Remove FingerprintJS from all systems#14362
Merged
Merged
Conversation
|
Removes FingerprintJS visitor identification end-to-end: web/mobile clients no longer fingerprint sign-in, identity service no longer bypasses OTP for "trusted" devices (all new devices now require OTP, which was the intended behavior), and the AAO no longer factors fingerprint device counts into user scores. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
dylanjeffers
force-pushed
the
claude/nervous-wiles-b232be
branch
from
d19c177 to
a0ef684
Compare
…Id arg Removing FingerprintJS dropped isGuest/isNativeMobile declarations in the signIn saga and a visitorId parameter from the signIn action, but missed three downstream references and one caller still passing visitorId. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Contributor
🌐 Web preview readyPreview URL: https://audius-web-preview-pr-14362.audius.workers.dev Unique preview for this PR (deployed from this branch). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Removes FingerprintJS visitor identification end-to-end across web, mobile, identity service, AAO, libs, and common.
fingerprintClientservices and their callers in sign-in (SignInScreen,ConfirmEmailScreen, signon sagas,OAuthLoginPage, backend saga).authService.signInno longer acceptsvisitorId.fpClient.js,fpHelpers.js, theFingerprintsmodel and/fproutes.requiresOtpno longer has a visitorId-based bypass — it now just honors theOTP_BYPASS_EMAILSlist, so any new device hits OTP (the intended behavior). Added a migration to drop theFingerprintstable.useFingerprintDeviceCountanduserFingerprints, dropped the fingerprint penalty fromoverallScore, and removed the Fingerprints UI section fromserver.tsx.@fingerprintjs/fingerprintjs-pro,@fingerprintjs/fingerprintjs-pro-react-native, and@fingerprintjs/fingerprintjs-pro-server-apifrompackages/{web,common,mobile,identity-service}and regeneratedpackage-lock.json.FINGERPRINT_ENDPOINT,FINGERPRINT_PUBLIC_API_KEY, andfpServerApiKeyfrom commonEnvtype, web/mobile env files, and identity config.Test plan
/oauth-login-page) — sign-in still worksfpServerApiKey/attestation/ui/userpage renders without fingerprint table or column🤖 Generated with Claude Code