feat(probable): implement unified Web3 authentication lifecycle#1614
feat(probable): implement unified Web3 authentication lifecycle#1614AbhilashG12 wants to merge 5 commits into
Conversation
- Add AuthNonceResponse, AuthLoginResponse, AuthSession types - Add getAuthNonce, loginWithSignature, logout to BaseExchange - Implement Probable auth with callApi() pattern - Add verifyL1 and verifyL2 for signature verification - Add OpenAPI endpoints for all auth operations - Add unit tests for auth lifecycle (5 tests passing) - Update generator to recognize auth types - Regenerate SDKs and docs Fixes pmxt-dev#1606
- Add AuthNonceResponse and AuthLoginResponse to TYPE_MAP - Regenerate Python client with auth methods Fixes pmxt-dev#1606
PR Review: FAILWhat This DoesAdds a unified Web3 authentication lifecycle ( Blast RadiusCore Consumer VerificationBefore (base branch): After (PR branch): const { ProbableExchange } = require('./core/dist/exchanges/probable');
const ex = new ProbableExchange();
await ex.getAuthNonce('0x1234567890123456789012345678901234567890');Result: The built exchange's generated implicit methods are named Test Results
Findings
PMXT Pipeline Check
Semver Impactminor -- adds new SDK/core auth methods. RiskThe advertised SDK methods are currently unusable until the Probable auth helpers call the actual generated implicit method names or the API spec is given stable operation IDs that match the helpers. |
- getNonce → getPublicApiV1AuthNonce - postLogin → postPublicApiV1AuthLogin - postLogout → postPublicApiV1AuthLogout - postVerifyL1 → postPublicApiV1AuthVerifyL1 - postVerifyL2 → postPublicApiV1AuthVerifyL2 Fixes pmxt-dev#1606
|
Fixed |
Second wave of reworked community PRs: Router.sql (#1129), cross-venue Router.fetchOrderBook (#1670), WebSocket config (#1126), baozi error codes (#1118), limitless pagination (#1119), nullable model fields (#1578). Excludes #1614 (security) and #1419 (superseded). Triggers auto-tag v2.53.0f and package publish. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
Not merging as-is due to a credential-disclosure concern: |
…er HTTP (#1614) Land #1614's Probable auth lifecycle (getAuthNonce, loginWithSignature, logout, isSessionActive, verifyL1/L2) with the credential-disclosure flaw fixed: - getSession returns session credentials (apiKey/apiSecret/passphrase) keyed by a PUBLIC wallet address. Added it to EXCLUDED_METHODS in generate-openapi.js so it is never emitted into method-verbs.json, openapi.yaml, or the generated SDK clients — it is now an in-process helper only. Verified absent from all three surfaces. - isSessionActive (boolean) and the signature-gated login flow remain exposed. loginWithSignature returns the caller's own freshly minted credentials only after they prove wallet ownership. - Added AuthNonceResponse/AuthLoginResponse to the SDK models so the generated TS client compiles (the original PR omitted this). Core 822, Python SDK 267, TypeScript SDK 93 tests pass. Co-Authored-By: AbhilashG12 <abhilashggg15@gmail.com> Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Probable Web3 auth lifecycle (#1614), with getSession removed from the network surface so session secrets are never exposed. Triggers auto-tag v2.54.0f and package publish. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
Landed on |
Fixes #1606