Skip to content

Seedless Onboarding Controller #5671

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 60 commits into
base: main
Choose a base branch
from
Open

Seedless Onboarding Controller #5671

wants to merge 60 commits into from

Conversation

lwin-kyaw
Copy link

@lwin-kyaw lwin-kyaw commented Apr 17, 2025
edited by chaitanyapotti
Loading

Explanation

Adds new seedless onboarding controller. This controller allows MM extension and mobile users to login with google, apple accounts. This controller communicates with web3auth nodes + relies on toprf sdk (unreleased) to perform CRU operations related to backing up srps.

The full list of operations supported are as follows:

  • Authenticate OAuth user using the seedless onboarding flow and determine if the user is already registered or not
  • Create a new Toprf key and backup seed phrase
  • Add a new seed phrase backup to the metadata store
  • Add array of new seed phrase backups to the metadata store in batch (useful in multi-srp flow)
  • Fetch seed phrase metadata from the metadata store
  • Update the password of the seedless onboarding flow

The controller also persists some data to the local encrypted vault similar to keyring controller. This vault is encrypted with user password and contains ek, sk related to toprf flow.
We also store backupHashes locally to showcase in settings page whether a srp is backed up or not

The following items are not included in this PR and will be included in the next one

  • what to do when nodeAuthTokens are expired? - expires based on login timeout - adding support for refresh tokens
  • what to do when toprfEncryptionKey, toprfAuthKeyPair expire? - expires when user changes password - solved by password syncing
  • support password syncing when available (currently under design)

References

Please refer to seedless onboarding feature narrative

Changelog

Checklist

  • I've updated the test suite for new or updated code as appropriate
  • I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate
  • I've communicated my changes to consumers by updating changelogs for packages I've changed, highlighting breaking changes as necessary
  • I've prepared draft pull requests for clients and consumer packages to resolve any breaking changes

@github-project-automation github-project-automation bot moved this to Needs dev review in PR review queue Apr 17, 2025
@chaitanyapotti chaitanyapotti added the enhancement New feature or request label Apr 17, 2025
@chaitanyapotti chaitanyapotti self-assigned this Apr 17, 2025
@chaitanyapotti chaitanyapotti marked this pull request as ready for review April 17, 2025 04:57
@chaitanyapotti chaitanyapotti requested a review from a team as a code owner April 17, 2025 04:57
mcmire
mcmire previously approved these changes Apr 18, 2025
View reviewed changes
Copy link
Contributor

@mcmire mcmire left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@himanshuchawla009
Copy link

@metamaskbot publish-preview

@github-actions GitHub Actions
Copy link
Contributor

Preview builds have been published. See these instructions for more information about preview builds.

Expand for full list of packages and versions. 
{
  "@metamask-previews/accounts-controller": "27.0.0-preview-ddbcf048",
  "@metamask-previews/address-book-controller": "6.0.3-preview-ddbcf048",
  "@metamask-previews/announcement-controller": "7.0.3-preview-ddbcf048",
  "@metamask-previews/app-metadata-controller": "1.0.0-preview-ddbcf048",
  "@metamask-previews/approval-controller": "7.1.3-preview-ddbcf048",
  "@metamask-previews/assets-controllers": "58.0.0-preview-ddbcf048",
  "@metamask-previews/base-controller": "8.0.0-preview-ddbcf048",
  "@metamask-previews/bridge-controller": "16.0.0-preview-ddbcf048",
  "@metamask-previews/bridge-status-controller": "13.1.0-preview-ddbcf048",
  "@metamask-previews/build-utils": "3.0.3-preview-ddbcf048",
  "@metamask-previews/chain-agnostic-permission": "0.4.0-preview-ddbcf048",
  "@metamask-previews/composable-controller": "11.0.0-preview-ddbcf048",
  "@metamask-previews/controller-utils": "11.7.0-preview-ddbcf048",
  "@metamask-previews/delegation-controller": "0.1.0-preview-ddbcf048",
  "@metamask-previews/earn-controller": "0.12.0-preview-ddbcf048",
  "@metamask-previews/eip1193-permission-middleware": "0.1.0-preview-ddbcf048",
  "@metamask-previews/ens-controller": "16.0.0-preview-ddbcf048",
  "@metamask-previews/eth-json-rpc-provider": "4.1.8-preview-ddbcf048",
  "@metamask-previews/gas-fee-controller": "23.0.0-preview-ddbcf048",
  "@metamask-previews/json-rpc-engine": "10.0.3-preview-ddbcf048",
  "@metamask-previews/json-rpc-middleware-stream": "8.0.7-preview-ddbcf048",
  "@metamask-previews/keyring-controller": "21.0.3-preview-ddbcf048",
  "@metamask-previews/logging-controller": "6.0.4-preview-ddbcf048",
  "@metamask-previews/message-manager": "12.0.1-preview-ddbcf048",
  "@metamask-previews/multichain": "4.0.0-preview-ddbcf048",
  "@metamask-previews/multichain-api-middleware": "0.2.0-preview-ddbcf048",
  "@metamask-previews/multichain-network-controller": "0.5.1-preview-ddbcf048",
  "@metamask-previews/multichain-transactions-controller": "0.9.0-preview-ddbcf048",
  "@metamask-previews/name-controller": "8.0.3-preview-ddbcf048",
  "@metamask-previews/network-controller": "23.2.0-preview-ddbcf048",
  "@metamask-previews/notification-services-controller": "6.0.0-preview-ddbcf048",
  "@metamask-previews/permission-controller": "11.0.6-preview-ddbcf048",
  "@metamask-previews/permission-log-controller": "3.0.3-preview-ddbcf048",
  "@metamask-previews/phishing-controller": "12.4.1-preview-ddbcf048",
  "@metamask-previews/polling-controller": "13.0.0-preview-ddbcf048",
  "@metamask-previews/preferences-controller": "17.0.0-preview-ddbcf048",
  "@metamask-previews/profile-sync-controller": "12.0.0-preview-ddbcf048",
  "@metamask-previews/queued-request-controller": "10.0.0-preview-ddbcf048",
  "@metamask-previews/rate-limit-controller": "6.0.3-preview-ddbcf048",
  "@metamask-previews/remote-feature-flag-controller": "1.6.0-preview-ddbcf048",
  "@metamask-previews/sample-controllers": "0.1.0-preview-ddbcf048",
  "@metamask-previews/seedless-onboarding-controller": "0.0.0-preview-ddbcf048",
  "@metamask-previews/selected-network-controller": "22.0.0-preview-ddbcf048",
  "@metamask-previews/signature-controller": "27.1.0-preview-ddbcf048",
  "@metamask-previews/token-search-discovery-controller": "3.1.0-preview-ddbcf048",
  "@metamask-previews/transaction-controller": "54.1.0-preview-ddbcf048",
  "@metamask-previews/user-operation-controller": "33.0.0-preview-ddbcf048"
}

chaitanyapotti
chaitanyapotti previously approved these changes Apr 21, 2025
View reviewed changes
Copy link
Member

@chaitanyapotti chaitanyapotti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@lwin-kyaw
Copy link
Author

lwin-kyaw commented Apr 22, 2025
edited
Loading

Removed addNewSeedPhraseBackup in this commit, 52646a9 coz the method is related to multi-srp and will include in the multi-srp PR

@chaitanyapotti @himanshuchawla009

@lwin-kyaw
Copy link
Author

@metamaskbot publish-preview

@github-actions GitHub Actions
Copy link
Contributor

Preview builds have been published. See these instructions for more information about preview builds.

Expand for full list of packages and versions. 
{
  "@metamask-previews/accounts-controller": "27.0.0-preview-7aa27646",
  "@metamask-previews/address-book-controller": "6.0.3-preview-7aa27646",
  "@metamask-previews/announcement-controller": "7.0.3-preview-7aa27646",
  "@metamask-previews/app-metadata-controller": "1.0.0-preview-7aa27646",
  "@metamask-previews/approval-controller": "7.1.3-preview-7aa27646",
  "@metamask-previews/assets-controllers": "58.0.0-preview-7aa27646",
  "@metamask-previews/base-controller": "8.0.0-preview-7aa27646",
  "@metamask-previews/bridge-controller": "17.0.0-preview-7aa27646",
  "@metamask-previews/bridge-status-controller": "14.0.0-preview-7aa27646",
  "@metamask-previews/build-utils": "3.0.3-preview-7aa27646",
  "@metamask-previews/chain-agnostic-permission": "0.4.0-preview-7aa27646",
  "@metamask-previews/composable-controller": "11.0.0-preview-7aa27646",
  "@metamask-previews/controller-utils": "11.7.0-preview-7aa27646",
  "@metamask-previews/delegation-controller": "0.1.0-preview-7aa27646",
  "@metamask-previews/earn-controller": "0.12.0-preview-7aa27646",
  "@metamask-previews/eip1193-permission-middleware": "0.1.0-preview-7aa27646",
  "@metamask-previews/ens-controller": "16.0.0-preview-7aa27646",
  "@metamask-previews/eth-json-rpc-provider": "4.1.8-preview-7aa27646",
  "@metamask-previews/gas-fee-controller": "23.0.0-preview-7aa27646",
  "@metamask-previews/json-rpc-engine": "10.0.3-preview-7aa27646",
  "@metamask-previews/json-rpc-middleware-stream": "8.0.7-preview-7aa27646",
  "@metamask-previews/keyring-controller": "21.0.3-preview-7aa27646",
  "@metamask-previews/logging-controller": "6.0.4-preview-7aa27646",
  "@metamask-previews/message-manager": "12.0.1-preview-7aa27646",
  "@metamask-previews/multichain": "4.0.0-preview-7aa27646",
  "@metamask-previews/multichain-api-middleware": "0.2.0-preview-7aa27646",
  "@metamask-previews/multichain-network-controller": "0.5.1-preview-7aa27646",
  "@metamask-previews/multichain-transactions-controller": "0.9.0-preview-7aa27646",
  "@metamask-previews/name-controller": "8.0.3-preview-7aa27646",
  "@metamask-previews/network-controller": "23.2.0-preview-7aa27646",
  "@metamask-previews/notification-services-controller": "6.0.0-preview-7aa27646",
  "@metamask-previews/permission-controller": "11.0.6-preview-7aa27646",
  "@metamask-previews/permission-log-controller": "3.0.3-preview-7aa27646",
  "@metamask-previews/phishing-controller": "12.5.0-preview-7aa27646",
  "@metamask-previews/polling-controller": "13.0.0-preview-7aa27646",
  "@metamask-previews/preferences-controller": "17.0.0-preview-7aa27646",
  "@metamask-previews/profile-sync-controller": "12.0.0-preview-7aa27646",
  "@metamask-previews/queued-request-controller": "10.0.0-preview-7aa27646",
  "@metamask-previews/rate-limit-controller": "6.0.3-preview-7aa27646",
  "@metamask-previews/remote-feature-flag-controller": "1.6.0-preview-7aa27646",
  "@metamask-previews/sample-controllers": "0.1.0-preview-7aa27646",
  "@metamask-previews/seedless-onboarding-controller": "0.0.0-preview-7aa27646",
  "@metamask-previews/selected-network-controller": "22.0.0-preview-7aa27646",
  "@metamask-previews/signature-controller": "27.1.0-preview-7aa27646",
  "@metamask-previews/token-search-discovery-controller": "3.1.0-preview-7aa27646",
  "@metamask-previews/transaction-controller": "54.1.0-preview-7aa27646",
  "@metamask-previews/user-operation-controller": "33.0.0-preview-7aa27646"
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@himanshuchawla009 himanshuchawla009 himanshuchawla009 requested changes

@matthiasgeihs matthiasgeihs matthiasgeihs left review comments

@mcmire mcmire mcmire left review comments

@chaitanyapotti chaitanyapotti chaitanyapotti left review comments

@darkwing darkwing Awaiting requested review from darkwing

@Gudahtt Gudahtt Awaiting requested review from Gudahtt

@danroc danroc Awaiting requested review from danroc

Requested changes must be addressed to merge this pull request.

Assignees

@chaitanyapotti chaitanyapotti

Labels
enhancement New feature or request team-web3auth
Projects
PR review queue
Status: Needs more work from the author
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@lwin-kyaw @himanshuchawla009 @mcmire @chaitanyapotti @matthiasgeihs @darkwing @Gudahtt