OMSWallet constructor restores that session automatically when its metadata is valid, unexpired, and still matches the Android Keystore credential.
Protected methods on omsWallet.wallet require this active session. Read-only calls on omsWallet.indexer do not.
Read the completed session
walletAddress is non-null only after wallet activation. expiresAt is the ISO-8601 value returned by OMS. auth is OMSWalletEmailSessionAuth or OMSWalletOidcSessionAuth; OIDC metadata also records the Redirect or IdToken flow and issuer.
Pending email OTP and manual wallet-selection attempts are not persisted. Pending redirect state is stored separately and must be completed through handleOidcRedirectCallback. Do not use session.walletAddress == null to infer which pending flow, if any, is active.
Handle expiration
An expired session becomes inactive before protected wallet work proceeds. The operation throwsOMSWalletSessionException with code = OMSWalletErrorCode.SessionExpired.
Subscribe when the UI should react as the session expires:
signOut() clears it. The event contains the expired snapshot, not a still-active session.
List, switch, and create wallets
List every wallet available to the authenticated credential:reference is optional app-defined wallet metadata.
Keep the three credential concepts separate
The SDK uses three related values for different trust boundaries:
The provider ID token passed to
signInWithOidcIdToken is a fourth value used only to authenticate the user’s external identity. It is not the token returned by getIdToken().
Issue an ID token for your backend
customClaims accepts Map<String, JsonElement> when you need app-provided context. Treat app-provided claims as untrusted unless your backend controls their values.
Inspect request-signing access
listAccess follows all cursors and returns the credentials that can access the selected wallet:
CredentialInfo includes credentialId, ISO-8601 expiresAt, and isCaller. For page-at-a-time UI, use listAccessPage(pageSize, cursor). For a stream of pages, collect listAccessPages(pageSize).
Revoke only a credential whose isCaller value is false:
Sign out
signOut() synchronously clears in-memory state and attempts to remove completed-session metadata, pending redirect state, and the local request-signing credential. If persistent cleanup fails, it throws OMSWalletStorageException after the in-memory session has already been cleared.