From 645de0b292640da98f97758dac2b5a988d7c4819 Mon Sep 17 00:00:00 2001
From: sherzod-bakhodirov <sherzod.bakhodirov@magic-ext.com>
Date: Mon, 16 Feb 2026 20:48:21 +0500
Subject: [PATCH 1/9] feat: add mfa events to oauth flows

---
 packages/@magic-ext/oauth2/src/index.ts       | 119 ++++++++++++------
 packages/@magic-ext/oauth2/src/types.ts       |   2 +
 .../types/src/modules/intermediary-types.ts   |   4 +-
 .../types/src/modules/oauth-types.ts          |  40 +++++-
 4 files changed, 123 insertions(+), 42 deletions(-)

diff --git a/packages/@magic-ext/oauth2/src/index.ts b/packages/@magic-ext/oauth2/src/index.ts
index e7ddde91c..08f32c4a8 100644
--- a/packages/@magic-ext/oauth2/src/index.ts
+++ b/packages/@magic-ext/oauth2/src/index.ts
@@ -9,7 +9,14 @@ import {
   OAuthPopupConfiguration,
   OAuthVerificationConfiguration,
 } from './types';
-import { OAuthPopupEventEmit, OAuthPopupEventHandlers, OAuthPopupEventOnReceived } from '@magic-sdk/types';
+import {
+  OAuthMFAEventEmit,
+  OAuthMFAEventOnReceived,
+  OAuthPopupEventEmit,
+  OAuthPopupEventHandlers,
+  OAuthPopupEventOnReceived,
+  OAuthRedirectEventHandlers,
+} from '@magic-sdk/types';
 
 declare global {
   interface Window {
@@ -37,42 +44,62 @@ export class OAuthExtension extends Extension.Internal<'oauth2'> {
   }
 
   public loginWithRedirect(configuration: OAuthRedirectConfiguration) {
-    return this.utils.createPromiEvent<null | string>(async (resolve, reject) => {
-      const parseRedirectResult = this.utils.createJsonRpcRequestPayload(OAuthPayloadMethods.Start, [
-        {
-          ...configuration,
-          apiKey: this.sdk.apiKey,
-          platform: 'web',
-        },
-      ]);
-
-      const result = await this.request<OAuthRedirectStartResult | OAuthRedirectError>(parseRedirectResult);
-      const successResult = result as OAuthRedirectStartResult;
-      const errorResult = result as OAuthRedirectError;
-
-      if (errorResult.error) {
-        reject(
-          this.createError<OAuthErrorData>(errorResult.error, errorResult.error_description ?? 'An error occurred.', {
-            errorURI: errorResult.error_uri,
-            provider: errorResult.provider,
-          }),
-        );
-      }
+    const { showUI } = configuration;
+    const requestPayload = this.utils.createJsonRpcRequestPayload(OAuthPayloadMethods.Start, [
+      {
+        ...configuration,
+        apiKey: this.sdk.apiKey,
+        platform: 'web',
+      },
+    ]);
 
-      if (successResult?.oauthAuthoriationURI) {
-        const redirectURI = successResult.useMagicServerCallback
-          ? // @ts-ignore - this.sdk.endpoint is marked protected but we need to access it.
-            new URL(successResult.oauthAuthoriationURI, this.sdk.endpoint).href
-          : successResult.oauthAuthoriationURI;
+    const promiEvent = createPromiEvent<null | string, OAuthRedirectEventHandlers>(async (resolve, reject) => {
+      try {
+        const oauthRedirectRequest = this.request<
+          OAuthRedirectStartResult | OAuthRedirectError,
+          OAuthRedirectEventHandlers
+        >(requestPayload);
 
-        if (successResult?.shouldReturnURI) {
-          resolve(redirectURI);
-        } else {
-          window.location.href = redirectURI;
+        if (!showUI && oauthRedirectRequest) {
+          this.proxyMFAReceivedEvents(oauthRedirectRequest, promiEvent);
+        }
+
+        const result = await oauthRedirectRequest;
+        const successResult = result as OAuthRedirectStartResult;
+        const errorResult = result as OAuthRedirectError;
+
+        if (errorResult.error) {
+          reject(
+            this.createError<OAuthErrorData>(errorResult.error, errorResult.error_description ?? 'An error occurred.', {
+              errorURI: errorResult.error_uri,
+              provider: errorResult.provider,
+            }),
+          );
+          return;
+        }
+
+        if (successResult?.oauthAuthoriationURI) {
+          const redirectURI = successResult.useMagicServerCallback
+            ? // @ts-ignore - this.sdk.endpoint is marked protected but we need to access it.
+              new URL(successResult.oauthAuthoriationURI, this.sdk.endpoint).href
+            : successResult.oauthAuthoriationURI;
+
+          if (successResult?.shouldReturnURI) {
+            resolve(redirectURI);
+            return;
+          } else {
+            window.location.href = redirectURI;
+          }
         }
+        resolve(null);
+      } catch (error) {
+        reject(error);
       }
-      resolve(null);
     });
+
+    this.attachMFAEmitHandlers(promiEvent, requestPayload.id as string);
+
+    return promiEvent;
   }
 
   public getRedirectResult(configuration: OAuthVerificationConfiguration = {}) {
@@ -87,6 +114,7 @@ export class OAuthExtension extends Extension.Internal<'oauth2'> {
   }
 
   public loginWithPopup(configuration: OAuthPopupConfiguration) {
+    const { showUI } = configuration;
     const requestPayload = this.utils.createJsonRpcRequestPayload(OAuthPayloadMethods.Popup, [
       {
         ...configuration,
@@ -102,17 +130,24 @@ export class OAuthExtension extends Extension.Internal<'oauth2'> {
           requestPayload,
         );
 
+        /**
+         * Attach Event listeners
+         */
         const redirectEvent = (event: MessageEvent) => {
           this.createIntermediaryEvent(OAuthPopupEventEmit.PopupEvent, requestPayload.id as string)(event.data);
         };
 
-        if (configuration.shouldReturnURI) {
+        if (configuration.shouldReturnURI && oauthPopupRequest) {
           oauthPopupRequest.on(OAuthPopupEventOnReceived.PopupUrl, popupUrl => {
             window.addEventListener('message', redirectEvent);
             promiEvent.emit(OAuthPopupEventOnReceived.PopupUrl, popupUrl);
           });
         }
 
+        if (!showUI && oauthPopupRequest) {
+          this.proxyMFAReceivedEvents(oauthPopupRequest, promiEvent);
+        }
+
         const result = await oauthPopupRequest;
         window.removeEventListener('message', redirectEvent);
 
@@ -126,13 +161,25 @@ export class OAuthExtension extends Extension.Internal<'oauth2'> {
       }
     });
 
-    promiEvent.on(OAuthPopupEventEmit.Cancel, () => {
-      this.createIntermediaryEvent(OAuthPopupEventEmit.Cancel, requestPayload.id as string)();
-    });
+    this.attachMFAEmitHandlers(promiEvent, requestPayload.id as string);
 
     return promiEvent;
   }
 
+  private proxyMFAReceivedEvents(source: { on: Function }, target: { emit: Function }) {
+    Object.values(OAuthMFAEventOnReceived).forEach(event => {
+      source.on(event, () => target.emit(event));
+    });
+  }
+
+  private attachMFAEmitHandlers(promiEvent: { on: Function }, requestId: string) {
+    Object.values(OAuthMFAEventEmit).forEach(event => {
+      promiEvent.on(event, (...args: unknown[]) => {
+        this.createIntermediaryEvent(event, requestId)(...args);
+      });
+    });
+  }
+
   protected seamlessTelegramLogin() {
     try {
       const hash = window.location.hash.toString();
diff --git a/packages/@magic-ext/oauth2/src/types.ts b/packages/@magic-ext/oauth2/src/types.ts
index 7afa83b85..6c3042978 100644
--- a/packages/@magic-ext/oauth2/src/types.ts
+++ b/packages/@magic-ext/oauth2/src/types.ts
@@ -103,6 +103,7 @@ export interface OAuthRedirectConfiguration {
   customData?: string;
   providerParams?: Record<string, string | number | boolean>;
   loginHint?: string;
+  showUI?: boolean;
 }
 
 export interface OAuthVerificationConfiguration {
@@ -117,6 +118,7 @@ export interface OAuthPopupConfiguration {
   loginHint?: string;
   providerParams?: Record<string, string | number | boolean>;
   shouldReturnURI?: boolean;
+  showUI?: boolean;
 }
 
 export enum OAuthErrorCode {
diff --git a/packages/@magic-sdk/types/src/modules/intermediary-types.ts b/packages/@magic-sdk/types/src/modules/intermediary-types.ts
index 021d1c267..4f04c80da 100644
--- a/packages/@magic-sdk/types/src/modules/intermediary-types.ts
+++ b/packages/@magic-sdk/types/src/modules/intermediary-types.ts
@@ -29,7 +29,7 @@ import {
   RecoveryFactorEventEmit,
   RecoveryFactorEventOnReceived,
 } from './user-types';
-import { OAuthPopupEventEmit, OAuthPopupEventOnReceived } from './oauth-types';
+import { OAuthMFAEventEmit, OAuthMFAEventOnReceived, OAuthPopupEventEmit, OAuthPopupEventOnReceived } from './oauth-types';
 
 export type IntermediaryEvents =
   // EmailOTP
@@ -76,5 +76,7 @@ export type IntermediaryEvents =
   | `${RecoverAccountEventOnReceived}`
   | `${RecoverAccountEventEmit}`
   // OAuth Events
+  | `${OAuthMFAEventEmit}`
+  | `${OAuthMFAEventOnReceived}`
   | `${OAuthPopupEventEmit}`
   | `${OAuthPopupEventOnReceived}`;
diff --git a/packages/@magic-sdk/types/src/modules/oauth-types.ts b/packages/@magic-sdk/types/src/modules/oauth-types.ts
index fa09880b9..4cd840c30 100644
--- a/packages/@magic-sdk/types/src/modules/oauth-types.ts
+++ b/packages/@magic-sdk/types/src/modules/oauth-types.ts
@@ -1,16 +1,46 @@
+// Shared MFA events reused by both popup and redirect flows
+export enum OAuthMFAEventEmit {
+  Cancel = 'cancel',
+  VerifyMFACode = 'verify-mfa-code',
+  LostDevice = 'lost-device',
+  VerifyRecoveryCode = 'verify-recovery-code',
+}
+
+export enum OAuthMFAEventOnReceived {
+  MfaSentHandle = 'mfa-sent-handle',
+  InvalidMfaOtp = 'invalid-mfa-otp',
+  RecoveryCodeSentHandle = 'recovery-code-sent-handle',
+  InvalidRecoveryCode = 'invalid-recovery-code',
+  RecoveryCodeSuccess = 'recovery-code-success',
+}
+
+type OAuthMFAEventHandlers = {
+  // Event sent
+  [OAuthMFAEventEmit.Cancel]: () => void;
+  [OAuthMFAEventEmit.VerifyMFACode]: (mfa: string) => void;
+  [OAuthMFAEventEmit.LostDevice]: () => void;
+  [OAuthMFAEventEmit.VerifyRecoveryCode]: (recoveryCode: string) => void;
+  // Event Received
+  [OAuthMFAEventOnReceived.MfaSentHandle]: () => void;
+  [OAuthMFAEventOnReceived.InvalidMfaOtp]: () => void;
+  [OAuthMFAEventOnReceived.RecoveryCodeSentHandle]: () => void;
+  [OAuthMFAEventOnReceived.InvalidRecoveryCode]: () => void;
+  [OAuthMFAEventOnReceived.RecoveryCodeSuccess]: () => void;
+};
+
+// Popup-specific events
 export enum OAuthPopupEventOnReceived {
   PopupUrl = 'popup-url',
 }
 
 export enum OAuthPopupEventEmit {
   PopupEvent = 'popup-event',
-  Cancel = 'cancel',
 }
 
 export type OAuthPopupEventHandlers = {
-  // Event sent
   [OAuthPopupEventEmit.PopupEvent]: (eventData: unknown) => void;
-  [OAuthPopupEventEmit.Cancel]: () => void;
-  // Event Received
   [OAuthPopupEventOnReceived.PopupUrl]: (event: { popupUrl: string; provider: string }) => void;
-};
+} & OAuthMFAEventHandlers;
+
+// Redirect-specific handler type
+export type OAuthRedirectEventHandlers = OAuthMFAEventHandlers;

From 81e26e44fb3d48e094a87202d5c3d36b731f8703 Mon Sep 17 00:00:00 2001
From: sherzod-bakhodirov <sherzod.bakhodirov@magic-ext.com>
Date: Wed, 18 Feb 2026 17:55:21 +0500
Subject: [PATCH 2/9] feat: implement mfa events in wallet kit

---
 packages/@magic-ext/oauth2/src/index.ts       | 225 ++++++++++--------
 packages/@magic-ext/oauth2/src/types.ts       |   2 +-
 .../@magic-ext/wallet-kit/src/MagicWidget.tsx |  15 +-
 .../src/context/OAuthLoginContext.tsx         | 166 +++++++++++++
 .../wallet-kit/src/context/index.ts           |   1 +
 .../@magic-ext/wallet-kit/src/extension.ts    |  32 ++-
 .../@magic-ext/wallet-kit/src/hooks/useMfa.ts |  32 +++
 .../wallet-kit/src/hooks/useOAuthLogin.ts     |  59 -----
 .../wallet-kit/src/views/MfaView.tsx          |   4 +-
 .../wallet-kit/src/views/OAuthPendingView.tsx |  48 +---
 .../wallet-kit/src/views/RecoveryCode.tsx     |   4 +-
 .../types/src/modules/oauth-types.ts          |   2 +-
 12 files changed, 376 insertions(+), 214 deletions(-)
 create mode 100644 packages/@magic-ext/wallet-kit/src/context/OAuthLoginContext.tsx
 create mode 100644 packages/@magic-ext/wallet-kit/src/hooks/useMfa.ts
 delete mode 100644 packages/@magic-ext/wallet-kit/src/hooks/useOAuthLogin.ts

diff --git a/packages/@magic-ext/oauth2/src/index.ts b/packages/@magic-ext/oauth2/src/index.ts
index 08f32c4a8..992f9625e 100644
--- a/packages/@magic-ext/oauth2/src/index.ts
+++ b/packages/@magic-ext/oauth2/src/index.ts
@@ -15,7 +15,7 @@ import {
   OAuthPopupEventEmit,
   OAuthPopupEventHandlers,
   OAuthPopupEventOnReceived,
-  OAuthRedirectEventHandlers,
+  OAuthGetResultEventHandlers,
 } from '@magic-sdk/types';
 
 declare global {
@@ -44,62 +44,42 @@ export class OAuthExtension extends Extension.Internal<'oauth2'> {
   }
 
   public loginWithRedirect(configuration: OAuthRedirectConfiguration) {
-    const { showUI } = configuration;
-    const requestPayload = this.utils.createJsonRpcRequestPayload(OAuthPayloadMethods.Start, [
-      {
-        ...configuration,
-        apiKey: this.sdk.apiKey,
-        platform: 'web',
-      },
-    ]);
-
-    const promiEvent = createPromiEvent<null | string, OAuthRedirectEventHandlers>(async (resolve, reject) => {
-      try {
-        const oauthRedirectRequest = this.request<
-          OAuthRedirectStartResult | OAuthRedirectError,
-          OAuthRedirectEventHandlers
-        >(requestPayload);
-
-        if (!showUI && oauthRedirectRequest) {
-          this.proxyMFAReceivedEvents(oauthRedirectRequest, promiEvent);
-        }
-
-        const result = await oauthRedirectRequest;
-        const successResult = result as OAuthRedirectStartResult;
-        const errorResult = result as OAuthRedirectError;
+    return this.utils.createPromiEvent<null | string>(async (resolve, reject) => {
+      const parseRedirectResult = this.utils.createJsonRpcRequestPayload(OAuthPayloadMethods.Start, [
+        {
+          ...configuration,
+          apiKey: this.sdk.apiKey,
+          platform: 'web',
+        },
+      ]);
+
+      const result = await this.request<OAuthRedirectStartResult | OAuthRedirectError>(parseRedirectResult);
+      const successResult = result as OAuthRedirectStartResult;
+      const errorResult = result as OAuthRedirectError;
+
+      if (errorResult.error) {
+        reject(
+          this.createError<OAuthErrorData>(errorResult.error, errorResult.error_description ?? 'An error occurred.', {
+            errorURI: errorResult.error_uri,
+            provider: errorResult.provider,
+          }),
+        );
+      }
 
-        if (errorResult.error) {
-          reject(
-            this.createError<OAuthErrorData>(errorResult.error, errorResult.error_description ?? 'An error occurred.', {
-              errorURI: errorResult.error_uri,
-              provider: errorResult.provider,
-            }),
-          );
-          return;
-        }
+      if (successResult?.oauthAuthoriationURI) {
+        const redirectURI = successResult.useMagicServerCallback
+          ? // @ts-ignore - this.sdk.endpoint is marked protected but we need to access it.
+            new URL(successResult.oauthAuthoriationURI, this.sdk.endpoint).href
+          : successResult.oauthAuthoriationURI;
 
-        if (successResult?.oauthAuthoriationURI) {
-          const redirectURI = successResult.useMagicServerCallback
-            ? // @ts-ignore - this.sdk.endpoint is marked protected but we need to access it.
-              new URL(successResult.oauthAuthoriationURI, this.sdk.endpoint).href
-            : successResult.oauthAuthoriationURI;
-
-          if (successResult?.shouldReturnURI) {
-            resolve(redirectURI);
-            return;
-          } else {
-            window.location.href = redirectURI;
-          }
+        if (successResult?.shouldReturnURI) {
+          resolve(redirectURI);
+        } else {
+          window.location.href = redirectURI;
         }
-        resolve(null);
-      } catch (error) {
-        reject(error);
       }
+      resolve(null);
     });
-
-    this.attachMFAEmitHandlers(promiEvent, requestPayload.id as string);
-
-    return promiEvent;
   }
 
   public getRedirectResult(configuration: OAuthVerificationConfiguration = {}) {
@@ -110,7 +90,7 @@ export class OAuthExtension extends Extension.Internal<'oauth2'> {
     const urlWithoutQuery = window.location.origin + window.location.pathname;
     window.history.replaceState(null, '', urlWithoutQuery);
 
-    return getResult.call(this, configuration, queryString);
+    return this.getResult(configuration, queryString);
   }
 
   public loginWithPopup(configuration: OAuthPopupConfiguration) {
@@ -144,8 +124,22 @@ export class OAuthExtension extends Extension.Internal<'oauth2'> {
           });
         }
 
-        if (!showUI && oauthPopupRequest) {
-          this.proxyMFAReceivedEvents(oauthPopupRequest, promiEvent);
+        if (!showUI) {
+          oauthPopupRequest.on(OAuthMFAEventOnReceived.MfaSentHandle, (...args) => {
+            promiEvent.emit(OAuthMFAEventOnReceived.MfaSentHandle, ...args);
+          });
+          oauthPopupRequest.on(OAuthMFAEventOnReceived.InvalidMfaOtp, (...args) => {
+            promiEvent.emit(OAuthMFAEventOnReceived.InvalidMfaOtp, ...args);
+          });
+          oauthPopupRequest.on(OAuthMFAEventOnReceived.RecoveryCodeSentHandle, (...args) => {
+            promiEvent.emit(OAuthMFAEventOnReceived.RecoveryCodeSentHandle, ...args);
+          });
+          oauthPopupRequest.on(OAuthMFAEventOnReceived.InvalidRecoveryCode, (...args) => {
+            promiEvent.emit(OAuthMFAEventOnReceived.InvalidRecoveryCode, ...args);
+          });
+          oauthPopupRequest.on(OAuthMFAEventOnReceived.RecoveryCodeSuccess, (...args) => {
+            promiEvent.emit(OAuthMFAEventOnReceived.RecoveryCodeSuccess, ...args);
+          });
         }
 
         const result = await oauthPopupRequest;
@@ -161,23 +155,93 @@ export class OAuthExtension extends Extension.Internal<'oauth2'> {
       }
     });
 
-    this.attachMFAEmitHandlers(promiEvent, requestPayload.id as string);
+    if (!showUI && promiEvent) {
+      promiEvent.on(OAuthMFAEventEmit.VerifyMFACode, (mfa: string) => {
+        this.createIntermediaryEvent(OAuthMFAEventEmit.VerifyMFACode, requestPayload.id as string)(mfa);
+      });
+      promiEvent.on(OAuthMFAEventEmit.LostDevice, () => {
+        this.createIntermediaryEvent(OAuthMFAEventEmit.LostDevice, requestPayload.id as string)();
+      });
+      promiEvent.on(OAuthMFAEventEmit.VerifyRecoveryCode, (recoveryCode: string) => {
+        this.createIntermediaryEvent(OAuthMFAEventEmit.VerifyRecoveryCode, requestPayload.id as string)(recoveryCode);
+      });
+      promiEvent.on(OAuthMFAEventEmit.Cancel, () => {
+        this.createIntermediaryEvent(OAuthMFAEventEmit.Cancel, requestPayload.id as any)();
+      });
+    }
 
     return promiEvent;
   }
 
-  private proxyMFAReceivedEvents(source: { on: Function }, target: { emit: Function }) {
-    Object.values(OAuthMFAEventOnReceived).forEach(event => {
-      source.on(event, () => target.emit(event));
-    });
-  }
+  private getResult(configuration: OAuthVerificationConfiguration, queryString: string) {
+    const { showUI } = configuration;
+    const requestPayload = this.utils.createJsonRpcRequestPayload(OAuthPayloadMethods.Verify, [
+      {
+        authorizationResponseParams: queryString,
+        magicApiKey: this.sdk.apiKey,
+        platform: 'web',
+        ...configuration,
+      },
+    ]);
+
+    const promiEvent = this.utils.createPromiEvent<OAuthRedirectResult, OAuthGetResultEventHandlers>(
+      async (resolve, reject) => {
+        const getResultRequest = this.request<OAuthRedirectResult | OAuthRedirectError, OAuthGetResultEventHandlers>(
+          requestPayload,
+        );
+
+        if (!showUI) {
+          getResultRequest.on(OAuthMFAEventOnReceived.MfaSentHandle, (...args) => {
+            promiEvent.emit(OAuthMFAEventOnReceived.MfaSentHandle, ...args);
+          });
+          getResultRequest.on(OAuthMFAEventOnReceived.InvalidMfaOtp, (...args) => {
+            promiEvent.emit(OAuthMFAEventOnReceived.InvalidMfaOtp, ...args);
+          });
+          getResultRequest.on(OAuthMFAEventOnReceived.RecoveryCodeSentHandle, (...args) => {
+            promiEvent.emit(OAuthMFAEventOnReceived.RecoveryCodeSentHandle, ...args);
+          });
+          getResultRequest.on(OAuthMFAEventOnReceived.InvalidRecoveryCode, (...args) => {
+            promiEvent.emit(OAuthMFAEventOnReceived.InvalidRecoveryCode, ...args);
+          });
+          getResultRequest.on(OAuthMFAEventOnReceived.RecoveryCodeSuccess, (...args) => {
+            promiEvent.emit(OAuthMFAEventOnReceived.RecoveryCodeSuccess, ...args);
+          });
+        }
+
+        // Parse the result, which may contain an OAuth-formatted error.
+        const resultOrError = await getResultRequest;
+        const maybeResult = resultOrError as OAuthRedirectResult;
+        const maybeError = resultOrError as OAuthRedirectError;
+
+        if (maybeError.error) {
+          reject(
+            this.createError<OAuthErrorData>(maybeError.error, maybeError.error_description ?? 'An error occurred.', {
+              errorURI: maybeError.error_uri,
+              provider: maybeError.provider,
+            }),
+          );
+        }
+
+        resolve(maybeResult);
+      },
+    );
 
-  private attachMFAEmitHandlers(promiEvent: { on: Function }, requestId: string) {
-    Object.values(OAuthMFAEventEmit).forEach(event => {
-      promiEvent.on(event, (...args: unknown[]) => {
-        this.createIntermediaryEvent(event, requestId)(...args);
+    if (!showUI && promiEvent) {
+      promiEvent.on(OAuthMFAEventEmit.VerifyMFACode, (mfa: string) => {
+        this.createIntermediaryEvent(OAuthMFAEventEmit.VerifyMFACode, requestPayload.id as string)(mfa);
       });
-    });
+      promiEvent.on(OAuthMFAEventEmit.LostDevice, () => {
+        this.createIntermediaryEvent(OAuthMFAEventEmit.LostDevice, requestPayload.id as string)();
+      });
+      promiEvent.on(OAuthMFAEventEmit.VerifyRecoveryCode, (recoveryCode: string) => {
+        this.createIntermediaryEvent(OAuthMFAEventEmit.VerifyRecoveryCode, requestPayload.id as string)(recoveryCode);
+      });
+      promiEvent.on(OAuthMFAEventEmit.Cancel, () => {
+        this.createIntermediaryEvent(OAuthMFAEventEmit.Cancel, requestPayload.id as any)();
+      });
+    }
+
+    return promiEvent;
   }
 
   protected seamlessTelegramLogin() {
@@ -207,33 +271,4 @@ export class OAuthExtension extends Extension.Internal<'oauth2'> {
   }
 }
 
-function getResult(this: OAuthExtension, configuration: OAuthVerificationConfiguration, queryString: string) {
-  return this.utils.createPromiEvent<OAuthRedirectResult>(async (resolve, reject) => {
-    const parseRedirectResult = this.utils.createJsonRpcRequestPayload(OAuthPayloadMethods.Verify, [
-      {
-        authorizationResponseParams: queryString,
-        magicApiKey: this.sdk.apiKey,
-        platform: 'web',
-        ...configuration,
-      },
-    ]);
-
-    // Parse the result, which may contain an OAuth-formatted error.
-    const resultOrError = await this.request<OAuthRedirectResult | OAuthRedirectError>(parseRedirectResult);
-    const maybeResult = resultOrError as OAuthRedirectResult;
-    const maybeError = resultOrError as OAuthRedirectError;
-
-    if (maybeError.error) {
-      reject(
-        this.createError<OAuthErrorData>(maybeError.error, maybeError.error_description ?? 'An error occurred.', {
-          errorURI: maybeError.error_uri,
-          provider: maybeError.provider,
-        }),
-      );
-    }
-
-    resolve(maybeResult);
-  });
-}
-
 export * from './types';
diff --git a/packages/@magic-ext/oauth2/src/types.ts b/packages/@magic-ext/oauth2/src/types.ts
index 6c3042978..127b5476c 100644
--- a/packages/@magic-ext/oauth2/src/types.ts
+++ b/packages/@magic-ext/oauth2/src/types.ts
@@ -103,13 +103,13 @@ export interface OAuthRedirectConfiguration {
   customData?: string;
   providerParams?: Record<string, string | number | boolean>;
   loginHint?: string;
-  showUI?: boolean;
 }
 
 export interface OAuthVerificationConfiguration {
   lifespan?: number;
   optionalQueryString?: string;
   skipDIDToken?: boolean;
+  showUI?: boolean;
 }
 
 export interface OAuthPopupConfiguration {
diff --git a/packages/@magic-ext/wallet-kit/src/MagicWidget.tsx b/packages/@magic-ext/wallet-kit/src/MagicWidget.tsx
index 379e1c5a1..8047b3cc3 100644
--- a/packages/@magic-ext/wallet-kit/src/MagicWidget.tsx
+++ b/packages/@magic-ext/wallet-kit/src/MagicWidget.tsx
@@ -11,6 +11,7 @@ import { OAuthPendingView } from './views/OAuthPendingView';
 import AdditionalProvidersView from './views/AdditionalProvidersView';
 import { getExtensionInstance } from './extension';
 import { EmailLoginProvider } from './context/EmailLoginContext';
+import { OAuthLoginProvider } from './context/OAuthLoginContext';
 import { WidgetConfigProvider } from './context/WidgetConfigContext';
 import { EmailOTPView } from './views/EmailOTPView';
 import { DeviceVerificationView } from './views/DeviceVerificationView';
@@ -109,12 +110,14 @@ function WidgetContent({
 
   return (
     <EmailLoginProvider dispatch={dispatch}>
-      <Modal isWidget fullscreen={isModal && isMobile}>
-        <VStack width="full" minWidth="380px">
-          {renderView()}
-          <Footer showLogo={showFooterLogo} />
-        </VStack>
-      </Modal>
+      <OAuthLoginProvider dispatch={dispatch}>
+        <Modal isWidget fullscreen={isModal && isMobile}>
+          <VStack width="full" minWidth="380px">
+            {renderView()}
+            <Footer showLogo={showFooterLogo} />
+          </VStack>
+        </Modal>
+      </OAuthLoginProvider>
     </EmailLoginProvider>
   );
 }
diff --git a/packages/@magic-ext/wallet-kit/src/context/OAuthLoginContext.tsx b/packages/@magic-ext/wallet-kit/src/context/OAuthLoginContext.tsx
new file mode 100644
index 000000000..2ef001e58
--- /dev/null
+++ b/packages/@magic-ext/wallet-kit/src/context/OAuthLoginContext.tsx
@@ -0,0 +1,166 @@
+import React, { createContext, useContext, useRef, useCallback, useState, ReactNode } from 'react';
+import { getExtensionInstance, OAuthRedirectError, OAuthRedirectResult } from '../extension';
+import { WidgetAction } from '../reducer';
+import { OAuthMFAEventEmit, OAuthMFAEventOnReceived } from '@magic-sdk/types';
+import { useWidgetConfig } from './WidgetConfigContext';
+import { OAuthProvider } from '../extension';
+
+type OAuthPopupHandle = ReturnType<ReturnType<typeof getExtensionInstance>['loginWithPopup']>;
+
+interface OAuthLoginContextValue {
+  startOAuthLogin: (provider: OAuthProvider) => void;
+  submitMFA: (totp: string) => void;
+  lostDevice: () => void;
+  submitRecoveryCode: (recoveryCode: string) => void;
+  cancelLogin: () => void;
+  isMfaActive: boolean;
+}
+
+const OAuthLoginContext = createContext<OAuthLoginContextValue | null>(null);
+
+interface OAuthLoginProviderProps {
+  children: ReactNode;
+  dispatch: React.Dispatch<WidgetAction>;
+}
+
+export function OAuthLoginProvider({ children, dispatch }: OAuthLoginProviderProps) {
+  const { handleSuccess, handleError } = useWidgetConfig();
+
+  const handleRef = useRef<OAuthPopupHandle | null>(null);
+  const [isMfaActive, setIsMfaActive] = useState(false);
+
+  const startOAuthLogin = useCallback(
+    (provider: OAuthProvider) => {
+      try {
+        const extension = getExtensionInstance();
+        const handle = extension.loginWithPopup(provider);
+        handleRef.current = handle;
+
+        // MFA Events
+        handle.on(OAuthMFAEventOnReceived.MfaSentHandle, () => {
+          setIsMfaActive(true);
+          dispatch({ type: 'MFA_REQUIRED' });
+        });
+
+        handle.on(OAuthMFAEventOnReceived.InvalidMfaOtp, () => {
+          dispatch({ type: 'MFA_INVALID' });
+        });
+
+        handle.on(OAuthMFAEventOnReceived.InvalidRecoveryCode, () => {
+          dispatch({ type: 'RECOVERY_CODE_INVALID' });
+        });
+
+        handle.on(OAuthMFAEventOnReceived.RecoveryCodeSentHandle, () => {
+          dispatch({ type: 'LOST_DEVICE' });
+        });
+
+        handle.on(OAuthMFAEventOnReceived.RecoveryCodeSuccess, () => {
+          // Recovery code accepted — login will resolve via the promise handler
+        });
+
+        // Handle Promise Resolution
+        handle
+          .then((result: OAuthRedirectResult | OAuthRedirectError) => {
+            if ((result as OAuthRedirectError).error) {
+              const errorResult = result as OAuthRedirectError;
+              const errorInstance = new Error(errorResult.error_description || errorResult.error);
+              dispatch({ type: 'LOGIN_ERROR', error: errorInstance.message });
+              handleError(errorInstance);
+              return;
+            }
+
+            const oauthResult = result as OAuthRedirectResult;
+            dispatch({ type: 'LOGIN_SUCCESS' });
+            handleSuccess({
+              method: 'oauth',
+              magic: oauthResult.magic,
+              oauth: oauthResult.oauth,
+            });
+          })
+          .catch((error: any) => {
+            const errorInstance = error instanceof Error ? error : new Error(error?.message || 'OAuth login failed');
+            const msg = (errorInstance.message || '').toLowerCase();
+
+            // If user closed the popup or denied access, go back to login (not an error)
+            if (
+              msg.includes('user rejected') ||
+              msg.includes('user denied') ||
+              msg.includes('access_denied') ||
+              msg.includes('user closed') ||
+              msg.includes('popup closed') ||
+              msg.includes('cancelled') ||
+              msg.includes('canceled')
+            ) {
+              handleRef.current = null;
+              setIsMfaActive(false);
+              dispatch({ type: 'GO_TO_LOGIN' });
+              return;
+            }
+
+            dispatch({ type: 'LOGIN_ERROR', error: errorInstance.message });
+            handleError(errorInstance);
+          });
+      } catch (error) {
+        const errorInstance = error instanceof Error ? error : new Error('Failed to start OAuth login');
+        dispatch({ type: 'LOGIN_ERROR', error: errorInstance.message });
+        handleError(errorInstance);
+      }
+    },
+    [dispatch, handleSuccess, handleError, setIsMfaActive],
+  );
+
+  const submitMFA = useCallback(
+    (totp: string) => {
+      if (handleRef.current) {
+        dispatch({ type: 'MFA_VERIFYING' });
+        handleRef.current.emit(OAuthMFAEventEmit.VerifyMFACode, totp);
+      }
+    },
+    [dispatch],
+  );
+
+  const lostDevice = useCallback(() => {
+    if (handleRef.current) {
+      dispatch({ type: 'LOST_DEVICE' });
+      handleRef.current.emit(OAuthMFAEventEmit.LostDevice);
+    }
+  }, [dispatch]);
+
+  const submitRecoveryCode = useCallback(
+    (recoveryCode: string) => {
+      if (handleRef.current) {
+        dispatch({ type: 'RECOVERY_CODE_VERIFYING' });
+        handleRef.current.emit(OAuthMFAEventEmit.VerifyRecoveryCode, recoveryCode);
+      }
+    },
+    [dispatch],
+  );
+
+  const cancelLogin = useCallback(() => {
+    if (handleRef.current) {
+      handleRef.current.emit(OAuthMFAEventEmit.Cancel);
+    }
+    handleRef.current = null;
+    setIsMfaActive(false);
+    dispatch({ type: 'GO_TO_LOGIN' });
+  }, [dispatch, setIsMfaActive]);
+
+  const value: OAuthLoginContextValue = {
+    startOAuthLogin,
+    submitMFA,
+    lostDevice,
+    submitRecoveryCode,
+    cancelLogin,
+    isMfaActive,
+  };
+
+  return <OAuthLoginContext.Provider value={value}>{children}</OAuthLoginContext.Provider>;
+}
+
+export function useOAuthLogin(): OAuthLoginContextValue {
+  const context = useContext(OAuthLoginContext);
+  if (!context) {
+    throw new Error('useOAuthLogin must be used within an OAuthLoginProvider');
+  }
+  return context;
+}
diff --git a/packages/@magic-ext/wallet-kit/src/context/index.ts b/packages/@magic-ext/wallet-kit/src/context/index.ts
index b46b4fa2b..f6591cafc 100644
--- a/packages/@magic-ext/wallet-kit/src/context/index.ts
+++ b/packages/@magic-ext/wallet-kit/src/context/index.ts
@@ -1,2 +1,3 @@
 export { EmailLoginProvider, useEmailLogin } from './EmailLoginContext';
+export { OAuthLoginProvider, useOAuthLogin } from './OAuthLoginContext';
 export { WidgetConfigProvider, useWidgetConfig } from './WidgetConfigContext';
\ No newline at end of file
diff --git a/packages/@magic-ext/wallet-kit/src/extension.ts b/packages/@magic-ext/wallet-kit/src/extension.ts
index e434c8922..0ece76472 100644
--- a/packages/@magic-ext/wallet-kit/src/extension.ts
+++ b/packages/@magic-ext/wallet-kit/src/extension.ts
@@ -5,6 +5,8 @@ import {
   LocalStorageKeys,
   MagicPayloadMethod,
   MagicThirdPartyWalletUpdate,
+  OAuthMFAEventEmit,
+  OAuthPopupEventHandlers,
   RPCErrorCode,
 } from '@magic-sdk/types';
 import { getAccount, getConnectorClient, reconnect, watchAccount } from '@wagmi/core';
@@ -480,27 +482,39 @@ export class WalletKitExtension extends Extension.Internal<'walletKit'> {
 
   /**
    * Login with OAuth popup.
-   * Opens a popup for the specified OAuth provider and returns the result.
+   * Opens a popup for the specified OAuth provider and returns a PromiEvent handle.
+   * The handle emits MFA events when the user has MFA enabled.
    */
-  public async loginWithPopup(provider: OAuthProvider): Promise<OAuthRedirectResult> {
+  public loginWithPopup(provider: OAuthProvider) {
     const requestPayload = this.utils.createJsonRpcRequestPayload(OAuthPayloadMethod.Popup, [
       {
         provider,
+        showUI: false,
         returnTo: window.location.href,
         apiKey: this.sdk.apiKey,
         platform: 'web',
       },
     ]);
 
-    const result = await this.request<OAuthRedirectResult | OAuthRedirectError>(requestPayload);
+    const handle = this.request<OAuthRedirectResult | OAuthRedirectError, OAuthPopupEventHandlers>(requestPayload);
 
-    // Check if the result is an error
-    if ((result as OAuthRedirectError).error) {
-      const errorResult = result as OAuthRedirectError;
-      throw new Error(errorResult.error_description || errorResult.error);
-    }
+    handle.on(OAuthMFAEventEmit.VerifyMFACode, (mfa: string) => {
+      this.createIntermediaryEvent(OAuthMFAEventEmit.VerifyMFACode, requestPayload.id as string)(mfa);
+    });
 
-    return result as OAuthRedirectResult;
+    handle.on(OAuthMFAEventEmit.LostDevice, () => {
+      this.createIntermediaryEvent(OAuthMFAEventEmit.LostDevice, requestPayload.id as string)();
+    });
+
+    handle.on(OAuthMFAEventEmit.VerifyRecoveryCode, (recoveryCode: string) => {
+      this.createIntermediaryEvent(OAuthMFAEventEmit.VerifyRecoveryCode, requestPayload.id as string)(recoveryCode);
+    });
+
+    handle.on(OAuthMFAEventEmit.Cancel, () => {
+      this.createIntermediaryEvent(OAuthMFAEventEmit.Cancel, requestPayload.id as string)();
+    });
+
+    return handle;
   }
 
   /**
diff --git a/packages/@magic-ext/wallet-kit/src/hooks/useMfa.ts b/packages/@magic-ext/wallet-kit/src/hooks/useMfa.ts
new file mode 100644
index 000000000..7402deb80
--- /dev/null
+++ b/packages/@magic-ext/wallet-kit/src/hooks/useMfa.ts
@@ -0,0 +1,32 @@
+import { useEmailLogin } from '../context/EmailLoginContext';
+import { useOAuthLogin } from '../context/OAuthLoginContext';
+
+interface UseMfaResult {
+  submitMFA: (totp: string) => void;
+  lostDevice: () => void;
+  submitRecoveryCode: (recoveryCode: string) => void;
+  cancelLogin: () => void;
+}
+
+export function useMfa(): UseMfaResult {
+  const oauthContext = useOAuthLogin();
+  const emailContext = useEmailLogin();
+
+  // If the OAuth context has an active MFA flow, use it
+  if (oauthContext.isMfaActive) {
+    return {
+      submitMFA: oauthContext.submitMFA,
+      lostDevice: oauthContext.lostDevice,
+      submitRecoveryCode: oauthContext.submitRecoveryCode,
+      cancelLogin: oauthContext.cancelLogin,
+    };
+  }
+
+  // Default to the email login context
+  return {
+    submitMFA: emailContext.submitMFA,
+    lostDevice: emailContext.lostDevice,
+    submitRecoveryCode: emailContext.submitRecoveryCode,
+    cancelLogin: emailContext.cancelLogin,
+  };
+}
diff --git a/packages/@magic-ext/wallet-kit/src/hooks/useOAuthLogin.ts b/packages/@magic-ext/wallet-kit/src/hooks/useOAuthLogin.ts
deleted file mode 100644
index b818f9b90..000000000
--- a/packages/@magic-ext/wallet-kit/src/hooks/useOAuthLogin.ts
+++ /dev/null
@@ -1,59 +0,0 @@
-import { useCallback, useState } from 'react';
-import { getExtensionInstance, OAuthProvider, OAuthRedirectResult } from '../extension';
-import { useWidgetConfig } from '../context/WidgetConfigContext';
-
-export interface UseOAuthLoginResult {
-  performOAuthLogin: (provider: OAuthProvider) => Promise<OAuthRedirectResult>;
-  isLoading: boolean;
-  error: Error | null;
-  isSuccess: boolean;
-  result: OAuthRedirectResult | null;
-}
-
-export function useOAuthLogin(): UseOAuthLoginResult {
-  const { handleSuccess, handleError } = useWidgetConfig();
-  const [isLoading, setIsLoading] = useState(false);
-  const [error, setError] = useState<Error | null>(null);
-  const [isSuccess, setIsSuccess] = useState(false);
-  const [result, setResult] = useState<OAuthRedirectResult | null>(null);
-
-  const performOAuthLogin = useCallback(
-    async (provider: OAuthProvider): Promise<OAuthRedirectResult> => {
-      setIsLoading(true);
-      setError(null);
-      setIsSuccess(false);
-      setResult(null);
-
-      try {
-        const extension = getExtensionInstance();
-        const oauthResult = await extension.loginWithPopup(provider);
-
-        setIsSuccess(true);
-        setResult(oauthResult);
-        setIsLoading(false);
-        handleSuccess({
-          method: 'oauth',
-          magic: oauthResult.magic,
-          oauth: oauthResult.oauth,
-        });
-
-        return oauthResult;
-      } catch (err) {
-        const errorInstance = err instanceof Error ? err : new Error('OAuth login failed');
-        setError(errorInstance);
-        setIsLoading(false);
-        handleError(errorInstance);
-        throw errorInstance;
-      }
-    },
-    [handleSuccess, handleError],
-  );
-
-  return {
-    performOAuthLogin,
-    isLoading,
-    error,
-    isSuccess,
-    result,
-  };
-}
diff --git a/packages/@magic-ext/wallet-kit/src/views/MfaView.tsx b/packages/@magic-ext/wallet-kit/src/views/MfaView.tsx
index 68282f255..5db3efa04 100644
--- a/packages/@magic-ext/wallet-kit/src/views/MfaView.tsx
+++ b/packages/@magic-ext/wallet-kit/src/views/MfaView.tsx
@@ -3,7 +3,7 @@ import { VStack } from '@styled/jsx';
 import { token } from '@styled/tokens';
 import React from 'react';
 import WidgetHeader from '../components/WidgetHeader';
-import { useEmailLogin } from '../context';
+import { useMfa } from '../hooks/useMfa';
 import { WidgetAction, WidgetState } from '../reducer';
 
 interface MFAViewProps {
@@ -12,7 +12,7 @@ interface MFAViewProps {
 }
 
 export const MFAView = ({ state, dispatch }: MFAViewProps) => {
-  const { submitMFA, cancelLogin, lostDevice } = useEmailLogin();
+  const { submitMFA, cancelLogin, lostDevice } = useMfa();
   const { emailLoginStatus, error } = state;
 
   const isVerifying = emailLoginStatus === 'mfa_verifying';
diff --git a/packages/@magic-ext/wallet-kit/src/views/OAuthPendingView.tsx b/packages/@magic-ext/wallet-kit/src/views/OAuthPendingView.tsx
index 0de286505..2c47d35d5 100644
--- a/packages/@magic-ext/wallet-kit/src/views/OAuthPendingView.tsx
+++ b/packages/@magic-ext/wallet-kit/src/views/OAuthPendingView.tsx
@@ -3,7 +3,7 @@ import { getProviderConfig } from '../lib/provider-config';
 import { WidgetAction } from '../reducer';
 import { OAuthProvider } from '../types';
 import { Pending } from '../components/Pending';
-import { useOAuthLogin } from '../hooks/useOAuthLogin';
+import { useOAuthLogin } from '../context/OAuthLoginContext';
 import { OAuthProvider as ExtensionOAuthProvider, getExtensionInstance } from '../extension';
 import { DARK_MODE_ICON_OVERRIDES } from '../constants';
 
@@ -17,53 +17,23 @@ export const OAuthPendingView = ({ provider, dispatch }: OAuthPendingViewProps)
   const config = getExtensionInstance().getConfig();
   const isDarkMode = config?.theme.themeColor === 'dark';
   const Icon = (isDarkMode && DARK_MODE_ICON_OVERRIDES[provider]) || DefaultIcon;
-  const { performOAuthLogin, isLoading, error: oauthError, isSuccess } = useOAuthLogin();
+  const { startOAuthLogin } = useOAuthLogin();
   const loginAttempted = useRef(false);
   const [errorMessage, setErrorMessage] = useState<string | null>(null);
+  const [isPending, setIsPending] = useState(true);
 
   useEffect(() => {
     if (!loginAttempted.current) {
       loginAttempted.current = true;
 
-      performOAuthLogin(provider as ExtensionOAuthProvider).catch(err => {
-        const errorMessage = (err?.message || '').toLowerCase();
-
-        // If user closed the popup or denied access, go back to login (not an error)
-        if (
-          errorMessage.includes('user rejected') ||
-          errorMessage.includes('user denied') ||
-          errorMessage.includes('access_denied') ||
-          errorMessage.includes('user closed') ||
-          errorMessage.includes('popup closed') ||
-          errorMessage.includes('cancelled') ||
-          errorMessage.includes('canceled')
-        ) {
-          dispatch({ type: 'GO_TO_LOGIN' });
-          return;
-        }
-
+      try {
+        startOAuthLogin(provider as ExtensionOAuthProvider);
+      } catch (err: any) {
         setErrorMessage(err?.message || 'OAuth login failed');
-      });
-    }
-  }, [performOAuthLogin, provider, dispatch]);
-
-  useEffect(() => {
-    if (oauthError && loginAttempted.current) {
-      const errorMessage = (oauthError.message || '').toLowerCase();
-      // Don't show user cancellation as an error
-      if (
-        !errorMessage.includes('user rejected') &&
-        !errorMessage.includes('user denied') &&
-        !errorMessage.includes('access_denied') &&
-        !errorMessage.includes('cancelled') &&
-        !errorMessage.includes('canceled')
-      ) {
-        setErrorMessage(oauthError.message);
+        setIsPending(false);
       }
     }
-  }, [oauthError]);
-
-  const isPending = !errorMessage && (isLoading || (!isSuccess && !oauthError));
+  }, [startOAuthLogin, provider]);
 
   return (
     <Pending
@@ -71,7 +41,7 @@ export const OAuthPendingView = ({ provider, dispatch }: OAuthPendingViewProps)
       title={title}
       description={description}
       Icon={Icon}
-      isPending={isPending}
+      isPending={isPending && !errorMessage}
       errorMessage={errorMessage}
     />
   );
diff --git a/packages/@magic-ext/wallet-kit/src/views/RecoveryCode.tsx b/packages/@magic-ext/wallet-kit/src/views/RecoveryCode.tsx
index fdc118ad4..057303b27 100644
--- a/packages/@magic-ext/wallet-kit/src/views/RecoveryCode.tsx
+++ b/packages/@magic-ext/wallet-kit/src/views/RecoveryCode.tsx
@@ -3,7 +3,7 @@ import { Center, VStack } from '@styled/jsx';
 import { token } from '@styled/tokens';
 import React, { useEffect } from 'react';
 import WidgetHeader from '../components/WidgetHeader';
-import { useEmailLogin } from '../context';
+import { useMfa } from '../hooks/useMfa';
 import { WidgetAction, WidgetState } from '../reducer';
 
 interface RecoveryCodeViewProps {
@@ -12,7 +12,7 @@ interface RecoveryCodeViewProps {
 }
 
 export const RecoveryCodeView = ({ state, dispatch }: RecoveryCodeViewProps) => {
-  const { submitRecoveryCode } = useEmailLogin();
+  const { submitRecoveryCode } = useMfa();
   const { emailLoginStatus, error } = state;
 
   const isVerifying = emailLoginStatus === 'recovery_code_verifying';
diff --git a/packages/@magic-sdk/types/src/modules/oauth-types.ts b/packages/@magic-sdk/types/src/modules/oauth-types.ts
index 4cd840c30..28afc767c 100644
--- a/packages/@magic-sdk/types/src/modules/oauth-types.ts
+++ b/packages/@magic-sdk/types/src/modules/oauth-types.ts
@@ -43,4 +43,4 @@ export type OAuthPopupEventHandlers = {
 } & OAuthMFAEventHandlers;
 
 // Redirect-specific handler type
-export type OAuthRedirectEventHandlers = OAuthMFAEventHandlers;
+export type OAuthGetResultEventHandlers = OAuthMFAEventHandlers;

From 666591f4bf1388a8212d82bb2c6f39de681d210a Mon Sep 17 00:00:00 2001
From: sherzod-bakhodirov <sherzod.bakhodirov@magic-ext.com>
Date: Wed, 18 Feb 2026 18:11:34 +0500
Subject: [PATCH 3/9] chore: update yarn.lock

---
 yarn.lock | 72 +++++++++++++++++++++++++++----------------------------
 1 file changed, 36 insertions(+), 36 deletions(-)

diff --git a/yarn.lock b/yarn.lock
index 7ad20b526..66aede8ba 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -3299,7 +3299,7 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "@magic-ext/algorand@workspace:packages/@magic-ext/algorand"
   dependencies:
-    "@magic-sdk/provider": ^33.4.0
+    "@magic-sdk/provider": ^33.4.1
   languageName: unknown
   linkType: soft
 
@@ -3308,7 +3308,7 @@ __metadata:
   resolution: "@magic-ext/aptos@workspace:packages/@magic-ext/aptos"
   dependencies:
     "@aptos-labs/wallet-adapter-core": ^7.10.1
-    "@magic-sdk/provider": ^33.4.0
+    "@magic-sdk/provider": ^33.4.1
     aptos: ^1.22.1
   peerDependencies:
     "@aptos-labs/wallet-adapter-core": ^7.10.1
@@ -3320,7 +3320,7 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "@magic-ext/avalanche@workspace:packages/@magic-ext/avalanche"
   dependencies:
-    "@magic-sdk/provider": ^33.4.0
+    "@magic-sdk/provider": ^33.4.1
   languageName: unknown
   linkType: soft
 
@@ -3328,7 +3328,7 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "@magic-ext/bitcoin@workspace:packages/@magic-ext/bitcoin"
   dependencies:
-    "@magic-sdk/provider": ^33.4.0
+    "@magic-sdk/provider": ^33.4.1
   languageName: unknown
   linkType: soft
 
@@ -3336,7 +3336,7 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "@magic-ext/conflux@workspace:packages/@magic-ext/conflux"
   dependencies:
-    "@magic-sdk/provider": ^33.4.0
+    "@magic-sdk/provider": ^33.4.1
   languageName: unknown
   linkType: soft
 
@@ -3344,7 +3344,7 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "@magic-ext/cosmos@workspace:packages/@magic-ext/cosmos"
   dependencies:
-    "@magic-sdk/provider": ^33.4.0
+    "@magic-sdk/provider": ^33.4.1
   languageName: unknown
   linkType: soft
 
@@ -3352,7 +3352,7 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "@magic-ext/ed25519@workspace:packages/@magic-ext/ed25519"
   dependencies:
-    "@magic-sdk/provider": ^33.4.0
+    "@magic-sdk/provider": ^33.4.1
   languageName: unknown
   linkType: soft
 
@@ -3360,7 +3360,7 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "@magic-ext/evm@workspace:packages/@magic-ext/evm"
   dependencies:
-    "@magic-sdk/provider": ^33.4.0
+    "@magic-sdk/provider": ^33.4.1
     "@magic-sdk/types": ^27.4.0
   languageName: unknown
   linkType: soft
@@ -3369,7 +3369,7 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "@magic-ext/farcaster@workspace:packages/@magic-ext/farcaster"
   dependencies:
-    "@magic-sdk/provider": ^33.4.0
+    "@magic-sdk/provider": ^33.4.1
     "@magic-sdk/types": ^27.4.0
   languageName: unknown
   linkType: soft
@@ -3378,7 +3378,7 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "@magic-ext/flow@workspace:packages/@magic-ext/flow"
   dependencies:
-    "@magic-sdk/provider": ^33.4.0
+    "@magic-sdk/provider": ^33.4.1
     "@onflow/fcl": ^1.4.1
     "@onflow/types": ^1.1.0
   peerDependencies:
@@ -3391,7 +3391,7 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "@magic-ext/gdkms@workspace:packages/@magic-ext/gdkms"
   dependencies:
-    "@magic-sdk/provider": ^33.4.0
+    "@magic-sdk/provider": ^33.4.1
     "@magic-sdk/types": ^27.4.0
   languageName: unknown
   linkType: soft
@@ -3400,7 +3400,7 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "@magic-ext/harmony@workspace:packages/@magic-ext/harmony"
   dependencies:
-    "@magic-sdk/provider": ^33.4.0
+    "@magic-sdk/provider": ^33.4.1
   languageName: unknown
   linkType: soft
 
@@ -3408,7 +3408,7 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "@magic-ext/hedera@workspace:packages/@magic-ext/hedera"
   dependencies:
-    "@magic-sdk/provider": ^33.4.0
+    "@magic-sdk/provider": ^33.4.1
   peerDependencies:
     "@hashgraph/sdk": ^2.31.0
   languageName: unknown
@@ -3418,7 +3418,7 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "@magic-ext/icon@workspace:packages/@magic-ext/icon"
   dependencies:
-    "@magic-sdk/provider": ^33.4.0
+    "@magic-sdk/provider": ^33.4.1
   languageName: unknown
   linkType: soft
 
@@ -3426,7 +3426,7 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "@magic-ext/kadena@workspace:packages/@magic-ext/kadena"
   dependencies:
-    "@magic-sdk/provider": ^33.4.0
+    "@magic-sdk/provider": ^33.4.1
   languageName: unknown
   linkType: soft
 
@@ -3434,7 +3434,7 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "@magic-ext/near@workspace:packages/@magic-ext/near"
   dependencies:
-    "@magic-sdk/provider": ^33.4.0
+    "@magic-sdk/provider": ^33.4.1
   languageName: unknown
   linkType: soft
 
@@ -3442,7 +3442,7 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "@magic-ext/oauth2@workspace:packages/@magic-ext/oauth2"
   dependencies:
-    "@magic-sdk/provider": ^33.4.0
+    "@magic-sdk/provider": ^33.4.1
     "@types/crypto-js": 4.2.0
     crypto-js: ^4.2.0
   languageName: unknown
@@ -3452,7 +3452,7 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "@magic-ext/oidc@workspace:packages/@magic-ext/oidc"
   dependencies:
-    "@magic-sdk/provider": ^33.4.0
+    "@magic-sdk/provider": ^33.4.1
   languageName: unknown
   linkType: soft
 
@@ -3460,7 +3460,7 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "@magic-ext/polkadot@workspace:packages/@magic-ext/polkadot"
   dependencies:
-    "@magic-sdk/provider": ^33.4.0
+    "@magic-sdk/provider": ^33.4.1
   languageName: unknown
   linkType: soft
 
@@ -3468,7 +3468,7 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "@magic-ext/react-native-bare-oauth@workspace:packages/@magic-ext/react-native-bare-oauth"
   dependencies:
-    "@magic-sdk/react-native-bare": ^34.2.0
+    "@magic-sdk/react-native-bare": ^34.2.1
     "@magic-sdk/types": ^27.4.0
     react-native-inappbrowser-reborn: ^3.7.0
   peerDependencies:
@@ -3481,7 +3481,7 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "@magic-ext/react-native-expo-oauth@workspace:packages/@magic-ext/react-native-expo-oauth"
   dependencies:
-    "@magic-sdk/react-native-expo": ^34.2.0
+    "@magic-sdk/react-native-expo": ^34.2.1
     "@magic-sdk/types": ^27.4.0
     "@react-native-async-storage/async-storage": ^2.1.2
     "@types/crypto-js": ~4.2.0
@@ -3497,7 +3497,7 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "@magic-ext/siwe@workspace:packages/@magic-ext/siwe"
   dependencies:
-    "@magic-sdk/provider": ^33.4.0
+    "@magic-sdk/provider": ^33.4.1
     ethers: ^6.0.0
     siwe: ^3.0.0
   peerDependencies:
@@ -3509,7 +3509,7 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "@magic-ext/solana@workspace:packages/@magic-ext/solana"
   dependencies:
-    "@magic-sdk/provider": ^33.4.0
+    "@magic-sdk/provider": ^33.4.1
     "@solana/web3.js": ^1.87.2
   peerDependencies:
     "@solana/web3.js": ^1.87.2
@@ -3520,7 +3520,7 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "@magic-ext/sui@workspace:packages/@magic-ext/sui"
   dependencies:
-    "@magic-sdk/provider": ^33.4.0
+    "@magic-sdk/provider": ^33.4.1
   languageName: unknown
   linkType: soft
 
@@ -3528,7 +3528,7 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "@magic-ext/taquito@workspace:packages/@magic-ext/taquito"
   dependencies:
-    "@magic-sdk/provider": ^33.4.0
+    "@magic-sdk/provider": ^33.4.1
   languageName: unknown
   linkType: soft
 
@@ -3536,7 +3536,7 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "@magic-ext/terra@workspace:packages/@magic-ext/terra"
   dependencies:
-    "@magic-sdk/provider": ^33.4.0
+    "@magic-sdk/provider": ^33.4.1
   languageName: unknown
   linkType: soft
 
@@ -3544,7 +3544,7 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "@magic-ext/tezos@workspace:packages/@magic-ext/tezos"
   dependencies:
-    "@magic-sdk/provider": ^33.4.0
+    "@magic-sdk/provider": ^33.4.1
   languageName: unknown
   linkType: soft
 
@@ -3552,7 +3552,7 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "@magic-ext/wallet-kit@workspace:packages/@magic-ext/wallet-kit"
   dependencies:
-    "@magic-sdk/provider": ^33.4.0
+    "@magic-sdk/provider": ^33.4.1
     "@magic-sdk/types": ^27.4.0
     "@magiclabs/ui-components": ^1.49.3
     "@pandacss/dev": ^0.35.0
@@ -3586,7 +3586,7 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "@magic-ext/webauthn@workspace:packages/@magic-ext/webauthn"
   dependencies:
-    "@magic-sdk/provider": ^33.4.0
+    "@magic-sdk/provider": ^33.4.1
   languageName: unknown
   linkType: soft
 
@@ -3594,11 +3594,11 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "@magic-ext/zilliqa@workspace:packages/@magic-ext/zilliqa"
   dependencies:
-    "@magic-sdk/provider": ^33.4.0
+    "@magic-sdk/provider": ^33.4.1
   languageName: unknown
   linkType: soft
 
-"@magic-sdk/provider@^33.4.0, @magic-sdk/provider@workspace:packages/@magic-sdk/provider":
+"@magic-sdk/provider@^33.4.1, @magic-sdk/provider@workspace:packages/@magic-sdk/provider":
   version: 0.0.0-use.local
   resolution: "@magic-sdk/provider@workspace:packages/@magic-sdk/provider"
   dependencies:
@@ -3612,12 +3612,12 @@ __metadata:
   languageName: unknown
   linkType: soft
 
-"@magic-sdk/react-native-bare@^34.2.0, @magic-sdk/react-native-bare@workspace:packages/@magic-sdk/react-native-bare":
+"@magic-sdk/react-native-bare@^34.2.1, @magic-sdk/react-native-bare@workspace:packages/@magic-sdk/react-native-bare":
   version: 0.0.0-use.local
   resolution: "@magic-sdk/react-native-bare@workspace:packages/@magic-sdk/react-native-bare"
   dependencies:
     "@aveq-research/localforage-asyncstorage-driver": ^3.0.1
-    "@magic-sdk/provider": ^33.4.0
+    "@magic-sdk/provider": ^33.4.1
     "@magic-sdk/types": ^27.4.0
     "@magiclabs/react-native-device-crypto": ^0.1.1
     "@react-native-async-storage/async-storage": ^2.1.2
@@ -3653,12 +3653,12 @@ __metadata:
   languageName: unknown
   linkType: soft
 
-"@magic-sdk/react-native-expo@^34.2.0, @magic-sdk/react-native-expo@workspace:packages/@magic-sdk/react-native-expo":
+"@magic-sdk/react-native-expo@^34.2.1, @magic-sdk/react-native-expo@workspace:packages/@magic-sdk/react-native-expo":
   version: 0.0.0-use.local
   resolution: "@magic-sdk/react-native-expo@workspace:packages/@magic-sdk/react-native-expo"
   dependencies:
     "@aveq-research/localforage-asyncstorage-driver": ^3.0.1
-    "@magic-sdk/provider": ^33.4.0
+    "@magic-sdk/provider": ^33.4.1
     "@magic-sdk/types": ^27.4.0
     "@react-native-async-storage/async-storage": ^1.15.5
     "@react-native-community/netinfo": ">11.0.0"
@@ -19221,7 +19221,7 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "magic-sdk@workspace:packages/magic-sdk"
   dependencies:
-    "@magic-sdk/provider": ^33.4.0
+    "@magic-sdk/provider": ^33.4.1
     "@magic-sdk/types": ^27.4.0
     localforage: ^1.7.4
   languageName: unknown

From 739cd2db4360efe11ef962906eec85a0028cc9e4 Mon Sep 17 00:00:00 2001
From: sherzod-bakhodirov <sherzod.bakhodirov@magic-ext.com>
Date: Thu, 19 Feb 2026 07:04:21 +0500
Subject: [PATCH 4/9] fix: properly display OAuth errors in pending view and
 clean up handles

---
 packages/@magic-ext/oauth2/src/index.ts       | 54 +++++++------
 .../@magic-ext/wallet-kit/src/MagicWidget.tsx |  1 +
 .../src/context/OAuthLoginContext.tsx         | 26 +++++++
 .../@magic-ext/wallet-kit/src/extension.ts    | 75 ++++++++++++++-----
 .../wallet-kit/src/views/OAuthPendingView.tsx | 23 +++---
 5 files changed, 125 insertions(+), 54 deletions(-)

diff --git a/packages/@magic-ext/oauth2/src/index.ts b/packages/@magic-ext/oauth2/src/index.ts
index 992f9625e..70f0cb30e 100644
--- a/packages/@magic-ext/oauth2/src/index.ts
+++ b/packages/@magic-ext/oauth2/src/index.ts
@@ -125,30 +125,38 @@ export class OAuthExtension extends Extension.Internal<'oauth2'> {
         }
 
         if (!showUI) {
-          oauthPopupRequest.on(OAuthMFAEventOnReceived.MfaSentHandle, (...args) => {
-            promiEvent.emit(OAuthMFAEventOnReceived.MfaSentHandle, ...args);
+          oauthPopupRequest.on(OAuthMFAEventOnReceived.MfaSentHandle, () => {
+            promiEvent.emit(OAuthMFAEventOnReceived.MfaSentHandle);
           });
-          oauthPopupRequest.on(OAuthMFAEventOnReceived.InvalidMfaOtp, (...args) => {
-            promiEvent.emit(OAuthMFAEventOnReceived.InvalidMfaOtp, ...args);
+          oauthPopupRequest.on(OAuthMFAEventOnReceived.InvalidMfaOtp, () => {
+            promiEvent.emit(OAuthMFAEventOnReceived.InvalidMfaOtp);
           });
-          oauthPopupRequest.on(OAuthMFAEventOnReceived.RecoveryCodeSentHandle, (...args) => {
-            promiEvent.emit(OAuthMFAEventOnReceived.RecoveryCodeSentHandle, ...args);
+          oauthPopupRequest.on(OAuthMFAEventOnReceived.RecoveryCodeSentHandle, () => {
+            promiEvent.emit(OAuthMFAEventOnReceived.RecoveryCodeSentHandle);
           });
-          oauthPopupRequest.on(OAuthMFAEventOnReceived.InvalidRecoveryCode, (...args) => {
-            promiEvent.emit(OAuthMFAEventOnReceived.InvalidRecoveryCode, ...args);
+          oauthPopupRequest.on(OAuthMFAEventOnReceived.InvalidRecoveryCode, () => {
+            promiEvent.emit(OAuthMFAEventOnReceived.InvalidRecoveryCode);
           });
-          oauthPopupRequest.on(OAuthMFAEventOnReceived.RecoveryCodeSuccess, (...args) => {
-            promiEvent.emit(OAuthMFAEventOnReceived.RecoveryCodeSuccess, ...args);
+          oauthPopupRequest.on(OAuthMFAEventOnReceived.RecoveryCodeSuccess, () => {
+            promiEvent.emit(OAuthMFAEventOnReceived.RecoveryCodeSuccess);
           });
         }
 
         const result = await oauthPopupRequest;
         window.removeEventListener('message', redirectEvent);
 
-        if ((result as OAuthRedirectError).error) {
-          reject(result);
+        const maybeResult = result as OAuthRedirectResult;
+        const maybeError = result as OAuthRedirectError;
+
+        if (maybeError.error) {
+          reject(
+            this.createError<OAuthErrorData>(maybeError.error, maybeError.error_description ?? 'An error occurred.', {
+              errorURI: maybeError.error_uri,
+              provider: maybeError.provider,
+            }),
+          );
         } else {
-          resolve(result as OAuthRedirectResult);
+          resolve(maybeResult);
         }
       } catch (error) {
         reject(error);
@@ -191,20 +199,20 @@ export class OAuthExtension extends Extension.Internal<'oauth2'> {
         );
 
         if (!showUI) {
-          getResultRequest.on(OAuthMFAEventOnReceived.MfaSentHandle, (...args) => {
-            promiEvent.emit(OAuthMFAEventOnReceived.MfaSentHandle, ...args);
+          getResultRequest.on(OAuthMFAEventOnReceived.MfaSentHandle, () => {
+            promiEvent.emit(OAuthMFAEventOnReceived.MfaSentHandle);
           });
-          getResultRequest.on(OAuthMFAEventOnReceived.InvalidMfaOtp, (...args) => {
-            promiEvent.emit(OAuthMFAEventOnReceived.InvalidMfaOtp, ...args);
+          getResultRequest.on(OAuthMFAEventOnReceived.InvalidMfaOtp, () => {
+            promiEvent.emit(OAuthMFAEventOnReceived.InvalidMfaOtp);
           });
-          getResultRequest.on(OAuthMFAEventOnReceived.RecoveryCodeSentHandle, (...args) => {
-            promiEvent.emit(OAuthMFAEventOnReceived.RecoveryCodeSentHandle, ...args);
+          getResultRequest.on(OAuthMFAEventOnReceived.RecoveryCodeSentHandle, () => {
+            promiEvent.emit(OAuthMFAEventOnReceived.RecoveryCodeSentHandle);
           });
-          getResultRequest.on(OAuthMFAEventOnReceived.InvalidRecoveryCode, (...args) => {
-            promiEvent.emit(OAuthMFAEventOnReceived.InvalidRecoveryCode, ...args);
+          getResultRequest.on(OAuthMFAEventOnReceived.InvalidRecoveryCode, () => {
+            promiEvent.emit(OAuthMFAEventOnReceived.InvalidRecoveryCode);
           });
-          getResultRequest.on(OAuthMFAEventOnReceived.RecoveryCodeSuccess, (...args) => {
-            promiEvent.emit(OAuthMFAEventOnReceived.RecoveryCodeSuccess, ...args);
+          getResultRequest.on(OAuthMFAEventOnReceived.RecoveryCodeSuccess, () => {
+            promiEvent.emit(OAuthMFAEventOnReceived.RecoveryCodeSuccess);
           });
         }
 
diff --git a/packages/@magic-ext/wallet-kit/src/MagicWidget.tsx b/packages/@magic-ext/wallet-kit/src/MagicWidget.tsx
index 8047b3cc3..463baa46b 100644
--- a/packages/@magic-ext/wallet-kit/src/MagicWidget.tsx
+++ b/packages/@magic-ext/wallet-kit/src/MagicWidget.tsx
@@ -80,6 +80,7 @@ function WidgetContent({
           <OAuthPendingView
             key={`oauth-${state.selectedProvider}`}
             provider={state.selectedProvider as OAuthProvider}
+            state={state}
             dispatch={dispatch}
           />
         );
diff --git a/packages/@magic-ext/wallet-kit/src/context/OAuthLoginContext.tsx b/packages/@magic-ext/wallet-kit/src/context/OAuthLoginContext.tsx
index 2ef001e58..3083f2bba 100644
--- a/packages/@magic-ext/wallet-kit/src/context/OAuthLoginContext.tsx
+++ b/packages/@magic-ext/wallet-kit/src/context/OAuthLoginContext.tsx
@@ -32,25 +32,35 @@ export function OAuthLoginProvider({ children, dispatch }: OAuthLoginProviderPro
   const startOAuthLogin = useCallback(
     (provider: OAuthProvider) => {
       try {
+        // Clean up any previous handle to prevent leaked listeners and stale dispatches
+        if (handleRef.current) {
+          handleRef.current.removeAllListeners();
+          handleRef.current = null;
+        }
+
         const extension = getExtensionInstance();
         const handle = extension.loginWithPopup(provider);
         handleRef.current = handle;
 
         // MFA Events
         handle.on(OAuthMFAEventOnReceived.MfaSentHandle, () => {
+          if (handleRef.current !== handle) return;
           setIsMfaActive(true);
           dispatch({ type: 'MFA_REQUIRED' });
         });
 
         handle.on(OAuthMFAEventOnReceived.InvalidMfaOtp, () => {
+          if (handleRef.current !== handle) return;
           dispatch({ type: 'MFA_INVALID' });
         });
 
         handle.on(OAuthMFAEventOnReceived.InvalidRecoveryCode, () => {
+          if (handleRef.current !== handle) return;
           dispatch({ type: 'RECOVERY_CODE_INVALID' });
         });
 
         handle.on(OAuthMFAEventOnReceived.RecoveryCodeSentHandle, () => {
+          if (handleRef.current !== handle) return;
           dispatch({ type: 'LOST_DEVICE' });
         });
 
@@ -61,11 +71,17 @@ export function OAuthLoginProvider({ children, dispatch }: OAuthLoginProviderPro
         // Handle Promise Resolution
         handle
           .then((result: OAuthRedirectResult | OAuthRedirectError) => {
+            if (handleRef.current !== handle) return;
+
             if ((result as OAuthRedirectError).error) {
               const errorResult = result as OAuthRedirectError;
               const errorInstance = new Error(errorResult.error_description || errorResult.error);
               dispatch({ type: 'LOGIN_ERROR', error: errorInstance.message });
               handleError(errorInstance);
+              // Clean up handle and listeners
+              handle.removeAllListeners();
+              handleRef.current = null;
+              setIsMfaActive(false);
               return;
             }
 
@@ -76,8 +92,14 @@ export function OAuthLoginProvider({ children, dispatch }: OAuthLoginProviderPro
               magic: oauthResult.magic,
               oauth: oauthResult.oauth,
             });
+            // Clean up handle and listeners
+            handle.removeAllListeners();
+            handleRef.current = null;
+            setIsMfaActive(false);
           })
           .catch((error: any) => {
+            if (handleRef.current !== handle) return;
+
             const errorInstance = error instanceof Error ? error : new Error(error?.message || 'OAuth login failed');
             const msg = (errorInstance.message || '').toLowerCase();
 
@@ -99,6 +121,10 @@ export function OAuthLoginProvider({ children, dispatch }: OAuthLoginProviderPro
 
             dispatch({ type: 'LOGIN_ERROR', error: errorInstance.message });
             handleError(errorInstance);
+            // Clean up handle and listeners
+            handle.removeAllListeners();
+            handleRef.current = null;
+            setIsMfaActive(false);
           });
       } catch (error) {
         const errorInstance = error instanceof Error ? error : new Error('Failed to start OAuth login');
diff --git a/packages/@magic-ext/wallet-kit/src/extension.ts b/packages/@magic-ext/wallet-kit/src/extension.ts
index 0ece76472..c9ef85fc8 100644
--- a/packages/@magic-ext/wallet-kit/src/extension.ts
+++ b/packages/@magic-ext/wallet-kit/src/extension.ts
@@ -1,4 +1,4 @@
-import { Extension, MagicRPCError, SDKBase, ViewController } from '@magic-sdk/provider';
+import { createPromiEvent, Extension, MagicRPCError, SDKBase, ViewController } from '@magic-sdk/provider';
 import {
   FarcasterLoginEventEmit,
   JsonRpcRequestPayload,
@@ -6,6 +6,8 @@ import {
   MagicPayloadMethod,
   MagicThirdPartyWalletUpdate,
   OAuthMFAEventEmit,
+  OAuthMFAEventOnReceived,
+  OAuthPopupEventEmit,
   OAuthPopupEventHandlers,
   RPCErrorCode,
 } from '@magic-sdk/types';
@@ -496,25 +498,64 @@ export class WalletKitExtension extends Extension.Internal<'walletKit'> {
       },
     ]);
 
-    const handle = this.request<OAuthRedirectResult | OAuthRedirectError, OAuthPopupEventHandlers>(requestPayload);
-
-    handle.on(OAuthMFAEventEmit.VerifyMFACode, (mfa: string) => {
-      this.createIntermediaryEvent(OAuthMFAEventEmit.VerifyMFACode, requestPayload.id as string)(mfa);
-    });
-
-    handle.on(OAuthMFAEventEmit.LostDevice, () => {
-      this.createIntermediaryEvent(OAuthMFAEventEmit.LostDevice, requestPayload.id as string)();
-    });
-
-    handle.on(OAuthMFAEventEmit.VerifyRecoveryCode, (recoveryCode: string) => {
-      this.createIntermediaryEvent(OAuthMFAEventEmit.VerifyRecoveryCode, requestPayload.id as string)(recoveryCode);
+    const promiEvent = createPromiEvent<OAuthRedirectResult, OAuthPopupEventHandlers>(async (resolve, reject) => {
+      try {
+        const oauthPopupRequest = this.request<OAuthRedirectResult | OAuthRedirectError, OAuthPopupEventHandlers>(
+          requestPayload,
+        );
+
+        oauthPopupRequest.on(OAuthMFAEventOnReceived.MfaSentHandle, () => {
+          promiEvent.emit(OAuthMFAEventOnReceived.MfaSentHandle);
+        });
+        oauthPopupRequest.on(OAuthMFAEventOnReceived.InvalidMfaOtp, () => {
+          promiEvent.emit(OAuthMFAEventOnReceived.InvalidMfaOtp);
+        });
+        oauthPopupRequest.on(OAuthMFAEventOnReceived.RecoveryCodeSentHandle, () => {
+          promiEvent.emit(OAuthMFAEventOnReceived.RecoveryCodeSentHandle);
+        });
+        oauthPopupRequest.on(OAuthMFAEventOnReceived.InvalidRecoveryCode, () => {
+          promiEvent.emit(OAuthMFAEventOnReceived.InvalidRecoveryCode);
+        });
+        oauthPopupRequest.on(OAuthMFAEventOnReceived.RecoveryCodeSuccess, () => {
+          promiEvent.emit(OAuthMFAEventOnReceived.RecoveryCodeSuccess);
+        });
+
+        const result = await oauthPopupRequest;
+
+        const maybeResult = result as OAuthRedirectResult;
+        const maybeError = result as OAuthRedirectError;
+
+        if (maybeError.error) {
+          reject(
+            this.createError(maybeError.error, maybeError.error_description ?? 'An error occurred.', {
+              errorURI: maybeError.error_uri,
+              provider: maybeError.provider,
+            }),
+          );
+        } else {
+          resolve(maybeResult);
+        }
+      } catch (error) {
+        reject(error);
+      }
     });
 
-    handle.on(OAuthMFAEventEmit.Cancel, () => {
-      this.createIntermediaryEvent(OAuthMFAEventEmit.Cancel, requestPayload.id as string)();
-    });
+    if (promiEvent) {
+      promiEvent.on(OAuthMFAEventEmit.VerifyMFACode, (mfa: string) => {
+        this.createIntermediaryEvent(OAuthMFAEventEmit.VerifyMFACode, requestPayload.id as string)(mfa);
+      });
+      promiEvent.on(OAuthMFAEventEmit.LostDevice, () => {
+        this.createIntermediaryEvent(OAuthMFAEventEmit.LostDevice, requestPayload.id as string)();
+      });
+      promiEvent.on(OAuthMFAEventEmit.VerifyRecoveryCode, (recoveryCode: string) => {
+        this.createIntermediaryEvent(OAuthMFAEventEmit.VerifyRecoveryCode, requestPayload.id as string)(recoveryCode);
+      });
+      promiEvent.on(OAuthMFAEventEmit.Cancel, () => {
+        this.createIntermediaryEvent(OAuthMFAEventEmit.Cancel, requestPayload.id as string)();
+      });
+    }
 
-    return handle;
+    return promiEvent;
   }
 
   /**
diff --git a/packages/@magic-ext/wallet-kit/src/views/OAuthPendingView.tsx b/packages/@magic-ext/wallet-kit/src/views/OAuthPendingView.tsx
index 2c47d35d5..bb5422743 100644
--- a/packages/@magic-ext/wallet-kit/src/views/OAuthPendingView.tsx
+++ b/packages/@magic-ext/wallet-kit/src/views/OAuthPendingView.tsx
@@ -1,6 +1,6 @@
-import React, { useEffect, useRef, useState } from 'react';
+import React, { useEffect, useRef } from 'react';
 import { getProviderConfig } from '../lib/provider-config';
-import { WidgetAction } from '../reducer';
+import { WidgetAction, WidgetState } from '../reducer';
 import { OAuthProvider } from '../types';
 import { Pending } from '../components/Pending';
 import { useOAuthLogin } from '../context/OAuthLoginContext';
@@ -9,29 +9,24 @@ import { DARK_MODE_ICON_OVERRIDES } from '../constants';
 
 interface OAuthPendingViewProps {
   provider: OAuthProvider;
+  state: WidgetState;
   dispatch: React.Dispatch<WidgetAction>;
 }
 
-export const OAuthPendingView = ({ provider, dispatch }: OAuthPendingViewProps) => {
+export const OAuthPendingView = ({ provider, state, dispatch }: OAuthPendingViewProps) => {
   const { title, description, Icon: DefaultIcon } = getProviderConfig(provider);
   const config = getExtensionInstance().getConfig();
   const isDarkMode = config?.theme.themeColor === 'dark';
   const Icon = (isDarkMode && DARK_MODE_ICON_OVERRIDES[provider]) || DefaultIcon;
   const { startOAuthLogin } = useOAuthLogin();
   const loginAttempted = useRef(false);
-  const [errorMessage, setErrorMessage] = useState<string | null>(null);
-  const [isPending, setIsPending] = useState(true);
+  const hasError = state.emailLoginStatus === 'error';
+  const errorMessage = state.error ?? null;
 
   useEffect(() => {
     if (!loginAttempted.current) {
       loginAttempted.current = true;
-
-      try {
-        startOAuthLogin(provider as ExtensionOAuthProvider);
-      } catch (err: any) {
-        setErrorMessage(err?.message || 'OAuth login failed');
-        setIsPending(false);
-      }
+      startOAuthLogin(provider as ExtensionOAuthProvider);
     }
   }, [startOAuthLogin, provider]);
 
@@ -41,8 +36,8 @@ export const OAuthPendingView = ({ provider, dispatch }: OAuthPendingViewProps)
       title={title}
       description={description}
       Icon={Icon}
-      isPending={isPending && !errorMessage}
-      errorMessage={errorMessage}
+      isPending={!hasError}
+      errorMessage={hasError ? errorMessage : null}
     />
   );
 };

From 7682de9faf2f411be1283e085332cf297798fdaa Mon Sep 17 00:00:00 2001
From: sherzod-bakhodirov <sherzod.bakhodirov@magic-ext.com>
Date: Thu, 19 Feb 2026 07:13:13 +0500
Subject: [PATCH 5/9] Update
 packages/@magic-ext/wallet-kit/src/context/OAuthLoginContext.tsx

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 packages/@magic-ext/wallet-kit/src/context/OAuthLoginContext.tsx | 1 -
 1 file changed, 1 deletion(-)

diff --git a/packages/@magic-ext/wallet-kit/src/context/OAuthLoginContext.tsx b/packages/@magic-ext/wallet-kit/src/context/OAuthLoginContext.tsx
index 3083f2bba..709cb320b 100644
--- a/packages/@magic-ext/wallet-kit/src/context/OAuthLoginContext.tsx
+++ b/packages/@magic-ext/wallet-kit/src/context/OAuthLoginContext.tsx
@@ -147,7 +147,6 @@ export function OAuthLoginProvider({ children, dispatch }: OAuthLoginProviderPro
 
   const lostDevice = useCallback(() => {
     if (handleRef.current) {
-      dispatch({ type: 'LOST_DEVICE' });
       handleRef.current.emit(OAuthMFAEventEmit.LostDevice);
     }
   }, [dispatch]);

From dc3258f1b46c206be177e9ba0fa8f64b2ebf891a Mon Sep 17 00:00:00 2001
From: sherzod-bakhodirov <sherzod.bakhodirov@magic-ext.com>
Date: Thu, 19 Feb 2026 07:14:17 +0500
Subject: [PATCH 6/9] Update packages/@magic-ext/oauth2/src/index.ts

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 packages/@magic-ext/oauth2/src/index.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/@magic-ext/oauth2/src/index.ts b/packages/@magic-ext/oauth2/src/index.ts
index 70f0cb30e..cbc6349e6 100644
--- a/packages/@magic-ext/oauth2/src/index.ts
+++ b/packages/@magic-ext/oauth2/src/index.ts
@@ -174,7 +174,7 @@ export class OAuthExtension extends Extension.Internal<'oauth2'> {
         this.createIntermediaryEvent(OAuthMFAEventEmit.VerifyRecoveryCode, requestPayload.id as string)(recoveryCode);
       });
       promiEvent.on(OAuthMFAEventEmit.Cancel, () => {
-        this.createIntermediaryEvent(OAuthMFAEventEmit.Cancel, requestPayload.id as any)();
+        this.createIntermediaryEvent(OAuthMFAEventEmit.Cancel, requestPayload.id as string)();
       });
     }
 

From 033da7b08eeacab21d4d9f7b815be93becd1b292 Mon Sep 17 00:00:00 2001
From: sherzod-bakhodirov <sherzod.bakhodirov@magic-ext.com>
Date: Thu, 19 Feb 2026 07:14:51 +0500
Subject: [PATCH 7/9] Update packages/@magic-ext/oauth2/src/index.ts

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 packages/@magic-ext/oauth2/src/index.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/@magic-ext/oauth2/src/index.ts b/packages/@magic-ext/oauth2/src/index.ts
index cbc6349e6..b706a11ce 100644
--- a/packages/@magic-ext/oauth2/src/index.ts
+++ b/packages/@magic-ext/oauth2/src/index.ts
@@ -245,7 +245,7 @@ export class OAuthExtension extends Extension.Internal<'oauth2'> {
         this.createIntermediaryEvent(OAuthMFAEventEmit.VerifyRecoveryCode, requestPayload.id as string)(recoveryCode);
       });
       promiEvent.on(OAuthMFAEventEmit.Cancel, () => {
-        this.createIntermediaryEvent(OAuthMFAEventEmit.Cancel, requestPayload.id as any)();
+        this.createIntermediaryEvent(OAuthMFAEventEmit.Cancel, requestPayload.id as string)();
       });
     }
 

From 030443150980243ddf269011d6c9f53341d2a414 Mon Sep 17 00:00:00 2001
From: sherzod-bakhodirov <sherzod.bakhodirov@magic-ext.com>
Date: Thu, 19 Feb 2026 07:16:38 +0500
Subject: [PATCH 8/9] Update
 packages/@magic-ext/wallet-kit/src/context/OAuthLoginContext.tsx

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 packages/@magic-ext/wallet-kit/src/context/OAuthLoginContext.tsx | 1 +
 1 file changed, 1 insertion(+)

diff --git a/packages/@magic-ext/wallet-kit/src/context/OAuthLoginContext.tsx b/packages/@magic-ext/wallet-kit/src/context/OAuthLoginContext.tsx
index 709cb320b..b8868833b 100644
--- a/packages/@magic-ext/wallet-kit/src/context/OAuthLoginContext.tsx
+++ b/packages/@magic-ext/wallet-kit/src/context/OAuthLoginContext.tsx
@@ -164,6 +164,7 @@ export function OAuthLoginProvider({ children, dispatch }: OAuthLoginProviderPro
   const cancelLogin = useCallback(() => {
     if (handleRef.current) {
       handleRef.current.emit(OAuthMFAEventEmit.Cancel);
+      handleRef.current.removeAllListeners();
     }
     handleRef.current = null;
     setIsMfaActive(false);

From 0fc62be2b1f2dc3440ca9d802e9f18c5546307dc Mon Sep 17 00:00:00 2001
From: sherzod-bakhodirov <sherzod.bakhodirov@magic-ext.com>
Date: Mon, 23 Feb 2026 14:55:29 +0500
Subject: [PATCH 9/9] chore: rename showUI -> showMfaModal

---
 packages/@magic-ext/oauth2/src/index.ts | 14 ++++++++------
 packages/@magic-ext/oauth2/src/types.ts |  4 ++--
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/packages/@magic-ext/oauth2/src/index.ts b/packages/@magic-ext/oauth2/src/index.ts
index b706a11ce..d698dd765 100644
--- a/packages/@magic-ext/oauth2/src/index.ts
+++ b/packages/@magic-ext/oauth2/src/index.ts
@@ -94,10 +94,11 @@ export class OAuthExtension extends Extension.Internal<'oauth2'> {
   }
 
   public loginWithPopup(configuration: OAuthPopupConfiguration) {
-    const { showUI } = configuration;
+    const { showMfaModal } = configuration;
     const requestPayload = this.utils.createJsonRpcRequestPayload(OAuthPayloadMethods.Popup, [
       {
         ...configuration,
+        showUI: showMfaModal,
         returnTo: window.location.href,
         apiKey: this.sdk.apiKey,
         platform: 'web',
@@ -124,7 +125,7 @@ export class OAuthExtension extends Extension.Internal<'oauth2'> {
           });
         }
 
-        if (!showUI) {
+        if (!showMfaModal) {
           oauthPopupRequest.on(OAuthMFAEventOnReceived.MfaSentHandle, () => {
             promiEvent.emit(OAuthMFAEventOnReceived.MfaSentHandle);
           });
@@ -163,7 +164,7 @@ export class OAuthExtension extends Extension.Internal<'oauth2'> {
       }
     });
 
-    if (!showUI && promiEvent) {
+    if (!showMfaModal && promiEvent) {
       promiEvent.on(OAuthMFAEventEmit.VerifyMFACode, (mfa: string) => {
         this.createIntermediaryEvent(OAuthMFAEventEmit.VerifyMFACode, requestPayload.id as string)(mfa);
       });
@@ -182,12 +183,13 @@ export class OAuthExtension extends Extension.Internal<'oauth2'> {
   }
 
   private getResult(configuration: OAuthVerificationConfiguration, queryString: string) {
-    const { showUI } = configuration;
+    const { showMfaModal } = configuration;
     const requestPayload = this.utils.createJsonRpcRequestPayload(OAuthPayloadMethods.Verify, [
       {
         authorizationResponseParams: queryString,
         magicApiKey: this.sdk.apiKey,
         platform: 'web',
+        showUI: showMfaModal,
         ...configuration,
       },
     ]);
@@ -198,7 +200,7 @@ export class OAuthExtension extends Extension.Internal<'oauth2'> {
           requestPayload,
         );
 
-        if (!showUI) {
+        if (!showMfaModal) {
           getResultRequest.on(OAuthMFAEventOnReceived.MfaSentHandle, () => {
             promiEvent.emit(OAuthMFAEventOnReceived.MfaSentHandle);
           });
@@ -234,7 +236,7 @@ export class OAuthExtension extends Extension.Internal<'oauth2'> {
       },
     );
 
-    if (!showUI && promiEvent) {
+    if (!showMfaModal && promiEvent) {
       promiEvent.on(OAuthMFAEventEmit.VerifyMFACode, (mfa: string) => {
         this.createIntermediaryEvent(OAuthMFAEventEmit.VerifyMFACode, requestPayload.id as string)(mfa);
       });
diff --git a/packages/@magic-ext/oauth2/src/types.ts b/packages/@magic-ext/oauth2/src/types.ts
index 127b5476c..e9b4f6013 100644
--- a/packages/@magic-ext/oauth2/src/types.ts
+++ b/packages/@magic-ext/oauth2/src/types.ts
@@ -109,7 +109,7 @@ export interface OAuthVerificationConfiguration {
   lifespan?: number;
   optionalQueryString?: string;
   skipDIDToken?: boolean;
-  showUI?: boolean;
+  showMfaModal?: boolean;
 }
 
 export interface OAuthPopupConfiguration {
@@ -118,7 +118,7 @@ export interface OAuthPopupConfiguration {
   loginHint?: string;
   providerParams?: Record<string, string | number | boolean>;
   shouldReturnURI?: boolean;
-  showUI?: boolean;
+  showMfaModal?: boolean;
 }
 
 export enum OAuthErrorCode {