Skip to content

Feat/seedless refresh token #5917

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 228 commits into from
Jun 13, 2025
Merged

Feat/seedless refresh token #5917

merged 228 commits into from
Jun 13, 2025

Conversation

tuna1207
Copy link
Member

@tuna1207 tuna1207 commented Jun 4, 2025
edited
Loading

Explanation

Add refresh token and revoke refresh token handling to SeedlessOnboardingController

  • persist refresh token in state
  • store revoke token in vault
  • check for token expired in toprf call, refresh token and retry
  • revoke refresh token and replace with new one after password submit to prevent malicious use if refresh token leak in persisted state

References

Changelog

Checklist

  • I've updated the test suite for new or updated code as appropriate
  • I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate
  • I've communicated my changes to consumers by updating changelogs for packages I've changed, highlighting breaking changes as necessary
  • I've prepared draft pull requests for clients and consumer packages to resolve any breaking changes

lwin-kyaw and others added 30 commits April 10, 2025 12:40
@lwin-kyaw
feat: init SeedlessOnboardingController
fe3f95c
@lwin-kyaw
feat: added optional vault Encryptor in constructor args
de16123
@lwin-kyaw
Merge remote-tracking branch 'origin/main' into feat/seedless-onboard…
65cb47a 
…ing-controller
@lwin-kyaw
feat: authenticate, createSeedPhraseBackup and fetchSeedPhraseBackup
6a30638
@lwin-kyaw
feat: changePassword
65a443d
@lwin-kyaw
feat: addMultiSrpBackup, batchAddBackup
4294696
@lwin-kyaw
lint: fixed lint
499bcc9
@lwin-kyaw
fix: updated CODEOWNERS
8ad9c24
@lwin-kyaw
added tgz package for TOPRF
611d358
@lwin-kyaw
lint: fixed
21df27b
@lwin-kyaw
updated changelog
c2bc7b4
@lwin-kyaw
fix: validate changelog
54e21b4
@lwin-kyaw
added PR number to changelog
999f1df
@lwin-kyaw
validate changelog
13da8a7
@lwin-kyaw
update: toprf-secure-backup package
94ba335
@lwin-kyaw
fix: export errors from controller
aaa9586
@chaitanyapotti @himanshuchawla009
Update packages/seedless-onboarding-controller/package.json
9137174 
Co-authored-by: himanshuchawla009 <[email protected]>
@chaitanyapotti @himanshuchawla009
Update packages/seedless-onboarding-controller/src/SeedlessOnboarding…
b9f9980 
…Controller.ts

Co-authored-by: himanshuchawla009 <[email protected]>
@chaitanyapotti @himanshuchawla009
Update packages/seedless-onboarding-controller/src/SeedlessOnboarding…
f3e8fed 
…Controller.ts

Co-authored-by: himanshuchawla009 <[email protected]>
@chaitanyapotti @himanshuchawla009
Update packages/seedless-onboarding-controller/src/SeedlessOnboarding…
acacda1 
…Controller.ts

Co-authored-by: himanshuchawla009 <[email protected]>
@chaitanyapotti @himanshuchawla009
Update packages/seedless-onboarding-controller/src/SeedlessOnboarding…
0f28440 
…Controller.ts

Co-authored-by: himanshuchawla009 <[email protected]>
@chaitanyapotti
fix: review comments regarding authenticate and default network
0677d52
@chaitanyapotti
Merge branch 'feat/seedless-onboarding-controller' of github.com:Meta…
8cc08fc 
…Mask/core into feat/seedless-onboarding-controller
@chaitanyapotti
fix: import of keccak256 + rename variables
334e060
@chaitanyapotti
fix: comment batchadd
cd62441
@lwin-kyaw
fix: lint
e7c66cd
@lwin-kyaw
Merge remote-tracking branch 'origin/main' into feat/seedless-onboard…
37d6821 
…ing-controller
@lwin-kyaw
fixed: build
b0ebb02
@lwin-kyaw
test: updated comment in jest.enviroment.js which defines 'webCrypto'
969053f
@lwin-kyaw
chore: updated comments for withPersistedSeedPhraseBackupsState method
caa3fef
@tuna1207 tuna1207 requested a review from a team as a code owner June 4, 2025 10:21
@tuna1207 tuna1207 requested a review from a team as a code owner June 4, 2025 10:24
lwin-kyaw
lwin-kyaw approved these changes Jun 13, 2025
View reviewed changes
Copy link
Contributor

@lwin-kyaw lwin-kyaw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.
Hi @chaitanyapotti @himanshuchawla009, need your reviews too )

himanshuchawla009
himanshuchawla009 approved these changes Jun 13, 2025
View reviewed changes
Copy link
Contributor

@himanshuchawla009 himanshuchawla009 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts
keyringId,
},
});
// store/persist the encryption key shares
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

these comments should be moved before line 303

@lwin-kyaw lwin-kyaw merged commit db401c1 into main Jun 13, 2025
214 checks passed
@lwin-kyaw lwin-kyaw deleted the feat/seedless-refresh-token branch June 13, 2025 08:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@himanshuchawla009 himanshuchawla009 himanshuchawla009 approved these changes

@lwin-kyaw lwin-kyaw lwin-kyaw approved these changes

@chaitanyapotti chaitanyapotti Awaiting requested review from chaitanyapotti

Assignees
No one assigned
Labels
team-web3auth
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@tuna1207 @himanshuchawla009 @lwin-kyaw @chaitanyapotti @ieow