@web3auth/no-modal 10.16.0 → 11.0.0-beta.1

package/dist/lib.esm/connectors/auth-connector/authConnector.js

@@ -1,20 +1,24 @@
 import _objectSpread from '@babel/runtime/helpers/objectSpread2';
 import _defineProperty from '@babel/runtime/helpers/defineProperty';
+import { CITADEL_SERVER_MAP } from '@toruslabs/constants';
+import { get, put } from '@toruslabs/http-helpers';
 import { SecurePubSub } from '@toruslabs/secure-pub-sub';
-import { BUILD_ENV, UX_MODE, Auth, SDK_MODE, SUPPORTED_KEY_CURVES, randomId, version, createHandler, PopupHandler, getUserId } from '@web3auth/auth';
+import { BUILD_ENV, UX_MODE, Auth, SDK_MODE, SUPPORTED_KEY_CURVES, generateRecordId, version, createHandler, PopupHandler, getUserId } from '@web3auth/auth';
 import { WS_EMBED_LOGIN_MODE } from '@web3auth/ws-embed';
 import deepmerge from 'deepmerge';
-import { parseToken } from '../utils.js';
-import { BaseConnector } from '../../base/connector/baseConnector.js';
+import { generateNonce, parseToken } from '../utils.js';
+import { AuthSolanaWallet } from './authSolanaWallet.js';
+import { WalletLoginError, WalletInitializationError, Web3AuthError, AccountLinkingError } from '../../base/errors/index.js';
 import { WALLET_CONNECTORS } from '../../base/wallet/index.js';
+import { BaseConnector } from '../../base/connector/baseConnector.js';
 import { CONNECTOR_NAMESPACES } from '../../base/chain/IChainInterface.js';
 import { CONNECTOR_CATEGORY, CONNECTOR_STATUS, CONNECTOR_EVENTS } from '../../base/connector/constants.js';
-import { WalletInitializationError, WalletLoginError, Web3AuthError } from '../../base/errors/index.js';
+import { Analytics, ANALYTICS_EVENTS } from '../../base/analytics.js';
 import { log } from '../../base/loglevel.js';
+import { citadelServerUrl, getCaipChainId, getErrorAnalyticsProperties, parseChainNamespaceFromCitadelResponse } from '../../base/utils.js';
 import { CONNECTED_STATUSES } from '../../base/connector/connectorStatus.js';
+import { makeAccountLinkingRequest, makeAccountUnlinkingRequest } from '../../account-linking/rest.js';
 import { CHAIN_NAMESPACES, cloneDeep } from '@toruslabs/base-controllers';
-import '@toruslabs/constants';
-import '@toruslabs/http-helpers';
 
 class AuthConnector extends BaseConnector {
   constructor(params) {
@@ -33,6 +37,8 @@ class AuthConnector extends BaseConnector {
     _defineProperty(this, "wsEmbedInstance", null);
     _defineProperty(this, "authConnectionConfig", []);
     _defineProperty(this, "wsEmbedInstancePromise", null);
+    _defineProperty(this, "_solanaWallet", null);
+    _defineProperty(this, "analytics", void 0);
     this.authOptions = params.connectorSettings;
     this.loginSettings = params.loginSettings || {
       authConnection: ""
@@ -41,6 +47,7 @@ class AuthConnector extends BaseConnector {
       loginMode: WS_EMBED_LOGIN_MODE.PLUGIN
     };
     this.authConnectionConfig = params.authConnectionConfig || [];
+    this.analytics = params.analytics || new Analytics();
   }
   get provider() {
     if (this.status !== CONNECTOR_STATUS.NOT_READY) {
@@ -54,6 +61,9 @@ class AuthConnector extends BaseConnector {
   get wsEmbed() {
     return this.wsEmbedInstance;
   }
+  get solanaWallet() {
+    return this._solanaWallet;
+  }
   set provider(_) {
     throw new Error("Not implemented");
   }
@@ -88,7 +98,7 @@ class AuthConnector extends BaseConnector {
     // making it async here to initialize provider.
     const authInstancePromise = this.authInstance.init();
 
-    // Use this for xrpl, mpc cases
+    // Use this for xrpl cases
     if (this.coreOptions.privateKeyProvider) {
       this.privateKeyProvider = this.coreOptions.privateKeyProvider;
     } else {
@@ -110,6 +120,7 @@ class AuthConnector extends BaseConnector {
               loginMode: WS_EMBED_LOGIN_MODE.PLUGIN,
               chains: wsSupportedChains,
               chainId,
+              buildEnv: this.authOptions.buildEnv,
               whiteLabel: _objectSpread(_objectSpread({}, this.authOptions.whiteLabel), this.wsSettings.whiteLabel)
             })).then(() => {
               this.wsEmbedInstancePromise = null;
@@ -148,7 +159,7 @@ class AuthConnector extends BaseConnector {
         this.rehydrated = true;
         await this.connect({
           chainId: options.chainId,
-          getIdentityToken: options.getIdentityToken
+          getAuthTokenInfo: options.getAuthTokenInfo
         });
       } else if (!sessionId && options.autoConnect) {
         // if here, this means that the connector is cached but the sessionId is not available.
@@ -168,7 +179,11 @@ class AuthConnector extends BaseConnector {
     }));
     try {
       await this.connectWithProvider(params);
-      return this.provider;
+      return {
+        ethereumProvider: this.provider,
+        solanaWallet: this._solanaWallet,
+        connectorName: this.name
+      };
     } catch (error) {
       var _message;
       log.error("Failed to connect with auth provider", error);
@@ -233,9 +248,12 @@ class AuthConnector extends BaseConnector {
       this.status = CONNECTOR_STATUS.READY;
     }
     this.rehydrated = false;
-    this.emit(CONNECTOR_EVENTS.DISCONNECTED);
+    this._solanaWallet = null;
+    this.emit(CONNECTOR_EVENTS.DISCONNECTED, {
+      connector: WALLET_CONNECTORS.AUTH
+    });
   }
-  async getIdentityToken() {
+  async getAuthTokenInfo() {
     if (!this.canAuthorize) throw WalletLoginError.notConnectedError("Not connected with wallet, Please login/connect first");
     this.status = CONNECTOR_STATUS.AUTHORIZING;
     this.emit(CONNECTOR_EVENTS.AUTHORIZING, {
@@ -243,57 +261,66 @@ class AuthConnector extends BaseConnector {
     });
     const userInfo = await this.getUserInfo();
     this.status = CONNECTOR_STATUS.AUTHORIZED;
+    const [accessToken, refreshToken] = await Promise.all([this.authInstance.authSessionManager.getAccessToken(), this.authInstance.authSessionManager.getRefreshToken()]);
     this.emit(CONNECTOR_EVENTS.AUTHORIZED, {
       connector: WALLET_CONNECTORS.AUTH,
-      identityTokenInfo: {
-        idToken: userInfo.idToken
+      authTokenInfo: {
+        idToken: userInfo.idToken,
+        accessToken,
+        refreshToken
       }
     });
     return {
-      idToken: userInfo.idToken
+      idToken: userInfo.idToken,
+      accessToken,
+      refreshToken
     };
   }
   async getUserInfo() {
     if (!this.canAuthorize) throw WalletLoginError.notConnectedError("Not connected with wallet");
     if (!this.authInstance) throw WalletInitializationError.notReady("authInstance is not ready");
-    const userInfo = this.authInstance.getUserInfo();
-    return userInfo;
+    const [userInfo, linkedAccounts] = await Promise.all([this.authInstance.getUserInfo(), this.getLinkedAccounts()]);
+    return _objectSpread(_objectSpread({}, userInfo), {}, {
+      linkedAccounts
+    });
+  }
+  async getLinkedAccounts() {
+    const accessToken = await this.authInstance.authSessionManager.getAccessToken();
+    if (!accessToken) throw WalletLoginError.connectionError("Could not obtain an access token from the current AUTH session.");
+    const citadelUserInfo = await get(`${citadelServerUrl(this.coreOptions.authBuildEnv)}/v1/user`, {
+      headers: {
+        Authorization: `Bearer ${accessToken}`
+      }
+    });
+    const linkedAccounts = (citadelUserInfo === null || citadelUserInfo === void 0 ? void 0 : citadelUserInfo.accounts) || [];
+    return linkedAccounts.map(account => _objectSpread(_objectSpread({}, account), {}, {
+      // by default, the primary account is the active account
+      active: account.isPrimary
+    }));
   }
-
-  // we don't support switching between different namespaces, except for solana and evm
   async switchChain(params, init = false) {
     super.checkSwitchChainRequirements(params, init);
-    // get chains and namespaces
     const {
       chainId: newChainId
     } = params;
     const {
       chainId: currentChainId
     } = this.provider;
-    const {
-      chainNamespace: currentNamespace
-    } = this.getChain(currentChainId);
-    const {
-      chainNamespace: newNamespace
-    } = this.getChain(newChainId);
-
-    // skip if chainId is the same
     if (currentChainId === newChainId) return;
-    if (currentNamespace === CHAIN_NAMESPACES.SOLANA || currentNamespace === CHAIN_NAMESPACES.EIP155) {
+    const newChainConfig = this.coreOptions.chains.find(c => c.chainId === newChainId);
+    if (!newChainConfig) throw WalletInitializationError.invalidParams("Chain config is not available");
+    if (newChainConfig.chainNamespace === CHAIN_NAMESPACES.SOLANA || newChainConfig.chainNamespace === CHAIN_NAMESPACES.EIP155) {
       var _this$wsEmbedInstance2;
-      // can only switch to solana or evm
-      if (newNamespace !== CHAIN_NAMESPACES.SOLANA && newNamespace !== CHAIN_NAMESPACES.EIP155) throw WalletLoginError.connectionError("Cannot switch to other chain namespace");
-      const fullChainId = `${newNamespace}:${Number(params.chainId)}`;
-      await ((_this$wsEmbedInstance2 = this.wsEmbedInstance.provider) === null || _this$wsEmbedInstance2 === void 0 ? void 0 : _this$wsEmbedInstance2.request({
+      if (!((_this$wsEmbedInstance2 = this.wsEmbedInstance) !== null && _this$wsEmbedInstance2 !== void 0 && _this$wsEmbedInstance2.provider)) throw WalletInitializationError.notReady("Wallet embed is not ready");
+      const fullChainId = getCaipChainId(newChainConfig);
+      await this.wsEmbedInstance.provider.request({
         method: "wallet_switchChain",
         params: {
           chainId: fullChainId
         }
-      }));
+      });
     } else {
       var _this$privateKeyProvi;
-      // cannot switch to other namespaces
-      if (currentNamespace !== newNamespace) throw WalletLoginError.connectionError("Cannot switch to other chain namespace");
       await ((_this$privateKeyProvi = this.privateKeyProvider) === null || _this$privateKeyProvi === void 0 ? void 0 : _this$privateKeyProvi.switchChain(params));
     }
   }
@@ -322,8 +349,351 @@ class AuthConnector extends BaseConnector {
     });
     return providerConfig;
   }
-  getChain(chainId) {
-    return this.coreOptions.chains.find(x => x.chainId === chainId);
+  async generateChallengeAndSign() {
+    // we do not support this for auth connector, as of now. since auth login returns a valid idToken
+    throw new Error("Not implemented");
+  }
+  async switchAccount(account, context) {
+    if (!CONNECTED_STATUSES.includes(this.status)) {
+      throw WalletLoginError.notConnectedError("No wallet is connected. Connect with AUTH before switching accounts.");
+    }
+    try {
+      var _userInfo$linkedAccou;
+      const userInfo = await this.getUserInfo();
+      const linkedAccounts = (_userInfo$linkedAccou = userInfo.linkedAccounts) !== null && _userInfo$linkedAccou !== void 0 ? _userInfo$linkedAccou : [];
+      const targetAccount = linkedAccounts.find(candidate => candidate.id === account.id);
+      if (!targetAccount) {
+        throw AccountLinkingError.requestFailed(`No connected wallet matches account id "${account.id}". Refresh user info and try again.`);
+      }
+      const currentActiveAccount = context.activeAccount;
+      const isTargetAlreadyActive = currentActiveAccount ? currentActiveAccount.id === targetAccount.id : targetAccount.isPrimary;
+      if (isTargetAlreadyActive) {
+        return;
+      }
+      this.analytics.track(ANALYTICS_EVENTS.ACCOUNT_SWITCH_STARTED, this.getSwitchAccountTrackData(targetAccount));
+      if (targetAccount.connector === WALLET_CONNECTORS.AUTH && targetAccount.isPrimary) {
+        var _this$provider$chainI, _this$provider;
+        const activeChainId = this.getChainIdForLinkedAccount(targetAccount, (_this$provider$chainI = (_this$provider = this.provider) === null || _this$provider === void 0 ? void 0 : _this$provider.chainId) !== null && _this$provider$chainI !== void 0 ? _this$provider$chainI : context.currentChainId);
+        const ethereumProvider = this.provider;
+        const solanaWallet = this.solanaWallet;
+        if (!ethereumProvider && !solanaWallet) {
+          throw AccountLinkingError.requestFailed("Failed to restore the primary AUTH session for account switch.");
+        }
+        return {
+          kind: "primary",
+          targetAccount,
+          activeAccount: null,
+          activeChainId,
+          connectorName: this.name,
+          connectorNamespace: this.connectorNamespace,
+          ethereumProvider,
+          solanaWallet
+        };
+      }
+      return {
+        kind: "external",
+        targetAccount,
+        activeAccount: targetAccount,
+        activeChainId: this.getChainIdForLinkedAccount(targetAccount, context.currentChainId)
+      };
+    } catch (error) {
+      await this.trackSwitchAccountFailed(account, error);
+      throw error;
+    }
+  }
+  async trackSwitchAccountCompleted(account) {
+    await this.analytics.track(ANALYTICS_EVENTS.ACCOUNT_SWITCH_COMPLETED, _objectSpread(_objectSpread({}, this.getSwitchAccountTrackData(account)), {}, {
+      connector: account.connector
+    }));
+  }
+  async trackSwitchAccountFailed(account, error) {
+    await this.analytics.track(ANALYTICS_EVENTS.ACCOUNT_SWITCH_FAILED, _objectSpread(_objectSpread({}, this.getSwitchAccountTrackData(account)), getErrorAnalyticsProperties(error)));
+  }
+  async linkAccount(params) {
+    if (!CONNECTED_STATUSES.includes(this.status)) {
+      throw WalletLoginError.notConnectedError("No wallet is connected. Connect with AUTH before linking an account.");
+    }
+    const {
+      connectorName,
+      chainId,
+      walletConnector
+    } = params;
+    try {
+      if (!walletConnector.connected) {
+        const connection = await walletConnector.connect({
+          chainId,
+          isAccountLinking: true
+        });
+        if (!connection) {
+          throw AccountLinkingError.walletProofFailed(`Failed to connect to "${params.connectorName}" for account linking.`);
+        }
+      }
+    } catch (error) {
+      if (error instanceof AccountLinkingError) {
+        throw error;
+      }
+      throw AccountLinkingError.walletProofFailed(error instanceof Error ? error.message : String(error), error);
+    }
+    const trackData = {
+      connector: this.name,
+      linking_connector: connectorName,
+      chain_id: params.chainId
+    };
+    try {
+      await this.analytics.track(ANALYTICS_EVENTS.ACCOUNT_LINKING_STARTED, trackData);
+      const {
+        accessToken,
+        idToken
+      } = await this.getPrimaryAuthSession(params.authSessionTokens);
+      const walletProof = await this.createWalletLinkingProof(params.walletConnector);
+      const authServerUrl = citadelServerUrl(this.coreOptions.authBuildEnv);
+      const result = await makeAccountLinkingRequest(authServerUrl, accessToken, {
+        idToken,
+        network: walletProof.network,
+        connector: params.connectorName,
+        message: walletProof.challenge,
+        signature: {
+          s: walletProof.signature,
+          t: walletProof.signatureType
+        }
+      });
+      this.analytics.track(ANALYTICS_EVENTS.ACCOUNT_LINKING_COMPLETED, _objectSpread(_objectSpread({}, trackData), {}, {
+        linked_address: walletProof.address
+      }));
+      return result;
+    } catch (error) {
+      this.analytics.track(ANALYTICS_EVENTS.ACCOUNT_LINKING_FAILED, _objectSpread(_objectSpread({}, trackData), getErrorAnalyticsProperties(error)));
+
+      // disconnect the wallet connector to avoid any leftover state
+      try {
+        await walletConnector.disconnect({
+          cleanup: true
+        });
+      } catch (disconnectError) {
+        log.debug("Failed to disconnect wallet connector after linking failure", disconnectError);
+      }
+      throw error;
+    }
+  }
+  async unlinkAccount(params) {
+    if (!CONNECTED_STATUSES.includes(this.status)) {
+      throw WalletLoginError.notConnectedError("No wallet is connected. Connect with AUTH before unlinking an account.");
+    }
+    const {
+      address,
+      authSessionTokens
+    } = params;
+    const trackData = {
+      connector: this.name,
+      address
+    };
+    await this.analytics.track(ANALYTICS_EVENTS.ACCOUNT_UNLINKING_STARTED, trackData);
+    try {
+      const {
+        accessToken,
+        idToken,
+        linkedAccounts
+      } = await this.getPrimaryAuthSession(authSessionTokens, {
+        includeLinkedAccounts: true
+      });
+      const network = this.getNetworkForUnlinkAddress(linkedAccounts, address);
+      const authServerUrl = citadelServerUrl(this.coreOptions.authBuildEnv);
+      const result = await makeAccountUnlinkingRequest(authServerUrl, accessToken, {
+        idToken,
+        address,
+        network
+      });
+      await this.analytics.track(ANALYTICS_EVENTS.ACCOUNT_UNLINKING_COMPLETED, _objectSpread(_objectSpread({}, trackData), {}, {
+        linked_address: address
+      }));
+      return result;
+    } catch (error) {
+      await this.analytics.track(ANALYTICS_EVENTS.ACCOUNT_UNLINKING_FAILED, _objectSpread(_objectSpread({}, trackData), getErrorAnalyticsProperties(error)));
+      throw error;
+    }
+  }
+  getChainIdForLinkedAccount(account, preferredChainId) {
+    const accountChainNamespace = account.chainNamespace ? parseChainNamespaceFromCitadelResponse(account.chainNamespace) : null;
+    if (preferredChainId) {
+      const preferredChain = this.coreOptions.chains.find(chain => chain.chainId === preferredChainId);
+      if (preferredChain && (!accountChainNamespace || preferredChain.chainNamespace === accountChainNamespace)) {
+        return preferredChainId;
+      }
+    }
+    if (accountChainNamespace) {
+      const namespaceChain = this.coreOptions.chains.find(chain => chain.chainNamespace === accountChainNamespace);
+      if (namespaceChain) {
+        return namespaceChain.chainId;
+      }
+    }
+    throw WalletInitializationError.invalidParams(`No compatible chainId found for connector "${account.connector}".`);
+  }
+  async assertSwitchAccountConnectorMatchesTarget(connector, account) {
+    if (!account.chainNamespace) {
+      throw AccountLinkingError.requestFailed(`Could not determine the chain namespace for linked account "${account.eoaAddress}".`);
+    }
+    const chainNamespace = parseChainNamespaceFromCitadelResponse(account.chainNamespace);
+    let connectedAddress = null;
+    if (chainNamespace === CHAIN_NAMESPACES.EIP155) {
+      var _accounts$;
+      const accounts = connector.provider ? await connector.provider.request({
+        method: "eth_accounts"
+      }) : [];
+      connectedAddress = (_accounts$ = accounts === null || accounts === void 0 ? void 0 : accounts[0]) !== null && _accounts$ !== void 0 ? _accounts$ : null;
+    } else if (chainNamespace === CHAIN_NAMESPACES.SOLANA) {
+      var _connector$solanaWall, _connector$solanaWall2;
+      connectedAddress = (_connector$solanaWall = (_connector$solanaWall2 = connector.solanaWallet) === null || _connector$solanaWall2 === void 0 || (_connector$solanaWall2 = _connector$solanaWall2.accounts) === null || _connector$solanaWall2 === void 0 || (_connector$solanaWall2 = _connector$solanaWall2[0]) === null || _connector$solanaWall2 === void 0 ? void 0 : _connector$solanaWall2.address) !== null && _connector$solanaWall !== void 0 ? _connector$solanaWall : null;
+    } else {
+      throw AccountLinkingError.requestFailed(`Unsupported chain namespace "${account.chainNamespace}" for linked account "${account.eoaAddress}".`);
+    }
+    if (!connectedAddress) {
+      throw AccountLinkingError.requestFailed(`Connector "${account.connector}" is not connected to linked account "${account.eoaAddress}". Connect the intended wallet account and try again.`);
+    }
+    const isExpectedAddress = chainNamespace === CHAIN_NAMESPACES.EIP155 ? connectedAddress.toLowerCase() === account.eoaAddress.toLowerCase() : connectedAddress === account.eoaAddress;
+    if (!isExpectedAddress) {
+      throw AccountLinkingError.requestFailed(`Connector "${account.connector}" is connected to "${connectedAddress}" instead of linked account "${account.eoaAddress}". Connect the intended wallet account and try again.`);
+    }
+  }
+  toSwitchAccountConnectorError(account, error) {
+    if (error instanceof AccountLinkingError && error.code === 5401) {
+      return error;
+    }
+    const message = error instanceof Error ? error.message : String(error);
+    const isUnavailableConnectorError = error instanceof AccountLinkingError && error.code === 5405 || /not available|not initialized|not ready/i.test(message);
+    if (isUnavailableConnectorError) {
+      return AccountLinkingError.requestFailed(`Connector "${account.connector}" is not available for linked account "${account.eoaAddress}". Make sure the wallet is installed, unlocked, and accessible, then try again.`, error);
+    }
+    return AccountLinkingError.requestFailed(`Failed to connect connector "${account.connector}" for linked account "${account.eoaAddress}". ${message}`, error);
+  }
+  getSwitchAccountTrackData(account) {
+    var _account$eoaAddress;
+    return {
+      connector: this.name,
+      account_id: account.id,
+      account_type: account.accountType,
+      switched_to_address: (_account$eoaAddress = account.eoaAddress) !== null && _account$eoaAddress !== void 0 ? _account$eoaAddress : null
+    };
+  }
+  async getPrimaryAuthSession(authSessionTokens, options = {}) {
+    const {
+      accessToken: cachedAccessToken,
+      idToken: cachedIdToken
+    } = authSessionTokens;
+    const {
+      includeLinkedAccounts = false
+    } = options;
+    let accessToken = cachedAccessToken;
+    let idToken = cachedIdToken;
+    let linkedAccounts = [];
+    if (includeLinkedAccounts) {
+      const userInfoPromise = this.getUserInfo();
+      if (!accessToken || !idToken) {
+        var _userInfo$linkedAccou2;
+        const [tokenInfo, userInfo] = await Promise.all([this.getAuthTokenInfo(), userInfoPromise]);
+        accessToken = tokenInfo.accessToken;
+        idToken = tokenInfo.idToken;
+        linkedAccounts = (_userInfo$linkedAccou2 = userInfo.linkedAccounts) !== null && _userInfo$linkedAccou2 !== void 0 ? _userInfo$linkedAccou2 : [];
+      } else {
+        var _userInfo$linkedAccou3;
+        const userInfo = await userInfoPromise;
+        linkedAccounts = (_userInfo$linkedAccou3 = userInfo.linkedAccounts) !== null && _userInfo$linkedAccou3 !== void 0 ? _userInfo$linkedAccou3 : [];
+      }
+    } else if (!accessToken || !idToken) {
+      const tokenInfo = await this.getAuthTokenInfo();
+      accessToken = tokenInfo.accessToken;
+      idToken = tokenInfo.idToken;
+    }
+    if (!accessToken || !idToken) {
+      throw AccountLinkingError.primaryTokenNotAvailable("Could not obtain an identity token from the current AUTH session.");
+    }
+    return {
+      accessToken,
+      idToken,
+      linkedAccounts
+    };
+  }
+  getNetworkForUnlinkAddress(accounts, address) {
+    const matchedAccount = accounts.find(account => {
+      var _account$address, _account$eoaAddress2;
+      if (!account.chainNamespace || parseChainNamespaceFromCitadelResponse(account.chainNamespace) !== CHAIN_NAMESPACES.EIP155) {
+        return false;
+      }
+      const normalizedAddress = address.toLowerCase();
+      return ((_account$address = account.address) === null || _account$address === void 0 ? void 0 : _account$address.toLowerCase()) === normalizedAddress || ((_account$eoaAddress2 = account.eoaAddress) === null || _account$eoaAddress2 === void 0 ? void 0 : _account$eoaAddress2.toLowerCase()) === normalizedAddress;
+    });
+    if (!matchedAccount) {
+      throw AccountLinkingError.requestFailed(`No connected wallet matches address "${address}".`);
+    }
+    if (!matchedAccount.chainNamespace) {
+      throw AccountLinkingError.requestFailed(`Could not determine the chain namespace for address "${address}".`);
+    }
+    const chainNamespace = parseChainNamespaceFromCitadelResponse(matchedAccount.chainNamespace);
+    if (chainNamespace === CHAIN_NAMESPACES.EIP155) {
+      return "ethereum";
+    }
+    if (chainNamespace === CHAIN_NAMESPACES.SOLANA) {
+      return "solana";
+    }
+    throw AccountLinkingError.requestFailed(`Unsupported chain namespace "${matchedAccount.chainNamespace}" for address "${address}".`);
+  }
+  async createWalletLinkingProof(connector) {
+    // Notify listeners that the linking wallet is about to be asked for a signature so the UI
+    // (e.g. modal) can switch from a "connecting" loader to an "authorizing" prompt while the
+    // user reviews the signature request inside their wallet. Emitted on the isolated wallet
+    // connector (not the auth connector) so it doesn't mutate the global SDK status.
+    connector.emit(CONNECTOR_EVENTS.AUTHORIZING, {
+      connector: connector.name
+    });
+    const {
+      challenge,
+      signature,
+      chainNamespace
+    } = await connector.generateChallengeAndSign();
+    const address = await this.getLinkingWalletAddress(connector, chainNamespace);
+    if (chainNamespace === CHAIN_NAMESPACES.EIP155) {
+      return {
+        address,
+        challenge,
+        signature,
+        signatureType: "eip191",
+        network: "ethereum"
+      };
+    }
+    if (chainNamespace === CHAIN_NAMESPACES.SOLANA) {
+      return {
+        address,
+        challenge,
+        signature,
+        signatureType: "sip99",
+        network: "solana"
+      };
+    }
+    throw AccountLinkingError.unsupportedConnector(`Connector "${connector.name}" returned unsupported chain namespace "${chainNamespace}".`);
+  }
+  async getLinkingWalletAddress(connector, chainNamespace) {
+    if (chainNamespace === CHAIN_NAMESPACES.SOLANA) {
+      var _connector$solanaWall3;
+      const address = (_connector$solanaWall3 = connector.solanaWallet) === null || _connector$solanaWall3 === void 0 || (_connector$solanaWall3 = _connector$solanaWall3.accounts) === null || _connector$solanaWall3 === void 0 || (_connector$solanaWall3 = _connector$solanaWall3[0]) === null || _connector$solanaWall3 === void 0 ? void 0 : _connector$solanaWall3.address;
+      if (!address) {
+        throw AccountLinkingError.walletProofFailed("No connected Solana account found for account linking.");
+      }
+      return address;
+    }
+    if (!connector.provider) {
+      throw AccountLinkingError.walletProofFailed("No connected EVM account found for account linking.");
+    }
+    const accounts = await connector.provider.request({
+      method: "eth_accounts"
+    });
+    if (!(accounts !== null && accounts !== void 0 && accounts.length)) {
+      throw AccountLinkingError.walletProofFailed("No connected EVM account found for account linking.");
+    }
+    return accounts[0];
+  }
+  setupSolanaWallet() {
+    const solanaChains = this.coreOptions.chains.filter(c => c.chainNamespace === CHAIN_NAMESPACES.SOLANA);
+    if (solanaChains.length === 0 || !this.provider) return;
+    this._solanaWallet = new AuthSolanaWallet(this.provider, solanaChains);
   }
   _getFinalPrivKey() {
     if (!this.authInstance) return "";
@@ -384,24 +754,26 @@ class AuthConnector extends BaseConnector {
         sessionNamespace
       } = this.authInstance || {};
       if (sessionId) {
-        const isLoggedIn = await this.wsEmbedInstance.loginWithSessionId({
+        this.wsEmbedInstance.setAccessTokenProvider(this.accessTokenProvider.bind(this));
+        const isLoggedIn = await this.wsEmbedInstance.connectWithSession({
           sessionId,
-          sessionNamespace
+          sessionNamespace,
+          idToken: await this.getIdToken()
         });
         if (isLoggedIn) {
           var _this$wsEmbedInstance3;
-          // if getIdentityToken is true, then get the identity token
-          // No need to get the identity token for auth connector as it is already handled
-          let identityTokenInfo;
+          this.setupSolanaWallet();
+          // if getAuthTokenInfo is true, then get auth token info
+          // No need to get auth token info for auth connector as it is already handled
           this.status = CONNECTOR_STATUS.CONNECTED;
           this.emit(CONNECTOR_EVENTS.CONNECTED, {
-            connector: WALLET_CONNECTORS.AUTH,
+            connectorName: WALLET_CONNECTORS.AUTH,
             reconnected: this.rehydrated,
-            provider: this.provider,
-            identityTokenInfo
+            ethereumProvider: this.provider,
+            solanaWallet: this._solanaWallet
           });
-          if (params.getIdentityToken) {
-            identityTokenInfo = await this.getIdentityToken();
+          if (params.getAuthTokenInfo) {
+            await this.getAuthTokenInfo();
           }
           // handle disconnect from ws embed
           (_this$wsEmbedInstance3 = this.wsEmbedInstance) === null || _this$wsEmbedInstance3 === void 0 || _this$wsEmbedInstance3.provider.on("accountsChanged", (accounts = []) => {
@@ -418,9 +790,10 @@ class AuthConnector extends BaseConnector {
         await this.privateKeyProvider.setupProvider(finalPrivKey, params.chainId);
         this.status = CONNECTOR_STATUS.CONNECTED;
         this.emit(CONNECTOR_EVENTS.CONNECTED, {
-          connector: WALLET_CONNECTORS.AUTH,
-          reconnected: this.rehydrated,
-          provider: this.provider
+          connectorName: WALLET_CONNECTORS.AUTH,
+          ethereumProvider: this.provider,
+          solanaWallet: this._solanaWallet,
+          reconnected: this.rehydrated
         });
       }
     }
@@ -436,10 +809,13 @@ class AuthConnector extends BaseConnector {
     const jwtParams = _objectSpread(_objectSpread(_objectSpread({}, providerConfig.jwtParameters || {}), params.extraLoginOptions || {}), {}, {
       login_hint: params.loginHint || ((_params$extraLoginOpt3 = params.extraLoginOptions) === null || _params$extraLoginOpt3 === void 0 ? void 0 : _params$extraLoginOpt3.login_hint)
     });
-    const nonce = randomId();
+    const nonce = generateNonce();
 
     // post a message to the auth provider to indicate that login has been initiated.
-    const loginParams = cloneDeep(params);
+    const loginParams = _objectSpread(_objectSpread({}, cloneDeep(params)), {}, {
+      recordId: generateRecordId(),
+      loginSource: "web3auth-web"
+    });
     loginParams.extraLoginOptions = _objectSpread(_objectSpread({}, loginParams.extraLoginOptions || {}), {}, {
       login_hint: params.loginHint || ((_params$extraLoginOpt4 = params.extraLoginOptions) === null || _params$extraLoginOpt4 === void 0 ? void 0 : _params$extraLoginOpt4.login_hint)
     });
@@ -462,10 +838,11 @@ class AuthConnector extends BaseConnector {
         version: version.split(".")[0],
         web3AuthNetwork: this.coreOptions.web3AuthNetwork,
         web3AuthClientId: this.coreOptions.clientId,
-        originData: this.authInstance.options.originData ? JSON.stringify(this.authInstance.options.originData) : undefined
+        originData: this.getOriginData()
       },
       web3AuthClientId: this.coreOptions.clientId,
-      web3AuthNetwork: this.coreOptions.web3AuthNetwork
+      web3AuthNetwork: this.coreOptions.web3AuthNetwork,
+      storageServerUrl: this.authInstance.options.storageServerUrl
     };
     const loginHandler = createHandler(popupParams);
     const verifierWindow = new PopupHandler({
@@ -474,6 +851,9 @@ class AuthConnector extends BaseConnector {
     });
     if (this.authOptions.uxMode === UX_MODE.REDIRECT) return verifierWindow.redirect(this.authOptions.replaceUrlOnRedirect);
     let isClosedWindow = false;
+    this.auditOAuditProgress(loginParams).catch(error => {
+      log.error("Error reporting `oauthInitiated` audit progress", error);
+    });
     return new Promise((resolve, reject) => {
       verifierWindow.open().catch(error => {
         log.error("Error during login with social", error);
@@ -483,7 +863,9 @@ class AuthConnector extends BaseConnector {
 
       // this is to close the popup when the login is finished.
       const securePubSub = new SecurePubSub({
-        sameIpCheck: true
+        sameIpCheck: true,
+        serverUrl: this.authInstance.options.storageServerUrl,
+        socketUrl: this.authInstance.options.sessionSocketUrl
       });
       securePubSub.subscribe(`web3auth-login-${nonce}`).then(data => {
         const parsedData = JSON.parse(data || "{}");
@@ -500,6 +882,9 @@ class AuthConnector extends BaseConnector {
       }).catch(error => {
         // swallow the error, dont need to throw.
         log.error("Error during login with social", error);
+        this.auditOAuditProgress(loginParams, "failed").catch(error => {
+          log.error("Error reporting `oauthFailed` audit progress", error);
+        });
       });
       verifierWindow.once("close", () => {
         if (!isClosedWindow) {
@@ -509,6 +894,9 @@ class AuthConnector extends BaseConnector {
         }
       });
       this.authInstance.postLoginInitiatedMessage(loginParams, nonce).then(resolve).catch(error => {
+        this.auditOAuditProgress(loginParams, "failed").catch(error => {
+          log.error("Error reporting `oauthFailed` audit progress", error);
+        });
         if (error instanceof Web3AuthError) {
           throw error;
         }
@@ -516,6 +904,39 @@ class AuthConnector extends BaseConnector {
       });
     });
   }
+  async accessTokenProvider({
+    forceRefresh
+  }) {
+    if (forceRefresh) {
+      await this.authInstance.refreshSession();
+    }
+    return this.authInstance.getAccessToken();
+  }
+  async getIdToken() {
+    if (!this.authInstance) throw WalletInitializationError.notReady("authInstance is not ready");
+    return this.authInstance.authSessionManager.getIdToken();
+  }
+  getOriginData() {
+    try {
+      const {
+        originData,
+        redirectUrl
+      } = this.authInstance.options;
+      const origin = new URL(redirectUrl).origin;
+      if (originData) {
+        const dappOriginData = originData[origin];
+        if (dappOriginData) {
+          return JSON.stringify({
+            [origin]: dappOriginData
+          });
+        }
+      }
+      return undefined;
+    } catch (error) {
+      log.error("Error getting origin data", error);
+      return undefined;
+    }
+  }
   connectWithJwtLogin(params) {
     var _params$extraLoginOpt5, _params$extraLoginOpt7;
     const loginConfig = this.getOAuthProviderConfig({
@@ -556,11 +977,47 @@ class AuthConnector extends BaseConnector {
     delete loginParams.chainId;
     return this.authInstance.postLoginInitiatedMessage(loginParams);
   }
+  async auditOAuditProgress(loginParams, status) {
+    const {
+      authConnection,
+      authConnectionId,
+      groupedAuthConnectionId,
+      recordId,
+      loginSource
+    } = loginParams;
+    const {
+      authBuildEnv = BUILD_ENV.PRODUCTION,
+      web3AuthNetwork,
+      clientId
+    } = this.coreOptions;
+    const auditServerUrl = `${CITADEL_SERVER_MAP[authBuildEnv]}/v1/auth/audit`;
+    const progressFlag = {
+      oauthInitiated: true
+    };
+    const auditPayload = _objectSpread({
+      authConnection,
+      authConnectionId,
+      groupedAuthConnectionId,
+      recordId,
+      source: loginSource,
+      web3AuthNetwork,
+      web3AuthClientId: clientId
+    }, progressFlag);
+    if (status === "failed") {
+      auditPayload.oauthFailed = true;
+    } else if (status === "completed") {
+      auditPayload.oauthCompleted = true;
+    } else {
+      auditPayload.oauthInitiated = true;
+    }
+    await put(auditServerUrl, auditPayload);
+  }
 }
 const authConnector = params => {
   return ({
     projectConfig,
-    coreOptions
+    coreOptions,
+    analytics
   }) => {
     var _coreOptions$uiConfig, _coreOptions$walletSe, _coreOptions$walletSe2, _coreOptions$walletSe3;
     // Connector settings
@@ -605,9 +1062,22 @@ const authConnector = params => {
         mfaLevel: coreOptions.mfaLevel
       }),
       coreOptions,
+      analytics,
       authConnectionConfig: projectConfig.embeddedWalletAuth
     });
   };
 };
+function isAuthConnector(connector) {
+  if (!connector || connector.name !== WALLET_CONNECTORS.AUTH) {
+    return false;
+  }
+  const maybeAuthConnector = connector;
+  return typeof maybeAuthConnector.switchAccount === "function" && typeof maybeAuthConnector.linkAccount === "function" && typeof maybeAuthConnector.unlinkAccount === "function";
+}
+function assertAuthConnector(connector, errorMessage = "Account linking is only supported when connected with the AUTH connector.") {
+  if (!isAuthConnector(connector)) {
+    throw WalletLoginError.unsupportedOperation(errorMessage);
+  }
+}
 
-export { authConnector };
+export { assertAuthConnector, authConnector, isAuthConnector };