Skip to content

Prioritize JWT over service API keys in authentication #7020

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 16, 2025
Merged

Prioritize JWT over service API keys in authentication #7020

merged 1 commit into from
May 16, 2025

Conversation

jnsdls
Copy link
Member

@jnsdls jnsdls commented May 12, 2025
edited by pr-codex bot
Loading

Prioritize JWT over service API keys in authentication

This PR updates the authentication logic in the @thirdweb-dev/service-utils package to prioritize JWT tokens over service API keys when both are present. The changes include:

  • Added a new getAuthHeaders utility function that determines the appropriate authentication headers based on the provided auth data
  • Implemented a clear authentication priority order:
    1. Secret key (highest priority)
    2. JWT token (when teamId or clientId is present)
    3. Incoming service API key
    4. Default service API key (lowest priority)
  • Updated the fetchTeamAndProject function to use the new utility
  • Added comprehensive test coverage for the new authentication logic
  • Added coverage script to package.json

These changes ensure more consistent and secure authentication behavior across the service.

PR-Codex overview

This PR focuses on enhancing authentication in the service-utils package by prioritizing JWT over service API keys. It introduces new functionality for generating authentication headers and updates testing to ensure correct behavior.

Detailed summary

  • Updated .gitignore to exclude dist/, coverage/, and other files.
  • Added a changeset for prioritizing JWT in authentication.
  • Updated package.json to include @vitest/coverage-v8.
  • Added coverage script to package.json.
  • Implemented getAuthHeaders function in get-auth-headers.ts for dynamic auth header generation.
  • Modified fetchTeamAndProject in api.ts to use getAuthHeaders.
  • Added tests for getAuthHeaders in get-auth-headers.test.ts covering various authentication scenarios.

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

@vercel Vercel
Copy link

vercel bot commented May 12, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
docs-v2 ✅ Ready (Inspect) Visit Preview 💬 Add feedback May 16, 2025 11:37pm
login ✅ Ready (Inspect) Visit Preview 💬 Add feedback May 16, 2025 11:37pm
thirdweb_playground ✅ Ready (Inspect) Visit Preview 💬 Add feedback May 16, 2025 11:37pm
thirdweb-www ✅ Ready (Inspect) Visit Preview 💬 Add feedback May 16, 2025 11:37pm
wallet-ui ✅ Ready (Inspect) Visit Preview 💬 Add feedback May 16, 2025 11:37pm

@vercel vercel bot temporarily deployed to Preview – wallet-ui May 12, 2025 19:01 Inactive
@vercel vercel bot temporarily deployed to Preview – docs-v2 May 12, 2025 19:01 Inactive
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented May 12, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 2c2d7ef

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@thirdweb-dev/service-utils Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@vercel vercel bot temporarily deployed to Preview – thirdweb_playground May 12, 2025 19:01 Inactive
@vercel vercel bot temporarily deployed to Preview – login May 12, 2025 19:01 Inactive
@jnsdls Graphite App
Copy link
Member Author

jnsdls commented May 12, 2025
edited
Loading

How to use the Graphite Merge Queue

Add either label to this PR to merge it via the merge queue:

  • merge-queue - adds this PR to the back of the merge queue
  • hotfix - for urgent hot fixes, skip the queue and merge this PR next

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

@jnsdls jnsdls marked this pull request as ready for review May 12, 2025 19:02
@jnsdls jnsdls requested a review from a team as a code owner May 12, 2025 19:02
@codecov Codecov
Copy link

codecov bot commented May 12, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 55.49%. Comparing base (8f605d9) to head (2c2d7ef).
Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #7020   +/-   ##
=======================================
  Coverage   55.49%   55.49%           
=======================================
  Files         909      909           
  Lines       58406    58406           
  Branches     4069     4072    +3     
=======================================
  Hits        32415    32415           
  Misses      25886    25886           
  Partials      105      105
Flag Coverage Δ
packages 55.49% <ø> (ø)
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 12, 2025
edited
Loading

size-limit report 📦

Path Size Loading time (3g) Running time (snapdragon) Total time
thirdweb (esm) 54.18 KB (0%) 1.1 s (0%) 177 ms (+139.61% 🔺) 1.3 s
thirdweb (cjs) 194.07 KB (0%) 3.9 s (0%) 355 ms (+27.4% 🔺) 4.3 s
thirdweb (minimal + tree-shaking) 5.68 KB (0%) 114 ms (0%) 65 ms (+1456.35% 🔺) 179 ms
thirdweb/chains (tree-shaking) 524 B (0%) 11 ms (0%) 17 ms (+980.51% 🔺) 28 ms
thirdweb/react (minimal + tree-shaking) 19.53 KB (0%) 391 ms (0%) 90 ms (+677.52% 🔺) 480 ms

@jnsdls jnsdls force-pushed the Prioritize_JWT_over_service_API_keys_in_authentication branch from 68ead6e to 91b2284 Compare May 12, 2025 20:11
@jnsdls jnsdls force-pushed the Prioritize_JWT_over_service_API_keys_in_authentication branch 2 times, most recently from 0407eb8 to 41c93f3 Compare May 16, 2025 23:22
@jnsdls jnsdls force-pushed the Prioritize_JWT_over_service_API_keys_in_authentication branch from 41c93f3 to 2c2d7ef Compare May 16, 2025 23:25
@jnsdls jnsdls mentioned this pull request May 16, 2025
Closed
@jnsdls jnsdls merged commit feae304 into main May 16, 2025
24 checks passed
@jnsdls jnsdls deleted the Prioritize_JWT_over_service_API_keys_in_authentication branch May 16, 2025 23:39
@joaquim-verges joaquim-verges mentioned this pull request May 16, 2025
Merged
joaquim-verges pushed a commit that referenced this pull request May 17, 2025
@jnsdls @joaquim-verges
Prioritize JWT over service API keys in authentication (#7020)
c6af295
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joaquim-verges joaquim-verges joaquim-verges approved these changes

Assignees

@jnsdls jnsdls

Labels
packages
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jnsdls @joaquim-verges