Skip to content

feat(wallet-gateway-remote): separate IDP config from Networks #813

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 12 commits into
base: main
Choose a base branch
from
+1,129 −1,019
Open

feat(wallet-gateway-remote): separate IDP config from Networks #813

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
3a23cf1
update config.json
alexmatson-da Oct 29, 2025
76bb33b
Merge branch 'main' into alex/split-idp-config
alexmatson-da Oct 29, 2025
9c949fb
Merge branch 'main' into alex/split-idp-config
alexmatson-da Oct 29, 2025
f20da82
remove password auth type
alexmatson-da Oct 29, 2025
08e2156
start renaming chainId
alexmatson-da Oct 29, 2025
821a4f1
changes
alexmatson-da Oct 30, 2025
320e5d3
merge main
alexmatson-da Oct 30, 2025
b8a8d26
compiles
alexmatson-da Nov 5, 2025
c883c70
fix unit tests
alexmatson-da Nov 5, 2025
6600f82
merge main
alexmatson-da Nov 5, 2025
6ba88f6
cleanup
alexmatson-da Nov 5, 2025
e046136
fix e2e test
alexmatson-da Nov 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
144 changes: 84 additions & 60 deletions api-specs/openrpc-user-api.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,48 @@
},
"description": "Removes a new network configuration (similar to EIP-3085)."
},
{
"name": "listNetworks",
"params": [],
"result": {
"name": "result",
"schema": {
"title": "ListNetworksResult",
"type": "object",
"properties": {
"networks": {
"title": "networks",
"type": "array",
"items": {
"$ref": "#/components/schemas/Network"
}
}
},
"required": ["networks"]
}
}
},
{
"name": "listIdps",
"params": [],
"result": {
"name": "result",
"schema": {
"title": "ListIdpsResult",
"type": "object",
"properties": {
"idps": {
"title": "idps",
"type": "array",
"items": {
"$ref": "#/components/schemas/Idp"
}
}
},
"required": ["idps"]
}
}
},
{
"name": "createWallet",
"params": [
Expand Down Expand Up @@ -335,27 +377,6 @@
},
"description": "Executes a signed transaction."
},
{
"name": "listNetworks",
"params": [],
"result": {
"name": "result",
"schema": {
"title": "ListNetworksResult",
"type": "object",
"properties": {
"networks": {
"title": "networks",
"type": "array",
"items": {
"$ref": "#/components/schemas/Network"
}
}
},
"required": ["networks"]
}
}
},
{
"name": "addSession",
"description": "Adds a network session.",
Expand Down Expand Up @@ -439,9 +460,17 @@
"type": "string",
"description": "Synchronizer ID"
},
"identityProviderId": {
"title": "identityProviderId",
"type": "string",
"description": "Identity Provider ID"
},
"auth": {
"$ref": "#/components/schemas/Auth"
},
"adminAuth": {
"$ref": "#/components/schemas/Auth"
},
"ledgerApi": {
"title": "ledgerApi",
"type": "string",
Expand All @@ -453,30 +482,49 @@
"name",
"description",
"synchronizerId",
"identityProviderId",
"auth",
"ledgerApi"
],
"additionalProperties": false
},
"Auth": {
"title": "auth",
"Idp": {
"title": "Idp",
"type": "object",
"description": "Represents the type of auth (implicit or password) for a specified network",
"description": "Structure representing the Identity Providers",
"properties": {

Check failure on line 495 in api-specs/openrpc-user-api.json

View workflow job for this annotation

GitHub Actions / test-static 

Property 'components.schemas.Idp.properties' is missing a title or $ref.
"authType": {
"title": "type",
"type": "string"
"id": {
"title": "id",
"type": "string",
"description": "ID of the identity provider"
},
"identityProviderId": {
"title": "identityProviderId",
"type": "string"
"type": {
"title": "type",
"type": "string",
"description": "Type of identity provider (OAuth2 or Self-Signed)"
},
"tokenUrl": {
"title": "tokenUrl",
"type": "string"
"issuer": {
"title": "issuer",
"type": "string",
"description": "Issuer of identity provider"
},
"grantType": {
"title": "grantType",
"configUrl": {
"title": "configUrl",
"type": "string",
"description": "URL to fetch the identity provider configuration"
}
},
"required": ["id", "type", "issuer"],
"additionalProperties": false
},
"Auth": {
"title": "auth",
"type": "object",
"description": "Represents the type of auth for a specified network",
"additionalProperties": false,
"properties": {
"method": {
"title": "method",
"type": "string"
},
"scope": {
Expand All @@ -495,36 +543,12 @@
"title": "issuer",
"type": "string"
},
"configUrl": {
"title": "configUrl",
"type": "string"
},
"audience": {
"title": "audience",
"type": "string"
},
"admin": {
"title": "admin",
"type": "object",
"properties": {
"clientId": {
"title": "clientId",
"type": "string"
},
"clientSecret": {
"title": "clientSecret",
"type": "string"
}
},
"required": ["clientId", "clientSecret"]
}
},
"required": [
"type",
"identityProviderId",
"issuer",
"configUrl"
]
"required": ["method", "audience", "scope", "clientId"]
},
"Wallet": {
"title": "Wallet",
Expand Down
2 changes: 1 addition & 1 deletion core/rpc-generator/src/components/client.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ const hooks: IHooks = {
versionMap.get(component.name) ??
openrpcDocument.info.version,
})
execSync(`yarn prettier --write ${dest}/**/*`)
execSync(`yarn prettier --write ${dest}/src/**/*`)
return await writeFile(packagePath, updatedPkg)
}
if (component.language === 'rust') {
Expand Down
13 changes: 7 additions & 6 deletions core/wallet-auth/src/auth-token-provider-self-signed.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import { SignJWT } from 'jose'
export class AuthTokenProviderSelfSigned implements AccessTokenProvider {
constructor(
private auth: SelfSignedAuth,
private authAdmin: SelfSignedAuth,
private logger: Logger,
private expirySeconds: number = 3600
) {}
Expand All @@ -30,18 +31,18 @@ export class AuthTokenProviderSelfSigned implements AccessTokenProvider {

async getAdminAccessToken(): Promise<string> {
this.logger.debug('Fetching self-signed admin auth token')
if (!this.auth.admin) {
if (!this.authAdmin) {
throw new Error('Admin credentials are not configured')
}
return AuthTokenProviderSelfSigned.fetchToken(
this.logger,
{
clientId: this.auth.admin.clientId,
clientSecret: this.auth.admin.clientSecret,
scope: this.auth.scope,
audience: this.auth.audience,
clientId: this.authAdmin.clientId,
clientSecret: this.authAdmin.clientSecret,
scope: this.authAdmin.scope,
audience: this.authAdmin.audience,
},
this.auth.issuer,
this.authAdmin.issuer,
this.expirySeconds
)
}
Expand Down
76 changes: 50 additions & 26 deletions core/wallet-auth/src/auth-token-provider.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,61 +3,85 @@

import { Logger } from '@canton-network/core-types'
import { AccessTokenProvider } from './auth-service.js'
import { Auth } from './config/schema.js'
import { Auth, Idp, SelfSignedAuth } from './config/schema.js'
import { AuthTokenProviderSelfSigned } from './auth-token-provider-self-signed.js'
import { clientCredentialsService } from './client-credentials-service.js'

export class AuthTokenProvider implements AccessTokenProvider {
constructor(
private idp: Idp,
private auth: Auth,
private adminAuth: Auth,
private logger: Logger
) {}

async getUserAccessToken(): Promise<string> {
this.logger.debug('Fetching user auth token')
if (this.auth.type === 'self_signed')
if (this.auth.method === 'self_signed')
return new AuthTokenProviderSelfSigned(
this.auth,
this.adminAuth as SelfSignedAuth,
this.logger
).getUserAccessToken()

if (this.auth.type === 'client_credentials')
return clientCredentialsService(
this.auth.configUrl,
this.logger
).fetchToken({
clientId: this.auth.clientId,
clientSecret: this.auth.clientSecret,
scope: this.auth.scope,
audience: this.auth.audience,
})
if (this.auth.method === 'client_credentials') {
if (this.idp.type === 'oauth')
return clientCredentialsService(
this.idp.configUrl,
this.logger
).fetchToken({
clientId: this.auth.clientId,
clientSecret: this.auth.clientSecret,
scope: this.auth.scope,
audience: this.auth.audience,
})
else {
throw new Error(
`IDP type ${this.idp.type} not supported for client_credentials auth`
)
}
}

throw new Error(
`Auth type ${this.auth.type} not supported for user access token`
`Auth method ${this.auth.method} not supported for user access token`
)
}

async getAdminAccessToken(): Promise<string> {
this.logger.debug('Fetching admin auth token')
if (this.auth.type === 'self_signed')
if (this.adminAuth.method === 'self_signed')
return new AuthTokenProviderSelfSigned(
this.auth,
this.auth as SelfSignedAuth,
this.adminAuth as SelfSignedAuth,
this.logger
).getAdminAccessToken()

if (!this.auth.admin) {
if (!this.adminAuth) {
throw new Error(
`No admin credentials configured for auth type ${this.auth.method}`
)
}

if (this.adminAuth.method === 'client_credentials') {
if (this.idp.type === 'oauth')
return clientCredentialsService(
this.idp.configUrl,
this.logger
).fetchToken({
clientId: this.adminAuth.clientId,
clientSecret: this.adminAuth.clientSecret,
scope: this.adminAuth.scope,
audience: this.adminAuth.audience,
})
else {
throw new Error(
`IDP type ${this.idp.type} not supported for client_credentials auth`
)
}
} else {
throw new Error(
`No admin credentials configured for auth type ${this.auth.type}`
`Auth method ${this.auth.method} not supported for admin access token`
)
}
return clientCredentialsService(
this.auth.configUrl,
this.logger
).fetchToken({
clientId: this.auth.admin.clientId,
clientSecret: this.auth.admin.clientSecret,
scope: this.auth.scope,
audience: this.auth.audience,
})
}
}
Loading
Loading