Auth/PM-22661 - Send Access #351

JaredSnider-Bitwarden · 2025-07-17T18:08:02Z

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-22661
See clients PR: bitwarden/clients#16007

📔 Objective

To build out the SDK portion of the new Auth/SendAccess feature which serves out SendAccessTokens for successful authN requests.

⏰ Reminders before review

Contributor guidelines followed
All formatters and local linters executed and passed
Written new unit and / or integration tests where applicable
Protected functional changes with optionality (feature flags)
Used internationalization (i18n) for all UI strings
CI builds passed
Communicated to DevOps any deployment requirements
Updated any necessary documentation (Confluence, contributing docs) or informed the documentation
team

🦮 Reviewer guidelines

👍 (:+1:) or similar for great changes
📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
❓ (:question:) for questions
🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed
issue and could potentially benefit from discussion
🎨 (:art:) for suggestions / improvements
❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
⛏ (:pick:) for minor or nitpick changes

…cessTokenPayload

…el + send access token struct

github-actions · 2025-07-17T18:13:14Z

Checkmarx One – Scan Summary & Details – 63d18845-647c-44ea-9415-039d26c81ac5

New Issues (3)

Checkmarx found the following issues in this Pull Request

Issue	Source File / Package	Checkmarx Insight
CVE-2025-7783	Npm-form-data-4.0.3	details Recommended version: 4.0.4 Description: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program... Attack Vector: NETWORK Attack Complexity: HIGH `ID: Sl%2FDjJHdQPvAhgTccGepYhIgX4UBQUDyDi6Hi8gnJQw%3D` Vulnerable Package
CVE-2025-7783	Npm-axios-1.9.0	details Recommended version: 1.12.0 Description: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program... Attack Vector: NETWORK Attack Complexity: HIGH `ID: WhOJ92GNbszCmMexTv30hIbeeDU0V14wUl3TS%2BRTKFQ%3D` Vulnerable Package
CVE-2025-54798	Npm-tmp-0.0.33	details Recommended version: 0.2.4 Description: tmp is a temporary file and directory creator for node.js. In versions prior to 0.2.4, tmp is vulnerable to an arbitrary temporary file "/" directo... Attack Vector: LOCAL Attack Complexity: HIGH `ID: pku3WtsT8bnLaD0j7%2FFsuD02ySFLowbHbl%2Ba43nwZus%3D` Vulnerable Package

codecov · 2025-07-17T18:18:10Z

Codecov Report

❌ Patch coverage is 96.70193% with 53 lines in your changes missing coverage. Please review.
✅ Project coverage is 78.14%. Comparing base (2e7f960) to head (21a2a48).
⚠️ Report is 24 commits behind head on main.

Files with missing lines	Patch %	Lines
...th/src/send_access/api/token_api_error_response.rs	93.01%	43 Missing ⚠️
...arden-auth/src/send_access/access_token_request.rs	96.35%	5 Missing ⚠️
...rden-auth/src/send_access/access_token_response.rs	75.00%	4 Missing ⚠️
crates/bitwarden-auth/src/send_access/client.rs	99.86%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #351      +/-   ##
==========================================
+ Coverage   76.65%   78.14%   +1.48%     
==========================================
  Files         266      274       +8     
  Lines       24705    27185    +2480     
==========================================
+ Hits        18937    21243    +2306     
- Misses       5768     5942     +174

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

… locations to be more idiomatic and logical

…flat structures and test utilities wiremock and zeroize.

…ng C dynamic lib, build a normal rust lib (rlib) for this crate since a C dynamic lib can't be used to run E2E tests.

…ion tests can only access the public API

…e public.

…rate.

crates/bitwarden-auth/src/lib.rs

crates/bitwarden-auth/src/api/enums/grant_type.rs

Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>

…to crate

Hinton

Some more visibility changes but looks great otherwise. Thanks for iterating on this.

crates/bitwarden-auth/src/send_access/api/token_api_success_response.rs

crates/bitwarden-auth/src/send_access/api/token_request_payload.rs

…_success_response.rs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>

…uest_payload.rs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>

sonarqubecloud · 2025-09-16T13:08:51Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

JaredSnider-Bitwarden added 5 commits July 15, 2025 16:49

PM-22661 - Add anonymous auth_client and documentation

5cb35a9

PM-22661 - WIP on building various classes

07e49b3

PM-22661 - SendAccessTokenPayload serialization

bec03fc

PM-22661 - Add traits for converting SendAccessTokenRequest to SendAc…

5a140fd

…cessTokenPayload

PM-22661 - WIP - Start defining send token api service + response mod…

68617bd

…el + send access token struct

JaredSnider-Bitwarden added 23 commits July 18, 2025 17:32

PM-22661 - (1) Progress on SendApiService (2) Refactor names / folder…

6a5370f

… locations to be more idiomatic and logical

PM-22661 - Wasm Crate - add serde_urlencoded for quicker encoding of …

f5daadb

…flat structures and test utilities wiremock and zeroize.

PM-22661 - SendTokenApiService - clean up comments

dac6068

PM-22661 - SendTokenApiService - fix import

c435f56

PM-22661 - SendAccessTokenRequest - add comment

e209646

PM-22661 - SendAccess mod - remove enums

d70bc5b

PM-22661 - SendTokenApiService integration test suite - some progress

cac6788

PM-22661 - bw-wasm-internal crate cargo.toml - Instead of just builid…

14243d9

…ng C dynamic lib, build a normal rust lib (rlib) for this crate since a C dynamic lib can't be used to run E2E tests.

PM-22661 - AuthClient - must make public outside of crate as integrat…

7c7f1cb

…ion tests can only access the public API

PM-22661 - Lib.rs - make auth module public

8b57676

PM-22661 - Auth mod.rs - make send_access module public.

ad9fd99

PM-22661 - SendAccessToken - add docs and make properties public

14238ac

PM-22661 - Auth>SendAccess>Requests mod.rs - add enums module and mak…

1d7d638

…e public.

PM-22661 - Fix imports after creating responses/enums and requests/enums

8674ef4

PM-22661 - SendTokenApiService - make auth_client public outside of c…

19a4de8

…rate.

PM-22661 - SendAccessCredentials - add serialization + unit tests for it

33a1d86

PM-22661 - SendAccessTokenRequest - add serialization

a81ca5d

PM-22661 - SendAccessTokenResponse - add serialization

c04c12f

PM-22661 - Port over Dani's changes to fix integration tests

58ef896

PM-22661 - Add clone to request and credentials for easier test usage

d91275a

PM-22661 - SendTokenApiService integration tests - get tests passing

9327e04

PM-22661 - SendTokenApiService - remove unnecessary mut

11b5ab6

PM-22661 - Add a bunch of docs

3fb485f

JaredSnider-Bitwarden requested review from Patrick-Pimentel-Bitwarden and dani-garcia September 12, 2025 16:15

Patrick-Pimentel-Bitwarden previously approved these changes Sep 12, 2025

View reviewed changes

dani-garcia previously approved these changes Sep 12, 2025

View reviewed changes

Hinton reviewed Sep 15, 2025

View reviewed changes

crates/bitwarden-auth/src/lib.rs Show resolved Hide resolved

crates/bitwarden-auth/src/api/enums/grant_type.rs Outdated Show resolved Hide resolved

PM-22661 - Update crates/bitwarden-auth/src/api/enums/grant_type.rs

855b744

Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>

JaredSnider-Bitwarden dismissed stale reviews from dani-garcia and Patrick-Pimentel-Bitwarden via 855b744 September 15, 2025 11:36

PM-22661 - Per PR feedback, change visibility of GrantType and Scope …

942d1b1

…to crate

JaredSnider-Bitwarden requested a review from Hinton September 15, 2025 11:39

JaredSnider-Bitwarden and others added 4 commits September 15, 2025 07:42

PM-22661 - Lint - Remove empty line in grant_type.rs

0625f0f

PM-22661 - Update grant_type to not be public

8910d08

PM-22661 - Update scope to not be public

6da90aa

PM-22661 - Make grant_type and scope enums pub(crate)

ede6e1b

Hinton previously approved these changes Sep 16, 2025

View reviewed changes

PM-22661 - Update crates/bitwarden-auth/src/send_access/api/token_api…

68aa1aa

…_success_response.rs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>

JaredSnider-Bitwarden dismissed Hinton’s stale review via 68aa1aa September 16, 2025 12:31

JaredSnider-Bitwarden and others added 4 commits September 16, 2025 08:31

PM-22661 - Update crates/bitwarden-auth/src/send_access/api/token_req…

fd47f8f

…uest_payload.rs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>

PM-22661 - Update crates/bitwarden-auth/src/send_access/api/token_req…

4814b16

…uest_payload.rs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>

PM-22661 - Update crates/bitwarden-auth/src/send_access/api/token_req…

96d18fd

…uest_payload.rs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>

PM-22661 - Adjust api mod to have proper visibility

21a2a48

Hinton approved these changes Sep 16, 2025

View reviewed changes

ike-kottlowski approved these changes Sep 16, 2025

View reviewed changes

dani-garcia approved these changes Sep 16, 2025

View reviewed changes

JaredSnider-Bitwarden merged commit 9b1253a into main Sep 16, 2025
50 checks passed

JaredSnider-Bitwarden deleted the auth/pm-22661/send-access branch September 16, 2025 14:42

This was referenced Sep 16, 2025

Update SDK to 1.0.0-3101-0eba924a bitwarden/android#5893

Merged

Updating SDK to 3e310f8 (1.0.0-2394-72f4866) bitwarden/ios#1944

Closed

Updating SDK to f14c06f (1.0.0-2413-0eba924) bitwarden/ios#1946

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Auth/PM-22661 - Send Access #351

Auth/PM-22661 - Send Access #351

Uh oh!

JaredSnider-Bitwarden commented Jul 17, 2025 •

edited

Loading

Uh oh!

github-actions bot commented Jul 17, 2025 •

edited

Loading

Uh oh!

codecov bot commented Jul 17, 2025 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

Hinton left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

sonarqubecloud bot commented Sep 16, 2025

Uh oh!

Uh oh!

Uh oh!

Auth/PM-22661 - Send Access #351

Auth/PM-22661 - Send Access #351

Uh oh!

Conversation

JaredSnider-Bitwarden commented Jul 17, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

🎟️ Tracking

📔 Objective

⏰ Reminders before review

🦮 Reviewer guidelines

Uh oh!

github-actions bot commented Jul 17, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

codecov bot commented Jul 17, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

Uh oh!

Uh oh!

Hinton left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

sonarqubecloud bot commented Sep 16, 2025

Quality Gate passed

Uh oh!

Uh oh!

Uh oh!

JaredSnider-Bitwarden commented Jul 17, 2025 •

edited

Loading

github-actions bot commented Jul 17, 2025 •

edited

Loading

codecov bot commented Jul 17, 2025 •

edited

Loading