fix: persist new `accessToken` in SeedlessOnboarding Vault after tokens refresh by lwin-kyaw · Pull Request #7800 · MetaMask/core

lwin-kyaw · 2026-02-02T06:11:46Z

Explanation

This PR address

fix new accessToken isn't being persisted to vault after the tokens refresh (refreshAuthToken()).
add a new public method getAccessToken() with automatic token refresh capability to prevent clients from using expired access tokens when retrieving them from state.

Issue:

Previously, clients could directly access state.accessToken from the controller state, which could potentially return an expired token. This could lead to failed API calls and poor user experience when the token had expired but wasn't refreshed.

Solution:

Added a new public method getAccessToken() that automatically refreshes expired tokens: Uses the #executeWithTokenRefresh wrapper to check token expiration and refresh if needed before returning
Persisted new accessToken into Encrypted vault after token refresh.

Persist `newAccessToken` in the encrypted vault

The persist flow can be different based on the wallet (vault) status when refreshAuthTokens() is called.

When wallet is unlocked (vault encryptionKey is available in the state).
When wallet is unlocked, vault encryption key is temporarily cached in the controller state and the values inside the encrypted vault are also flooded into the controller state, for performance and to avoid the password dependency
We can use these cache values and create a new encrypted vault (with updated accessToken).

When wallet is locked (Password must be provided)

While the wallet is locked, refreshAuthTokens() can be called under one condition, i.e, check for password sync (getAuthPubKey RPC call) when user tries to unlock the wallet.
In this case, we can't immediately update the encrypted vault as the wallet is locked. So, we will temporarily store the new accessToken in the controller state, then persist the stored value later in the vault unlock (only when user provides correct password) and update the vault.

Based on the password sync status, the persist flow can be a little bit different.

2.1. Password is in sync

When user's current device password is in sync, we will update the vault when user unlocks via submitPassword.
Vault is decrypted using the submitted password, we will compare the access token value from decrypted vault (accessToken1) and recently set new access token (accessToken2). If the accessToken is different and detected as new, we will update the encrypted vault value in the state (using password).
Please note that this requires an additional encryption step to update the latestToken in encrypted vault.

2.2. Password is not in sync (OutdatedPassword).

When user's current device password is out of sync and user submits the latest globalPassword, we do the pwEncKey recovery first so that we can unlock the current vault. Similar to the flow above (2.1), we decrypt the current vault and compare the two tokens (accessToken1 and accessToken2). If the accessToken is different and detected as new, we will update the controller state and encrypted vault.
Unlike the flow (2.1.), this doesn't require additional encryption, as we can include the latest accessToken when we sync the latest global enc keys into the controller.

References

Fixes #7805, MetaMask/metamask-extension#39566

Checklist

I've updated the test suite for new or updated code as appropriate
I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate
I've communicated my changes to consumers by updating changelogs for packages I've changed
I've introduced breaking changes in this PR and have prepared draft pull requests for clients and consumer packages to resolve them

Note

Medium Risk
Touches vault encryption/update paths and token refresh behavior, so bugs could lead to incorrect vault contents or token state during unlock/refresh flows, though changes are localized and well-covered by tests.

Overview
Fixes token persistence by updating the seedless onboarding vault when refreshAuthTokens() obtains a new accessToken, using encryptWithKey when the wallet is already unlocked and reconciling state vs vault tokens during submitPassword/submitGlobalPassword via a new compareAndGetLatestToken helper.

Adds a new public getAccessToken() action/messenger handler that returns the current access token and triggers the existing refresh flow when tokens are expired, and introduces assertIsValidPassword plus test refactors/new cases (including a shared createMockJWTToken) to cover these behaviors. Breaking: the injected vault encryptor must now implement encryptWithKey.

^{Written by Cursor Bugbot for commit 09a0ddf. This will update automatically on new commits. Configure here.}

lwin-kyaw · 2026-02-02T06:16:54Z

@metamaskbot publish-preview

github-actions · 2026-02-02T06:21:54Z

Preview builds have been published. See these instructions for more information about preview builds.

Expand for full list of packages and versions.

{
  "@metamask-previews/account-tree-controller": "4.0.0-preview-719a409",
  "@metamask-previews/accounts-controller": "35.0.2-preview-719a409",
  "@metamask-previews/address-book-controller": "7.0.1-preview-719a409",
  "@metamask-previews/ai-controllers": "0.0.0-preview-719a409",
  "@metamask-previews/analytics-controller": "1.0.0-preview-719a409",
  "@metamask-previews/analytics-data-regulation-controller": "0.0.0-preview-719a409",
  "@metamask-previews/announcement-controller": "8.0.0-preview-719a409",
  "@metamask-previews/app-metadata-controller": "2.0.0-preview-719a409",
  "@metamask-previews/approval-controller": "8.0.0-preview-719a409",
  "@metamask-previews/assets-controller": "0.0.0-preview-719a409",
  "@metamask-previews/assets-controllers": "99.1.0-preview-719a409",
  "@metamask-previews/base-controller": "9.0.0-preview-719a409",
  "@metamask-previews/bridge-controller": "65.1.0-preview-719a409",
  "@metamask-previews/bridge-status-controller": "65.0.1-preview-719a409",
  "@metamask-previews/build-utils": "3.0.4-preview-719a409",
  "@metamask-previews/chain-agnostic-permission": "1.4.0-preview-719a409",
  "@metamask-previews/claims-controller": "0.4.2-preview-719a409",
  "@metamask-previews/composable-controller": "12.0.0-preview-719a409",
  "@metamask-previews/connectivity-controller": "0.1.0-preview-719a409",
  "@metamask-previews/controller-utils": "11.18.0-preview-719a409",
  "@metamask-previews/core-backend": "5.0.0-preview-719a409",
  "@metamask-previews/delegation-controller": "2.0.0-preview-719a409",
  "@metamask-previews/earn-controller": "11.1.0-preview-719a409",
  "@metamask-previews/eip-5792-middleware": "2.1.0-preview-719a409",
  "@metamask-previews/eip-7702-internal-rpc-middleware": "0.1.0-preview-719a409",
  "@metamask-previews/eip1193-permission-middleware": "1.0.3-preview-719a409",
  "@metamask-previews/ens-controller": "19.0.2-preview-719a409",
  "@metamask-previews/error-reporting-service": "3.0.1-preview-719a409",
  "@metamask-previews/eth-block-tracker": "15.0.1-preview-719a409",
  "@metamask-previews/eth-json-rpc-middleware": "23.0.0-preview-719a409",
  "@metamask-previews/eth-json-rpc-provider": "6.0.0-preview-719a409",
  "@metamask-previews/foundryup": "1.0.1-preview-719a409",
  "@metamask-previews/gas-fee-controller": "26.0.2-preview-719a409",
  "@metamask-previews/gator-permissions-controller": "1.1.2-preview-719a409",
  "@metamask-previews/json-rpc-engine": "10.2.1-preview-719a409",
  "@metamask-previews/json-rpc-middleware-stream": "8.0.8-preview-719a409",
  "@metamask-previews/keyring-controller": "25.1.0-preview-719a409",
  "@metamask-previews/logging-controller": "7.0.1-preview-719a409",
  "@metamask-previews/message-manager": "14.1.0-preview-719a409",
  "@metamask-previews/messenger": "0.3.0-preview-719a409",
  "@metamask-previews/multichain-account-service": "5.1.0-preview-719a409",
  "@metamask-previews/multichain-api-middleware": "1.2.6-preview-719a409",
  "@metamask-previews/multichain-network-controller": "3.0.2-preview-719a409",
  "@metamask-previews/multichain-transactions-controller": "7.0.0-preview-719a409",
  "@metamask-previews/name-controller": "9.0.0-preview-719a409",
  "@metamask-previews/network-controller": "29.0.0-preview-719a409",
  "@metamask-previews/network-enablement-controller": "4.1.0-preview-719a409",
  "@metamask-previews/notification-services-controller": "21.0.0-preview-719a409",
  "@metamask-previews/permission-controller": "12.2.0-preview-719a409",
  "@metamask-previews/permission-log-controller": "5.0.0-preview-719a409",
  "@metamask-previews/perps-controller": "0.0.0-preview-719a409",
  "@metamask-previews/phishing-controller": "16.1.0-preview-719a409",
  "@metamask-previews/polling-controller": "16.0.2-preview-719a409",
  "@metamask-previews/preferences-controller": "22.0.0-preview-719a409",
  "@metamask-previews/profile-metrics-controller": "3.0.0-preview-719a409",
  "@metamask-previews/profile-sync-controller": "27.0.0-preview-719a409",
  "@metamask-previews/ramps-controller": "5.1.0-preview-719a409",
  "@metamask-previews/rate-limit-controller": "7.0.0-preview-719a409",
  "@metamask-previews/remote-feature-flag-controller": "4.0.0-preview-719a409",
  "@metamask-previews/sample-controllers": "4.0.2-preview-719a409",
  "@metamask-previews/seedless-onboarding-controller": "7.1.0-preview-719a409",
  "@metamask-previews/selected-network-controller": "26.0.2-preview-719a409",
  "@metamask-previews/shield-controller": "5.0.1-preview-719a409",
  "@metamask-previews/signature-controller": "39.0.1-preview-719a409",
  "@metamask-previews/storage-service": "1.0.0-preview-719a409",
  "@metamask-previews/subscription-controller": "5.4.2-preview-719a409",
  "@metamask-previews/transaction-controller": "62.12.0-preview-719a409",
  "@metamask-previews/transaction-pay-controller": "12.0.2-preview-719a409",
  "@metamask-previews/user-operation-controller": "41.0.2-preview-719a409"
}

lwin-kyaw · 2026-02-02T08:04:28Z

@metamaskbot publish-preview

github-actions · 2026-02-02T08:09:22Z

Preview builds have been published. See these instructions for more information about preview builds.

Expand for full list of packages and versions.

{
  "@metamask-previews/account-tree-controller": "4.0.0-preview-dcbbb24",
  "@metamask-previews/accounts-controller": "35.0.2-preview-dcbbb24",
  "@metamask-previews/address-book-controller": "7.0.1-preview-dcbbb24",
  "@metamask-previews/ai-controllers": "0.0.0-preview-dcbbb24",
  "@metamask-previews/analytics-controller": "1.0.0-preview-dcbbb24",
  "@metamask-previews/analytics-data-regulation-controller": "0.0.0-preview-dcbbb24",
  "@metamask-previews/announcement-controller": "8.0.0-preview-dcbbb24",
  "@metamask-previews/app-metadata-controller": "2.0.0-preview-dcbbb24",
  "@metamask-previews/approval-controller": "8.0.0-preview-dcbbb24",
  "@metamask-previews/assets-controller": "0.0.0-preview-dcbbb24",
  "@metamask-previews/assets-controllers": "99.1.0-preview-dcbbb24",
  "@metamask-previews/base-controller": "9.0.0-preview-dcbbb24",
  "@metamask-previews/bridge-controller": "65.1.0-preview-dcbbb24",
  "@metamask-previews/bridge-status-controller": "65.0.1-preview-dcbbb24",
  "@metamask-previews/build-utils": "3.0.4-preview-dcbbb24",
  "@metamask-previews/chain-agnostic-permission": "1.4.0-preview-dcbbb24",
  "@metamask-previews/claims-controller": "0.4.2-preview-dcbbb24",
  "@metamask-previews/composable-controller": "12.0.0-preview-dcbbb24",
  "@metamask-previews/connectivity-controller": "0.1.0-preview-dcbbb24",
  "@metamask-previews/controller-utils": "11.18.0-preview-dcbbb24",
  "@metamask-previews/core-backend": "5.0.0-preview-dcbbb24",
  "@metamask-previews/delegation-controller": "2.0.0-preview-dcbbb24",
  "@metamask-previews/earn-controller": "11.1.0-preview-dcbbb24",
  "@metamask-previews/eip-5792-middleware": "2.1.0-preview-dcbbb24",
  "@metamask-previews/eip-7702-internal-rpc-middleware": "0.1.0-preview-dcbbb24",
  "@metamask-previews/eip1193-permission-middleware": "1.0.3-preview-dcbbb24",
  "@metamask-previews/ens-controller": "19.0.2-preview-dcbbb24",
  "@metamask-previews/error-reporting-service": "3.0.1-preview-dcbbb24",
  "@metamask-previews/eth-block-tracker": "15.0.1-preview-dcbbb24",
  "@metamask-previews/eth-json-rpc-middleware": "23.0.0-preview-dcbbb24",
  "@metamask-previews/eth-json-rpc-provider": "6.0.0-preview-dcbbb24",
  "@metamask-previews/foundryup": "1.0.1-preview-dcbbb24",
  "@metamask-previews/gas-fee-controller": "26.0.2-preview-dcbbb24",
  "@metamask-previews/gator-permissions-controller": "1.1.2-preview-dcbbb24",
  "@metamask-previews/json-rpc-engine": "10.2.1-preview-dcbbb24",
  "@metamask-previews/json-rpc-middleware-stream": "8.0.8-preview-dcbbb24",
  "@metamask-previews/keyring-controller": "25.1.0-preview-dcbbb24",
  "@metamask-previews/logging-controller": "7.0.1-preview-dcbbb24",
  "@metamask-previews/message-manager": "14.1.0-preview-dcbbb24",
  "@metamask-previews/messenger": "0.3.0-preview-dcbbb24",
  "@metamask-previews/multichain-account-service": "5.1.0-preview-dcbbb24",
  "@metamask-previews/multichain-api-middleware": "1.2.6-preview-dcbbb24",
  "@metamask-previews/multichain-network-controller": "3.0.2-preview-dcbbb24",
  "@metamask-previews/multichain-transactions-controller": "7.0.0-preview-dcbbb24",
  "@metamask-previews/name-controller": "9.0.0-preview-dcbbb24",
  "@metamask-previews/network-controller": "29.0.0-preview-dcbbb24",
  "@metamask-previews/network-enablement-controller": "4.1.0-preview-dcbbb24",
  "@metamask-previews/notification-services-controller": "21.0.0-preview-dcbbb24",
  "@metamask-previews/permission-controller": "12.2.0-preview-dcbbb24",
  "@metamask-previews/permission-log-controller": "5.0.0-preview-dcbbb24",
  "@metamask-previews/perps-controller": "0.0.0-preview-dcbbb24",
  "@metamask-previews/phishing-controller": "16.1.0-preview-dcbbb24",
  "@metamask-previews/polling-controller": "16.0.2-preview-dcbbb24",
  "@metamask-previews/preferences-controller": "22.0.0-preview-dcbbb24",
  "@metamask-previews/profile-metrics-controller": "3.0.0-preview-dcbbb24",
  "@metamask-previews/profile-sync-controller": "27.0.0-preview-dcbbb24",
  "@metamask-previews/ramps-controller": "5.1.0-preview-dcbbb24",
  "@metamask-previews/rate-limit-controller": "7.0.0-preview-dcbbb24",
  "@metamask-previews/remote-feature-flag-controller": "4.0.0-preview-dcbbb24",
  "@metamask-previews/sample-controllers": "4.0.2-preview-dcbbb24",
  "@metamask-previews/seedless-onboarding-controller": "7.1.0-preview-dcbbb24",
  "@metamask-previews/selected-network-controller": "26.0.2-preview-dcbbb24",
  "@metamask-previews/shield-controller": "5.0.1-preview-dcbbb24",
  "@metamask-previews/signature-controller": "39.0.1-preview-dcbbb24",
  "@metamask-previews/storage-service": "1.0.0-preview-dcbbb24",
  "@metamask-previews/subscription-controller": "5.4.2-preview-dcbbb24",
  "@metamask-previews/transaction-controller": "62.12.0-preview-dcbbb24",
  "@metamask-previews/transaction-pay-controller": "12.0.2-preview-dcbbb24",
  "@metamask-previews/user-operation-controller": "41.0.2-preview-dcbbb24"
}

packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts

lwin-kyaw · 2026-02-02T08:32:19Z

@metamaskbot publish-preview

github-actions · 2026-02-02T08:37:21Z

Preview builds have been published. See these instructions for more information about preview builds.

Expand for full list of packages and versions.

{
  "@metamask-previews/account-tree-controller": "4.0.0-preview-4594ee99",
  "@metamask-previews/accounts-controller": "35.0.2-preview-4594ee99",
  "@metamask-previews/address-book-controller": "7.0.1-preview-4594ee99",
  "@metamask-previews/ai-controllers": "0.0.0-preview-4594ee99",
  "@metamask-previews/analytics-controller": "1.0.0-preview-4594ee99",
  "@metamask-previews/analytics-data-regulation-controller": "0.0.0-preview-4594ee99",
  "@metamask-previews/announcement-controller": "8.0.0-preview-4594ee99",
  "@metamask-previews/app-metadata-controller": "2.0.0-preview-4594ee99",
  "@metamask-previews/approval-controller": "8.0.0-preview-4594ee99",
  "@metamask-previews/assets-controller": "0.0.0-preview-4594ee99",
  "@metamask-previews/assets-controllers": "99.1.0-preview-4594ee99",
  "@metamask-previews/base-controller": "9.0.0-preview-4594ee99",
  "@metamask-previews/bridge-controller": "65.1.0-preview-4594ee99",
  "@metamask-previews/bridge-status-controller": "65.0.1-preview-4594ee99",
  "@metamask-previews/build-utils": "3.0.4-preview-4594ee99",
  "@metamask-previews/chain-agnostic-permission": "1.4.0-preview-4594ee99",
  "@metamask-previews/claims-controller": "0.4.2-preview-4594ee99",
  "@metamask-previews/composable-controller": "12.0.0-preview-4594ee99",
  "@metamask-previews/connectivity-controller": "0.1.0-preview-4594ee99",
  "@metamask-previews/controller-utils": "11.18.0-preview-4594ee99",
  "@metamask-previews/core-backend": "5.0.0-preview-4594ee99",
  "@metamask-previews/delegation-controller": "2.0.0-preview-4594ee99",
  "@metamask-previews/earn-controller": "11.1.0-preview-4594ee99",
  "@metamask-previews/eip-5792-middleware": "2.1.0-preview-4594ee99",
  "@metamask-previews/eip-7702-internal-rpc-middleware": "0.1.0-preview-4594ee99",
  "@metamask-previews/eip1193-permission-middleware": "1.0.3-preview-4594ee99",
  "@metamask-previews/ens-controller": "19.0.2-preview-4594ee99",
  "@metamask-previews/error-reporting-service": "3.0.1-preview-4594ee99",
  "@metamask-previews/eth-block-tracker": "15.0.1-preview-4594ee99",
  "@metamask-previews/eth-json-rpc-middleware": "23.0.0-preview-4594ee99",
  "@metamask-previews/eth-json-rpc-provider": "6.0.0-preview-4594ee99",
  "@metamask-previews/foundryup": "1.0.1-preview-4594ee99",
  "@metamask-previews/gas-fee-controller": "26.0.2-preview-4594ee99",
  "@metamask-previews/gator-permissions-controller": "1.1.2-preview-4594ee99",
  "@metamask-previews/json-rpc-engine": "10.2.1-preview-4594ee99",
  "@metamask-previews/json-rpc-middleware-stream": "8.0.8-preview-4594ee99",
  "@metamask-previews/keyring-controller": "25.1.0-preview-4594ee99",
  "@metamask-previews/logging-controller": "7.0.1-preview-4594ee99",
  "@metamask-previews/message-manager": "14.1.0-preview-4594ee99",
  "@metamask-previews/messenger": "0.3.0-preview-4594ee99",
  "@metamask-previews/multichain-account-service": "5.1.0-preview-4594ee99",
  "@metamask-previews/multichain-api-middleware": "1.2.6-preview-4594ee99",
  "@metamask-previews/multichain-network-controller": "3.0.2-preview-4594ee99",
  "@metamask-previews/multichain-transactions-controller": "7.0.0-preview-4594ee99",
  "@metamask-previews/name-controller": "9.0.0-preview-4594ee99",
  "@metamask-previews/network-controller": "29.0.0-preview-4594ee99",
  "@metamask-previews/network-enablement-controller": "4.1.0-preview-4594ee99",
  "@metamask-previews/notification-services-controller": "21.0.0-preview-4594ee99",
  "@metamask-previews/permission-controller": "12.2.0-preview-4594ee99",
  "@metamask-previews/permission-log-controller": "5.0.0-preview-4594ee99",
  "@metamask-previews/perps-controller": "0.0.0-preview-4594ee99",
  "@metamask-previews/phishing-controller": "16.1.0-preview-4594ee99",
  "@metamask-previews/polling-controller": "16.0.2-preview-4594ee99",
  "@metamask-previews/preferences-controller": "22.0.0-preview-4594ee99",
  "@metamask-previews/profile-metrics-controller": "3.0.0-preview-4594ee99",
  "@metamask-previews/profile-sync-controller": "27.0.0-preview-4594ee99",
  "@metamask-previews/ramps-controller": "5.1.0-preview-4594ee99",
  "@metamask-previews/rate-limit-controller": "7.0.0-preview-4594ee99",
  "@metamask-previews/remote-feature-flag-controller": "4.0.0-preview-4594ee99",
  "@metamask-previews/sample-controllers": "4.0.2-preview-4594ee99",
  "@metamask-previews/seedless-onboarding-controller": "7.1.0-preview-4594ee99",
  "@metamask-previews/selected-network-controller": "26.0.2-preview-4594ee99",
  "@metamask-previews/shield-controller": "5.0.1-preview-4594ee99",
  "@metamask-previews/signature-controller": "39.0.1-preview-4594ee99",
  "@metamask-previews/storage-service": "1.0.0-preview-4594ee99",
  "@metamask-previews/subscription-controller": "5.4.2-preview-4594ee99",
  "@metamask-previews/transaction-controller": "62.12.0-preview-4594ee99",
  "@metamask-previews/transaction-pay-controller": "12.0.2-preview-4594ee99",
  "@metamask-previews/user-operation-controller": "41.0.2-preview-4594ee99"
}

…t Encryptor interface

…he wallet is unlocked

lwin-kyaw · 2026-02-02T17:29:58Z

@metamaskbot publish-preview

github-actions · 2026-02-02T17:34:59Z

Preview builds have been published. See these instructions for more information about preview builds.

Expand for full list of packages and versions.

{
  "@metamask-previews/account-tree-controller": "4.0.0-preview-85f1a30c",
  "@metamask-previews/accounts-controller": "35.0.2-preview-85f1a30c",
  "@metamask-previews/address-book-controller": "7.0.1-preview-85f1a30c",
  "@metamask-previews/ai-controllers": "0.0.0-preview-85f1a30c",
  "@metamask-previews/analytics-controller": "1.0.0-preview-85f1a30c",
  "@metamask-previews/analytics-data-regulation-controller": "0.0.0-preview-85f1a30c",
  "@metamask-previews/announcement-controller": "8.0.0-preview-85f1a30c",
  "@metamask-previews/app-metadata-controller": "2.0.0-preview-85f1a30c",
  "@metamask-previews/approval-controller": "8.0.0-preview-85f1a30c",
  "@metamask-previews/assets-controller": "0.0.0-preview-85f1a30c",
  "@metamask-previews/assets-controllers": "99.1.0-preview-85f1a30c",
  "@metamask-previews/base-controller": "9.0.0-preview-85f1a30c",
  "@metamask-previews/bridge-controller": "65.1.0-preview-85f1a30c",
  "@metamask-previews/bridge-status-controller": "65.0.1-preview-85f1a30c",
  "@metamask-previews/build-utils": "3.0.4-preview-85f1a30c",
  "@metamask-previews/chain-agnostic-permission": "1.4.0-preview-85f1a30c",
  "@metamask-previews/claims-controller": "0.4.2-preview-85f1a30c",
  "@metamask-previews/composable-controller": "12.0.0-preview-85f1a30c",
  "@metamask-previews/connectivity-controller": "0.1.0-preview-85f1a30c",
  "@metamask-previews/controller-utils": "11.18.0-preview-85f1a30c",
  "@metamask-previews/core-backend": "5.0.0-preview-85f1a30c",
  "@metamask-previews/delegation-controller": "2.0.0-preview-85f1a30c",
  "@metamask-previews/earn-controller": "11.1.0-preview-85f1a30c",
  "@metamask-previews/eip-5792-middleware": "2.1.0-preview-85f1a30c",
  "@metamask-previews/eip-7702-internal-rpc-middleware": "0.1.0-preview-85f1a30c",
  "@metamask-previews/eip1193-permission-middleware": "1.0.3-preview-85f1a30c",
  "@metamask-previews/ens-controller": "19.0.2-preview-85f1a30c",
  "@metamask-previews/error-reporting-service": "3.0.1-preview-85f1a30c",
  "@metamask-previews/eth-block-tracker": "15.0.1-preview-85f1a30c",
  "@metamask-previews/eth-json-rpc-middleware": "23.0.0-preview-85f1a30c",
  "@metamask-previews/eth-json-rpc-provider": "6.0.0-preview-85f1a30c",
  "@metamask-previews/foundryup": "1.0.1-preview-85f1a30c",
  "@metamask-previews/gas-fee-controller": "26.0.2-preview-85f1a30c",
  "@metamask-previews/gator-permissions-controller": "1.1.2-preview-85f1a30c",
  "@metamask-previews/json-rpc-engine": "10.2.1-preview-85f1a30c",
  "@metamask-previews/json-rpc-middleware-stream": "8.0.8-preview-85f1a30c",
  "@metamask-previews/keyring-controller": "25.1.0-preview-85f1a30c",
  "@metamask-previews/logging-controller": "7.0.1-preview-85f1a30c",
  "@metamask-previews/message-manager": "14.1.0-preview-85f1a30c",
  "@metamask-previews/messenger": "0.3.0-preview-85f1a30c",
  "@metamask-previews/multichain-account-service": "5.1.0-preview-85f1a30c",
  "@metamask-previews/multichain-api-middleware": "1.2.6-preview-85f1a30c",
  "@metamask-previews/multichain-network-controller": "3.0.2-preview-85f1a30c",
  "@metamask-previews/multichain-transactions-controller": "7.0.0-preview-85f1a30c",
  "@metamask-previews/name-controller": "9.0.0-preview-85f1a30c",
  "@metamask-previews/network-controller": "29.0.0-preview-85f1a30c",
  "@metamask-previews/network-enablement-controller": "4.1.0-preview-85f1a30c",
  "@metamask-previews/notification-services-controller": "21.0.0-preview-85f1a30c",
  "@metamask-previews/permission-controller": "12.2.0-preview-85f1a30c",
  "@metamask-previews/permission-log-controller": "5.0.0-preview-85f1a30c",
  "@metamask-previews/perps-controller": "0.0.0-preview-85f1a30c",
  "@metamask-previews/phishing-controller": "16.1.0-preview-85f1a30c",
  "@metamask-previews/polling-controller": "16.0.2-preview-85f1a30c",
  "@metamask-previews/preferences-controller": "22.0.0-preview-85f1a30c",
  "@metamask-previews/profile-metrics-controller": "3.0.0-preview-85f1a30c",
  "@metamask-previews/profile-sync-controller": "27.0.0-preview-85f1a30c",
  "@metamask-previews/ramps-controller": "5.1.0-preview-85f1a30c",
  "@metamask-previews/rate-limit-controller": "7.0.0-preview-85f1a30c",
  "@metamask-previews/remote-feature-flag-controller": "4.0.0-preview-85f1a30c",
  "@metamask-previews/sample-controllers": "4.0.2-preview-85f1a30c",
  "@metamask-previews/seedless-onboarding-controller": "7.1.0-preview-85f1a30c",
  "@metamask-previews/selected-network-controller": "26.0.2-preview-85f1a30c",
  "@metamask-previews/shield-controller": "5.0.1-preview-85f1a30c",
  "@metamask-previews/signature-controller": "39.0.1-preview-85f1a30c",
  "@metamask-previews/storage-service": "1.0.0-preview-85f1a30c",
  "@metamask-previews/subscription-controller": "5.4.2-preview-85f1a30c",
  "@metamask-previews/transaction-controller": "62.12.0-preview-85f1a30c",
  "@metamask-previews/transaction-pay-controller": "12.0.2-preview-85f1a30c",
  "@metamask-previews/user-operation-controller": "41.0.2-preview-85f1a30c"
}

packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts

…ated

lwin-kyaw · 2026-02-03T04:22:11Z

@metamaskbot publish-preview

github-actions · 2026-02-03T04:27:11Z

Preview builds have been published. See these instructions for more information about preview builds.

Expand for full list of packages and versions.

{
  "@metamask-previews/account-tree-controller": "4.0.0-preview-69f51f81",
  "@metamask-previews/accounts-controller": "35.0.2-preview-69f51f81",
  "@metamask-previews/address-book-controller": "7.0.1-preview-69f51f81",
  "@metamask-previews/ai-controllers": "0.0.0-preview-69f51f81",
  "@metamask-previews/analytics-controller": "1.0.0-preview-69f51f81",
  "@metamask-previews/analytics-data-regulation-controller": "0.0.0-preview-69f51f81",
  "@metamask-previews/announcement-controller": "8.0.0-preview-69f51f81",
  "@metamask-previews/app-metadata-controller": "2.0.0-preview-69f51f81",
  "@metamask-previews/approval-controller": "8.0.0-preview-69f51f81",
  "@metamask-previews/assets-controller": "0.0.0-preview-69f51f81",
  "@metamask-previews/assets-controllers": "99.1.0-preview-69f51f81",
  "@metamask-previews/base-controller": "9.0.0-preview-69f51f81",
  "@metamask-previews/bridge-controller": "65.1.0-preview-69f51f81",
  "@metamask-previews/bridge-status-controller": "65.0.1-preview-69f51f81",
  "@metamask-previews/build-utils": "3.0.4-preview-69f51f81",
  "@metamask-previews/chain-agnostic-permission": "1.4.0-preview-69f51f81",
  "@metamask-previews/claims-controller": "0.4.2-preview-69f51f81",
  "@metamask-previews/composable-controller": "12.0.0-preview-69f51f81",
  "@metamask-previews/connectivity-controller": "0.1.0-preview-69f51f81",
  "@metamask-previews/controller-utils": "11.18.0-preview-69f51f81",
  "@metamask-previews/core-backend": "5.0.0-preview-69f51f81",
  "@metamask-previews/delegation-controller": "2.0.0-preview-69f51f81",
  "@metamask-previews/earn-controller": "11.1.0-preview-69f51f81",
  "@metamask-previews/eip-5792-middleware": "2.1.0-preview-69f51f81",
  "@metamask-previews/eip-7702-internal-rpc-middleware": "0.1.0-preview-69f51f81",
  "@metamask-previews/eip1193-permission-middleware": "1.0.3-preview-69f51f81",
  "@metamask-previews/ens-controller": "19.0.2-preview-69f51f81",
  "@metamask-previews/error-reporting-service": "3.0.1-preview-69f51f81",
  "@metamask-previews/eth-block-tracker": "15.0.1-preview-69f51f81",
  "@metamask-previews/eth-json-rpc-middleware": "23.0.0-preview-69f51f81",
  "@metamask-previews/eth-json-rpc-provider": "6.0.0-preview-69f51f81",
  "@metamask-previews/foundryup": "1.0.1-preview-69f51f81",
  "@metamask-previews/gas-fee-controller": "26.0.2-preview-69f51f81",
  "@metamask-previews/gator-permissions-controller": "1.1.2-preview-69f51f81",
  "@metamask-previews/json-rpc-engine": "10.2.1-preview-69f51f81",
  "@metamask-previews/json-rpc-middleware-stream": "8.0.8-preview-69f51f81",
  "@metamask-previews/keyring-controller": "25.1.0-preview-69f51f81",
  "@metamask-previews/logging-controller": "7.0.1-preview-69f51f81",
  "@metamask-previews/message-manager": "14.1.0-preview-69f51f81",
  "@metamask-previews/messenger": "0.3.0-preview-69f51f81",
  "@metamask-previews/multichain-account-service": "5.1.0-preview-69f51f81",
  "@metamask-previews/multichain-api-middleware": "1.2.6-preview-69f51f81",
  "@metamask-previews/multichain-network-controller": "3.0.2-preview-69f51f81",
  "@metamask-previews/multichain-transactions-controller": "7.0.0-preview-69f51f81",
  "@metamask-previews/name-controller": "9.0.0-preview-69f51f81",
  "@metamask-previews/network-controller": "29.0.0-preview-69f51f81",
  "@metamask-previews/network-enablement-controller": "4.1.0-preview-69f51f81",
  "@metamask-previews/notification-services-controller": "21.0.0-preview-69f51f81",
  "@metamask-previews/permission-controller": "12.2.0-preview-69f51f81",
  "@metamask-previews/permission-log-controller": "5.0.0-preview-69f51f81",
  "@metamask-previews/perps-controller": "0.0.0-preview-69f51f81",
  "@metamask-previews/phishing-controller": "16.1.0-preview-69f51f81",
  "@metamask-previews/polling-controller": "16.0.2-preview-69f51f81",
  "@metamask-previews/preferences-controller": "22.0.0-preview-69f51f81",
  "@metamask-previews/profile-metrics-controller": "3.0.0-preview-69f51f81",
  "@metamask-previews/profile-sync-controller": "27.0.0-preview-69f51f81",
  "@metamask-previews/ramps-controller": "5.1.0-preview-69f51f81",
  "@metamask-previews/rate-limit-controller": "7.0.0-preview-69f51f81",
  "@metamask-previews/remote-feature-flag-controller": "4.0.0-preview-69f51f81",
  "@metamask-previews/sample-controllers": "4.0.2-preview-69f51f81",
  "@metamask-previews/seedless-onboarding-controller": "7.1.0-preview-69f51f81",
  "@metamask-previews/selected-network-controller": "26.0.2-preview-69f51f81",
  "@metamask-previews/shield-controller": "5.0.1-preview-69f51f81",
  "@metamask-previews/signature-controller": "39.0.1-preview-69f51f81",
  "@metamask-previews/storage-service": "1.0.0-preview-69f51f81",
  "@metamask-previews/subscription-controller": "5.4.2-preview-69f51f81",
  "@metamask-previews/transaction-controller": "62.12.0-preview-69f51f81",
  "@metamask-previews/transaction-pay-controller": "12.0.2-preview-69f51f81",
  "@metamask-previews/user-operation-controller": "41.0.2-preview-69f51f81"
}

packages/seedless-onboarding-controller/tests/mocks/utils.ts

packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts

lwin-kyaw · 2026-02-04T05:15:12Z

@metamaskbot publish-preview

cursor

Cursor Bugbot has reviewed your changes and found 1 potential issue.

packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts

lwin-kyaw · 2026-02-04T05:36:49Z

@metamaskbot publish-preview

lwin-kyaw · 2026-02-04T14:18:09Z

@metamaskbot publish-preview

github-actions · 2026-02-04T14:23:24Z

Preview builds have been published. See these instructions for more information about preview builds.

Expand for full list of packages and versions.

{
  "@metamask-previews/account-tree-controller": "4.0.0-preview-765066629",
  "@metamask-previews/accounts-controller": "35.0.2-preview-765066629",
  "@metamask-previews/address-book-controller": "7.0.1-preview-765066629",
  "@metamask-previews/ai-controllers": "0.0.0-preview-765066629",
  "@metamask-previews/analytics-controller": "1.0.0-preview-765066629",
  "@metamask-previews/analytics-data-regulation-controller": "0.0.0-preview-765066629",
  "@metamask-previews/announcement-controller": "8.0.0-preview-765066629",
  "@metamask-previews/app-metadata-controller": "2.0.0-preview-765066629",
  "@metamask-previews/approval-controller": "8.0.0-preview-765066629",
  "@metamask-previews/assets-controller": "0.0.0-preview-765066629",
  "@metamask-previews/assets-controllers": "99.1.0-preview-765066629",
  "@metamask-previews/base-controller": "9.0.0-preview-765066629",
  "@metamask-previews/bridge-controller": "65.1.0-preview-765066629",
  "@metamask-previews/bridge-status-controller": "65.0.1-preview-765066629",
  "@metamask-previews/build-utils": "3.0.4-preview-765066629",
  "@metamask-previews/chain-agnostic-permission": "1.4.0-preview-765066629",
  "@metamask-previews/claims-controller": "0.4.2-preview-765066629",
  "@metamask-previews/composable-controller": "12.0.0-preview-765066629",
  "@metamask-previews/connectivity-controller": "0.1.0-preview-765066629",
  "@metamask-previews/controller-utils": "11.18.0-preview-765066629",
  "@metamask-previews/core-backend": "5.0.0-preview-765066629",
  "@metamask-previews/delegation-controller": "2.0.0-preview-765066629",
  "@metamask-previews/earn-controller": "11.1.0-preview-765066629",
  "@metamask-previews/eip-5792-middleware": "2.1.0-preview-765066629",
  "@metamask-previews/eip-7702-internal-rpc-middleware": "0.1.0-preview-765066629",
  "@metamask-previews/eip1193-permission-middleware": "1.0.3-preview-765066629",
  "@metamask-previews/ens-controller": "19.0.2-preview-765066629",
  "@metamask-previews/error-reporting-service": "3.0.1-preview-765066629",
  "@metamask-previews/eth-block-tracker": "15.0.1-preview-765066629",
  "@metamask-previews/eth-json-rpc-middleware": "23.0.0-preview-765066629",
  "@metamask-previews/eth-json-rpc-provider": "6.0.0-preview-765066629",
  "@metamask-previews/foundryup": "1.0.1-preview-765066629",
  "@metamask-previews/gas-fee-controller": "26.0.2-preview-765066629",
  "@metamask-previews/gator-permissions-controller": "1.1.2-preview-765066629",
  "@metamask-previews/json-rpc-engine": "10.2.1-preview-765066629",
  "@metamask-previews/json-rpc-middleware-stream": "8.0.8-preview-765066629",
  "@metamask-previews/keyring-controller": "25.1.0-preview-765066629",
  "@metamask-previews/logging-controller": "7.0.1-preview-765066629",
  "@metamask-previews/message-manager": "14.1.0-preview-765066629",
  "@metamask-previews/messenger": "0.3.0-preview-765066629",
  "@metamask-previews/multichain-account-service": "5.1.0-preview-765066629",
  "@metamask-previews/multichain-api-middleware": "1.2.6-preview-765066629",
  "@metamask-previews/multichain-network-controller": "3.0.2-preview-765066629",
  "@metamask-previews/multichain-transactions-controller": "7.0.0-preview-765066629",
  "@metamask-previews/name-controller": "9.0.0-preview-765066629",
  "@metamask-previews/network-controller": "29.0.0-preview-765066629",
  "@metamask-previews/network-enablement-controller": "4.1.0-preview-765066629",
  "@metamask-previews/notification-services-controller": "21.0.0-preview-765066629",
  "@metamask-previews/permission-controller": "12.2.0-preview-765066629",
  "@metamask-previews/permission-log-controller": "5.0.0-preview-765066629",
  "@metamask-previews/perps-controller": "0.0.0-preview-765066629",
  "@metamask-previews/phishing-controller": "16.1.0-preview-765066629",
  "@metamask-previews/polling-controller": "16.0.2-preview-765066629",
  "@metamask-previews/preferences-controller": "22.0.0-preview-765066629",
  "@metamask-previews/profile-metrics-controller": "3.0.0-preview-765066629",
  "@metamask-previews/profile-sync-controller": "27.0.0-preview-765066629",
  "@metamask-previews/ramps-controller": "5.1.0-preview-765066629",
  "@metamask-previews/rate-limit-controller": "7.0.0-preview-765066629",
  "@metamask-previews/remote-feature-flag-controller": "4.0.0-preview-765066629",
  "@metamask-previews/sample-controllers": "4.0.2-preview-765066629",
  "@metamask-previews/seedless-onboarding-controller": "7.1.0-preview-765066629",
  "@metamask-previews/selected-network-controller": "26.0.2-preview-765066629",
  "@metamask-previews/shield-controller": "5.0.1-preview-765066629",
  "@metamask-previews/signature-controller": "39.0.1-preview-765066629",
  "@metamask-previews/storage-service": "1.0.0-preview-765066629",
  "@metamask-previews/subscription-controller": "5.4.2-preview-765066629",
  "@metamask-previews/transaction-controller": "62.12.0-preview-765066629",
  "@metamask-previews/transaction-pay-controller": "12.0.2-preview-765066629",
  "@metamask-previews/user-operation-controller": "41.0.2-preview-765066629"
}

packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts

chaitanyapotti

Do we also refresh on server 401?

lwin-kyaw · 2026-02-10T05:58:49Z

Do we also refresh on server 401?

Hi @chaitanyapotti

No, we don't refresh on 401 responses from Auth-Service.
For SSS (Toprf), we extracted the Json RPC error message and refresh if neccessary.

Anyway, we validate the tokens (expiry) before we make requests (in #executeWithTokenRefresh).

chaitanyapotti · 2026-02-11T07:23:15Z

packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts

+      // if the password is provided (not undefined), encrypt the vault with the password
+      // We gonna prioritize the password encryption here, in case of the operation is `Change Password`.
+      // We don't wanna re-use the old encryption key from the state.
+      if (password !== undefined) {


best practice is to use typeof password !== "undefined" when checking for existence of a variable especially globals.
This is fine for this use case.

chaitanyapotti · 2026-02-11T07:26:01Z

packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts

+    // so skip the check if the vault is locked
+    let isAccessTokenExpired = false;
+    if (this.#isUnlocked) {
+      isAccessTokenExpired = this.checkAccessTokenExpired();


Ideally, we must check expiry with server as part of oauth2 spec
since, client time can be incorrect or session might have been invalidated by server.
this particular implementation is non-standard and can be revisited at a later date

lwin-kyaw · 2026-02-11T09:41:02Z

@metamaskbot publish-preview

github-actions · 2026-02-11T09:46:01Z

Preview builds have been published. See these instructions for more information about preview builds.

Expand for full list of packages and versions.

{
  "@metamask-previews/account-tree-controller": "4.1.0-preview-09a0ddf6c",
  "@metamask-previews/accounts-controller": "35.0.2-preview-09a0ddf6c",
  "@metamask-previews/address-book-controller": "7.0.1-preview-09a0ddf6c",
  "@metamask-previews/ai-controllers": "0.0.0-preview-09a0ddf6c",
  "@metamask-previews/analytics-controller": "1.0.0-preview-09a0ddf6c",
  "@metamask-previews/analytics-data-regulation-controller": "0.0.0-preview-09a0ddf6c",
  "@metamask-previews/announcement-controller": "8.0.0-preview-09a0ddf6c",
  "@metamask-previews/app-metadata-controller": "2.0.0-preview-09a0ddf6c",
  "@metamask-previews/approval-controller": "8.0.0-preview-09a0ddf6c",
  "@metamask-previews/assets-controller": "1.0.0-preview-09a0ddf6c",
  "@metamask-previews/assets-controllers": "99.3.1-preview-09a0ddf6c",
  "@metamask-previews/base-controller": "9.0.0-preview-09a0ddf6c",
  "@metamask-previews/bridge-controller": "66.0.0-preview-09a0ddf6c",
  "@metamask-previews/bridge-status-controller": "66.0.0-preview-09a0ddf6c",
  "@metamask-previews/build-utils": "3.0.4-preview-09a0ddf6c",
  "@metamask-previews/chain-agnostic-permission": "1.4.0-preview-09a0ddf6c",
  "@metamask-previews/claims-controller": "0.4.2-preview-09a0ddf6c",
  "@metamask-previews/composable-controller": "12.0.0-preview-09a0ddf6c",
  "@metamask-previews/connectivity-controller": "0.1.0-preview-09a0ddf6c",
  "@metamask-previews/controller-utils": "11.18.0-preview-09a0ddf6c",
  "@metamask-previews/core-backend": "5.1.0-preview-09a0ddf6c",
  "@metamask-previews/delegation-controller": "2.0.0-preview-09a0ddf6c",
  "@metamask-previews/earn-controller": "11.1.0-preview-09a0ddf6c",
  "@metamask-previews/eip-5792-middleware": "2.1.0-preview-09a0ddf6c",
  "@metamask-previews/eip-7702-internal-rpc-middleware": "0.1.0-preview-09a0ddf6c",
  "@metamask-previews/eip1193-permission-middleware": "1.0.3-preview-09a0ddf6c",
  "@metamask-previews/ens-controller": "19.0.2-preview-09a0ddf6c",
  "@metamask-previews/error-reporting-service": "3.0.1-preview-09a0ddf6c",
  "@metamask-previews/eth-block-tracker": "15.0.1-preview-09a0ddf6c",
  "@metamask-previews/eth-json-rpc-middleware": "23.1.0-preview-09a0ddf6c",
  "@metamask-previews/eth-json-rpc-provider": "6.0.0-preview-09a0ddf6c",
  "@metamask-previews/foundryup": "1.0.1-preview-09a0ddf6c",
  "@metamask-previews/gas-fee-controller": "26.0.2-preview-09a0ddf6c",
  "@metamask-previews/gator-permissions-controller": "1.1.2-preview-09a0ddf6c",
  "@metamask-previews/json-rpc-engine": "10.2.2-preview-09a0ddf6c",
  "@metamask-previews/json-rpc-middleware-stream": "8.0.8-preview-09a0ddf6c",
  "@metamask-previews/keyring-controller": "25.1.0-preview-09a0ddf6c",
  "@metamask-previews/logging-controller": "7.0.1-preview-09a0ddf6c",
  "@metamask-previews/message-manager": "14.1.0-preview-09a0ddf6c",
  "@metamask-previews/messenger": "0.3.0-preview-09a0ddf6c",
  "@metamask-previews/multichain-account-service": "6.0.0-preview-09a0ddf6c",
  "@metamask-previews/multichain-api-middleware": "1.2.6-preview-09a0ddf6c",
  "@metamask-previews/multichain-network-controller": "3.0.2-preview-09a0ddf6c",
  "@metamask-previews/multichain-transactions-controller": "7.0.0-preview-09a0ddf6c",
  "@metamask-previews/name-controller": "9.0.0-preview-09a0ddf6c",
  "@metamask-previews/network-controller": "29.0.0-preview-09a0ddf6c",
  "@metamask-previews/network-enablement-controller": "4.1.0-preview-09a0ddf6c",
  "@metamask-previews/notification-services-controller": "22.0.0-preview-09a0ddf6c",
  "@metamask-previews/permission-controller": "12.2.0-preview-09a0ddf6c",
  "@metamask-previews/permission-log-controller": "5.0.0-preview-09a0ddf6c",
  "@metamask-previews/perps-controller": "0.0.0-preview-09a0ddf6c",
  "@metamask-previews/phishing-controller": "16.2.0-preview-09a0ddf6c",
  "@metamask-previews/polling-controller": "16.0.2-preview-09a0ddf6c",
  "@metamask-previews/preferences-controller": "22.1.0-preview-09a0ddf6c",
  "@metamask-previews/profile-metrics-controller": "3.0.0-preview-09a0ddf6c",
  "@metamask-previews/profile-sync-controller": "27.1.0-preview-09a0ddf6c",
  "@metamask-previews/ramps-controller": "7.1.0-preview-09a0ddf6c",
  "@metamask-previews/rate-limit-controller": "7.0.0-preview-09a0ddf6c",
  "@metamask-previews/remote-feature-flag-controller": "4.0.0-preview-09a0ddf6c",
  "@metamask-previews/sample-controllers": "4.0.2-preview-09a0ddf6c",
  "@metamask-previews/seedless-onboarding-controller": "7.1.0-preview-09a0ddf6c",
  "@metamask-previews/selected-network-controller": "26.0.2-preview-09a0ddf6c",
  "@metamask-previews/shield-controller": "5.0.1-preview-09a0ddf6c",
  "@metamask-previews/signature-controller": "39.0.1-preview-09a0ddf6c",
  "@metamask-previews/storage-service": "1.0.0-preview-09a0ddf6c",
  "@metamask-previews/subscription-controller": "6.0.0-preview-09a0ddf6c",
  "@metamask-previews/transaction-controller": "62.16.0-preview-09a0ddf6c",
  "@metamask-previews/transaction-pay-controller": "12.2.0-preview-09a0ddf6c",
  "@metamask-previews/user-operation-controller": "41.0.2-preview-09a0ddf6c"
}

## Explanation  ## `@metamask/seedless-onboarding-controller` v8.0.0 This release adds vault encryption with a cached encryption key, a new `getAccessToken` public method with built-in token refresh, state log exclusions for sensitive token values, dependency bumps, and a fix for access token persistence after refresh. ### Breaking Changes - **The `encryptor` constructor param now requires an `encryptWithKey` method** ([#7800](#7800)) - This method is used to encrypt the vault with a cached encryption key while the wallet is unlocked. - Consumers must ensure the `encryptor` object passed to the constructor implements `encryptWithKey`. ### New Features - Added new public method `getAccessToken` ([#7800](#7800)) - Clients can use this method to retrieve the `accessToken` from the controller instead of directly accessing it from state. - This method includes a built-in refresh token mechanism when the `accessToken` is expired, preventing expired token usage in clients. ### Changes - Updated `StateMetadata`'s `includeInStateLogs` property to explicitly exclude all token values from state logs ([#7750](#7750)) ## References  Fixes #7805 ## Checklist - [x] I've updated the test suite for new or updated code as appropriate - [x] I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate - [x] I've communicated my changes to consumers by [updating changelogs for packages I've changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md) - [x] I've introduced [breaking changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md) in this PR and have prepared draft pull requests for clients and consumer packages to resolve them  --- > [!NOTE] > **Low Risk** > Version/changelog-only updates with no runtime code changes. > > **Overview** > Bumps the monorepo version to `808.0.0` and releases `@metamask/seedless-onboarding-controller` `8.0.0`. > > Updates the seedless onboarding controller changelog to include the `8.0.0` release entry and adjusts compare links accordingly. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit b67d0d6. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup>

feat: added 'getAccessToken' with refresh token if expired

3b3f928

lwin-kyaw requested a review from a team as a code owner February 2, 2026 06:11

chore: updated ChangeLog

719a409

lwin-kyaw requested a review from a team as a code owner February 2, 2026 06:16

lwin-kyaw added team-onboarding area-onboarding labels Feb 2, 2026

feat: removed 'assertUnlock' for 'getRefreshToken' method

dcbbb24

cursor bot reviewed Feb 2, 2026

View reviewed changes

packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts Show resolved Hide resolved

lwin-kyaw added 2 commits February 2, 2026 16:26

chore: throw errors if user is not authenticated or token refresh fails

2b1da34

feat: register 'SeedlessOnboarding:getAccessToken' actions to messenger

4594ee9

lwin-kyaw added 2 commits February 3, 2026 01:26

feat: added new function, 'encryptWithKey' to SeedlessOnboarding Vaul…

fdbf117

…t Encryptor interface

fix: update accessToken in encryptedVault after token refresh while t…

85f1a30

…he wallet is unlocked

lwin-kyaw self-assigned this Feb 2, 2026

lwin-kyaw changed the title ~~feat: added 'getAccessToken' with refresh token if expired~~ fix: persist new accessToken in SeedlessOnboarding Vault after tokens refresh Feb 2, 2026

cursor bot reviewed Feb 2, 2026

View reviewed changes

packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts Show resolved Hide resolved

packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts Outdated Show resolved Hide resolved

lwin-kyaw marked this pull request as draft February 2, 2026 17:48

feat: update vault on 'submitPassword' if accessToken in state is upd…

69f51f8

…ated

lwin-kyaw added 3 commits February 3, 2026 15:03

feat: persist new accessToken for the password sync case

cdfb9ce

chore: fixed imports and typos

8229021

chore: updated ChangeLog

3ec2ede

cursor bot reviewed Feb 4, 2026

View reviewed changes

packages/seedless-onboarding-controller/tests/mocks/utils.ts Outdated Show resolved Hide resolved

packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts Outdated Show resolved Hide resolved

chore: lint

f681e86

cursor bot reviewed Feb 4, 2026

View reviewed changes

packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts Outdated Show resolved Hide resolved

fix: update password validation

7650666

lwin-kyaw mentioned this pull request Feb 5, 2026

Error: Failed to get marketing opt in status MetaMask/metamask-extension#39566

Closed

tuna1207 reviewed Feb 5, 2026

View reviewed changes

packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts Show resolved Hide resolved

packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts Show resolved Hide resolved

chaitanyapotti reviewed Feb 9, 2026

View reviewed changes

matthiasgeihs approved these changes Feb 10, 2026

View reviewed changes

chaitanyapotti reviewed Feb 11, 2026

View reviewed changes

chaitanyapotti approved these changes Feb 11, 2026

View reviewed changes

chaitanyapotti added this pull request to the merge queue Feb 11, 2026

github-merge-queue bot removed this pull request from the merge queue due to failed status checks Feb 11, 2026

Merge branch 'main' into feat/get-access-token-with-refresh

09a0ddf

lwin-kyaw added this pull request to the merge queue Feb 11, 2026

github-merge-queue bot removed this pull request from the merge queue due to failed status checks Feb 11, 2026

lwin-kyaw added this pull request to the merge queue Feb 11, 2026

Merged via the queue into main with commit 866ed9e Feb 11, 2026
302 checks passed

lwin-kyaw deleted the feat/get-access-token-with-refresh branch February 11, 2026 13:06

This was referenced Feb 12, 2026

Release/808.0.0 #7912

Merged

New accessToken from refreshAuthTokens() not persisted to vault #7805

Closed

Uh oh!

Conversation

lwin-kyaw commented Feb 2, 2026 • edited by cursor bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Explanation

Issue:

Solution:

Persist newAccessToken in the encrypted vault

References

Checklist

Uh oh!

lwin-kyaw commented Feb 2, 2026

Uh oh!

github-actions bot commented Feb 2, 2026

Uh oh!

lwin-kyaw commented Feb 2, 2026

Uh oh!

github-actions bot commented Feb 2, 2026

Uh oh!

Uh oh!

lwin-kyaw commented Feb 2, 2026

Uh oh!

github-actions bot commented Feb 2, 2026

Uh oh!

lwin-kyaw commented Feb 2, 2026

Uh oh!

github-actions bot commented Feb 2, 2026

Uh oh!

Uh oh!

Uh oh!

lwin-kyaw commented Feb 3, 2026

Uh oh!

github-actions bot commented Feb 3, 2026

Uh oh!

Uh oh!

Uh oh!

lwin-kyaw commented Feb 4, 2026

Uh oh!

cursor bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

lwin-kyaw commented Feb 4, 2026

Uh oh!

lwin-kyaw commented Feb 4, 2026

Uh oh!

github-actions bot commented Feb 4, 2026

Uh oh!

Uh oh!

Uh oh!

chaitanyapotti left a comment

Choose a reason for hiding this comment

Uh oh!

lwin-kyaw commented Feb 10, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

chaitanyapotti Feb 11, 2026

Choose a reason for hiding this comment

Uh oh!

chaitanyapotti Feb 11, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

lwin-kyaw commented Feb 11, 2026

Uh oh!

github-actions bot commented Feb 11, 2026

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

lwin-kyaw commented Feb 2, 2026 •

edited by cursor bot

Loading

Persist `newAccessToken` in the encrypted vault

lwin-kyaw commented Feb 10, 2026 •

edited

Loading