Skip to content

fix: persist new accessToken in SeedlessOnboarding Vault after tokens refresh#7800

Merged
lwin-kyaw merged 17 commits intomainfrom
feat/get-access-token-with-refresh
Feb 11, 2026
Merged

fix: persist new accessToken in SeedlessOnboarding Vault after tokens refresh#7800
lwin-kyaw merged 17 commits intomainfrom
feat/get-access-token-with-refresh

Conversation

@lwin-kyaw
Copy link
Contributor

@lwin-kyaw lwin-kyaw commented Feb 2, 2026

Explanation

This PR address

  • fix new accessToken isn't being persisted to vault after the tokens refresh (refreshAuthToken()).
  • add a new public method getAccessToken() with automatic token refresh capability to prevent clients from using expired access tokens when retrieving them from state.

Issue:

Previously, clients could directly access state.accessToken from the controller state, which could potentially return an expired token. This could lead to failed API calls and poor user experience when the token had expired but wasn't refreshed.

Solution:

  • Added a new public method getAccessToken() that automatically refreshes expired tokens: Uses the #executeWithTokenRefresh wrapper to check token expiration and refresh if needed before returning
  • Persisted new accessToken into Encrypted vault after token refresh.

Persist newAccessToken in the encrypted vault

The persist flow can be different based on the wallet (vault) status when refreshAuthTokens() is called.

  1. When wallet is unlocked (vault encryptionKey is available in the state).
    When wallet is unlocked, vault encryption key is temporarily cached in the controller state and the values inside the encrypted vault are also flooded into the controller state, for performance and to avoid the password dependency
    We can use these cache values and create a new encrypted vault (with updated accessToken).
Screenshot 2026-02-03 at 1 47 36 AM
  1. When wallet is locked (Password must be provided)

While the wallet is locked, refreshAuthTokens() can be called under one condition, i.e, check for password sync (getAuthPubKey RPC call) when user tries to unlock the wallet.
In this case, we can't immediately update the encrypted vault as the wallet is locked. So, we will temporarily store the new accessToken in the controller state, then persist the stored value later in the vault unlock (only when user provides correct password) and update the vault.

Screenshot 2026-02-03 at 12 22 38 PM

Based on the password sync status, the persist flow can be a little bit different.

2.1. Password is in sync

When user's current device password is in sync, we will update the vault when user unlocks via submitPassword.
Vault is decrypted using the submitted password, we will compare the access token value from decrypted vault (accessToken1) and recently set new access token (accessToken2). If the accessToken is different and detected as new, we will update the encrypted vault value in the state (using password).
Please note that this requires an additional encryption step to update the latestToken in encrypted vault.

Screenshot 2026-02-03 at 12 29 21 PM

2.2. Password is not in sync (OutdatedPassword).

When user's current device password is out of sync and user submits the latest globalPassword, we do the pwEncKey recovery first so that we can unlock the current vault. Similar to the flow above (2.1), we decrypt the current vault and compare the two tokens (accessToken1 and accessToken2). If the accessToken is different and detected as new, we will update the controller state and encrypted vault.
Unlike the flow (2.1.), this doesn't require additional encryption, as we can include the latest accessToken when we sync the latest global enc keys into the controller.

Screenshot 2026-02-03 at 3 53 31 PM

References

Fixes #7805, MetaMask/metamask-extension#39566

Checklist

  • I've updated the test suite for new or updated code as appropriate
  • I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate
  • I've communicated my changes to consumers by updating changelogs for packages I've changed
  • I've introduced breaking changes in this PR and have prepared draft pull requests for clients and consumer packages to resolve them

Note

Medium Risk
Touches vault encryption/update paths and token refresh behavior, so bugs could lead to incorrect vault contents or token state during unlock/refresh flows, though changes are localized and well-covered by tests.

Overview
Fixes token persistence by updating the seedless onboarding vault when refreshAuthTokens() obtains a new accessToken, using encryptWithKey when the wallet is already unlocked and reconciling state vs vault tokens during submitPassword/submitGlobalPassword via a new compareAndGetLatestToken helper.

Adds a new public getAccessToken() action/messenger handler that returns the current access token and triggers the existing refresh flow when tokens are expired, and introduces assertIsValidPassword plus test refactors/new cases (including a shared createMockJWTToken) to cover these behaviors. Breaking: the injected vault encryptor must now implement encryptWithKey.

Written by Cursor Bugbot for commit 09a0ddf. This will update automatically on new commits. Configure here.

@lwin-kyaw lwin-kyaw requested a review from a team as a code owner February 2, 2026 06:11
@lwin-kyaw lwin-kyaw requested a review from a team as a code owner February 2, 2026 06:16
@lwin-kyaw
Copy link
Contributor Author

@metamaskbot publish-preview

@github-actions
Copy link
Contributor

github-actions bot commented Feb 2, 2026

Preview builds have been published. See these instructions for more information about preview builds.

Expand for full list of packages and versions.
{
  "@metamask-previews/account-tree-controller": "4.0.0-preview-719a409",
  "@metamask-previews/accounts-controller": "35.0.2-preview-719a409",
  "@metamask-previews/address-book-controller": "7.0.1-preview-719a409",
  "@metamask-previews/ai-controllers": "0.0.0-preview-719a409",
  "@metamask-previews/analytics-controller": "1.0.0-preview-719a409",
  "@metamask-previews/analytics-data-regulation-controller": "0.0.0-preview-719a409",
  "@metamask-previews/announcement-controller": "8.0.0-preview-719a409",
  "@metamask-previews/app-metadata-controller": "2.0.0-preview-719a409",
  "@metamask-previews/approval-controller": "8.0.0-preview-719a409",
  "@metamask-previews/assets-controller": "0.0.0-preview-719a409",
  "@metamask-previews/assets-controllers": "99.1.0-preview-719a409",
  "@metamask-previews/base-controller": "9.0.0-preview-719a409",
  "@metamask-previews/bridge-controller": "65.1.0-preview-719a409",
  "@metamask-previews/bridge-status-controller": "65.0.1-preview-719a409",
  "@metamask-previews/build-utils": "3.0.4-preview-719a409",
  "@metamask-previews/chain-agnostic-permission": "1.4.0-preview-719a409",
  "@metamask-previews/claims-controller": "0.4.2-preview-719a409",
  "@metamask-previews/composable-controller": "12.0.0-preview-719a409",
  "@metamask-previews/connectivity-controller": "0.1.0-preview-719a409",
  "@metamask-previews/controller-utils": "11.18.0-preview-719a409",
  "@metamask-previews/core-backend": "5.0.0-preview-719a409",
  "@metamask-previews/delegation-controller": "2.0.0-preview-719a409",
  "@metamask-previews/earn-controller": "11.1.0-preview-719a409",
  "@metamask-previews/eip-5792-middleware": "2.1.0-preview-719a409",
  "@metamask-previews/eip-7702-internal-rpc-middleware": "0.1.0-preview-719a409",
  "@metamask-previews/eip1193-permission-middleware": "1.0.3-preview-719a409",
  "@metamask-previews/ens-controller": "19.0.2-preview-719a409",
  "@metamask-previews/error-reporting-service": "3.0.1-preview-719a409",
  "@metamask-previews/eth-block-tracker": "15.0.1-preview-719a409",
  "@metamask-previews/eth-json-rpc-middleware": "23.0.0-preview-719a409",
  "@metamask-previews/eth-json-rpc-provider": "6.0.0-preview-719a409",
  "@metamask-previews/foundryup": "1.0.1-preview-719a409",
  "@metamask-previews/gas-fee-controller": "26.0.2-preview-719a409",
  "@metamask-previews/gator-permissions-controller": "1.1.2-preview-719a409",
  "@metamask-previews/json-rpc-engine": "10.2.1-preview-719a409",
  "@metamask-previews/json-rpc-middleware-stream": "8.0.8-preview-719a409",
  "@metamask-previews/keyring-controller": "25.1.0-preview-719a409",
  "@metamask-previews/logging-controller": "7.0.1-preview-719a409",
  "@metamask-previews/message-manager": "14.1.0-preview-719a409",
  "@metamask-previews/messenger": "0.3.0-preview-719a409",
  "@metamask-previews/multichain-account-service": "5.1.0-preview-719a409",
  "@metamask-previews/multichain-api-middleware": "1.2.6-preview-719a409",
  "@metamask-previews/multichain-network-controller": "3.0.2-preview-719a409",
  "@metamask-previews/multichain-transactions-controller": "7.0.0-preview-719a409",
  "@metamask-previews/name-controller": "9.0.0-preview-719a409",
  "@metamask-previews/network-controller": "29.0.0-preview-719a409",
  "@metamask-previews/network-enablement-controller": "4.1.0-preview-719a409",
  "@metamask-previews/notification-services-controller": "21.0.0-preview-719a409",
  "@metamask-previews/permission-controller": "12.2.0-preview-719a409",
  "@metamask-previews/permission-log-controller": "5.0.0-preview-719a409",
  "@metamask-previews/perps-controller": "0.0.0-preview-719a409",
  "@metamask-previews/phishing-controller": "16.1.0-preview-719a409",
  "@metamask-previews/polling-controller": "16.0.2-preview-719a409",
  "@metamask-previews/preferences-controller": "22.0.0-preview-719a409",
  "@metamask-previews/profile-metrics-controller": "3.0.0-preview-719a409",
  "@metamask-previews/profile-sync-controller": "27.0.0-preview-719a409",
  "@metamask-previews/ramps-controller": "5.1.0-preview-719a409",
  "@metamask-previews/rate-limit-controller": "7.0.0-preview-719a409",
  "@metamask-previews/remote-feature-flag-controller": "4.0.0-preview-719a409",
  "@metamask-previews/sample-controllers": "4.0.2-preview-719a409",
  "@metamask-previews/seedless-onboarding-controller": "7.1.0-preview-719a409",
  "@metamask-previews/selected-network-controller": "26.0.2-preview-719a409",
  "@metamask-previews/shield-controller": "5.0.1-preview-719a409",
  "@metamask-previews/signature-controller": "39.0.1-preview-719a409",
  "@metamask-previews/storage-service": "1.0.0-preview-719a409",
  "@metamask-previews/subscription-controller": "5.4.2-preview-719a409",
  "@metamask-previews/transaction-controller": "62.12.0-preview-719a409",
  "@metamask-previews/transaction-pay-controller": "12.0.2-preview-719a409",
  "@metamask-previews/user-operation-controller": "41.0.2-preview-719a409"
}

@lwin-kyaw
Copy link
Contributor Author

@metamaskbot publish-preview

@github-actions
Copy link
Contributor

github-actions bot commented Feb 2, 2026

Preview builds have been published. See these instructions for more information about preview builds.

Expand for full list of packages and versions.
{
  "@metamask-previews/account-tree-controller": "4.0.0-preview-dcbbb24",
  "@metamask-previews/accounts-controller": "35.0.2-preview-dcbbb24",
  "@metamask-previews/address-book-controller": "7.0.1-preview-dcbbb24",
  "@metamask-previews/ai-controllers": "0.0.0-preview-dcbbb24",
  "@metamask-previews/analytics-controller": "1.0.0-preview-dcbbb24",
  "@metamask-previews/analytics-data-regulation-controller": "0.0.0-preview-dcbbb24",
  "@metamask-previews/announcement-controller": "8.0.0-preview-dcbbb24",
  "@metamask-previews/app-metadata-controller": "2.0.0-preview-dcbbb24",
  "@metamask-previews/approval-controller": "8.0.0-preview-dcbbb24",
  "@metamask-previews/assets-controller": "0.0.0-preview-dcbbb24",
  "@metamask-previews/assets-controllers": "99.1.0-preview-dcbbb24",
  "@metamask-previews/base-controller": "9.0.0-preview-dcbbb24",
  "@metamask-previews/bridge-controller": "65.1.0-preview-dcbbb24",
  "@metamask-previews/bridge-status-controller": "65.0.1-preview-dcbbb24",
  "@metamask-previews/build-utils": "3.0.4-preview-dcbbb24",
  "@metamask-previews/chain-agnostic-permission": "1.4.0-preview-dcbbb24",
  "@metamask-previews/claims-controller": "0.4.2-preview-dcbbb24",
  "@metamask-previews/composable-controller": "12.0.0-preview-dcbbb24",
  "@metamask-previews/connectivity-controller": "0.1.0-preview-dcbbb24",
  "@metamask-previews/controller-utils": "11.18.0-preview-dcbbb24",
  "@metamask-previews/core-backend": "5.0.0-preview-dcbbb24",
  "@metamask-previews/delegation-controller": "2.0.0-preview-dcbbb24",
  "@metamask-previews/earn-controller": "11.1.0-preview-dcbbb24",
  "@metamask-previews/eip-5792-middleware": "2.1.0-preview-dcbbb24",
  "@metamask-previews/eip-7702-internal-rpc-middleware": "0.1.0-preview-dcbbb24",
  "@metamask-previews/eip1193-permission-middleware": "1.0.3-preview-dcbbb24",
  "@metamask-previews/ens-controller": "19.0.2-preview-dcbbb24",
  "@metamask-previews/error-reporting-service": "3.0.1-preview-dcbbb24",
  "@metamask-previews/eth-block-tracker": "15.0.1-preview-dcbbb24",
  "@metamask-previews/eth-json-rpc-middleware": "23.0.0-preview-dcbbb24",
  "@metamask-previews/eth-json-rpc-provider": "6.0.0-preview-dcbbb24",
  "@metamask-previews/foundryup": "1.0.1-preview-dcbbb24",
  "@metamask-previews/gas-fee-controller": "26.0.2-preview-dcbbb24",
  "@metamask-previews/gator-permissions-controller": "1.1.2-preview-dcbbb24",
  "@metamask-previews/json-rpc-engine": "10.2.1-preview-dcbbb24",
  "@metamask-previews/json-rpc-middleware-stream": "8.0.8-preview-dcbbb24",
  "@metamask-previews/keyring-controller": "25.1.0-preview-dcbbb24",
  "@metamask-previews/logging-controller": "7.0.1-preview-dcbbb24",
  "@metamask-previews/message-manager": "14.1.0-preview-dcbbb24",
  "@metamask-previews/messenger": "0.3.0-preview-dcbbb24",
  "@metamask-previews/multichain-account-service": "5.1.0-preview-dcbbb24",
  "@metamask-previews/multichain-api-middleware": "1.2.6-preview-dcbbb24",
  "@metamask-previews/multichain-network-controller": "3.0.2-preview-dcbbb24",
  "@metamask-previews/multichain-transactions-controller": "7.0.0-preview-dcbbb24",
  "@metamask-previews/name-controller": "9.0.0-preview-dcbbb24",
  "@metamask-previews/network-controller": "29.0.0-preview-dcbbb24",
  "@metamask-previews/network-enablement-controller": "4.1.0-preview-dcbbb24",
  "@metamask-previews/notification-services-controller": "21.0.0-preview-dcbbb24",
  "@metamask-previews/permission-controller": "12.2.0-preview-dcbbb24",
  "@metamask-previews/permission-log-controller": "5.0.0-preview-dcbbb24",
  "@metamask-previews/perps-controller": "0.0.0-preview-dcbbb24",
  "@metamask-previews/phishing-controller": "16.1.0-preview-dcbbb24",
  "@metamask-previews/polling-controller": "16.0.2-preview-dcbbb24",
  "@metamask-previews/preferences-controller": "22.0.0-preview-dcbbb24",
  "@metamask-previews/profile-metrics-controller": "3.0.0-preview-dcbbb24",
  "@metamask-previews/profile-sync-controller": "27.0.0-preview-dcbbb24",
  "@metamask-previews/ramps-controller": "5.1.0-preview-dcbbb24",
  "@metamask-previews/rate-limit-controller": "7.0.0-preview-dcbbb24",
  "@metamask-previews/remote-feature-flag-controller": "4.0.0-preview-dcbbb24",
  "@metamask-previews/sample-controllers": "4.0.2-preview-dcbbb24",
  "@metamask-previews/seedless-onboarding-controller": "7.1.0-preview-dcbbb24",
  "@metamask-previews/selected-network-controller": "26.0.2-preview-dcbbb24",
  "@metamask-previews/shield-controller": "5.0.1-preview-dcbbb24",
  "@metamask-previews/signature-controller": "39.0.1-preview-dcbbb24",
  "@metamask-previews/storage-service": "1.0.0-preview-dcbbb24",
  "@metamask-previews/subscription-controller": "5.4.2-preview-dcbbb24",
  "@metamask-previews/transaction-controller": "62.12.0-preview-dcbbb24",
  "@metamask-previews/transaction-pay-controller": "12.0.2-preview-dcbbb24",
  "@metamask-previews/user-operation-controller": "41.0.2-preview-dcbbb24"
}

@lwin-kyaw
Copy link
Contributor Author

@metamaskbot publish-preview

@github-actions
Copy link
Contributor

github-actions bot commented Feb 2, 2026

Preview builds have been published. See these instructions for more information about preview builds.

Expand for full list of packages and versions.
{
  "@metamask-previews/account-tree-controller": "4.0.0-preview-4594ee99",
  "@metamask-previews/accounts-controller": "35.0.2-preview-4594ee99",
  "@metamask-previews/address-book-controller": "7.0.1-preview-4594ee99",
  "@metamask-previews/ai-controllers": "0.0.0-preview-4594ee99",
  "@metamask-previews/analytics-controller": "1.0.0-preview-4594ee99",
  "@metamask-previews/analytics-data-regulation-controller": "0.0.0-preview-4594ee99",
  "@metamask-previews/announcement-controller": "8.0.0-preview-4594ee99",
  "@metamask-previews/app-metadata-controller": "2.0.0-preview-4594ee99",
  "@metamask-previews/approval-controller": "8.0.0-preview-4594ee99",
  "@metamask-previews/assets-controller": "0.0.0-preview-4594ee99",
  "@metamask-previews/assets-controllers": "99.1.0-preview-4594ee99",
  "@metamask-previews/base-controller": "9.0.0-preview-4594ee99",
  "@metamask-previews/bridge-controller": "65.1.0-preview-4594ee99",
  "@metamask-previews/bridge-status-controller": "65.0.1-preview-4594ee99",
  "@metamask-previews/build-utils": "3.0.4-preview-4594ee99",
  "@metamask-previews/chain-agnostic-permission": "1.4.0-preview-4594ee99",
  "@metamask-previews/claims-controller": "0.4.2-preview-4594ee99",
  "@metamask-previews/composable-controller": "12.0.0-preview-4594ee99",
  "@metamask-previews/connectivity-controller": "0.1.0-preview-4594ee99",
  "@metamask-previews/controller-utils": "11.18.0-preview-4594ee99",
  "@metamask-previews/core-backend": "5.0.0-preview-4594ee99",
  "@metamask-previews/delegation-controller": "2.0.0-preview-4594ee99",
  "@metamask-previews/earn-controller": "11.1.0-preview-4594ee99",
  "@metamask-previews/eip-5792-middleware": "2.1.0-preview-4594ee99",
  "@metamask-previews/eip-7702-internal-rpc-middleware": "0.1.0-preview-4594ee99",
  "@metamask-previews/eip1193-permission-middleware": "1.0.3-preview-4594ee99",
  "@metamask-previews/ens-controller": "19.0.2-preview-4594ee99",
  "@metamask-previews/error-reporting-service": "3.0.1-preview-4594ee99",
  "@metamask-previews/eth-block-tracker": "15.0.1-preview-4594ee99",
  "@metamask-previews/eth-json-rpc-middleware": "23.0.0-preview-4594ee99",
  "@metamask-previews/eth-json-rpc-provider": "6.0.0-preview-4594ee99",
  "@metamask-previews/foundryup": "1.0.1-preview-4594ee99",
  "@metamask-previews/gas-fee-controller": "26.0.2-preview-4594ee99",
  "@metamask-previews/gator-permissions-controller": "1.1.2-preview-4594ee99",
  "@metamask-previews/json-rpc-engine": "10.2.1-preview-4594ee99",
  "@metamask-previews/json-rpc-middleware-stream": "8.0.8-preview-4594ee99",
  "@metamask-previews/keyring-controller": "25.1.0-preview-4594ee99",
  "@metamask-previews/logging-controller": "7.0.1-preview-4594ee99",
  "@metamask-previews/message-manager": "14.1.0-preview-4594ee99",
  "@metamask-previews/messenger": "0.3.0-preview-4594ee99",
  "@metamask-previews/multichain-account-service": "5.1.0-preview-4594ee99",
  "@metamask-previews/multichain-api-middleware": "1.2.6-preview-4594ee99",
  "@metamask-previews/multichain-network-controller": "3.0.2-preview-4594ee99",
  "@metamask-previews/multichain-transactions-controller": "7.0.0-preview-4594ee99",
  "@metamask-previews/name-controller": "9.0.0-preview-4594ee99",
  "@metamask-previews/network-controller": "29.0.0-preview-4594ee99",
  "@metamask-previews/network-enablement-controller": "4.1.0-preview-4594ee99",
  "@metamask-previews/notification-services-controller": "21.0.0-preview-4594ee99",
  "@metamask-previews/permission-controller": "12.2.0-preview-4594ee99",
  "@metamask-previews/permission-log-controller": "5.0.0-preview-4594ee99",
  "@metamask-previews/perps-controller": "0.0.0-preview-4594ee99",
  "@metamask-previews/phishing-controller": "16.1.0-preview-4594ee99",
  "@metamask-previews/polling-controller": "16.0.2-preview-4594ee99",
  "@metamask-previews/preferences-controller": "22.0.0-preview-4594ee99",
  "@metamask-previews/profile-metrics-controller": "3.0.0-preview-4594ee99",
  "@metamask-previews/profile-sync-controller": "27.0.0-preview-4594ee99",
  "@metamask-previews/ramps-controller": "5.1.0-preview-4594ee99",
  "@metamask-previews/rate-limit-controller": "7.0.0-preview-4594ee99",
  "@metamask-previews/remote-feature-flag-controller": "4.0.0-preview-4594ee99",
  "@metamask-previews/sample-controllers": "4.0.2-preview-4594ee99",
  "@metamask-previews/seedless-onboarding-controller": "7.1.0-preview-4594ee99",
  "@metamask-previews/selected-network-controller": "26.0.2-preview-4594ee99",
  "@metamask-previews/shield-controller": "5.0.1-preview-4594ee99",
  "@metamask-previews/signature-controller": "39.0.1-preview-4594ee99",
  "@metamask-previews/storage-service": "1.0.0-preview-4594ee99",
  "@metamask-previews/subscription-controller": "5.4.2-preview-4594ee99",
  "@metamask-previews/transaction-controller": "62.12.0-preview-4594ee99",
  "@metamask-previews/transaction-pay-controller": "12.0.2-preview-4594ee99",
  "@metamask-previews/user-operation-controller": "41.0.2-preview-4594ee99"
}

@lwin-kyaw
Copy link
Contributor Author

@metamaskbot publish-preview

@lwin-kyaw lwin-kyaw self-assigned this Feb 2, 2026
@lwin-kyaw lwin-kyaw changed the title feat: added 'getAccessToken' with refresh token if expired fix: persist new accessToken in SeedlessOnboarding Vault after tokens refresh Feb 2, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Feb 2, 2026

Preview builds have been published. See these instructions for more information about preview builds.

Expand for full list of packages and versions.
{
  "@metamask-previews/account-tree-controller": "4.0.0-preview-85f1a30c",
  "@metamask-previews/accounts-controller": "35.0.2-preview-85f1a30c",
  "@metamask-previews/address-book-controller": "7.0.1-preview-85f1a30c",
  "@metamask-previews/ai-controllers": "0.0.0-preview-85f1a30c",
  "@metamask-previews/analytics-controller": "1.0.0-preview-85f1a30c",
  "@metamask-previews/analytics-data-regulation-controller": "0.0.0-preview-85f1a30c",
  "@metamask-previews/announcement-controller": "8.0.0-preview-85f1a30c",
  "@metamask-previews/app-metadata-controller": "2.0.0-preview-85f1a30c",
  "@metamask-previews/approval-controller": "8.0.0-preview-85f1a30c",
  "@metamask-previews/assets-controller": "0.0.0-preview-85f1a30c",
  "@metamask-previews/assets-controllers": "99.1.0-preview-85f1a30c",
  "@metamask-previews/base-controller": "9.0.0-preview-85f1a30c",
  "@metamask-previews/bridge-controller": "65.1.0-preview-85f1a30c",
  "@metamask-previews/bridge-status-controller": "65.0.1-preview-85f1a30c",
  "@metamask-previews/build-utils": "3.0.4-preview-85f1a30c",
  "@metamask-previews/chain-agnostic-permission": "1.4.0-preview-85f1a30c",
  "@metamask-previews/claims-controller": "0.4.2-preview-85f1a30c",
  "@metamask-previews/composable-controller": "12.0.0-preview-85f1a30c",
  "@metamask-previews/connectivity-controller": "0.1.0-preview-85f1a30c",
  "@metamask-previews/controller-utils": "11.18.0-preview-85f1a30c",
  "@metamask-previews/core-backend": "5.0.0-preview-85f1a30c",
  "@metamask-previews/delegation-controller": "2.0.0-preview-85f1a30c",
  "@metamask-previews/earn-controller": "11.1.0-preview-85f1a30c",
  "@metamask-previews/eip-5792-middleware": "2.1.0-preview-85f1a30c",
  "@metamask-previews/eip-7702-internal-rpc-middleware": "0.1.0-preview-85f1a30c",
  "@metamask-previews/eip1193-permission-middleware": "1.0.3-preview-85f1a30c",
  "@metamask-previews/ens-controller": "19.0.2-preview-85f1a30c",
  "@metamask-previews/error-reporting-service": "3.0.1-preview-85f1a30c",
  "@metamask-previews/eth-block-tracker": "15.0.1-preview-85f1a30c",
  "@metamask-previews/eth-json-rpc-middleware": "23.0.0-preview-85f1a30c",
  "@metamask-previews/eth-json-rpc-provider": "6.0.0-preview-85f1a30c",
  "@metamask-previews/foundryup": "1.0.1-preview-85f1a30c",
  "@metamask-previews/gas-fee-controller": "26.0.2-preview-85f1a30c",
  "@metamask-previews/gator-permissions-controller": "1.1.2-preview-85f1a30c",
  "@metamask-previews/json-rpc-engine": "10.2.1-preview-85f1a30c",
  "@metamask-previews/json-rpc-middleware-stream": "8.0.8-preview-85f1a30c",
  "@metamask-previews/keyring-controller": "25.1.0-preview-85f1a30c",
  "@metamask-previews/logging-controller": "7.0.1-preview-85f1a30c",
  "@metamask-previews/message-manager": "14.1.0-preview-85f1a30c",
  "@metamask-previews/messenger": "0.3.0-preview-85f1a30c",
  "@metamask-previews/multichain-account-service": "5.1.0-preview-85f1a30c",
  "@metamask-previews/multichain-api-middleware": "1.2.6-preview-85f1a30c",
  "@metamask-previews/multichain-network-controller": "3.0.2-preview-85f1a30c",
  "@metamask-previews/multichain-transactions-controller": "7.0.0-preview-85f1a30c",
  "@metamask-previews/name-controller": "9.0.0-preview-85f1a30c",
  "@metamask-previews/network-controller": "29.0.0-preview-85f1a30c",
  "@metamask-previews/network-enablement-controller": "4.1.0-preview-85f1a30c",
  "@metamask-previews/notification-services-controller": "21.0.0-preview-85f1a30c",
  "@metamask-previews/permission-controller": "12.2.0-preview-85f1a30c",
  "@metamask-previews/permission-log-controller": "5.0.0-preview-85f1a30c",
  "@metamask-previews/perps-controller": "0.0.0-preview-85f1a30c",
  "@metamask-previews/phishing-controller": "16.1.0-preview-85f1a30c",
  "@metamask-previews/polling-controller": "16.0.2-preview-85f1a30c",
  "@metamask-previews/preferences-controller": "22.0.0-preview-85f1a30c",
  "@metamask-previews/profile-metrics-controller": "3.0.0-preview-85f1a30c",
  "@metamask-previews/profile-sync-controller": "27.0.0-preview-85f1a30c",
  "@metamask-previews/ramps-controller": "5.1.0-preview-85f1a30c",
  "@metamask-previews/rate-limit-controller": "7.0.0-preview-85f1a30c",
  "@metamask-previews/remote-feature-flag-controller": "4.0.0-preview-85f1a30c",
  "@metamask-previews/sample-controllers": "4.0.2-preview-85f1a30c",
  "@metamask-previews/seedless-onboarding-controller": "7.1.0-preview-85f1a30c",
  "@metamask-previews/selected-network-controller": "26.0.2-preview-85f1a30c",
  "@metamask-previews/shield-controller": "5.0.1-preview-85f1a30c",
  "@metamask-previews/signature-controller": "39.0.1-preview-85f1a30c",
  "@metamask-previews/storage-service": "1.0.0-preview-85f1a30c",
  "@metamask-previews/subscription-controller": "5.4.2-preview-85f1a30c",
  "@metamask-previews/transaction-controller": "62.12.0-preview-85f1a30c",
  "@metamask-previews/transaction-pay-controller": "12.0.2-preview-85f1a30c",
  "@metamask-previews/user-operation-controller": "41.0.2-preview-85f1a30c"
}

@lwin-kyaw lwin-kyaw marked this pull request as draft February 2, 2026 17:48
@lwin-kyaw
Copy link
Contributor Author

@metamaskbot publish-preview

@github-actions
Copy link
Contributor

github-actions bot commented Feb 3, 2026

Preview builds have been published. See these instructions for more information about preview builds.

Expand for full list of packages and versions.
{
  "@metamask-previews/account-tree-controller": "4.0.0-preview-69f51f81",
  "@metamask-previews/accounts-controller": "35.0.2-preview-69f51f81",
  "@metamask-previews/address-book-controller": "7.0.1-preview-69f51f81",
  "@metamask-previews/ai-controllers": "0.0.0-preview-69f51f81",
  "@metamask-previews/analytics-controller": "1.0.0-preview-69f51f81",
  "@metamask-previews/analytics-data-regulation-controller": "0.0.0-preview-69f51f81",
  "@metamask-previews/announcement-controller": "8.0.0-preview-69f51f81",
  "@metamask-previews/app-metadata-controller": "2.0.0-preview-69f51f81",
  "@metamask-previews/approval-controller": "8.0.0-preview-69f51f81",
  "@metamask-previews/assets-controller": "0.0.0-preview-69f51f81",
  "@metamask-previews/assets-controllers": "99.1.0-preview-69f51f81",
  "@metamask-previews/base-controller": "9.0.0-preview-69f51f81",
  "@metamask-previews/bridge-controller": "65.1.0-preview-69f51f81",
  "@metamask-previews/bridge-status-controller": "65.0.1-preview-69f51f81",
  "@metamask-previews/build-utils": "3.0.4-preview-69f51f81",
  "@metamask-previews/chain-agnostic-permission": "1.4.0-preview-69f51f81",
  "@metamask-previews/claims-controller": "0.4.2-preview-69f51f81",
  "@metamask-previews/composable-controller": "12.0.0-preview-69f51f81",
  "@metamask-previews/connectivity-controller": "0.1.0-preview-69f51f81",
  "@metamask-previews/controller-utils": "11.18.0-preview-69f51f81",
  "@metamask-previews/core-backend": "5.0.0-preview-69f51f81",
  "@metamask-previews/delegation-controller": "2.0.0-preview-69f51f81",
  "@metamask-previews/earn-controller": "11.1.0-preview-69f51f81",
  "@metamask-previews/eip-5792-middleware": "2.1.0-preview-69f51f81",
  "@metamask-previews/eip-7702-internal-rpc-middleware": "0.1.0-preview-69f51f81",
  "@metamask-previews/eip1193-permission-middleware": "1.0.3-preview-69f51f81",
  "@metamask-previews/ens-controller": "19.0.2-preview-69f51f81",
  "@metamask-previews/error-reporting-service": "3.0.1-preview-69f51f81",
  "@metamask-previews/eth-block-tracker": "15.0.1-preview-69f51f81",
  "@metamask-previews/eth-json-rpc-middleware": "23.0.0-preview-69f51f81",
  "@metamask-previews/eth-json-rpc-provider": "6.0.0-preview-69f51f81",
  "@metamask-previews/foundryup": "1.0.1-preview-69f51f81",
  "@metamask-previews/gas-fee-controller": "26.0.2-preview-69f51f81",
  "@metamask-previews/gator-permissions-controller": "1.1.2-preview-69f51f81",
  "@metamask-previews/json-rpc-engine": "10.2.1-preview-69f51f81",
  "@metamask-previews/json-rpc-middleware-stream": "8.0.8-preview-69f51f81",
  "@metamask-previews/keyring-controller": "25.1.0-preview-69f51f81",
  "@metamask-previews/logging-controller": "7.0.1-preview-69f51f81",
  "@metamask-previews/message-manager": "14.1.0-preview-69f51f81",
  "@metamask-previews/messenger": "0.3.0-preview-69f51f81",
  "@metamask-previews/multichain-account-service": "5.1.0-preview-69f51f81",
  "@metamask-previews/multichain-api-middleware": "1.2.6-preview-69f51f81",
  "@metamask-previews/multichain-network-controller": "3.0.2-preview-69f51f81",
  "@metamask-previews/multichain-transactions-controller": "7.0.0-preview-69f51f81",
  "@metamask-previews/name-controller": "9.0.0-preview-69f51f81",
  "@metamask-previews/network-controller": "29.0.0-preview-69f51f81",
  "@metamask-previews/network-enablement-controller": "4.1.0-preview-69f51f81",
  "@metamask-previews/notification-services-controller": "21.0.0-preview-69f51f81",
  "@metamask-previews/permission-controller": "12.2.0-preview-69f51f81",
  "@metamask-previews/permission-log-controller": "5.0.0-preview-69f51f81",
  "@metamask-previews/perps-controller": "0.0.0-preview-69f51f81",
  "@metamask-previews/phishing-controller": "16.1.0-preview-69f51f81",
  "@metamask-previews/polling-controller": "16.0.2-preview-69f51f81",
  "@metamask-previews/preferences-controller": "22.0.0-preview-69f51f81",
  "@metamask-previews/profile-metrics-controller": "3.0.0-preview-69f51f81",
  "@metamask-previews/profile-sync-controller": "27.0.0-preview-69f51f81",
  "@metamask-previews/ramps-controller": "5.1.0-preview-69f51f81",
  "@metamask-previews/rate-limit-controller": "7.0.0-preview-69f51f81",
  "@metamask-previews/remote-feature-flag-controller": "4.0.0-preview-69f51f81",
  "@metamask-previews/sample-controllers": "4.0.2-preview-69f51f81",
  "@metamask-previews/seedless-onboarding-controller": "7.1.0-preview-69f51f81",
  "@metamask-previews/selected-network-controller": "26.0.2-preview-69f51f81",
  "@metamask-previews/shield-controller": "5.0.1-preview-69f51f81",
  "@metamask-previews/signature-controller": "39.0.1-preview-69f51f81",
  "@metamask-previews/storage-service": "1.0.0-preview-69f51f81",
  "@metamask-previews/subscription-controller": "5.4.2-preview-69f51f81",
  "@metamask-previews/transaction-controller": "62.12.0-preview-69f51f81",
  "@metamask-previews/transaction-pay-controller": "12.0.2-preview-69f51f81",
  "@metamask-previews/user-operation-controller": "41.0.2-preview-69f51f81"
}

@lwin-kyaw
Copy link
Contributor Author

@metamaskbot publish-preview

Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

@lwin-kyaw
Copy link
Contributor Author

@metamaskbot publish-preview

1 similar comment
@lwin-kyaw
Copy link
Contributor Author

@metamaskbot publish-preview

@github-actions
Copy link
Contributor

github-actions bot commented Feb 4, 2026

Preview builds have been published. See these instructions for more information about preview builds.

Expand for full list of packages and versions.
{
  "@metamask-previews/account-tree-controller": "4.0.0-preview-765066629",
  "@metamask-previews/accounts-controller": "35.0.2-preview-765066629",
  "@metamask-previews/address-book-controller": "7.0.1-preview-765066629",
  "@metamask-previews/ai-controllers": "0.0.0-preview-765066629",
  "@metamask-previews/analytics-controller": "1.0.0-preview-765066629",
  "@metamask-previews/analytics-data-regulation-controller": "0.0.0-preview-765066629",
  "@metamask-previews/announcement-controller": "8.0.0-preview-765066629",
  "@metamask-previews/app-metadata-controller": "2.0.0-preview-765066629",
  "@metamask-previews/approval-controller": "8.0.0-preview-765066629",
  "@metamask-previews/assets-controller": "0.0.0-preview-765066629",
  "@metamask-previews/assets-controllers": "99.1.0-preview-765066629",
  "@metamask-previews/base-controller": "9.0.0-preview-765066629",
  "@metamask-previews/bridge-controller": "65.1.0-preview-765066629",
  "@metamask-previews/bridge-status-controller": "65.0.1-preview-765066629",
  "@metamask-previews/build-utils": "3.0.4-preview-765066629",
  "@metamask-previews/chain-agnostic-permission": "1.4.0-preview-765066629",
  "@metamask-previews/claims-controller": "0.4.2-preview-765066629",
  "@metamask-previews/composable-controller": "12.0.0-preview-765066629",
  "@metamask-previews/connectivity-controller": "0.1.0-preview-765066629",
  "@metamask-previews/controller-utils": "11.18.0-preview-765066629",
  "@metamask-previews/core-backend": "5.0.0-preview-765066629",
  "@metamask-previews/delegation-controller": "2.0.0-preview-765066629",
  "@metamask-previews/earn-controller": "11.1.0-preview-765066629",
  "@metamask-previews/eip-5792-middleware": "2.1.0-preview-765066629",
  "@metamask-previews/eip-7702-internal-rpc-middleware": "0.1.0-preview-765066629",
  "@metamask-previews/eip1193-permission-middleware": "1.0.3-preview-765066629",
  "@metamask-previews/ens-controller": "19.0.2-preview-765066629",
  "@metamask-previews/error-reporting-service": "3.0.1-preview-765066629",
  "@metamask-previews/eth-block-tracker": "15.0.1-preview-765066629",
  "@metamask-previews/eth-json-rpc-middleware": "23.0.0-preview-765066629",
  "@metamask-previews/eth-json-rpc-provider": "6.0.0-preview-765066629",
  "@metamask-previews/foundryup": "1.0.1-preview-765066629",
  "@metamask-previews/gas-fee-controller": "26.0.2-preview-765066629",
  "@metamask-previews/gator-permissions-controller": "1.1.2-preview-765066629",
  "@metamask-previews/json-rpc-engine": "10.2.1-preview-765066629",
  "@metamask-previews/json-rpc-middleware-stream": "8.0.8-preview-765066629",
  "@metamask-previews/keyring-controller": "25.1.0-preview-765066629",
  "@metamask-previews/logging-controller": "7.0.1-preview-765066629",
  "@metamask-previews/message-manager": "14.1.0-preview-765066629",
  "@metamask-previews/messenger": "0.3.0-preview-765066629",
  "@metamask-previews/multichain-account-service": "5.1.0-preview-765066629",
  "@metamask-previews/multichain-api-middleware": "1.2.6-preview-765066629",
  "@metamask-previews/multichain-network-controller": "3.0.2-preview-765066629",
  "@metamask-previews/multichain-transactions-controller": "7.0.0-preview-765066629",
  "@metamask-previews/name-controller": "9.0.0-preview-765066629",
  "@metamask-previews/network-controller": "29.0.0-preview-765066629",
  "@metamask-previews/network-enablement-controller": "4.1.0-preview-765066629",
  "@metamask-previews/notification-services-controller": "21.0.0-preview-765066629",
  "@metamask-previews/permission-controller": "12.2.0-preview-765066629",
  "@metamask-previews/permission-log-controller": "5.0.0-preview-765066629",
  "@metamask-previews/perps-controller": "0.0.0-preview-765066629",
  "@metamask-previews/phishing-controller": "16.1.0-preview-765066629",
  "@metamask-previews/polling-controller": "16.0.2-preview-765066629",
  "@metamask-previews/preferences-controller": "22.0.0-preview-765066629",
  "@metamask-previews/profile-metrics-controller": "3.0.0-preview-765066629",
  "@metamask-previews/profile-sync-controller": "27.0.0-preview-765066629",
  "@metamask-previews/ramps-controller": "5.1.0-preview-765066629",
  "@metamask-previews/rate-limit-controller": "7.0.0-preview-765066629",
  "@metamask-previews/remote-feature-flag-controller": "4.0.0-preview-765066629",
  "@metamask-previews/sample-controllers": "4.0.2-preview-765066629",
  "@metamask-previews/seedless-onboarding-controller": "7.1.0-preview-765066629",
  "@metamask-previews/selected-network-controller": "26.0.2-preview-765066629",
  "@metamask-previews/shield-controller": "5.0.1-preview-765066629",
  "@metamask-previews/signature-controller": "39.0.1-preview-765066629",
  "@metamask-previews/storage-service": "1.0.0-preview-765066629",
  "@metamask-previews/subscription-controller": "5.4.2-preview-765066629",
  "@metamask-previews/transaction-controller": "62.12.0-preview-765066629",
  "@metamask-previews/transaction-pay-controller": "12.0.2-preview-765066629",
  "@metamask-previews/user-operation-controller": "41.0.2-preview-765066629"
}

Copy link
Member

@chaitanyapotti chaitanyapotti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we also refresh on server 401?

@lwin-kyaw
Copy link
Contributor Author

lwin-kyaw commented Feb 10, 2026

Do we also refresh on server 401?

Hi @chaitanyapotti

No, we don't refresh on 401 responses from Auth-Service.
For SSS (Toprf), we extracted the Json RPC error message and refresh if neccessary.

Anyway, we validate the tokens (expiry) before we make requests (in #executeWithTokenRefresh).

// if the password is provided (not undefined), encrypt the vault with the password
// We gonna prioritize the password encryption here, in case of the operation is `Change Password`.
// We don't wanna re-use the old encryption key from the state.
if (password !== undefined) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

best practice is to use typeof password !== "undefined" when checking for existence of a variable especially globals.
This is fine for this use case.

// so skip the check if the vault is locked
let isAccessTokenExpired = false;
if (this.#isUnlocked) {
isAccessTokenExpired = this.checkAccessTokenExpired();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ideally, we must check expiry with server as part of oauth2 spec
since, client time can be incorrect or session might have been invalidated by server.
this particular implementation is non-standard and can be revisited at a later date

@chaitanyapotti chaitanyapotti added this pull request to the merge queue Feb 11, 2026
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Feb 11, 2026
@lwin-kyaw
Copy link
Contributor Author

@metamaskbot publish-preview

@github-actions
Copy link
Contributor

Preview builds have been published. See these instructions for more information about preview builds.

Expand for full list of packages and versions.
{
  "@metamask-previews/account-tree-controller": "4.1.0-preview-09a0ddf6c",
  "@metamask-previews/accounts-controller": "35.0.2-preview-09a0ddf6c",
  "@metamask-previews/address-book-controller": "7.0.1-preview-09a0ddf6c",
  "@metamask-previews/ai-controllers": "0.0.0-preview-09a0ddf6c",
  "@metamask-previews/analytics-controller": "1.0.0-preview-09a0ddf6c",
  "@metamask-previews/analytics-data-regulation-controller": "0.0.0-preview-09a0ddf6c",
  "@metamask-previews/announcement-controller": "8.0.0-preview-09a0ddf6c",
  "@metamask-previews/app-metadata-controller": "2.0.0-preview-09a0ddf6c",
  "@metamask-previews/approval-controller": "8.0.0-preview-09a0ddf6c",
  "@metamask-previews/assets-controller": "1.0.0-preview-09a0ddf6c",
  "@metamask-previews/assets-controllers": "99.3.1-preview-09a0ddf6c",
  "@metamask-previews/base-controller": "9.0.0-preview-09a0ddf6c",
  "@metamask-previews/bridge-controller": "66.0.0-preview-09a0ddf6c",
  "@metamask-previews/bridge-status-controller": "66.0.0-preview-09a0ddf6c",
  "@metamask-previews/build-utils": "3.0.4-preview-09a0ddf6c",
  "@metamask-previews/chain-agnostic-permission": "1.4.0-preview-09a0ddf6c",
  "@metamask-previews/claims-controller": "0.4.2-preview-09a0ddf6c",
  "@metamask-previews/composable-controller": "12.0.0-preview-09a0ddf6c",
  "@metamask-previews/connectivity-controller": "0.1.0-preview-09a0ddf6c",
  "@metamask-previews/controller-utils": "11.18.0-preview-09a0ddf6c",
  "@metamask-previews/core-backend": "5.1.0-preview-09a0ddf6c",
  "@metamask-previews/delegation-controller": "2.0.0-preview-09a0ddf6c",
  "@metamask-previews/earn-controller": "11.1.0-preview-09a0ddf6c",
  "@metamask-previews/eip-5792-middleware": "2.1.0-preview-09a0ddf6c",
  "@metamask-previews/eip-7702-internal-rpc-middleware": "0.1.0-preview-09a0ddf6c",
  "@metamask-previews/eip1193-permission-middleware": "1.0.3-preview-09a0ddf6c",
  "@metamask-previews/ens-controller": "19.0.2-preview-09a0ddf6c",
  "@metamask-previews/error-reporting-service": "3.0.1-preview-09a0ddf6c",
  "@metamask-previews/eth-block-tracker": "15.0.1-preview-09a0ddf6c",
  "@metamask-previews/eth-json-rpc-middleware": "23.1.0-preview-09a0ddf6c",
  "@metamask-previews/eth-json-rpc-provider": "6.0.0-preview-09a0ddf6c",
  "@metamask-previews/foundryup": "1.0.1-preview-09a0ddf6c",
  "@metamask-previews/gas-fee-controller": "26.0.2-preview-09a0ddf6c",
  "@metamask-previews/gator-permissions-controller": "1.1.2-preview-09a0ddf6c",
  "@metamask-previews/json-rpc-engine": "10.2.2-preview-09a0ddf6c",
  "@metamask-previews/json-rpc-middleware-stream": "8.0.8-preview-09a0ddf6c",
  "@metamask-previews/keyring-controller": "25.1.0-preview-09a0ddf6c",
  "@metamask-previews/logging-controller": "7.0.1-preview-09a0ddf6c",
  "@metamask-previews/message-manager": "14.1.0-preview-09a0ddf6c",
  "@metamask-previews/messenger": "0.3.0-preview-09a0ddf6c",
  "@metamask-previews/multichain-account-service": "6.0.0-preview-09a0ddf6c",
  "@metamask-previews/multichain-api-middleware": "1.2.6-preview-09a0ddf6c",
  "@metamask-previews/multichain-network-controller": "3.0.2-preview-09a0ddf6c",
  "@metamask-previews/multichain-transactions-controller": "7.0.0-preview-09a0ddf6c",
  "@metamask-previews/name-controller": "9.0.0-preview-09a0ddf6c",
  "@metamask-previews/network-controller": "29.0.0-preview-09a0ddf6c",
  "@metamask-previews/network-enablement-controller": "4.1.0-preview-09a0ddf6c",
  "@metamask-previews/notification-services-controller": "22.0.0-preview-09a0ddf6c",
  "@metamask-previews/permission-controller": "12.2.0-preview-09a0ddf6c",
  "@metamask-previews/permission-log-controller": "5.0.0-preview-09a0ddf6c",
  "@metamask-previews/perps-controller": "0.0.0-preview-09a0ddf6c",
  "@metamask-previews/phishing-controller": "16.2.0-preview-09a0ddf6c",
  "@metamask-previews/polling-controller": "16.0.2-preview-09a0ddf6c",
  "@metamask-previews/preferences-controller": "22.1.0-preview-09a0ddf6c",
  "@metamask-previews/profile-metrics-controller": "3.0.0-preview-09a0ddf6c",
  "@metamask-previews/profile-sync-controller": "27.1.0-preview-09a0ddf6c",
  "@metamask-previews/ramps-controller": "7.1.0-preview-09a0ddf6c",
  "@metamask-previews/rate-limit-controller": "7.0.0-preview-09a0ddf6c",
  "@metamask-previews/remote-feature-flag-controller": "4.0.0-preview-09a0ddf6c",
  "@metamask-previews/sample-controllers": "4.0.2-preview-09a0ddf6c",
  "@metamask-previews/seedless-onboarding-controller": "7.1.0-preview-09a0ddf6c",
  "@metamask-previews/selected-network-controller": "26.0.2-preview-09a0ddf6c",
  "@metamask-previews/shield-controller": "5.0.1-preview-09a0ddf6c",
  "@metamask-previews/signature-controller": "39.0.1-preview-09a0ddf6c",
  "@metamask-previews/storage-service": "1.0.0-preview-09a0ddf6c",
  "@metamask-previews/subscription-controller": "6.0.0-preview-09a0ddf6c",
  "@metamask-previews/transaction-controller": "62.16.0-preview-09a0ddf6c",
  "@metamask-previews/transaction-pay-controller": "12.2.0-preview-09a0ddf6c",
  "@metamask-previews/user-operation-controller": "41.0.2-preview-09a0ddf6c"
}

@lwin-kyaw lwin-kyaw added this pull request to the merge queue Feb 11, 2026
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Feb 11, 2026
@lwin-kyaw lwin-kyaw added this pull request to the merge queue Feb 11, 2026
Merged via the queue into main with commit 866ed9e Feb 11, 2026
302 checks passed
@lwin-kyaw lwin-kyaw deleted the feat/get-access-token-with-refresh branch February 11, 2026 13:06
github-merge-queue bot pushed a commit that referenced this pull request Feb 12, 2026
## Explanation

<!--
Thanks for your contribution! Take a moment to answer these questions so
that reviewers have the information they need to properly understand
your changes:

* What is the current state of things and why does it need to change?
* What is the solution your changes offer and how does it work?
* Are there any changes whose purpose might not obvious to those
unfamiliar with the domain?
* If your primary goal was to update one package but you found you had
to update another one along the way, why did you do so?
* If you had to upgrade a dependency, why did you do so?
-->

## `@metamask/seedless-onboarding-controller` v8.0.0

This release adds vault encryption with a cached encryption key, a new
`getAccessToken` public method with built-in token refresh, state log
exclusions for sensitive token values, dependency bumps, and a fix for
access token persistence after refresh.

### Breaking Changes

- **The `encryptor` constructor param now requires an `encryptWithKey`
method** ([#7800](#7800))
- This method is used to encrypt the vault with a cached encryption key
while the wallet is unlocked.
- Consumers must ensure the `encryptor` object passed to the constructor
implements `encryptWithKey`.

### New Features

- Added new public method `getAccessToken`
([#7800](#7800))
- Clients can use this method to retrieve the `accessToken` from the
controller instead of directly accessing it from state.
- This method includes a built-in refresh token mechanism when the
`accessToken` is expired, preventing expired token usage in clients.

### Changes

- Updated `StateMetadata`'s `includeInStateLogs` property to explicitly
exclude all token values from state logs
([#7750](#7750))

## References

<!--
Are there any issues that this pull request is tied to?
Are there other links that reviewers should consult to understand these
changes better?
Are there client or consumer pull requests to adopt any breaking
changes?

For example:

* Fixes #12345
* Related to #67890
-->

Fixes #7805

## Checklist

- [x] I've updated the test suite for new or updated code as appropriate
- [x] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [x] I've communicated my changes to consumers by [updating changelogs
for packages I've
changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md)
- [x] I've introduced [breaking
changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md)
in this PR and have prepared draft pull requests for clients and
consumer packages to resolve them


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Version/changelog-only updates with no runtime code changes.
> 
> **Overview**
> Bumps the monorepo version to `808.0.0` and releases
`@metamask/seedless-onboarding-controller` `8.0.0`.
> 
> Updates the seedless onboarding controller changelog to include the
`8.0.0` release entry and adjusts compare links accordingly.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
b67d0d6. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

New accessToken from refreshAuthTokens() not persisted to vault

4 participants