctx.client.getWallets)(this.userId);
           const wallet = res.data.wallets.find((w) => w.id === walletId);
           if (wallet && wallet.address) {
             return;
@@ -1947,7 +2529,9 @@ const _ParaCore = class _ParaCore {
         ignoreRedistributingBackupEncryptedShare: !redistributeBackupEncryptedShares,
         emailProps: this.getBackupKitEmailProps(),
         partnerId: newPartnerId,
-        protocolId
+        protocolId,
+        isEnclaveUser: this.isEnclaveUser,
+        walletScheme: this.wallets[walletId].scheme
       });
       return { signer, recoverySecret, protocolId };
     });
@@ -1996,26 +2580,29 @@ const _ParaCore = class _ParaCore {
         }
       }
       const walletId = keygenRes.walletId;
+      const walletScheme = walletType === "SOLANA" ? "ED25519" : "DKLS";
       signer = keygenRes.signer;
-      this.wallets[walletId] = {
-        id: walletId,
-        signer,
-        scheme: walletType === "SOLANA" ? "ED25519" : "DKLS",
-        type: walletType
-      };
-      wallet = this.wallets[walletId];
-      yield this.waitForWalletAddress(wallet.id);
-      yield this.populateWalletAddresses();
+      yield this.waitForWalletAddress(walletId);
       let recoveryShare = null;
       if (!skipDistribute) {
         recoveryShare = yield (0, import_shareDistribution.distributeNewShare)({
           ctx: this.ctx,
           userId: this.userId,
-          walletId: wallet.id,
+          walletId,
           userShare: signer,
-          emailProps: this.getBackupKitEmailProps()
+          emailProps: this.getBackupKitEmailProps(),
+          isEnclaveUser: this.isEnclaveUser,
+          walletScheme
         });
       }
+      this.wallets[walletId] = {
+        id: walletId,
+        signer,
+        scheme: walletScheme,
+        type: walletType
+      };
+      wallet = this.wallets[walletId];
+      yield this.populateWalletAddresses();
       yield this.setCurrentWalletIds(__spreadProps(__spreadValues({}, this.currentWalletIds), {
         [walletType]: [.../* @__PURE__ */ new Set([...(_b = this.currentWalletIds[walletType]) != null ? _b : [], walletId])]
       }));
@@ -2094,7 +2681,9 @@ const _ParaCore = class _ParaCore {
             walletId: wallet.id,
             userShare: this.wallets[wallet.id].signer,
             emailProps: this.getBackupKitEmailProps(),
-            partnerId: wallet.partnerId
+            partnerId: wallet.partnerId,
+            isEnclaveUser: this.isEnclaveUser,
+            walletScheme: wallet.scheme
           });
           if (distributeRes.length > 0) {
             newRecoverySecret = distributeRes;
@@ -2221,10 +2810,10 @@ const _ParaCore = class _ParaCore {
         (0, import_utils2.dispatchEvent)(import_types.ParaEvent.GUEST_WALLETS_CREATED, wallets);
         __privateSet(this, _isCreateGuestWalletsPending, false);
         return wallets;
-      } catch (e) {
-        (0, import_utils2.dispatchEvent)(import_types.ParaEvent.GUEST_WALLETS_CREATED, null, error == null ? void 0 : error.message);
+      } catch (error2) {
+        (0, import_utils2.dispatchEvent)(import_types.ParaEvent.GUEST_WALLETS_CREATED, null, error2 == null ? void 0 : error2.message);
         __privateSet(this, _isCreateGuestWalletsPending, false);
-        throw error;
+        throw error2;
       }
     });
   }
@@ -2272,25 +2861,12 @@ const _ParaCore = class _ParaCore {
       });
     });
   }
-  getOnRampTransactionUrl(_m) {
-    return __async(this, null, function* () {
-      var _n = _m, {
-        purchaseId,
-        providerKey
-      } = _n, walletParams = __objRest(_n, [
-        "purchaseId",
-        "providerKey"
-      ]);
-      const { sessionId } = yield this.touchSession();
-      const [key, identifier] = (0, import_user_management_client.extractWalletRef)(walletParams);
+  getOnRampTransactionUrl(_0) {
+    return __async(this, arguments, function* ({
+      purchaseId
+    }) {
       return this.constructPortalUrl("onRamp", {
-        pathId: purchaseId,
-        sessionId,
-        params: {
-          [key]: identifier,
-          providerKey,
-          currentWalletIds: JSON.stringify(this.currentWalletIds)
-        }
+        pathId: purchaseId
       });
     });
   }
@@ -2315,6 +2891,7 @@ const _ParaCore = class _ParaCore {
       onCancel,
       onPoll
     }) {
+      var _a;
       this.assertIsValidWalletId(walletId);
       const wallet = this.wallets[walletId];
       let signerId = this.userId;
@@ -2324,7 +2901,7 @@ const _ParaCore = class _ParaCore {
       let signRes = yield this.signMessageInner({ wallet, signerId, messageBase64, cosmosSignDocBase64 });
       let timeStart = Date.now();
       if (signRes.pendingTransactionId) {
-        this.platformUtils.openPopup(
+        yield this.platformUtils.openPopup(
           yield this.getTransactionReviewUrl(signRes.pendingTransactionId, timeoutMs),
           { type: cosmosSignDocBase64 ? import_types.PopupType.SIGN_TRANSACTION_REVIEW : import_types.PopupType.SIGN_MESSAGE_REVIEW }
         );
@@ -2338,18 +2915,19 @@ const _ParaCore = class _ParaCore {
           break;
         }
         yield new Promise((resolve) => setTimeout(resolve, constants.POLLING_INTERVAL_MS));
+        let pendingTransaction;
         try {
-          yield this.ctx.client.getPendingTransaction(this.userId, signRes.pendingTransactionId);
-        } catch (err) {
+          pendingTransaction = (_a = (yield this.ctx.client.getPendingTransaction(this.userId, signRes.pendingTransactionId)).data) == null ? void 0 : _a.pendingTransaction;
+        } catch (e) {
           const error = new import_errors.TransactionReviewDenied();
           (0, import_utils2.dispatchEvent)(import_types.ParaEvent.SIGN_MESSAGE_EVENT, signRes, error.message);
           throw error;
         }
-        signRes = yield this.signMessageInner({ wallet, signerId, messageBase64, cosmosSignDocBase64 });
-        if (signRes.pendingTransactionId) {
+        if (!(pendingTransaction == null ? void 0 : pendingTransaction.approvedAt)) {
           onPoll == null ? void 0 : onPoll();
           continue;
         } else {
+          signRes = yield this.signMessageInner({ wallet, signerId, messageBase64, cosmosSignDocBase64 });
           break;
         }
       }
@@ -2418,6 +2996,7 @@ const _ParaCore = class _ParaCore {
       onCancel,
       onPoll
     }) {
+      var _a;
       this.assertIsValidWalletId(walletId);
       const wallet = this.wallets[walletId];
       let signerId = this.userId;
@@ -2436,7 +3015,7 @@ const _ParaCore = class _ParaCore {
       );
       let timeStart = Date.now();
       if (signRes.pendingTransactionId) {
-        this.platformUtils.openPopup(
+        yield this.platformUtils.openPopup(
           yield this.getTransactionReviewUrl(signRes.pendingTransactionId, timeoutMs),
           { type: import_types.PopupType.SIGN_TRANSACTION_REVIEW }
         );
@@ -2450,27 +3029,28 @@ const _ParaCore = class _ParaCore {
           break;
         }
         yield new Promise((resolve) => setTimeout(resolve, constants.POLLING_INTERVAL_MS));
+        let pendingTransaction;
         try {
-          yield this.ctx.client.getPendingTransaction(this.userId, signRes.pendingTransactionId);
-        } catch (err) {
+          pendingTransaction = (_a = (yield this.ctx.client.getPendingTransaction(this.userId, signRes.pendingTransactionId)).data) == null ? void 0 : _a.pendingTransaction;
+        } catch (e) {
           const error = new import_errors.TransactionReviewDenied();
           (0, import_utils2.dispatchEvent)(import_types.ParaEvent.SIGN_TRANSACTION_EVENT, signRes, error.message);
           throw error;
         }
-        signRes = yield this.platformUtils.signTransaction(
-          this.ctx,
-          signerId,
-          walletId,
-          this.wallets[walletId].signer,
-          rlpEncodedTxBase64,
-          chainId,
-          this.retrieveSessionCookie(),
-          wallet.scheme === "DKLS"
-        );
-        if (signRes.pendingTransactionId) {
+        if (!(pendingTransaction == null ? void 0 : pendingTransaction.approvedAt)) {
           onPoll == null ? void 0 : onPoll();
           continue;
         } else {
+          signRes = yield this.platformUtils.signTransaction(
+            this.ctx,
+            signerId,
+            walletId,
+            this.wallets[walletId].signer,
+            rlpEncodedTxBase64,
+            chainId,
+            this.retrieveSessionCookie(),
+            wallet.scheme === "DKLS"
+          );
           break;
         }
       }
@@ -2512,7 +3092,8 @@ const _ParaCore = class _ParaCore {
         providerKey: onRampPurchase.providerKey
       }, walletParams));
       if (shouldOpenPopup) {
-        this.platformUtils.openPopup(portalUrl, { type: import_types.PopupType.ON_RAMP_TRANSACTION });
+        const onRampWindow = yield this.platformUtils.openPopup(portalUrl, { type: import_types.PopupType.ON_RAMP_TRANSACTION });
+        this.onRampPopup = { window: onRampWindow, onRampPurchase };
       }
       return { onRampPurchase, portalUrl };
     });
@@ -2525,7 +3106,7 @@ const _ParaCore = class _ParaCore {
       try {
         yield this.ctx.client.keepSessionAlive(this.userId);
         return true;
-      } catch (err) {
+      } catch (e) {
         return false;
       }
     });
@@ -2595,6 +3176,20 @@ const _ParaCore = class _ParaCore {
       return sessionLookupId;
     });
   }
+  issueJwt() {
+    return __async(this, arguments, function* ({ keyIndex = 0 } = {}) {
+      try {
+        return yield this.ctx.client.issueJwt({ keyIndex });
+      } catch (error) {
+        if (error.status === 403 || error.status === 401) {
+          const errorMessage = "The user needs to be logged in to issue a JWT. Please log in and try again.";
+          this.displayModalError(errorMessage);
+          console.warn(errorMessage);
+        }
+        throw error;
+      }
+    });
+  }
   /**
    * Logs the user out.
    * @param {Object} opts the options object.
@@ -2602,6 +3197,7 @@ const _ParaCore = class _ParaCore {
    **/
   logout() {
     return __async(this, arguments, function* ({ clearPregenWallets = false } = {}) {
+      const shouldDispatchLogoutEvent = yield this.isSessionActive();
       yield this.ctx.client.logout();
       yield this.clearStorage();
       if (!clearPregenWallets) {
@@ -2618,22 +3214,17 @@ const _ParaCore = class _ParaCore {
       this.externalWallets = {};
       this.loginEncryptionKeyPair = void 0;
       __privateSet(this, _authInfo, void 0);
+      this.accountLinkInProgress = void 0;
       this.userId = void 0;
       this.sessionCookie = void 0;
-      (0, import_utils2.dispatchEvent)(import_types.ParaEvent.LOGOUT_EVENT, null);
-    });
-  }
-  /** @deprecated */
-  getSupportedCreateAuthMethods() {
-    return __async(this, null, function* () {
-      const partner = yield __privateMethod(this, _ParaCore_instances, assertPartner_fn).call(this);
-      let supportedAuthMethods = /* @__PURE__ */ new Set();
-      for (const authMethod of partner.supportedAuthMethods) {
-        supportedAuthMethods.add(import_user_management_client.AuthMethod[authMethod]);
+      if (shouldDispatchLogoutEvent) {
+        (0, import_utils2.dispatchEvent)(import_types.ParaEvent.LOGOUT_EVENT, null);
       }
-      return supportedAuthMethods;
     });
   }
+  get toStringAdditions() {
+    return {};
+  }
   /**
    * Converts to a string, removing sensitive data when logging this class.
    *
@@ -2657,10 +3248,10 @@ const _ParaCore = class _ParaCore {
       }),
       {}
     );
-    const obj = {
-      partnerId: (_a = __privateGet(this, _partner)) == null ? void 0 : _a.id,
-      supportedWalletTypes: (_b = __privateGet(this, _partner)) == null ? void 0 : _b.supportedWalletTypes,
-      cosmosPrefix: (_c = __privateGet(this, _partner)) == null ? void 0 : _c.cosmosPrefix,
+    const obj = __spreadProps(__spreadValues({
+      partnerId: (_a = this.partner) == null ? void 0 : _a.id,
+      supportedWalletTypes: (_b = this.partner) == null ? void 0 : _b.supportedWalletTypes,
+      cosmosPrefix: (_c = this.partner) == null ? void 0 : _c.cosmosPrefix,
       authInfo: __privateGet(this, _authInfo),
       isGuestMode: this.isGuestMode,
       userId: this.userId,
@@ -2670,6 +3261,8 @@ const _ParaCore = class _ParaCore {
       wallets: redactedWallets,
       externalWallets: redactedExternalWallets,
       loginEncryptionKeyPair: this.loginEncryptionKeyPair ? "[REDACTED]" : void 0,
+      isReady: this.isReady
+    }, this.toStringAdditions), {
       ctx: {
         apiKey: this.ctx.apiKey,
         disableWorkers: this.ctx.disableWorkers,
@@ -2680,48 +3273,98 @@ const _ParaCore = class _ParaCore {
         useDKLS: this.ctx.useDKLS,
         cosmosPrefix: this.ctx.cosmosPrefix
       }
-    };
+    });
     return `Para ${JSON.stringify(obj, null, 2)}`;
   }
+  devLog(...s) {
+    if (this.ctx.env === import_types.Environment.DEV || this.ctx.env === import_types.Environment.SANDBOX) {
+      console.log(...s);
+    }
+  }
   getNewCredentialAndUrl() {
     return __async(this, arguments, function* ({
-      authMethod = "PASSKEY",
+      authMethod: optsAuthMethod,
       isForNewDevice = false,
       portalTheme,
       shorten = false
     } = {}) {
+      const userAuthMethods = yield this.supportedUserAuthMethods();
+      const isEnclaveUser = userAuthMethods.has(import_user_management_client.AuthMethod.BASIC_LOGIN);
+      const isAddingBasicLogin = optsAuthMethod === "BASIC_LOGIN";
+      if (isEnclaveUser && isAddingBasicLogin) {
+        throw new Error("That user is already using basic login");
+      }
+      if (isEnclaveUser || isAddingBasicLogin) {
+        isForNewDevice = true;
+      }
+      const authMethods = optsAuthMethod ? [optsAuthMethod] : isForNewDevice ? ["PASSKEY", "PIN", "PASSWORD"] : ["PASSKEY"];
       this.assertIsAuthSet();
-      let credentialId, urlType;
-      switch (authMethod) {
-        case "PASSKEY":
+      let passkeyId, passwordId, urlType, credentialId;
+      if (!isAddingBasicLogin) {
+        const canAddPasswordOrPIN = !userAuthMethods.has(import_user_management_client.AuthMethod.PASSWORD) && !userAuthMethods.has(import_user_management_client.AuthMethod.PIN);
+        if (authMethods.includes("PASSKEY") && (yield this.isPasskeySupported())) {
           ({
-            data: { id: credentialId }
+            data: { id: passkeyId }
           } = yield this.ctx.client.addSessionPublicKey(this.userId, {
-            status: import_user_management_client.PublicKeyStatus.PENDING,
+            status: import_user_management_client.AuthMethodStatus.PENDING,
             type: import_user_management_client.PublicKeyType.WEB
           }));
           urlType = "createAuth";
-          break;
-        case "PASSWORD":
-          ({
-            data: { id: credentialId }
-          } = yield this.ctx.client.addSessionPasswordPublicKey(this.userId, {
-            status: import_user_management_client.PasswordStatus.PENDING
-          }));
-          urlType = "createPassword";
-          break;
+        }
+        if (authMethods.includes("PASSWORD")) {
+          if (!canAddPasswordOrPIN) {
+            if (optsAuthMethod === "PASSWORD") throw new Error("A user cannot have more than one password or PIN.");
+          } else {
+            ({
+              data: { id: passwordId }
+            } = yield this.ctx.client.addSessionPasswordPublicKey(this.userId, {
+              status: import_user_management_client.AuthMethodStatus.PENDING
+            }));
+            urlType = "createPassword";
+          }
+        }
+        if (authMethods.includes("PIN")) {
+          if (!canAddPasswordOrPIN) {
+            if (optsAuthMethod === "PIN") throw new Error("A user cannot have more than one password or PIN.");
+          } else {
+            ({
+              data: { id: passwordId }
+            } = yield this.ctx.client.addSessionPasswordPublicKey(this.userId, {
+              status: import_user_management_client.AuthMethodStatus.PENDING
+            }));
+            urlType = "createPIN";
+          }
+        }
+        credentialId = passkeyId != null ? passkeyId : passwordId;
+        if (this.isNativePasskey && authMethods.includes("PASSKEY")) {
+          return { credentialId };
+        }
       }
-      const url = this.isNativePasskey && urlType === "createAuth" ? void 0 : yield this.constructPortalUrl(urlType, {
+      const { sessionId } = yield this.touchSession();
+      const url = (isForNewDevice || urlType) && (yield this.constructPortalUrl(isForNewDevice ? "addNewCredential" : urlType, {
         isForNewDevice,
         pathId: credentialId,
         portalTheme,
-        shorten
-      });
+        shorten,
+        sessionId: isForNewDevice ? sessionId : void 0,
+        addNewCredentialType: optsAuthMethod,
+        addNewCredentialPasskeyId: passkeyId,
+        addNewCredentialPasswordId: passwordId
+      }));
       return __spreadValues({ credentialId }, url ? { url } : {});
     });
   }
+  addCredential(_0) {
+    return __async(this, arguments, function* ({ authMethod }) {
+      if (authMethod === "PASSKEY" && !(yield this.isPasskeySupported())) {
+        throw new Error("Passkeys are not supported.");
+      }
+      const { url } = yield this.getNewCredentialAndUrl({ isForNewDevice: true, authMethod });
+      return url;
+    });
+  }
   /**
-   * Returns a Para Portal URL for logging in with a WebAuth passkey or a password.
+   * Returns a Para Portal URL for logging in with a WebAuth passkey, password, PIN or OTP.
    * @param {Object} opts the options object
    * @param {String} opts.auth - the user auth to sign up or log in with, in the form ` { email: string } | { phone: `+${number}` } `
    * @param {boolean} opts.useShortUrls - whether to shorten the generated portal URLs
@@ -2747,6 +3390,12 @@ const _ParaCore = class _ParaCore {
         case "PASSWORD":
           urlType = "loginPassword";
           break;
+        case "PIN":
+          urlType = "loginPIN";
+          break;
+        case "BASIC_LOGIN":
+          urlType = this.authInfo.authType === "externalWallet" ? "loginExternalWallet" : "loginOTP";
+          break;
         default:
           throw new Error(`invalid authentication method: '${authMethod}'`);
       }
@@ -2757,53 +3406,248 @@ const _ParaCore = class _ParaCore {
       });
     });
   }
-  signUpOrLogIn(_o) {
+  prepareLogin() {
     return __async(this, null, function* () {
-      var _p = _o, { auth } = _p, urlOptions = __objRest(_p, ["auth"]);
-      const serverAuthState = yield this.ctx.client.signUpOrLogIn(__spreadValues(__spreadValues({}, auth), this.getVerificationEmailProps()));
-      return __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, urlOptions);
+      yield this.logout();
+      const { sessionLookupId } = yield this.touchSession(true);
+      if (!this.loginEncryptionKeyPair) {
+        yield this.setLoginEncryptionKeyPair();
+      }
+      return sessionLookupId;
+    });
+  }
+  signUpOrLogIn(_i) {
+    return __async(this, null, function* () {
+      var _j = _i, { auth } = _j, urlOptions = __objRest(_j, ["auth"]);
+      let serverAuthState;
+      try {
+        serverAuthState = yield this.ctx.client.signUpOrLogIn(__spreadValues(__spreadValues({}, auth), this.getVerificationEmailProps()));
+      } catch (error) {
+        if (error.message.includes("max beta users reached")) {
+          this.displayModalError(
+            `50 user limit reached. [Go to Production.](https://docs.getpara.com/v2/general/checklist#go-live-checklist)`
+          );
+        }
+        throw error;
+      }
+      const authInfo = serverAuthState.auth;
+      if (this.fetchPregenWalletsOverride && (0, import_user_management_client.isPregenAuth)(authInfo)) {
+        const { userShare } = yield this.fetchPregenWalletsOverride({ pregenId: authInfo });
+        if (userShare) {
+          yield this.setUserShare(userShare);
+        }
+      }
+      return __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, __spreadValues({}, urlOptions));
     });
   }
-  verifyNewAccount(_q) {
+  verifyNewAccount(_k) {
     return __async(this, null, function* () {
-      var _r = _q, {
+      var _l = _k, {
         verificationCode
-      } = _r, urlOptions = __objRest(_r, [
+      } = _l, urlOptions = __objRest(_l, [
         "verificationCode"
       ]);
       this.assertIsAuthSet(["email", "phone"]);
-      const userId = this.assertUserId();
-      const serverAuthState = yield this.ctx.client.verifyNewAccount(userId, {
+      const userId = this.assertUserId({ allowGuestMode: true });
+      const serverAuthState = yield this.ctx.client.verifyAccount(userId, {
         verificationCode
       });
+      if (serverAuthState.stage === "login" || serverAuthState.stage === "done") {
+        throw new Error("Account already exists.");
+      }
+      yield this.touchSession(true);
       return __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, urlOptions);
     });
   }
+  getLinkedAccounts() {
+    return __async(this, arguments, function* ({
+      withMetadata = false
+    } = {}) {
+      const userId = this.assertUserId();
+      const { accounts } = yield this.ctx.client.getLinkedAccounts({ userId, withMetadata });
+      return __spreadValues({
+        userId
+      }, accounts);
+    });
+  }
+  linkAccount(opts) {
+    return __async(this, null, function* () {
+      const { supportedAccountLinks = [...import_user_management_client.LINKED_ACCOUNT_TYPES] } = yield __privateMethod(this, _ParaCore_instances, assertPartner_fn).call(this);
+      let type, identifier, externalWallet, isPermitted;
+      switch (true) {
+        case "auth" in opts:
+          {
+            const authInfo = (0, import_user_management_client.extractAuthInfo)(opts.auth, { isRequired: true });
+            if (authInfo.auth === this.authInfo.auth) {
+              throw new Error(import_types.AccountLinkError.Conflict);
+            }
+            type = authInfo.authType.toUpperCase();
+            identifier = authInfo.identifier;
+            isPermitted = supportedAccountLinks.includes(type);
+          }
+          break;
+        case "externalWallet" in opts:
+          {
+            externalWallet = opts.externalWallet;
+            type = "EXTERNAL_WALLET";
+            isPermitted = supportedAccountLinks.includes("EXTERNAL_WALLET") || supportedAccountLinks.includes(externalWallet.providerId);
+          }
+          break;
+        case "type" in opts:
+          {
+            type = opts.type;
+            if (type === "X") {
+              type = "TWITTER";
+            }
+            isPermitted = supportedAccountLinks.includes(type);
+          }
+          break;
+        default:
+          throw new Error("Invalid parameters for linking account, must pass `auth` or `type` or `externalWallet`");
+      }
+      if (!isPermitted) {
+        throw new Error(`Account linking for type '${type}' is not supported by the current API key configuration`);
+      }
+      const userId = this.assertUserId();
+      const result = yield this.ctx.client.linkAccount(__spreadValues(__spreadValues({
+        userId,
+        type
+      }, identifier ? { identifier } : {}), externalWallet ? { externalWallet } : {}));
+      if ("isConflict" in result) {
+        throw new Error(import_types.AccountLinkError.Conflict);
+      }
+      const { linkedAccountId, signatureVerificationMessage } = result;
+      this.accountLinkInProgress = __spreadValues(__spreadValues({
+        id: linkedAccountId,
+        type,
+        isComplete: false
+      }, identifier ? { identifier } : {}), signatureVerificationMessage && externalWallet ? {
+        externalWallet: __spreadProps(__spreadValues({}, externalWallet), {
+          signatureVerificationMessage
+        })
+      } : {});
+      return this.accountLinkInProgress;
+    });
+  }
+  unlinkAccount(_0) {
+    return __async(this, arguments, function* ({
+      linkedAccountId
+    }) {
+      if (!linkedAccountId) {
+        throw new Error("No linked account ID provided");
+      }
+      const userId = this.assertUserId();
+      const accounts = yield this.ctx.client.unlinkAccount({ linkedAccountId, userId });
+      return accounts;
+    });
+  }
+  verifyLink() {
+    return __async(this, arguments, function* (_m = {}) {
+      var _n = _m, {
+        accountLinkInProgress = __privateMethod(this, _ParaCore_instances, assertIsLinkingAccount_fn).call(this)
+      } = _n, opts = __objRest(_n, [
+        "accountLinkInProgress"
+      ]);
+      try {
+        const userId = this.assertUserId(), result = yield this.ctx.client.verifyLink(__spreadValues({
+          linkedAccountId: accountLinkInProgress.id,
+          userId
+        }, opts));
+        if ("isConflict" in result) {
+          throw new Error(import_types.AccountLinkError.Conflict);
+        }
+        this.accountLinkInProgress = void 0;
+        return result.accounts;
+      } catch (e) {
+        throw new Error(e.message === import_types.AccountLinkError.Conflict ? import_types.AccountLinkError.Conflict : e.message);
+      }
+    });
+  }
+  verifyEmailOrPhoneLink(_0) {
+    return __async(this, arguments, function* ({
+      verificationCode
+    }) {
+      const accounts = yield this.verifyLink({
+        accountLinkInProgress: __privateMethod(this, _ParaCore_instances, assertIsLinkingAccount_fn).call(this, ["EMAIL", "PHONE"]),
+        verificationCode
+      });
+      return accounts;
+    });
+  }
+  getProfileBalance() {
+    return __async(this, arguments, function* ({ config, refetch = false } = {}) {
+      const { balance } = yield this.ctx.client.getProfileBalance({
+        config,
+        wallets: this.availableWallets.map(({ type, address }) => ({ type, address })),
+        refetch
+      });
+      return balance;
+    });
+  }
+  sendLoginCode() {
+    return __async(this, null, function* () {
+      const { userId } = yield this.ctx.client.sendLoginVerificationCode(this.authInfo);
+      this.setUserId(userId);
+    });
+  }
+  exportPrivateKey() {
+    return __async(this, arguments, function* (args = {}) {
+      let walletId = args == null ? void 0 : args.walletId;
+      if (!(args == null ? void 0 : args.walletId)) {
+        walletId = this.findWalletId(void 0, { forbidPregen: true, scheme: ["DKLS"] });
+      }
+      const wallet = this.wallets[walletId];
+      if (this.externalWallets[walletId]) {
+        throw new Error("Cannot export private key for an external wallet");
+      }
+      if (!wallet || !wallet.signer) {
+        throw new Error("Wallet not found with id: " + walletId);
+      }
+      if (wallet.scheme !== "DKLS") {
+        throw new Error("Cannot export private key for a Solana wallet");
+      }
+      if (wallet.isPregen && !!wallet.pregenIdentifier && wallet.pregenIdentifierType !== "GUEST_ID") {
+        throw new Error("Cannot export private key for a pregenerated wallet");
+      }
+      if (args.shouldOpenPopup) {
+        this.popupWindow = yield this.platformUtils.openPopup("about:blank", { type: import_types.PopupType.EXPORT_PRIVATE_KEY });
+      }
+      const exportPrivateKeyUrl = yield this.constructPortalUrl("exportPrivateKey", {
+        pathId: walletId
+      });
+      if (args.shouldOpenPopup) {
+        this.popupWindow.location.href = exportPrivateKeyUrl;
+      }
+      return {
+        url: exportPrivateKeyUrl,
+        popupWindow: this.popupWindow
+      };
+    });
+  }
 };
 _authInfo = new WeakMap();
-_partner = new WeakMap();
 _ParaCore_instances = new WeakSet();
 assertPartner_fn = function() {
   return __async(this, null, function* () {
     var _a, _b;
-    if (!__privateGet(this, _partner)) {
+    if (!this.partner) {
       yield this.touchSession();
     }
-    if (((_a = __privateGet(this, _partner)) == null ? void 0 : _a.cosmosPrefix) && this.ctx.cosmosPrefix !== __privateGet(this, _partner).cosmosPrefix) {
-      this.ctx.cosmosPrefix = (_b = __privateGet(this, _partner)) == null ? void 0 : _b.cosmosPrefix;
+    if (((_a = this.partner) == null ? void 0 : _a.cosmosPrefix) && this.ctx.cosmosPrefix !== this.partner.cosmosPrefix) {
+      this.ctx.cosmosPrefix = (_b = this.partner) == null ? void 0 : _b.cosmosPrefix;
     }
-    return __privateGet(this, _partner);
+    return this.partner;
   });
 };
 guestWalletIds_get = function() {
   var _a, _b, _c;
-  if (!((_a = __privateGet(this, _partner)) == null ? void 0 : _a.supportedWalletTypes)) {
+  if (!((_a = this.partner) == null ? void 0 : _a.supportedWalletTypes)) {
     return {};
   }
   const guestId = (_c = (_b = this.pregenIds) == null ? void 0 : _b.GUEST_ID) == null ? void 0 : _c[0];
   return !!guestId ? Object.entries(this.wallets).reduce((acc, [id, wallet]) => {
     if (wallet.isPregen && !wallet.userId && wallet.pregenIdentifierType === "GUEST_ID" && wallet.pregenIdentifier === guestId) {
-      return __spreadValues(__spreadValues({}, acc), (0, import_utils2.getEquivalentTypes)(wallet.type).filter((type) => __privateGet(this, _partner).supportedWalletTypes.some((entry) => entry.type === type)).reduce((acc2, eqType) => {
+      return __spreadValues(__spreadValues({}, acc), (0, import_utils2.getEquivalentTypes)(wallet.type).filter((type) => this.partner.supportedWalletTypes.some((entry) => entry.type === type)).reduce((acc2, eqType) => {
         var _a2;
         return __spreadProps(__spreadValues({}, acc2), { [eqType]: [.../* @__PURE__ */ new Set([...(_a2 = acc2[eqType]) != null ? _a2 : [], id])] });
       }, {}));
@@ -2860,9 +3704,236 @@ setAuthInfo_fn = function(authInfo) {
 };
 getPartner_fn = function(partnerId) {
   return __async(this, null, function* () {
+    if (this.isPartnerOptional && !partnerId) {
+      return void 0;
+    }
     const res = yield this.ctx.client.getPartner(partnerId);
-    __privateSet(this, _partner, res.data.partner);
-    return __privateGet(this, _partner);
+    this.partner = res.data.partner;
+    return this.partner;
+  });
+};
+assertIsLinkingAccount_fn = function(types) {
+  if (!this.accountLinkInProgress || this.accountLinkInProgress.isComplete) {
+    throw new Error("no account linking in progress");
+  }
+  if (types && !types.includes(this.accountLinkInProgress.type)) {
+    throw new Error(
+      `account linking in progress for type ${this.accountLinkInProgress.type}, expected one of ${types.join(", ")}`
+    );
+  }
+  return this.accountLinkInProgress;
+};
+assertIsLinkingAccountOrStart_fn = function(type) {
+  return __async(this, null, function* () {
+    if (this.accountLinkInProgress && !this.accountLinkInProgress.isComplete) {
+      return __privateMethod(this, _ParaCore_instances, assertIsLinkingAccount_fn).call(this, [type]);
+    }
+    return yield this.linkAccount({ type });
+  });
+};
+getOAuthUrl_fn = function(_0) {
+  return __async(this, arguments, function* ({
+    method,
+    appScheme,
+    accountLinkInProgress,
+    sessionLookupId,
+    encryptionKey,
+    portalCallbackParams
+  }) {
+    if (!accountLinkInProgress && !this.isPortal()) {
+      return yield this.constructPortalUrl("oAuth", { sessionId: sessionLookupId, oAuthMethod: method, appScheme });
+    }
+    let portalSessionLookupId;
+    if (this.isPortal()) {
+      portalSessionLookupId = (yield this.touchSession(true)).sessionLookupId;
+    }
+    return (0, import_utils2.constructUrl)({
+      base: (0, import_userManagementClient.getBaseOAuthUrl)(this.ctx.env),
+      path: `/auth/${method.toLowerCase()}`,
+      params: __spreadProps(__spreadValues({
+        apiKey: this.ctx.apiKey,
+        origin: typeof window !== "undefined" ? window.location.origin : void 0,
+        sessionLookupId,
+        portalSessionLookupId,
+        appScheme
+      }, accountLinkInProgress ? {
+        linkedAccountId: this.accountLinkInProgress.id
+      } : {}), {
+        callback: !accountLinkInProgress && (yield this.constructPortalUrl("oAuthCallback", __spreadValues({
+          sessionId: sessionLookupId,
+          oAuthMethod: method,
+          appScheme,
+          thisDevice: {
+            sessionId: sessionLookupId,
+            encryptionKey
+          }
+        }, this.isPortal() && { params: portalCallbackParams })))
+      })
+    });
+  });
+};
+waitForLoginProcess_fn = function() {
+  return __async(this, arguments, function* ({
+    isCanceled = () => false,
+    onCancel,
+    onPoll,
+    skipSessionRefresh = false,
+    isSwitchingWallets = false
+  } = {}) {
+    this.devLog("[waitForLoginProcess] Starting", {
+      isSwitchingWallets,
+      skipSessionRefresh,
+      isExternalWalletAuth: this.isExternalWalletAuth
+    });
+    const startedAt = Date.now();
+    let originalCurrentWalletIdsHash;
+    if (isSwitchingWallets) {
+      this.devLog("[waitForLoginProcess] Wallet switching mode enabled");
+      this.isSwitchingWallets = true;
+      const session = yield this.touchSession();
+      originalCurrentWalletIdsHash = session.currentWalletIdsHash;
+      this.devLog("[waitForLoginProcess] Original wallet IDs hash", { originalCurrentWalletIdsHash });
+    }
+    return new Promise((resolve, reject) => {
+      (() => __async(this, null, function* () {
+        var _a;
+        if (!this.isExternalWalletAuth && !isSwitchingWallets) {
+          this.devLog("[waitForLoginProcess] Clearing external wallets");
+          this.externalWallets = {};
+        }
+        let pollCount = 0;
+        while (true) {
+          pollCount++;
+          this.devLog("[waitForLoginProcess] Poll iteration", {
+            pollCount,
+            elapsedMs: Date.now() - startedAt
+          });
+          if (isCanceled() || Date.now() - startedAt > constants.POLLING_TIMEOUT_MS) {
+            this.devLog("[waitForLoginProcess] Canceled or timed out", {
+              wasCanceled: isCanceled(),
+              timedOut: Date.now() - startedAt > constants.POLLING_TIMEOUT_MS,
+              elapsedMs: Date.now() - startedAt
+            });
+            if (isSwitchingWallets) {
+              this.isSwitchingWallets = false;
+            } else {
+              (0, import_utils2.dispatchEvent)(import_types.ParaEvent.LOGIN_EVENT, { isComplete: false }, "failed to setup user");
+            }
+            onCancel == null ? void 0 : onCancel();
+            return reject("canceled");
+          }
+          yield new Promise((resolve2) => setTimeout(resolve2, constants.POLLING_INTERVAL_MS));
+          try {
+            this.devLog("[waitForLoginProcess] Touching session");
+            let session = yield this.touchSession();
+            this.devLog("[waitForLoginProcess] Session state", {
+              isAuthenticated: session.isAuthenticated,
+              currentWalletIdsHash: session.currentWalletIdsHash,
+              needsWallet: session.needsWallet
+            });
+            const shouldContinuePolling = isSwitchingWallets ? originalCurrentWalletIdsHash === session.currentWalletIdsHash : !session.isAuthenticated;
+            this.devLog("[waitForLoginProcess] Should continue polling", {
+              shouldContinuePolling,
+              isSwitchingWallets,
+              originalCurrentWalletIdsHash,
+              sessionCurrentWalletIdsHash: session.currentWalletIdsHash,
+              isAuthenticated: session.isAuthenticated
+            });
+            if (shouldContinuePolling) {
+              onPoll == null ? void 0 : onPoll();
+              continue;
+            }
+            this.devLog("[waitForLoginProcess] Authentication check passed, setting up user");
+            session = yield this.userSetupAfterLogin();
+            const needsWallet = (_a = session.needsWallet) != null ? _a : false;
+            this.devLog("[waitForLoginProcess] User setup complete", { needsWallet });
+            if (isSwitchingWallets) {
+              const isWalletSwitchingComplete = originalCurrentWalletIdsHash !== session.currentWalletIdsHash;
+              this.devLog("[waitForLoginProcess] Wallet switching check", {
+                isWalletSwitchingComplete,
+                originalHash: originalCurrentWalletIdsHash,
+                sessionHash: session.currentWalletIdsHash
+              });
+              if (!isWalletSwitchingComplete) {
+                onPoll == null ? void 0 : onPoll();
+                continue;
+              }
+            } else if (!needsWallet) {
+              this.devLog("[waitForLoginProcess] Checking wallet IDs", {
+                currentWalletIdsArrayLength: this.currentWalletIdsArray.length
+              });
+              if (this.currentWalletIdsArray.length === 0) {
+                this.devLog("[waitForLoginProcess] No wallet IDs yet, continuing to poll");
+                onPoll == null ? void 0 : onPoll();
+                continue;
+              }
+            }
+            this.devLog("[waitForLoginProcess] Getting transmission key shares");
+            const tempSharesRes = yield this.getTransmissionKeyShares();
+            this.devLog("[waitForLoginProcess] Transmission shares received", {
+              shareCount: tempSharesRes.data.temporaryShares.length,
+              shares: tempSharesRes.data.temporaryShares.map((s) => ({
+                walletId: s.walletId,
+                walletScheme: s.walletScheme
+              }))
+            });
+            let hasSharesForCurrentWallets;
+            if (!isSwitchingWallets && !this.isPortal()) {
+              this.devLog("[waitForLoginProcess] Fetching wallets");
+              const fetchedWallets = yield this.fetchWallets();
+              this.devLog("[waitForLoginProcess] Wallets fetched", {
+                walletCount: fetchedWallets.length,
+                wallets: fetchedWallets.map((w) => ({ id: w.id, type: w.type, scheme: w.scheme }))
+              });
+              hasSharesForCurrentWallets = tempSharesRes.data.temporaryShares.length === fetchedWallets.length;
+            } else {
+              hasSharesForCurrentWallets = this.currentWalletIdsArray.every(([walletId]) => {
+                return tempSharesRes.data.temporaryShares.some((share) => share.walletId === walletId);
+              });
+            }
+            this.devLog("[waitForLoginProcess] Checking shares for current wallets", {
+              hasSharesForCurrentWallets,
+              currentWalletIdsArray: this.currentWalletIdsArray,
+              shares: tempSharesRes.data.temporaryShares.map((s) => ({
+                walletId: s.walletId,
+                walletScheme: s.walletScheme
+              }))
+            });
+            if (hasSharesForCurrentWallets) {
+              this.devLog("[waitForLoginProcess] Setting up after login");
+              yield this.setupAfterLogin({ temporaryShares: tempSharesRes.data.temporaryShares, skipSessionRefresh });
+              this.devLog("[waitForLoginProcess] Setup after login complete");
+              this.devLog("[waitForLoginProcess] Claiming pregen wallets");
+              yield this.claimPregenWallets();
+              this.devLog("[waitForLoginProcess] Pregen wallets claimed");
+              const resp = {
+                needsWallet: needsWallet || Object.values(this.wallets).length === 0,
+                partnerId: session.partnerId
+              };
+              this.devLog("[waitForLoginProcess] Login process complete", {
+                needsWallet: resp.needsWallet,
+                partnerId: resp.partnerId,
+                walletCount: Object.values(this.wallets).length,
+                isSwitchingWallets
+              });
+              if (isSwitchingWallets) {
+                this.devLog("[waitForLoginProcess] Clearing wallet switching state");
+                this.isSwitchingWallets = false;
+              } else {
+                this.devLog("[waitForLoginProcess] Dispatching LOGIN_EVENT");
+                (0, import_utils2.dispatchEvent)(import_types.ParaEvent.LOGIN_EVENT, resp);
+              }
+              return resolve(resp);
+            }
+            this.devLog("[waitForLoginProcess] Not all shares available yet, continuing to poll");
+            onPoll == null ? void 0 : onPoll();
+          } catch (err) {
+            console.error("[waitForLoginProcess] Error during polling iteration", err);
+            onPoll == null ? void 0 : onPoll();
+          }
+        }
+      }))();
+    });
   });
 };
 createPregenWallet_fn = function(opts) {
@@ -2915,8 +3986,9 @@ createPregenWallet_fn = function(opts) {
 _isCreateGuestWalletsPending = new WeakMap();
 prepareAuthState_fn = function(_0) {
   return __async(this, arguments, function* (serverAuthState, opts = {}) {
-    if (!opts.sessionLookupId && serverAuthState.stage === "login") {
-      opts.sessionLookupId = yield __privateMethod(this, _ParaCore_instances, prepareLogin_fn).call(this);
+    var _a, _b;
+    if (!opts.sessionLookupId && serverAuthState.stage === "login" && (!serverAuthState.externalWallet || !(((_a = serverAuthState.externalWallet) == null ? void 0 : _a.withFullParaAuth) && ((_b = serverAuthState.loginAuthMethods) == null ? void 0 : _b.includes(import_user_management_client.AuthMethod.PIN))))) {
+      opts.sessionLookupId = yield this.prepareLogin();
     }
     const { auth, externalWallet, userId, displayName, pfpUrl, username } = serverAuthState;
     const authInfo = __spreadValues(__spreadValues({}, (0, import_user_management_client.extractAuthInfo)(auth, { isRequired: true })), Object.fromEntries(
@@ -2930,34 +4002,70 @@ prepareAuthState_fn = function(_0) {
     yield __privateMethod(this, _ParaCore_instances, setAuthInfo_fn).call(this, authInfo);
     yield this.assertIsAuthSet();
     if (!!externalWallet) {
-      yield this.setExternalWallet(externalWallet);
+      yield this.setExternalWallet([externalWallet]);
     }
     if (!!userId) {
       yield this.setUserId(userId);
     }
     let authState;
     switch (serverAuthState.stage) {
+      case "done": {
+        authState = yield __privateMethod(this, _ParaCore_instances, prepareDoneState_fn).call(this, serverAuthState);
+        break;
+      }
       case "verify":
-        authState = serverAuthState;
+        authState = yield __privateMethod(this, _ParaCore_instances, prepareVerificationState_fn).call(this, serverAuthState, __spreadProps(__spreadValues({}, opts), {
+          sessionLookupId: opts.sessionLookupId
+        }));
         break;
       case "login":
+        if (externalWallet && !(externalWallet == null ? void 0 : externalWallet.withFullParaAuth)) {
+          authState = serverAuthState;
+          break;
+        }
         authState = yield __privateMethod(this, _ParaCore_instances, prepareLoginState_fn).call(this, serverAuthState, __spreadProps(__spreadValues({}, opts), { sessionLookupId: opts.sessionLookupId }));
         break;
       case "signup":
+        if (externalWallet && !(externalWallet == null ? void 0 : externalWallet.withFullParaAuth)) {
+          authState = serverAuthState;
+          break;
+        }
         authState = yield __privateMethod(this, _ParaCore_instances, prepareSignUpState_fn).call(this, serverAuthState, opts);
         break;
     }
     return authState;
   });
 };
-prepareLogin_fn = function() {
+prepareDoneState_fn = function(doneState) {
   return __async(this, null, function* () {
-    yield this.logout();
-    const { sessionLookupId } = yield this.touchSession(true);
-    if (!this.loginEncryptionKeyPair) {
-      yield this.setLoginEncryptionKeyPair();
+    let isSLOPossible = doneState.authMethods.includes(import_user_management_client.AuthMethod.BASIC_LOGIN);
+    this.isEnclaveUser = isSLOPossible;
+    return doneState;
+  });
+};
+prepareVerificationState_fn = function(_0, _1) {
+  return __async(this, arguments, function* (verifyState, {
+    useShortUrls: shorten = false,
+    portalTheme,
+    sessionLookupId
+  }) {
+    var _a;
+    let isSLOPossible = false;
+    if (verifyState.nextStage === "login") {
+      isSLOPossible = verifyState.loginAuthMethods.includes(import_user_management_client.AuthMethod.BASIC_LOGIN);
+    } else if (verifyState.nextStage === "signup") {
+      isSLOPossible = verifyState.signupAuthMethods.includes(import_user_management_client.AuthMethod.BASIC_LOGIN);
     }
-    return sessionLookupId;
+    this.isEnclaveUser = isSLOPossible;
+    const isExternalWalletFullAuth = (_a = verifyState.externalWallet) == null ? void 0 : _a.withFullParaAuth;
+    return __spreadValues(__spreadValues({}, verifyState), isSLOPossible || isExternalWalletFullAuth ? {
+      loginUrl: yield this.getLoginUrl({
+        authMethod: import_user_management_client.AuthMethod.BASIC_LOGIN,
+        sessionId: sessionLookupId,
+        shorten,
+        portalTheme
+      })
+    } : {});
   });
 };
 prepareLoginState_fn = function(_0, _1) {
@@ -2966,8 +4074,12 @@ prepareLoginState_fn = function(_0, _1) {
     portalTheme,
     sessionLookupId
   }) {
-    const _a = loginState, { loginAuthMethods } = _a, authState = __objRest(_a, ["loginAuthMethods"]);
-    return __spreadValues(__spreadValues(__spreadValues({}, authState), !this.isNativePasskey && loginAuthMethods.includes(import_user_management_client.AuthMethod.PASSKEY) ? {
+    const _a = loginState, { loginAuthMethods = [], hasPasswordWithoutPIN } = _a, authState = __objRest(_a, ["loginAuthMethods", "hasPasswordWithoutPIN"]);
+    const isPasskeySupported = yield this.isPasskeySupported(), isPasskeyPossible = loginAuthMethods.includes(import_user_management_client.AuthMethod.PASSKEY) && !this.isNativePasskey, isPasswordPossible = loginAuthMethods.includes(import_user_management_client.AuthMethod.PASSWORD) && hasPasswordWithoutPIN, isPINPossible = loginAuthMethods.includes(import_user_management_client.AuthMethod.PIN);
+    return __spreadValues(__spreadValues(__spreadValues(__spreadProps(__spreadValues({}, authState), {
+      isPasskeySupported,
+      loginAuthMethods
+    }), isPasskeyPossible ? {
       passkeyUrl: yield this.getLoginUrl({ sessionId: sessionLookupId, shorten, portalTheme }),
       passkeyKnownDeviceUrl: yield this.constructPortalUrl("loginAuth", {
         sessionId: sessionLookupId,
@@ -2978,28 +4090,41 @@ prepareLoginState_fn = function(_0, _1) {
         shorten,
         portalTheme
       })
-    } : {}), loginAuthMethods.includes(import_user_management_client.AuthMethod.PASSWORD) ? {
+    } : {}), isPasswordPossible ? {
       passwordUrl: yield this.constructPortalUrl("loginPassword", {
         sessionId: sessionLookupId,
         shorten,
-        portalTheme
+        portalTheme,
+        params: { isEmbedded: `${!loginState.isWalletSelectionNeeded}` }
+      })
+    } : {}), isPINPossible ? {
+      pinUrl: yield this.constructPortalUrl("loginPIN", {
+        sessionId: sessionLookupId,
+        shorten,
+        portalTheme,
+        params: { isEmbedded: `${!loginState.isWalletSelectionNeeded}` }
       })
     } : {});
   });
 };
 prepareSignUpState_fn = function(_0, _1) {
   return __async(this, arguments, function* (serverSignupState, { useShortUrls: shorten = false, portalTheme }) {
-    const _a = serverSignupState, { signupAuthMethods } = _a, authState = __objRest(_a, ["signupAuthMethods"]);
-    const [isPasskey, isPassword] = [
+    const _a = serverSignupState, { signupAuthMethods = [] } = _a, authState = __objRest(_a, ["signupAuthMethods"]);
+    const isPasskeySupported = yield this.isPasskeySupported();
+    const [isPasskey, isPassword, isPIN] = [
       signupAuthMethods.includes(import_user_management_client.AuthMethod.PASSKEY),
-      signupAuthMethods.includes(import_user_management_client.AuthMethod.PASSWORD)
+      signupAuthMethods.includes(import_user_management_client.AuthMethod.PASSWORD) || !isPasskeySupported,
+      signupAuthMethods.includes(import_user_management_client.AuthMethod.PIN)
     ];
-    if (!isPasskey && !isPassword) {
+    if (!isPasskey && !isPassword && !isPIN) {
       throw new Error(
-        "No supported authentication methods found. Please ensure you have enabled either WebAuth passkeys or passwords in your Developer Portal settings."
+        "No supported authentication methods found. Please ensure you have enabled either WebAuth passkeys, passwords or PINs in your Developer Portal settings."
       );
     }
-    const signupState = authState;
+    const signupState = __spreadProps(__spreadValues({}, authState), {
+      isPasskeySupported,
+      signupAuthMethods
+    });
     if (isPasskey) {
       const { url: passkeyUrl, credentialId: passkeyId } = yield this.getNewCredentialAndUrl({
         authMethod: "PASSKEY",
@@ -3017,6 +4142,15 @@ prepareSignUpState_fn = function(_0, _1) {
       signupState.passwordUrl = passwordUrl;
       signupState.passwordId = passwordId;
     }
+    if (isPIN) {
+      const { url: pinUrl, credentialId: pinId } = yield this.getNewCredentialAndUrl({
+        authMethod: "PIN",
+        portalTheme,
+        shorten
+      });
+      signupState.pinUrl = pinUrl;
+      signupState.pinId = pinId;
+    }
     return signupState;
   });
 };