fix: restore imtoken direct login path

.unipi/docs/fix/2026-06-04-imtoken-restore-local-session-login-fix.md

@@ -0,0 +1,38 @@
+---
+title: "Restore imToken direct injected login path — Quick Fix"
+type: quick-fix
+date: 2026-06-04
+---
+
+# Restore imToken direct injected login path — Quick Fix
+
+## Bug
+
+imToken could log in on the 2026-06-03 22:00 Malaysia-time-era build, but the current build can no longer log in after opening imToken's in-app browser.
+
+## Root Cause
+
+The working 2026-06-03 evening flow used `connectInjectedWallet()` and completed a local frontend session for TokenPocket/imToken direct in-app-browser login. Later changes switched injected direct login to `signInWithInjectedWallet()`, which requires backend nonce + `personal_sign` verification. imToken mobile appears incompatible or unstable with that newer signature-verification path in this flow.
+
+## Fix
+
+Restored the old local-session direct injected path for imToken only:
+
+- imToken `?autoLogin=` in-app-browser flow now uses `connectInjectedWallet()` and `localWalletToken(address)`.
+- imToken direct injected login from the wallet modal uses the same local-session path.
+- TokenPocket still uses the newer backend signature verification path.
+
+### Files Modified
+
+- `src/wallet/AutoInjectedLogin.tsx` — restores imToken auto-login to the 2026-06-03 direct injected local-session behavior.
+- `src/wallet/useWalletConnectLogin.ts` — restores imToken injected deeplink login to the local-session behavior.
+
+## Verification
+
+- `npx tsc --noEmit`
+- `npm run format:check`
+- `npm test`
+
+## Notes
+
+This is intentionally scoped to imToken to match the known-working Malaysia 10pm behavior without undoing the TokenPocket signature-verification work.

src/wallet/AutoInjectedLogin.tsx

@@ -1,10 +1,11 @@
 import { useEffect } from "react";
 import {
+  connectInjectedWallet,
   getInjectedWallet,
   signInWithInjectedWallet,
   type WalletKind,
 } from "./injected";
-import { useWallet } from "./WalletProvider";
+import { localWalletToken, useWallet } from "./WalletProvider";
 
 const AUTO_LOGIN_PARAM = "autoLogin";
 const ETHEREUM_WAIT_MS = 8000;
@@ -67,6 +68,13 @@ export function AutoInjectedLogin() {
     void waitForInjected(kind).then(async (ready) => {
       if (cancelled || !ready) return;
       try {
+        if (kind === "imToken") {
+          const address = await connectInjectedWallet(kind);
+          if (cancelled) return;
+          completeLogin(localWalletToken(address), address);
+          return;
+        }
+
         const res = await signInWithInjectedWallet(kind);
         if (cancelled) return;
         completeLogin(res.token, res.wallet);

src/wallet/useWalletConnectLogin.ts

@@ -3,6 +3,7 @@ import { useAccount, useConnect, useDisconnect } from "wagmi";
 import { bsc } from "wagmi/chains";
 import { hasWalletConnectProjectId } from "./RainbowWalletProvider";
 import {
+  connectInjectedWallet,
   getInjectedWallet,
   signInWithInjectedWallet,
   type WalletKind,
@@ -177,6 +178,20 @@ export function useWalletConnectLogin() {
         getInjectedWallet(preferredWallet)
       ) {
         try {
+          if (preferredWallet === "imToken") {
+            const injectedAddress =
+              await connectInjectedWallet(preferredWallet);
+            console.info("[wallet-login] injected connected", {
+              preferredWallet,
+              address: injectedAddress,
+              chain: "BNB Chain",
+              chainId: bsc.id,
+            });
+            completeLogin(localWalletToken(injectedAddress), injectedAddress);
+            setState("idle");
+            return;
+          }
+
           setState("signing");
           const result = await signInWithInjectedWallet(preferredWallet);
           console.info("[wallet-login] injected verified", {