@getpara/core-sdk 3.2.0 → 3.3.0

package/dist/cjs/ParaCore.js

@@ -3489,6 +3489,7 @@ logout_fn = function() {
     this.accountLinkInProgress = void 0;
     __privateGet(this, _authService).userId = void 0;
     __privateGet(this, _sessionManagementService).sessionCookie = void 0;
+    __privateGet(this, _sessionManagementService).invalidateTouchSessionCache();
     this.isEnclaveUser = false;
     (0, import_uxStateSpanProcessor.setCurrentUserId)(void 0);
     if (isSessionActive) {

package/dist/cjs/constants.js

@@ -46,7 +46,7 @@ __export(constants_exports, {
   TRANSACTION_REVIEW_TIMEOUT_MS: () => TRANSACTION_REVIEW_TIMEOUT_MS
 });
 module.exports = __toCommonJS(constants_exports);
-const PARA_CORE_VERSION = "3.2.0";
+const PARA_CORE_VERSION = "3.3.0";
 const PREFIX = "@CAPSULE/";
 const PARA_PREFIX = "@PARA/";
 const LOCAL_STORAGE_AUTH_INFO = `${PREFIX}authInfo`;

package/dist/cjs/services/AuthService.js

@@ -686,6 +686,7 @@ class AuthService {
         }
       }
       const { sessionId } = yield __privateGet(this, _sessionManagementService).touchSession();
+      const hasExistingPasskey = userAuthMethods.has(import_user_management_client.AuthMethod.PASSKEY);
       const result = (isForNewDevice || urlType) && (yield __privateGet(this, _portalUrlService).constructPortalUrl(isForNewDevice ? "addNewCredential" : urlType, {
         isForNewDevice,
         pathId: credentialId,
@@ -694,7 +695,8 @@ class AuthService {
         sessionId: isForNewDevice ? sessionId : void 0,
         addNewCredentialType: optsAuthMethod,
         addNewCredentialPasskeyId: passkeyId,
-        addNewCredentialPasswordId: passwordId
+        addNewCredentialPasswordId: passwordId,
+        useLegacyUrl: hasExistingPasskey
       }));
       return __spreadValues({ credentialId }, result ? { url: result.url, fullUrl: result.fullUrl } : {});
     });

package/dist/cjs/services/SessionManagementService.js

@@ -218,6 +218,20 @@ const _SessionManagementService = class _SessionManagementService {
       }
       return session;
     }));
+    // Drop the dedupe cache so the next touchSession() round-trips to the server
+    // instead of replaying the pre-logout snapshot. Without this, the core state
+    // machine's post-logout `checkUserState` (auth machine) hits the cache within
+    // the 1s TTL, sees `isAuthenticated: true` and `currentWalletIds` from before
+    // logout, re-applies the wallet IDs via #doTouchSession line 235-237, and
+    // reports `isFullyLoggedIn=true` — sending the state machine back to
+    // `authenticated` instead of `unauthenticated`. Called from ParaCore.#logout
+    // after the session cookie + in-memory auth state are cleared, so the next
+    // touchSession sees a fresh "no session" response.
+    this.invalidateTouchSessionCache = () => {
+      __privateSet(this, _touchCached, void 0);
+      __privateSet(this, _touchCachedAt, void 0);
+      __privateSet(this, _touchPromise, void 0);
+    };
     this.isSessionActive = () => __async(this, null, function* () {
       if (__privateGet(this, _externalWalletService).externalWalletConnectionType === "CONNECTION_ONLY") {
         return true;

package/dist/esm/ParaCore.js

@@ -3434,6 +3434,7 @@ logout_fn = function() {
     this.accountLinkInProgress = void 0;
     __privateGet(this, _authService).userId = void 0;
     __privateGet(this, _sessionManagementService).sessionCookie = void 0;
+    __privateGet(this, _sessionManagementService).invalidateTouchSessionCache();
     this.isEnclaveUser = false;
     setCurrentUserId(void 0);
     if (isSessionActive) {

package/dist/esm/constants.js

@@ -1,5 +1,5 @@
 import "./chunk-7B52C2XE.js";
-const PARA_CORE_VERSION = "3.2.0";
+const PARA_CORE_VERSION = "3.3.0";
 const PREFIX = "@CAPSULE/";
 const PARA_PREFIX = "@PARA/";
 const LOCAL_STORAGE_AUTH_INFO = `${PREFIX}authInfo`;

package/dist/esm/services/AuthService.js

@@ -617,6 +617,7 @@ class AuthService {
         }
       }
       const { sessionId } = yield __privateGet(this, _sessionManagementService).touchSession();
+      const hasExistingPasskey = userAuthMethods.has(AuthMethod.PASSKEY);
       const result = (isForNewDevice || urlType) && (yield __privateGet(this, _portalUrlService).constructPortalUrl(isForNewDevice ? "addNewCredential" : urlType, {
         isForNewDevice,
         pathId: credentialId,
@@ -625,7 +626,8 @@ class AuthService {
         sessionId: isForNewDevice ? sessionId : void 0,
         addNewCredentialType: optsAuthMethod,
         addNewCredentialPasskeyId: passkeyId,
-        addNewCredentialPasswordId: passwordId
+        addNewCredentialPasswordId: passwordId,
+        useLegacyUrl: hasExistingPasskey
       }));
       return __spreadValues({ credentialId }, result ? { url: result.url, fullUrl: result.fullUrl } : {});
     });

package/dist/esm/services/SessionManagementService.js

@@ -162,6 +162,20 @@ const _SessionManagementService = class _SessionManagementService {
       }
       return session;
     }));
+    // Drop the dedupe cache so the next touchSession() round-trips to the server
+    // instead of replaying the pre-logout snapshot. Without this, the core state
+    // machine's post-logout `checkUserState` (auth machine) hits the cache within
+    // the 1s TTL, sees `isAuthenticated: true` and `currentWalletIds` from before
+    // logout, re-applies the wallet IDs via #doTouchSession line 235-237, and
+    // reports `isFullyLoggedIn=true` — sending the state machine back to
+    // `authenticated` instead of `unauthenticated`. Called from ParaCore.#logout
+    // after the session cookie + in-memory auth state are cleared, so the next
+    // touchSession sees a fresh "no session" response.
+    this.invalidateTouchSessionCache = () => {
+      __privateSet(this, _touchCached, void 0);
+      __privateSet(this, _touchCachedAt, void 0);
+      __privateSet(this, _touchPromise, void 0);
+    };
     this.isSessionActive = () => __async(this, null, function* () {
       if (__privateGet(this, _externalWalletService).externalWalletConnectionType === "CONNECTION_ONLY") {
         return true;

package/dist/types/services/SessionManagementService.d.ts

@@ -19,6 +19,7 @@ export declare class SessionManagementService {
         pregenWalletService: PregenWalletService;
     }) => void;
     touchSession: TouchSessionMethod;
+    invalidateTouchSessionCache: () => void;
     isSessionActive: IsSessionActiveMethod;
     isFullyLoggedIn: IsFullyLoggedInMethod;
     refreshSession: RefreshSessionMethod;

package/package.json

@@ -1,11 +1,11 @@
 {
   "name": "@getpara/core-sdk",
-  "version": "3.2.0",
+  "version": "3.3.0",
   "dependencies": {
     "@celo/utils": "^8.0.2",
     "@cosmjs/encoding": "^0.32.4",
     "@ethereumjs/util": "^9.1.0",
-    "@getpara/user-management-client": "3.2.0",
+    "@getpara/user-management-client": "3.3.0",
     "@noble/hashes": "^1.5.0",
     "@opentelemetry/api": "^1.9.1",
     "@opentelemetry/context-zone": "^2.7.1",
@@ -41,7 +41,7 @@
     "dist",
     "package.json"
   ],
-  "gitHead": "096152f48e9d9a64fdb192588315c64d33d15a1b",
+  "gitHead": "d9b54921d4187e2dd25f314b62ed99988e9b5b1c",
   "main": "dist/cjs/index.js",
   "module": "dist/esm/index.js",
   "scripts": {