@getpara/core-sdk 3.4.0 → 3.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -712,18 +712,18 @@ function createAuthStateMachine(paraCoreInterface) {
712
712
  guard: and([
713
713
  ({ event }) => {
714
714
  const output = event.output;
715
- return !!output.externalWallet;
715
+ return !!(output == null ? void 0 : output.externalWallet);
716
716
  },
717
717
  or([
718
718
  ({ event }) => {
719
719
  var _a;
720
720
  const output = event.output;
721
- return output.stage === "done" && !((_a = output.externalWallet) == null ? void 0 : _a.withFullParaAuth);
721
+ return (output == null ? void 0 : output.stage) === "done" && !((_a = output == null ? void 0 : output.externalWallet) == null ? void 0 : _a.withFullParaAuth);
722
722
  },
723
723
  ({ event }) => {
724
724
  var _a, _b;
725
725
  const output = event.output;
726
- return output.stage === "verify" && !((_a = output.externalWallet) == null ? void 0 : _a.withFullParaAuth) && !((_b = output.externalWallet) == null ? void 0 : _b.withVerification);
726
+ return (output == null ? void 0 : output.stage) === "verify" && !((_a = output == null ? void 0 : output.externalWallet) == null ? void 0 : _a.withFullParaAuth) && !((_b = output == null ? void 0 : output.externalWallet) == null ? void 0 : _b.withVerification);
727
727
  }
728
728
  ])
729
729
  ])
@@ -740,12 +740,12 @@ function createAuthStateMachine(paraCoreInterface) {
740
740
  guard: and([
741
741
  ({ event }) => {
742
742
  const output = event.output;
743
- return !!output.externalWallet;
743
+ return !!(output == null ? void 0 : output.externalWallet);
744
744
  },
745
745
  ({ event }) => {
746
746
  var _a, _b;
747
747
  const output = event.output;
748
- return output.stage === "verify" && !((_a = output.externalWallet) == null ? void 0 : _a.withFullParaAuth) && ((_b = output.externalWallet) == null ? void 0 : _b.withVerification);
748
+ return (output == null ? void 0 : output.stage) === "verify" && !((_a = output == null ? void 0 : output.externalWallet) == null ? void 0 : _a.withFullParaAuth) && ((_b = output == null ? void 0 : output.externalWallet) == null ? void 0 : _b.withVerification);
749
749
  }
750
750
  ])
751
751
  },
@@ -761,12 +761,12 @@ function createAuthStateMachine(paraCoreInterface) {
761
761
  guard: and([
762
762
  ({ event }) => {
763
763
  const output = event.output;
764
- return !!output.externalWallet;
764
+ return !!(output == null ? void 0 : output.externalWallet);
765
765
  },
766
766
  ({ event }) => {
767
767
  var _a;
768
768
  const output = event.output;
769
- return output.stage === "verify" && !!((_a = output.externalWallet) == null ? void 0 : _a.withFullParaAuth);
769
+ return (output == null ? void 0 : output.stage) === "verify" && !!((_a = output == null ? void 0 : output.externalWallet) == null ? void 0 : _a.withFullParaAuth);
770
770
  }
771
771
  ])
772
772
  },
@@ -780,11 +780,37 @@ function createAuthStateMachine(paraCoreInterface) {
780
780
  ({ event }) => {
781
781
  var _a;
782
782
  const output = event.output;
783
- return output.stage === "verify" && !((_a = output.externalWallet) == null ? void 0 : _a.withFullParaAuth);
783
+ return (output == null ? void 0 : output.stage) === "verify" && !((_a = output == null ? void 0 : output.externalWallet) == null ? void 0 : _a.withFullParaAuth);
784
784
  },
785
785
  () => !paraCoreInterface.authService.isEnclaveUser
786
786
  ])
787
787
  },
788
+ // Login-time 2FA (ENG-6906): the server gated the login behind a second
789
+ // factor. Enrollment (no factor yet) and verification (existing factor)
790
+ // are surfaced as distinct phases so a custom UI can show the right step.
791
+ {
792
+ target: "awaiting_2fa_enrollment",
793
+ actions: [
794
+ "storeAuthStateResult",
795
+ { type: "logTransition", params: { to: "awaiting_2fa_enrollment", detail: "mfa enroll" } }
796
+ ],
797
+ guard: ({ event }) => {
798
+ var _a;
799
+ const output = event.output;
800
+ return (output == null ? void 0 : output.stage) === "mfa" && ((_a = output == null ? void 0 : output.mfa) == null ? void 0 : _a.mode) === "enroll";
801
+ }
802
+ },
803
+ {
804
+ target: "awaiting_2fa",
805
+ actions: [
806
+ "storeAuthStateResult",
807
+ { type: "logTransition", params: { to: "awaiting_2fa", detail: "mfa verify" } }
808
+ ],
809
+ guard: ({ event }) => {
810
+ const output = event.output;
811
+ return (output == null ? void 0 : output.stage) === "mfa";
812
+ }
813
+ },
788
814
  {
789
815
  target: "awaiting_session_start",
790
816
  actions: [
@@ -827,6 +853,77 @@ function createAuthStateMachine(paraCoreInterface) {
827
853
  CANCEL: { target: "unauthenticated", actions: ["resetState"] }
828
854
  }
829
855
  },
856
+ // Login-time 2FA hold states (ENG-6906). The SDK satisfies the second factor
857
+ // out-of-band (enrollMfa/verifyMfa against /internal/v1/auth/2fa/*); once the
858
+ // backend has stamped the session, a RESOLVE_2FA event re-polls the login
859
+ // status, which now returns stage:'done'.
860
+ awaiting_2fa: {
861
+ on: {
862
+ RESOLVE_2FA: { target: "resolving_2fa", actions: ["setPollingCallbacks", "resetError"] },
863
+ CANCEL: { target: "unauthenticated", actions: ["resetState"] }
864
+ }
865
+ },
866
+ awaiting_2fa_enrollment: {
867
+ on: {
868
+ RESOLVE_2FA: { target: "resolving_2fa", actions: ["setPollingCallbacks", "resetError"] },
869
+ CANCEL: { target: "unauthenticated", actions: ["resetState"] }
870
+ }
871
+ },
872
+ resolving_2fa: {
873
+ entry: [{ type: "logTransition", params: { to: "resolving_2fa" } }],
874
+ invoke: {
875
+ src: "polling",
876
+ input: ({ context }) => {
877
+ var _a;
878
+ let resolvedAuthState = null;
879
+ return {
880
+ checkCondition: () => __async(this, null, function* () {
881
+ try {
882
+ const result = yield paraCoreInterface.pollingService.waitForOAuth({
883
+ onSuccess: (serverAuthState) => {
884
+ resolvedAuthState = serverAuthState;
885
+ }
886
+ })();
887
+ return { finished: result.finished && !!resolvedAuthState, data: { authState: resolvedAuthState } };
888
+ } catch (error) {
889
+ throw new Error(`2FA resolution polling failed: ${extractErrorMessage(error, "Unknown error")}`);
890
+ }
891
+ }),
892
+ onPoll: () => {
893
+ var _a2, _b;
894
+ return (_b = (_a2 = context.pollingCallbacks) == null ? void 0 : _a2.onPoll) == null ? void 0 : _b.call(_a2);
895
+ },
896
+ onCancel: () => {
897
+ var _a2, _b;
898
+ return (_b = (_a2 = context.pollingCallbacks) == null ? void 0 : _a2.onCancel) == null ? void 0 : _b.call(_a2);
899
+ },
900
+ isCanceled: ((_a = context.pollingCallbacks) == null ? void 0 : _a.isCanceled) || (() => false),
901
+ id: "resolving2fa"
902
+ };
903
+ },
904
+ onError: {
905
+ target: "error",
906
+ actions: setAuthErrorAssign("2FA resolution failed")
907
+ }
908
+ },
909
+ on: makePollingOnHandlers("processing_authentication", "2FA resolution failed", [
910
+ assign({
911
+ serverAuthStateResult: ({ event }) => {
912
+ var _a;
913
+ const authState = ((_a = event.data) == null ? void 0 : _a.authState) || null;
914
+ return {
915
+ authState,
916
+ opts: DEFAULT_AUTH_OPTS
917
+ };
918
+ },
919
+ isNewUser: ({ event }) => {
920
+ var _a;
921
+ const authState = (_a = event.data) == null ? void 0 : _a.authState;
922
+ return authState ? computeIsNewUser(authState) : false;
923
+ }
924
+ })
925
+ ])
926
+ },
830
927
  awaiting_session_start: {
831
928
  on: {
832
929
  WAIT_FOR_SESSION: {
@@ -180,6 +180,14 @@ function createCoreStateMachine(paraCoreInterface) {
180
180
  "WAIT_FOR_WALLET_CREATION": {
181
181
  actions: ({ context, event }) => context.authMachineRef.send(event)
182
182
  },
183
+ // Login-time 2FA (ENG-6906): after the second factor is satisfied, verifyMfa
184
+ // fires RESOLVE_2FA so the auth machine re-polls verify-oauth and advances the
185
+ // login. Without forwarding it here the parent silently drops the event, the
186
+ // auth child stays parked at awaiting_2fa[_enrollment], and the user never gets
187
+ // a wallet.
188
+ "RESOLVE_2FA": {
189
+ actions: ({ context, event }) => context.authMachineRef.send(event)
190
+ },
183
191
  "INITIALIZE_GUEST_MODE": {
184
192
  actions: ({ context, event }) => context.authMachineRef.send(event)
185
193
  },
@@ -17,6 +17,8 @@ const PARA_CORE_METHODS = [
17
17
  "setup2fa",
18
18
  "enable2fa",
19
19
  "verify2fa",
20
+ "enrollMfa",
21
+ "verifyMfa",
20
22
  "logout",
21
23
  "clearStorage",
22
24
  "isSessionActive",
@@ -556,7 +556,7 @@ export declare abstract class ParaCore implements CoreInterface {
556
556
  protected verifyTelegramProcess(opts: InternalMethodParams<'verifyTelegramLink'> & {
557
557
  isLinkAccount: true;
558
558
  }): InternalMethodResponse<'verifyTelegramLink'>;
559
- verifyTelegram(params: VerifyTelegramParams): Promise<import("./types/authState.js").AuthStateSignupOrLoginOrDone>;
559
+ verifyTelegram(params: VerifyTelegramParams): Promise<OAuthResponse>;
560
560
  protected verifyTelegramLink(opts: InternalMethodParams<'verifyTelegramLink'>): InternalMethodResponse<'verifyTelegramLink'>;
561
561
  /**
562
562
  * Performs 2FA verification.
@@ -577,6 +577,27 @@ export declare abstract class ParaCore implements CoreInterface {
577
577
  * @param {string} opts.verificationCode - the verification code received via 2FA.
578
578
  */
579
579
  enable2fa({ verificationCode }: CoreMethodParams<'enable2fa'>): CoreMethodResponse<'enable2fa'>;
580
+ /**
581
+ * Login-time 2FA (ENG-6906): enroll a TOTP second factor for the current session.
582
+ * Distinct from setup2fa/enable2fa, which configure the recovery-gating 2FA. This
583
+ * is authenticated by the active session (no recovery config gate); the backend
584
+ * 404s the surface when the login-MFA flag is off.
585
+ *
586
+ * @returns {Object} `{ uri, backupCodes }` — otpauth URI to render as a QR, plus
587
+ * one-time backup codes to show the user exactly once.
588
+ */
589
+ enrollMfa(): CoreMethodResponse<'enrollMfa'>;
590
+ /**
591
+ * Login-time 2FA (ENG-6906): verify the second factor for the current login. On
592
+ * success the backend stamps the session and this re-polls the login status so the
593
+ * flow advances toward `done`; a wrong code resolves to `{ ok:false, attemptsRemaining }`
594
+ * so the UI can re-prompt without treating it as a hard error.
595
+ *
596
+ * @param {Object} opts the options object.
597
+ * @param {string} opts.code the TOTP or backup code entered by the user.
598
+ * @returns {Object} `{ ok: true } | { ok: false; attemptsRemaining? }`
599
+ */
600
+ verifyMfa({ code }: CoreMethodParams<'verifyMfa'>): CoreMethodResponse<'verifyMfa'>;
580
601
  /**
581
602
  * Resend a verification email for the current user.
582
603
  */
@@ -626,7 +647,7 @@ export declare abstract class ParaCore implements CoreInterface {
626
647
  protected verifyFarcasterProcess(opts: InternalMethodParams<'verifyFarcasterLink'> & {
627
648
  isLinkAccount: true;
628
649
  }): InternalMethodResponse<'verifyFarcasterLink'>;
629
- verifyFarcaster(params: VerifyFarcasterParams): Promise<import("./types/authState.js").AuthStateSignupOrLoginOrDone>;
650
+ verifyFarcaster(params: VerifyFarcasterParams): Promise<OAuthResponse>;
630
651
  protected verifyFarcasterLink(opts: InternalMethodParams<'verifyFarcasterLink'>): InternalMethodResponse<'verifyFarcasterLink'>;
631
652
  /**
632
653
  * Generates a URL for the user to log in with OAuth using a desire method.
@@ -1,6 +1,6 @@
1
1
  import { ParaCore } from './ParaCore.js';
2
- export { type Auth, type AuthInfo, type PrimaryAuthInfo, type VerifiedAuthInfo, type VerifiedAuth, AuthMethod, type TAuthMethod, AuthMethodStatus, AuthLayout, type TAuthLayout, type AuthExtras, type CurrentWalletIds, EmailTheme, type PartnerEntity, type PartnerAppConfig, type WalletEntity, Network, type TNetwork, WalletType, type TWalletType, WalletScheme, type TWalletScheme, OnRampAsset, type TOnRampAsset, OnRampPurchaseType, OnRampProvider, OnRampPurchaseStatus, type OnRampConfig, type OnRampAssets, type OnRampPurchase, type OnRampAssetInfo, type ProviderAssetInfo, OnRampMethod, OAuthMethod, type TOAuthMethod, type TLinkedAccountType, type SupportedAccountLinks, type SupportedWalletTypes, type TPregenIdentifierType, type PregenIds, type LinkedAccount, type LinkedAccounts, type TExternalWallet, type ExternalWalletInfo, type PregenAuth, type Setup2faResponse, type TelegramAuthResponse, type VerifyExternalWalletParams, type AssetMetadata, type AssetMetadataIndexed, type AssetValue, type BalancesConfig, type WalletBalance, type ProfileBalance, type OfframpDepositRequest, type WalletWithMetadata, RecoveryStatus, ThemeMode, NON_ED25519, PREGEN_IDENTIFIER_TYPES, WALLET_TYPES, WALLET_SCHEMES, OAUTH_METHODS, LINKED_ACCOUNT_TYPES, EXTERNAL_WALLET_TYPES, EVM_WALLETS, SOLANA_WALLETS, COSMOS_WALLETS, formatAssetQuantity, formatCurrency, type EstimateTransactionOpts, type EstimateTransactionResult, type BroadcastTransactionOpts, type BroadcastTransactionResult, type PendingTransactionEntity, type SerializedDecodedTx, type SerializedTxData, type GetPendingTransactionResponse, DeliveryChannel, type PartnerThemeConfig as Theme, } from '@getpara/user-management-client';
3
- export { PopupType, PregenIdentifierType, type AuthStateSignup, type AuthStateVerify, type AuthStateLogin, type AuthState, type OAuthResponse, type CoreAuthInfo, type SignatureRes, type FullSignatureRes, type SuccessfulSignatureRes, type DeniedSignatureRes, type DeniedSignatureResWithUrl, type Wallet, type AvailableWallet, type AccountLinkInProgress, AccountLinkError, type InternalInterface, type Verify2faParams, type Verify2faResponse, type StorageType, type TelegramParams, type CreateParaSignerBaseOptions, } from './types/index.js';
2
+ export { type Auth, type AuthInfo, type PrimaryAuthInfo, type VerifiedAuthInfo, type VerifiedAuth, AuthMethod, type TAuthMethod, AuthMethodStatus, AuthLayout, type TAuthLayout, type AuthExtras, type CurrentWalletIds, EmailTheme, type PartnerEntity, type PartnerAppConfig, type WalletEntity, Network, type TNetwork, WalletType, type TWalletType, WalletScheme, type TWalletScheme, OnRampAsset, type TOnRampAsset, OnRampPurchaseType, OnRampProvider, OnRampPurchaseStatus, type OnRampConfig, type OnRampAssets, type OnRampPurchase, type OnRampAssetInfo, type ProviderAssetInfo, OnRampMethod, OAuthMethod, type TOAuthMethod, type TLinkedAccountType, type SupportedAccountLinks, type SupportedWalletTypes, type TPregenIdentifierType, type PregenIds, type LinkedAccount, type LinkedAccounts, type TExternalWallet, type ExternalWalletInfo, type PregenAuth, type Setup2faResponse, type EnrollMfaResponse, type VerifyMfaResult, type MfaChallenge, type MfaMode, type MfaStep, type TelegramAuthResponse, type VerifyExternalWalletParams, type AssetMetadata, type AssetMetadataIndexed, type AssetValue, type BalancesConfig, type WalletBalance, type ProfileBalance, type OfframpDepositRequest, type WalletWithMetadata, RecoveryStatus, ThemeMode, NON_ED25519, PREGEN_IDENTIFIER_TYPES, WALLET_TYPES, WALLET_SCHEMES, OAUTH_METHODS, LINKED_ACCOUNT_TYPES, EXTERNAL_WALLET_TYPES, EVM_WALLETS, SOLANA_WALLETS, COSMOS_WALLETS, formatAssetQuantity, formatCurrency, type EstimateTransactionOpts, type EstimateTransactionResult, type BroadcastTransactionOpts, type BroadcastTransactionResult, type PendingTransactionEntity, type SerializedDecodedTx, type SerializedTxData, type GetPendingTransactionResponse, DeliveryChannel, type PartnerThemeConfig as Theme, } from '@getpara/user-management-client';
3
+ export { PopupType, PregenIdentifierType, type AuthStateSignup, type AuthStateVerify, type AuthStateLogin, type AuthState, type OAuthResponse, type CoreAuthInfo, type SignatureRes, type FullSignatureRes, type SuccessfulSignatureRes, type DeniedSignatureRes, type DeniedSignatureResWithUrl, type Wallet, type AvailableWallet, type AccountLinkInProgress, AccountLinkError, type InternalInterface, type Verify2faParams, type Verify2faResponse, type VerifyMfaParams, type AuthStateMfa, type StorageType, type TelegramParams, type CreateParaSignerBaseOptions, } from './types/index.js';
4
4
  export * from './types/smartAccounts.js';
5
5
  export * from './types/coreApi.js';
6
6
  export * from './types/events.js';
@@ -9,7 +9,7 @@ import { WalletService } from './WalletService.js';
9
9
  import type { WaitForLoginMethod } from './types/LoginFlowServiceTypes';
10
10
  import type { WaitForSignupMethod, WaitForWalletCreationMethod } from './types/SignupFlowServiceTypes';
11
11
  import { PerformVerifyExternalWalletMethod, PerformVerifyFarcasterMethod, PerformVerifyNewAccountMethod, PerformVerifyTelegramMethod, RetryVerifyExternalWalletMethod, VerifyExternalWalletMethod, VerifyFarcasterMethod, VerifyNewAccountMethod, VerifyTelegramMethod } from './types/VerificationFlowServiceTypes.js';
12
- import type { AddCredentialMethod, AssertIsAuthSetMethod, AssertUserIdMethod, AuthenticateWithEmailOrPhoneMethod, AuthenticateWithOAuthMethod, ConnectExternalWalletMethod, GetNewCredentialAndUrlMethod, LoginExternalWalletMethod, PerformLoginExternalWalletMethod, PerformSignUpOrLogInMethod, PrepareAuthStateMethod, PrepareLoginStateMethod, ResendVerificationCodeMethod, SetAuthMethod, SignExternalWalletVerificationMethod, SignUpOrLogInMethod, SupportedUserAuthMethodsMethod, VerifyOAuthProcessMethod } from './types/AuthServiceTypes.js';
12
+ import type { AddCredentialMethod, AssertIsAuthSetMethod, AssertUserIdMethod, AuthenticateWithEmailOrPhoneMethod, AuthenticateWithOAuthMethod, ConnectExternalWalletMethod, EnrollMfaMethod, GetNewCredentialAndUrlMethod, LoginExternalWalletMethod, PerformLoginExternalWalletMethod, PerformSignUpOrLogInMethod, PrepareAuthStateMethod, PrepareLoginStateMethod, ResendVerificationCodeMethod, ResolveMfaMethod, VerifyMfaMethod, SetAuthMethod, SignExternalWalletVerificationMethod, SignUpOrLogInMethod, SupportedUserAuthMethodsMethod, VerifyOAuthProcessMethod } from './types/AuthServiceTypes.js';
13
13
  export declare class AuthService {
14
14
  #private;
15
15
  userId?: string;
@@ -60,6 +60,15 @@ export declare class AuthService {
60
60
  connectExternalWallet: ConnectExternalWalletMethod;
61
61
  signExternalWalletVerification: SignExternalWalletVerificationMethod;
62
62
  verifyOAuthProcess: VerifyOAuthProcessMethod;
63
+ /**
64
+ * Login-time 2FA (ENG-6906): after the second factor has been satisfied/enrolled
65
+ * server-side, re-poll the login status to advance the flow. Fires RESOLVE_2FA,
66
+ * which re-enters verify-oauth polling (now returning stage:'done') and routes
67
+ * onward to awaiting_session_start / authenticated.
68
+ */
69
+ resolveMfa: ResolveMfaMethod;
70
+ enrollMfa: EnrollMfaMethod;
71
+ verifyMfa: VerifyMfaMethod;
63
72
  authenticateWithOAuth: AuthenticateWithOAuthMethod;
64
73
  performVerifyTelegram: PerformVerifyTelegramMethod;
65
74
  verifyTelegram: VerifyTelegramMethod;
@@ -1,5 +1,5 @@
1
- import type { Auth, AuthExtras, AuthMethod, AuthType, DeliveryChannel, ExternalWalletInfo, PrimaryAuth, PrimaryAuthInfo, ServerAuthState, ServerAuthStateLogin, TAuthMethod, PartnerThemeConfig, TOAuthMethod } from '@getpara/user-management-client';
2
- import type { AuthState, AuthStateDone, AuthStateLogin, AuthStateSignup, AuthStateVerify, CoreAuthInfo, WithCustomTheme, WithSessionLookupId, WithShorten, WithUseShortUrls } from '../../types/index.js';
1
+ import type { Auth, AuthExtras, AuthMethod, AuthType, DeliveryChannel, EnrollMfaResponse, ExternalWalletInfo, PrimaryAuth, PrimaryAuthInfo, ServerAuthState, ServerAuthStateLogin, TAuthMethod, PartnerThemeConfig, TOAuthMethod, VerifyMfaResult } from '@getpara/user-management-client';
2
+ import type { AuthState, AuthStateDone, AuthStateLogin, AuthStateMfa, AuthStateSignup, AuthStateVerify, CoreAuthInfo, VerifyMfaParams, WithCustomTheme, WithSessionLookupId, WithShorten, WithUseShortUrls } from '../../types/index.js';
3
3
  import type { InitOAuthPollingParams, PollingCallbacks } from './PollingServiceTypes.js';
4
4
  import { PerformConnectExternalWalletResponse, ExternalSignMessageParams } from './ExternalWalletServiceTypes.js';
5
5
  import { BaseVerifyExternalWalletParams } from './VerificationFlowServiceTypes.js';
@@ -96,8 +96,11 @@ interface PerformLoginExternalWalletResponse {
96
96
  export type PerformLoginExternalWalletMethod = (_: LoginExternalWalletParams) => Promise<PerformLoginExternalWalletResponse>;
97
97
  export interface VerifyOAuthProcessParams extends PollingCallbacks, InitOAuthPollingParams {
98
98
  }
99
- export type VerifyOAuthProcessResponse = AuthStateLogin | AuthStateSignup | AuthStateDone;
99
+ export type VerifyOAuthProcessResponse = AuthStateLogin | AuthStateSignup | AuthStateDone | AuthStateMfa;
100
100
  export type VerifyOAuthProcessMethod = (_: VerifyOAuthProcessParams) => Promise<VerifyOAuthProcessResponse>;
101
+ export type EnrollMfaMethod = () => Promise<EnrollMfaResponse>;
102
+ export type VerifyMfaMethod = (_: VerifyMfaParams) => Promise<VerifyMfaResult>;
103
+ export type ResolveMfaMethod = (_?: PollingCallbacks) => Promise<AuthState>;
101
104
  export interface AuthenticateWithOAuthParams extends WithCustomTheme, WithUseShortUrls {
102
105
  /**
103
106
  * The third-party OAuth service.
@@ -33,4 +33,5 @@ export declare class CoreStateManager {
33
33
  private notifyListeners;
34
34
  private statesEqual;
35
35
  private authStateInfoEqual;
36
+ private mfaEqual;
36
37
  }
@@ -216,7 +216,7 @@ export declare function createAuthStateMachine(paraCoreInterface: StateMachineIn
216
216
  type: "canRetryNewAccount";
217
217
  params: unknown;
218
218
  };
219
- }>, never, "error" | "checking_state" | "clearing_state" | "unauthenticated" | "authenticating_email_phone" | "authenticating_oauth" | "connecting_external_wallet" | "switching_external_wallet" | "authenticating_external_wallet" | "authenticating_telegram" | "authenticating_telegram_legacy" | "authenticating_farcaster" | "authenticating_farcaster_legacy" | "waiting_for_farcaster" | "processing_authentication" | "awaiting_wallet_signature" | "awaiting_wallet_verification" | "awaiting_account_verification" | "awaiting_session_start" | "verifying_new_account" | "verifying_external_wallet" | "waiting_for_session" | "authenticated" | "guest_mode" | "signing_external_wallet_verification", string, AuthInput, {}, import("xstate").EventObject, import("xstate").MetaObject, {
219
+ }>, never, "error" | "checking_state" | "clearing_state" | "unauthenticated" | "authenticating_email_phone" | "authenticating_oauth" | "connecting_external_wallet" | "switching_external_wallet" | "authenticating_external_wallet" | "authenticating_telegram" | "authenticating_telegram_legacy" | "authenticating_farcaster" | "authenticating_farcaster_legacy" | "waiting_for_farcaster" | "processing_authentication" | "awaiting_wallet_signature" | "awaiting_wallet_verification" | "awaiting_account_verification" | "awaiting_2fa" | "awaiting_2fa_enrollment" | "resolving_2fa" | "awaiting_session_start" | "verifying_new_account" | "verifying_external_wallet" | "waiting_for_session" | "authenticated" | "guest_mode" | "signing_external_wallet_verification", string, AuthInput, {}, import("xstate").EventObject, import("xstate").MetaObject, {
220
220
  readonly id: "auth";
221
221
  readonly initial: "checking_state";
222
222
  readonly context: ({ input: { coreRef } }: {
@@ -2041,6 +2041,26 @@ export declare function createAuthStateMachine(paraCoreInterface: StateMachineIn
2041
2041
  };
2042
2042
  }];
2043
2043
  readonly guard: import("xstate/dist/declarations/src/guards.js").GuardPredicate<AuthContext, import("xstate").DoneActorEvent<AuthState, string>, unknown, never>;
2044
+ }, {
2045
+ readonly target: "awaiting_2fa_enrollment";
2046
+ readonly actions: readonly ["storeAuthStateResult", {
2047
+ readonly type: "logTransition";
2048
+ readonly params: {
2049
+ readonly to: "awaiting_2fa_enrollment";
2050
+ readonly detail: "mfa enroll";
2051
+ };
2052
+ }];
2053
+ readonly guard: ({ event }: import("xstate/dist/declarations/src/guards.js").GuardArgs<AuthContext, import("xstate").DoneActorEvent<AuthState, string>>) => boolean;
2054
+ }, {
2055
+ readonly target: "awaiting_2fa";
2056
+ readonly actions: readonly ["storeAuthStateResult", {
2057
+ readonly type: "logTransition";
2058
+ readonly params: {
2059
+ readonly to: "awaiting_2fa";
2060
+ readonly detail: "mfa verify";
2061
+ };
2062
+ }];
2063
+ readonly guard: ({ event }: import("xstate/dist/declarations/src/guards.js").GuardArgs<AuthContext, import("xstate").DoneActorEvent<AuthState, string>>) => boolean;
2044
2064
  }, {
2045
2065
  readonly target: "awaiting_session_start";
2046
2066
  readonly actions: readonly ["storeAuthStateResult", {
@@ -2100,6 +2120,62 @@ export declare function createAuthStateMachine(paraCoreInterface: StateMachineIn
2100
2120
  };
2101
2121
  };
2102
2122
  };
2123
+ readonly awaiting_2fa: {
2124
+ readonly on: {
2125
+ readonly RESOLVE_2FA: {
2126
+ readonly target: "resolving_2fa";
2127
+ readonly actions: readonly ["setPollingCallbacks", "resetError"];
2128
+ };
2129
+ readonly CANCEL: {
2130
+ readonly target: "unauthenticated";
2131
+ readonly actions: readonly ["resetState"];
2132
+ };
2133
+ };
2134
+ };
2135
+ readonly awaiting_2fa_enrollment: {
2136
+ readonly on: {
2137
+ readonly RESOLVE_2FA: {
2138
+ readonly target: "resolving_2fa";
2139
+ readonly actions: readonly ["setPollingCallbacks", "resetError"];
2140
+ };
2141
+ readonly CANCEL: {
2142
+ readonly target: "unauthenticated";
2143
+ readonly actions: readonly ["resetState"];
2144
+ };
2145
+ };
2146
+ };
2147
+ readonly resolving_2fa: {
2148
+ readonly entry: readonly [{
2149
+ readonly type: "logTransition";
2150
+ readonly params: {
2151
+ readonly to: "resolving_2fa";
2152
+ };
2153
+ }];
2154
+ readonly invoke: {
2155
+ readonly src: "polling";
2156
+ readonly input: ({ context }: {
2157
+ context: AuthContext;
2158
+ event: AuthEvents;
2159
+ self: import("xstate").ActorRef<import("xstate").MachineSnapshot<AuthContext, AuthEvents, Record<string, import("xstate").AnyActorRef>, import("xstate").StateValue, string, unknown, any, any>, AuthEvents, import("xstate").AnyEventObject>;
2160
+ }) => {
2161
+ checkCondition: () => Promise<{
2162
+ finished: boolean;
2163
+ data: {
2164
+ authState: ServerAuthState;
2165
+ };
2166
+ }>;
2167
+ onPoll: () => void;
2168
+ onCancel: () => void;
2169
+ isCanceled: () => boolean;
2170
+ id: string;
2171
+ };
2172
+ readonly onError: {
2173
+ readonly target: "error";
2174
+ readonly actions: any;
2175
+ };
2176
+ };
2177
+ readonly on: any;
2178
+ };
2103
2179
  readonly awaiting_session_start: {
2104
2180
  readonly on: {
2105
2181
  readonly WAIT_FOR_SESSION: {