fix(seedless-onboarding): update tests for optional refreshToken and proactive renewal by himanshuchawla009 · Pull Request #8148 · MetaMask/core

himanshuchawla009 · 2026-03-09T15:59:22Z

Replace stale concurrent-rotation test with assertion that authenticate never receives refreshToken from the token-refresh path
Add tests verifying renewRefreshToken is called proactively after vault update when vault is unlocked, and skipped when locked
Add test covering the renewRefreshToken error-swallow path in refreshAuthTokens (catch block log call)
Add renewRefreshToken tests for vault-unlocked (no password) path and vault-locked-no-password error path
Fix two existing tests that captured state.refreshToken after the call; proactive renewal now rotates the token, so capture it before the call

Explanation

References

Checklist

I've updated the test suite for new or updated code as appropriate
I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate
I've communicated my changes to consumers by updating changelogs for packages I've changed
I've introduced breaking changes in this PR and have prepared draft pull requests for clients and consumer packages to resolve them

Note

Medium Risk
Touches authentication/token-refresh logic and changes refresh-token lifecycle (including a breaking API removal), which could impact session continuity if edge cases are missed.

Overview
Updates refreshAuthTokens to re-authenticate via a new private #reAuthenticate that only accepts JWT-refresh outputs, and (when the vault is unlocked) proactively rotates the refresh/revoke token pair via new public rotateRefreshToken while queuing the old pair for later revocation.

Token expiry checks now use a proactive 90%-lifetime threshold for accessToken/metadataAccessToken (via new isTokenNearExpiry), while node auth tokens use exact expiry; fetchMetadataAccessCreds aligns with this logic.

Fixes token-refresh ordering in addNewSecretData/changePassword by moving #assertPasswordInSync inside the token-refresh wrapper, adds a new VaultLocked error, removes the public renewRefreshToken API, and refreshes/expands tests to cover the new behaviors.

^{Written by Cursor Bugbot for commit 25d2d45. This will update automatically on new commits. Configure here.}

…proactive renewal - Replace stale concurrent-rotation test with assertion that authenticate never receives refreshToken from the token-refresh path - Add tests verifying renewRefreshToken is called proactively after vault update when vault is unlocked, and skipped when locked - Add test covering the renewRefreshToken error-swallow path in refreshAuthTokens (catch block log call) - Add renewRefreshToken tests for vault-unlocked (no password) path and vault-locked-no-password error path - Fix two existing tests that captured state.refreshToken after the call; proactive renewal now rotates the token, so capture it before the call

Token expiry helpers now use a 90% lifetime threshold: - Access/metadata tokens refresh when <10% lifetime remains (uses iat) - Node auth tokens fall back to exact-expiry check (no reliable iat) Introduces module-level isTokenNearExpiry(exp, iat?) helper used by checkNodeAuthTokenExpired, checkMetadataAccessTokenExpired, and checkAccessTokenExpired.

Cover all source changes introduced in this branch: - authenticate() optional refreshToken param - proactive renewRefreshToken after JWT refresh in #doRefreshAuthTokens - renewRefreshToken vault-unlock path (optional password + skipLock) - 90% lifetime threshold for proactive token expiry checks

himanshuchawla009 · 2026-03-10T07:44:11Z

@metamaskbot publish-preview

ieow · 2026-03-10T09:01:47Z

packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts

          vaultData: updatedVaultData,
          pwEncKey,
        });
+


should we add option to skip proactive renewRefreshToken ?

good suggestion, would be useful to skip in some cases.

ieow · 2026-03-10T09:03:59Z

packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts

   */
-  async renewRefreshToken(password: string): Promise<void> {
-    return await this.#withControllerLock(async () => {
+  async renewRefreshToken(


should we consider to allow renewRefreshToken happend only when the seedless controller vault is unlocked?

we can always call submitPassword before renewRefreshToken if there are scenario where the vault is locked and we have password

Agree with this. We can get rid of password from the params and rely on the cached encryptionKey only (which is only available when the vault is unlocked).

ieow · 2026-03-10T09:20:37Z

packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts

+      // NOTE: refreshToken is intentionally omitted — renewRefreshToken is the
+      // sole owner of state.refreshToken. Passing it here would risk overwriting
+      // a token that renewRefreshToken rotated concurrently during the async
+      // toprfClient.authenticate() call below.


is it cleaner if we have re-authenticate function which only accept

idTokens, accessToken, metadataAccessToken,

Instead making the authenticate accept different input structure type

Yes, I think refactor the authenticate would be better, so that we can make stricter validation, i.e. first time authentication must provide accessToken and revokeToken while re-authenticate may not.

lwin-kyaw · 2026-03-10T13:35:59Z

packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts

   */
-  async renewRefreshToken(password: string): Promise<void> {
-    return await this.#withControllerLock(async () => {
+  async renewRefreshToken(


I noticed we call this method internally, inside #doRefreshAuthTokens() so, I think we can make this private already.

Clients should not decide when to call this method, imo.

lwin-kyaw · 2026-03-10T13:41:03Z

packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts

+      // NOTE: refreshToken is intentionally omitted — renewRefreshToken is the
+      // sole owner of state.refreshToken. Passing it here would risk overwriting
+      // a token that renewRefreshToken rotated concurrently during the async
+      // toprfClient.authenticate() call below.


Yes, I think refactor the authenticate would be better, so that we can make stricter validation, i.e. first time authentication must provide accessToken and revokeToken while re-authenticate may not.

- Make renewRefreshToken private (#rotateRefreshToken): vault-unlock only, no password param — callers must unlock first via submitPassword - Add #reAuthenticate private method for JWT-refresh re-auth path, accepting only {idTokens, accessToken, metadataAccessToken} from the refresh service - Add skipRenewRefreshToken option to refreshAuthTokens to allow callers to opt out of the proactive rotation - Update tests: renewRefreshToken describe converted to #rotateRefreshToken (tested via refreshAuthTokens), add skipRenewRefreshToken test, add skipLock branch coverage for authenticate

packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts

- fetchMetadataAccessCreds: use isTokenNearExpiry(exp, iat) instead of exact expiry so it is consistent with checkMetadataAccessTokenExpired - isTokenNearExpiry: guard against malformed tokens where iat >= exp (zero or negative lifetime) by falling back to exact-expiry check

packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts

… explicit options Callers passing explicit options (e.g. skipRenewRefreshToken: true) must not be served by an in-flight request that was started with different options. Only default-options calls (no explicit flags) share the pending promise; explicit-options calls each get their own independent request.

packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts

ieow · 2026-03-12T08:34:00Z

packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts

+   *
+   * @returns A Promise that resolves to void.
+   */
+  async #rotateRefreshToken(): Promise<void> {


Just to confirm the private behaviour
with this private, the parent cannot rotateRefreshToken (renewRefreshToken), it can now only revokePendingToken.

…ents and logging - Remove redundant `skipRenewRefreshToken` option from `refreshAuthTokens` since the `#cachedDecryptedVaultData` guard already prevents rotation when the vault is locked - Use project `log()` instead of `console.error` for rotation failure - Fix stale JSDoc on `authenticate` that referenced removed internal usage - Update `checkMetadataAccessTokenExpired` and `checkAccessTokenExpired` JSDoc to mention the 90% proactive refresh threshold - Add `VaultLocked` error constant with defensive guard in `#rotateRefreshToken` - Remove related tests for the deleted option

ieow · 2026-03-16T06:31:50Z

packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts

+    if (newRevokeToken && newRefreshToken) {
+      // Persist the new revoke token to the vault first. Only update state after
+      // the vault write succeeds, so state and vault stay in sync if the write fails.
+      await this.#updateVault({


info - the vault is not persisted yet after await.
It broadcast state:change message only.
same message is broadcasted during the addRefreshTokenToRevokeList

ieow · 2026-03-16T06:52:26Z

packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts

-      await this.authenticate({
+      // Re-authenticate with the refreshed id tokens to update node auth
+      // tokens, accessToken, and metadataAccessToken in state.
+      await this.#reAuthenticate({


nit: access token is in the non-vault state,
do we still need it in the vault data?

check line 2183

Hello, accessToken is not persisted in plain state, we only persist in vault. That's why we need it.

if it is not persisted in the plain state, how does the check for password outdated works when the wallet is locked / app reopen ?

ieow

lgtm

ieow · 2026-03-16T07:17:08Z

@metamaskbot publish-preview

github-actions · 2026-03-16T07:25:06Z

Preview builds have been published. See these instructions for more information about preview builds.

Expand for full list of packages and versions.

{
  "@metamask-previews/account-tree-controller": "4.1.1-preview-d3b0814a7",
  "@metamask-previews/accounts-controller": "36.0.1-preview-d3b0814a7",
  "@metamask-previews/address-book-controller": "7.0.1-preview-d3b0814a7",
  "@metamask-previews/ai-controllers": "0.2.0-preview-d3b0814a7",
  "@metamask-previews/analytics-controller": "1.0.0-preview-d3b0814a7",
  "@metamask-previews/analytics-data-regulation-controller": "0.0.0-preview-d3b0814a7",
  "@metamask-previews/announcement-controller": "8.0.0-preview-d3b0814a7",
  "@metamask-previews/app-metadata-controller": "2.0.0-preview-d3b0814a7",
  "@metamask-previews/approval-controller": "8.0.0-preview-d3b0814a7",
  "@metamask-previews/assets-controller": "2.2.0-preview-d3b0814a7",
  "@metamask-previews/assets-controllers": "100.1.0-preview-d3b0814a7",
  "@metamask-previews/base-controller": "9.0.0-preview-d3b0814a7",
  "@metamask-previews/base-data-service": "0.0.0-preview-d3b0814a7",
  "@metamask-previews/bridge-controller": "68.0.0-preview-d3b0814a7",
  "@metamask-previews/bridge-status-controller": "68.0.0-preview-d3b0814a7",
  "@metamask-previews/build-utils": "3.0.4-preview-d3b0814a7",
  "@metamask-previews/chain-agnostic-permission": "1.4.0-preview-d3b0814a7",
  "@metamask-previews/claims-controller": "0.4.2-preview-d3b0814a7",
  "@metamask-previews/client-controller": "1.0.0-preview-d3b0814a7",
  "@metamask-previews/compliance-controller": "1.0.1-preview-d3b0814a7",
  "@metamask-previews/composable-controller": "12.0.0-preview-d3b0814a7",
  "@metamask-previews/config-registry-controller": "0.1.0-preview-d3b0814a7",
  "@metamask-previews/connectivity-controller": "0.1.0-preview-d3b0814a7",
  "@metamask-previews/controller-utils": "11.19.0-preview-d3b0814a7",
  "@metamask-previews/core-backend": "6.0.0-preview-d3b0814a7",
  "@metamask-previews/delegation-controller": "2.0.1-preview-d3b0814a7",
  "@metamask-previews/earn-controller": "11.1.1-preview-d3b0814a7",
  "@metamask-previews/eip-5792-middleware": "3.0.0-preview-d3b0814a7",
  "@metamask-previews/eip-7702-internal-rpc-middleware": "0.1.0-preview-d3b0814a7",
  "@metamask-previews/eip1193-permission-middleware": "1.0.3-preview-d3b0814a7",
  "@metamask-previews/ens-controller": "19.0.3-preview-d3b0814a7",
  "@metamask-previews/error-reporting-service": "3.0.1-preview-d3b0814a7",
  "@metamask-previews/eth-block-tracker": "15.0.1-preview-d3b0814a7",
  "@metamask-previews/eth-json-rpc-middleware": "23.1.0-preview-d3b0814a7",
  "@metamask-previews/eth-json-rpc-provider": "6.0.0-preview-d3b0814a7",
  "@metamask-previews/foundryup": "1.0.1-preview-d3b0814a7",
  "@metamask-previews/gas-fee-controller": "26.0.3-preview-d3b0814a7",
  "@metamask-previews/gator-permissions-controller": "2.0.0-preview-d3b0814a7",
  "@metamask-previews/geolocation-controller": "0.1.1-preview-d3b0814a7",
  "@metamask-previews/json-rpc-engine": "10.2.3-preview-d3b0814a7",
  "@metamask-previews/json-rpc-middleware-stream": "8.0.8-preview-d3b0814a7",
  "@metamask-previews/keyring-controller": "25.1.0-preview-d3b0814a7",
  "@metamask-previews/logging-controller": "7.0.1-preview-d3b0814a7",
  "@metamask-previews/message-manager": "14.1.0-preview-d3b0814a7",
  "@metamask-previews/messenger": "0.3.0-preview-d3b0814a7",
  "@metamask-previews/multichain-account-service": "7.0.0-preview-d3b0814a7",
  "@metamask-previews/multichain-api-middleware": "1.2.7-preview-d3b0814a7",
  "@metamask-previews/multichain-network-controller": "3.0.4-preview-d3b0814a7",
  "@metamask-previews/multichain-transactions-controller": "7.0.1-preview-d3b0814a7",
  "@metamask-previews/name-controller": "9.0.0-preview-d3b0814a7",
  "@metamask-previews/network-controller": "30.0.0-preview-d3b0814a7",
  "@metamask-previews/network-enablement-controller": "4.2.0-preview-d3b0814a7",
  "@metamask-previews/notification-services-controller": "22.0.0-preview-d3b0814a7",
  "@metamask-previews/permission-controller": "12.2.0-preview-d3b0814a7",
  "@metamask-previews/permission-log-controller": "5.0.0-preview-d3b0814a7",
  "@metamask-previews/perps-controller": "1.0.0-preview-d3b0814a7",
  "@metamask-previews/phishing-controller": "16.3.0-preview-d3b0814a7",
  "@metamask-previews/polling-controller": "16.0.3-preview-d3b0814a7",
  "@metamask-previews/preferences-controller": "22.1.0-preview-d3b0814a7",
  "@metamask-previews/profile-metrics-controller": "3.0.1-preview-d3b0814a7",
  "@metamask-previews/profile-sync-controller": "27.1.0-preview-d3b0814a7",
  "@metamask-previews/ramps-controller": "10.2.0-preview-d3b0814a7",
  "@metamask-previews/rate-limit-controller": "7.0.0-preview-d3b0814a7",
  "@metamask-previews/remote-feature-flag-controller": "4.1.0-preview-d3b0814a7",
  "@metamask-previews/sample-controllers": "4.0.3-preview-d3b0814a7",
  "@metamask-previews/seedless-onboarding-controller": "8.1.0-preview-d3b0814a7",
  "@metamask-previews/selected-network-controller": "26.0.3-preview-d3b0814a7",
  "@metamask-previews/shield-controller": "5.0.1-preview-d3b0814a7",
  "@metamask-previews/signature-controller": "39.0.4-preview-d3b0814a7",
  "@metamask-previews/storage-service": "1.0.0-preview-d3b0814a7",
  "@metamask-previews/subscription-controller": "6.0.0-preview-d3b0814a7",
  "@metamask-previews/transaction-controller": "62.20.0-preview-d3b0814a7",
  "@metamask-previews/transaction-pay-controller": "16.4.0-preview-d3b0814a7",
  "@metamask-previews/user-operation-controller": "41.0.3-preview-d3b0814a7"
}

Expose rotateRefreshToken as a public method so callers can trigger refresh token rotation directly. Update tests to exercise the method via its public API and add coverage for edge cases.

ieow · 2026-03-16T08:36:20Z

@metamaskbot publish-preview

cursor

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

cursor · 2026-03-16T08:41:07Z

packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts

+        refreshToken,
+        revokeToken,
+      });
+    }


Public rotateRefreshToken lost controller lock protection

Medium Severity

The old renewRefreshToken was wrapped in this.#withControllerLock(), preventing concurrent execution with other locked operations like authenticate or submitPassword. The new rotateRefreshToken has no lock protection but remains public (the CHANGELOG says it "can also be called directly"). An external caller invoking rotateRefreshToken while refreshAuthTokens is in-flight could cause both to read the same revokeToken from the vault and the same refreshToken from state, leading to a double-rotation race: duplicate HTTP renewal calls, last-writer-wins on vault and state updates, and the same old token pair queued for revocation twice.

@himanshuchawla009 , should we add the pendingRequest variable like we did for the refresh access token ( refreshToken )

github-actions · 2026-03-16T08:44:34Z

Preview builds have been published. See these instructions for more information about preview builds.

Expand for full list of packages and versions.

{
  "@metamask-previews/account-tree-controller": "4.1.1-preview-fe5e4090d",
  "@metamask-previews/accounts-controller": "36.0.1-preview-fe5e4090d",
  "@metamask-previews/address-book-controller": "7.0.1-preview-fe5e4090d",
  "@metamask-previews/ai-controllers": "0.2.0-preview-fe5e4090d",
  "@metamask-previews/analytics-controller": "1.0.0-preview-fe5e4090d",
  "@metamask-previews/analytics-data-regulation-controller": "0.0.0-preview-fe5e4090d",
  "@metamask-previews/announcement-controller": "8.0.0-preview-fe5e4090d",
  "@metamask-previews/app-metadata-controller": "2.0.0-preview-fe5e4090d",
  "@metamask-previews/approval-controller": "8.0.0-preview-fe5e4090d",
  "@metamask-previews/assets-controller": "2.2.0-preview-fe5e4090d",
  "@metamask-previews/assets-controllers": "100.1.0-preview-fe5e4090d",
  "@metamask-previews/base-controller": "9.0.0-preview-fe5e4090d",
  "@metamask-previews/base-data-service": "0.0.0-preview-fe5e4090d",
  "@metamask-previews/bridge-controller": "68.0.0-preview-fe5e4090d",
  "@metamask-previews/bridge-status-controller": "68.0.0-preview-fe5e4090d",
  "@metamask-previews/build-utils": "3.0.4-preview-fe5e4090d",
  "@metamask-previews/chain-agnostic-permission": "1.4.0-preview-fe5e4090d",
  "@metamask-previews/claims-controller": "0.4.2-preview-fe5e4090d",
  "@metamask-previews/client-controller": "1.0.0-preview-fe5e4090d",
  "@metamask-previews/compliance-controller": "1.0.1-preview-fe5e4090d",
  "@metamask-previews/composable-controller": "12.0.0-preview-fe5e4090d",
  "@metamask-previews/config-registry-controller": "0.1.0-preview-fe5e4090d",
  "@metamask-previews/connectivity-controller": "0.1.0-preview-fe5e4090d",
  "@metamask-previews/controller-utils": "11.19.0-preview-fe5e4090d",
  "@metamask-previews/core-backend": "6.0.0-preview-fe5e4090d",
  "@metamask-previews/delegation-controller": "2.0.1-preview-fe5e4090d",
  "@metamask-previews/earn-controller": "11.1.1-preview-fe5e4090d",
  "@metamask-previews/eip-5792-middleware": "3.0.0-preview-fe5e4090d",
  "@metamask-previews/eip-7702-internal-rpc-middleware": "0.1.0-preview-fe5e4090d",
  "@metamask-previews/eip1193-permission-middleware": "1.0.3-preview-fe5e4090d",
  "@metamask-previews/ens-controller": "19.0.3-preview-fe5e4090d",
  "@metamask-previews/error-reporting-service": "3.0.1-preview-fe5e4090d",
  "@metamask-previews/eth-block-tracker": "15.0.1-preview-fe5e4090d",
  "@metamask-previews/eth-json-rpc-middleware": "23.1.0-preview-fe5e4090d",
  "@metamask-previews/eth-json-rpc-provider": "6.0.0-preview-fe5e4090d",
  "@metamask-previews/foundryup": "1.0.1-preview-fe5e4090d",
  "@metamask-previews/gas-fee-controller": "26.0.3-preview-fe5e4090d",
  "@metamask-previews/gator-permissions-controller": "2.0.0-preview-fe5e4090d",
  "@metamask-previews/geolocation-controller": "0.1.1-preview-fe5e4090d",
  "@metamask-previews/json-rpc-engine": "10.2.3-preview-fe5e4090d",
  "@metamask-previews/json-rpc-middleware-stream": "8.0.8-preview-fe5e4090d",
  "@metamask-previews/keyring-controller": "25.1.0-preview-fe5e4090d",
  "@metamask-previews/logging-controller": "7.0.1-preview-fe5e4090d",
  "@metamask-previews/message-manager": "14.1.0-preview-fe5e4090d",
  "@metamask-previews/messenger": "0.3.0-preview-fe5e4090d",
  "@metamask-previews/multichain-account-service": "7.0.0-preview-fe5e4090d",
  "@metamask-previews/multichain-api-middleware": "1.2.7-preview-fe5e4090d",
  "@metamask-previews/multichain-network-controller": "3.0.4-preview-fe5e4090d",
  "@metamask-previews/multichain-transactions-controller": "7.0.1-preview-fe5e4090d",
  "@metamask-previews/name-controller": "9.0.0-preview-fe5e4090d",
  "@metamask-previews/network-controller": "30.0.0-preview-fe5e4090d",
  "@metamask-previews/network-enablement-controller": "4.2.0-preview-fe5e4090d",
  "@metamask-previews/notification-services-controller": "22.0.0-preview-fe5e4090d",
  "@metamask-previews/permission-controller": "12.2.0-preview-fe5e4090d",
  "@metamask-previews/permission-log-controller": "5.0.0-preview-fe5e4090d",
  "@metamask-previews/perps-controller": "1.0.0-preview-fe5e4090d",
  "@metamask-previews/phishing-controller": "16.3.0-preview-fe5e4090d",
  "@metamask-previews/polling-controller": "16.0.3-preview-fe5e4090d",
  "@metamask-previews/preferences-controller": "22.1.0-preview-fe5e4090d",
  "@metamask-previews/profile-metrics-controller": "3.0.1-preview-fe5e4090d",
  "@metamask-previews/profile-sync-controller": "27.1.0-preview-fe5e4090d",
  "@metamask-previews/ramps-controller": "10.2.0-preview-fe5e4090d",
  "@metamask-previews/rate-limit-controller": "7.0.0-preview-fe5e4090d",
  "@metamask-previews/remote-feature-flag-controller": "4.1.0-preview-fe5e4090d",
  "@metamask-previews/sample-controllers": "4.0.3-preview-fe5e4090d",
  "@metamask-previews/seedless-onboarding-controller": "8.1.0-preview-fe5e4090d",
  "@metamask-previews/selected-network-controller": "26.0.3-preview-fe5e4090d",
  "@metamask-previews/shield-controller": "5.0.1-preview-fe5e4090d",
  "@metamask-previews/signature-controller": "39.0.4-preview-fe5e4090d",
  "@metamask-previews/storage-service": "1.0.0-preview-fe5e4090d",
  "@metamask-previews/subscription-controller": "6.0.0-preview-fe5e4090d",
  "@metamask-previews/transaction-controller": "62.20.0-preview-fe5e4090d",
  "@metamask-previews/transaction-pay-controller": "16.4.0-preview-fe5e4090d",
  "@metamask-previews/user-operation-controller": "41.0.3-preview-fe5e4090d"
}

ieow · 2026-03-16T08:58:54Z

@metamaskbot publish-preview

ieow

lgtm

…esh wrapper assertPasswordInSync was called outside executeWithTokenRefresh in addNewSecretData and changePassword, causing fetchAuthPubKey to send expired nodeAuthTokens to the backend (FailedToFetchAuthPubKey errors in Sentry). Moving it inside the callback ensures tokens are refreshed before the call and retried on expiry.

lwin-kyaw · 2026-03-18T07:45:58Z

packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts

   * @param params.groupedAuthConnectionId - Optional grouped authConnectionId to be used for the authenticate request.
   * @param params.socialLoginEmail - The user email from Social login.
-   * @param params.refreshToken - refresh token for refreshing expired nodeAuthTokens.
+   * @param params.refreshToken - Refresh token issued during OAuth login. Written to state when provided.


I think we can make revokeToken as required after we refactor re-authenticate logic to #reAuthenticate

reauthenticate function can be called before unlock when revokeToken is not available, so don't think it can be required.

lwin-kyaw · 2026-03-18T08:02:20Z

@metamaskbot publish-preview

github-actions · 2026-03-18T08:10:30Z

Preview builds have been published. See these instructions for more information about preview builds.

Expand for full list of packages and versions.

{
  "@metamask-previews/account-tree-controller": "4.1.1-preview-25d2d4502",
  "@metamask-previews/accounts-controller": "36.0.1-preview-25d2d4502",
  "@metamask-previews/address-book-controller": "7.0.1-preview-25d2d4502",
  "@metamask-previews/ai-controllers": "0.2.0-preview-25d2d4502",
  "@metamask-previews/analytics-controller": "1.0.0-preview-25d2d4502",
  "@metamask-previews/analytics-data-regulation-controller": "0.0.0-preview-25d2d4502",
  "@metamask-previews/announcement-controller": "8.0.0-preview-25d2d4502",
  "@metamask-previews/app-metadata-controller": "2.0.0-preview-25d2d4502",
  "@metamask-previews/approval-controller": "8.0.0-preview-25d2d4502",
  "@metamask-previews/assets-controller": "2.2.0-preview-25d2d4502",
  "@metamask-previews/assets-controllers": "100.1.0-preview-25d2d4502",
  "@metamask-previews/base-controller": "9.0.0-preview-25d2d4502",
  "@metamask-previews/base-data-service": "0.0.0-preview-25d2d4502",
  "@metamask-previews/bridge-controller": "68.0.0-preview-25d2d4502",
  "@metamask-previews/bridge-status-controller": "68.0.0-preview-25d2d4502",
  "@metamask-previews/build-utils": "3.0.4-preview-25d2d4502",
  "@metamask-previews/chain-agnostic-permission": "1.4.0-preview-25d2d4502",
  "@metamask-previews/claims-controller": "0.4.2-preview-25d2d4502",
  "@metamask-previews/client-controller": "1.0.0-preview-25d2d4502",
  "@metamask-previews/compliance-controller": "1.0.1-preview-25d2d4502",
  "@metamask-previews/composable-controller": "12.0.0-preview-25d2d4502",
  "@metamask-previews/config-registry-controller": "0.1.0-preview-25d2d4502",
  "@metamask-previews/connectivity-controller": "0.1.0-preview-25d2d4502",
  "@metamask-previews/controller-utils": "11.19.0-preview-25d2d4502",
  "@metamask-previews/core-backend": "6.0.0-preview-25d2d4502",
  "@metamask-previews/delegation-controller": "2.0.1-preview-25d2d4502",
  "@metamask-previews/earn-controller": "11.1.1-preview-25d2d4502",
  "@metamask-previews/eip-5792-middleware": "3.0.0-preview-25d2d4502",
  "@metamask-previews/eip-7702-internal-rpc-middleware": "0.1.0-preview-25d2d4502",
  "@metamask-previews/eip1193-permission-middleware": "1.0.3-preview-25d2d4502",
  "@metamask-previews/ens-controller": "19.0.3-preview-25d2d4502",
  "@metamask-previews/error-reporting-service": "3.0.1-preview-25d2d4502",
  "@metamask-previews/eth-block-tracker": "15.0.1-preview-25d2d4502",
  "@metamask-previews/eth-json-rpc-middleware": "23.1.0-preview-25d2d4502",
  "@metamask-previews/eth-json-rpc-provider": "6.0.0-preview-25d2d4502",
  "@metamask-previews/foundryup": "1.0.1-preview-25d2d4502",
  "@metamask-previews/gas-fee-controller": "26.0.3-preview-25d2d4502",
  "@metamask-previews/gator-permissions-controller": "2.0.0-preview-25d2d4502",
  "@metamask-previews/geolocation-controller": "0.1.1-preview-25d2d4502",
  "@metamask-previews/json-rpc-engine": "10.2.3-preview-25d2d4502",
  "@metamask-previews/json-rpc-middleware-stream": "8.0.8-preview-25d2d4502",
  "@metamask-previews/keyring-controller": "25.1.0-preview-25d2d4502",
  "@metamask-previews/logging-controller": "7.0.1-preview-25d2d4502",
  "@metamask-previews/message-manager": "14.1.0-preview-25d2d4502",
  "@metamask-previews/messenger": "0.3.0-preview-25d2d4502",
  "@metamask-previews/multichain-account-service": "7.0.0-preview-25d2d4502",
  "@metamask-previews/multichain-api-middleware": "1.2.7-preview-25d2d4502",
  "@metamask-previews/multichain-network-controller": "3.0.4-preview-25d2d4502",
  "@metamask-previews/multichain-transactions-controller": "7.0.1-preview-25d2d4502",
  "@metamask-previews/name-controller": "9.0.0-preview-25d2d4502",
  "@metamask-previews/network-controller": "30.0.0-preview-25d2d4502",
  "@metamask-previews/network-enablement-controller": "4.2.0-preview-25d2d4502",
  "@metamask-previews/notification-services-controller": "22.0.0-preview-25d2d4502",
  "@metamask-previews/permission-controller": "12.2.0-preview-25d2d4502",
  "@metamask-previews/permission-log-controller": "5.0.0-preview-25d2d4502",
  "@metamask-previews/perps-controller": "1.0.0-preview-25d2d4502",
  "@metamask-previews/phishing-controller": "16.3.0-preview-25d2d4502",
  "@metamask-previews/polling-controller": "16.0.3-preview-25d2d4502",
  "@metamask-previews/preferences-controller": "22.1.0-preview-25d2d4502",
  "@metamask-previews/profile-metrics-controller": "3.0.1-preview-25d2d4502",
  "@metamask-previews/profile-sync-controller": "27.1.0-preview-25d2d4502",
  "@metamask-previews/ramps-controller": "10.2.0-preview-25d2d4502",
  "@metamask-previews/rate-limit-controller": "7.0.0-preview-25d2d4502",
  "@metamask-previews/remote-feature-flag-controller": "4.1.0-preview-25d2d4502",
  "@metamask-previews/sample-controllers": "4.0.3-preview-25d2d4502",
  "@metamask-previews/seedless-onboarding-controller": "8.1.0-preview-25d2d4502",
  "@metamask-previews/selected-network-controller": "26.0.3-preview-25d2d4502",
  "@metamask-previews/shield-controller": "5.0.1-preview-25d2d4502",
  "@metamask-previews/signature-controller": "39.0.4-preview-25d2d4502",
  "@metamask-previews/storage-service": "1.0.0-preview-25d2d4502",
  "@metamask-previews/subscription-controller": "6.0.0-preview-25d2d4502",
  "@metamask-previews/transaction-controller": "62.20.0-preview-25d2d4502",
  "@metamask-previews/transaction-pay-controller": "16.4.0-preview-25d2d4502",
  "@metamask-previews/user-operation-controller": "41.0.3-preview-25d2d4502"
}

ieow · 2026-03-18T11:57:23Z

packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts

-      });
-
      const performBackup = async (): Promise<void> => {
+        await this.#assertPasswordInSync({


why do we move this.#assertPasswordInSync in side the performBackup/attemptChangePassword ?

ieow

lgtm

himanshuchawla009 added 3 commits March 9, 2026 22:41

himanshuchawla009 marked this pull request as ready for review March 10, 2026 07:41

himanshuchawla009 requested review from a team as code owners March 10, 2026 07:41

ieow reviewed Mar 10, 2026

View reviewed changes

lwin-kyaw reviewed Mar 10, 2026

View reviewed changes

cursor bot reviewed Mar 11, 2026

View reviewed changes

packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts Show resolved Hide resolved

packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts Show resolved Hide resolved

cursor bot reviewed Mar 11, 2026

View reviewed changes

packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts Outdated Show resolved Hide resolved

cursor bot reviewed Mar 11, 2026

View reviewed changes

packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts Show resolved Hide resolved

chore(seedless-onboarding): mark breaking change in changelog

358e1b9

ieow reviewed Mar 12, 2026

View reviewed changes

himanshuchawla009 added 2 commits March 12, 2026 19:00

code comments updated

d3b0814

ieow reviewed Mar 16, 2026

View reviewed changes

ieow previously approved these changes Mar 16, 2026

View reviewed changes

feat(seedless-onboarding): make rotateRefreshToken public

fe5e409

Expose rotateRefreshToken as a public method so callers can trigger refresh token rotation directly. Update tests to exercise the method via its public API and add coverage for edge cases.

himanshuchawla009 dismissed ieow’s stale review via fe5e409 March 16, 2026 08:34

cursor bot reviewed Mar 16, 2026

View reviewed changes

ieow previously approved these changes Mar 16, 2026

View reviewed changes

himanshuchawla009 dismissed ieow’s stale review via 25d2d45 March 17, 2026 12:17

lwin-kyaw reviewed Mar 18, 2026

View reviewed changes

ieow reviewed Mar 18, 2026

View reviewed changes

ieow approved these changes Mar 18, 2026

View reviewed changes

ieow added this pull request to the merge queue Mar 18, 2026

Merged via the queue into main with commit 803917d Mar 18, 2026
322 checks passed

ieow deleted the fix/seedless-onboarding-refresh-token-tests branch March 18, 2026 14:26

Uh oh!

Conversation

himanshuchawla009 commented Mar 9, 2026 • edited by cursor bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Explanation

References

Checklist

Uh oh!

himanshuchawla009 commented Mar 10, 2026

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

ieow Mar 10, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

ieow Mar 16, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

ieow Mar 16, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

ieow Mar 18, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

ieow left a comment

Choose a reason for hiding this comment

Uh oh!

ieow commented Mar 16, 2026

Uh oh!

github-actions bot commented Mar 16, 2026

Uh oh!

ieow commented Mar 16, 2026

Uh oh!

cursor bot left a comment

Choose a reason for hiding this comment

Uh oh!

cursor bot Mar 16, 2026

Choose a reason for hiding this comment

Public rotateRefreshToken lost controller lock protection

Uh oh!

Choose a reason for hiding this comment

Uh oh!

github-actions bot commented Mar 16, 2026

Uh oh!

ieow commented Mar 16, 2026

Uh oh!

ieow left a comment

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

lwin-kyaw commented Mar 18, 2026

Uh oh!

github-actions bot commented Mar 18, 2026

himanshuchawla009 commented Mar 9, 2026 •

edited by cursor bot

Loading

ieow Mar 10, 2026 •

edited

Loading

ieow Mar 16, 2026 •

edited

Loading

ieow Mar 16, 2026 •

edited

Loading

ieow Mar 18, 2026 •

edited

Loading

Public `rotateRefreshToken` lost controller lock protection