Skip to content

Feat: sdk v11 hooks#139

Open
tuna1207 wants to merge 9 commits into
masterfrom
feat/sdk-v11-hooks
Open

Feat: sdk v11 hooks#139
tuna1207 wants to merge 9 commits into
masterfrom
feat/sdk-v11-hooks

Conversation

@tuna1207

@tuna1207 tuna1207 commented Jul 15, 2026

Copy link
Copy Markdown
Member

Motivation and Context

This PR brings the React Hooks integration in line with Web3Auth SDK v11 session/auth APIs and dashboard-driven project configuration. Hooks consumers need clearer separation between connected (wallet/session keys) and authorized (citadel access token), plus hooks for token info and session refresh. It also aligns analytics, account abstraction (including EIP-7702), and setup docs with the rest of the v11 SDK surface.

Jira Link: https://consensyssoftware.atlassian.net/browse/EMBED-399

Description

React Hooks

  • Extend Web3AuthProvider / useWeb3Auth() with isAuthorized and accessToken, distinguishing citadel-authorized sessions from SFA-connected sessions.
  • Add syncSessionState() to rehydrate provider, MFA flag, and access token after init, connect, MFA, or refresh.
  • Add useAuthTokenInfo and useRefreshSession hooks.
  • Update useAccessToken to read/write shared context state (accessToken; token kept as deprecated alias).
  • Deprecate useIdentityToken / getIdentityToken() in favor of useAuthTokenInfo / getAuthTokenInfo().
  • Update useEnableMFA and useManageMFA to sync session state after redirect flows.
  • Default loginSource to "web3auth-react-native" in useWeb3AuthConnect.
  • Tag hooks usage with integration_type: "React Hooks" in analytics.

Core SDK

  • Refactor analytics: structured error_code / error_message, richer initialization properties (CAIP chain IDs, RPC hostnames, AA/wallet-services config), and connection failure tracking.
  • Add disableAnalytics and enableAnalyticsInDev init options.
  • Load sessionTime from dashboard project config (fallback: 86400).
  • Pass aa_provider when fetching project config; support externalWalletAuth in auth payloads.
  • Account abstraction: EIP-7702 smart account validation, skip ERC-4337 provider wrapping for 7702, derive useAAWithExternalWallet from dashboard walletScope.
  • Extract clearLocalSessionState() for logout and failed session refresh.
  • Add wallet UI option enableDefiPositionsDisplay and defaultPortfolio: "defi".
  • Fix MFA management analytics (MFA_MANAGEMENT_SELECTED / MFA_MANAGEMENT_COMPLETED).

Metro & docs

  • Add MessageEvent polyfill in global-shim.js for Hermes (@web3auth/auth postMessageStream).
  • Major README update: Node 22+ / npm 10+, Metro withWeb3Auth setup, entry setup import, bare/Expo redirect URL configuration, and analytics documentation.
  • Update bare and Expo hooks demo apps to exercise the new APIs.

How has this been tested?

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

  • My code follows the code style of this project. (run lint)
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • My code requires a db migration.

Note

Low Risk
Changes are limited to README, a sample app, and lockfile updates with no production SDK logic in this diff.

Overview
Documentation is expanded to match the v11 React Native integration: Node/npm requirements, separate Bare vs Expo dependency installs, Metro withWeb3Auth, mandatory @web3auth/react-native-sdk/setup as the first import, and clearer redirect URL / whitelist guidance (including Expo Go vs standalone). Usage examples now use EncryptedStorage / SecureStore, WEB3AUTH_NETWORK, init() + connectTo() instead of login(), and a new analytics section (disableAnalytics, enableAnalyticsInDev). The sample apps link points at demo/ instead of example/.

The bare hooks demo (demo/rn-bare-hooks-example) is updated to import setup first and exercise v11 session APIs: isAuthorized / accessToken, useAccessToken, useAuthTokenInfo, and useRefreshSession (replacing useIdentityToken). iOS Podfile.lock adds RNCAsyncStorage and refreshes several pod checksums.

Reviewed by Cursor Bugbot for commit 2c9b246. Bugbot is set up for automated code reviews on this repo. Configure here.

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit 21f83dd. Configure here.

Comment thread demo/rn-bare-hooks-example/App.tsx Outdated
Comment thread src/base/analytics.ts
Comment thread src/base/analytics.ts
}

private isSkipped() {
// const dappOrigin = window.location.origin;

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we revert these lines?

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i don't think we should, there is no window in react native

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Then can we remove the irrelevant codes please?

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do you mean this part ?

// const dappOrigin = window.location.origin;

it's already removed

const accessToken = await web3Auth.getAccessToken();
setToken(accessToken);
return accessToken;
const nextAccessToken = await web3Auth.getAccessToken();

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we have guards here? Asserting connector statuses might be helpful I think.

@tuna1207 tuna1207 Jul 16, 2026

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think no need because RN’s core only has connected and connected / disconnected - no status machine to sync.

const [isMFAEnabled, setIsMFAEnabled] = useState<boolean>(false);
const [isConnected, setIsConnected] = useState<boolean>(false);
const [isAuthorized, setIsAuthorized] = useState<boolean>(false);
const [accessToken, setAccessToken] = useState<string | null>(null);

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we add connector statuses state too?

setIsMFAEnabled(true);
}
// Refresh rotated citadel tokens / MFA flags into the provider snapshot.
await syncSessionState();

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please correct me if I'm wrong. Do we really need this?

Under the hood, it just looks like updating the local state for the web3AuthInnerContext.
If I understand it correct, web3AuthInnerContext has already handled this in useEffect.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

enableMFA() does not emit connected. It rotates tokens via setTokens, then refreshSession(), and returns. The user was already connected, so that listener never fires.

Without the explicit sync, React context stays stale for:

  • accessToken / isAuthorized — citadel tokens were rotated
  • isMFAEnabled — updated on the SDK instance, not pushed into context automatically

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We did refreshSession here though.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

refreshSession under the hood update the Web3Auth instance state.

React.effect watches the web3Auth instance, triggered the useEffect again due to the state change.
From the implementation, it should trigger.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

refreshSession mutates fields on that same object (updateState, session data, etc.). That does not change the web3Auth reference, so the effect should not re-run for that reason alone.
(the web3Auth instance in react hook dependency is a shallow compare)

try {
await web3Auth.manageMFA();
// Redirect may rotate citadel tokens; resync MFA + authorization snapshot.
await syncSessionState();

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same as #139 (comment)

Comment thread src/types/interface.ts
* Ignored when {@link disableAnalytics} is true. Production/release builds
* already send analytics by default.
*/
enableAnalyticsInDev?: boolean;

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this only for our debug/local purpose?

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, only for dev analytics purpose

Comment thread src/utils.ts Outdated
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants