@getpara/core-sdk 2.0.0-fc.3 → 2.1.0

package/dist/cjs/ParaCore.js

@@ -99,7 +99,8 @@ var import_recovery = require("./shares/recovery.js");
 var import_utils2 = require("./utils/index.js");
 var import_errors = require("./errors.js");
 var constants = __toESM(require("./constants.js"));
-var _authInfo, _partner, _ParaCore_instances, assertPartner_fn, guestWalletIds_get, guestWalletIdsArray_get, toAuthInfo_fn, setAuthInfo_fn, getPartner_fn, assertIsLinkingAccount_fn, assertIsLinkingAccountOrStart_fn, getOAuthUrl_fn, createPregenWallet_fn, _isCreateGuestWalletsPending, prepareAuthState_fn, prepareLogin_fn, prepareLoginState_fn, prepareSignUpState_fn;
+var import_enclave = require("./shares/enclave.js");
+var _authInfo, _ParaCore_instances, assertPartner_fn, guestWalletIds_get, guestWalletIdsArray_get, toAuthInfo_fn, setAuthInfo_fn, getPartner_fn, assertIsLinkingAccount_fn, assertIsLinkingAccountOrStart_fn, getOAuthUrl_fn, waitForLoginProcess_fn, createPregenWallet_fn, _isCreateGuestWalletsPending, prepareAuthState_fn, prepareDoneState_fn, prepareVerificationState_fn, prepareLoginState_fn, prepareSignUpState_fn;
 if (typeof global !== "undefined") {
   global.Buffer = global.Buffer || import_buffer.Buffer;
 } else if (typeof window !== "undefined") {
@@ -111,24 +112,20 @@ if (typeof global !== "undefined") {
 }
 const { pki, jsbn } = import_node_forge.default;
 const _ParaCore = class _ParaCore {
-  /**
-   * Constructs a new `ParaCore` instance.
-   * @param env - `Environment` to use.
-   * @param apiKey - API key to use.
-   * @param opts - Additional constructor options; see `ConstructorOpts`.
-   * @returns - A new ParaCore instance.
-   */
-  constructor(env, apiKey, opts) {
+  constructor(envOrApiKey, apiKeyOrOpts, opts) {
     __privateAdd(this, _ParaCore_instances);
+    this.popupWindow = null;
     __privateAdd(this, _authInfo);
+    this.isSwitchingWallets = false;
     this.isNativePasskey = false;
     this.isReady = false;
-    __privateAdd(this, _partner);
     this.accountLinkInProgress = void 0;
+    this.isEnclaveUser = false;
     this.isAwaitingAccountCreation = false;
     this.isAwaitingLogin = false;
     this.isAwaitingFarcaster = false;
     this.isAwaitingOAuth = false;
+    this.isWorkerInitialized = false;
     /**
      * The IDs of the currently active wallets, for each supported wallet type. Any signer integrations will default to the first viable wallet ID in this dictionary.
      */
@@ -137,20 +134,34 @@ const _ParaCore = class _ParaCore {
      * Wallets associated with the `ParaCore` instance.
      */
     this.externalWallets = {};
+    this.onRampPopup = void 0;
+    this.nonPersistedStorageKeys = [];
     this.localStorageGetItem = (key) => {
-      return this.platformUtils.localStorage.get(key);
+      var _a;
+      if (!((_a = this.nonPersistedStorageKeys) != null ? _a : []).includes(key)) {
+        return this.platformUtils.localStorage.get(key);
+      }
     };
     this.localStorageSetItem = (key, value) => {
-      return this.platformUtils.localStorage.set(key, value);
+      var _a;
+      if (!((_a = this.nonPersistedStorageKeys) != null ? _a : []).includes(key)) {
+        return this.platformUtils.localStorage.set(key, value);
+      }
     };
     this.localStorageRemoveItem = (key) => {
       return this.platformUtils.localStorage.removeItem(key);
     };
     this.sessionStorageGetItem = (key) => {
-      return this.platformUtils.sessionStorage.get(key);
+      var _a;
+      if (!((_a = this.nonPersistedStorageKeys) != null ? _a : []).includes(key)) {
+        return this.platformUtils.sessionStorage.get(key);
+      }
     };
     this.sessionStorageSetItem = (key, value) => {
-      return this.platformUtils.sessionStorage.set(key, value);
+      var _a;
+      if (!((_a = this.nonPersistedStorageKeys) != null ? _a : []).includes(key)) {
+        return this.platformUtils.sessionStorage.set(key, value);
+      }
     };
     this.sessionStorageRemoveItem = (key) => {
       return this.platformUtils.sessionStorage.removeItem(key);
@@ -158,16 +169,29 @@ const _ParaCore = class _ParaCore {
     this.retrieveSessionCookie = () => {
       return this.sessionCookie;
     };
+    this.retrieveEnclaveJwt = () => {
+      return this.enclaveJwt;
+    };
+    this.retrieveEnclaveRefreshJwt = () => {
+      return this.enclaveRefreshJwt;
+    };
     /**
      * Remove all local storage and prefixed session storage.
      * @param {'local' | 'session' | 'secure' | 'all'} type - Type of storage to clear. Defaults to 'all'.
      */
     this.clearStorage = (type = "all") => __async(this, null, function* () {
       const isAll = type === "all";
-      (isAll || type === "local") && this.platformUtils.localStorage.clear(constants.PREFIX);
-      (isAll || type === "session") && this.platformUtils.sessionStorage.clear(constants.PREFIX);
+      if (isAll || type === "local") {
+        this.platformUtils.localStorage.clear(constants.PREFIX);
+        this.platformUtils.localStorage.clear(constants.PARA_PREFIX);
+      }
+      if (isAll || type === "session") {
+        this.platformUtils.sessionStorage.clear(constants.PREFIX);
+        this.platformUtils.sessionStorage.clear(constants.PARA_PREFIX);
+      }
       if ((isAll || type === "secure") && this.platformUtils.secureStorage) {
         this.platformUtils.secureStorage.clear(constants.PREFIX);
+        this.platformUtils.secureStorage.clear(constants.PARA_PREFIX);
       }
     });
     this.trackError = (methodName, err) => __async(this, null, function* () {
@@ -209,6 +233,7 @@ const _ParaCore = class _ParaCore {
       this.updateWalletIdsFromStorage();
       this.updateSessionCookieFromStorage();
       this.updateLoginEncryptionKeyPairFromStorage();
+      this.updateEnclaveJwtFromStorage();
     };
     this.updateAuthInfoFromStorage = () => {
       var _a;
@@ -228,6 +253,10 @@ const _ParaCore = class _ParaCore {
       }
       __privateSet(this, _authInfo, authInfo);
     };
+    this.updateEnclaveJwtFromStorage = () => {
+      this.enclaveJwt = this.localStorageGetItem(constants.LOCAL_STORAGE_ENCLAVE_JWT) || this.sessionStorageGetItem(constants.LOCAL_STORAGE_ENCLAVE_JWT) || void 0;
+      this.enclaveRefreshJwt = this.localStorageGetItem(constants.LOCAL_STORAGE_ENCLAVE_REFRESH_JWT) || this.sessionStorageGetItem(constants.LOCAL_STORAGE_ENCLAVE_REFRESH_JWT) || void 0;
+    };
     this.updateUserIdFromStorage = () => {
       this.userId = this.localStorageGetItem(constants.LOCAL_STORAGE_USER_ID) || void 0;
     };
@@ -288,6 +317,16 @@ const _ParaCore = class _ParaCore {
       const _externalWallets = JSON.parse(stringExternalWallets || "{}");
       this.setExternalWallets(_externalWallets);
     };
+    this.initializeWorker = () => __async(this, null, function* () {
+      if (!this.isWorkerInitialized && !this.ctx.disableWebSockets && !this.ctx.disableWorkers && !this.isPortal()) {
+        try {
+          this.isWorkerInitialized = true;
+          yield this.platformUtils.initializeWorker(this.ctx);
+        } catch (e) {
+          this.devLog("error initializing worker:", e);
+        }
+      }
+    });
     /**
      * Creates several new wallets with the desired types. If no types are provided, this method
      * will create one for each of the non-optional types specified in the instance's `supportedWalletTypes`
@@ -304,8 +343,29 @@ const _ParaCore = class _ParaCore {
     }) {
       return (yield this.ctx.client.getWalletBalance({ walletId, rpcUrl })).balance;
     });
-    if (!apiKey) {
-      throw new Error("A Para API key is required.");
+    let env, apiKey;
+    const actualArgs = Array.from(arguments).filter((arg) => arg !== void 0);
+    const actualArgumentCount = actualArgs.length;
+    if (actualArgumentCount === 1) {
+      if (Object.values(import_types.Environment).includes(envOrApiKey)) {
+        throw new Error("A Para API key is required.");
+      }
+      env = _ParaCore.resolveEnvironment(void 0, actualArgs[0]);
+      apiKey = actualArgs[0];
+      opts = void 0;
+    } else if (actualArgumentCount === 2) {
+      if (typeof apiKeyOrOpts === "object" && apiKeyOrOpts !== null) {
+        env = _ParaCore.resolveEnvironment(void 0, envOrApiKey);
+        apiKey = envOrApiKey;
+        opts = apiKeyOrOpts;
+      } else {
+        env = _ParaCore.resolveEnvironment(envOrApiKey, apiKeyOrOpts);
+        apiKey = apiKeyOrOpts;
+        opts = void 0;
+      }
+    } else {
+      env = _ParaCore.resolveEnvironment(envOrApiKey, apiKeyOrOpts);
+      apiKey = apiKeyOrOpts;
     }
     if (!opts) opts = {};
     let isE2E = false;
@@ -348,18 +408,41 @@ const _ParaCore = class _ParaCore {
         cookie
       );
     };
+    this.persistEnclaveJwt = (jwt) => {
+      this.enclaveJwt = jwt;
+      (opts.useSessionStorage ? this.sessionStorageSetItem : this.localStorageSetItem)(
+        constants.LOCAL_STORAGE_ENCLAVE_JWT,
+        jwt
+      );
+    };
+    this.persistEnclaveRefreshJwt = (refreshJwt) => {
+      this.enclaveRefreshJwt = refreshJwt;
+      (opts.useSessionStorage ? this.sessionStorageSetItem : this.localStorageSetItem)(
+        constants.LOCAL_STORAGE_ENCLAVE_REFRESH_JWT,
+        refreshJwt
+      );
+    };
+    const client = (0, import_userManagementClient.initClient)({
+      env,
+      version: _ParaCore.version,
+      apiKey,
+      partnerId: this.isPortal(env) ? opts.portalPartnerId : void 0,
+      useFetchAdapter: !!opts.disableWorkers,
+      retrieveSessionCookie: this.retrieveSessionCookie,
+      persistSessionCookie: this.persistSessionCookie
+    });
+    const enclaveClient = new import_enclave.EnclaveClient({
+      userManagementClient: client,
+      retrieveJwt: this.retrieveEnclaveJwt,
+      persistJwt: this.persistEnclaveJwt,
+      retrieveRefreshJwt: this.retrieveEnclaveRefreshJwt,
+      persistRefreshJwt: this.persistEnclaveRefreshJwt
+    });
     this.ctx = {
       env,
       apiKey,
-      client: (0, import_userManagementClient.initClient)({
-        env,
-        version: _ParaCore.version,
-        apiKey,
-        partnerId: this.isPortal(env) ? opts.portalPartnerId : void 0,
-        useFetchAdapter: !!opts.disableWorkers,
-        retrieveSessionCookie: this.retrieveSessionCookie,
-        persistSessionCookie: this.persistSessionCookie
-      }),
+      client,
+      enclaveClient,
       disableWorkers: opts.disableWorkers,
       offloadMPCComputationURL: opts.offloadMPCComputationURL,
       useLocalFiles: opts.useLocalFiles,
@@ -394,6 +477,9 @@ const _ParaCore = class _ParaCore {
       ]);
     }
   }
+  setModalError(_error) {
+    return;
+  }
   get authInfo() {
     return __privateGet(this, _authInfo);
   }
@@ -423,7 +509,12 @@ const _ParaCore = class _ParaCore {
     } else if (this.isExternalWalletWithVerification) {
       return "VERIFICATION";
     } else if (!!Object.keys(this.externalWallets).length) {
-      return "CONNECTION_ONLY";
+      const hasEmbeddedWallets = Object.keys(this.wallets).some((id) => !this.wallets[id].isExternal);
+      if (hasEmbeddedWallets) {
+        return "NONE";
+      } else {
+        return "CONNECTION_ONLY";
+      }
     }
     return "NONE";
   }
@@ -453,11 +544,19 @@ const _ParaCore = class _ParaCore {
   }
   get partnerId() {
     var _a;
-    return (_a = __privateGet(this, _partner)) == null ? void 0 : _a.id;
+    return (_a = this.partner) == null ? void 0 : _a.id;
+  }
+  get partnerName() {
+    var _a;
+    return (_a = this.partner) == null ? void 0 : _a.displayName;
+  }
+  get partnerLogo() {
+    var _a;
+    return (_a = this.partner) == null ? void 0 : _a.logoUrl;
   }
   get currentWalletIdsArray() {
     var _a, _b;
-    return ((_b = (_a = __privateGet(this, _partner)) == null ? void 0 : _a.supportedWalletTypes) != null ? _b : Object.keys(this.currentWalletIds).map((type) => ({ type }))).reduce(
+    return ((_b = (_a = this.partner) == null ? void 0 : _a.supportedWalletTypes) != null ? _b : Object.keys(this.currentWalletIds).map((type) => ({ type }))).reduce(
       (acc, { type }) => {
         var _a2;
         return [
@@ -497,23 +596,23 @@ const _ParaCore = class _ParaCore {
   }
   get isNoWalletConfig() {
     var _a;
-    return !!((_a = __privateGet(this, _partner)) == null ? void 0 : _a.supportedWalletTypes) && __privateGet(this, _partner).supportedWalletTypes.length === 0;
+    return !!((_a = this.partner) == null ? void 0 : _a.supportedWalletTypes) && this.partner.supportedWalletTypes.length === 0;
   }
   get supportedWalletTypes() {
     var _a, _b;
-    return (_b = (_a = __privateGet(this, _partner)) == null ? void 0 : _a.supportedWalletTypes) != null ? _b : [];
+    return (_b = (_a = this.partner) == null ? void 0 : _a.supportedWalletTypes) != null ? _b : [];
   }
   get cosmosPrefix() {
     var _a;
-    return (_a = __privateGet(this, _partner)) == null ? void 0 : _a.cosmosPrefix;
+    return (_a = this.partner) == null ? void 0 : _a.cosmosPrefix;
   }
   get supportedAccountLinks() {
     var _a, _b;
-    return (_b = (_a = __privateGet(this, _partner)) == null ? void 0 : _a.supportedAccountLinks) != null ? _b : [...import_user_management_client.LINKED_ACCOUNT_TYPES];
+    return (_b = (_a = this.partner) == null ? void 0 : _a.supportedAccountLinks) != null ? _b : [...import_user_management_client.LINKED_ACCOUNT_TYPES];
   }
   get isWalletTypeEnabled() {
     var _a;
-    return (((_a = __privateGet(this, _partner)) == null ? void 0 : _a.supportedWalletTypes) || []).reduce((acc, { type }) => {
+    return (((_a = this.partner) == null ? void 0 : _a.supportedWalletTypes) || []).reduce((acc, { type }) => {
       return __spreadProps(__spreadValues({}, acc), { [type]: true });
     }, {});
   }
@@ -543,9 +642,7 @@ const _ParaCore = class _ParaCore {
     };
   }
   isPortal(envOverride) {
-    var _a;
-    if (typeof window === "undefined") return false;
-    return !!((_a = window.location) == null ? void 0 : _a.host) && (0, import_utils2.getPortalBaseURL)(envOverride ? { env: envOverride } : this.ctx).includes(window.location.host);
+    return (0, import_utils2.isPortal)(this.ctx, envOverride);
   }
   isParaConnect() {
     var _a;
@@ -562,7 +659,7 @@ const _ParaCore = class _ParaCore {
   }
   isWalletSupported(wallet) {
     var _a, _b;
-    return !((_a = __privateGet(this, _partner)) == null ? void 0 : _a.supportedWalletTypes) || (0, import_utils2.isWalletSupported)((_b = __privateGet(this, _partner).supportedWalletTypes.map(({ type }) => type)) != null ? _b : [], wallet);
+    return !((_a = this.partner) == null ? void 0 : _a.supportedWalletTypes) || (0, import_utils2.isWalletSupported)((_b = this.partner.supportedWalletTypes.map(({ type }) => type)) != null ? _b : [], wallet);
   }
   isWalletOwned(wallet) {
     return this.isWalletSupported(wallet) && !(wallet == null ? void 0 : wallet.pregenIdentifier) && !(wallet == null ? void 0 : wallet.pregenIdentifierType) && !!this.userId && (wallet == null ? void 0 : wallet.userId) === this.userId;
@@ -593,7 +690,7 @@ const _ParaCore = class _ParaCore {
       } else if (!isOwned && !isUnclaimed) {
         error = `wallet with id ${wallet == null ? void 0 : wallet.id} is not owned by the current user`;
       } else if (!this.isWalletSupported(wallet)) {
-        error = `wallet with id ${wallet.id} and type ${wallet.type} is not supported, supported types are: ${(((_b = __privateGet(this, _partner)) == null ? void 0 : _b.supportedWalletTypes) || []).map(({ type }) => type).join(", ")}`;
+        error = `wallet with id ${wallet.id} and type ${wallet.type} is not supported, supported types are: ${(((_b = this.partner) == null ? void 0 : _b.supportedWalletTypes) || []).map(({ type }) => type).join(", ")}`;
       } else if (types && (!(0, import_utils2.getEquivalentTypes)(types).includes(wallet == null ? void 0 : wallet.type) || isOwned && !types.some((type) => {
         var _a2, _b2;
         return (_b2 = (_a2 = this.currentWalletIds) == null ? void 0 : _a2[type]) == null ? void 0 : _b2.includes(walletId);
@@ -611,6 +708,9 @@ const _ParaCore = class _ParaCore {
     }
     return true;
   }
+  truncateAddress(...args) {
+    return (0, import_utils2.truncateAddress)(args[0], args[1], __spreadValues({ prefix: this.cosmosPrefix }, args[2] || {}));
+  }
   /**
    * Returns the formatted address for the desired wallet ID, depending on your app settings.
    * @param {string} walletId the ID of the wallet address to display.
@@ -624,7 +724,7 @@ const _ParaCore = class _ParaCore {
     if (this.externalWallets[walletId]) {
       const wallet2 = this.externalWallets[walletId];
       return options.truncate ? (0, import_utils2.truncateAddress)(wallet2.address, wallet2.type, {
-        prefix: (_a = __privateGet(this, _partner)) == null ? void 0 : _a.cosmosPrefix,
+        prefix: (_a = this.partner) == null ? void 0 : _a.cosmosPrefix,
         targetLength: options.targetLength
       }) : wallet2.address;
     }
@@ -636,7 +736,7 @@ const _ParaCore = class _ParaCore {
     let prefix;
     switch (wallet.type) {
       case "COSMOS":
-        prefix = (_d = (_c = options.cosmosPrefix) != null ? _c : (_b = __privateGet(this, _partner)) == null ? void 0 : _b.cosmosPrefix) != null ? _d : "cosmos";
+        prefix = (_d = (_c = options.cosmosPrefix) != null ? _c : (_b = this.partner) == null ? void 0 : _b.cosmosPrefix) != null ? _d : "cosmos";
         str = (0, import_utils2.getCosmosAddress)(wallet.publicKey, prefix);
         break;
       default:
@@ -669,30 +769,56 @@ const _ParaCore = class _ParaCore {
   }
   constructPortalUrl(_0) {
     return __async(this, arguments, function* (type, opts = {}) {
-      var _a, _b, _c, _d, _e, _f, _g, _h, _i, _j, _k, _l, _m;
-      const [isCreate, isLogin, isOnRamp] = [
-        ["createAuth", "createPassword"].includes(type),
-        ["loginAuth", "loginPassword"].includes(type),
-        type === "onRamp"
+      var _a, _b, _c, _d, _e, _f, _g, _h, _i, _j, _k, _l, _m, _n;
+      const [
+        isCreate,
+        isLogin,
+        isOnRamp,
+        isOAuth,
+        isOAuthCallback,
+        isTelegramLogin,
+        isFarcasterLogin,
+        isAddNewCredential,
+        isSwitchWallets,
+        isExportPrivateKey
+      ] = [
+        ["createAuth", "createPassword", "createPIN"].includes(type),
+        ["loginAuth", "loginPassword", "loginPIN", "loginOTP", "switchWallets", "loginExternalWallet"].includes(type),
+        type === "onRamp",
+        type === "oAuth",
+        type === "oAuthCallback",
+        ["telegramLogin", "telegramLoginVerify"].includes(type),
+        type === "loginFarcaster",
+        type === "addNewCredential",
+        type === "switchWallets",
+        type === "exportPrivateKey"
       ];
+      if (isOAuth && !opts.oAuthMethod) {
+        throw new Error("oAuthMethod is required for oAuth portal URLs");
+      }
       if (isCreate || isLogin) {
         this.assertIsAuthSet();
       }
       let sessionId = opts.sessionId;
-      if ((isLogin || isOnRamp) && !sessionId) {
+      if ((isLogin || isOnRamp || isTelegramLogin || isFarcasterLogin || isExportPrivateKey) && !sessionId) {
         const session = yield this.touchSession(true);
         sessionId = session.sessionId;
       }
       if (!this.loginEncryptionKeyPair) {
         yield this.setLoginEncryptionKeyPair();
       }
-      const base = type === "onRamp" || type === "telegramLogin" ? (0, import_utils2.getPortalBaseURL)(this.ctx, type === "telegramLogin") : yield this.getPortalURL();
+      const shouldUseLegacyPortalUrl = opts.useLegacyUrl || !!opts.addNewCredentialPasskeyId || type === "loginAuth";
+      const base = type === "onRamp" || isTelegramLogin ? (0, import_utils2.getPortalBaseURL)(this.ctx, isTelegramLogin, false, shouldUseLegacyPortalUrl) : yield this.getPortalURL(shouldUseLegacyPortalUrl);
       let path;
       switch (type) {
         case "createPassword": {
           path = `/web/users/${this.userId}/passwords/${opts.pathId}`;
           break;
         }
+        case "createPIN": {
+          path = `/web/users/${this.userId}/pin/${opts.pathId}`;
+          break;
+        }
         case "createAuth": {
           path = `/web/users/${this.userId}/biometrics/${opts.pathId}`;
           break;
@@ -705,18 +831,62 @@ const _ParaCore = class _ParaCore {
           path = "/web/biometrics/login";
           break;
         }
+        case "loginPIN": {
+          path = "/web/pin/login";
+          break;
+        }
         case "txReview": {
           path = `/web/users/${this.userId}/transaction-review/${opts.pathId}`;
           break;
         }
         case "onRamp": {
-          path = `/web/users/${this.userId}/on-ramp-transaction/${opts.pathId}`;
+          path = `/web/users/${this.userId}/on-ramp-transaction/v2/${opts.pathId}`;
+          break;
+        }
+        case "telegramLoginVerify": {
+          path = `/auth/telegram/verify`;
           break;
         }
         case "telegramLogin": {
           path = `/auth/telegram`;
           break;
         }
+        case "oAuth": {
+          path = `/auth/${opts.oAuthMethod.toLowerCase()}`;
+          break;
+        }
+        case "oAuthCallback": {
+          path = `/auth/${opts.oAuthMethod.toLowerCase()}/callback`;
+          break;
+        }
+        case "loginOTP": {
+          path = "/auth/otp";
+          break;
+        }
+        case "loginFarcaster": {
+          path = "/auth/farcaster";
+          break;
+        }
+        case "switchWallets": {
+          path = `/auth/wallets`;
+          break;
+        }
+        case "addNewCredential": {
+          path = "/auth/add-new-credential";
+          break;
+        }
+        case "exportPrivateKey": {
+          path = `/web/users/${this.userId}/private-key/${opts.pathId}`;
+          break;
+        }
+        case "loginExternalWallet": {
+          path = "/auth/external-wallet";
+          break;
+        }
+        case "connectExternalWallet": {
+          path = "/auth/connect-external-wallet";
+          break;
+        }
         default: {
           throw new Error(`invalid URL type ${type}`);
         }
@@ -735,25 +905,28 @@ const _ParaCore = class _ParaCore {
         encryptionKey: (0, import_utils.getPublicKeyHex)(this.loginEncryptionKeyPair),
         sessionId
       };
-      const params = __spreadValues(__spreadValues(__spreadValues(__spreadValues(__spreadValues({
+      const params = __spreadValues(__spreadValues(__spreadValues(__spreadValues(__spreadValues(__spreadValues(__spreadValues(__spreadValues(__spreadValues(__spreadValues(__spreadProps(__spreadValues({
         apiKey: this.ctx.apiKey,
-        partnerId: partner == null ? void 0 : partner.id,
-        portalFont: ((_b = opts.portalTheme) == null ? void 0 : _b.font) || (partner == null ? void 0 : partner.font) || ((_c = this.portalTheme) == null ? void 0 : _c.font),
-        portalBorderRadius: ((_d = opts.portalTheme) == null ? void 0 : _d.borderRadius) || ((_e = this.portalTheme) == null ? void 0 : _e.borderRadius),
-        portalThemeMode: ((_f = opts.portalTheme) == null ? void 0 : _f.mode) || (partner == null ? void 0 : partner.themeMode) || ((_g = this.portalTheme) == null ? void 0 : _g.mode),
-        portalAccentColor: ((_h = opts.portalTheme) == null ? void 0 : _h.accentColor) || (partner == null ? void 0 : partner.accentColor) || ((_i = this.portalTheme) == null ? void 0 : _i.accentColor),
-        portalForegroundColor: ((_j = opts.portalTheme) == null ? void 0 : _j.foregroundColor) || (partner == null ? void 0 : partner.foregroundColor) || ((_k = this.portalTheme) == null ? void 0 : _k.foregroundColor),
-        portalBackgroundColor: ((_l = opts.portalTheme) == null ? void 0 : _l.backgroundColor) || (partner == null ? void 0 : partner.backgroundColor) || this.portalBackgroundColor || ((_m = this.portalTheme) == null ? void 0 : _m.backgroundColor),
+        origin: typeof window !== "undefined" ? window.location.origin : void 0,
+        partnerId: partner == null ? void 0 : partner.id
+      }, typeof window !== "undefined" && ((_b = window.location) == null ? void 0 : _b.origin) ? { origin: window.location.origin } : {}), {
+        portalFont: ((_c = opts.portalTheme) == null ? void 0 : _c.font) || ((_d = this.portalTheme) == null ? void 0 : _d.font) || (partner == null ? void 0 : partner.font),
+        portalBorderRadius: ((_e = opts.portalTheme) == null ? void 0 : _e.borderRadius) || ((_f = this.portalTheme) == null ? void 0 : _f.borderRadius),
+        portalThemeMode: ((_g = opts.portalTheme) == null ? void 0 : _g.mode) || ((_h = this.portalTheme) == null ? void 0 : _h.mode) || (partner == null ? void 0 : partner.themeMode),
+        portalAccentColor: ((_i = opts.portalTheme) == null ? void 0 : _i.accentColor) || ((_j = this.portalTheme) == null ? void 0 : _j.accentColor) || (partner == null ? void 0 : partner.accentColor),
+        portalForegroundColor: ((_k = opts.portalTheme) == null ? void 0 : _k.foregroundColor) || ((_l = this.portalTheme) == null ? void 0 : _l.foregroundColor) || (partner == null ? void 0 : partner.foregroundColor),
+        portalBackgroundColor: ((_m = opts.portalTheme) == null ? void 0 : _m.backgroundColor) || ((_n = this.portalTheme) == null ? void 0 : _n.backgroundColor) || (partner == null ? void 0 : partner.backgroundColor) || this.portalBackgroundColor,
         portalPrimaryButtonColor: this.portalPrimaryButtonColor,
         portalTextColor: this.portalTextColor,
         portalPrimaryButtonTextColor: this.portalPrimaryButtonTextColor,
         isForNewDevice: opts.isForNewDevice ? opts.isForNewDevice.toString() : void 0
-      }, isCreate || isLogin ? __spreadProps(__spreadValues({
+      }), this.authInfo && (isCreate || isLogin || isAddNewCredential || isOAuthCallback || isSwitchWallets || isExportPrivateKey) ? __spreadProps(__spreadValues({
         authInfo: JSON.stringify(this.authInfo)
       }, (0, import_user_management_client.isPhone)(this.authInfo.auth) ? (0, import_utils2.splitPhoneNumber)(this.authInfo.auth.phone) : this.authInfo.auth), {
         pfpUrl: this.authInfo.pfpUrl,
-        displayName: this.authInfo.displayName
-      }) : {}), isOnRamp ? { sessionId } : {}), isLogin ? __spreadProps(__spreadValues({
+        displayName: this.authInfo.displayName,
+        userId: this.userId
+      }) : {}), isOnRamp ? { email: this.email } : {}), isLogin || isOAuth || isOAuthCallback || isTelegramLogin || isFarcasterLogin || isAddNewCredential ? __spreadProps(__spreadValues({
         sessionId: thisDevice.sessionId,
         encryptionKey: thisDevice.encryptionKey
       }, opts.newDevice ? {
@@ -761,23 +934,93 @@ const _ParaCore = class _ParaCore {
         newDeviceEncryptionKey: opts.newDevice.encryptionKey
       } : {}), {
         pregenIds: JSON.stringify(this.pregenIds)
-      }) : {}), type === "telegramLogin" ? { isEmbed: "true" } : {}), opts.params || {});
+      }) : {}), isOAuth || isOAuthCallback || isFarcasterLogin ? {
+        appScheme: opts.appScheme
+      } : {}), isTelegramLogin ? { isEmbed: "true" } : {}), isSwitchWallets ? __spreadValues(__spreadValues({}, this.currentWalletIds ? { currentWalletIds: JSON.stringify(this.currentWalletIds) } : {}), this.userId ? { userId: this.userId } : {}) : {}), opts.params || {}), isAddNewCredential ? __spreadProps(__spreadValues({}, opts.addNewCredentialType && { addNewCredentialType: opts.addNewCredentialType.toString() }), {
+        addNewCredentialPasskeyId: opts.addNewCredentialPasskeyId,
+        addNewCredentialPasswordId: opts.addNewCredentialPasswordId
+      }) : {}), isLogin && {
+        // Prior versions won't have this param which will skip the upgrade prompt
+        isBasicLoginUpgradeVersion: "true"
+      }), isExportPrivateKey ? {
+        sessionId: thisDevice.sessionId
+      } : {});
       const url = (0, import_utils2.constructUrl)({ base, path, params });
       if (opts.shorten) {
-        return (0, import_utils2.shortenUrl)(this.ctx, url);
+        return yield (0, import_utils2.shortenUrl)(this.ctx, url, shouldUseLegacyPortalUrl);
       }
       return url;
     });
   }
+  static resolveEnvironment(env, apiKey) {
+    var _a;
+    if (!apiKey) {
+      throw new Error("A Para API key is required.");
+    }
+    if (apiKey.includes("_")) {
+      const validEnvironmentPrefixes = Object.values(import_types.Environment);
+      const envPrefix = (_a = apiKey.split("_")[0]) == null ? void 0 : _a.toUpperCase();
+      const hasValidPrefix = validEnvironmentPrefixes.some((envValue) => envValue === envPrefix);
+      if (!hasValidPrefix) {
+        throw new Error(`Invalid API key environment prefix.`);
+      }
+      return envPrefix;
+    }
+    if (!env) {
+      throw new Error("Environment parameter is required.");
+    }
+    return env;
+  }
   touchSession(regenerate = false) {
     return __async(this, null, function* () {
-      var _a, _b, _c;
+      var _a, _b, _c, _d, _e;
+      if (!this.isWorkerInitialized) {
+        this.initializeWorker();
+      }
       if (!this.isReady) {
         yield this.ready();
       }
-      const session = yield this.ctx.client.touchSession(regenerate);
-      if (!__privateGet(this, _partner) || ((_a = __privateGet(this, _partner)) == null ? void 0 : _a.id) !== session.partnerId || !(0, import_utils2.supportedWalletTypesEq)(((_b = __privateGet(this, _partner)) == null ? void 0 : _b.supportedWalletTypes) || [], session.supportedWalletTypes) || (((_c = __privateGet(this, _partner)) == null ? void 0 : _c.cosmosPrefix) || "cosmos") !== session.cosmosPrefix) {
-        yield __privateMethod(this, _ParaCore_instances, getPartner_fn).call(this, session.partnerId);
+      let session;
+      try {
+        session = yield this.ctx.client.touchSession(regenerate);
+      } catch (error) {
+        this.handleTouchSessionError(error);
+        throw error;
+      }
+      if (!this.partner || ((_a = this.partner) == null ? void 0 : _a.id) !== session.partnerId || !(0, import_utils2.supportedWalletTypesEq)(((_b = this.partner) == null ? void 0 : _b.supportedWalletTypes) || [], session.supportedWalletTypes) || (((_c = this.partner) == null ? void 0 : _c.cosmosPrefix) || "cosmos") !== session.cosmosPrefix) {
+        if (!session.partnerId && !this.isPortal()) {
+          this.displayModalError(
+            `Invalid API Key. Please ensure you have a valid API key for the current environment: ${(_d = this.ctx.env) == null ? void 0 : _d.toUpperCase()}.`
+          );
+          console.error(`
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+\u{1F6A8} PARA SDK CONFIGURATION ERROR \u{1F6A8}
+
+INVALID API KEY FOR CONFIGURED ENVIRONMENT
+
+Your API key does not match the configured environment. This usually means:
+
+1. You're using a production API key with a development environment
+2. You're using a development API key with a production environment  
+3. Your API key is invalid or has been regenerated
+
+SOLUTION:
+\u2022 Verify your API key at: https://developer.getpara.com
+\u2022 If your API key doesn't contain an environment prefix, ensure your API key is the correct key for your target environment
+
+Current Environment: ${this.ctx.env}
+API Key Prefix: ${((_e = this.ctx.apiKey) == null ? void 0 : _e.split("_")[0].toUpperCase()) || "None"}
+
+Need help? Visit: https://docs.getpara.com or contact support
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+        `);
+          throw new Error("Invalid API Key.");
+        } else {
+          yield __privateMethod(this, _ParaCore_instances, getPartner_fn).call(this, session.partnerId);
+        }
+      }
+      if (session.currentWalletIds && !(0, import_utils2.currentWalletIdsEq)(session.currentWalletIds, this.currentWalletIds)) {
+        yield this.setCurrentWalletIds(session.currentWalletIds);
       }
       return session;
     });
@@ -876,8 +1119,35 @@ const _ParaCore = class _ParaCore {
       return __privateGet(this, _authInfo);
     });
   }
-  assertUserId() {
-    if (!this.userId || this.isGuestMode) {
+  /**
+   * Display an error message in the modal (if available)
+   * @internal
+   */
+  displayModalError(error) {
+    if (this.ctx.env !== import_types.Environment.PROD) {
+      this.setModalError(error);
+    }
+  }
+  /**
+   * Handle specific touchSession errors with user-friendly messages
+   * @private
+   */
+  handleTouchSessionError(error) {
+    const errorStr = String(error);
+    const errorMessage = error instanceof Error ? error.message : "";
+    if (errorStr.includes("blocked by CORS policy") && errorStr.includes("Access-Control-Allow-Origin")) {
+      this.displayModalError("Request rate limit reached. Please wait a couple of minutes and try again.");
+      return;
+    }
+    if (error.status === 403 && errorMessage.includes("origin not authorized")) {
+      this.displayModalError(
+        "The current origin is not allowed. Update your allowed origins in the Para developer portal to allow the current origin."
+      );
+      return;
+    }
+  }
+  assertUserId({ allowGuestMode = false } = {}) {
+    if (!this.userId || !allowGuestMode && this.isGuestMode) {
       throw new Error("no userId is set");
     }
     return this.userId;
@@ -935,11 +1205,59 @@ const _ParaCore = class _ParaCore {
    */
   setExternalWallet(externalWallet) {
     return __async(this, null, function* () {
+      const { id: partnerId, supportedWalletTypes } = yield __privateMethod(this, _ParaCore_instances, assertPartner_fn).call(this);
       this.externalWallets = (Array.isArray(externalWallet) ? externalWallet : [externalWallet]).reduce(
+        (acc, {
+          partnerId: wPartnerId,
+          address,
+          type,
+          provider,
+          providerId,
+          addressBech32,
+          withFullParaAuth,
+          isConnectionOnly,
+          withVerification
+        }) => {
+          if (partnerId === wPartnerId && supportedWalletTypes.some(({ type: supportedType }) => supportedType === type)) {
+            return __spreadProps(__spreadValues({}, acc), {
+              [address]: {
+                id: address,
+                partnerId,
+                address: addressBech32 != null ? addressBech32 : address,
+                type,
+                name: provider,
+                isExternal: true,
+                isExternalWithParaAuth: withFullParaAuth,
+                externalProviderId: providerId,
+                signer: "",
+                isExternalConnectionOnly: isConnectionOnly,
+                isExternalWithVerification: withVerification
+              }
+            });
+          }
+          return acc;
+        },
+        {}
+      ), this.setExternalWallets(this.externalWallets);
+      (0, import_utils2.dispatchEvent)(import_types.ParaEvent.EXTERNAL_WALLET_CHANGE_EVENT, null);
+    });
+  }
+  addExternalWallets(externalWallets) {
+    return __async(this, null, function* () {
+      const { id: partnerId, supportedWalletTypes } = yield __privateMethod(this, _ParaCore_instances, assertPartner_fn).call(this);
+      this.externalWallets = __spreadValues(__spreadValues({}, Object.entries(this.externalWallets).reduce((acc, [address, wallet]) => {
+        if (partnerId === wallet.partnerId && supportedWalletTypes.some(({ type }) => type === wallet.type)) {
+          return __spreadProps(__spreadValues({}, acc), {
+            [address]: wallet
+          });
+        }
+        return acc;
+      }, {})), externalWallets.reduce(
         (acc, { address, type, provider, providerId, addressBech32, withFullParaAuth, isConnectionOnly, withVerification }) => {
           return __spreadProps(__spreadValues({}, acc), {
             [address]: {
               id: address,
+              partnerId,
               address: addressBech32 != null ? addressBech32 : address,
               type,
               name: provider,
@@ -953,7 +1271,7 @@ const _ParaCore = class _ParaCore {
           });
         },
         {}
-      );
+      ));
       this.setExternalWallets(this.externalWallets);
       (0, import_utils2.dispatchEvent)(import_types.ParaEvent.EXTERNAL_WALLET_CHANGE_EVENT, null);
     });
@@ -984,12 +1302,16 @@ const _ParaCore = class _ParaCore {
   }
   /**
    * Sets the external wallets associated with the `ParaCore` instance.
-   * @param externalWallets - External wallets to set.
+   * @param externalWallets - External wallets to set, or a function that modifies the current wallets.
    */
   setExternalWallets(externalWallets) {
     return __async(this, null, function* () {
-      this.externalWallets = externalWallets;
-      yield this.localStorageSetItem(constants.LOCAL_STORAGE_EXTERNAL_WALLETS, JSON.stringify(externalWallets));
+      if (typeof externalWallets === "function") {
+        this.externalWallets = externalWallets(this.externalWallets);
+      } else {
+        this.externalWallets = externalWallets;
+      }
+      yield this.localStorageSetItem(constants.LOCAL_STORAGE_EXTERNAL_WALLETS, JSON.stringify(this.externalWallets));
     });
   }
   /**
@@ -1158,14 +1480,27 @@ const _ParaCore = class _ParaCore {
       ...[...this.currentWalletIdsArray, ...__privateGet(this, _ParaCore_instances, guestWalletIdsArray_get)].map(([address, type]) => [address, type, false]).map(([id, type]) => {
         const wallet = this.findWallet(id, type);
         if (!wallet) return null;
+        const name = wallet.name;
+        const address = this.getDisplayAddress(id, { addressType: type });
+        const addressShort = this.getDisplayAddress(id, { addressType: type, truncate: true });
         return {
           id: wallet.id,
+          partner: wallet.partner,
           type,
-          address: this.getDisplayAddress(id, { addressType: type }),
-          name: wallet.name
+          address,
+          name,
+          addressShort,
+          displayName: name != null ? name : addressShort,
+          ensName: wallet.ensName,
+          ensAvatar: wallet.ensAvatar
         };
       }).filter((obj) => obj !== null),
-      ...Object.values((_a = this.externalWallets) != null ? _a : {})
+      ...Object.values((_a = this.externalWallets) != null ? _a : {}).map((wallet) => {
+        return __spreadProps(__spreadValues({}, wallet), {
+          addressShort: (0, import_utils2.truncateAddress)(wallet.address, wallet.type, { prefix: this.cosmosPrefix }),
+          displayName: wallet.externalProviderId
+        });
+      })
     ];
   }
   /**
@@ -1227,9 +1562,9 @@ const _ParaCore = class _ParaCore {
    * @param partnerId: string - id of the partner to get the portal URL for
    * @returns - portal URL
    */
-  getPortalURL() {
+  getPortalURL(isLegacy) {
     return __async(this, null, function* () {
-      return (yield this.getPartnerURL()) || (0, import_utils2.getPortalBaseURL)(this.ctx);
+      return (yield this.getPartnerURL()) || (0, import_utils2.getPortalBaseURL)(this.ctx, false, false, isLegacy);
     });
   }
   /**
@@ -1264,13 +1599,13 @@ const _ParaCore = class _ParaCore {
     return __async(this, null, function* () {
       const res = yield this.isPortal() || this.isParaConnect() ? this.ctx.client.getAllWallets(this.userId) : this.ctx.client.getWallets(this.userId, true);
       return res.data.wallets.filter(
-        (wallet) => !!wallet.address && (this.isParaConnect() || !this.isParaConnect() && this.isWalletSupported((0, import_utils2.entityToWallet)(wallet)))
+        (wallet) => !!wallet.address && wallet.sharesPersisted && (this.isParaConnect() || !this.isParaConnect() && this.isWalletSupported((0, import_utils2.entityToWallet)(wallet)))
       );
     });
   }
   populateWalletAddresses() {
     return __async(this, null, function* () {
-      const res = yield this.ctx.client.getWallets(this.userId, true);
+      const res = yield (this.isPortal() ? this.ctx.client.getAllWallets : this.ctx.client.getWallets)(this.userId, true);
       const wallets = res.data.wallets;
       wallets.forEach((entity) => {
         if (this.wallets[entity.id]) {
@@ -1301,13 +1636,28 @@ const _ParaCore = class _ParaCore {
   loginExternalWallet(_a) {
     return __async(this, null, function* () {
       var _b = _a, {
-        externalWallet
+        externalWallet,
+        chainId,
+        uri
       } = _b, urlOptions = __objRest(_b, [
-        "externalWallet"
+        "externalWallet",
+        "chainId",
+        "uri"
       ]);
       const externalWallets = Array.isArray(externalWallet) ? externalWallet : [externalWallet];
+      try {
+        yield this.ctx.client.trackExternalWalletConnections({
+          wallets: externalWallets.map((wallet) => ({
+            address: wallet.address,
+            type: wallet.type,
+            provider: wallet.provider
+          }))
+        });
+      } catch (err) {
+        console.error("Error tracking external wallet connections:", err);
+      }
       if (this.externalWalletConnectionOnly || externalWallets.every((wallet) => wallet.isConnectionOnly)) {
-        yield this.setExternalWallet(
+        yield this.addExternalWallets(
           externalWallets.map((wallet) => __spreadProps(__spreadValues({}, wallet), {
             withFullParaAuth: false
           }))
@@ -1322,33 +1672,47 @@ const _ParaCore = class _ParaCore {
         );
       }
       this.requireApiKey();
-      const serverAuthState = yield this.ctx.client.loginExternalWallet({ externalWallet });
+      const serverAuthState = yield this.ctx.client.loginExternalWallet({ externalWallet, chainId, uri });
       if (!externalWallet.withFullParaAuth && externalWallet.withVerification) {
         yield this.touchSession(true);
       }
+      if (externalWallet.withFullParaAuth) {
+        yield this.ctx.client.sessionAddPortalVerification();
+      }
       return __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, urlOptions);
     });
   }
-  verifyExternalWallet(_c) {
+  verifyExternalWallet(params) {
     return __async(this, null, function* () {
-      var _d = _c, {
-        externalWallet,
-        signedMessage,
-        cosmosPublicKeyHex,
-        cosmosSigner
-      } = _d, urlOptions = __objRest(_d, [
-        "externalWallet",
-        "signedMessage",
-        "cosmosPublicKeyHex",
-        "cosmosSigner"
-      ]);
-      const serverAuthState = yield this.ctx.client.verifyExternalWallet(this.userId, {
-        externalWallet,
-        signedMessage,
-        cosmosPublicKeyHex,
-        cosmosSigner
-      });
-      return __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, urlOptions);
+      var _c;
+      let serverAuthState;
+      let urlOptions;
+      if ("serverAuthState" in params && params.serverAuthState !== void 0) {
+        const _a = params, { serverAuthState: optsServerAuthState } = _a, rest = __objRest(_a, ["serverAuthState"]);
+        serverAuthState = optsServerAuthState;
+        urlOptions = rest;
+      } else if ("externalWallet" in params) {
+        const _b = params, { externalWallet, signedMessage, cosmosPublicKeyHex, cosmosSigner } = _b, rest = __objRest(_b, ["externalWallet", "signedMessage", "cosmosPublicKeyHex", "cosmosSigner"]);
+        const _serverAuthState = yield this.ctx.client.verifyExternalWallet(this.userId, {
+          externalWallet,
+          signedMessage,
+          cosmosPublicKeyHex,
+          cosmosSigner
+        });
+        serverAuthState = _serverAuthState;
+        urlOptions = rest;
+      }
+      if (serverAuthState.stage === "login" && ((_c = serverAuthState.loginAuthMethods) == null ? void 0 : _c.includes(import_user_management_client.AuthMethod.PIN))) {
+        const { sessionLookupId } = yield this.touchSession();
+        return yield __privateMethod(this, _ParaCore_instances, prepareLoginState_fn).call(this, serverAuthState, __spreadProps(__spreadValues({}, urlOptions), { sessionLookupId }));
+      }
+      let state;
+      try {
+        state = yield __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, urlOptions);
+      } catch (err) {
+        console.error("Error prepping state:", err);
+      }
+      return state;
     });
   }
   verifyExternalWalletLink(opts) {
@@ -1364,28 +1728,38 @@ const _ParaCore = class _ParaCore {
       return accounts;
     });
   }
+  // TELEGRAM
   /**
    * Validates the response received from an attempted Telegram login for authenticity, then
    * creates or retrieves the corresponding Para user and prepares the Para instance to sign in with that user.
    * @param authResponse - the response JSON object received from the Telegram widget.
    * @returns `{ isValid: boolean; telegramUserId?: string; userId?: string; isNewUser?: boolean; supportedAuthMethods?: AuthMethod[]; biometricHints?: BiometricLocationHint[] }`
    */
-  verifyTelegramProcess(_e) {
+  verifyTelegramProcess(_c) {
     return __async(this, null, function* () {
-      var _f = _e, {
+      var _d = _c, {
+        serverAuthState: optsServerAuthState,
         telegramAuthResponse,
         isLinkAccount
-      } = _f, urlOptions = __objRest(_f, [
+      } = _d, urlOptions = __objRest(_d, [
+        "serverAuthState",
         "telegramAuthResponse",
         "isLinkAccount"
       ]);
       try {
         switch (isLinkAccount) {
           case false: {
-            const serverAuthState = yield this.ctx.client.verifyTelegram(telegramAuthResponse);
-            return __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, urlOptions);
+            if (!optsServerAuthState && !telegramAuthResponse) {
+              throw new Error("one of serverAuthState or telegramAuthResponse are required for verifying telegram");
+            }
+            const serverAuthState = optsServerAuthState != null ? optsServerAuthState : yield this.ctx.client.verifyTelegram({ authObject: telegramAuthResponse });
+            const { sessionLookupId } = yield this.touchSession();
+            return __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, __spreadProps(__spreadValues({}, urlOptions), { sessionLookupId }));
           }
           case true: {
+            if (!telegramAuthResponse) {
+              throw new Error("telegramAuthResponse is required for verifying telegram link");
+            }
             const accountLinkInProgress = yield __privateMethod(this, _ParaCore_instances, assertIsLinkingAccountOrStart_fn).call(this, "TELEGRAM");
             const accounts = yield this.verifyLink({
               accountLinkInProgress,
@@ -1395,7 +1769,8 @@ const _ParaCore = class _ParaCore {
           }
         }
       } catch (e) {
-        throw new Error(e.message);
+        const errorMessage = e instanceof Error ? e.message : e ? String(e) : "Unknown error occurred";
+        throw new Error(errorMessage);
       }
     });
   }
@@ -1459,6 +1834,7 @@ const _ParaCore = class _ParaCore {
       let type, linkedAccountId;
       switch (reason) {
         case "SIGNUP":
+        case "LOGIN":
           {
             const authInfo = this.assertIsAuthSet(["email", "phone"]);
             type = authInfo.authType.toUpperCase();
@@ -1472,7 +1848,7 @@ const _ParaCore = class _ParaCore {
           }
           break;
       }
-      const userId = this.assertUserId();
+      const userId = this.assertUserId({ allowGuestMode: true });
       if (type !== "EMAIL" && type !== "PHONE") {
         throw new Error("invalid auth type for verification code");
       }
@@ -1510,6 +1886,9 @@ const _ParaCore = class _ParaCore {
   isFullyLoggedIn() {
     return __async(this, null, function* () {
       if (this.externalWalletConnectionType === "CONNECTION_ONLY") {
+        if (!this.isReady) {
+          yield this.ready();
+        }
         return true;
       }
       if (this.isGuestMode) {
@@ -1519,17 +1898,45 @@ const _ParaCore = class _ParaCore {
       if (this.externalWalletConnectionType === "VERIFICATION") {
         return isSessionActive;
       }
-      return isSessionActive && (this.isNoWalletConfig || this.currentWalletIdsArray.length > 0 && this.currentWalletIdsArray.reduce((acc, [id]) => acc && !!this.wallets[id], true));
+      if (this.isSwitchingWallets) {
+        return isSessionActive;
+      }
+      if (!isSessionActive) {
+        return false;
+      }
+      if (this.isNoWalletConfig) {
+        return true;
+      }
+      const { supportedWalletTypes } = yield __privateMethod(this, _ParaCore_instances, assertPartner_fn).call(this);
+      const requiredWalletTypes = supportedWalletTypes.filter(({ optional }) => !optional);
+      for (const { type } of requiredWalletTypes) {
+        const hasWalletForType = this.currentWalletIdsArray.some(([walletId, walletType]) => {
+          try {
+            const wallet = this.wallets[walletId];
+            return wallet && walletType === type && typeof wallet.address === "string";
+          } catch (e) {
+            return false;
+          }
+        });
+        if (!hasWalletForType) {
+          return false;
+        }
+      }
+      return true;
     });
   }
   get isGuestMode() {
     return __privateGet(this, _ParaCore_instances, guestWalletIdsArray_get).length > 0 && Object.values(this.wallets).every(
       ({ userId, partnerId }) => {
         var _a;
-        return partnerId === ((_a = __privateGet(this, _partner)) == null ? void 0 : _a.id) && (!userId || userId !== this.userId);
+        return partnerId === ((_a = this.partner) == null ? void 0 : _a.id) && (!userId || userId !== this.userId);
       }
     );
   }
+  /**
+   * Get the auth methods available to an existing user
+   * @deprecated Use supportedUserAuthMethods instead
+   */
   supportedAuthMethods(auth) {
     return __async(this, null, function* () {
       const { supportedAuthMethods } = yield this.ctx.client.getSupportedAuthMethods(auth);
@@ -1547,6 +1954,37 @@ const _ParaCore = class _ParaCore {
       return authMethods;
     });
   }
+  /**
+   * Get the auth methods available to an existing user
+   */
+  supportedUserAuthMethods() {
+    return __async(this, null, function* () {
+      yield this.assertIsAuthSet();
+      const { supportedAuthMethods, hasPasswordWithoutPIN } = yield this.ctx.client.getSupportedAuthMethodsV2(
+        this.authInfo.auth
+      );
+      const authMethods = /* @__PURE__ */ new Set();
+      for (const type of supportedAuthMethods) {
+        switch (type) {
+          case "PASSWORD":
+            if (hasPasswordWithoutPIN) {
+              authMethods.add(import_user_management_client.AuthMethod.PASSWORD);
+            }
+            break;
+          case "PASSKEY":
+            authMethods.add(import_user_management_client.AuthMethod.PASSKEY);
+            break;
+          case "PIN":
+            authMethods.add(import_user_management_client.AuthMethod.PIN);
+            break;
+          case "BASIC_LOGIN":
+            authMethods.add(import_user_management_client.AuthMethod.BASIC_LOGIN);
+            break;
+        }
+      }
+      return authMethods;
+    });
+  }
   /**
    * Get hints associated with the users stored biometrics.
    * @deprecated
@@ -1633,26 +2071,33 @@ const _ParaCore = class _ParaCore {
       return connectUri;
     });
   }
+  // FARCASTER
   /**
    * Awaits the response from a user's attempt to log in with Farcaster.
    * If successful, this returns the user's Farcaster username and profile picture and indicates whether the user already exists.
    * @return {Object} `{userExists: boolean; username: string; pfpUrl?: string | null }` - the user's information and whether the user already exists.
    */
-  verifyFarcasterProcess(_g) {
+  verifyFarcasterProcess(_e) {
     return __async(this, null, function* () {
-      var _h = _g, {
+      var _f = _e, {
         isCanceled = () => false,
         onConnectUri,
         onCancel,
         onPoll,
-        isLinkAccount
-      } = _h, urlOptions = __objRest(_h, [
+        isLinkAccount,
+        serverAuthState: optsServerAuthState
+      } = _f, urlOptions = __objRest(_f, [
         "isCanceled",
         "onConnectUri",
         "onCancel",
         "onPoll",
-        "isLinkAccount"
+        "isLinkAccount",
+        "serverAuthState"
       ]);
+      if (optsServerAuthState) {
+        const authState = yield __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, optsServerAuthState, urlOptions);
+        return authState;
+      }
       let accountLinkInProgress;
       if (isLinkAccount) {
         accountLinkInProgress = yield __privateMethod(this, _ParaCore_instances, assertIsLinkingAccountOrStart_fn).call(this, "FARCASTER");
@@ -1714,7 +2159,9 @@ const _ParaCore = class _ParaCore {
   }
   getOAuthUrl(opts) {
     return __async(this, null, function* () {
-      return __privateMethod(this, _ParaCore_instances, getOAuthUrl_fn).call(this, opts);
+      var _a;
+      const sessionLookupId = (_a = opts.sessionLookupId) != null ? _a : yield this.prepareLogin();
+      return __privateMethod(this, _ParaCore_instances, getOAuthUrl_fn).call(this, __spreadProps(__spreadValues({}, opts), { sessionLookupId }));
     });
   }
   /**
@@ -1725,35 +2172,54 @@ const _ParaCore = class _ParaCore {
    * @param {Window} [opts.popupWindow] the popup window being used for login.
    * @return {Object} `{ email?: string; isError?: boolean; userExists: boolean; }` the result data
    */
-  verifyOAuthProcess(_k) {
+  verifyOAuthProcess(_g) {
     return __async(this, null, function* () {
-      var _l = _k, {
+      var _h = _g, {
         method,
         appScheme,
         isCanceled = () => false,
         onCancel,
         onPoll,
         onOAuthUrl,
+        onOAuthPopup,
         isLinkAccount
-      } = _l, urlOptions = __objRest(_l, [
+      } = _h, urlOptions = __objRest(_h, [
         "method",
         "appScheme",
         "isCanceled",
         "onCancel",
         "onPoll",
         "onOAuthUrl",
+        "onOAuthPopup",
         "isLinkAccount"
       ]);
+      if (onOAuthPopup) {
+        try {
+          this.popupWindow = yield this.platformUtils.openPopup("about:blank", { type: import_types.PopupType.OAUTH });
+        } catch (error) {
+          throw new Error(`Failed to open OAuth popup: ${error}`);
+        }
+      }
       let sessionLookupId, accountLinkInProgress;
-      if (onOAuthUrl) {
+      if (onOAuthUrl || onOAuthPopup) {
         if (isLinkAccount) {
           accountLinkInProgress = yield __privateMethod(this, _ParaCore_instances, assertIsLinkingAccountOrStart_fn).call(this, method);
           sessionLookupId = (yield this.touchSession()).sessionLookupId;
         } else {
-          sessionLookupId = yield __privateMethod(this, _ParaCore_instances, prepareLogin_fn).call(this);
+          sessionLookupId = yield this.prepareLogin();
         }
         const oAuthUrl = yield __privateMethod(this, _ParaCore_instances, getOAuthUrl_fn).call(this, { method, appScheme, sessionLookupId, accountLinkInProgress });
-        onOAuthUrl(oAuthUrl);
+        switch (true) {
+          case !!onOAuthUrl: {
+            onOAuthUrl(oAuthUrl);
+            break;
+          }
+          case (!!onOAuthPopup && !!this.popupWindow): {
+            this.popupWindow.location.href = oAuthUrl;
+            onOAuthPopup(this.popupWindow);
+            break;
+          }
+        }
       } else {
         ({ sessionLookupId } = yield this.touchSession());
       }
@@ -1812,61 +2278,26 @@ const _ParaCore = class _ParaCore {
    * @param {boolean} [opts.skipSessionRefresh] whether to skip refreshing the session.
    * @returns {Object} `{ isComplete: boolean; isError: boolean; needsWallet: boolean; partnerId: string; }` the result data
    **/
-  waitForLogin() {
-    return __async(this, arguments, function* ({
-      isCanceled = () => false,
-      onCancel,
-      onPoll,
-      skipSessionRefresh = false
-    } = {}) {
-      const startedAt = Date.now();
-      return new Promise((resolve, reject) => {
-        (() => __async(this, null, function* () {
-          var _a;
-          if (!this.isExternalWalletAuth) {
-            this.externalWallets = {};
-          }
-          while (true) {
-            if (isCanceled() || Date.now() - startedAt > constants.POLLING_TIMEOUT_MS) {
-              (0, import_utils2.dispatchEvent)(import_types.ParaEvent.LOGIN_EVENT, { isComplete: false }, "failed to setup user");
-              onCancel == null ? void 0 : onCancel();
-              return reject("canceled");
-            }
-            yield new Promise((resolve2) => setTimeout(resolve2, constants.POLLING_INTERVAL_MS));
-            try {
-              let session = yield this.touchSession();
-              if (!session.isAuthenticated) {
-                onPoll == null ? void 0 : onPoll();
-                continue;
-              }
-              session = yield this.userSetupAfterLogin();
-              const needsWallet = (_a = session.needsWallet) != null ? _a : false;
-              if (!needsWallet) {
-                if (this.currentWalletIdsArray.length === 0) {
-                  onPoll == null ? void 0 : onPoll();
-                  continue;
-                }
-              }
-              const fetchedWallets = yield this.fetchWallets();
-              const tempSharesRes = yield this.getTransmissionKeyShares();
-              if (tempSharesRes.data.temporaryShares.length === fetchedWallets.length) {
-                yield this.setupAfterLogin({ temporaryShares: tempSharesRes.data.temporaryShares, skipSessionRefresh });
-                yield this.claimPregenWallets();
-                const resp = {
-                  needsWallet: needsWallet || Object.values(this.wallets).length === 0,
-                  partnerId: session.partnerId
-                };
-                (0, import_utils2.dispatchEvent)(import_types.ParaEvent.LOGIN_EVENT, resp);
-                return resolve(resp);
-              }
-              onPoll == null ? void 0 : onPoll();
-            } catch (err) {
-              console.error(err);
-              onPoll == null ? void 0 : onPoll();
-            }
-          }
-        }))();
-      });
+  waitForLogin(args) {
+    return __async(this, null, function* () {
+      return yield __privateMethod(this, _ParaCore_instances, waitForLoginProcess_fn).call(this, args);
+    });
+  }
+  waitForWalletSwitching(args) {
+    return __async(this, null, function* () {
+      return yield __privateMethod(this, _ParaCore_instances, waitForLoginProcess_fn).call(this, __spreadProps(__spreadValues({}, args), { isSwitchingWallets: true }));
+    });
+  }
+  /**
+   * Gets the switch wallets URL for wallet selection.
+   * The authMethod is automatically included in the URL if available.
+   *
+   * @returns {Promise<{ url: string; authMethod: TAuthMethod }>} The switch wallets URL and authMethod
+   */
+  getSwitchWalletsUrl() {
+    return __async(this, null, function* () {
+      const url = yield this.constructPortalUrl("switchWallets");
+      return url;
     });
   }
   /**
@@ -1889,7 +2320,7 @@ const _ParaCore = class _ParaCore {
         sessionId
       });
       if (shouldOpenPopup) {
-        this.platformUtils.openPopup(link);
+        yield this.platformUtils.openPopup(link);
       }
       return link;
     });
@@ -1980,7 +2411,9 @@ const _ParaCore = class _ParaCore {
         userId: this.userId,
         walletId,
         userShare: userSigner,
-        emailProps: this.getBackupKitEmailProps()
+        emailProps: this.getBackupKitEmailProps(),
+        isEnclaveUser: this.isEnclaveUser,
+        walletScheme: this.wallets[walletId].scheme
       });
       return recoveryShare;
     });
@@ -1994,7 +2427,7 @@ const _ParaCore = class _ParaCore {
             break;
           }
           ++maxPolls;
-          const res = yield this.ctx.client.getWallets(this.userId);
+          const res = yield (this.isPortal() ? this.ctx.client.getAllWallets : this.ctx.client.getWallets)(this.userId);
           const wallet = res.data.wallets.find((w) => w.id === walletId);
           if (wallet && wallet.address) {
             return;
@@ -2108,7 +2541,9 @@ const _ParaCore = class _ParaCore {
         ignoreRedistributingBackupEncryptedShare: !redistributeBackupEncryptedShares,
         emailProps: this.getBackupKitEmailProps(),
         partnerId: newPartnerId,
-        protocolId
+        protocolId,
+        isEnclaveUser: this.isEnclaveUser,
+        walletScheme: this.wallets[walletId].scheme
       });
       return { signer, recoverySecret, protocolId };
     });
@@ -2157,26 +2592,29 @@ const _ParaCore = class _ParaCore {
         }
       }
       const walletId = keygenRes.walletId;
+      const walletScheme = walletType === "SOLANA" ? "ED25519" : "DKLS";
       signer = keygenRes.signer;
-      this.wallets[walletId] = {
-        id: walletId,
-        signer,
-        scheme: walletType === "SOLANA" ? "ED25519" : "DKLS",
-        type: walletType
-      };
-      wallet = this.wallets[walletId];
-      yield this.waitForWalletAddress(wallet.id);
-      yield this.populateWalletAddresses();
+      yield this.waitForWalletAddress(walletId);
       let recoveryShare = null;
       if (!skipDistribute) {
         recoveryShare = yield (0, import_shareDistribution.distributeNewShare)({
           ctx: this.ctx,
           userId: this.userId,
-          walletId: wallet.id,
+          walletId,
           userShare: signer,
-          emailProps: this.getBackupKitEmailProps()
+          emailProps: this.getBackupKitEmailProps(),
+          isEnclaveUser: this.isEnclaveUser,
+          walletScheme
         });
       }
+      this.wallets[walletId] = {
+        id: walletId,
+        signer,
+        scheme: walletScheme,
+        type: walletType
+      };
+      wallet = this.wallets[walletId];
+      yield this.populateWalletAddresses();
       yield this.setCurrentWalletIds(__spreadProps(__spreadValues({}, this.currentWalletIds), {
         [walletType]: [.../* @__PURE__ */ new Set([...(_b = this.currentWalletIds[walletType]) != null ? _b : [], walletId])]
       }));
@@ -2255,7 +2693,9 @@ const _ParaCore = class _ParaCore {
             walletId: wallet.id,
             userShare: this.wallets[wallet.id].signer,
             emailProps: this.getBackupKitEmailProps(),
-            partnerId: wallet.partnerId
+            partnerId: wallet.partnerId,
+            isEnclaveUser: this.isEnclaveUser,
+            walletScheme: wallet.scheme
           });
           if (distributeRes.length > 0) {
             newRecoverySecret = distributeRes;
@@ -2382,10 +2822,10 @@ const _ParaCore = class _ParaCore {
         (0, import_utils2.dispatchEvent)(import_types.ParaEvent.GUEST_WALLETS_CREATED, wallets);
         __privateSet(this, _isCreateGuestWalletsPending, false);
         return wallets;
-      } catch (e) {
-        (0, import_utils2.dispatchEvent)(import_types.ParaEvent.GUEST_WALLETS_CREATED, null, error == null ? void 0 : error.message);
+      } catch (error2) {
+        (0, import_utils2.dispatchEvent)(import_types.ParaEvent.GUEST_WALLETS_CREATED, null, error2 == null ? void 0 : error2.message);
         __privateSet(this, _isCreateGuestWalletsPending, false);
-        throw error;
+        throw error2;
       }
     });
   }
@@ -2433,25 +2873,12 @@ const _ParaCore = class _ParaCore {
       });
     });
   }
-  getOnRampTransactionUrl(_m) {
-    return __async(this, null, function* () {
-      var _n = _m, {
-        purchaseId,
-        providerKey
-      } = _n, walletParams = __objRest(_n, [
-        "purchaseId",
-        "providerKey"
-      ]);
-      const { sessionId } = yield this.touchSession();
-      const [key, identifier] = (0, import_user_management_client.extractWalletRef)(walletParams);
+  getOnRampTransactionUrl(_0) {
+    return __async(this, arguments, function* ({
+      purchaseId
+    }) {
       return this.constructPortalUrl("onRamp", {
-        pathId: purchaseId,
-        sessionId,
-        params: {
-          [key]: identifier,
-          providerKey,
-          currentWalletIds: JSON.stringify(this.currentWalletIds)
-        }
+        pathId: purchaseId
       });
     });
   }
@@ -2476,6 +2903,7 @@ const _ParaCore = class _ParaCore {
       onCancel,
       onPoll
     }) {
+      var _a;
       this.assertIsValidWalletId(walletId);
       const wallet = this.wallets[walletId];
       let signerId = this.userId;
@@ -2485,7 +2913,7 @@ const _ParaCore = class _ParaCore {
       let signRes = yield this.signMessageInner({ wallet, signerId, messageBase64, cosmosSignDocBase64 });
       let timeStart = Date.now();
       if (signRes.pendingTransactionId) {
-        this.platformUtils.openPopup(
+        yield this.platformUtils.openPopup(
           yield this.getTransactionReviewUrl(signRes.pendingTransactionId, timeoutMs),
           { type: cosmosSignDocBase64 ? import_types.PopupType.SIGN_TRANSACTION_REVIEW : import_types.PopupType.SIGN_MESSAGE_REVIEW }
         );
@@ -2499,18 +2927,19 @@ const _ParaCore = class _ParaCore {
           break;
         }
         yield new Promise((resolve) => setTimeout(resolve, constants.POLLING_INTERVAL_MS));
+        let pendingTransaction;
         try {
-          yield this.ctx.client.getPendingTransaction(this.userId, signRes.pendingTransactionId);
-        } catch (err) {
+          pendingTransaction = (_a = (yield this.ctx.client.getPendingTransaction(this.userId, signRes.pendingTransactionId)).data) == null ? void 0 : _a.pendingTransaction;
+        } catch (e) {
           const error = new import_errors.TransactionReviewDenied();
           (0, import_utils2.dispatchEvent)(import_types.ParaEvent.SIGN_MESSAGE_EVENT, signRes, error.message);
           throw error;
         }
-        signRes = yield this.signMessageInner({ wallet, signerId, messageBase64, cosmosSignDocBase64 });
-        if (signRes.pendingTransactionId) {
+        if (!(pendingTransaction == null ? void 0 : pendingTransaction.approvedAt)) {
           onPoll == null ? void 0 : onPoll();
           continue;
         } else {
+          signRes = yield this.signMessageInner({ wallet, signerId, messageBase64, cosmosSignDocBase64 });
           break;
         }
       }
@@ -2579,6 +3008,7 @@ const _ParaCore = class _ParaCore {
       onCancel,
       onPoll
     }) {
+      var _a;
       this.assertIsValidWalletId(walletId);
       const wallet = this.wallets[walletId];
       let signerId = this.userId;
@@ -2597,7 +3027,7 @@ const _ParaCore = class _ParaCore {
       );
       let timeStart = Date.now();
       if (signRes.pendingTransactionId) {
-        this.platformUtils.openPopup(
+        yield this.platformUtils.openPopup(
           yield this.getTransactionReviewUrl(signRes.pendingTransactionId, timeoutMs),
           { type: import_types.PopupType.SIGN_TRANSACTION_REVIEW }
         );
@@ -2611,27 +3041,28 @@ const _ParaCore = class _ParaCore {
           break;
         }
         yield new Promise((resolve) => setTimeout(resolve, constants.POLLING_INTERVAL_MS));
+        let pendingTransaction;
         try {
-          yield this.ctx.client.getPendingTransaction(this.userId, signRes.pendingTransactionId);
-        } catch (err) {
+          pendingTransaction = (_a = (yield this.ctx.client.getPendingTransaction(this.userId, signRes.pendingTransactionId)).data) == null ? void 0 : _a.pendingTransaction;
+        } catch (e) {
           const error = new import_errors.TransactionReviewDenied();
           (0, import_utils2.dispatchEvent)(import_types.ParaEvent.SIGN_TRANSACTION_EVENT, signRes, error.message);
           throw error;
         }
-        signRes = yield this.platformUtils.signTransaction(
-          this.ctx,
-          signerId,
-          walletId,
-          this.wallets[walletId].signer,
-          rlpEncodedTxBase64,
-          chainId,
-          this.retrieveSessionCookie(),
-          wallet.scheme === "DKLS"
-        );
-        if (signRes.pendingTransactionId) {
+        if (!(pendingTransaction == null ? void 0 : pendingTransaction.approvedAt)) {
           onPoll == null ? void 0 : onPoll();
           continue;
         } else {
+          signRes = yield this.platformUtils.signTransaction(
+            this.ctx,
+            signerId,
+            walletId,
+            this.wallets[walletId].signer,
+            rlpEncodedTxBase64,
+            chainId,
+            this.retrieveSessionCookie(),
+            wallet.scheme === "DKLS"
+          );
           break;
         }
       }
@@ -2673,7 +3104,8 @@ const _ParaCore = class _ParaCore {
         providerKey: onRampPurchase.providerKey
       }, walletParams));
       if (shouldOpenPopup) {
-        this.platformUtils.openPopup(portalUrl, { type: import_types.PopupType.ON_RAMP_TRANSACTION });
+        const onRampWindow = yield this.platformUtils.openPopup(portalUrl, { type: import_types.PopupType.ON_RAMP_TRANSACTION });
+        this.onRampPopup = { window: onRampWindow, onRampPurchase };
       }
       return { onRampPurchase, portalUrl };
     });
@@ -2686,7 +3118,7 @@ const _ParaCore = class _ParaCore {
       try {
         yield this.ctx.client.keepSessionAlive(this.userId);
         return true;
-      } catch (err) {
+      } catch (e) {
         return false;
       }
     });
@@ -2758,8 +3190,16 @@ const _ParaCore = class _ParaCore {
   }
   issueJwt() {
     return __async(this, arguments, function* ({ keyIndex = 0 } = {}) {
-      const res = yield this.ctx.client.issueJwt({ keyIndex });
-      return res;
+      try {
+        return yield this.ctx.client.issueJwt({ keyIndex });
+      } catch (error) {
+        if (error.status === 403 || error.status === 401) {
+          const errorMessage = "The user needs to be logged in to issue a JWT. Please log in and try again.";
+          this.displayModalError(errorMessage);
+          console.warn(errorMessage);
+        }
+        throw error;
+      }
     });
   }
   /**
@@ -2769,6 +3209,7 @@ const _ParaCore = class _ParaCore {
    **/
   logout() {
     return __async(this, arguments, function* ({ clearPregenWallets = false } = {}) {
+      const shouldDispatchLogoutEvent = yield this.isSessionActive();
       yield this.ctx.client.logout();
       yield this.clearStorage();
       if (!clearPregenWallets) {
@@ -2788,7 +3229,9 @@ const _ParaCore = class _ParaCore {
       this.accountLinkInProgress = void 0;
       this.userId = void 0;
       this.sessionCookie = void 0;
-      (0, import_utils2.dispatchEvent)(import_types.ParaEvent.LOGOUT_EVENT, null);
+      if (shouldDispatchLogoutEvent) {
+        (0, import_utils2.dispatchEvent)(import_types.ParaEvent.LOGOUT_EVENT, null);
+      }
     });
   }
   get toStringAdditions() {
@@ -2818,9 +3261,9 @@ const _ParaCore = class _ParaCore {
       {}
     );
     const obj = __spreadProps(__spreadValues({
-      partnerId: (_a = __privateGet(this, _partner)) == null ? void 0 : _a.id,
-      supportedWalletTypes: (_b = __privateGet(this, _partner)) == null ? void 0 : _b.supportedWalletTypes,
-      cosmosPrefix: (_c = __privateGet(this, _partner)) == null ? void 0 : _c.cosmosPrefix,
+      partnerId: (_a = this.partner) == null ? void 0 : _a.id,
+      supportedWalletTypes: (_b = this.partner) == null ? void 0 : _b.supportedWalletTypes,
+      cosmosPrefix: (_c = this.partner) == null ? void 0 : _c.cosmosPrefix,
       authInfo: __privateGet(this, _authInfo),
       isGuestMode: this.isGuestMode,
       userId: this.userId,
@@ -2852,43 +3295,88 @@ const _ParaCore = class _ParaCore {
   }
   getNewCredentialAndUrl() {
     return __async(this, arguments, function* ({
-      authMethod = "PASSKEY",
+      authMethod: optsAuthMethod,
       isForNewDevice = false,
       portalTheme,
       shorten = false
     } = {}) {
+      const userAuthMethods = yield this.supportedUserAuthMethods();
+      const isEnclaveUser = userAuthMethods.has(import_user_management_client.AuthMethod.BASIC_LOGIN);
+      const isAddingBasicLogin = optsAuthMethod === "BASIC_LOGIN";
+      if (isEnclaveUser && isAddingBasicLogin) {
+        throw new Error("That user is already using basic login");
+      }
+      if (isEnclaveUser || isAddingBasicLogin) {
+        isForNewDevice = true;
+      }
+      const authMethods = optsAuthMethod ? [optsAuthMethod] : isForNewDevice ? ["PASSKEY", "PIN", "PASSWORD"] : ["PASSKEY"];
       this.assertIsAuthSet();
-      let credentialId, urlType;
-      switch (authMethod) {
-        case "PASSKEY":
+      let passkeyId, passwordId, urlType, credentialId;
+      if (!isAddingBasicLogin) {
+        const canAddPasswordOrPIN = !userAuthMethods.has(import_user_management_client.AuthMethod.PASSWORD) && !userAuthMethods.has(import_user_management_client.AuthMethod.PIN);
+        if (authMethods.includes("PASSKEY") && (yield this.isPasskeySupported())) {
           ({
-            data: { id: credentialId }
+            data: { id: passkeyId }
           } = yield this.ctx.client.addSessionPublicKey(this.userId, {
-            status: import_user_management_client.PublicKeyStatus.PENDING,
+            status: import_user_management_client.AuthMethodStatus.PENDING,
             type: import_user_management_client.PublicKeyType.WEB
           }));
           urlType = "createAuth";
-          break;
-        case "PASSWORD":
-          ({
-            data: { id: credentialId }
-          } = yield this.ctx.client.addSessionPasswordPublicKey(this.userId, {
-            status: import_user_management_client.PasswordStatus.PENDING
-          }));
-          urlType = "createPassword";
-          break;
+        }
+        if (authMethods.includes("PASSWORD")) {
+          if (!canAddPasswordOrPIN) {
+            if (optsAuthMethod === "PASSWORD") throw new Error("A user cannot have more than one password or PIN.");
+          } else {
+            ({
+              data: { id: passwordId }
+            } = yield this.ctx.client.addSessionPasswordPublicKey(this.userId, {
+              status: import_user_management_client.AuthMethodStatus.PENDING
+            }));
+            urlType = "createPassword";
+          }
+        }
+        if (authMethods.includes("PIN")) {
+          if (!canAddPasswordOrPIN) {
+            if (optsAuthMethod === "PIN") throw new Error("A user cannot have more than one password or PIN.");
+          } else {
+            ({
+              data: { id: passwordId }
+            } = yield this.ctx.client.addSessionPasswordPublicKey(this.userId, {
+              status: import_user_management_client.AuthMethodStatus.PENDING
+            }));
+            urlType = "createPIN";
+          }
+        }
+        credentialId = passkeyId != null ? passkeyId : passwordId;
+        if (this.isNativePasskey && authMethods.includes("PASSKEY")) {
+          return { credentialId };
+        }
       }
-      const url = this.isNativePasskey && urlType === "createAuth" ? void 0 : yield this.constructPortalUrl(urlType, {
+      const { sessionId } = yield this.touchSession();
+      const url = (isForNewDevice || urlType) && (yield this.constructPortalUrl(isForNewDevice ? "addNewCredential" : urlType, {
         isForNewDevice,
         pathId: credentialId,
         portalTheme,
-        shorten
-      });
+        shorten,
+        sessionId: isForNewDevice ? sessionId : void 0,
+        addNewCredentialType: optsAuthMethod,
+        addNewCredentialPasskeyId: passkeyId,
+        addNewCredentialPasswordId: passwordId
+      }));
       return __spreadValues({ credentialId }, url ? { url } : {});
     });
   }
+  addCredential(_0) {
+    return __async(this, arguments, function* ({ authMethod }) {
+      if (authMethod === "PASSKEY" && !(yield this.isPasskeySupported())) {
+        throw new Error("Passkeys are not supported.");
+      }
+      const { url } = yield this.getNewCredentialAndUrl({ isForNewDevice: true, authMethod });
+      return url;
+    });
+  }
   /**
-   * Returns a Para Portal URL for logging in with a WebAuth passkey or a password.
+   * Returns a Para Portal URL for logging in with a WebAuth passkey, password, PIN or OTP.
    * @param {Object} opts the options object
    * @param {String} opts.auth - the user auth to sign up or log in with, in the form ` { email: string } | { phone: `+${number}` } `
    * @param {boolean} opts.useShortUrls - whether to shorten the generated portal URLs
@@ -2914,6 +3402,12 @@ const _ParaCore = class _ParaCore {
         case "PASSWORD":
           urlType = "loginPassword";
           break;
+        case "PIN":
+          urlType = "loginPIN";
+          break;
+        case "BASIC_LOGIN":
+          urlType = this.authInfo.authType === "externalWallet" ? "loginExternalWallet" : "loginOTP";
+          break;
         default:
           throw new Error(`invalid authentication method: '${authMethod}'`);
       }
@@ -2924,10 +3418,30 @@ const _ParaCore = class _ParaCore {
       });
     });
   }
-  signUpOrLogIn(_o) {
+  prepareLogin() {
+    return __async(this, null, function* () {
+      yield this.logout();
+      const { sessionLookupId } = yield this.touchSession(true);
+      if (!this.loginEncryptionKeyPair) {
+        yield this.setLoginEncryptionKeyPair();
+      }
+      return sessionLookupId;
+    });
+  }
+  signUpOrLogIn(_i) {
     return __async(this, null, function* () {
-      var _p = _o, { auth } = _p, urlOptions = __objRest(_p, ["auth"]);
-      const serverAuthState = yield this.ctx.client.signUpOrLogIn(__spreadValues(__spreadValues({}, auth), this.getVerificationEmailProps()));
+      var _j = _i, { auth } = _j, urlOptions = __objRest(_j, ["auth"]);
+      let serverAuthState;
+      try {
+        serverAuthState = yield this.ctx.client.signUpOrLogIn(__spreadValues(__spreadValues({}, auth), this.getVerificationEmailProps()));
+      } catch (error) {
+        if (error.message.includes("max beta users reached")) {
+          this.displayModalError(
+            `50 user limit reached. [Go to Production.](https://docs.getpara.com/v2/general/checklist#go-live-checklist)`
+          );
+        }
+        throw error;
+      }
       const authInfo = serverAuthState.auth;
       if (this.fetchPregenWalletsOverride && (0, import_user_management_client.isPregenAuth)(authInfo)) {
         const { userShare } = yield this.fetchPregenWalletsOverride({ pregenId: authInfo });
@@ -2935,21 +3449,25 @@ const _ParaCore = class _ParaCore {
           yield this.setUserShare(userShare);
         }
       }
-      return __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, urlOptions);
+      return __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, __spreadValues({}, urlOptions));
     });
   }
-  verifyNewAccount(_q) {
+  verifyNewAccount(_k) {
     return __async(this, null, function* () {
-      var _r = _q, {
+      var _l = _k, {
         verificationCode
-      } = _r, urlOptions = __objRest(_r, [
+      } = _l, urlOptions = __objRest(_l, [
         "verificationCode"
       ]);
       this.assertIsAuthSet(["email", "phone"]);
-      const userId = this.assertUserId();
-      const serverAuthState = yield this.ctx.client.verifyNewAccount(userId, {
+      const userId = this.assertUserId({ allowGuestMode: true });
+      const serverAuthState = yield this.ctx.client.verifyAccount(userId, {
         verificationCode
       });
+      if (serverAuthState.stage === "login" || serverAuthState.stage === "done") {
+        throw new Error("Account already exists.");
+      }
+      yield this.touchSession(true);
       return __privateMethod(this, _ParaCore_instances, prepareAuthState_fn).call(this, serverAuthState, urlOptions);
     });
   }
@@ -2997,7 +3515,7 @@ const _ParaCore = class _ParaCore {
           }
           break;
         default:
-          throw new Error("Invalid parameters for linking account, must pass `auth` or `type` or `externalWallet");
+          throw new Error("Invalid parameters for linking account, must pass `auth` or `type` or `externalWallet`");
       }
       if (!isPermitted) {
         throw new Error(`Account linking for type '${type}' is not supported by the current API key configuration`);
@@ -3036,10 +3554,10 @@ const _ParaCore = class _ParaCore {
     });
   }
   verifyLink() {
-    return __async(this, arguments, function* (_s = {}) {
-      var _t = _s, {
+    return __async(this, arguments, function* (_m = {}) {
+      var _n = _m, {
         accountLinkInProgress = __privateMethod(this, _ParaCore_instances, assertIsLinkingAccount_fn).call(this)
-      } = _t, opts = __objRest(_t, [
+      } = _n, opts = __objRest(_n, [
         "accountLinkInProgress"
       ]);
       try {
@@ -3068,31 +3586,80 @@ const _ParaCore = class _ParaCore {
       return accounts;
     });
   }
+  getProfileBalance() {
+    return __async(this, arguments, function* ({ config, refetch = false } = {}) {
+      const { balance } = yield this.ctx.client.getProfileBalance({
+        config,
+        wallets: this.availableWallets.filter(({ type }) => type !== "COSMOS").map(({ type, address }) => ({ type, address })),
+        refetch
+      });
+      return balance;
+    });
+  }
+  sendLoginCode() {
+    return __async(this, null, function* () {
+      const { userId } = yield this.ctx.client.sendLoginVerificationCode(this.authInfo);
+      this.setUserId(userId);
+    });
+  }
+  exportPrivateKey() {
+    return __async(this, arguments, function* (args = {}) {
+      let walletId = args == null ? void 0 : args.walletId;
+      if (!(args == null ? void 0 : args.walletId)) {
+        walletId = this.findWalletId(void 0, { forbidPregen: true, scheme: ["DKLS"] });
+      }
+      const wallet = this.wallets[walletId];
+      if (this.externalWallets[walletId]) {
+        throw new Error("Cannot export private key for an external wallet");
+      }
+      if (!wallet || !wallet.signer) {
+        throw new Error("Wallet not found with id: " + walletId);
+      }
+      if (wallet.scheme !== "DKLS") {
+        throw new Error("Cannot export private key for a Solana wallet");
+      }
+      if (wallet.isPregen && !!wallet.pregenIdentifier && wallet.pregenIdentifierType !== "GUEST_ID") {
+        throw new Error("Cannot export private key for a pregenerated wallet");
+      }
+      if (args.shouldOpenPopup) {
+        this.popupWindow = yield this.platformUtils.openPopup("about:blank", { type: import_types.PopupType.EXPORT_PRIVATE_KEY });
+      }
+      const exportPrivateKeyUrl = yield this.constructPortalUrl("exportPrivateKey", {
+        pathId: walletId
+      });
+      if (args.shouldOpenPopup) {
+        this.popupWindow.location.href = exportPrivateKeyUrl;
+      }
+      return {
+        url: exportPrivateKeyUrl,
+        popupWindow: this.popupWindow
+      };
+    });
+  }
 };
 _authInfo = new WeakMap();
-_partner = new WeakMap();
 _ParaCore_instances = new WeakSet();
 assertPartner_fn = function() {
   return __async(this, null, function* () {
     var _a, _b;
-    if (!__privateGet(this, _partner)) {
+    if (!this.partner) {
       yield this.touchSession();
     }
-    if (((_a = __privateGet(this, _partner)) == null ? void 0 : _a.cosmosPrefix) && this.ctx.cosmosPrefix !== __privateGet(this, _partner).cosmosPrefix) {
-      this.ctx.cosmosPrefix = (_b = __privateGet(this, _partner)) == null ? void 0 : _b.cosmosPrefix;
+    if (((_a = this.partner) == null ? void 0 : _a.cosmosPrefix) && this.ctx.cosmosPrefix !== this.partner.cosmosPrefix) {
+      this.ctx.cosmosPrefix = (_b = this.partner) == null ? void 0 : _b.cosmosPrefix;
     }
-    return __privateGet(this, _partner);
+    return this.partner;
   });
 };
 guestWalletIds_get = function() {
   var _a, _b, _c;
-  if (!((_a = __privateGet(this, _partner)) == null ? void 0 : _a.supportedWalletTypes)) {
+  if (!((_a = this.partner) == null ? void 0 : _a.supportedWalletTypes)) {
     return {};
   }
   const guestId = (_c = (_b = this.pregenIds) == null ? void 0 : _b.GUEST_ID) == null ? void 0 : _c[0];
   return !!guestId ? Object.entries(this.wallets).reduce((acc, [id, wallet]) => {
     if (wallet.isPregen && !wallet.userId && wallet.pregenIdentifierType === "GUEST_ID" && wallet.pregenIdentifier === guestId) {
-      return __spreadValues(__spreadValues({}, acc), (0, import_utils2.getEquivalentTypes)(wallet.type).filter((type) => __privateGet(this, _partner).supportedWalletTypes.some((entry) => entry.type === type)).reduce((acc2, eqType) => {
+      return __spreadValues(__spreadValues({}, acc), (0, import_utils2.getEquivalentTypes)(wallet.type).filter((type) => this.partner.supportedWalletTypes.some((entry) => entry.type === type)).reduce((acc2, eqType) => {
         var _a2;
         return __spreadProps(__spreadValues({}, acc2), { [eqType]: [.../* @__PURE__ */ new Set([...(_a2 = acc2[eqType]) != null ? _a2 : [], id])] });
       }, {}));
@@ -3153,8 +3720,8 @@ getPartner_fn = function(partnerId) {
       return void 0;
     }
     const res = yield this.ctx.client.getPartner(partnerId);
-    __privateSet(this, _partner, res.data.partner);
-    return __privateGet(this, _partner);
+    this.partner = res.data.partner;
+    return this.partner;
   });
 };
 assertIsLinkingAccount_fn = function(types) {
@@ -3176,29 +3743,212 @@ assertIsLinkingAccountOrStart_fn = function(type) {
     return yield this.linkAccount({ type });
   });
 };
-getOAuthUrl_fn = function(_i) {
-  return __async(this, null, function* () {
-    var _j = _i, {
-      method,
-      appScheme,
-      accountLinkInProgress
-    } = _j, params = __objRest(_j, [
-      "method",
-      "appScheme",
-      "accountLinkInProgress"
-    ]);
-    var _a;
-    const sessionLookupId = (_a = params.sessionLookupId) != null ? _a : yield __privateMethod(this, _ParaCore_instances, prepareLogin_fn).call(this);
+getOAuthUrl_fn = function(_0) {
+  return __async(this, arguments, function* ({
+    method,
+    appScheme,
+    accountLinkInProgress,
+    sessionLookupId,
+    encryptionKey,
+    portalCallbackParams
+  }) {
+    if (!accountLinkInProgress && !this.isPortal()) {
+      return yield this.constructPortalUrl("oAuth", { sessionId: sessionLookupId, oAuthMethod: method, appScheme });
+    }
+    let portalSessionLookupId;
+    if (this.isPortal()) {
+      portalSessionLookupId = (yield this.touchSession(true)).sessionLookupId;
+    }
     return (0, import_utils2.constructUrl)({
       base: (0, import_userManagementClient.getBaseOAuthUrl)(this.ctx.env),
-      path: `/auth/${method}`,
-      params: __spreadValues({
+      path: `/auth/${method.toLowerCase()}`,
+      params: __spreadProps(__spreadValues({
         apiKey: this.ctx.apiKey,
+        origin: typeof window !== "undefined" ? window.location.origin : void 0,
         sessionLookupId,
+        portalSessionLookupId,
         appScheme
       }, accountLinkInProgress ? {
         linkedAccountId: this.accountLinkInProgress.id
-      } : {})
+      } : {}), {
+        callback: !accountLinkInProgress && (yield this.constructPortalUrl("oAuthCallback", __spreadValues({
+          sessionId: sessionLookupId,
+          oAuthMethod: method,
+          appScheme,
+          thisDevice: {
+            sessionId: sessionLookupId,
+            encryptionKey
+          }
+        }, this.isPortal() && {
+          params: portalCallbackParams,
+          // Build callback for legacy portal if needed
+          useLegacyUrl: typeof window !== "undefined" ? window.location.host.includes("usecapsule") : false
+        })))
+      })
+    });
+  });
+};
+waitForLoginProcess_fn = function() {
+  return __async(this, arguments, function* ({
+    isCanceled = () => false,
+    onCancel,
+    onPoll,
+    skipSessionRefresh = false,
+    isSwitchingWallets = false
+  } = {}) {
+    this.devLog("[waitForLoginProcess] Starting", {
+      isSwitchingWallets,
+      skipSessionRefresh,
+      isExternalWalletAuth: this.isExternalWalletAuth
+    });
+    const startedAt = Date.now();
+    let originalCurrentWalletIdsHash;
+    if (isSwitchingWallets) {
+      this.devLog("[waitForLoginProcess] Wallet switching mode enabled");
+      this.isSwitchingWallets = true;
+      const session = yield this.touchSession();
+      originalCurrentWalletIdsHash = session.currentWalletIdsHash;
+      this.devLog("[waitForLoginProcess] Original wallet IDs hash", { originalCurrentWalletIdsHash });
+    }
+    return new Promise((resolve, reject) => {
+      (() => __async(this, null, function* () {
+        var _a;
+        if (!this.isExternalWalletAuth && !isSwitchingWallets) {
+          this.devLog("[waitForLoginProcess] Clearing external wallets");
+          this.externalWallets = {};
+        }
+        let pollCount = 0;
+        while (true) {
+          pollCount++;
+          this.devLog("[waitForLoginProcess] Poll iteration", {
+            pollCount,
+            elapsedMs: Date.now() - startedAt
+          });
+          if (isCanceled() || Date.now() - startedAt > constants.POLLING_TIMEOUT_MS) {
+            this.devLog("[waitForLoginProcess] Canceled or timed out", {
+              wasCanceled: isCanceled(),
+              timedOut: Date.now() - startedAt > constants.POLLING_TIMEOUT_MS,
+              elapsedMs: Date.now() - startedAt
+            });
+            if (isSwitchingWallets) {
+              this.isSwitchingWallets = false;
+            } else {
+              (0, import_utils2.dispatchEvent)(import_types.ParaEvent.LOGIN_EVENT, { isComplete: false }, "failed to setup user");
+            }
+            onCancel == null ? void 0 : onCancel();
+            return reject("canceled");
+          }
+          yield new Promise((resolve2) => setTimeout(resolve2, constants.POLLING_INTERVAL_MS));
+          try {
+            this.devLog("[waitForLoginProcess] Touching session");
+            let session = yield this.touchSession();
+            this.devLog("[waitForLoginProcess] Session state", {
+              isAuthenticated: session.isAuthenticated,
+              currentWalletIdsHash: session.currentWalletIdsHash,
+              needsWallet: session.needsWallet
+            });
+            const shouldContinuePolling = isSwitchingWallets ? originalCurrentWalletIdsHash === session.currentWalletIdsHash : !session.isAuthenticated;
+            this.devLog("[waitForLoginProcess] Should continue polling", {
+              shouldContinuePolling,
+              isSwitchingWallets,
+              originalCurrentWalletIdsHash,
+              sessionCurrentWalletIdsHash: session.currentWalletIdsHash,
+              isAuthenticated: session.isAuthenticated
+            });
+            if (shouldContinuePolling) {
+              onPoll == null ? void 0 : onPoll();
+              continue;
+            }
+            this.devLog("[waitForLoginProcess] Authentication check passed, setting up user");
+            session = yield this.userSetupAfterLogin();
+            const needsWallet = (_a = session.needsWallet) != null ? _a : false;
+            this.devLog("[waitForLoginProcess] User setup complete", { needsWallet });
+            if (isSwitchingWallets) {
+              const isWalletSwitchingComplete = originalCurrentWalletIdsHash !== session.currentWalletIdsHash;
+              this.devLog("[waitForLoginProcess] Wallet switching check", {
+                isWalletSwitchingComplete,
+                originalHash: originalCurrentWalletIdsHash,
+                sessionHash: session.currentWalletIdsHash
+              });
+              if (!isWalletSwitchingComplete) {
+                onPoll == null ? void 0 : onPoll();
+                continue;
+              }
+            } else if (!needsWallet) {
+              this.devLog("[waitForLoginProcess] Checking wallet IDs", {
+                currentWalletIdsArrayLength: this.currentWalletIdsArray.length
+              });
+              if (this.currentWalletIdsArray.length === 0) {
+                this.devLog("[waitForLoginProcess] No wallet IDs yet, continuing to poll");
+                onPoll == null ? void 0 : onPoll();
+                continue;
+              }
+            }
+            this.devLog("[waitForLoginProcess] Getting transmission key shares");
+            const tempSharesRes = yield this.getTransmissionKeyShares();
+            this.devLog("[waitForLoginProcess] Transmission shares received", {
+              shareCount: tempSharesRes.data.temporaryShares.length,
+              shares: tempSharesRes.data.temporaryShares.map((s) => ({
+                walletId: s.walletId,
+                walletScheme: s.walletScheme
+              }))
+            });
+            let hasSharesForCurrentWallets;
+            if (!isSwitchingWallets && !this.isPortal()) {
+              this.devLog("[waitForLoginProcess] Fetching wallets");
+              const fetchedWallets = yield this.fetchWallets();
+              this.devLog("[waitForLoginProcess] Wallets fetched", {
+                walletCount: fetchedWallets.length,
+                wallets: fetchedWallets.map((w) => ({ id: w.id, type: w.type, scheme: w.scheme }))
+              });
+              hasSharesForCurrentWallets = tempSharesRes.data.temporaryShares.length === fetchedWallets.length;
+            } else {
+              hasSharesForCurrentWallets = this.currentWalletIdsArray.every(([walletId]) => {
+                return tempSharesRes.data.temporaryShares.some((share) => share.walletId === walletId);
+              });
+            }
+            this.devLog("[waitForLoginProcess] Checking shares for current wallets", {
+              hasSharesForCurrentWallets,
+              currentWalletIdsArray: this.currentWalletIdsArray,
+              shares: tempSharesRes.data.temporaryShares.map((s) => ({
+                walletId: s.walletId,
+                walletScheme: s.walletScheme
+              }))
+            });
+            if (hasSharesForCurrentWallets) {
+              this.devLog("[waitForLoginProcess] Setting up after login");
+              yield this.setupAfterLogin({ temporaryShares: tempSharesRes.data.temporaryShares, skipSessionRefresh });
+              this.devLog("[waitForLoginProcess] Setup after login complete");
+              this.devLog("[waitForLoginProcess] Claiming pregen wallets");
+              yield this.claimPregenWallets();
+              this.devLog("[waitForLoginProcess] Pregen wallets claimed");
+              const resp = {
+                needsWallet: needsWallet || Object.values(this.wallets).length === 0,
+                partnerId: session.partnerId
+              };
+              this.devLog("[waitForLoginProcess] Login process complete", {
+                needsWallet: resp.needsWallet,
+                partnerId: resp.partnerId,
+                walletCount: Object.values(this.wallets).length,
+                isSwitchingWallets
+              });
+              if (isSwitchingWallets) {
+                this.devLog("[waitForLoginProcess] Clearing wallet switching state");
+                this.isSwitchingWallets = false;
+              } else {
+                this.devLog("[waitForLoginProcess] Dispatching LOGIN_EVENT");
+                (0, import_utils2.dispatchEvent)(import_types.ParaEvent.LOGIN_EVENT, resp);
+              }
+              return resolve(resp);
+            }
+            this.devLog("[waitForLoginProcess] Not all shares available yet, continuing to poll");
+            onPoll == null ? void 0 : onPoll();
+          } catch (err) {
+            console.error("[waitForLoginProcess] Error during polling iteration", err);
+            onPoll == null ? void 0 : onPoll();
+          }
+        }
+      }))();
     });
   });
 };
@@ -3252,8 +4002,9 @@ createPregenWallet_fn = function(opts) {
 _isCreateGuestWalletsPending = new WeakMap();
 prepareAuthState_fn = function(_0) {
   return __async(this, arguments, function* (serverAuthState, opts = {}) {
-    if (!opts.sessionLookupId && serverAuthState.stage === "login") {
-      opts.sessionLookupId = yield __privateMethod(this, _ParaCore_instances, prepareLogin_fn).call(this);
+    var _a, _b;
+    if (!opts.sessionLookupId && serverAuthState.stage === "login" && (!serverAuthState.externalWallet || !(((_a = serverAuthState.externalWallet) == null ? void 0 : _a.withFullParaAuth) && ((_b = serverAuthState.loginAuthMethods) == null ? void 0 : _b.includes(import_user_management_client.AuthMethod.PIN))))) {
+      opts.sessionLookupId = yield this.prepareLogin();
     }
     const { auth, externalWallet, userId, displayName, pfpUrl, username } = serverAuthState;
     const authInfo = __spreadValues(__spreadValues({}, (0, import_user_management_client.extractAuthInfo)(auth, { isRequired: true })), Object.fromEntries(
@@ -3274,8 +4025,14 @@ prepareAuthState_fn = function(_0) {
     }
     let authState;
     switch (serverAuthState.stage) {
+      case "done": {
+        authState = yield __privateMethod(this, _ParaCore_instances, prepareDoneState_fn).call(this, serverAuthState);
+        break;
+      }
       case "verify":
-        authState = serverAuthState;
+        authState = yield __privateMethod(this, _ParaCore_instances, prepareVerificationState_fn).call(this, serverAuthState, __spreadProps(__spreadValues({}, opts), {
+          sessionLookupId: opts.sessionLookupId
+        }));
         break;
       case "login":
         if (externalWallet && !(externalWallet == null ? void 0 : externalWallet.withFullParaAuth)) {
@@ -3295,14 +4052,36 @@ prepareAuthState_fn = function(_0) {
     return authState;
   });
 };
-prepareLogin_fn = function() {
+prepareDoneState_fn = function(doneState) {
   return __async(this, null, function* () {
-    yield this.logout();
-    const { sessionLookupId } = yield this.touchSession(true);
-    if (!this.loginEncryptionKeyPair) {
-      yield this.setLoginEncryptionKeyPair();
+    let isSLOPossible = doneState.authMethods.includes(import_user_management_client.AuthMethod.BASIC_LOGIN);
+    this.isEnclaveUser = isSLOPossible;
+    return doneState;
+  });
+};
+prepareVerificationState_fn = function(_0, _1) {
+  return __async(this, arguments, function* (verifyState, {
+    useShortUrls: shorten = false,
+    portalTheme,
+    sessionLookupId
+  }) {
+    var _a;
+    let isSLOPossible = false;
+    if (verifyState.nextStage === "login") {
+      isSLOPossible = verifyState.loginAuthMethods.includes(import_user_management_client.AuthMethod.BASIC_LOGIN);
+    } else if (verifyState.nextStage === "signup") {
+      isSLOPossible = verifyState.signupAuthMethods.includes(import_user_management_client.AuthMethod.BASIC_LOGIN);
     }
-    return sessionLookupId;
+    this.isEnclaveUser = isSLOPossible;
+    const isExternalWalletFullAuth = (_a = verifyState.externalWallet) == null ? void 0 : _a.withFullParaAuth;
+    return __spreadValues(__spreadValues({}, verifyState), isSLOPossible || isExternalWalletFullAuth ? {
+      loginUrl: yield this.getLoginUrl({
+        authMethod: import_user_management_client.AuthMethod.BASIC_LOGIN,
+        sessionId: sessionLookupId,
+        shorten,
+        portalTheme
+      })
+    } : {});
   });
 };
 prepareLoginState_fn = function(_0, _1) {
@@ -3311,10 +4090,11 @@ prepareLoginState_fn = function(_0, _1) {
     portalTheme,
     sessionLookupId
   }) {
-    const _a = loginState, { loginAuthMethods } = _a, authState = __objRest(_a, ["loginAuthMethods"]);
-    const isPasskeySupported = yield this.isPasskeySupported(), isPasskeyPossible = loginAuthMethods.includes(import_user_management_client.AuthMethod.PASSKEY) && !this.isNativePasskey, isPasswordPossible = loginAuthMethods.includes(import_user_management_client.AuthMethod.PASSWORD);
-    return __spreadValues(__spreadValues(__spreadProps(__spreadValues({}, authState), {
-      isPasskeySupported
+    const _a = loginState, { loginAuthMethods = [], hasPasswordWithoutPIN } = _a, authState = __objRest(_a, ["loginAuthMethods", "hasPasswordWithoutPIN"]);
+    const isPasskeySupported = yield this.isPasskeySupported(), isPasskeyPossible = loginAuthMethods.includes(import_user_management_client.AuthMethod.PASSKEY) && !this.isNativePasskey, isPasswordPossible = loginAuthMethods.includes(import_user_management_client.AuthMethod.PASSWORD) && hasPasswordWithoutPIN, isPINPossible = loginAuthMethods.includes(import_user_management_client.AuthMethod.PIN);
+    return __spreadValues(__spreadValues(__spreadValues(__spreadProps(__spreadValues({}, authState), {
+      isPasskeySupported,
+      loginAuthMethods
     }), isPasskeyPossible ? {
       passkeyUrl: yield this.getLoginUrl({ sessionId: sessionLookupId, shorten, portalTheme }),
       passkeyKnownDeviceUrl: yield this.constructPortalUrl("loginAuth", {
@@ -3333,23 +4113,34 @@ prepareLoginState_fn = function(_0, _1) {
         portalTheme,
         params: { isEmbedded: `${!loginState.isWalletSelectionNeeded}` }
       })
+    } : {}), isPINPossible ? {
+      pinUrl: yield this.constructPortalUrl("loginPIN", {
+        sessionId: sessionLookupId,
+        shorten,
+        portalTheme,
+        params: { isEmbedded: `${!loginState.isWalletSelectionNeeded}` }
+      })
     } : {});
   });
 };
 prepareSignUpState_fn = function(_0, _1) {
   return __async(this, arguments, function* (serverSignupState, { useShortUrls: shorten = false, portalTheme }) {
-    const _a = serverSignupState, { signupAuthMethods } = _a, authState = __objRest(_a, ["signupAuthMethods"]);
+    const _a = serverSignupState, { signupAuthMethods = [] } = _a, authState = __objRest(_a, ["signupAuthMethods"]);
     const isPasskeySupported = yield this.isPasskeySupported();
-    const [isPasskey, isPassword] = [
+    const [isPasskey, isPassword, isPIN] = [
       signupAuthMethods.includes(import_user_management_client.AuthMethod.PASSKEY),
-      signupAuthMethods.includes(import_user_management_client.AuthMethod.PASSWORD) || !isPasskeySupported
+      signupAuthMethods.includes(import_user_management_client.AuthMethod.PASSWORD) || !isPasskeySupported,
+      signupAuthMethods.includes(import_user_management_client.AuthMethod.PIN)
     ];
-    if (!isPasskey && !isPassword) {
+    if (!isPasskey && !isPassword && !isPIN) {
       throw new Error(
-        "No supported authentication methods found. Please ensure you have enabled either WebAuth passkeys or passwords in your Developer Portal settings."
+        "No supported authentication methods found. Please ensure you have enabled either WebAuth passkeys, passwords or PINs in your Developer Portal settings."
       );
     }
-    const signupState = __spreadProps(__spreadValues({}, authState), { isPasskeySupported });
+    const signupState = __spreadProps(__spreadValues({}, authState), {
+      isPasskeySupported,
+      signupAuthMethods
+    });
     if (isPasskey) {
       const { url: passkeyUrl, credentialId: passkeyId } = yield this.getNewCredentialAndUrl({
         authMethod: "PASSKEY",
@@ -3367,6 +4158,15 @@ prepareSignUpState_fn = function(_0, _1) {
       signupState.passwordUrl = passwordUrl;
       signupState.passwordId = passwordId;
     }
+    if (isPIN) {
+      const { url: pinUrl, credentialId: pinId } = yield this.getNewCredentialAndUrl({
+        authMethod: "PIN",
+        portalTheme,
+        shorten
+      });
+      signupState.pinUrl = pinUrl;
+      signupState.pinId = pinId;
+    }
     return signupState;
   });
 };