npm - @getpara/core-sdk - Versions diffs - 2.0.0-dev.3 → 2.0.0-dev.7 - Mend

@getpara/core-sdk 2.0.0-dev.3 → 2.0.0-dev.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/dist/cjs/ParaCore.js +493 -146
package/dist/cjs/constants.js +10 -1
package/dist/cjs/index.js +2 -0
package/dist/cjs/shares/enclave.js +274 -0
package/dist/cjs/shares/shareDistribution.js +16 -1
package/dist/cjs/types/coreApi.js +3 -1
package/dist/esm/ParaCore.js +493 -147
package/dist/esm/constants.js +7 -1
package/dist/esm/index.js +2 -1
package/dist/esm/shares/enclave.js +234 -0
package/dist/esm/shares/shareDistribution.js +16 -1
package/dist/esm/types/coreApi.js +3 -1
package/dist/types/ParaCore.d.ts +41 -8
package/dist/types/PlatformUtils.d.ts +2 -1
package/dist/types/constants.d.ts +3 -0
package/dist/types/index.d.ts +2 -1
package/dist/types/shares/enclave.d.ts +81 -0
package/dist/types/shares/shareDistribution.d.ts +4 -2
package/dist/types/types/config.d.ts +2 -0
package/dist/types/types/coreApi.d.ts +12 -3
package/dist/types/types/methods.d.ts +37 -8
package/dist/types/types/wallet.d.ts +2 -2
package/package.json +3 -3

package/dist/cjs/ParaCore.js CHANGED Viewed

@@ -99,7 +99,8 @@ var import_recovery = require("./shares/recovery.js");
 var import_utils2 = require("./utils/index.js");
 var import_errors = require("./errors.js");
 var constants = __toESM(require("./constants.js"));
-var _authInfo, _partner, _ParaCore_instances, assertPartner_fn, guestWalletIds_get, guestWalletIdsArray_get, toAuthInfo_fn, setAuthInfo_fn, getPartner_fn, assertIsLinkingAccount_fn, assertIsLinkingAccountOrStart_fn, getOAuthUrl_fn, createPregenWallet_fn, _isCreateGuestWalletsPending, prepareAuthState_fn, prepareLogin_fn, prepareLoginState_fn, prepareSignUpState_fn;
+var import_enclave = require("./shares/enclave.js");
+var _authInfo, _ParaCore_instances, assertPartner_fn, guestWalletIds_get, guestWalletIdsArray_get, toAuthInfo_fn, setAuthInfo_fn, getPartner_fn, assertIsLinkingAccount_fn, assertIsLinkingAccountOrStart_fn, getOAuthUrl_fn, createPregenWallet_fn, _isCreateGuestWalletsPending, prepareAuthState_fn, prepareDoneState_fn, prepareVerificationState_fn, prepareLoginState_fn, prepareSignUpState_fn;
 if (typeof global !== "undefined") {
   global.Buffer = global.Buffer || import_buffer.Buffer;
 } else if (typeof window !== "undefined") {
@@ -111,24 +112,19 @@ if (typeof global !== "undefined") {
 }
 const { pki, jsbn } = import_node_forge.default;
 const _ParaCore = class _ParaCore {
-  /**
-   * Constructs a new `ParaCore` instance.
-   * @param env - `Environment` to use.
-   * @param apiKey - API key to use.
-   * @param opts - Additional constructor options; see `ConstructorOpts`.
-   * @returns - A new ParaCore instance.
-   */
-  constructor(env, apiKey, opts) {
+  constructor(envOrApiKey, apiKeyOrOpts, opts) {
     __privateAdd(this, _ParaCore_instances);
+    this.popupWindow = null;
     __privateAdd(this, _authInfo);
     this.isNativePasskey = false;
     this.isReady = false;
-    __privateAdd(this, _partner);
     this.accountLinkInProgress = void 0;
+    this.isEnclaveUser = false;
     this.isAwaitingAccountCreation = false;
     this.isAwaitingLogin = false;
     this.isAwaitingFarcaster = false;
     this.isAwaitingOAuth = false;
+    this.isWorkerInitialized = false;
     /**
      * The IDs of the currently active wallets, for each supported wallet type. Any signer integrations will default to the first viable wallet ID in this dictionary.
      */
@@ -137,6 +133,7 @@ const _ParaCore = class _ParaCore {
      * Wallets associated with the `ParaCore` instance.
      */
     this.externalWallets = {};
+    this.onRampPopup = void 0;
     this.localStorageGetItem = (key) => {
       return this.platformUtils.localStorage.get(key);
     };
@@ -158,16 +155,29 @@ const _ParaCore = class _ParaCore {
     this.retrieveSessionCookie = () => {
       return this.sessionCookie;
     };
+    this.retrieveEnclaveJwt = () => {
+      return this.enclaveJwt;
+    };
+    this.retrieveEnclaveRefreshJwt = () => {
+      return this.enclaveRefreshJwt;
+    };
     /**
      * Remove all local storage and prefixed session storage.
      * @param {'local' | 'session' | 'secure' | 'all'} type - Type of storage to clear. Defaults to 'all'.
      */
     this.clearStorage = (type = "all") => __async(this, null, function* () {
       const isAll = type === "all";
-      (isAll || type === "local") && this.platformUtils.localStorage.clear(constants.PREFIX);
-      (isAll || type === "session") && this.platformUtils.sessionStorage.clear(constants.PREFIX);
+      if (isAll || type === "local") {
+        this.platformUtils.localStorage.clear(constants.PREFIX);
+        this.platformUtils.localStorage.clear(constants.PARA_PREFIX);
+      }
+      if (isAll || type === "session") {
+        this.platformUtils.sessionStorage.clear(constants.PREFIX);
+        this.platformUtils.sessionStorage.clear(constants.PARA_PREFIX);
+      }
       if ((isAll || type === "secure") && this.platformUtils.secureStorage) {
         this.platformUtils.secureStorage.clear(constants.PREFIX);
+        this.platformUtils.secureStorage.clear(constants.PARA_PREFIX);
       }
     });
     this.trackError = (methodName, err) => __async(this, null, function* () {
@@ -209,6 +219,7 @@ const _ParaCore = class _ParaCore {
       this.updateWalletIdsFromStorage();
       this.updateSessionCookieFromStorage();
       this.updateLoginEncryptionKeyPairFromStorage();
+      this.updateEnclaveJwtFromStorage();
     };
     this.updateAuthInfoFromStorage = () => {
       var _a;
@@ -228,6 +239,10 @@ const _ParaCore = class _ParaCore {
       }
       __privateSet(this, _authInfo, authInfo);
     };
+    this.updateEnclaveJwtFromStorage = () => {
+      this.enclaveJwt = this.localStorageGetItem(constants.LOCAL_STORAGE_ENCLAVE_JWT) || this.sessionStorageGetItem(constants.LOCAL_STORAGE_ENCLAVE_JWT) || void 0;
+      this.enclaveRefreshJwt = this.localStorageGetItem(constants.LOCAL_STORAGE_ENCLAVE_REFRESH_JWT) || this.sessionStorageGetItem(constants.LOCAL_STORAGE_ENCLAVE_REFRESH_JWT) || void 0;
+    };
     this.updateUserIdFromStorage = () => {
       this.userId = this.localStorageGetItem(constants.LOCAL_STORAGE_USER_ID) || void 0;
     };
@@ -288,6 +303,16 @@ const _ParaCore = class _ParaCore {
       const _externalWallets = JSON.parse(stringExternalWallets || "{}");
       this.setExternalWallets(_externalWallets);
     };
+    this.initializeWorker = () => __async(this, null, function* () {
+      if (!this.isWorkerInitialized && !this.ctx.disableWebSockets && !this.ctx.disableWorkers) {
+        try {
+          this.isWorkerInitialized = true;
+          yield this.platformUtils.initializeWorker(this.ctx);
+        } catch (e) {
+          this.devLog("error initializing worker:", e);
+        }
+      }
+    });
     /**
      * Creates several new wallets with the desired types. If no types are provided, this method
      * will create one for each of the non-optional types specified in the instance's `supportedWalletTypes`
@@ -304,8 +329,29 @@ const _ParaCore = class _ParaCore {
     }) {
       return (yield this.ctx.client.getWalletBalance({ walletId, rpcUrl })).balance;
     });
-    if (!apiKey) {
-      throw new Error("A Para API key is required.");
+    let env, apiKey;
+    const actualArgs = Array.from(arguments).filter((arg) => arg !== void 0);
+    const actualArgumentCount = actualArgs.length;
+    if (actualArgumentCount === 1) {
+      if (Object.values(import_types.Environment).includes(envOrApiKey)) {
+        throw new Error("A Para API key is required.");
+      }
+      env = _ParaCore.resolveEnvironment(void 0, actualArgs[0]);
+      apiKey = actualArgs[0];
+      opts = void 0;
+    } else if (actualArgumentCount === 2) {
+      if (typeof apiKeyOrOpts === "object" && apiKeyOrOpts !== null) {
+        env = _ParaCore.resolveEnvironment(void 0, envOrApiKey);
+        apiKey = envOrApiKey;
+        opts = apiKeyOrOpts;
+      } else {
+        env = _ParaCore.resolveEnvironment(envOrApiKey, apiKeyOrOpts);
+        apiKey = apiKeyOrOpts;
+        opts = void 0;
+      }
+    } else {
+      env = _ParaCore.resolveEnvironment(envOrApiKey, apiKeyOrOpts);
+      apiKey = apiKeyOrOpts;
     }
     if (!opts) opts = {};
     let isE2E = false;
@@ -348,18 +394,41 @@ const _ParaCore = class _ParaCore {
         cookie
       );
     };
+    this.persistEnclaveJwt = (jwt) => {
+      this.enclaveJwt = jwt;
+      (opts.useSessionStorage ? this.sessionStorageSetItem : this.localStorageSetItem)(
+        constants.LOCAL_STORAGE_ENCLAVE_JWT,
+        jwt
+      );
+    };
+    this.persistEnclaveRefreshJwt = (refreshJwt) => {
+      this.enclaveRefreshJwt = refreshJwt;
+      (opts.useSessionStorage ? this.sessionStorageSetItem : this.localStorageSetItem)(
+        constants.LOCAL_STORAGE_ENCLAVE_REFRESH_JWT,
+        refreshJwt
+      );
+    };
+    const client = (0, import_userManagementClient.initClient)({
+      env,
+      version: _ParaCore.version,
+      apiKey,
+      partnerId: this.isPortal(env) ? opts.portalPartnerId : void 0,
+      useFetchAdapter: !!opts.disableWorkers,
+      retrieveSessionCookie: this.retrieveSessionCookie,
+      persistSessionCookie: this.persistSessionCookie
+    });
+    const enclaveClient = new import_enclave.EnclaveClient({
+      userManagementClient: client,
+      retrieveJwt: this.retrieveEnclaveJwt,
+      persistJwt: this.persistEnclaveJwt,
+      retrieveRefreshJwt: this.retrieveEnclaveRefreshJwt,
+      persistRefreshJwt: this.persistEnclaveRefreshJwt
+    });
     this.ctx = {
       env,
       apiKey,
-      client: (0, import_userManagementClient.initClient)({
-        env,
-        version: _ParaCore.version,
-        apiKey,
-        partnerId: this.isPortal(env) ? opts.portalPartnerId : void 0,
-        useFetchAdapter: !!opts.disableWorkers,
-        retrieveSessionCookie: this.retrieveSessionCookie,
-        persistSessionCookie: this.persistSessionCookie
-      }),
+      client,
+      enclaveClient,
       disableWorkers: opts.disableWorkers,
       offloadMPCComputationURL: opts.offloadMPCComputationURL,
       useLocalFiles: opts.useLocalFiles,
@@ -453,11 +522,19 @@ const _ParaCore = class _ParaCore {
   }
   get partnerId() {
     var _a;
-    return (_a = __privateGet(this, _partner)) == null ? void 0 : _a.id;
+    return (_a = this.partner) == null ? void 0 : _a.id;
+  }
+  get partnerName() {
+    var _a;
+    return (_a = this.partner) == null ? void 0 : _a.displayName;
+  }
+  get partnerLogo() {
+    var _a;
+    return (_a = this.partner) == null ? void 0 : _a.logoUrl;
   }
   get currentWalletIdsArray() {
     var _a, _b;
-    return ((_b = (_a = __privateGet(this, _partner)) == null ? void 0 : _a.supportedWalletTypes) != null ? _b : Object.keys(this.currentWalletIds).map((type) => ({ type }))).reduce(
+    return ((_b = (_a = this.partner) == null ? void 0 : _a.supportedWalletTypes) != null ? _b : Object.keys(this.currentWalletIds).map((type) => ({ type }))).reduce(
       (acc, { type }) => {
         var _a2;
         return [
@@ -497,23 +574,23 @@ const _ParaCore = class _ParaCore {
   }
   get isNoWalletConfig() {
     var _a;
-    return !!((_a = __privateGet(this, _partner)) == null ? void 0 : _a.supportedWalletTypes) && __privateGet(this, _partner).supportedWalletTypes.length === 0;
+    return !!((_a = this.partner) == null ? void 0 : _a.supportedWalletTypes) && this.partner.supportedWalletTypes.length === 0;
   }
   get supportedWalletTypes() {
     var _a, _b;
-    return (_b = (_a = __privateGet(this, _partner)) == null ? void 0 : _a.supportedWalletTypes) != null ? _b : [];
+    return (_b = (_a = this.partner) == null ? void 0 : _a.supportedWalletTypes) != null ? _b : [];
   }
   get cosmosPrefix() {
     var _a;
-    return (_a = __privateGet(this, _partner)) == null ? void 0 : _a.cosmosPrefix;
+    return (_a = this.partner) == null ? void 0 : _a.cosmosPrefix;
   }
   get supportedAccountLinks() {
     var _a, _b;
-    return (_b = (_a = __privateGet(this, _partner)) == null ? void 0 : _a.supportedAccountLinks) != null ? _b : [...import_user_management_client.LINKED_ACCOUNT_TYPES];
+    return (_b = (_a = this.partner) == null ? void 0 : _a.supportedAccountLinks) != null ? _b : [...import_user_management_client.LINKED_ACCOUNT_TYPES];
   }
   get isWalletTypeEnabled() {
     var _a;
-    return (((_a = __privateGet(this, _partner)) == null ? void 0 : _a.supportedWalletTypes) || []).reduce((acc, { type }) => {
+    return (((_a = this.partner) == null ? void 0 : _a.supportedWalletTypes) || []).reduce((acc, { type }) => {
       return __spreadProps(__spreadValues({}, acc), { [type]: true });
     }, {});
   }
@@ -562,7 +639,7 @@ const _ParaCore = class _ParaCore {
   }
   isWalletSupported(wallet) {
     var _a, _b;
-    return !((_a = __privateGet(this, _partner)) == null ? void 0 : _a.supportedWalletTypes) || (0, import_utils2.isWalletSupported)((_b = __privateGet(this, _partner).supportedWalletTypes.map(({ type }) => type)) != null ? _b : [], wallet);
+    return !((_a = this.partner) == null ? void 0 : _a.supportedWalletTypes) || (0, import_utils2.isWalletSupported)((_b = this.partner.supportedWalletTypes.map(({ type }) => type)) != null ? _b : [], wallet);
   }
   isWalletOwned(wallet) {
     return this.isWalletSupported(wallet) && !(wallet == null ? void 0 : wallet.pregenIdentifier) && !(wallet == null ? void 0 : wallet.pregenIdentifierType) && !!this.userId && (wallet == null ? void 0 : wallet.userId) === this.userId;
@@ -593,7 +670,7 @@ const _ParaCore = class _ParaCore {
       } else if (!isOwned && !isUnclaimed) {
         error = `wallet with id ${wallet == null ? void 0 : wallet.id} is not owned by the current user`;
       } else if (!this.isWalletSupported(wallet)) {
-        error = `wallet with id ${wallet.id} and type ${wallet.type} is not supported, supported types are: ${(((_b = __privateGet(this, _partner)) == null ? void 0 : _b.supportedWalletTypes) || []).map(({ type }) => type).join(", ")}`;
+        error = `wallet with id ${wallet.id} and type ${wallet.type} is not supported, supported types are: ${(((_b = this.partner) == null ? void 0 : _b.supportedWalletTypes) || []).map(({ type }) => type).join(", ")}`;
       } else if (types && (!(0, import_utils2.getEquivalentTypes)(types).includes(wallet == null ? void 0 : wallet.type) || isOwned && !types.some((type) => {
         var _a2, _b2;
         return (_b2 = (_a2 = this.currentWalletIds) == null ? void 0 : _a2[type]) == null ? void 0 : _b2.includes(walletId);
@@ -624,7 +701,7 @@ const _ParaCore = class _ParaCore {
     if (this.externalWallets[walletId]) {
       const wallet2 = this.externalWallets[walletId];
       return options.truncate ? (0, import_utils2.truncateAddress)(wallet2.address, wallet2.type, {
-        prefix: (_a = __privateGet(this, _partner)) == null ? void 0 : _a.cosmosPrefix,
+        prefix: (_a = this.partner) == null ? void 0 : _a.cosmosPrefix,
         targetLength: options.targetLength
       }) : wallet2.address;
     }
@@ -636,7 +713,7 @@ const _ParaCore = class _ParaCore {
     let prefix;
     switch (wallet.type) {
       case "COSMOS":
-        prefix = (_d = (_c = options.cosmosPrefix) != null ? _c : (_b = __privateGet(this, _partner)) == null ? void 0 : _b.cosmosPrefix) != null ? _d : "cosmos";
+        prefix = (_d = (_c = options.cosmosPrefix) != null ? _c : (_b = this.partner) == null ? void 0 : _b.cosmosPrefix) != null ? _d : "cosmos";
         str = (0, import_utils2.getCosmosAddress)(wallet.publicKey, prefix);
         break;
       default:
@@ -670,29 +747,40 @@ const _ParaCore = class _ParaCore {
   constructPortalUrl(_0) {
     return __async(this, arguments, function* (type, opts = {}) {
       var _a, _b, _c, _d, _e, _f, _g, _h, _i, _j, _k, _l, _m;
-      const [isCreate, isLogin, isOnRamp] = [
-        ["createAuth", "createPassword"].includes(type),
-        ["loginAuth", "loginPassword"].includes(type),
-        type === "onRamp"
+      const [isCreate, isLogin, isOnRamp, isOAuth, isOAuthCallback, isTelegramLogin, isFarcasterLogin] = [
+        ["createAuth", "createPassword", "createPIN"].includes(type),
+        ["loginAuth", "loginPassword", "loginPIN", "loginOTP"].includes(type),
+        type === "onRamp",
+        type === "oAuth",
+        type === "oAuthCallback",
+        ["telegramLogin", "telegramLoginVerify"].includes(type),
+        type === "loginFarcaster"
       ];
+      if (isOAuth && !opts.oAuthMethod) {
+        throw new Error("oAuthMethod is required for oAuth portal URLs");
+      }
       if (isCreate || isLogin) {
         this.assertIsAuthSet();
       }
       let sessionId = opts.sessionId;
-      if ((isLogin || isOnRamp) && !sessionId) {
+      if ((isLogin || isOnRamp || isTelegramLogin || isFarcasterLogin) && !sessionId) {
         const session = yield this.touchSession(true);
         sessionId = session.sessionId;
       }
       if (!this.loginEncryptionKeyPair) {
         yield this.setLoginEncryptionKeyPair();
       }
-      const base = type === "onRamp" || type === "telegramLogin" ? (0, import_utils2.getPortalBaseURL)(this.ctx, type === "telegramLogin") : yield this.getPortalURL();
+      const base = type === "onRamp" || isTelegramLogin ? (0, import_utils2.getPortalBaseURL)(this.ctx, isTelegramLogin) : yield this.getPortalURL();
       let path;
       switch (type) {
         case "createPassword": {
           path = `/web/users/${this.userId}/passwords/${opts.pathId}`;
           break;
         }
+        case "createPIN": {
+          path = `/web/users/${this.userId}/pin/${opts.pathId}`;
+          break;
+        }
         case "createAuth": {
           path = `/web/users/${this.userId}/biometrics/${opts.pathId}`;
           break;
@@ -705,18 +793,42 @@ const _ParaCore = class _ParaCore {
           path = "/web/biometrics/login";
           break;
         }
+        case "loginPIN": {
+          path = "/web/pin/login";
+          break;
+        }
         case "txReview": {
           path = `/web/users/${this.userId}/transaction-review/${opts.pathId}`;
           break;
         }
         case "onRamp": {
-          path = `/web/users/${this.userId}/on-ramp-transaction/${opts.pathId}`;
+          path = `/web/users/${this.userId}/on-ramp-transaction/v2/${opts.pathId}`;
+          break;
+        }
+        case "telegramLoginVerify": {
+          path = `/auth/telegram/verify`;
           break;
         }
         case "telegramLogin": {
           path = `/auth/telegram`;
           break;
         }
+        case "oAuth": {
+          path = `/auth/${opts.oAuthMethod.toLowerCase()}`;
+          break;
+        }
+        case "oAuthCallback": {
+          path = `/auth/${opts.oAuthMethod.toLowerCase()}/callback`;
+          break;
+        }
+        case "loginOTP": {
+          path = "/auth/otp";
+          break;
+        }
+        case "loginFarcaster": {
+          path = "/auth/farcaster";
+          break;
+        }
         default: {
           throw new Error(`invalid URL type ${type}`);
         }
@@ -735,7 +847,7 @@ const _ParaCore = class _ParaCore {
         encryptionKey: (0, import_utils.getPublicKeyHex)(this.loginEncryptionKeyPair),
         sessionId
       };
-      const params = __spreadValues(__spreadValues(__spreadValues(__spreadValues(__spreadValues({
+      const params = __spreadValues(__spreadValues(__spreadValues(__spreadValues(__spreadValues(__spreadValues({
         apiKey: this.ctx.apiKey,
         partnerId: partner == null ? void 0 : partner.id,
         portalFont: ((_b = opts.portalTheme) == null ? void 0 : _b.font) || (partner == null ? void 0 : partner.font) || ((_c = this.portalTheme) == null ? void 0 : _c.font),
@@ -753,7 +865,7 @@ const _ParaCore = class _ParaCore {
       }, (0, import_user_management_client.isPhone)(this.authInfo.auth) ? (0, import_utils2.splitPhoneNumber)(this.authInfo.auth.phone) : this.authInfo.auth), {
         pfpUrl: this.authInfo.pfpUrl,
         displayName: this.authInfo.displayName
-      }) : {}), isOnRamp ? { sessionId } : {}), isLogin ? __spreadProps(__spreadValues({
+      }) : {}), isOnRamp ? { origin: typeof window !== "undefined" ? window.location.origin : void 0, email: this.email } : {}), isLogin || isOAuth || isOAuthCallback || isTelegramLogin || isFarcasterLogin ? __spreadProps(__spreadValues({
         sessionId: thisDevice.sessionId,
         encryptionKey: thisDevice.encryptionKey
       }, opts.newDevice ? {
@@ -761,7 +873,9 @@ const _ParaCore = class _ParaCore {
         newDeviceEncryptionKey: opts.newDevice.encryptionKey
       } : {}), {
         pregenIds: JSON.stringify(this.pregenIds)
-      }) : {}), type === "telegramLogin" ? { isEmbed: "true" } : {}), opts.params || {});
+      }) : {}), isOAuth || isOAuthCallback || isFarcasterLogin ? {
+        appScheme: opts.appScheme
+      } : {}), isTelegramLogin ? { isEmbed: "true" } : {}), opts.params || {});
       const url = (0, import_utils2.constructUrl)({ base, path, params });
       if (opts.shorten) {
         return (0, import_utils2.shortenUrl)(this.ctx, url);
@@ -769,15 +883,62 @@ const _ParaCore = class _ParaCore {
       return url;
     });
   }
+  static resolveEnvironment(env, apiKey) {
+    var _a;
+    if (!apiKey) {
+      throw new Error("A Para API key is required.");
+    }
+    if (apiKey.includes("_")) {
+      const validEnvironmentPrefixes = Object.values(import_types.Environment);
+      const envPrefix = (_a = apiKey.split("_")[0]) == null ? void 0 : _a.toUpperCase();
+      const hasValidPrefix = validEnvironmentPrefixes.some((envValue) => envValue === envPrefix);
+      if (!hasValidPrefix) {
+        throw new Error(`Invalid API key environment prefix.`);
+      }
+      return envPrefix;
+    }
+    if (!env) {
+      throw new Error("Environment parameter is required.");
+    }
+    return env;
+  }
   touchSession(regenerate = false) {
     return __async(this, null, function* () {
-      var _a, _b, _c;
+      var _a, _b, _c, _d;
+      if (!this.isWorkerInitialized) {
+        this.initializeWorker();
+      }
       if (!this.isReady) {
         yield this.ready();
       }
       const session = yield this.ctx.client.touchSession(regenerate);
-      if (!__privateGet(this, _partner) || ((_a = __privateGet(this, _partner)) == null ? void 0 : _a.id) !== session.partnerId || !(0, import_utils2.supportedWalletTypesEq)(((_b = __privateGet(this, _partner)) == null ? void 0 : _b.supportedWalletTypes) || [], session.supportedWalletTypes) || (((_c = __privateGet(this, _partner)) == null ? void 0 : _c.cosmosPrefix) || "cosmos") !== session.cosmosPrefix) {
-        yield __privateMethod(this, _ParaCore_instances, getPartner_fn).call(this, session.partnerId);
+      if (!this.partner || ((_a = this.partner) == null ? void 0 : _a.id) !== session.partnerId || !(0, import_utils2.supportedWalletTypesEq)(((_b = this.partner) == null ? void 0 : _b.supportedWalletTypes) || [], session.supportedWalletTypes) || (((_c = this.partner) == null ? void 0 : _c.cosmosPrefix) || "cosmos") !== session.cosmosPrefix) {
+        if (!session.partnerId) {
+          console.error(`
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+\u{1F6A8} PARA SDK CONFIGURATION ERROR \u{1F6A8}
+INVALID API KEY FOR CONFIGURED ENVIRONMENT
+Your API key does not match the configured environment. This usually means:
+1. You're using a production API key with a development environment
+2. You're using a development API key with a production environment
+3. Your API key is invalid or has been regenerated
+SOLUTION:
+\u2022 Verify your API key at: https://developer.getpara.com
+\u2022 If your API key doesn't contain an environment prefix, ensure your API key is the correct key for your target environment
+Current Environment: ${this.ctx.env}
+API Key Prefix: ${((_d = this.ctx.apiKey) == null ? void 0 : _d.split("_")[0].toUpperCase()) || "None"}
+Need help? Visit: https://docs.getpara.com or contact support
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+        `);
+        } else {
+          yield __privateMethod(this, _ParaCore_instances, getPartner_fn).call(this, session.partnerId);
+        }
       }
       return session;
     });
@@ -876,8 +1037,8 @@ const _ParaCore = class _ParaCore {
       return __privateGet(this, _authInfo);
     });
   }
-  assertUserId() {
-    if (!this.userId || this.isGuestMode) {
+  assertUserId({ allowGuestMode = false } = {}) {
+    if (!this.userId || !allowGuestMode && this.isGuestMode) {
       throw new Error("no userId is set");
     }
     return this.userId;
@@ -935,11 +1096,59 @@ const _ParaCore = class _ParaCore {
    */
   setExternalWallet(externalWallet) {
     return __async(this, null, function* () {
+      const { id: partnerId, supportedWalletTypes } = yield __privateMethod(this, _ParaCore_instances, assertPartner_fn).call(this);
       this.externalWallets = (Array.isArray(externalWallet) ? externalWallet : [externalWallet]).reduce(
+        (acc, {
+          partnerId: wPartnerId,
+          address,
+          type,
+          provider,
+          providerId,
+          addressBech32,
+          withFullParaAuth,
+          isConnectionOnly,
+          withVerification
+        }) => {
+          if (partnerId === wPartnerId && supportedWalletTypes.some(({ type: supportedType }) => supportedType === type)) {
+            return __spreadProps(__spreadValues({}, acc), {
+              [address]: {
+                id: address,
+                partnerId,
+                address: addressBech32 != null ? addressBech32 : address,
+                type,
+                name: provider,
+                isExternal: true,
+                isExternalWithParaAuth: withFullParaAuth,
+                externalProviderId: providerId,
+                signer: "",
+                isExternalConnectionOnly: isConnectionOnly,
+                isExternalWithVerification: withVerification
+              }
+            });
+          }
+          return acc;
+        },
+        {}
+      ), this.setExternalWallets(this.externalWallets);
+      (0, import_utils2.dispatchEvent)(import_types.ParaEvent.EXTERNAL_WALLET_CHANGE_EVENT, null);
+    });
+  }
+  addExternalWallets(externalWallets) {
+    return __async(this, null, function* () {
+      const { id: partnerId, supportedWalletTypes } = yield __privateMethod(this, _ParaCore_instances, assertPartner_fn).call(this);
+      this.externalWallets = __spreadValues(__spreadValues({}, Object.entries(this.externalWallets).reduce((acc, [address, wallet]) => {
+        if (partnerId === wallet.partnerId && supportedWalletTypes.some(({ type }) => type === wallet.type)) {
+          return __spreadProps(__spreadValues({}, acc), {
+            [address]: wallet
+          });
+        }
+        return acc;
+      }, {})), externalWallets.reduce(
         (acc, { address, type, provider, providerId, addressBech32, withFullParaAuth, isConnectionOnly, withVerification }) => {
           return __spreadProps(__spreadValues({}, acc), {
             [address]: {
               id: address,
+              partnerId,
               address: addressBech32 != null ? addressBech32 : address,
               type,
               name: provider,
@@ -953,7 +1162,7 @@ const _ParaCore = class _ParaCore {
           });
         },
         {}
-      );
+      ));
       this.setExternalWallets(this.externalWallets);
       (0, import_utils2.dispatchEvent)(import_types.ParaEvent.EXTERNAL_WALLET_CHANGE_EVENT, null);
     });
@@ -1307,7 +1516,7 @@ const _ParaCore = class _ParaCore {
       ]);
       const externalWallets = Array.isArray(externalWallet) ? externalWallet : [externalWallet];
       if (this.externalWalletConnectionOnly || externalWallets.every((wallet) => wallet.isConnectionOnly)) {
-        yield this.setExternalWallet(
+        yield this.addExternalWallets(
           externalWallets.map((wallet) => __spreadProps(__spreadValues({}, wallet), {
             withFullParaAuth: false
           }))
@@ -1342,12 +1551,17 @@ const _ParaCore = class _ParaCore {
         "cosmosPublicKeyHex",
         "cosmosSigner"
       ]);
+      var _a;
       const serverAuthState = yield this.ctx.client.verifyExternalWallet(this.userId, {
         externalWallet,
         signedMessage,
         cosmosPublicKeyHex,
         cosmosSigner
       });
+      if (serverAuthState.stage === "login" && ((_a = serverAuthState.loginAuthMethods) == null ? void 0 : _a.includes(import_user_management_client.AuthMethod.PIN))) {
+        const { sessionLookupId } = yield this.touchSession();
+        return __privateMethod(this, _ParaCore_instances, prepareLoginState_fn).call(this, serverAuthState, __spreadProps(__spreadValues({}, urlOptions), { sessionLookupId }));
+      }
       return __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, urlOptions);
     });
   }
@@ -1364,6 +1578,7 @@ const _ParaCore = class _ParaCore {
       return accounts;
     });
   }
+  // TELEGRAM
   /**
    * Validates the response received from an attempted Telegram login for authenticity, then
    * creates or retrieves the corresponding Para user and prepares the Para instance to sign in with that user.
@@ -1373,19 +1588,28 @@ const _ParaCore = class _ParaCore {
   verifyTelegramProcess(_e) {
     return __async(this, null, function* () {
       var _f = _e, {
+        serverAuthState: optsServerAuthState,
         telegramAuthResponse,
         isLinkAccount
       } = _f, urlOptions = __objRest(_f, [
+        "serverAuthState",
         "telegramAuthResponse",
         "isLinkAccount"
       ]);
       try {
         switch (isLinkAccount) {
           case false: {
-            const serverAuthState = yield this.ctx.client.verifyTelegram(telegramAuthResponse);
-            return __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, urlOptions);
+            if (!optsServerAuthState && !telegramAuthResponse) {
+              throw new Error("one of serverAuthState or telegramAuthResponse are required for verifying telegram");
+            }
+            const serverAuthState = optsServerAuthState != null ? optsServerAuthState : yield this.ctx.client.verifyTelegram({ authObject: telegramAuthResponse });
+            const { sessionLookupId } = yield this.touchSession();
+            return __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, __spreadProps(__spreadValues({}, urlOptions), { sessionLookupId }));
           }
           case true: {
+            if (!telegramAuthResponse) {
+              throw new Error("telegramAuthResponse is required for verifying telegram link");
+            }
             const accountLinkInProgress = yield __privateMethod(this, _ParaCore_instances, assertIsLinkingAccountOrStart_fn).call(this, "TELEGRAM");
             const accounts = yield this.verifyLink({
               accountLinkInProgress,
@@ -1459,6 +1683,7 @@ const _ParaCore = class _ParaCore {
       let type, linkedAccountId;
       switch (reason) {
         case "SIGNUP":
+        case "LOGIN":
           {
             const authInfo = this.assertIsAuthSet(["email", "phone"]);
             type = authInfo.authType.toUpperCase();
@@ -1472,7 +1697,7 @@ const _ParaCore = class _ParaCore {
           }
           break;
       }
-      const userId = this.assertUserId();
+      const userId = this.assertUserId({ allowGuestMode: true });
       if (type !== "EMAIL" && type !== "PHONE") {
         throw new Error("invalid auth type for verification code");
       }
@@ -1510,6 +1735,9 @@ const _ParaCore = class _ParaCore {
   isFullyLoggedIn() {
     return __async(this, null, function* () {
       if (this.externalWalletConnectionType === "CONNECTION_ONLY") {
+        if (!this.isReady) {
+          yield this.ready();
+        }
         return true;
       }
       if (this.isGuestMode) {
@@ -1526,10 +1754,13 @@ const _ParaCore = class _ParaCore {
     return __privateGet(this, _ParaCore_instances, guestWalletIdsArray_get).length > 0 && Object.values(this.wallets).every(
       ({ userId, partnerId }) => {
         var _a;
-        return partnerId === ((_a = __privateGet(this, _partner)) == null ? void 0 : _a.id) && (!userId || userId !== this.userId);
+        return partnerId === ((_a = this.partner) == null ? void 0 : _a.id) && (!userId || userId !== this.userId);
       }
     );
   }
+  /**
+   * Get the auth methods available to an existing user
+   */
   supportedAuthMethods(auth) {
     return __async(this, null, function* () {
       const { supportedAuthMethods } = yield this.ctx.client.getSupportedAuthMethods(auth);
@@ -1633,6 +1864,7 @@ const _ParaCore = class _ParaCore {
       return connectUri;
     });
   }
+  // FARCASTER
   /**
    * Awaits the response from a user's attempt to log in with Farcaster.
    * If successful, this returns the user's Farcaster username and profile picture and indicates whether the user already exists.
@@ -1645,14 +1877,20 @@ const _ParaCore = class _ParaCore {
         onConnectUri,
         onCancel,
         onPoll,
-        isLinkAccount
+        isLinkAccount,
+        serverAuthState: optsServerAuthState
       } = _h, urlOptions = __objRest(_h, [
         "isCanceled",
         "onConnectUri",
         "onCancel",
         "onPoll",
-        "isLinkAccount"
+        "isLinkAccount",
+        "serverAuthState"
       ]);
+      if (optsServerAuthState) {
+        const authState = yield __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, optsServerAuthState, urlOptions);
+        return authState;
+      }
       let accountLinkInProgress;
       if (isLinkAccount) {
         accountLinkInProgress = yield __privateMethod(this, _ParaCore_instances, assertIsLinkingAccountOrStart_fn).call(this, "FARCASTER");
@@ -1714,7 +1952,9 @@ const _ParaCore = class _ParaCore {
   }
   getOAuthUrl(opts) {
     return __async(this, null, function* () {
-      return __privateMethod(this, _ParaCore_instances, getOAuthUrl_fn).call(this, opts);
+      var _a;
+      const sessionLookupId = (_a = opts.sessionLookupId) != null ? _a : yield this.prepareLogin();
+      return __privateMethod(this, _ParaCore_instances, getOAuthUrl_fn).call(this, __spreadProps(__spreadValues({}, opts), { sessionLookupId }));
     });
   }
   /**
@@ -1725,35 +1965,54 @@ const _ParaCore = class _ParaCore {
    * @param {Window} [opts.popupWindow] the popup window being used for login.
    * @return {Object} `{ email?: string; isError?: boolean; userExists: boolean; }` the result data
    */
-  verifyOAuthProcess(_k) {
+  verifyOAuthProcess(_i) {
     return __async(this, null, function* () {
-      var _l = _k, {
+      var _j = _i, {
         method,
         appScheme,
         isCanceled = () => false,
         onCancel,
         onPoll,
         onOAuthUrl,
+        onOAuthPopup,
         isLinkAccount
-      } = _l, urlOptions = __objRest(_l, [
+      } = _j, urlOptions = __objRest(_j, [
         "method",
         "appScheme",
         "isCanceled",
         "onCancel",
         "onPoll",
         "onOAuthUrl",
+        "onOAuthPopup",
         "isLinkAccount"
       ]);
+      if (onOAuthPopup) {
+        try {
+          this.popupWindow = yield this.platformUtils.openPopup("about:blank", { type: import_types.PopupType.OAUTH });
+        } catch (error) {
+          throw new Error(`Failed to open OAuth popup: ${error}`);
+        }
+      }
       let sessionLookupId, accountLinkInProgress;
-      if (onOAuthUrl) {
+      if (onOAuthUrl || onOAuthPopup) {
         if (isLinkAccount) {
           accountLinkInProgress = yield __privateMethod(this, _ParaCore_instances, assertIsLinkingAccountOrStart_fn).call(this, method);
           sessionLookupId = (yield this.touchSession()).sessionLookupId;
         } else {
-          sessionLookupId = yield __privateMethod(this, _ParaCore_instances, prepareLogin_fn).call(this);
+          sessionLookupId = yield this.prepareLogin();
         }
         const oAuthUrl = yield __privateMethod(this, _ParaCore_instances, getOAuthUrl_fn).call(this, { method, appScheme, sessionLookupId, accountLinkInProgress });
-        onOAuthUrl(oAuthUrl);
+        switch (true) {
+          case !!onOAuthUrl: {
+            onOAuthUrl(oAuthUrl);
+            break;
+          }
+          case (!!onOAuthPopup && !!this.popupWindow): {
+            this.popupWindow.location.href = oAuthUrl;
+            onOAuthPopup(this.popupWindow);
+            break;
+          }
+        }
       } else {
         ({ sessionLookupId } = yield this.touchSession());
       }
@@ -1889,7 +2148,7 @@ const _ParaCore = class _ParaCore {
         sessionId
       });
       if (shouldOpenPopup) {
-        this.platformUtils.openPopup(link);
+        yield this.platformUtils.openPopup(link);
       }
       return link;
     });
@@ -1980,7 +2239,9 @@ const _ParaCore = class _ParaCore {
         userId: this.userId,
         walletId,
         userShare: userSigner,
-        emailProps: this.getBackupKitEmailProps()
+        emailProps: this.getBackupKitEmailProps(),
+        isEnclaveUser: this.isEnclaveUser,
+        walletScheme: this.wallets[walletId].scheme
       });
       return recoveryShare;
     });
@@ -2108,7 +2369,9 @@ const _ParaCore = class _ParaCore {
         ignoreRedistributingBackupEncryptedShare: !redistributeBackupEncryptedShares,
         emailProps: this.getBackupKitEmailProps(),
         partnerId: newPartnerId,
-        protocolId
+        protocolId,
+        isEnclaveUser: this.isEnclaveUser,
+        walletScheme: this.wallets[walletId].scheme
       });
       return { signer, recoverySecret, protocolId };
     });
@@ -2174,7 +2437,9 @@ const _ParaCore = class _ParaCore {
           userId: this.userId,
           walletId: wallet.id,
           userShare: signer,
-          emailProps: this.getBackupKitEmailProps()
+          emailProps: this.getBackupKitEmailProps(),
+          isEnclaveUser: this.isEnclaveUser,
+          walletScheme: wallet.scheme
         });
       }
       yield this.setCurrentWalletIds(__spreadProps(__spreadValues({}, this.currentWalletIds), {
@@ -2255,7 +2520,9 @@ const _ParaCore = class _ParaCore {
             walletId: wallet.id,
             userShare: this.wallets[wallet.id].signer,
             emailProps: this.getBackupKitEmailProps(),
-            partnerId: wallet.partnerId
+            partnerId: wallet.partnerId,
+            isEnclaveUser: this.isEnclaveUser,
+            walletScheme: wallet.scheme
           });
           if (distributeRes.length > 0) {
             newRecoverySecret = distributeRes;
@@ -2433,25 +2700,12 @@ const _ParaCore = class _ParaCore {
       });
     });
   }
-  getOnRampTransactionUrl(_m) {
-    return __async(this, null, function* () {
-      var _n = _m, {
-        purchaseId,
-        providerKey
-      } = _n, walletParams = __objRest(_n, [
-        "purchaseId",
-        "providerKey"
-      ]);
-      const { sessionId } = yield this.touchSession();
-      const [key, identifier] = (0, import_user_management_client.extractWalletRef)(walletParams);
+  getOnRampTransactionUrl(_0) {
+    return __async(this, arguments, function* ({
+      purchaseId
+    }) {
       return this.constructPortalUrl("onRamp", {
-        pathId: purchaseId,
-        sessionId,
-        params: {
-          [key]: identifier,
-          providerKey,
-          currentWalletIds: JSON.stringify(this.currentWalletIds)
-        }
+        pathId: purchaseId
       });
     });
   }
@@ -2485,7 +2739,7 @@ const _ParaCore = class _ParaCore {
       let signRes = yield this.signMessageInner({ wallet, signerId, messageBase64, cosmosSignDocBase64 });
       let timeStart = Date.now();
       if (signRes.pendingTransactionId) {
-        this.platformUtils.openPopup(
+        yield this.platformUtils.openPopup(
           yield this.getTransactionReviewUrl(signRes.pendingTransactionId, timeoutMs),
           { type: cosmosSignDocBase64 ? import_types.PopupType.SIGN_TRANSACTION_REVIEW : import_types.PopupType.SIGN_MESSAGE_REVIEW }
         );
@@ -2597,7 +2851,7 @@ const _ParaCore = class _ParaCore {
       );
       let timeStart = Date.now();
       if (signRes.pendingTransactionId) {
-        this.platformUtils.openPopup(
+        yield this.platformUtils.openPopup(
           yield this.getTransactionReviewUrl(signRes.pendingTransactionId, timeoutMs),
           { type: import_types.PopupType.SIGN_TRANSACTION_REVIEW }
         );
@@ -2673,7 +2927,8 @@ const _ParaCore = class _ParaCore {
         providerKey: onRampPurchase.providerKey
       }, walletParams));
       if (shouldOpenPopup) {
-        this.platformUtils.openPopup(portalUrl, { type: import_types.PopupType.ON_RAMP_TRANSACTION });
+        const onRampWindow = yield this.platformUtils.openPopup(portalUrl, { type: import_types.PopupType.ON_RAMP_TRANSACTION });
+        this.onRampPopup = { window: onRampWindow, onRampPurchase };
       }
       return { onRampPurchase, portalUrl };
     });
@@ -2769,6 +3024,7 @@ const _ParaCore = class _ParaCore {
    **/
   logout() {
     return __async(this, arguments, function* ({ clearPregenWallets = false } = {}) {
+      const shouldDispatchLogoutEvent = yield this.isSessionActive();
       yield this.ctx.client.logout();
       yield this.clearStorage();
       if (!clearPregenWallets) {
@@ -2788,7 +3044,9 @@ const _ParaCore = class _ParaCore {
       this.accountLinkInProgress = void 0;
       this.userId = void 0;
       this.sessionCookie = void 0;
-      (0, import_utils2.dispatchEvent)(import_types.ParaEvent.LOGOUT_EVENT, null);
+      if (shouldDispatchLogoutEvent) {
+        (0, import_utils2.dispatchEvent)(import_types.ParaEvent.LOGOUT_EVENT, null);
+      }
     });
   }
   get toStringAdditions() {
@@ -2818,9 +3076,9 @@ const _ParaCore = class _ParaCore {
       {}
     );
     const obj = __spreadProps(__spreadValues({
-      partnerId: (_a = __privateGet(this, _partner)) == null ? void 0 : _a.id,
-      supportedWalletTypes: (_b = __privateGet(this, _partner)) == null ? void 0 : _b.supportedWalletTypes,
-      cosmosPrefix: (_c = __privateGet(this, _partner)) == null ? void 0 : _c.cosmosPrefix,
+      partnerId: (_a = this.partner) == null ? void 0 : _a.id,
+      supportedWalletTypes: (_b = this.partner) == null ? void 0 : _b.supportedWalletTypes,
+      cosmosPrefix: (_c = this.partner) == null ? void 0 : _c.cosmosPrefix,
       authInfo: __privateGet(this, _authInfo),
       isGuestMode: this.isGuestMode,
       userId: this.userId,
@@ -2877,6 +3135,14 @@ const _ParaCore = class _ParaCore {
           }));
           urlType = "createPassword";
           break;
+        case "PIN":
+          ({
+            data: { id: credentialId }
+          } = yield this.ctx.client.addSessionPasswordPublicKey(this.userId, {
+            status: import_user_management_client.PasswordStatus.PENDING
+          }));
+          urlType = "createPIN";
+          break;
       }
       const url = this.isNativePasskey && urlType === "createAuth" ? void 0 : yield this.constructPortalUrl(urlType, {
         isForNewDevice,
@@ -2888,7 +3154,7 @@ const _ParaCore = class _ParaCore {
     });
   }
   /**
-   * Returns a Para Portal URL for logging in with a WebAuth passkey or a password.
+   * Returns a Para Portal URL for logging in with a WebAuth passkey, password, PIN or OTP.
    * @param {Object} opts the options object
    * @param {String} opts.auth - the user auth to sign up or log in with, in the form ` { email: string } | { phone: `+${number}` } `
    * @param {boolean} opts.useShortUrls - whether to shorten the generated portal URLs
@@ -2914,6 +3180,12 @@ const _ParaCore = class _ParaCore {
         case "PASSWORD":
           urlType = "loginPassword";
           break;
+        case "PIN":
+          urlType = "loginPIN";
+          break;
+        case "SLO":
+          urlType = "loginOTP";
+          break;
         default:
           throw new Error(`invalid authentication method: '${authMethod}'`);
       }
@@ -2924,9 +3196,19 @@ const _ParaCore = class _ParaCore {
       });
     });
   }
-  signUpOrLogIn(_o) {
+  prepareLogin() {
     return __async(this, null, function* () {
-      var _p = _o, { auth } = _p, urlOptions = __objRest(_p, ["auth"]);
+      yield this.logout();
+      const { sessionLookupId } = yield this.touchSession(true);
+      if (!this.loginEncryptionKeyPair) {
+        yield this.setLoginEncryptionKeyPair();
+      }
+      return sessionLookupId;
+    });
+  }
+  signUpOrLogIn(_k) {
+    return __async(this, null, function* () {
+      var _l = _k, { auth } = _l, urlOptions = __objRest(_l, ["auth"]);
       const serverAuthState = yield this.ctx.client.signUpOrLogIn(__spreadValues(__spreadValues({}, auth), this.getVerificationEmailProps()));
       const authInfo = serverAuthState.auth;
       if (this.fetchPregenWalletsOverride && (0, import_user_management_client.isPregenAuth)(authInfo)) {
@@ -2935,21 +3217,24 @@ const _ParaCore = class _ParaCore {
           yield this.setUserShare(userShare);
         }
       }
-      return __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, urlOptions);
+      return __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, __spreadValues({}, urlOptions));
     });
   }
-  verifyNewAccount(_q) {
+  verifyNewAccount(_m) {
     return __async(this, null, function* () {
-      var _r = _q, {
+      var _n = _m, {
         verificationCode
-      } = _r, urlOptions = __objRest(_r, [
+      } = _n, urlOptions = __objRest(_n, [
         "verificationCode"
       ]);
       this.assertIsAuthSet(["email", "phone"]);
-      const userId = this.assertUserId();
-      const serverAuthState = yield this.ctx.client.verifyNewAccount(userId, {
+      const userId = this.assertUserId({ allowGuestMode: true });
+      const serverAuthState = yield this.ctx.client.verifyAccount(userId, {
         verificationCode
       });
+      if (serverAuthState.stage === "login" || serverAuthState.stage === "done") {
+        throw new Error("Account already exists.");
+      }
       return __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, urlOptions);
     });
   }
@@ -3036,10 +3321,10 @@ const _ParaCore = class _ParaCore {
     });
   }
   verifyLink() {
-    return __async(this, arguments, function* (_s = {}) {
-      var _t = _s, {
+    return __async(this, arguments, function* (_o = {}) {
+      var _p = _o, {
         accountLinkInProgress = __privateMethod(this, _ParaCore_instances, assertIsLinkingAccount_fn).call(this)
-      } = _t, opts = __objRest(_t, [
+      } = _p, opts = __objRest(_p, [
         "accountLinkInProgress"
       ]);
       try {
@@ -3068,31 +3353,36 @@ const _ParaCore = class _ParaCore {
       return accounts;
     });
   }
+  sendLoginCode() {
+    return __async(this, null, function* () {
+      const { userId } = yield this.ctx.client.sendLoginVerificationCode(this.authInfo);
+      this.setUserId(userId);
+    });
+  }
 };
 _authInfo = new WeakMap();
-_partner = new WeakMap();
 _ParaCore_instances = new WeakSet();
 assertPartner_fn = function() {
   return __async(this, null, function* () {
     var _a, _b;
-    if (!__privateGet(this, _partner)) {
+    if (!this.partner) {
       yield this.touchSession();
     }
-    if (((_a = __privateGet(this, _partner)) == null ? void 0 : _a.cosmosPrefix) && this.ctx.cosmosPrefix !== __privateGet(this, _partner).cosmosPrefix) {
-      this.ctx.cosmosPrefix = (_b = __privateGet(this, _partner)) == null ? void 0 : _b.cosmosPrefix;
+    if (((_a = this.partner) == null ? void 0 : _a.cosmosPrefix) && this.ctx.cosmosPrefix !== this.partner.cosmosPrefix) {
+      this.ctx.cosmosPrefix = (_b = this.partner) == null ? void 0 : _b.cosmosPrefix;
     }
-    return __privateGet(this, _partner);
+    return this.partner;
   });
 };
 guestWalletIds_get = function() {
   var _a, _b, _c;
-  if (!((_a = __privateGet(this, _partner)) == null ? void 0 : _a.supportedWalletTypes)) {
+  if (!((_a = this.partner) == null ? void 0 : _a.supportedWalletTypes)) {
     return {};
   }
   const guestId = (_c = (_b = this.pregenIds) == null ? void 0 : _b.GUEST_ID) == null ? void 0 : _c[0];
   return !!guestId ? Object.entries(this.wallets).reduce((acc, [id, wallet]) => {
     if (wallet.isPregen && !wallet.userId && wallet.pregenIdentifierType === "GUEST_ID" && wallet.pregenIdentifier === guestId) {
-      return __spreadValues(__spreadValues({}, acc), (0, import_utils2.getEquivalentTypes)(wallet.type).filter((type) => __privateGet(this, _partner).supportedWalletTypes.some((entry) => entry.type === type)).reduce((acc2, eqType) => {
+      return __spreadValues(__spreadValues({}, acc), (0, import_utils2.getEquivalentTypes)(wallet.type).filter((type) => this.partner.supportedWalletTypes.some((entry) => entry.type === type)).reduce((acc2, eqType) => {
         var _a2;
         return __spreadProps(__spreadValues({}, acc2), { [eqType]: [.../* @__PURE__ */ new Set([...(_a2 = acc2[eqType]) != null ? _a2 : [], id])] });
       }, {}));
@@ -3153,8 +3443,8 @@ getPartner_fn = function(partnerId) {
       return void 0;
     }
     const res = yield this.ctx.client.getPartner(partnerId);
-    __privateSet(this, _partner, res.data.partner);
-    return __privateGet(this, _partner);
+    this.partner = res.data.partner;
+    return this.partner;
   });
 };
 assertIsLinkingAccount_fn = function(types) {
@@ -3176,29 +3466,42 @@ assertIsLinkingAccountOrStart_fn = function(type) {
     return yield this.linkAccount({ type });
   });
 };
-getOAuthUrl_fn = function(_i) {
-  return __async(this, null, function* () {
-    var _j = _i, {
-      method,
-      appScheme,
-      accountLinkInProgress
-    } = _j, params = __objRest(_j, [
-      "method",
-      "appScheme",
-      "accountLinkInProgress"
-    ]);
-    var _a;
-    const sessionLookupId = (_a = params.sessionLookupId) != null ? _a : yield __privateMethod(this, _ParaCore_instances, prepareLogin_fn).call(this);
+getOAuthUrl_fn = function(_0) {
+  return __async(this, arguments, function* ({
+    method,
+    appScheme,
+    accountLinkInProgress,
+    sessionLookupId,
+    encryptionKey
+  }) {
+    if (!accountLinkInProgress && !this.isPortal()) {
+      return yield this.constructPortalUrl("oAuth", { sessionId: sessionLookupId, oAuthMethod: method, appScheme });
+    }
+    let portalSessionLookupId;
+    if (this.isPortal()) {
+      portalSessionLookupId = (yield this.touchSession(true)).sessionLookupId;
+    }
     return (0, import_utils2.constructUrl)({
       base: (0, import_userManagementClient.getBaseOAuthUrl)(this.ctx.env),
       path: `/auth/${method}`,
-      params: __spreadValues({
+      params: __spreadProps(__spreadValues({
         apiKey: this.ctx.apiKey,
         sessionLookupId,
+        portalSessionLookupId,
         appScheme
       }, accountLinkInProgress ? {
         linkedAccountId: this.accountLinkInProgress.id
-      } : {})
+      } : {}), {
+        callback: !accountLinkInProgress && (yield this.constructPortalUrl("oAuthCallback", {
+          sessionId: sessionLookupId,
+          oAuthMethod: method,
+          appScheme,
+          thisDevice: {
+            sessionId: sessionLookupId,
+            encryptionKey
+          }
+        }))
+      })
     });
   });
 };
@@ -3252,8 +3555,9 @@ createPregenWallet_fn = function(opts) {
 _isCreateGuestWalletsPending = new WeakMap();
 prepareAuthState_fn = function(_0) {
   return __async(this, arguments, function* (serverAuthState, opts = {}) {
-    if (!opts.sessionLookupId && serverAuthState.stage === "login") {
-      opts.sessionLookupId = yield __privateMethod(this, _ParaCore_instances, prepareLogin_fn).call(this);
+    var _a, _b;
+    if (!opts.sessionLookupId && serverAuthState.stage === "login" && (!serverAuthState.externalWallet || !(((_a = serverAuthState.externalWallet) == null ? void 0 : _a.withFullParaAuth) && ((_b = serverAuthState.loginAuthMethods) == null ? void 0 : _b.includes(import_user_management_client.AuthMethod.PIN))))) {
+      opts.sessionLookupId = yield this.prepareLogin();
     }
     const { auth, externalWallet, userId, displayName, pfpUrl, username } = serverAuthState;
     const authInfo = __spreadValues(__spreadValues({}, (0, import_user_management_client.extractAuthInfo)(auth, { isRequired: true })), Object.fromEntries(
@@ -3274,8 +3578,14 @@ prepareAuthState_fn = function(_0) {
     }
     let authState;
     switch (serverAuthState.stage) {
+      case "done": {
+        authState = yield __privateMethod(this, _ParaCore_instances, prepareDoneState_fn).call(this, serverAuthState);
+        break;
+      }
       case "verify":
-        authState = serverAuthState;
+        authState = yield __privateMethod(this, _ParaCore_instances, prepareVerificationState_fn).call(this, serverAuthState, __spreadProps(__spreadValues({}, opts), {
+          sessionLookupId: opts.sessionLookupId
+        }));
         break;
       case "login":
         if (externalWallet && !(externalWallet == null ? void 0 : externalWallet.withFullParaAuth)) {
@@ -3295,14 +3605,34 @@ prepareAuthState_fn = function(_0) {
     return authState;
   });
 };
-prepareLogin_fn = function() {
+prepareDoneState_fn = function(doneState) {
   return __async(this, null, function* () {
-    yield this.logout();
-    const { sessionLookupId } = yield this.touchSession(true);
-    if (!this.loginEncryptionKeyPair) {
-      yield this.setLoginEncryptionKeyPair();
+    let isSLOPossible = doneState.authMethods.includes(import_user_management_client.AuthMethod.SLO);
+    this.isEnclaveUser = isSLOPossible;
+    return doneState;
+  });
+};
+prepareVerificationState_fn = function(_0, _1) {
+  return __async(this, arguments, function* (verifyState, {
+    useShortUrls: shorten = false,
+    portalTheme,
+    sessionLookupId
+  }) {
+    let isSLOPossible = false;
+    if (verifyState.nextStage === "login") {
+      isSLOPossible = verifyState.loginAuthMethods.includes(import_user_management_client.AuthMethod.SLO);
+    } else if (verifyState.nextStage === "signup") {
+      isSLOPossible = verifyState.signupAuthMethods.includes(import_user_management_client.AuthMethod.SLO);
     }
-    return sessionLookupId;
+    this.isEnclaveUser = isSLOPossible;
+    return __spreadValues(__spreadValues({}, verifyState), isSLOPossible ? {
+      loginUrl: yield this.getLoginUrl({
+        authMethod: import_user_management_client.AuthMethod.SLO,
+        sessionId: sessionLookupId,
+        shorten,
+        portalTheme
+      })
+    } : {});
   });
 };
 prepareLoginState_fn = function(_0, _1) {
@@ -3311,9 +3641,9 @@ prepareLoginState_fn = function(_0, _1) {
     portalTheme,
     sessionLookupId
   }) {
-    const _a = loginState, { loginAuthMethods } = _a, authState = __objRest(_a, ["loginAuthMethods"]);
-    const isPasskeySupported = yield this.isPasskeySupported(), isPasskeyPossible = loginAuthMethods.includes(import_user_management_client.AuthMethod.PASSKEY) && !this.isNativePasskey, isPasswordPossible = loginAuthMethods.includes(import_user_management_client.AuthMethod.PASSWORD);
-    return __spreadValues(__spreadValues(__spreadProps(__spreadValues({}, authState), {
+    const _a = loginState, { loginAuthMethods, hasPasswordWithoutPIN } = _a, authState = __objRest(_a, ["loginAuthMethods", "hasPasswordWithoutPIN"]);
+    const isPasskeySupported = yield this.isPasskeySupported(), isPasskeyPossible = loginAuthMethods.includes(import_user_management_client.AuthMethod.PASSKEY) && !this.isNativePasskey, isPasswordPossible = loginAuthMethods.includes(import_user_management_client.AuthMethod.PASSWORD) && hasPasswordWithoutPIN, isPINPossible = loginAuthMethods.includes(import_user_management_client.AuthMethod.PIN);
+    return __spreadValues(__spreadValues(__spreadValues(__spreadProps(__spreadValues({}, authState), {
       isPasskeySupported
     }), isPasskeyPossible ? {
       passkeyUrl: yield this.getLoginUrl({ sessionId: sessionLookupId, shorten, portalTheme }),
@@ -3333,6 +3663,13 @@ prepareLoginState_fn = function(_0, _1) {
         portalTheme,
         params: { isEmbedded: `${!loginState.isWalletSelectionNeeded}` }
       })
+    } : {}), isPINPossible ? {
+      pinUrl: yield this.constructPortalUrl("loginPIN", {
+        sessionId: sessionLookupId,
+        shorten,
+        portalTheme,
+        params: { isEmbedded: `${!loginState.isWalletSelectionNeeded}` }
+      })
     } : {});
   });
 };
@@ -3340,13 +3677,14 @@ prepareSignUpState_fn = function(_0, _1) {
   return __async(this, arguments, function* (serverSignupState, { useShortUrls: shorten = false, portalTheme }) {
     const _a = serverSignupState, { signupAuthMethods } = _a, authState = __objRest(_a, ["signupAuthMethods"]);
     const isPasskeySupported = yield this.isPasskeySupported();
-    const [isPasskey, isPassword] = [
+    const [isPasskey, isPassword, isPIN] = [
       signupAuthMethods.includes(import_user_management_client.AuthMethod.PASSKEY),
-      signupAuthMethods.includes(import_user_management_client.AuthMethod.PASSWORD) || !isPasskeySupported
+      signupAuthMethods.includes(import_user_management_client.AuthMethod.PASSWORD) || !isPasskeySupported,
+      signupAuthMethods.includes(import_user_management_client.AuthMethod.PIN)
     ];
-    if (!isPasskey && !isPassword) {
+    if (!isPasskey && !isPassword && !isPIN) {
       throw new Error(
-        "No supported authentication methods found. Please ensure you have enabled either WebAuth passkeys or passwords in your Developer Portal settings."
+        "No supported authentication methods found. Please ensure you have enabled either WebAuth passkeys, passwords or PINs in your Developer Portal settings."
       );
     }
     const signupState = __spreadProps(__spreadValues({}, authState), { isPasskeySupported });
@@ -3367,6 +3705,15 @@ prepareSignUpState_fn = function(_0, _1) {
       signupState.passwordUrl = passwordUrl;
       signupState.passwordId = passwordId;
     }
+    if (isPIN) {
+      const { url: pinUrl, credentialId: pinId } = yield this.getNewCredentialAndUrl({
+        authMethod: "PIN",
+        portalTheme,
+        shorten
+      });
+      signupState.pinUrl = pinUrl;
+      signupState.pinId = pinId;
+    }
     return signupState;
   });
 };