npm - @metamask-previews/profile-sync-controller - Versions diffs - 28.0.2-preview-6c5b6b08f → 28.0.2-preview-6961bc96f - Mend

@metamask-previews/profile-sync-controller 28.0.2-preview-6c5b6b08f → 28.0.2-preview-6961bc96f

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (98) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -7,29 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
-### Added
+### Changed
-- Add SRP profile pairing support (Accounts ADR 0006) ([#8504](https://github.com/MetaMask/core/pull/8504), [#8642](https://github.com/MetaMask/core/pull/8642))
-  - Pairing runs at the end of `performSignIn`; pair failures are swallowed and retried on the next gate fire.
-  - Add `needsProfilePairing?: boolean` to state (defaults `true`, cleared on successful pair, re-armed via `requestProfilePairing()`). Optional in the type to keep partial-state selectors assignable; treat `undefined` as `true`.
-  - Add `requestProfilePairing()` (and `AuthenticationController:requestProfilePairing` action) for clients to signal SRP-set changes so the next auto-sign-in cycle re-pairs.
-  - Upgrade path: existing signed-in users re-pair automatically on the first auto-sign-in cycle. Pre-pairing sessions miss `canonicalProfileId` and re-login on the next `getAccessToken`, so the pair call runs against fresh v2 JWTs — no client migration needed.
-  - JWT staleness note: a newly added SRP's JWT keeps `sub = alias_id` until that SRP's session is re-logged-in. User storage is unaffected (it keys on `x-profile-id`, not `sub`).
-  - Add `canonicalProfileId` to `UserProfile` — the unified profile ID across paired SRPs
-  - Add `ProfileAlias` type for transient alias data returned by the pairing API
-  - Add `pairSrpProfiles` method to `SRPJwtBearerAuth` and `JwtBearerAuth`
-  - Add `ProfileSignInEvent` (`AuthenticationController:profileSignIn`) emitted after successful pairing when the canonical profile ID changes or new aliases are returned
-  - Send `X-MetaMask-Profile-Pairing: enabled` header on all `/srp/login` requests
-  - Resolve original per-SRP `profileId` from `profile_aliases` using `computeIdentifierId`
-  - Propagate canonical profile ID to all `srpSessionData` entries after pairing
-  - Add `refreshCanonicalProfileId` method — forces a fresh canonical retrieval from the server (1 primary SRP login) and propagates it to all cached SRP sessions. For best-effort reads, use `getSessionProfile().canonicalProfileId` instead.
-  - Force re-login when cached session is missing `canonicalProfileId`
-- Add optional `getAppVersion` callback to `MetaMetricsAuth`, forwarded as `metametrics.app_version` in the `POST /api/v2/srp/login` payload. ([#8626](https://github.com/MetaMask/core/pull/8626))
-### Changed
-- Bump `@metamask/keyring-controller` from `^25.1.1` to `^25.5.0` ([#8363](https://github.com/MetaMask/core/pull/8363), [#8634](https://github.com/MetaMask/core/pull/8634), [#8665](https://github.com/MetaMask/core/pull/8665), [#8722](https://github.com/MetaMask/core/pull/8722))
-- Bump `@metamask/messenger` from `^1.0.0` to `^1.2.0` ([#8364](https://github.com/MetaMask/core/pull/8364), [#8373](https://github.com/MetaMask/core/pull/8373), [#8632](https://github.com/MetaMask/core/pull/8632))
+- Bump `@metamask/keyring-controller` from `^25.1.1` to `^25.2.0` ([#8363](https://github.com/MetaMask/core/pull/8363))
+- Bump `@metamask/messenger` from `^1.0.0` to `^1.1.1` ([#8364](https://github.com/MetaMask/core/pull/8364), [#8373](https://github.com/MetaMask/core/pull/8373))
 - Bump `@metamask/base-controller` from `^9.0.1` to `^9.1.0` ([#8457](https://github.com/MetaMask/core/pull/8457))
 ## [28.0.2]

package/dist/controllers/authentication/AuthenticationController-method-action-types.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"AuthenticationController-method-action-types.cjs","sourceRoot":"","sources":["../../../src/controllers/authentication/AuthenticationController-method-action-types.ts"],"names":[],"mappings":";AAAA;;;GAGG","sourcesContent":["/*\n This file is auto generated.\n * Do not edit manually.\n /\n\nimport type { AuthenticationController } from './AuthenticationController';\n\nexport type AuthenticationControllerPerformSignInAction = {\n type: `AuthenticationController:performSignIn`;\n handler: AuthenticationController['performSignIn'];\n};\n\~~n/\n Marks profile pairing as needed. Clients call this when the SRP set\n * changes (e.g. a new keyring was added) so the next auto-sign-in cycle\n * re-runs `performSignIn` and re-pairs.\n /\~~nexport type ~~AuthenticationControllerRequestProfilePairingAction = {\n type: `AuthenticationController:requestProfilePairing`;\n handler: AuthenticationController['requestProfilePairing'];\n};\n\nexport type~~ AuthenticationControllerPerformSignOutAction = {\n type: `AuthenticationController:performSignOut`;\n handler: AuthenticationController['performSignOut'];\n};\n\n/\n ~~Returns~~ a bearer token ~~for the specified SRP, logging in if needed~~.\n \n ~~When~~ ~~called~~ ~~without~~ ~~`entropySourceId`,~~ ~~returns~~ ~~the~~ ~~primary~~ ~~(first) SRP's\n * access token, which~~ is ~~effectively~~ ~~the~~ ~~canonical\n * profile's token that can be used by alias-aware consumers for cross-SRP\n * operations~~.\n \n @~~param~~ ~~entropySourceId~~ ~~- The entropy source ID. Omit~~ for the ~~primary SRP~~.\n * @returns The OIDC access token.\n /\nexport type AuthenticationControllerGetBearerTokenAction = {\n type: `AuthenticationController:getBearerToken`;\n handler: AuthenticationController['getBearerToken'];\n};\n\n/\n ~~Returns~~ ~~the~~ ~~cached~~ session profile~~, logging in if no session exists~~.\n \n ~~The~~ ~~returned `canonicalProfileId` reflects the value from the most recent\n * login or pairing. In the rare event where~~ a ~~canonical~~ ~~changed~~ ~~because~~ of\n * a ~~pairing~~ ~~that~~ ~~happened~~ on ~~another device, the cached value may be stale\~~n * until the next login. For guaranteed freshness, call\n * `refreshCanonicalProfileId()` before reading `canonicalProfileId`.\n \n @param entropySourceId - The entropy source ID used to derive the key,\n * when multiple sources are available (Multi-SRP).\n * @returns profile for the session.\n /\nexport type AuthenticationControllerGetSessionProfileAction = {\n type: `AuthenticationController:getSessionProfile`;\n handler: AuthenticationController['getSessionProfile'];\n};\n\n/\n Forces a fresh retrieval of the canonical profile ID from the server\n * and propagates it to all cached SRP sessions.\n \n This method invalidates the primary SRP's cached session and forces a\n * re-login. Use it before operations that require a guaranteed-fresh\n * canonical (e.g. storage key derivation for Accounts ADR 0005). For\n * best-effort reads, use\n * `getSessionProfile().canonicalProfileId` instead.\n \n Only the primary SRP is re-logged-in regardless of how many SRPs exist —\n * the server returns the current canonical for the entire pairing group\n * from any single SRP login.\n \n @returns The refreshed canonical profile ID.\n /\nexport type AuthenticationControllerRefreshCanonicalProfileIdAction = {\n type: `AuthenticationController:refreshCanonicalProfileId`;\n handler: AuthenticationController['refreshCanonicalProfileId'];\n};\n\nexport type AuthenticationControllerGetUserProfileLineageAction = {\n type: `AuthenticationController:getUserProfileLineage`;\n handler: AuthenticationController['getUserProfileLineage'];\n};\n\nexport type AuthenticationControllerIsSignedInAction = {\n type: `AuthenticationController:isSignedIn`;\n handler: AuthenticationController['isSignedIn'];\n};\n\n/\n Union of all AuthenticationController action types.\n */\nexport type AuthenticationControllerMethodActions =\n \| AuthenticationControllerPerformSignInAction\n \| ~~AuthenticationControllerRequestProfilePairingAction\n \|~~ AuthenticationControllerPerformSignOutAction\n \| AuthenticationControllerGetBearerTokenAction\n \| AuthenticationControllerGetSessionProfileAction\n \| ~~AuthenticationControllerRefreshCanonicalProfileIdAction\n \|~~ AuthenticationControllerGetUserProfileLineageAction\n \| AuthenticationControllerIsSignedInAction;\n"]}
1	+ {"version":3,"file":"AuthenticationController-method-action-types.cjs","sourceRoot":"","sources":["../../../src/controllers/authentication/AuthenticationController-method-action-types.ts"],"names":[],"mappings":";AAAA;;;GAGG","sourcesContent":["/*\n This file is auto generated.\n * Do not edit manually.\n /\n\nimport type { AuthenticationController } from './AuthenticationController';\n\nexport type AuthenticationControllerPerformSignInAction = {\n type: `AuthenticationController:performSignIn`;\n handler: AuthenticationController['performSignIn'];\n};\n\nexport type AuthenticationControllerPerformSignOutAction = {\n type: `AuthenticationController:performSignOut`;\n handler: AuthenticationController['performSignOut'];\n};\n\n/\n Will return a bearer token.\n * Logs a user in if a user is not logged in.\n \n @returns profile for the session.\n /\nexport type AuthenticationControllerGetBearerTokenAction = {\n type: `AuthenticationController:getBearerToken`;\n handler: AuthenticationController['getBearerToken'];\n};\n\n/\n Will return a session profile.\n * Logs a user in if a user is not logged in.\n \n @param entropySourceId - The entropy source ID used to derive the key,\n * when multiple sources are available (Multi-SRP).\n * @returns profile for the session.\n /\nexport type AuthenticationControllerGetSessionProfileAction = {\n type: `AuthenticationController:getSessionProfile`;\n handler: AuthenticationController['getSessionProfile'];\n};\n\nexport type AuthenticationControllerGetUserProfileLineageAction = {\n type: `AuthenticationController:getUserProfileLineage`;\n handler: AuthenticationController['getUserProfileLineage'];\n};\n\nexport type AuthenticationControllerIsSignedInAction = {\n type: `AuthenticationController:isSignedIn`;\n handler: AuthenticationController['isSignedIn'];\n};\n\n/\n Union of all AuthenticationController action types.\n */\nexport type AuthenticationControllerMethodActions =\n \| AuthenticationControllerPerformSignInAction\n \| AuthenticationControllerPerformSignOutAction\n \| AuthenticationControllerGetBearerTokenAction\n \| AuthenticationControllerGetSessionProfileAction\n \| AuthenticationControllerGetUserProfileLineageAction\n \| AuthenticationControllerIsSignedInAction;\n"]}

package/dist/controllers/authentication/AuthenticationController-method-action-types.d.cts CHANGED Viewed

@@ -7,42 +7,23 @@ export type AuthenticationControllerPerformSignInAction = {
     type: `AuthenticationController:performSignIn`;
     handler: AuthenticationController['performSignIn'];
 };
-/**
- * Marks profile pairing as needed. Clients call this when the SRP set
- * changes (e.g. a new keyring was added) so the next auto-sign-in cycle
- * re-runs `performSignIn` and re-pairs.
- */
-export type AuthenticationControllerRequestProfilePairingAction = {
-    type: `AuthenticationController:requestProfilePairing`;
-    handler: AuthenticationController['requestProfilePairing'];
-};
 export type AuthenticationControllerPerformSignOutAction = {
     type: `AuthenticationController:performSignOut`;
     handler: AuthenticationController['performSignOut'];
 };
 /**
- * Returns a bearer token for the specified SRP, logging in if needed.
+ * Will return a bearer token.
+ * Logs a user in if a user is not logged in.
  *
- * When called without `entropySourceId`, returns the primary (first) SRP's
- * access token, which is effectively the canonical
- * profile's token that can be used by alias-aware consumers for cross-SRP
- * operations.
- *
- * @param entropySourceId - The entropy source ID. Omit for the primary SRP.
- * @returns The OIDC access token.
+ * @returns profile for the session.
  */
 export type AuthenticationControllerGetBearerTokenAction = {
     type: `AuthenticationController:getBearerToken`;
     handler: AuthenticationController['getBearerToken'];
 };
 /**
- * Returns the cached session profile, logging in if no session exists.
- *
- * The returned `canonicalProfileId` reflects the value from the most recent
- * login or pairing. In the rare event where a canonical changed because of
- * a pairing that happened on another device, the cached value may be stale
- * until the next login. For guaranteed freshness, call
- * `refreshCanonicalProfileId()` before reading `canonicalProfileId`.
+ * Will return a session profile.
+ * Logs a user in if a user is not logged in.
  *
  * @param entropySourceId - The entropy source ID used to derive the key,
  * when multiple sources are available (Multi-SRP).
@@ -52,26 +33,6 @@ export type AuthenticationControllerGetSessionProfileAction = {
     type: `AuthenticationController:getSessionProfile`;
     handler: AuthenticationController['getSessionProfile'];
 };
-/**
- * Forces a fresh retrieval of the canonical profile ID from the server
- * and propagates it to all cached SRP sessions.
- *
- * This method invalidates the primary SRP's cached session and forces a
- * re-login. Use it before operations that require a guaranteed-fresh
- * canonical (e.g. storage key derivation for Accounts ADR 0005). For
- * best-effort reads, use
- * `getSessionProfile().canonicalProfileId` instead.
- *
- * Only the primary SRP is re-logged-in regardless of how many SRPs exist —
- * the server returns the current canonical for the entire pairing group
- * from any single SRP login.
- *
- * @returns The refreshed canonical profile ID.
- */
-export type AuthenticationControllerRefreshCanonicalProfileIdAction = {
-    type: `AuthenticationController:refreshCanonicalProfileId`;
-    handler: AuthenticationController['refreshCanonicalProfileId'];
-};
 export type AuthenticationControllerGetUserProfileLineageAction = {
     type: `AuthenticationController:getUserProfileLineage`;
     handler: AuthenticationController['getUserProfileLineage'];
@@ -83,5 +44,5 @@ export type AuthenticationControllerIsSignedInAction = {
 /**
  * Union of all AuthenticationController action types.
  */
-export type AuthenticationControllerMethodActions = AuthenticationControllerPerformSignInAction | AuthenticationControllerRequestProfilePairingAction | AuthenticationControllerPerformSignOutAction | AuthenticationControllerGetBearerTokenAction | AuthenticationControllerGetSessionProfileAction | AuthenticationControllerRefreshCanonicalProfileIdAction | AuthenticationControllerGetUserProfileLineageAction | AuthenticationControllerIsSignedInAction;
+export type AuthenticationControllerMethodActions = AuthenticationControllerPerformSignInAction | AuthenticationControllerPerformSignOutAction | AuthenticationControllerGetBearerTokenAction | AuthenticationControllerGetSessionProfileAction | AuthenticationControllerGetUserProfileLineageAction | AuthenticationControllerIsSignedInAction;
 //# sourceMappingURL=AuthenticationController-method-action-types.d.cts.map

package/dist/controllers/authentication/AuthenticationController-method-action-types.d.cts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"AuthenticationController-method-action-types.d.cts","sourceRoot":"","sources":["../../../src/controllers/authentication/AuthenticationController-method-action-types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,wBAAwB,EAAE,uCAAmC;AAE3E,MAAM,MAAM,2CAA2C,GAAG;IACxD,IAAI,EAAE,wCAAwC,CAAC;IAC/C,OAAO,EAAE,wBAAwB,CAAC,eAAe,CAAC,CAAC;CACpD,CAAC;AAEF~~;;;;GAIG;AACH~~,MAAM,MAAM,~~mDAAmD,GAAG;IAChE,IAAI,EAAE,gDAAgD,CAAC;IACvD,OAAO,EAAE,wBAAwB,CAAC,uBAAuB,CAAC,CAAC;CAC5D,CAAC;AAEF,MAAM,MAAM,~~4CAA4C,GAAG;IACzD,IAAI,EAAE,yCAAyC,CAAC;IAChD,OAAO,EAAE,wBAAwB,CAAC,gBAAgB,CAAC,CAAC;CACrD,CAAC;AAEF~~;;;;;;;;;;GAUG~~;AACH,MAAM,MAAM,4CAA4C,GAAG;IACzD,IAAI,EAAE,yCAAyC,CAAC;IAChD,OAAO,EAAE,wBAAwB,CAAC,gBAAgB,CAAC,CAAC;CACrD,CAAC;AAEF~~;;;;;;;;;;;;GAYG~~;AACH,MAAM,MAAM,+CAA+C,GAAG;IAC5D,IAAI,EAAE,4CAA4C,CAAC;IACnD,OAAO,EAAE,wBAAwB,CAAC,mBAAmB,CAAC,CAAC;CACxD,CAAC;AAEF~~;;;;;;;;;;;;;;;GAeG;AACH~~,MAAM,MAAM,~~uDAAuD,GAAG;IACpE,IAAI,EAAE,oDAAoD,CAAC;IAC3D,OAAO,EAAE,wBAAwB,CAAC,2BAA2B,CAAC,CAAC;CAChE,CAAC;AAEF,MAAM,MAAM,~~mDAAmD,GAAG;IAChE,IAAI,EAAE,gDAAgD,CAAC;IACvD,OAAO,EAAE,wBAAwB,CAAC,uBAAuB,CAAC,CAAC;CAC5D,CAAC;AAEF,MAAM,MAAM,wCAAwC,GAAG;IACrD,IAAI,EAAE,qCAAqC,CAAC;IAC5C,OAAO,EAAE,wBAAwB,CAAC,YAAY,CAAC,CAAC;CACjD,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,qCAAqC,GAC7C,2CAA2C,GAC3C,~~mDAAmD,GACnD,~~4CAA4C,GAC5C,4CAA4C,GAC5C,+CAA+C,GAC/C,~~uDAAuD,GACvD,~~mDAAmD,GACnD,wCAAwC,CAAC"}
1	+ {"version":3,"file":"AuthenticationController-method-action-types.d.cts","sourceRoot":"","sources":["../../../src/controllers/authentication/AuthenticationController-method-action-types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,wBAAwB,EAAE,uCAAmC;AAE3E,MAAM,MAAM,2CAA2C,GAAG;IACxD,IAAI,EAAE,wCAAwC,CAAC;IAC/C,OAAO,EAAE,wBAAwB,CAAC,eAAe,CAAC,CAAC;CACpD,CAAC;AAEF,MAAM,MAAM,4CAA4C,GAAG;IACzD,IAAI,EAAE,yCAAyC,CAAC;IAChD,OAAO,EAAE,wBAAwB,CAAC,gBAAgB,CAAC,CAAC;CACrD,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,4CAA4C,GAAG;IACzD,IAAI,EAAE,yCAAyC,CAAC;IAChD,OAAO,EAAE,wBAAwB,CAAC,gBAAgB,CAAC,CAAC;CACrD,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,MAAM,+CAA+C,GAAG;IAC5D,IAAI,EAAE,4CAA4C,CAAC;IACnD,OAAO,EAAE,wBAAwB,CAAC,mBAAmB,CAAC,CAAC;CACxD,CAAC;AAEF,MAAM,MAAM,mDAAmD,GAAG;IAChE,IAAI,EAAE,gDAAgD,CAAC;IACvD,OAAO,EAAE,wBAAwB,CAAC,uBAAuB,CAAC,CAAC;CAC5D,CAAC;AAEF,MAAM,MAAM,wCAAwC,GAAG;IACrD,IAAI,EAAE,qCAAqC,CAAC;IAC5C,OAAO,EAAE,wBAAwB,CAAC,YAAY,CAAC,CAAC;CACjD,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,qCAAqC,GAC7C,2CAA2C,GAC3C,4CAA4C,GAC5C,4CAA4C,GAC5C,+CAA+C,GAC/C,mDAAmD,GACnD,wCAAwC,CAAC"}

package/dist/controllers/authentication/AuthenticationController-method-action-types.d.mts CHANGED Viewed

@@ -7,42 +7,23 @@ export type AuthenticationControllerPerformSignInAction = {
     type: `AuthenticationController:performSignIn`;
     handler: AuthenticationController['performSignIn'];
 };
-/**
- * Marks profile pairing as needed. Clients call this when the SRP set
- * changes (e.g. a new keyring was added) so the next auto-sign-in cycle
- * re-runs `performSignIn` and re-pairs.
- */
-export type AuthenticationControllerRequestProfilePairingAction = {
-    type: `AuthenticationController:requestProfilePairing`;
-    handler: AuthenticationController['requestProfilePairing'];
-};
 export type AuthenticationControllerPerformSignOutAction = {
     type: `AuthenticationController:performSignOut`;
     handler: AuthenticationController['performSignOut'];
 };
 /**
- * Returns a bearer token for the specified SRP, logging in if needed.
+ * Will return a bearer token.
+ * Logs a user in if a user is not logged in.
  *
- * When called without `entropySourceId`, returns the primary (first) SRP's
- * access token, which is effectively the canonical
- * profile's token that can be used by alias-aware consumers for cross-SRP
- * operations.
- *
- * @param entropySourceId - The entropy source ID. Omit for the primary SRP.
- * @returns The OIDC access token.
+ * @returns profile for the session.
  */
 export type AuthenticationControllerGetBearerTokenAction = {
     type: `AuthenticationController:getBearerToken`;
     handler: AuthenticationController['getBearerToken'];
 };
 /**
- * Returns the cached session profile, logging in if no session exists.
- *
- * The returned `canonicalProfileId` reflects the value from the most recent
- * login or pairing. In the rare event where a canonical changed because of
- * a pairing that happened on another device, the cached value may be stale
- * until the next login. For guaranteed freshness, call
- * `refreshCanonicalProfileId()` before reading `canonicalProfileId`.
+ * Will return a session profile.
+ * Logs a user in if a user is not logged in.
  *
  * @param entropySourceId - The entropy source ID used to derive the key,
  * when multiple sources are available (Multi-SRP).
@@ -52,26 +33,6 @@ export type AuthenticationControllerGetSessionProfileAction = {
     type: `AuthenticationController:getSessionProfile`;
     handler: AuthenticationController['getSessionProfile'];
 };
-/**
- * Forces a fresh retrieval of the canonical profile ID from the server
- * and propagates it to all cached SRP sessions.
- *
- * This method invalidates the primary SRP's cached session and forces a
- * re-login. Use it before operations that require a guaranteed-fresh
- * canonical (e.g. storage key derivation for Accounts ADR 0005). For
- * best-effort reads, use
- * `getSessionProfile().canonicalProfileId` instead.
- *
- * Only the primary SRP is re-logged-in regardless of how many SRPs exist —
- * the server returns the current canonical for the entire pairing group
- * from any single SRP login.
- *
- * @returns The refreshed canonical profile ID.
- */
-export type AuthenticationControllerRefreshCanonicalProfileIdAction = {
-    type: `AuthenticationController:refreshCanonicalProfileId`;
-    handler: AuthenticationController['refreshCanonicalProfileId'];
-};
 export type AuthenticationControllerGetUserProfileLineageAction = {
     type: `AuthenticationController:getUserProfileLineage`;
     handler: AuthenticationController['getUserProfileLineage'];
@@ -83,5 +44,5 @@ export type AuthenticationControllerIsSignedInAction = {
 /**
  * Union of all AuthenticationController action types.
  */
-export type AuthenticationControllerMethodActions = AuthenticationControllerPerformSignInAction | AuthenticationControllerRequestProfilePairingAction | AuthenticationControllerPerformSignOutAction | AuthenticationControllerGetBearerTokenAction | AuthenticationControllerGetSessionProfileAction | AuthenticationControllerRefreshCanonicalProfileIdAction | AuthenticationControllerGetUserProfileLineageAction | AuthenticationControllerIsSignedInAction;
+export type AuthenticationControllerMethodActions = AuthenticationControllerPerformSignInAction | AuthenticationControllerPerformSignOutAction | AuthenticationControllerGetBearerTokenAction | AuthenticationControllerGetSessionProfileAction | AuthenticationControllerGetUserProfileLineageAction | AuthenticationControllerIsSignedInAction;
 //# sourceMappingURL=AuthenticationController-method-action-types.d.mts.map

package/dist/controllers/authentication/AuthenticationController-method-action-types.d.mts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"AuthenticationController-method-action-types.d.mts","sourceRoot":"","sources":["../../../src/controllers/authentication/AuthenticationController-method-action-types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,wBAAwB,EAAE,uCAAmC;AAE3E,MAAM,MAAM,2CAA2C,GAAG;IACxD,IAAI,EAAE,wCAAwC,CAAC;IAC/C,OAAO,EAAE,wBAAwB,CAAC,eAAe,CAAC,CAAC;CACpD,CAAC;AAEF~~;;;;GAIG;AACH~~,MAAM,MAAM,~~mDAAmD,GAAG;IAChE,IAAI,EAAE,gDAAgD,CAAC;IACvD,OAAO,EAAE,wBAAwB,CAAC,uBAAuB,CAAC,CAAC;CAC5D,CAAC;AAEF,MAAM,MAAM,~~4CAA4C,GAAG;IACzD,IAAI,EAAE,yCAAyC,CAAC;IAChD,OAAO,EAAE,wBAAwB,CAAC,gBAAgB,CAAC,CAAC;CACrD,CAAC;AAEF~~;;;;;;;;;;GAUG~~;AACH,MAAM,MAAM,4CAA4C,GAAG;IACzD,IAAI,EAAE,yCAAyC,CAAC;IAChD,OAAO,EAAE,wBAAwB,CAAC,gBAAgB,CAAC,CAAC;CACrD,CAAC;AAEF~~;;;;;;;;;;;;GAYG~~;AACH,MAAM,MAAM,+CAA+C,GAAG;IAC5D,IAAI,EAAE,4CAA4C,CAAC;IACnD,OAAO,EAAE,wBAAwB,CAAC,mBAAmB,CAAC,CAAC;CACxD,CAAC;AAEF~~;;;;;;;;;;;;;;;GAeG;AACH~~,MAAM,MAAM,~~uDAAuD,GAAG;IACpE,IAAI,EAAE,oDAAoD,CAAC;IAC3D,OAAO,EAAE,wBAAwB,CAAC,2BAA2B,CAAC,CAAC;CAChE,CAAC;AAEF,MAAM,MAAM,~~mDAAmD,GAAG;IAChE,IAAI,EAAE,gDAAgD,CAAC;IACvD,OAAO,EAAE,wBAAwB,CAAC,uBAAuB,CAAC,CAAC;CAC5D,CAAC;AAEF,MAAM,MAAM,wCAAwC,GAAG;IACrD,IAAI,EAAE,qCAAqC,CAAC;IAC5C,OAAO,EAAE,wBAAwB,CAAC,YAAY,CAAC,CAAC;CACjD,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,qCAAqC,GAC7C,2CAA2C,GAC3C,~~mDAAmD,GACnD,~~4CAA4C,GAC5C,4CAA4C,GAC5C,+CAA+C,GAC/C,~~uDAAuD,GACvD,~~mDAAmD,GACnD,wCAAwC,CAAC"}
1	+ {"version":3,"file":"AuthenticationController-method-action-types.d.mts","sourceRoot":"","sources":["../../../src/controllers/authentication/AuthenticationController-method-action-types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,wBAAwB,EAAE,uCAAmC;AAE3E,MAAM,MAAM,2CAA2C,GAAG;IACxD,IAAI,EAAE,wCAAwC,CAAC;IAC/C,OAAO,EAAE,wBAAwB,CAAC,eAAe,CAAC,CAAC;CACpD,CAAC;AAEF,MAAM,MAAM,4CAA4C,GAAG;IACzD,IAAI,EAAE,yCAAyC,CAAC;IAChD,OAAO,EAAE,wBAAwB,CAAC,gBAAgB,CAAC,CAAC;CACrD,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,4CAA4C,GAAG;IACzD,IAAI,EAAE,yCAAyC,CAAC;IAChD,OAAO,EAAE,wBAAwB,CAAC,gBAAgB,CAAC,CAAC;CACrD,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,MAAM,+CAA+C,GAAG;IAC5D,IAAI,EAAE,4CAA4C,CAAC;IACnD,OAAO,EAAE,wBAAwB,CAAC,mBAAmB,CAAC,CAAC;CACxD,CAAC;AAEF,MAAM,MAAM,mDAAmD,GAAG;IAChE,IAAI,EAAE,gDAAgD,CAAC;IACvD,OAAO,EAAE,wBAAwB,CAAC,uBAAuB,CAAC,CAAC;CAC5D,CAAC;AAEF,MAAM,MAAM,wCAAwC,GAAG;IACrD,IAAI,EAAE,qCAAqC,CAAC;IAC5C,OAAO,EAAE,wBAAwB,CAAC,YAAY,CAAC,CAAC;CACjD,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,qCAAqC,GAC7C,2CAA2C,GAC3C,4CAA4C,GAC5C,4CAA4C,GAC5C,+CAA+C,GAC/C,mDAAmD,GACnD,wCAAwC,CAAC"}

package/dist/controllers/authentication/AuthenticationController-method-action-types.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"AuthenticationController-method-action-types.mjs","sourceRoot":"","sources":["../../../src/controllers/authentication/AuthenticationController-method-action-types.ts"],"names":[],"mappings":"AAAA;;;GAGG","sourcesContent":["/*\n This file is auto generated.\n * Do not edit manually.\n /\n\nimport type { AuthenticationController } from './AuthenticationController';\n\nexport type AuthenticationControllerPerformSignInAction = {\n type: `AuthenticationController:performSignIn`;\n handler: AuthenticationController['performSignIn'];\n};\n\~~n/\n Marks profile pairing as needed. Clients call this when the SRP set\n * changes (e.g. a new keyring was added) so the next auto-sign-in cycle\n * re-runs `performSignIn` and re-pairs.\n /\~~nexport type ~~AuthenticationControllerRequestProfilePairingAction = {\n type: `AuthenticationController:requestProfilePairing`;\n handler: AuthenticationController['requestProfilePairing'];\n};\n\nexport type~~ AuthenticationControllerPerformSignOutAction = {\n type: `AuthenticationController:performSignOut`;\n handler: AuthenticationController['performSignOut'];\n};\n\n/\n ~~Returns~~ a bearer token ~~for the specified SRP, logging in if needed~~.\n \n ~~When~~ ~~called~~ ~~without~~ ~~`entropySourceId`,~~ ~~returns~~ ~~the~~ ~~primary~~ ~~(first) SRP's\n * access token, which~~ is ~~effectively~~ ~~the~~ ~~canonical\n * profile's token that can be used by alias-aware consumers for cross-SRP\n * operations~~.\n \n @~~param~~ ~~entropySourceId~~ ~~- The entropy source ID. Omit~~ for the ~~primary SRP~~.\n * @returns The OIDC access token.\n /\nexport type AuthenticationControllerGetBearerTokenAction = {\n type: `AuthenticationController:getBearerToken`;\n handler: AuthenticationController['getBearerToken'];\n};\n\n/\n ~~Returns~~ ~~the~~ ~~cached~~ session profile~~, logging in if no session exists~~.\n \n ~~The~~ ~~returned `canonicalProfileId` reflects the value from the most recent\n * login or pairing. In the rare event where~~ a ~~canonical~~ ~~changed~~ ~~because~~ of\n * a ~~pairing~~ ~~that~~ ~~happened~~ on ~~another device, the cached value may be stale\~~n * until the next login. For guaranteed freshness, call\n * `refreshCanonicalProfileId()` before reading `canonicalProfileId`.\n \n @param entropySourceId - The entropy source ID used to derive the key,\n * when multiple sources are available (Multi-SRP).\n * @returns profile for the session.\n /\nexport type AuthenticationControllerGetSessionProfileAction = {\n type: `AuthenticationController:getSessionProfile`;\n handler: AuthenticationController['getSessionProfile'];\n};\n\n/\n Forces a fresh retrieval of the canonical profile ID from the server\n * and propagates it to all cached SRP sessions.\n \n This method invalidates the primary SRP's cached session and forces a\n * re-login. Use it before operations that require a guaranteed-fresh\n * canonical (e.g. storage key derivation for Accounts ADR 0005). For\n * best-effort reads, use\n * `getSessionProfile().canonicalProfileId` instead.\n \n Only the primary SRP is re-logged-in regardless of how many SRPs exist —\n * the server returns the current canonical for the entire pairing group\n * from any single SRP login.\n \n @returns The refreshed canonical profile ID.\n /\nexport type AuthenticationControllerRefreshCanonicalProfileIdAction = {\n type: `AuthenticationController:refreshCanonicalProfileId`;\n handler: AuthenticationController['refreshCanonicalProfileId'];\n};\n\nexport type AuthenticationControllerGetUserProfileLineageAction = {\n type: `AuthenticationController:getUserProfileLineage`;\n handler: AuthenticationController['getUserProfileLineage'];\n};\n\nexport type AuthenticationControllerIsSignedInAction = {\n type: `AuthenticationController:isSignedIn`;\n handler: AuthenticationController['isSignedIn'];\n};\n\n/\n Union of all AuthenticationController action types.\n */\nexport type AuthenticationControllerMethodActions =\n \| AuthenticationControllerPerformSignInAction\n \| ~~AuthenticationControllerRequestProfilePairingAction\n \|~~ AuthenticationControllerPerformSignOutAction\n \| AuthenticationControllerGetBearerTokenAction\n \| AuthenticationControllerGetSessionProfileAction\n \| ~~AuthenticationControllerRefreshCanonicalProfileIdAction\n \|~~ AuthenticationControllerGetUserProfileLineageAction\n \| AuthenticationControllerIsSignedInAction;\n"]}
1	+ {"version":3,"file":"AuthenticationController-method-action-types.mjs","sourceRoot":"","sources":["../../../src/controllers/authentication/AuthenticationController-method-action-types.ts"],"names":[],"mappings":"AAAA;;;GAGG","sourcesContent":["/*\n This file is auto generated.\n * Do not edit manually.\n /\n\nimport type { AuthenticationController } from './AuthenticationController';\n\nexport type AuthenticationControllerPerformSignInAction = {\n type: `AuthenticationController:performSignIn`;\n handler: AuthenticationController['performSignIn'];\n};\n\nexport type AuthenticationControllerPerformSignOutAction = {\n type: `AuthenticationController:performSignOut`;\n handler: AuthenticationController['performSignOut'];\n};\n\n/\n Will return a bearer token.\n * Logs a user in if a user is not logged in.\n \n @returns profile for the session.\n /\nexport type AuthenticationControllerGetBearerTokenAction = {\n type: `AuthenticationController:getBearerToken`;\n handler: AuthenticationController['getBearerToken'];\n};\n\n/\n Will return a session profile.\n * Logs a user in if a user is not logged in.\n \n @param entropySourceId - The entropy source ID used to derive the key,\n * when multiple sources are available (Multi-SRP).\n * @returns profile for the session.\n /\nexport type AuthenticationControllerGetSessionProfileAction = {\n type: `AuthenticationController:getSessionProfile`;\n handler: AuthenticationController['getSessionProfile'];\n};\n\nexport type AuthenticationControllerGetUserProfileLineageAction = {\n type: `AuthenticationController:getUserProfileLineage`;\n handler: AuthenticationController['getUserProfileLineage'];\n};\n\nexport type AuthenticationControllerIsSignedInAction = {\n type: `AuthenticationController:isSignedIn`;\n handler: AuthenticationController['isSignedIn'];\n};\n\n/\n Union of all AuthenticationController action types.\n */\nexport type AuthenticationControllerMethodActions =\n \| AuthenticationControllerPerformSignInAction\n \| AuthenticationControllerPerformSignOutAction\n \| AuthenticationControllerGetBearerTokenAction\n \| AuthenticationControllerGetSessionProfileAction\n \| AuthenticationControllerGetUserProfileLineageAction\n \| AuthenticationControllerIsSignedInAction;\n"]}

package/dist/controllers/authentication/AuthenticationController.cjs CHANGED Viewed

@@ -10,7 +10,7 @@ var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (
     if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
     return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
 };
-var _AuthenticationController_instances, _AuthenticationController_metametrics, _AuthenticationController_auth, _AuthenticationController_config, _AuthenticationController_isUnlocked, _AuthenticationController_cachedPrimaryEntropySourceId, _AuthenticationController_profilePairingRequestEpoch, _AuthenticationController_keyringController, _AuthenticationController_getLoginResponseFromState, _AuthenticationController_setLoginResponseToState, _AuthenticationController_assertIsUnlocked, _AuthenticationController_getPrimaryEntropySourceId, _AuthenticationController_tryClearNeedsProfilePairing, _AuthenticationController_doPair, _AuthenticationController_pairSrpProfiles, _AuthenticationController_propagateCanonical, _AuthenticationController_getCanonicalProfileId, _AuthenticationController_invalidateSrpSession, _AuthenticationController_snapGetPublicKey, _AuthenticationController_snapGetAllPublicKeys, _AuthenticationController__snapSignMessageCache, _AuthenticationController_snapSignMessage;
+var _AuthenticationController_instances, _AuthenticationController_metametrics, _AuthenticationController_auth, _AuthenticationController_config, _AuthenticationController_isUnlocked, _AuthenticationController_cachedPrimaryEntropySourceId, _AuthenticationController_keyringController, _AuthenticationController_getLoginResponseFromState, _AuthenticationController_setLoginResponseToState, _AuthenticationController_assertIsUnlocked, _AuthenticationController_getPrimaryEntropySourceId, _AuthenticationController_snapGetPublicKey, _AuthenticationController_snapGetAllPublicKeys, _AuthenticationController__snapSignMessageCache, _AuthenticationController_snapSignMessage;
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AuthenticationController = exports.defaultState = void 0;
 const base_controller_1 = require("@metamask/base-controller");
@@ -19,7 +19,6 @@ const auth_snap_requests_1 = require("./auth-snap-requests.cjs");
 const controllerName = 'AuthenticationController';
 exports.defaultState = {
     isSignedIn: false,
-    needsProfilePairing: true,
 };
 const metadata = {
     isSignedIn: {
@@ -28,12 +27,6 @@ const metadata = {
         includeInDebugSnapshot: true,
         usedInUi: true,
     },
-    needsProfilePairing: {
-        includeInStateLogs: true,
-        persist: true,
-        includeInDebugSnapshot: true,
-        usedInUi: true,
-    },
     srpSessionData: {
         // Remove access token from state logs
         includeInStateLogs: (srpSessionData) => {
@@ -64,10 +57,8 @@ const MESSENGER_EXPOSED_METHODS = [
     'performSignOut',
     'getBearerToken',
     'getSessionProfile',
-    'refreshCanonicalProfileId',
     'getUserProfileLineage',
     'isSignedIn',
-    'requestProfilePairing',
 ];
 /**
  * Controller that enables authentication for restricted endpoints.
@@ -89,10 +80,6 @@ class AuthenticationController extends base_controller_1.BaseController {
         });
         _AuthenticationController_isUnlocked.set(this, false);
         _AuthenticationController_cachedPrimaryEntropySourceId.set(this, void 0);
-        // Bumped by `requestProfilePairing`. `performSignIn` snapshots this
-        // before its first await; if it changes mid-flight we must NOT clear
-        // `needsProfilePairing` (the rearm signal wins).
-        _AuthenticationController_profilePairingRequestEpoch.set(this, 0);
         _AuthenticationController_keyringController.set(this, {
             setupLockedStateSubscriptions: () => {
                 const { isUnlocked } = this.messenger.call('KeyringController:getState');
@@ -134,7 +121,6 @@ class AuthenticationController extends base_controller_1.BaseController {
     }
     async performSignIn() {
         __classPrivateFieldGet(this, _AuthenticationController_instances, "m", _AuthenticationController_assertIsUnlocked).call(this, 'performSignIn');
-        const epochAtStart = __classPrivateFieldGet(this, _AuthenticationController_profilePairingRequestEpoch, "f");
         const allPublicKeys = await __classPrivateFieldGet(this, _AuthenticationController_instances, "m", _AuthenticationController_snapGetAllPublicKeys).call(this);
         const accessTokens = [];
         // We iterate sequentially in order to be sure that the first entry
@@ -143,34 +129,8 @@ class AuthenticationController extends base_controller_1.BaseController {
             const accessToken = await __classPrivateFieldGet(this, _AuthenticationController_auth, "f").getAccessToken(entropySourceId);
             accessTokens.push(accessToken);
         }
-        if (allPublicKeys.length < 2) {
-            // Single-SRP wallet: nothing to pair.
-            __classPrivateFieldGet(this, _AuthenticationController_instances, "m", _AuthenticationController_tryClearNeedsProfilePairing).call(this, epochAtStart);
-        }
-        else {
-            // Pair failures must not break sign-in; the gate stays `true` for retry.
-            try {
-                await __classPrivateFieldGet(this, _AuthenticationController_instances, "m", _AuthenticationController_doPair).call(this, accessTokens, epochAtStart);
-            }
-            catch {
-                // noop
-            }
-        }
         return accessTokens;
     }
-    /**
-     * Marks profile pairing as needed. Clients call this when the SRP set
-     * changes (e.g. a new keyring was added) so the next auto-sign-in cycle
-     * re-runs `performSignIn` and re-pairs.
-     */
-    requestProfilePairing() {
-        __classPrivateFieldSet(this, _AuthenticationController_profilePairingRequestEpoch, __classPrivateFieldGet(this, _AuthenticationController_profilePairingRequestEpoch, "f") + 1, "f");
-        if (!this.state.needsProfilePairing) {
-            this.update((state) => {
-                state.needsProfilePairing = true;
-            });
-        }
-    }
     performSignOut() {
         __classPrivateFieldSet(this, _AuthenticationController_cachedPrimaryEntropySourceId, undefined, "f");
         this.update((state) => {
@@ -179,15 +139,10 @@ class AuthenticationController extends base_controller_1.BaseController {
         });
     }
     /**
-     * Returns a bearer token for the specified SRP, logging in if needed.
-     *
-     * When called without `entropySourceId`, returns the primary (first) SRP's
-     * access token, which is effectively the canonical
-     * profile's token that can be used by alias-aware consumers for cross-SRP
-     * operations.
+     * Will return a bearer token.
+     * Logs a user in if a user is not logged in.
      *
-     * @param entropySourceId - The entropy source ID. Omit for the primary SRP.
-     * @returns The OIDC access token.
+     * @returns profile for the session.
      */
     async getBearerToken(entropySourceId) {
         __classPrivateFieldGet(this, _AuthenticationController_instances, "m", _AuthenticationController_assertIsUnlocked).call(this, 'getBearerToken');
@@ -195,13 +150,8 @@ class AuthenticationController extends base_controller_1.BaseController {
         return await __classPrivateFieldGet(this, _AuthenticationController_auth, "f").getAccessToken(resolvedId);
     }
     /**
-     * Returns the cached session profile, logging in if no session exists.
-     *
-     * The returned `canonicalProfileId` reflects the value from the most recent
-     * login or pairing. In the rare event where a canonical changed because of
-     * a pairing that happened on another device, the cached value may be stale
-     * until the next login. For guaranteed freshness, call
-     * `refreshCanonicalProfileId()` before reading `canonicalProfileId`.
+     * Will return a session profile.
+     * Logs a user in if a user is not logged in.
      *
      * @param entropySourceId - The entropy source ID used to derive the key,
      * when multiple sources are available (Multi-SRP).
@@ -212,34 +162,6 @@ class AuthenticationController extends base_controller_1.BaseController {
         const resolvedId = entropySourceId ?? (await __classPrivateFieldGet(this, _AuthenticationController_instances, "m", _AuthenticationController_getPrimaryEntropySourceId).call(this));
         return await __classPrivateFieldGet(this, _AuthenticationController_auth, "f").getUserProfile(resolvedId);
     }
-    /**
-     * Forces a fresh retrieval of the canonical profile ID from the server
-     * and propagates it to all cached SRP sessions.
-     *
-     * This method invalidates the primary SRP's cached session and forces a
-     * re-login. Use it before operations that require a guaranteed-fresh
-     * canonical (e.g. storage key derivation for Accounts ADR 0005). For
-     * best-effort reads, use
-     * `getSessionProfile().canonicalProfileId` instead.
-     *
-     * Only the primary SRP is re-logged-in regardless of how many SRPs exist —
-     * the server returns the current canonical for the entire pairing group
-     * from any single SRP login.
-     *
-     * @returns The refreshed canonical profile ID.
-     */
-    async refreshCanonicalProfileId() {
-        __classPrivateFieldGet(this, _AuthenticationController_instances, "m", _AuthenticationController_assertIsUnlocked).call(this, 'refreshCanonicalProfileId');
-        const primaryEntropySourceId = await __classPrivateFieldGet(this, _AuthenticationController_instances, "m", _AuthenticationController_getPrimaryEntropySourceId).call(this);
-        __classPrivateFieldGet(this, _AuthenticationController_instances, "m", _AuthenticationController_invalidateSrpSession).call(this, primaryEntropySourceId);
-        await __classPrivateFieldGet(this, _AuthenticationController_auth, "f").getAccessToken(primaryEntropySourceId);
-        const canonical = await __classPrivateFieldGet(this, _AuthenticationController_instances, "m", _AuthenticationController_getCanonicalProfileId).call(this);
-        if (!canonical) {
-            throw new Error('refreshCanonicalProfileId - Unable to resolve canonical profile ID');
-        }
-        __classPrivateFieldGet(this, _AuthenticationController_instances, "m", _AuthenticationController_propagateCanonical).call(this, canonical);
-        return canonical;
-    }
     async getUserProfileLineage(entropySourceId) {
         __classPrivateFieldGet(this, _AuthenticationController_instances, "m", _AuthenticationController_assertIsUnlocked).call(this, 'getUserProfileLineage');
         const resolvedId = entropySourceId ?? (await __classPrivateFieldGet(this, _AuthenticationController_instances, "m", _AuthenticationController_getPrimaryEntropySourceId).call(this));
@@ -250,7 +172,7 @@ class AuthenticationController extends base_controller_1.BaseController {
     }
 }
 exports.AuthenticationController = AuthenticationController;
-_AuthenticationController_metametrics = new WeakMap(), _AuthenticationController_auth = new WeakMap(), _AuthenticationController_config = new WeakMap(), _AuthenticationController_isUnlocked = new WeakMap(), _AuthenticationController_cachedPrimaryEntropySourceId = new WeakMap(), _AuthenticationController_profilePairingRequestEpoch = new WeakMap(), _AuthenticationController_keyringController = new WeakMap(), _AuthenticationController__snapSignMessageCache = new WeakMap(), _AuthenticationController_instances = new WeakSet(), _AuthenticationController_getLoginResponseFromState = async function _AuthenticationController_getLoginResponseFromState(entropySourceId) {
+_AuthenticationController_metametrics = new WeakMap(), _AuthenticationController_auth = new WeakMap(), _AuthenticationController_config = new WeakMap(), _AuthenticationController_isUnlocked = new WeakMap(), _AuthenticationController_cachedPrimaryEntropySourceId = new WeakMap(), _AuthenticationController_keyringController = new WeakMap(), _AuthenticationController__snapSignMessageCache = new WeakMap(), _AuthenticationController_instances = new WeakSet(), _AuthenticationController_getLoginResponseFromState = async function _AuthenticationController_getLoginResponseFromState(entropySourceId) {
     const resolvedId = entropySourceId ?? (await __classPrivateFieldGet(this, _AuthenticationController_instances, "m", _AuthenticationController_getPrimaryEntropySourceId).call(this));
     if (!this.state.srpSessionData?.[resolvedId]) {
         return null;
@@ -290,90 +212,6 @@ _AuthenticationController_metametrics = new WeakMap(), _AuthenticationController
     }
     __classPrivateFieldSet(this, _AuthenticationController_cachedPrimaryEntropySourceId, primaryId, "f");
     return __classPrivateFieldGet(this, _AuthenticationController_cachedPrimaryEntropySourceId, "f");
-}, _AuthenticationController_tryClearNeedsProfilePairing = function _AuthenticationController_tryClearNeedsProfilePairing(epochAtStart) {
-    if (__classPrivateFieldGet(this, _AuthenticationController_profilePairingRequestEpoch, "f") !== epochAtStart) {
-        return;
-    }
-    if (this.state.needsProfilePairing) {
-        this.update((state) => {
-            state.needsProfilePairing = false;
-        });
-    }
-}, _AuthenticationController_doPair =
-/**
- * Pairs all SRPs via `POST /profile/pair`, propagates the canonical
- * profile ID, clears `needsProfilePairing`, and emits
- * `AuthenticationController:profileSignIn` when the canonical changes or
- * new aliases are returned. Throws on failure.
- *
- * @param accessTokens - Per-SRP access tokens, primary first.
- * @param epochAtStart - Pairing-request epoch captured by the caller.
- * Used to skip the gate clear if `requestProfilePairing` ran while the
- * pair API call was in-flight.
- */
-async function _AuthenticationController_doPair(accessTokens, epochAtStart) {
-    const previousCanonical = await __classPrivateFieldGet(this, _AuthenticationController_instances, "m", _AuthenticationController_getCanonicalProfileId).call(this);
-    const profileAliases = await __classPrivateFieldGet(this, _AuthenticationController_instances, "m", _AuthenticationController_pairSrpProfiles).call(this, accessTokens);
-    const newCanonical = await __classPrivateFieldGet(this, _AuthenticationController_instances, "m", _AuthenticationController_getCanonicalProfileId).call(this);
-    // If somehow we cannot compute the new canonical profile ID after pairing,
-    // we just return now and do not update the `needsProfilePairing` flag.
-    if (!newCanonical) {
-        return;
-    }
-    __classPrivateFieldGet(this, _AuthenticationController_instances, "m", _AuthenticationController_tryClearNeedsProfilePairing).call(this, epochAtStart);
-    const profileIdChanged = previousCanonical !== newCanonical;
-    const shouldEmitProfileSignInEvent = profileIdChanged || profileAliases.length > 0;
-    if (shouldEmitProfileSignInEvent) {
-        this.messenger.publish('AuthenticationController:profileSignIn', {
-            profileId: newCanonical,
-            profileAliases,
-            profileIdChanged,
-        });
-    }
-}, _AuthenticationController_pairSrpProfiles = async function _AuthenticationController_pairSrpProfiles(accessTokens) {
-    if (accessTokens.length < 2) {
-        return [];
-    }
-    const primaryAccessToken = accessTokens[0]; // Associated with primary SRP.
-    const { profileAliases, profile: { canonicalProfileId }, } = await __classPrivateFieldGet(this, _AuthenticationController_auth, "f").pairSrpProfiles(accessTokens, primaryAccessToken);
-    __classPrivateFieldGet(this, _AuthenticationController_instances, "m", _AuthenticationController_propagateCanonical).call(this, canonicalProfileId);
-    return profileAliases;
-}, _AuthenticationController_propagateCanonical = function _AuthenticationController_propagateCanonical(canonicalProfileId) {
-    const { srpSessionData } = this.state;
-    if (!srpSessionData) {
-        return;
-    }
-    this.update((state) => {
-        for (const entry of Object.values(state.srpSessionData ?? {})) {
-            if (entry?.profile) {
-                entry.profile.canonicalProfileId = canonicalProfileId;
-            }
-        }
-    });
-}, _AuthenticationController_getCanonicalProfileId =
-/**
- * Returns the canonical profile id from the primary SRP's cached session.
- * Returns `null` when no session exists yet for the primary SRP.
- *
- * Always reads from the primary SRP because the canonical is shared across
- * all paired SRPs after `#propagateCanonical`.
- *
- * @returns The canonical profile id, or `null` if unavailable.
- */
-async function _AuthenticationController_getCanonicalProfileId() {
-    const primaryEntropySourceId = await __classPrivateFieldGet(this, _AuthenticationController_instances, "m", _AuthenticationController_getPrimaryEntropySourceId).call(this);
-    return (this.state.srpSessionData?.[primaryEntropySourceId]?.profile
-        ?.canonicalProfileId ?? null);
-}, _AuthenticationController_invalidateSrpSession = function _AuthenticationController_invalidateSrpSession(entropySourceId) {
-    this.update((state) => {
-        const entry = state.srpSessionData?.[entropySourceId];
-        if (entry?.profile) {
-            // Setting canonicalProfileId to '' forces a re-fetch on the next
-            // #getAuthSession call. The falsy check (!auth.profile.canonicalProfileId)
-            // treats '' the same as undefined/null — all signal an invalid session.
-            entry.profile.canonicalProfileId = '';
-        }
-    });
 }, _AuthenticationController_snapGetPublicKey =
 /**
  * Returns the auth snap public key.