feat(auth): add fetchAuthChallenge and complete SEP-10 wallet auth flow#809
Merged
Akshola00 merged 3 commits intoJun 29, 2026
Conversation
- Add fetchAuthChallenge(publicKey) to lib/api-client.ts calling
GET /auth/challenge?publicKey=<pubkey>, returns { nonce, expiresAt }
- Export AuthChallenge interface from api-client.ts
- Update walletStore connectWallet() to run the full SEP-10 flow:
fetch challenge → sign nonce via Freighter → verify → store JWT
- isAuthenticated is set to true only after successful auth verification
- Add tests for fetchAuthChallenge (success and 4xx error cases)
- Add tests for walletStore SEP-10 flow (success, callback, error cases)
Closes Web3Novalabs#698
Closes Web3Novalabs#700
|
@priscaenoch Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
Frontend: - Add missing recentDonations useState declaration in profile/page.tsx; state was referenced in render and useEffect but never declared Server: - auth.module.ts: remove duplicate ConfigModule import and deduplicate PassportModule/TypeOrmModule.forFeature entries in imports array - donations.service.ts: add missing InjectRepository, Repository imports and Donation entity import; export DonationSortBy type consumed by donations.controller.ts - pools.controller.ts: add missing Query decorator import from @nestjs/common; inject DonationsService into constructor (already provided via DonationsModule import in PoolsModule)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
fetchAuthChallenge(publicKey)tolib/api-client.tsthat callsGET /auth/challenge?publicKey=<pubkey>and returns{ nonce: string, expiresAt: number }(closes [S4] Add fetchAuthChallenge() function to API client #698)AuthChallengeinterface fromlib/api-client.tswalletStoreconnectWallet()to complete the full SEP-10 challenge-sign-verify flow after wallet connection (closes [S4] Update walletStore to complete SEP-10 auth after wallet connect #700)isAuthenticatedis only set totrueafter successful JWT retrievalChanges
nevo_frontend/lib/api-client.tsAuthChallengeinterface ({ nonce: string; expiresAt: number })fetchAuthChallenge(publicKey: string): Promise<AuthChallenge>callingGET /auth/challengewithrequireAuth: falseandcacheResponse: falsenevo_frontend/src/store/walletStore.tssignWithWalletfrom@/app/stellar-wallets-kitfetchAuthChallengeandverifyAuthSignaturefrom@/lib/api-clientconnectWallet(): after obtainingpublicKey, runsfetchAuthChallenge→signWithWallet(nonce)→verifyAuthSignature→ setsaccessTokenandisAuthenticated: truenevo_frontend/__tests__/api-client.test.tsfetchAuthChallengetests: success path and 4xx error throwingApiErrornevo_frontend/__tests__/walletStore.test.ts@/lib/api-clientand@/lib/stellarconnectWallet SEP-10 authsuite: full flow success,onSuccesscallback, and error propagation fromverifyAuthSignatureTesting
fetchAuthChallenge(success + error) and theconnectWalletSEP-10 flow (success, callback, and auth failure propagation)disconnectWallettest preserved and unaffectedcloses #698
closes #700