@getpara/core-sdk 3.4.0 → 3.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -556,7 +556,7 @@ export declare abstract class ParaCore implements CoreInterface {
556
556
  protected verifyTelegramProcess(opts: InternalMethodParams<'verifyTelegramLink'> & {
557
557
  isLinkAccount: true;
558
558
  }): InternalMethodResponse<'verifyTelegramLink'>;
559
- verifyTelegram(params: VerifyTelegramParams): Promise<import("./types/authState.js").AuthStateSignupOrLoginOrDone>;
559
+ verifyTelegram(params: VerifyTelegramParams): Promise<OAuthResponse>;
560
560
  protected verifyTelegramLink(opts: InternalMethodParams<'verifyTelegramLink'>): InternalMethodResponse<'verifyTelegramLink'>;
561
561
  /**
562
562
  * Performs 2FA verification.
@@ -577,6 +577,27 @@ export declare abstract class ParaCore implements CoreInterface {
577
577
  * @param {string} opts.verificationCode - the verification code received via 2FA.
578
578
  */
579
579
  enable2fa({ verificationCode }: CoreMethodParams<'enable2fa'>): CoreMethodResponse<'enable2fa'>;
580
+ /**
581
+ * Login-time 2FA (ENG-6906): enroll a TOTP second factor for the current session.
582
+ * Distinct from setup2fa/enable2fa, which configure the recovery-gating 2FA. This
583
+ * is authenticated by the active session (no recovery config gate); the backend
584
+ * 404s the surface when the login-MFA flag is off.
585
+ *
586
+ * @returns {Object} `{ uri, backupCodes }` — otpauth URI to render as a QR, plus
587
+ * one-time backup codes to show the user exactly once.
588
+ */
589
+ enrollMfa(): CoreMethodResponse<'enrollMfa'>;
590
+ /**
591
+ * Login-time 2FA (ENG-6906): verify the second factor for the current login. On
592
+ * success the backend stamps the session and this re-polls the login status so the
593
+ * flow advances toward `done`; a wrong code resolves to `{ ok:false, attemptsRemaining }`
594
+ * so the UI can re-prompt without treating it as a hard error.
595
+ *
596
+ * @param {Object} opts the options object.
597
+ * @param {string} opts.code the TOTP or backup code entered by the user.
598
+ * @returns {Object} `{ ok: true } | { ok: false; attemptsRemaining? }`
599
+ */
600
+ verifyMfa({ code }: CoreMethodParams<'verifyMfa'>): CoreMethodResponse<'verifyMfa'>;
580
601
  /**
581
602
  * Resend a verification email for the current user.
582
603
  */
@@ -626,7 +647,7 @@ export declare abstract class ParaCore implements CoreInterface {
626
647
  protected verifyFarcasterProcess(opts: InternalMethodParams<'verifyFarcasterLink'> & {
627
648
  isLinkAccount: true;
628
649
  }): InternalMethodResponse<'verifyFarcasterLink'>;
629
- verifyFarcaster(params: VerifyFarcasterParams): Promise<import("./types/authState.js").AuthStateSignupOrLoginOrDone>;
650
+ verifyFarcaster(params: VerifyFarcasterParams): Promise<OAuthResponse>;
630
651
  protected verifyFarcasterLink(opts: InternalMethodParams<'verifyFarcasterLink'>): InternalMethodResponse<'verifyFarcasterLink'>;
631
652
  /**
632
653
  * Generates a URL for the user to log in with OAuth using a desire method.
@@ -823,6 +844,7 @@ export declare abstract class ParaCore implements CoreInterface {
823
844
  walletScheme?: TWalletScheme;
824
845
  }): Promise<any>;
825
846
  private getTransactionReviewUrl;
847
+ private getDeniedSignatureResultWithUrl;
826
848
  private getOnRampTransactionUrl;
827
849
  getWalletBalance(params: GetWalletBalanceParams): Promise<string>;
828
850
  /**
@@ -10,6 +10,19 @@ export declare class TransactionReviewTimeout extends Error {
10
10
  transactionReviewUrl: string;
11
11
  constructor(transactionReviewUrl: string, pendingTransactionId: string);
12
12
  }
13
+ export interface SigningResultErrorOptions {
14
+ code?: string;
15
+ status?: number;
16
+ responseURL?: string;
17
+ data?: object;
18
+ }
19
+ export declare class SigningResultError extends Error {
20
+ readonly code?: string;
21
+ readonly status?: number;
22
+ readonly responseURL?: string;
23
+ readonly data?: object;
24
+ constructor(message: string, options?: SigningResultErrorOptions);
25
+ }
13
26
  /**
14
27
  * Discriminant for a `PartnerConfigError`. Each code corresponds to a specific
15
28
  * partner-config check that rejected an SDK call. Stable string values are
@@ -1,6 +1,6 @@
1
1
  import { ParaCore } from './ParaCore.js';
2
- export { type Auth, type AuthInfo, type PrimaryAuthInfo, type VerifiedAuthInfo, type VerifiedAuth, AuthMethod, type TAuthMethod, AuthMethodStatus, AuthLayout, type TAuthLayout, type AuthExtras, type CurrentWalletIds, EmailTheme, type PartnerEntity, type PartnerAppConfig, type WalletEntity, Network, type TNetwork, WalletType, type TWalletType, WalletScheme, type TWalletScheme, OnRampAsset, type TOnRampAsset, OnRampPurchaseType, OnRampProvider, OnRampPurchaseStatus, type OnRampConfig, type OnRampAssets, type OnRampPurchase, type OnRampAssetInfo, type ProviderAssetInfo, OnRampMethod, OAuthMethod, type TOAuthMethod, type TLinkedAccountType, type SupportedAccountLinks, type SupportedWalletTypes, type TPregenIdentifierType, type PregenIds, type LinkedAccount, type LinkedAccounts, type TExternalWallet, type ExternalWalletInfo, type PregenAuth, type Setup2faResponse, type TelegramAuthResponse, type VerifyExternalWalletParams, type AssetMetadata, type AssetMetadataIndexed, type AssetValue, type BalancesConfig, type WalletBalance, type ProfileBalance, type OfframpDepositRequest, type WalletWithMetadata, RecoveryStatus, ThemeMode, NON_ED25519, PREGEN_IDENTIFIER_TYPES, WALLET_TYPES, WALLET_SCHEMES, OAUTH_METHODS, LINKED_ACCOUNT_TYPES, EXTERNAL_WALLET_TYPES, EVM_WALLETS, SOLANA_WALLETS, COSMOS_WALLETS, formatAssetQuantity, formatCurrency, type EstimateTransactionOpts, type EstimateTransactionResult, type BroadcastTransactionOpts, type BroadcastTransactionResult, type PendingTransactionEntity, type SerializedDecodedTx, type SerializedTxData, type GetPendingTransactionResponse, DeliveryChannel, type PartnerThemeConfig as Theme, } from '@getpara/user-management-client';
3
- export { PopupType, PregenIdentifierType, type AuthStateSignup, type AuthStateVerify, type AuthStateLogin, type AuthState, type OAuthResponse, type CoreAuthInfo, type SignatureRes, type FullSignatureRes, type SuccessfulSignatureRes, type DeniedSignatureRes, type DeniedSignatureResWithUrl, type Wallet, type AvailableWallet, type AccountLinkInProgress, AccountLinkError, type InternalInterface, type Verify2faParams, type Verify2faResponse, type StorageType, type TelegramParams, type CreateParaSignerBaseOptions, } from './types/index.js';
2
+ export { type Auth, type AuthInfo, type PrimaryAuthInfo, type VerifiedAuthInfo, type VerifiedAuth, AuthMethod, type TAuthMethod, AuthMethodStatus, AuthLayout, type TAuthLayout, type AuthExtras, type CurrentWalletIds, EmailTheme, type PartnerEntity, type PartnerAppConfig, type WalletEntity, Network, type TNetwork, WalletType, type TWalletType, WalletScheme, type TWalletScheme, OnRampAsset, type TOnRampAsset, OnRampPurchaseType, OnRampProvider, OnRampPurchaseStatus, type OnRampConfig, type OnRampAssets, type OnRampPurchase, type OnRampAssetInfo, type ProviderAssetInfo, OnRampMethod, OAuthMethod, type TOAuthMethod, type TLinkedAccountType, type SupportedAccountLinks, type SupportedWalletTypes, type TPregenIdentifierType, type PregenIds, type LinkedAccount, type LinkedAccounts, type TExternalWallet, type ExternalWalletInfo, type PregenAuth, type Setup2faResponse, type EnrollMfaResponse, type VerifyMfaResult, type MfaChallenge, type MfaMode, type MfaStep, type TelegramAuthResponse, type VerifyExternalWalletParams, type AssetMetadata, type AssetMetadataIndexed, type AssetValue, type BalancesConfig, type WalletBalance, type ProfileBalance, type OfframpDepositRequest, type WalletWithMetadata, RecoveryStatus, ThemeMode, NON_ED25519, PREGEN_IDENTIFIER_TYPES, WALLET_TYPES, WALLET_SCHEMES, OAUTH_METHODS, LINKED_ACCOUNT_TYPES, EXTERNAL_WALLET_TYPES, EVM_WALLETS, SOLANA_WALLETS, COSMOS_WALLETS, formatAssetQuantity, formatCurrency, type EstimateTransactionOpts, type EstimateTransactionResult, type BroadcastTransactionOpts, type BroadcastTransactionResult, type PendingTransactionEntity, type SerializedDecodedTx, type SerializedTxData, type GetPendingTransactionResponse, DeliveryChannel, type PartnerThemeConfig as Theme, } from '@getpara/user-management-client';
3
+ export { PopupType, PregenIdentifierType, type AuthStateSignup, type AuthStateVerify, type AuthStateLogin, type AuthState, type OAuthResponse, type CoreAuthInfo, type SignatureRes, type FullSignatureRes, type SuccessfulSignatureRes, type DeniedSignatureRes, type DeniedSignatureResWithUrl, type Wallet, type AvailableWallet, type AccountLinkInProgress, AccountLinkError, type InternalInterface, type Verify2faParams, type Verify2faResponse, type VerifyMfaParams, type AuthStateMfa, type StorageType, type TelegramParams, type CreateParaSignerBaseOptions, } from './types/index.js';
4
4
  export * from './types/smartAccounts.js';
5
5
  export * from './types/coreApi.js';
6
6
  export * from './types/events.js';
@@ -9,7 +9,7 @@ import { WalletService } from './WalletService.js';
9
9
  import type { WaitForLoginMethod } from './types/LoginFlowServiceTypes';
10
10
  import type { WaitForSignupMethod, WaitForWalletCreationMethod } from './types/SignupFlowServiceTypes';
11
11
  import { PerformVerifyExternalWalletMethod, PerformVerifyFarcasterMethod, PerformVerifyNewAccountMethod, PerformVerifyTelegramMethod, RetryVerifyExternalWalletMethod, VerifyExternalWalletMethod, VerifyFarcasterMethod, VerifyNewAccountMethod, VerifyTelegramMethod } from './types/VerificationFlowServiceTypes.js';
12
- import type { AddCredentialMethod, AssertIsAuthSetMethod, AssertUserIdMethod, AuthenticateWithEmailOrPhoneMethod, AuthenticateWithOAuthMethod, ConnectExternalWalletMethod, GetNewCredentialAndUrlMethod, LoginExternalWalletMethod, PerformLoginExternalWalletMethod, PerformSignUpOrLogInMethod, PrepareAuthStateMethod, PrepareLoginStateMethod, ResendVerificationCodeMethod, SetAuthMethod, SignExternalWalletVerificationMethod, SignUpOrLogInMethod, SupportedUserAuthMethodsMethod, VerifyOAuthProcessMethod } from './types/AuthServiceTypes.js';
12
+ import type { AddCredentialMethod, AssertIsAuthSetMethod, AssertUserIdMethod, AuthenticateWithEmailOrPhoneMethod, AuthenticateWithOAuthMethod, ConnectExternalWalletMethod, EnrollMfaMethod, GetNewCredentialAndUrlMethod, LoginExternalWalletMethod, PerformLoginExternalWalletMethod, PerformSignUpOrLogInMethod, PrepareAuthStateMethod, PrepareLoginStateMethod, ResendVerificationCodeMethod, ResolveMfaMethod, VerifyMfaMethod, SetAuthMethod, SignExternalWalletVerificationMethod, SignUpOrLogInMethod, SupportedUserAuthMethodsMethod, VerifyOAuthProcessMethod } from './types/AuthServiceTypes.js';
13
13
  export declare class AuthService {
14
14
  #private;
15
15
  userId?: string;
@@ -60,6 +60,15 @@ export declare class AuthService {
60
60
  connectExternalWallet: ConnectExternalWalletMethod;
61
61
  signExternalWalletVerification: SignExternalWalletVerificationMethod;
62
62
  verifyOAuthProcess: VerifyOAuthProcessMethod;
63
+ /**
64
+ * Login-time 2FA (ENG-6906): after the second factor has been satisfied/enrolled
65
+ * server-side, re-poll the login status to advance the flow. Fires RESOLVE_2FA,
66
+ * which re-enters verify-oauth polling (now returning stage:'done') and routes
67
+ * onward to awaiting_session_start / authenticated.
68
+ */
69
+ resolveMfa: ResolveMfaMethod;
70
+ enrollMfa: EnrollMfaMethod;
71
+ verifyMfa: VerifyMfaMethod;
63
72
  authenticateWithOAuth: AuthenticateWithOAuthMethod;
64
73
  performVerifyTelegram: PerformVerifyTelegramMethod;
65
74
  verifyTelegram: VerifyTelegramMethod;
@@ -1,5 +1,5 @@
1
- import type { Auth, AuthExtras, AuthMethod, AuthType, DeliveryChannel, ExternalWalletInfo, PrimaryAuth, PrimaryAuthInfo, ServerAuthState, ServerAuthStateLogin, TAuthMethod, PartnerThemeConfig, TOAuthMethod } from '@getpara/user-management-client';
2
- import type { AuthState, AuthStateDone, AuthStateLogin, AuthStateSignup, AuthStateVerify, CoreAuthInfo, WithCustomTheme, WithSessionLookupId, WithShorten, WithUseShortUrls } from '../../types/index.js';
1
+ import type { Auth, AuthExtras, AuthMethod, AuthType, DeliveryChannel, EnrollMfaResponse, ExternalWalletInfo, PrimaryAuth, PrimaryAuthInfo, ServerAuthState, ServerAuthStateLogin, TAuthMethod, PartnerThemeConfig, TOAuthMethod, VerifyMfaResult } from '@getpara/user-management-client';
2
+ import type { AuthState, AuthStateDone, AuthStateLogin, AuthStateMfa, AuthStateSignup, AuthStateVerify, CoreAuthInfo, VerifyMfaParams, WithCustomTheme, WithSessionLookupId, WithShorten, WithUseShortUrls } from '../../types/index.js';
3
3
  import type { InitOAuthPollingParams, PollingCallbacks } from './PollingServiceTypes.js';
4
4
  import { PerformConnectExternalWalletResponse, ExternalSignMessageParams } from './ExternalWalletServiceTypes.js';
5
5
  import { BaseVerifyExternalWalletParams } from './VerificationFlowServiceTypes.js';
@@ -96,8 +96,11 @@ interface PerformLoginExternalWalletResponse {
96
96
  export type PerformLoginExternalWalletMethod = (_: LoginExternalWalletParams) => Promise<PerformLoginExternalWalletResponse>;
97
97
  export interface VerifyOAuthProcessParams extends PollingCallbacks, InitOAuthPollingParams {
98
98
  }
99
- export type VerifyOAuthProcessResponse = AuthStateLogin | AuthStateSignup | AuthStateDone;
99
+ export type VerifyOAuthProcessResponse = AuthStateLogin | AuthStateSignup | AuthStateDone | AuthStateMfa;
100
100
  export type VerifyOAuthProcessMethod = (_: VerifyOAuthProcessParams) => Promise<VerifyOAuthProcessResponse>;
101
+ export type EnrollMfaMethod = () => Promise<EnrollMfaResponse>;
102
+ export type VerifyMfaMethod = (_: VerifyMfaParams) => Promise<VerifyMfaResult>;
103
+ export type ResolveMfaMethod = (_?: PollingCallbacks) => Promise<AuthState>;
101
104
  export interface AuthenticateWithOAuthParams extends WithCustomTheme, WithUseShortUrls {
102
105
  /**
103
106
  * The third-party OAuth service.
@@ -33,4 +33,5 @@ export declare class CoreStateManager {
33
33
  private notifyListeners;
34
34
  private statesEqual;
35
35
  private authStateInfoEqual;
36
+ private mfaEqual;
36
37
  }
@@ -216,7 +216,7 @@ export declare function createAuthStateMachine(paraCoreInterface: StateMachineIn
216
216
  type: "canRetryNewAccount";
217
217
  params: unknown;
218
218
  };
219
- }>, never, "error" | "checking_state" | "clearing_state" | "unauthenticated" | "authenticating_email_phone" | "authenticating_oauth" | "connecting_external_wallet" | "switching_external_wallet" | "authenticating_external_wallet" | "authenticating_telegram" | "authenticating_telegram_legacy" | "authenticating_farcaster" | "authenticating_farcaster_legacy" | "waiting_for_farcaster" | "processing_authentication" | "awaiting_wallet_signature" | "awaiting_wallet_verification" | "awaiting_account_verification" | "awaiting_session_start" | "verifying_new_account" | "verifying_external_wallet" | "waiting_for_session" | "authenticated" | "guest_mode" | "signing_external_wallet_verification", string, AuthInput, {}, import("xstate").EventObject, import("xstate").MetaObject, {
219
+ }>, never, "error" | "checking_state" | "clearing_state" | "unauthenticated" | "authenticating_email_phone" | "authenticating_oauth" | "connecting_external_wallet" | "switching_external_wallet" | "authenticating_external_wallet" | "authenticating_telegram" | "authenticating_telegram_legacy" | "authenticating_farcaster" | "authenticating_farcaster_legacy" | "waiting_for_farcaster" | "processing_authentication" | "awaiting_wallet_signature" | "awaiting_wallet_verification" | "awaiting_account_verification" | "awaiting_2fa" | "awaiting_2fa_enrollment" | "resolving_2fa" | "awaiting_session_start" | "verifying_new_account" | "verifying_external_wallet" | "waiting_for_session" | "authenticated" | "guest_mode" | "signing_external_wallet_verification", string, AuthInput, {}, import("xstate").EventObject, import("xstate").MetaObject, {
220
220
  readonly id: "auth";
221
221
  readonly initial: "checking_state";
222
222
  readonly context: ({ input: { coreRef } }: {
@@ -2041,6 +2041,26 @@ export declare function createAuthStateMachine(paraCoreInterface: StateMachineIn
2041
2041
  };
2042
2042
  }];
2043
2043
  readonly guard: import("xstate/dist/declarations/src/guards.js").GuardPredicate<AuthContext, import("xstate").DoneActorEvent<AuthState, string>, unknown, never>;
2044
+ }, {
2045
+ readonly target: "awaiting_2fa_enrollment";
2046
+ readonly actions: readonly ["storeAuthStateResult", {
2047
+ readonly type: "logTransition";
2048
+ readonly params: {
2049
+ readonly to: "awaiting_2fa_enrollment";
2050
+ readonly detail: "mfa enroll";
2051
+ };
2052
+ }];
2053
+ readonly guard: ({ event }: import("xstate/dist/declarations/src/guards.js").GuardArgs<AuthContext, import("xstate").DoneActorEvent<AuthState, string>>) => boolean;
2054
+ }, {
2055
+ readonly target: "awaiting_2fa";
2056
+ readonly actions: readonly ["storeAuthStateResult", {
2057
+ readonly type: "logTransition";
2058
+ readonly params: {
2059
+ readonly to: "awaiting_2fa";
2060
+ readonly detail: "mfa verify";
2061
+ };
2062
+ }];
2063
+ readonly guard: ({ event }: import("xstate/dist/declarations/src/guards.js").GuardArgs<AuthContext, import("xstate").DoneActorEvent<AuthState, string>>) => boolean;
2044
2064
  }, {
2045
2065
  readonly target: "awaiting_session_start";
2046
2066
  readonly actions: readonly ["storeAuthStateResult", {
@@ -2100,6 +2120,62 @@ export declare function createAuthStateMachine(paraCoreInterface: StateMachineIn
2100
2120
  };
2101
2121
  };
2102
2122
  };
2123
+ readonly awaiting_2fa: {
2124
+ readonly on: {
2125
+ readonly RESOLVE_2FA: {
2126
+ readonly target: "resolving_2fa";
2127
+ readonly actions: readonly ["setPollingCallbacks", "resetError"];
2128
+ };
2129
+ readonly CANCEL: {
2130
+ readonly target: "unauthenticated";
2131
+ readonly actions: readonly ["resetState"];
2132
+ };
2133
+ };
2134
+ };
2135
+ readonly awaiting_2fa_enrollment: {
2136
+ readonly on: {
2137
+ readonly RESOLVE_2FA: {
2138
+ readonly target: "resolving_2fa";
2139
+ readonly actions: readonly ["setPollingCallbacks", "resetError"];
2140
+ };
2141
+ readonly CANCEL: {
2142
+ readonly target: "unauthenticated";
2143
+ readonly actions: readonly ["resetState"];
2144
+ };
2145
+ };
2146
+ };
2147
+ readonly resolving_2fa: {
2148
+ readonly entry: readonly [{
2149
+ readonly type: "logTransition";
2150
+ readonly params: {
2151
+ readonly to: "resolving_2fa";
2152
+ };
2153
+ }];
2154
+ readonly invoke: {
2155
+ readonly src: "polling";
2156
+ readonly input: ({ context }: {
2157
+ context: AuthContext;
2158
+ event: AuthEvents;
2159
+ self: import("xstate").ActorRef<import("xstate").MachineSnapshot<AuthContext, AuthEvents, Record<string, import("xstate").AnyActorRef>, import("xstate").StateValue, string, unknown, any, any>, AuthEvents, import("xstate").AnyEventObject>;
2160
+ }) => {
2161
+ checkCondition: () => Promise<{
2162
+ finished: boolean;
2163
+ data: {
2164
+ authState: ServerAuthState;
2165
+ };
2166
+ }>;
2167
+ onPoll: () => void;
2168
+ onCancel: () => void;
2169
+ isCanceled: () => boolean;
2170
+ id: string;
2171
+ };
2172
+ readonly onError: {
2173
+ readonly target: "error";
2174
+ readonly actions: any;
2175
+ };
2176
+ };
2177
+ readonly on: any;
2178
+ };
2103
2179
  readonly awaiting_session_start: {
2104
2180
  readonly on: {
2105
2181
  readonly WAIT_FOR_SESSION: {