Skip to content

Feat: sdk v11#136

Open
tuna1207 wants to merge 4 commits into
masterfrom
feat/sdk-v11
Open

Feat: sdk v11#136
tuna1207 wants to merge 4 commits into
masterfrom
feat/sdk-v11

Conversation

@tuna1207

@tuna1207 tuna1207 commented Jul 10, 2026

Copy link
Copy Markdown
Member

Motivation and Context

Jira Link:

Description

Aligns @web3auth/react-native-sdk with @web3auth/auth v11 (citadel session model), matching the web SDK. This is a major release (10.0.0) that upgrades core dependencies, migrates the main auth flow from legacy StorageManager to AuthSessionManager, and updates versioned auth/dashboard URLs.

Changes

Dependency upgrades

  • @web3auth/auth ^10.8.0 → ^11.8.1
  • @toruslabs/session-manager ^4.0.2 → ^5.6.0
  • @toruslabs/constants ^15.0.0 → ^16.1.1
  • @web3auth/no-modal ^10.15.0 → ^11.3.0
  • @web3auth/ws-embed ^5.0.23 → ^6.1.0
  • Related @toruslabs/* controller/helper bumps

Citadel session manager (main auth flow)

  • New KeyStoreAdapter — IStorageAdapter over KeyStore with SecureStore-safe key sanitization (auth_store:session_id → auth_store_session_id)
  • AuthSessionManager for citadel sessions; legacy StorageManager kept for SFA and login payload staging
  • currentSessionId tracks connected state (AuthSessionManager has no sync sessionId getter)
  • Login / enableMFA parse full v11 redirect token set (sessionId, accessToken, refreshToken, idToken) → setTokens() → authorize()
  • Citadel logout via sessionManager.logout(); SFA logout unchanged (invalidateSession + KeyStore cleanup)
  • Env-specific defaults from @toruslabs/constants: citadelServerUrl, storageServerUrl, sessionSocketUrl

URLs & versioning

  • baseUrl derives /v11 from @web3auth/auth version export
  • dashboardUrl getter appends /v11 for prod/staging; manageMFA() redirects to ${dashboardUrl}/wallet/account
  • Analytics dapp_url derived from redirectUrl (no window.location on RN)
  • manageMFA() guard fixed: throws mfaNotEnabled when MFA is not enabled

Metro config

  • withWeb3Auth() resolves optional peers (react-native-quick-crypto) from the app node_modules, falling back to crypto-browserify

Version bump

  • package.json and sdkVersion → 10.0.0

Architecture

Web3Auth
├── sessionManager: AuthSessionManager (citadel) — main auth flow
├── sfaSessionManager?: StorageManager — SFA only
├── currentSessionId — connected state
└── createLoginSession() — legacy StorageManager for login payload staging

Breaking changes

  • Auth endpoints move to /v11; citadel sessions require the full token set from the auth redirect
  • Existing non-SFA sessions from pre-v11 may not restore after upgrade (citadel uses a different storage model)

How has this been tested?

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

  • My code follows the code style of this project. (run lint)
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • My code requires a db migration.

Note

High Risk
Changes core login, session restore, logout, and MFA flows and token storage—any mismatch with auth v11 redirects or Citadel will break existing integrations until apps migrate.

Overview
Upgrades the React Native SDK to @web3auth/auth v11 and shifts the standard login path from session-service–only storage to Citadel via AuthSessionManager, with tokens persisted in secure storage through a new KeyStoreAdapter.

Auth redirects now expect the full v11 token set (sessionId, accessToken, refreshToken, idToken); login, MFA enablement, init rehydration, and logout use setTokens / authorize() / logout() instead of writing a legacy KeyStore sessionId. SFA (idToken flows) still uses StorageManager on the storage server, with a KeyStore flag to pick the right path on restore.

Init adds defaulted citadelServerUrl, storageServerUrl, and sessionSocketUrl, and production URLs are versioned (auth/dashboard major from @web3auth/auth, wallet /v5). getHashQueryParams and connected/currentSessionId tracking were updated for this model.

Metro withWeb3Auth gains resolver fixes for @noble/hashes/crypto and deep @web3auth/no-modal/dist imports; fetchProjectConfig surfaces API error bodies more clearly.

Reviewed by Cursor Bugbot for commit 081c4a6. Bugbot is set up for automated code reviews on this repo. Configure here.

Comment thread src/metro/metro-config.js
"node:crypto": require.resolve("react-native-quick-crypto"),
"node:crypto": quickCryptoPath,
"node:stream": require.resolve("readable-stream"),
"node:buffer": require.resolve("buffer"),

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should be able to remove some polyfills here

Comment thread src/types/interface.ts
type SdkSpecificInitParams = {
enableLogging?: boolean;
useCoreKitKey?: boolean;
useMpc?: boolean;

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove mpc

Comment thread package.json
"@toruslabs/session-manager": "^5.6.0",
"@toruslabs/torus.js": "^17.2.3",
"@web3auth/auth": "^11.8.1",
"@web3auth/ethereum-provider": "^9.7.0",

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we can do more here. Let's do a better clean up at the end

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

don't action now. we will do in the last pr

Comment thread src/Web3Auth.ts
} else if (options.buildEnv === BUILD_ENV.STAGING) {
options.sdkUrl = "https://staging-auth.web3auth.io";
options.dashboardUrl = "https://staging-account.web3auth.io/wallet/account";
options.dashboardUrl = "https://staging-account.web3auth.io";

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

use the mm urls now

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants