feat: external wallet session management

[hieu-w]

Jira Link

Description

Fix verifySignedChallenge call in the WalletConnect v2 connector to match the updated VerifySignedChallengeParams interface from @toruslabs/base-controllers.

The baseEvmConnector and baseSolanaConnector were already updated but walletConnectV2Connector was missed:

• Added missing deviceInfo: getDeviceInfo() parameter (required by VerifySignedChallengeParams)
• Updated return type handling: verifySignedChallenge now returns SiwwTokens (with idToken, accessToken, refreshToken) instead of a plain string
• Aligned token handling to use IdentityTokenInfo pattern, matching the other two connectors

How has this been tested?

• TypeScript type-check passes with no errors
• Verified the fix matches the existing pattern in baseEvmConnector.ts and baseSolanaConnector.ts

Screenshots (if appropriate)

N/A

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist

• My code follows the code style of this project. (run lint)
• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have added tests to cover my changes.
• All new and existing tests passed.

---

Note

Medium Risk
Touches authentication/session persistence for external wallet connectors by introducing cached/refreshable token storage and changing the token API surface; regressions could break login/rehydration or token lifecycle across connectors. Dependency bumps (Torus controllers/Auth/MetaMask kit) also increase integration risk.

Overview
Adds a new auth token info flow that replaces getIdentityToken/useIdentityToken with getAuthTokenInfo/useAuthTokenInfo across Modal + No-Modal SDKs and demo apps, standardizing on returning { idToken, accessToken?, refreshToken? }.

Implements external wallet session management in @web3auth/no-modal by introducing AuthSessionManager-backed token caching/refresh + best-effort logout cleanup, wiring it through connector init/connection events (including WalletConnect v2) and persisting tokens in core state (supports SSR token fetch).

Adds configurable token storage adapters (storage/cookieOptions) and exposes a Vue demo setting to select token storage, while updating dependencies to newer @toruslabs/*/@web3auth/auth versions and adding ox.

^{Reviewed by Cursor Bugbot for commit b232857. Bugbot is set up for automated code reviews on this repo. Configure here.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
web3auth-web	Ready	Preview, Comment	Apr 5, 2026 7:22am

[chaitanyapotti]

i think we should use the AuthSessionManager to manage the session here and not write custom saving of tokens.

[arch1995]

i think we dont need to pass it here

[arch1995]

pls rename this key

[arch1995]

i think no need to pass

[arch1995]

idToken is never refreshed, it remains same for the entire session

[arch1995]

idtoken is never refreshed currently

[hieu-w]

Updated

[arch1995]

why do we need this ?

[hieu-w]

I removed it

[arch1995]

do we need this ? i think I exported everything from the auth package.

[hieu-w]

@arch1995 we miss AuthSessionManager, do we will export from auth sdk?

[lwin-kyaw]

Hey, I saw this usage in multiple places (baseSolanaConnector, walletConnectV2Connector).
Would be nice if we could refactor this to shared func/method

[hieu-w]

Updated

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit e46b571. Configure here.}