feat: add consent screen

[lionellbriones]

Motivation and Context

Introduces a consent gate that requires users to accept Terms and Conditions / Privacy Policy before completing the login flow. When consentRequired is enabled in uiConfig (along with tncLink and privacyPolicy URLs), the SDK pauses after wallet connection and prompts the user to accept or decline before proceeding.

Jira Link:
https://consensyssoftware.atlassian.net/browse/EMBED-80

Description

New Connector Status: CONSENT_REQUIRED

• Added CONSENT_REQUIRED to CONNECTOR_STATUS and CONNECTOR_EVENTS constants.
• Defined CAN_LOGOUT_STATUSES to allow logout from the consent-required state.
• Extended ConnectorEvents and Web3AuthNoModalEvents typings with the new event.

Core SDK (no-modal)

• Web3AuthNoModal: Added consentRequired flag, pendingConnectedData, and pendingAuthorizedData fields to buffer connection/authorization data while awaiting user consent.
• connectToConnector: When consent is required, the connected event handler now emits CONSENT_REQUIRED instead of CONNECTED, and buffers the AUTHORIZED event data.
• acceptConsent(): New public method that resumes the login flow — transitions status from CONSENT_REQUIRED to CONNECTED/AUTHORIZED, connects plugins, and emits buffered events.
• logout(): Updated to allow logout from CONSENT_REQUIRED state, clearing any pending data.
• SSR rehydration: Respects consentRequired when restoring status from idToken.

Modal Manager (modal)

• Reads consentRequired, privacyPolicy, and tncLink from uiConfig in the constructor.
• Wires up onAcceptConsent and onDeclineConsent callbacks to LoginModal.
• onAcceptConsent calls acceptConsent(); onDeclineConsent calls logout() and closes the modal.

UI Components (modal UI layer)

• LoginModal: Listens for the CONSENT_REQUIRED connector event and transitions modal to consent status. Exposes consentRequired flag. Forwards accept/decline handlers.
• WidgetContext: Added handleAcceptConsent and handleDeclineConsent to the widget context.
• Root: Passes consent handlers and TnC/privacy links to the Loader. Hides footer links when consent screen is active.
• Loader: New ConsentRequiredStatus sub-component renders the consent UI with accept/decline buttons, TnC link, and privacy policy link. Shown when modalStatus === CONSENT_REQUIRED.

How has this been tested?

Screenshots (if appropriate):

Login flow

Screen.Recording.2026-04-13.at.5.17.32.PM.mov

Consent screen

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

• My code follows the code style of this project. (run lint)
• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have added tests to cover my changes.
• All new and existing tests passed.
• My code requires a db migration.

---

Note

High Risk
High risk because it alters core connection/authorization state machines and event semantics (new CONSENT_REQUIRING/CONSENT_ACCEPTED flow) and changes when apps consider a session connected/authorized.

Overview
Adds an optional consent gate to Web3Auth login: when uiConfig.consentConfig.required is set, the SDK pauses after wallet connection and surfaces a terms/privacy acceptance step before completing the session.

This introduces new connector status/events (CONSENT_REQUIRING, CONSENT_ACCEPTED), an acceptConsent()/completeConsentAcceptance() path, and updates modal/no-modal + React/Vue context hooks to avoid marking users connected until consent is accepted; the modal UI adds a dedicated consent screen with accept/decline callbacks (decline logs out and closes the modal).

Demo apps and packages bump @web3auth/auth to 11.6.0 and add UI toggles to enable/disable consent config in the Vue and Wagmi React demos; tests are extended to cover the new consent-driven connect resolution and hook behavior.

^{Reviewed by Cursor Bugbot for commit 32c89fb. Bugbot is set up for automated code reviews on this repo. Configure here.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
web3auth-web	Ready	Preview, Comment	Apr 20, 2026 5:51am

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit fec94d2. Configure here.}

[lionellbriones]

i think consentConfigMode is set only on dashboard. not sure if we should include it on sdk config.