fix: improve popup blocked error message for Safari users

[broody]

Summary

• Replaces the developer-facing error message "Should be able to open a popup in an iFrame" with a user-friendly message when window.open() returns null during social authentication
• New message: "Unable to open a pop-up window needed for authentication. Please allow pop-ups for this site in your browser settings and try again."
• This primarily affects Safari users where the browser's popup blocker prevents the OAuth authentication popup from opening

Test plan

• Test social login (Google/Discord) on Safari with popups blocked — verify the new message appears
• Test social login on Safari with popups allowed — verify normal flow works
• Test social login on Chrome/Firefox — verify no regression

🤖 Generated with Claude Code

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
controller-example-next	Ready	Preview	Mar 24, 2026 1:17am
keychain	Ready	Preview	Mar 24, 2026 1:17am
keychain-storybook	Ready	Preview	Mar 24, 2026 1:17am

[codecov]

Codecov Report

❌ Patch coverage is 0% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 22.18%. Comparing base (08dd2d0) to head (82f9c2f).
⚠️ Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
packages/keychain/src/wallets/social/turnkey.ts	0.00%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2506      +/-   ##
==========================================
- Coverage   22.18%   22.18%   -0.01%     
==========================================
  Files         326      326              
  Lines       36275    36276       +1     
  Branches     1193     1193              
==========================================
  Hits         8047     8047              
- Misses      28210    28211       +1     
  Partials       18       18              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[claude]

Claude finished @broody's task —— View job

---

Documentation Analysis

• Analyze PR changes for user-facing impact
• Check docs repository structure
• Determine if documentation updates needed
• Report findings

---

Analysis Result

No documentation updates required.

Rationale:

This PR improves an internal error message shown when popup blockers prevent social authentication. While the error message is user-facing, it does not change:

• API surface: No new methods, parameters, or configuration options
• Feature behavior: Social login still works the same way
• Integration steps: Developers integrate social login identically
• User flows: Authentication process remains unchanged

Existing Documentation Coverage:

The signer-management.md file already documents the popup/redirect behavior comprehensively:

• Lines 70-75 describe the intelligent authentication flow with popup-first and redirect fallback
• Lines 123-126, 138-141, and 153-156 explain popup handling for each social provider
• Lines 463-466 include troubleshooting guidance for popup blockers

The improved error message simply provides better UX when popups fail—the fallback behavior and troubleshooting steps documented are already correct and sufficient.

Per documentation rules: "DEFAULT TO NO CHANGES. Internal refactors, test changes, CI changes, and dependency bumps need nothing. Only proceed if there is a concrete user-facing change (new API, changed behavior, new feature, removed feature, changed configuration)."

This is an internal error message improvement with no documentation impact.

---