---
title: "Restore imToken direct injected login path — Quick Fix"
type: quick-fix
date: 2026-06-04
---

# Restore imToken direct injected login path — Quick Fix

## Bug

imToken could log in on the 2026-06-03 22:00 Malaysia-time-era build, but the current build can no longer log in after opening imToken's in-app browser.

## Root Cause

The working 2026-06-03 evening flow used `connectInjectedWallet()` and completed a local frontend session for TokenPocket/imToken direct in-app-browser login. Later changes switched injected direct login to `signInWithInjectedWallet()`, which requires backend nonce + `personal_sign` verification. imToken mobile appears incompatible or unstable with that newer signature-verification path in this flow.

## Fix

Restored the old local-session direct injected path for imToken only:

- imToken `?autoLogin=` in-app-browser flow now uses `connectInjectedWallet()` and `localWalletToken(address)`.
- imToken direct injected login from the wallet modal uses the same local-session path.
- TokenPocket still uses the newer backend signature verification path.

### Files Modified

- `src/wallet/AutoInjectedLogin.tsx` — restores imToken auto-login to the 2026-06-03 direct injected local-session behavior.
- `src/wallet/useWalletConnectLogin.ts` — restores imToken injected deeplink login to the local-session behavior.

## Verification

- `npx tsc --noEmit`
- `npm run format:check`
- `npm test`

## Notes

This is intentionally scoped to imToken to match the known-working Malaysia 10pm behavior without undoing the TokenPocket signature-verification work.