@proveanything/smartlinks-auth-ui 0.5.12 → 0.5.13

package/dist/components/AccountManagement.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AccountManagement.d.ts","sourceRoot":"","sources":["../../src/components/AccountManagement.tsx"],"names":[],"mappings":"AAAA,OAAO,KAA2C,MAAM,OAAO,CAAC;AAOhE,OAAO,KAAK,EAAE,sBAAsB,EAAe,MAAM,UAAU,CAAC;AACpE,OAAO,qBAAqB,CAAC;AAK7B,eAAO,MAAM,iBAAiB,EAAE,KAAK,CAAC,EAAE,CAAC,sBAAsB,CAgzB9D,CAAC"}
+{"version":3,"file":"AccountManagement.d.ts","sourceRoot":"","sources":["../../src/components/AccountManagement.tsx"],"names":[],"mappings":"AAAA,OAAO,KAA2C,MAAM,OAAO,CAAC;AAOhE,OAAO,KAAK,EAAE,sBAAsB,EAAe,MAAM,UAAU,CAAC;AACpE,OAAO,qBAAqB,CAAC;AAK7B,eAAO,MAAM,iBAAiB,EAAE,KAAK,CAAC,EAAE,CAAC,sBAAsB,CAizB9D,CAAC"}

package/dist/components/SmartlinksAuthUI.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"SmartlinksAuthUI.d.ts","sourceRoot":"","sources":["../../src/components/SmartlinksAuthUI.tsx"],"names":[],"mappings":"AAAA,OAAO,KAA+C,MAAM,OAAO,CAAC;AAcpE,OAAO,KAAK,EAAE,qBAAqB,EAAyF,MAAM,UAAU,CAAC;AAiR7I,QAAA,MAAM,mBAAmB,QAAa,OAAO,CAAC,IAAI,CAqBjD,CAAC;AAqDF,OAAO,EAAE,mBAAmB,EAAE,CAAC;AAI/B,eAAO,MAAM,gBAAgB,EAAE,KAAK,CAAC,EAAE,CAAC,qBAAqB,CA2kE5D,CAAC"}
+{"version":3,"file":"SmartlinksAuthUI.d.ts","sourceRoot":"","sources":["../../src/components/SmartlinksAuthUI.tsx"],"names":[],"mappings":"AAAA,OAAO,KAA+C,MAAM,OAAO,CAAC;AAcpE,OAAO,KAAK,EAAE,qBAAqB,EAAyF,MAAM,UAAU,CAAC;AAiR7I,QAAA,MAAM,mBAAmB,QAAa,OAAO,CAAC,IAAI,CAqBjD,CAAC;AAqDF,OAAO,EAAE,mBAAmB,EAAE,CAAC;AAI/B,eAAO,MAAM,gBAAgB,EAAE,KAAK,CAAC,EAAE,CAAC,qBAAqB,CA+nE5D,CAAC"}

package/dist/components/WhatsAppAuthForm.d.ts

@@ -17,8 +17,8 @@ interface WhatsAppAuthFormProps {
     onSend: (displayName?: string) => Promise<WhatsAppSendResult>;
     /** Poll verification status for the issued token. */
     onPollStatus: (token: string) => Promise<WhatsAppStatusResult>;
-    /** Called once verification is confirmed (status === 'verified'). */
-    onVerified: (result: WhatsAppStatusResult) => void;
+    /** Called once verification is confirmed (status === 'verified'). Return false to keep retrying. */
+    onVerified: (result: WhatsAppStatusResult) => void | Promise<boolean | void>;
     onBack: () => void;
     loading?: boolean;
     error?: string;
@@ -26,6 +26,8 @@ interface WhatsAppAuthFormProps {
     collectName?: boolean;
     /** Polling interval in ms (default 3000). */
     pollIntervalMs?: number;
+    /** Existing in-progress WhatsApp session restored after app switching/reload. */
+    initialSent?: WhatsAppSendResult | null;
 }
 export declare const WhatsAppAuthForm: React.FC<WhatsAppAuthFormProps>;
 export {};

package/dist/components/WhatsAppAuthForm.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"WhatsAppAuthForm.d.ts","sourceRoot":"","sources":["../../src/components/WhatsAppAuthForm.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAsC,MAAM,OAAO,CAAC;AAC3D,OAAO,gBAAgB,CAAC;AAExB,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,SAAS,GAAG,UAAU,GAAG,QAAQ,GAAG,SAAS,GAAG,SAAS,CAAC;IAClE,QAAQ,EAAE,OAAO,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B;AAED,UAAU,qBAAqB;IAC7B,kGAAkG;IAClG,MAAM,EAAE,CAAC,WAAW,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAC9D,qDAAqD;IACrD,YAAY,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAC/D,qEAAqE;IACrE,UAAU,EAAE,CAAC,MAAM,EAAE,oBAAoB,KAAK,IAAI,CAAC;IACnD,MAAM,EAAE,MAAM,IAAI,CAAC;IACnB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,iEAAiE;IACjE,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,6CAA6C;IAC7C,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAOD,eAAO,MAAM,gBAAgB,EAAE,KAAK,CAAC,EAAE,CAAC,qBAAqB,CAqS5D,CAAC"}
+{"version":3,"file":"WhatsAppAuthForm.d.ts","sourceRoot":"","sources":["../../src/components/WhatsAppAuthForm.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAsC,MAAM,OAAO,CAAC;AAC3D,OAAO,gBAAgB,CAAC;AAExB,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,SAAS,GAAG,UAAU,GAAG,QAAQ,GAAG,SAAS,GAAG,SAAS,CAAC;IAClE,QAAQ,EAAE,OAAO,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B;AAED,UAAU,qBAAqB;IAC7B,kGAAkG;IAClG,MAAM,EAAE,CAAC,WAAW,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAC9D,qDAAqD;IACrD,YAAY,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAC/D,oGAAoG;IACpG,UAAU,EAAE,CAAC,MAAM,EAAE,oBAAoB,KAAK,IAAI,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;IAC7E,MAAM,EAAE,MAAM,IAAI,CAAC;IACnB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,iEAAiE;IACjE,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,6CAA6C;IAC7C,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,iFAAiF;IACjF,WAAW,CAAC,EAAE,kBAAkB,GAAG,IAAI,CAAC;CACzC;AAOD,eAAO,MAAM,gBAAgB,EAAE,KAAK,CAAC,EAAE,CAAC,qBAAqB,CAmV5D,CAAC"}

package/dist/context/AuthContext.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AuthContext.d.ts","sourceRoot":"","sources":["../../src/context/AuthContext.tsx"],"names":[],"mappings":"AAAA,OAAO,KAA8E,MAAM,OAAO,CAAC;AAOnG,OAAO,KAAK,EAAqC,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAGvG,eAAO,MAAM,WAAW,6CAAyD,CAAC;AAGlF,YAAY,EAAE,gBAAgB,EAAE,CAAC;AAEjC,eAAO,MAAM,YAAY,EAAE,KAAK,CAAC,EAAE,CAAC,iBAAiB,CAm+BpD,CAAC;AAEF,eAAO,MAAM,OAAO,QAAO,gBAM1B,CAAC"}
+{"version":3,"file":"AuthContext.d.ts","sourceRoot":"","sources":["../../src/context/AuthContext.tsx"],"names":[],"mappings":"AAAA,OAAO,KAA8E,MAAM,OAAO,CAAC;AAOnG,OAAO,KAAK,EAAqC,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAGvG,eAAO,MAAM,WAAW,6CAAyD,CAAC;AAGlF,YAAY,EAAE,gBAAgB,EAAE,CAAC;AAEjC,eAAO,MAAM,YAAY,EAAE,KAAK,CAAC,EAAE,CAAC,iBAAiB,CA0oCpD,CAAC;AAEF,eAAO,MAAM,OAAO,QAAO,gBAM1B,CAAC"}

package/dist/index.esm.js

@@ -10873,18 +10873,19 @@ const isDesktop = () => {
         return false;
     return !/Android|iPhone|iPad|iPod|Mobile/i.test(navigator.userAgent);
 };
-const WhatsAppAuthForm = ({ onSend, onPollStatus, onVerified, onBack, loading = false, error, collectName = false, pollIntervalMs = 3000, }) => {
+const WhatsAppAuthForm = ({ onSend, onPollStatus, onVerified, onBack, loading = false, error, collectName = false, pollIntervalMs = 3000, initialSent = null, }) => {
     const [displayName, setDisplayName] = useState('');
-    const [sent, setSent] = useState(null);
+    const [sent, setSent] = useState(initialSent ?? null);
     const [pollError, setPollError] = useState();
     const [qrDataUrl, setQrDataUrl] = useState(null);
     const [showOnDesktop] = useState(isDesktop());
     const verifiedFiredRef = useRef(false);
     const autoSentRef = useRef(false);
+    const hydratedInitialTokenRef = useRef(initialSent?.token ?? null);
     // Auto-issue the WhatsApp link on mount when we don't need to collect a name.
     // When collectName is true, wait for the user to submit the name first.
     useEffect(() => {
-        if (collectName)
+        if (collectName || sent)
             return;
         if (autoSentRef.current)
             return;
@@ -10892,13 +10893,24 @@ const WhatsAppAuthForm = ({ onSend, onPollStatus, onVerified, onBack, loading =
         (async () => {
             try {
                 const result = await onSend();
+                hydratedInitialTokenRef.current = result.token;
                 setSent(result);
             }
             catch {
                 // Surfaced via parent error prop
             }
         })();
-    }, [collectName, onSend]);
+    }, [collectName, onSend, sent]);
+    useEffect(() => {
+        if (!initialSent?.token)
+            return;
+        if (initialSent.token === hydratedInitialTokenRef.current)
+            return;
+        hydratedInitialTokenRef.current = initialSent.token;
+        verifiedFiredRef.current = false;
+        setPollError(undefined);
+        setSent(initialSent);
+    }, [initialSent]);
     // Generate QR code for the WhatsApp deep-link (great for desktop scan-with-phone UX)
     useEffect(() => {
         if (!sent?.waLink)
@@ -10927,15 +10939,26 @@ const WhatsAppAuthForm = ({ onSend, onPollStatus, onVerified, onBack, loading =
             return;
         let stopped = false;
         let timer;
+        let pollInFlight = false;
+        const scheduleNext = () => {
+            if (stopped)
+                return;
+            timer = setTimeout(tick, pollIntervalMs);
+        };
         const tick = async () => {
+            if (pollInFlight)
+                return;
+            pollInFlight = true;
             try {
                 const status = await onPollStatus(sent.token);
                 if (stopped)
                     return;
                 if (status.verified && !verifiedFiredRef.current) {
-                    verifiedFiredRef.current = true;
-                    onVerified(status);
-                    return;
+                    const handled = await onVerified(status);
+                    if (handled !== false) {
+                        verifiedFiredRef.current = true;
+                        return;
+                    }
                 }
                 if (status.status === 'failed' || status.status === 'expired') {
                     setPollError(status.status === 'expired'
@@ -10947,12 +10970,31 @@ const WhatsAppAuthForm = ({ onSend, onPollStatus, onVerified, onBack, loading =
             catch {
                 // Transient errors — keep polling
             }
-            timer = setTimeout(tick, pollIntervalMs);
+            finally {
+                pollInFlight = false;
+            }
+            scheduleNext();
+        };
+        const handleResume = () => {
+            if (document.visibilityState && document.visibilityState !== 'visible')
+                return;
+            tick().catch?.(() => { });
+        };
+        const handleVisibilityChange = () => {
+            if (document.visibilityState === 'visible') {
+                handleResume();
+            }
         };
-        timer = setTimeout(tick, pollIntervalMs);
+        tick().catch?.(() => { });
+        window.addEventListener('focus', handleResume);
+        window.addEventListener('pageshow', handleResume);
+        document.addEventListener('visibilitychange', handleVisibilityChange);
         return () => {
             stopped = true;
             clearTimeout(timer);
+            window.removeEventListener('focus', handleResume);
+            window.removeEventListener('pageshow', handleResume);
+            document.removeEventListener('visibilitychange', handleVisibilityChange);
         };
     }, [sent?.token, onPollStatus, onVerified, pollIntervalMs]);
     const handleNameSubmit = async (e) => {
@@ -10961,6 +11003,7 @@ const WhatsAppAuthForm = ({ onSend, onPollStatus, onVerified, onBack, loading =
         verifiedFiredRef.current = false;
         try {
             const result = await onSend(displayName.trim() || undefined);
+            hydratedInitialTokenRef.current = result.token;
             setSent(result);
         }
         catch {
@@ -10975,6 +11018,7 @@ const WhatsAppAuthForm = ({ onSend, onPollStatus, onVerified, onBack, loading =
         if (!collectName) {
             try {
                 const result = await onSend();
+                hydratedInitialTokenRef.current = result.token;
                 setSent(result);
             }
             catch {
@@ -12537,6 +12581,140 @@ collectionId, enableContactSync, enableInteractionTracking, interactionAppId, in
             unsubscribe();
         };
     }, [proxyMode, notifyAuthStateChange]);
+    // Mobile app-switching can miss BroadcastChannel/storage events, especially on iOS.
+    // Re-read persisted auth state whenever the page becomes active again so a
+    // WhatsApp-returned tab/window can pick up a session that another page wrote.
+    useEffect(() => {
+        if (proxyMode)
+            return;
+        const rehydrateFromStorage = async () => {
+            try {
+                const storedToken = await tokenStorage.getToken();
+                const storedUser = await tokenStorage.getUser();
+                const storedAccountData = await tokenStorage.getAccountData();
+                const storedAccountInfo = await tokenStorage.getAccountInfo();
+                const storedContactId = await tokenStorage.getContactId();
+                if (!storedToken || !storedUser)
+                    return;
+                const tokenChanged = storedToken.token !== token;
+                const userChanged = storedUser.uid !== user?.uid;
+                if (tokenChanged || userChanged || !user) {
+                    setToken(storedToken.token);
+                    setUser(storedUser);
+                    setAccountData(storedAccountData);
+                    setAccountInfo(storedAccountInfo?.data || storedAccountData || null);
+                    setContactId(storedContactId);
+                    setIsVerified(true);
+                    notifyAuthStateChange('SESSION_RESTORED', storedUser, storedToken.token, storedAccountData || null, storedAccountInfo?.data || storedAccountData || null, true, contact, storedContactId);
+                }
+                if (!isVerified || pendingVerificationRef.current) {
+                    smartlinks.auth.verifyToken(storedToken.token)
+                        .then(() => {
+                        setIsVerified(true);
+                        pendingVerificationRef.current = false;
+                    })
+                        .catch((error) => {
+                        if (!isNetworkError(error)) {
+                            console.warn('[AuthContext] Resume verification failed:', error);
+                        }
+                    });
+                }
+            }
+            catch (error) {
+                console.warn('[AuthContext] Failed to rehydrate auth on resume:', error);
+            }
+        };
+        const handleResume = () => {
+            if (typeof document !== 'undefined' && document.visibilityState !== 'visible')
+                return;
+            rehydrateFromStorage().catch(() => { });
+        };
+        const handleVisibilityChange = () => {
+            if (document.visibilityState === 'visible') {
+                handleResume();
+            }
+        };
+        window.addEventListener('focus', handleResume);
+        window.addEventListener('pageshow', handleResume);
+        document.addEventListener('visibilitychange', handleVisibilityChange);
+        return () => {
+            window.removeEventListener('focus', handleResume);
+            window.removeEventListener('pageshow', handleResume);
+            document.removeEventListener('visibilitychange', handleVisibilityChange);
+        };
+    }, [proxyMode, token, user, isVerified, notifyAuthStateChange, contact, isNetworkError]);
+    // Mobile app-switching can also miss BOTH visibility/storage signals on the newly-opened
+    // page (common with WhatsApp handoff on iOS/Android webviews). Keep a short-lived polling
+    // window after mount while logged out so a session written by the background/original page
+    // is still adopted without requiring a manual refresh.
+    useEffect(() => {
+        if (proxyMode || user || token)
+            return;
+        let cancelled = false;
+        let intervalId = null;
+        let timeoutId = null;
+        let pollInFlight = false;
+        const adoptStoredSession = async () => {
+            if (cancelled || pollInFlight)
+                return;
+            pollInFlight = true;
+            try {
+                const storedToken = await tokenStorage.getToken();
+                const storedUser = await tokenStorage.getUser();
+                if (!storedToken?.token || !storedUser)
+                    return;
+                const storedAccountData = await tokenStorage.getAccountData();
+                const storedAccountInfo = await tokenStorage.getAccountInfo();
+                const storedContactId = await tokenStorage.getContactId();
+                if (cancelled)
+                    return;
+                setToken(storedToken.token);
+                setUser(storedUser);
+                setAccountData(storedAccountData || null);
+                setAccountInfo(storedAccountInfo?.data || storedAccountData || null);
+                setContactId(storedContactId);
+                setIsVerified(true);
+                pendingVerificationRef.current = false;
+                notifyAuthStateChange('SESSION_RESTORED', storedUser, storedToken.token, storedAccountData || null, storedAccountInfo?.data || storedAccountData || null, true, contact, storedContactId);
+                smartlinks.auth.verifyToken(storedToken.token).catch((error) => {
+                    if (!isNetworkError(error)) {
+                        console.warn('[AuthContext] Background rehydrate verification failed:', error);
+                    }
+                });
+                if (intervalId) {
+                    clearInterval(intervalId);
+                    intervalId = null;
+                }
+                if (timeoutId) {
+                    clearTimeout(timeoutId);
+                    timeoutId = null;
+                }
+            }
+            catch (error) {
+                console.warn('[AuthContext] Failed to adopt stored session during mobile handoff:', error);
+            }
+            finally {
+                pollInFlight = false;
+            }
+        };
+        adoptStoredSession().catch(() => { });
+        intervalId = setInterval(() => {
+            adoptStoredSession().catch(() => { });
+        }, 1000);
+        timeoutId = setTimeout(() => {
+            if (intervalId) {
+                clearInterval(intervalId);
+                intervalId = null;
+            }
+        }, 20000);
+        return () => {
+            cancelled = true;
+            if (intervalId)
+                clearInterval(intervalId);
+            if (timeoutId)
+                clearTimeout(timeoutId);
+        };
+    }, [proxyMode, user, token, notifyAuthStateChange, contact, isNetworkError]);
     // Helper: Send login to parent and wait for acknowledgment
     // Used for deep-link flows (email verification, magic link) where we need to ensure
     // the parent has persisted the session before redirecting (which causes page reload)
@@ -12570,10 +12748,12 @@ collectionId, enableContactSync, enableInteractionTracking, interactionAppId, in
         try {
             // Only persist to storage in standalone mode
             if (!proxyMode) {
+                await tokenStorage.clearAccountInfo();
                 await tokenStorage.saveToken(authToken, expiresAt);
                 await tokenStorage.saveUser(authUser);
                 if (authAccountData) {
                     await tokenStorage.saveAccountData(authAccountData);
+                    await tokenStorage.saveAccountInfo(authAccountData, accountCacheTTL);
                 }
                 smartlinks.auth.verifyToken(authToken).catch(() => { });
             }
@@ -12581,6 +12761,7 @@ collectionId, enableContactSync, enableInteractionTracking, interactionAppId, in
             setToken(authToken);
             setUser(authUser);
             setAccountData(authAccountData || null);
+            setAccountInfo(authAccountData || null);
             pendingVerificationRef.current = false;
             // Cross-iframe auth state synchronization
             // ALWAYS wait for parent acknowledgment in iframe mode before proceeding
@@ -12591,7 +12772,7 @@ collectionId, enableContactSync, enableInteractionTracking, interactionAppId, in
             }
             // NOW set isVerified - after parent has acknowledged and session is ready
             setIsVerified(true);
-            notifyAuthStateChange('LOGIN', authUser, authToken, authAccountData || null, null, true);
+            notifyAuthStateChange('LOGIN', authUser, authToken, authAccountData || null, authAccountData || null, true);
             // Sync contact (non-blocking)
             const newContactId = await syncContact(authUser, authAccountData);
             // Track interaction (non-blocking)
@@ -12607,7 +12788,7 @@ collectionId, enableContactSync, enableInteractionTracking, interactionAppId, in
             console.error('Failed to save auth data to storage:', error);
             throw error;
         }
-    }, [proxyMode, notifyAuthStateChange, preloadAccountInfo, syncContact, trackInteraction]);
+    }, [proxyMode, notifyAuthStateChange, preloadAccountInfo, syncContact, trackInteraction, accountCacheTTL]);
     const logout = useCallback(async () => {
         const currentUser = user;
         const currentContactId = contactId;
@@ -13203,6 +13384,7 @@ const SmartlinksAuthUI = ({ apiEndpoint, clientId, clientName, accountData, onAu
     const [silentSignInChecked, setSilentSignInChecked] = useState(false); // Track if silent sign-in has been checked
     const [googleFallbackToPopup, setGoogleFallbackToPopup] = useState(false); // Show popup fallback when FedCM is blocked/dismissed
     const [googleNativeTimedOut, setGoogleNativeTimedOut] = useState(false); // Native bridge callback timed out
+    const [restoredWhatsAppSend, setRestoredWhatsAppSend] = useState(null);
     const log = useMemo(() => createLoggerWrapper(logger), [logger]);
     const api = new AuthAPI(apiEndpoint, clientId, clientName, logger);
     const auth = useAuth();
@@ -13266,6 +13448,7 @@ const SmartlinksAuthUI = ({ apiEndpoint, clientId, clientName, accountData, onAu
                     proxyMode: proxyMode, // Use prop value
                     ngrokSkipBrowserWarning: true,
                     logger: logger, // Pass logger to SDK for verbose SDK logging
+                    persistToken: false, // AuthKit's tokenStorage owns persistence (avoid double-writer race)
                 });
                 log.log('SDK reinitialized successfully');
                 // Restore bearer token after reinitialization using auth.verifyToken (standalone mode only)
@@ -13313,6 +13496,16 @@ const SmartlinksAuthUI = ({ apiEndpoint, clientId, clientName, accountData, onAu
         const storage = await getStorage();
         await storage.removeItem(WHATSAPP_PENDING_SESSION_KEY);
     };
+    const updatePendingWhatsAppSession = async (updates) => {
+        if (proxyMode)
+            return null;
+        const existing = await loadPendingWhatsAppSession();
+        if (!existing)
+            return null;
+        const next = { ...existing, ...updates };
+        await savePendingWhatsAppSession(next);
+        return next;
+    };
     // Fetch UI configuration
     useEffect(() => {
         // Wait for SDK to be ready before fetching config
@@ -14421,17 +14614,28 @@ const SmartlinksAuthUI = ({ apiEndpoint, clientId, clientName, accountData, onAu
                     sessionKey: pending.sessionKey,
                     displayName: pending.displayName,
                 };
+                setRestoredWhatsAppSend({
+                    waLink: pending.waLink,
+                    code: pending.code,
+                    token: pending.token,
+                    expiresAt: pending.expiresAt,
+                    sessionKey: pending.sessionKey,
+                });
                 const status = await api.getWhatsAppStatus(pending.token);
                 if (cancelled)
                     return;
                 if (status.verified) {
-                    await handleWhatsAppVerified(status);
+                    const handled = await handleWhatsAppVerified(status);
+                    if (handled === false && !cancelled) {
+                        setMode('whatsapp');
+                    }
                     return;
                 }
                 if (status.status === 'pending') {
                     setMode('whatsapp');
                 }
                 else if (status.status === 'failed' || status.status === 'expired' || status.status === 'unknown') {
+                    setRestoredWhatsAppSend(null);
                     await clearPendingWhatsAppSession();
                 }
             }
@@ -14472,8 +14676,12 @@ const SmartlinksAuthUI = ({ apiEndpoint, clientId, clientName, accountData, onAu
                 sessionKey: result.sessionKey,
                 displayName: trimmedName,
             };
+            setRestoredWhatsAppSend(result);
             await savePendingWhatsAppSession({
+                waLink: result.waLink,
+                code: result.code,
                 token: result.token,
+                expiresAt: result.expiresAt,
                 sessionKey: result.sessionKey,
                 displayName: trimmedName,
                 redirectUrl: effectiveRedirectUrl,
@@ -14503,22 +14711,39 @@ const SmartlinksAuthUI = ({ apiEndpoint, clientId, clientName, accountData, onAu
         const send = whatsappSendRef.current;
         if (send?.sessionKey) {
             try {
+                await updatePendingWhatsAppSession({ exchangeStartedAt: Date.now() });
                 const session = await api.exchangeWhatsAppSession(send.token, send.sessionKey);
                 if (session?.token && session.user) {
                     await auth.login(session.token, session.user, session.accountData, true, getExpirationFromResponse(session));
                     if (!proxyMode) {
                         onAuthSuccess(session.token, session.user, session.accountData);
                     }
+                    await updatePendingWhatsAppSession({ exchangeCompletedAt: Date.now() });
+                    setRestoredWhatsAppSend(null);
                     await clearPendingWhatsAppSession();
-                    return;
+                    return true;
                 }
             }
             catch (err) {
-                log.warn('WhatsApp session exchange failed, falling back to redirect-only flow:', err);
+                const latestPending = await loadPendingWhatsAppSession();
+                if (!latestPending) {
+                    return true;
+                }
+                const recentlyCompleted = latestPending.exchangeCompletedAt && (Date.now() - latestPending.exchangeCompletedAt) < 15000;
+                if (recentlyCompleted) {
+                    return true;
+                }
+                log.warn('WhatsApp session exchange failed; keeping pending session for retry:', err);
+                setAuthSuccess(false);
+                setSuccessMessage(undefined);
+                setError('WhatsApp verified, but finishing sign-in is taking longer than expected. Retrying…');
+                return false;
             }
         }
+        setRestoredWhatsAppSend(null);
         await clearPendingWhatsAppSession();
         performRedirect(target, 'magic-link');
+        return true;
     };
     // Show processing state for URL-based auth (verification, magic link, password reset)
     // This runs BEFORE configLoading check to prevent form flash on deep-link flows
@@ -14554,7 +14779,7 @@ const SmartlinksAuthUI = ({ apiEndpoint, clientId, clientName, accountData, onAu
                             ? 'hsl(var(--muted-foreground, 215 15% 45%))'
                             : (resolvedTheme === 'dark' ? '#94a3b8' : '#6B7280'),
                         fontSize: '0.875rem'
-                    }, children: successMessage })] })) : mode === 'magic-link' ? (jsx(MagicLinkForm, { onSubmit: handleMagicLink, onCancel: () => setMode('login'), loading: loading, error: error, collectName: config?.collectNameOnPasswordlessSignup })) : mode === 'whatsapp' ? (jsx(WhatsAppAuthForm, { onSend: handleWhatsAppSend, onPollStatus: handleWhatsAppPoll, onVerified: handleWhatsAppVerified, onBack: () => setMode('login'), loading: loading, error: error, collectName: config?.collectNameOnPasswordlessSignup ?? true })) : mode === 'phone' ? (jsx(PhoneAuthForm, { onSubmit: handlePhoneAuth, onBack: () => setMode('login'), loading: loading, error: error, collectName: config?.collectNameOnPasswordlessSignup })) : mode === 'reset-password' ? (jsx(PasswordResetForm, { onSubmit: handlePasswordReset, onBack: () => {
+                    }, children: successMessage })] })) : mode === 'magic-link' ? (jsx(MagicLinkForm, { onSubmit: handleMagicLink, onCancel: () => setMode('login'), loading: loading, error: error, collectName: config?.collectNameOnPasswordlessSignup })) : mode === 'whatsapp' ? (jsx(WhatsAppAuthForm, { onSend: handleWhatsAppSend, onPollStatus: handleWhatsAppPoll, onVerified: handleWhatsAppVerified, onBack: () => setMode('login'), loading: loading, error: error, collectName: config?.collectNameOnPasswordlessSignup ?? true, initialSent: restoredWhatsAppSend })) : mode === 'phone' ? (jsx(PhoneAuthForm, { onSubmit: handlePhoneAuth, onBack: () => setMode('login'), loading: loading, error: error, collectName: config?.collectNameOnPasswordlessSignup })) : mode === 'reset-password' ? (jsx(PasswordResetForm, { onSubmit: handlePasswordReset, onBack: () => {
                 setMode('login');
                 setResetSuccess(false);
                 setResetToken(undefined); // Clear token when going back
@@ -14905,6 +15130,7 @@ const AccountManagement = ({ apiEndpoint, clientId, collectionId, onError, class
                 baseURL: apiEndpoint,
                 proxyMode: false,
                 ngrokSkipBrowserWarning: true,
+                persistToken: false, // AuthKit's tokenStorage is the single source of truth
             });
         }
     }, [apiEndpoint]);