feat: keyless wallet & apple google oauth login #9394
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the You can disable this status message by setting the ✨ Finishing touches🧪 Generate unit tests (beta)
Comment |
Contributor
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
sidmorizon
force-pushed
the
fix/android-google-login
branch
from
0150a99 to
46a739e
Compare
|
All alerts resolved. Learn more about Socket for GitHub. This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored. |
…d references - Renamed `setMainWindow` to `setMainWindowForOAuthServer` in `oauthLocalServer` for better clarity. - Updated all references in `app.ts` to reflect the new function name. - Enhanced the `BaseSkeleton` component to accept a forwarded ref, improving its integration with parent components. - Updated `HyperlinkText` to use a lazy-loaded default internationalization instance. - Improved OAuth state handling in `openOAuthPopupWeb` and `useSupabaseAuth` for enhanced security and reliability.
…ed components - Added support for `oneKeyState` in the OAuth callback handling to improve security and state validation. - Updated `openOAuthPopupDesktopLocalhost` to manage OAuth sessions effectively, including session persistence options. - Refactored `useSupabaseAuth` to streamline OAuth processes and ensure compatibility with the new state handling. - Removed the deprecated `openOAuthPopupDesktopLocalhost` function to clean up the codebase. - Enhanced error handling across various OAuth methods to provide clearer feedback on authentication issues.
- Changed OAuth callback paths for desktop and web to `/oauth_callback_desktop` and `/oauth_callback_web`, respectively, improving clarity and consistency. - Introduced `ensureOneKeyOAuthState` utility to guarantee the presence of the `ONEKEY_OAUTH_STATE_KEY` parameter in redirect URLs, enhancing security. - Updated various components to utilize the new callback paths and state handling, ensuring robust OAuth flow and validation. - Improved error handling and state validation in the OAuth process to mitigate potential security risks.
…e callback handling - Removed fixed port range for OAuth callbacks, allowing the server to listen on a dynamically assigned port. - Enhanced the OAuth callback handling logic to improve error responses and streamline the process of receiving authorization codes. - Updated documentation to reflect changes in the OAuth flow and the new method of handling redirect URLs. - Improved error messages for better user feedback during OAuth server startup.
- Introduced a new `getRedirectUrl` function to standardize the retrieval of the OAuth redirect URL, ensuring it matches Google Cloud Console configuration. - Updated `openOAuthPopupExtIdentity` to utilize the new redirect URL function and accept an optional `authUrl` parameter for improved flexibility. - Refactored the OAuth flow processing to simplify the handling of authentication URLs and session management. - Enhanced `useSupabaseAuth` to support the new `authUrl` parameter, aligning the extension's OAuth handling with web standards.
- Removed OAuth2 configuration from Chrome manifest files, streamlining the setup process. - Simplified the `IHandleOAuthSessionPersistenceParams` type by removing unnecessary properties. - Introduced a unified `OAuthPopup` class structure for handling OAuth across web, desktop, extension, and native platforms. - Enhanced `useSupabaseAuth` to leverage the new `OAuthPopup` implementation, improving session management and code clarity. - Updated various components to ensure compatibility with the new OAuth structure and improve overall maintainability.
- Deleted unused OAuth handling files for desktop, extension, native, and web platforms to streamline the codebase. - Removed related types and utility functions that are no longer necessary, enhancing maintainability and clarity. - This cleanup aligns with recent refactoring efforts to consolidate OAuth handling across platforms.
- Introduced a comprehensive guide for configuring Apple Sign-In with Supabase for the OneKey app, focusing on web platform setup. - Documented prerequisites, local development testing, and detailed steps for Apple Developer Console and Supabase configuration. - Included troubleshooting tips and security considerations to enhance user understanding and implementation of Apple Sign-In. - Updated OAuthPopup components to improve callback URL validation and nonce generation for enhanced security during authentication.
sidmorizon
changed the title
sidmorizon
force-pushed
the
fix/android-google-login
branch
from
46a739e to
385a00b
Compare
(cherry picked from commit 06ee0c4)
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
(cherry picked from commit 425b31cad2bfc3bfd9658e71526c44b55e5afec4)
…nstants - Return undefined nonce for iOS Google Sign-In to fix authentication issue - Add improved comments explaining nonce behavior in OAuth flow - Reorganize Supabase and Keyless config sections with clear separators
# Conflicts: # apps/mobile/ios/Podfile.lock # apps/mobile/package.json
sidmorizon
requested review from
ezailWang,
huhuanming,
originalix and
revan-zhang
as code owners
sidmorizon
changed the title
limichange
reviewed
Jan 6, 2026
Contributor
limichange
left a comment
limichange
left a comment
There was a problem hiding this comment.
Code Review Report
| File | Line | Issue |
|---|---|---|
| packages/kit-bg/src/services/ServiceKeylessWallet/ServiceKeylessWallet.ts | 1176-1183 | P1 JWT Token Not Validated Before Trust |
| packages/kit-bg/src/services/ServiceKeylessWallet/ServiceKeylessWallet.ts | 1254-1284 | P1 Sensitive Data in Memory Without Secure Cleanup |
| packages/kit-bg/src/services/ServiceKeylessWallet/utils/JuiceboxClient.ts | 101 | P1 Global Callback Function Assignment |
| packages/kit-bg/src/services/ServiceKeylessWallet/ServiceKeylessWallet.ts | 1285 | P2 Error Handling TODO for Critical Flow |
| packages/kit-bg/src/services/ServiceKeylessWallet/utils/keylessMnemonicPasswordStorage.ts | 66-83 | P2 Double Encryption with Same Key Source |
Found 5 issue(s).
packages/kit-bg/src/services/ServiceKeylessWallet/ServiceKeylessWallet.ts
Show resolved
Hide resolved
packages/kit-bg/src/services/ServiceKeylessWallet/ServiceKeylessWallet.ts
Show resolved
Hide resolved
packages/kit-bg/src/services/ServiceKeylessWallet/utils/JuiceboxClient.ts
Show resolved
Hide resolved
packages/kit-bg/src/services/ServiceKeylessWallet/ServiceKeylessWallet.ts
Show resolved
Hide resolved
packages/kit-bg/src/services/ServiceKeylessWallet/utils/keylessMnemonicPasswordStorage.ts
Show resolved
Hide resolved
originalix
approved these changes
Jan 7, 2026
huhuanming
approved these changes
Jan 7, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.