feat: external wallet session management#2432
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
packages/no-modal/src/connectors/wallet-connect-v2-connector/walletConnectV2Connector.ts
Show resolved
Hide resolved
hieu-w
changed the title
packages/no-modal/src/connectors/base-evm-connector/baseEvmConnector.ts
Outdated
Show resolved
Hide resolved
packages/no-modal/src/connectors/wallet-connect-v2-connector/walletConnectV2Connector.ts
Outdated
Show resolved
Hide resolved
chaitanyapotti
left a comment
chaitanyapotti
left a comment
There was a problem hiding this comment.
i think we should use the AuthSessionManager to manage the session here and not write custom saving of tokens.
packages/no-modal/src/connectors/wallet-connect-v2-connector/walletConnectV2Connector.ts
Show resolved
Hide resolved
| ethereumProvider: this.provider, | ||
| solanaWallet: this._solanaWallet, | ||
| identityTokenInfo, | ||
| authTokenInfo, |
There was a problem hiding this comment.
authTokenInfo here is undefined value? In Line 439, we just initialized the value with undefined only.
Should we move this emit to after we called await this.getAuthTokenInfo();?
| ethereumProvider: this.provider, | ||
| solanaWallet: null, | ||
| identityTokenInfo, | ||
| authTokenInfo, |
hieu-w
force-pushed
the
feat/External-wallet-session-management
branch
from
b9d47b1 to
f7588b0
Compare
| const userInfo = await this.getUserInfo(); | ||
| this.status = CONNECTOR_STATUS.AUTHORIZED; | ||
| this.emit(CONNECTOR_EVENTS.AUTHORIZED, { connector: WALLET_CONNECTORS.AUTH, identityTokenInfo: { idToken: userInfo.idToken as string } }); | ||
| this.emit(CONNECTOR_EVENTS.AUTHORIZED, { connector: WALLET_CONNECTORS.AUTH, authTokenInfo: { idToken: userInfo.idToken as string } }); |
There was a problem hiding this comment.
should return access and refresh token from auth sdk as well
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Reviewed by Cursor Bugbot for commit 4d4546c. Configure here.
| chainNamespace, | ||
| signedMessage as string, | ||
| challenge, | ||
| this.name, |
There was a problem hiding this comment.
EVM/Solana connectors never clean up auth sessions on disconnect
Medium Severity
The disconnect() method in BaseEvmConnector and BaseSolanaConnector never calls clearWalletSession(), so AuthSessionManager session tokens persist in storage after disconnect. The walletConnectV2Connector correctly calls await this.clearWalletSession() in its disconnect() override, creating an inconsistency. The disconnectSession() method that does call clearWalletSession() appears to be dead code — it's defined but never invoked from disconnect(), noModal.logout(), or anywhere else reachable in the call graph.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 4d4546c. Configure here.
4 participants
Jira Link
Description
Fix
verifySignedChallengecall in the WalletConnect v2 connector to match the updatedVerifySignedChallengeParamsinterface from@toruslabs/base-controllers.The
baseEvmConnectorandbaseSolanaConnectorwere already updated butwalletConnectV2Connectorwas missed:deviceInfo: getDeviceInfo()parameter (required byVerifySignedChallengeParams)verifySignedChallengenow returnsSiwwTokens(withidToken,accessToken,refreshToken) instead of a plain stringIdentityTokenInfopattern, matching the other two connectorsHow has this been tested?
baseEvmConnector.tsandbaseSolanaConnector.tsScreenshots (if appropriate)
N/A
Types of changes
Checklist
Note
High Risk
Changes how external-wallet authentication tokens are fetched, stored, refreshed, and cleared, including new access/refresh token handling and configurable storage adapters; regressions here could break login/authorization flows or leak/retain sessions unexpectedly.
Overview
Adds external wallet session management by replacing
getIdentityToken/useIdentityTokenwithgetAuthTokenInfo/useAuthTokenInfoacross React/Vue hooks, connectors, and demos, and expanding token handling to include id/access/refresh tokens.External connectors (EVM, Solana, WalletConnect v2, Coinbase, injected) now use a shared
AuthSessionManager-backed flow to cache tokens, refresh access tokens when needed, and best-effort clear sessions on disconnect; the core state is extended to persistaccessToken/refreshTokenalongsideidToken, and SSR token fetching is updated accordingly.Introduces configurable token storage in
IWeb3AuthCoreOptions(storage+cookieOptions) and wires it into the Vue demo UI, while updating dependencies (notably@toruslabs/*controllers and@web3auth/auth) and addingoxwhere required.Reviewed by Cursor Bugbot for commit 4d4546c. Bugbot is set up for automated code reviews on this repo. Configure here.