Account flow to backend (nonce, verify, profile)#55
Conversation
Josue19-08
left a comment
There was a problem hiding this comment.
Thank you for the work on connecting the auth flow to the backend. There are several issues that need to be resolved before this can be merged.
PR template not filled in. The body still contains all the original placeholders (#issue-number, empty Title section, unchecked Changes checkboxes, HTML comments). The template must be completed with actual content.
TODO.md committed. The file TODO.md is a personal planning artifact and should not be committed to the repository. It lists unfinished tasks, which confirms the PR is not complete.
auth/signing.ts — incomplete and potentially dangerous stub. The signNonceWithWallet function reads a secret key from (globalThis as any).__TRUSTUP_STELLAR_SECRET, signs with it client-side, and explicitly notes that Lobstr wallet integration is missing. Committing a signing function that has no real implementation and relies on a globally-injected secret is a security risk and leaves the feature non-functional in production. The wallet integration must be implemented (or this file must not be merged until it is).
api/httpClient.ts — no token refresh logic. The HTTP client only attaches the access token. There is no 401 → refresh → retry interceptor. Unauthenticated sessions will simply fail after the token expires.
hooks/auth/use-create-account.ts — unnecessary await on an already-resolved value. Line const verifyRes = await authApi.verify(await verifyPayload); — buildVerifyPayload is async and returns a Promise<VerifyRequestDto>, so await verifyPayload is correct, but the intermediate const verifyPayload = buildVerifyPayload(...) is called without await and the result is awaited inline. This is confusing and should be written as const verifyPayload = await buildVerifyPayload(...) and then authApi.verify(verifyPayload).
use-create-account.ts — usersApi.getMe() result is ignored. The call to await usersApi.getMe() fetches the profile but discards the result entirely. Either use the returned data or remove the call.
No navigation after success. The issue acceptance criteria require navigating to the Pay Screen after account creation. The setShowSuccess(true) is called but there is no navigation. The RootStackParamList and navigation types already define 'Pay Screen', so the navigation wiring must be completed.
@stellar/stellar-sdk is a very heavy dependency (pulls in axios, eventsource, WASM tooling, etc.) added solely for Keypair.sign in a stub that should not be production code. If the SDK is genuinely needed for other reasons, document that clearly; otherwise remove it until the wallet integration is properly designed.
Please address these issues, complete the PR template, and remove TODO.md before requesting re-review.
Closes #30
🔗 Related Issue
Closes #30
🔖 Title
📝 Description
🔄 Changes Made
📸 Screenshots (if applicable)
🗒️ Additional Notes