feat(auth): extract arbitrum chain data from passport claim (#2771)

Author: nattb8

packages/auth/src/Auth.test.ts

@@ -137,7 +137,7 @@ describe('Auth', () => {
     });
   });
 
-  describe('username extraction', () => {
+  describe('mapOidcUserToDomainModel', () => {
     it('extracts username from id token when present', () => {
       const mockOidcUser = {
         id_token: 'token',
@@ -158,6 +158,88 @@ describe('Auth', () => {
       expect(result.profile.username).toEqual('username123');
     });
 
+    it('extracts zkEvm chain data from passport metadata', () => {
+      const mockOidcUser = {
+        id_token: 'token',
+        access_token: 'access',
+        refresh_token: 'refresh',
+        expired: false,
+        profile: { sub: 'user-123', email: 'test@example.com', nickname: 'tester' },
+      };
+
+      (decodeJwtPayload as jest.Mock).mockReturnValue({
+        passport: {
+          zkevm_eth_address: '0xzkevmaddress',
+          zkevm_user_admin_address: '0xzkevmadmin',
+        },
+      });
+
+      const result = (Auth as any).mapOidcUserToDomainModel(mockOidcUser);
+
+      expect(result.zkEvm).toEqual({
+        ethAddress: '0xzkevmaddress',
+        userAdminAddress: '0xzkevmadmin',
+      });
+    });
+
+    it('extracts arbitrum_one chain data from nested passport metadata', () => {
+      const mockOidcUser = {
+        id_token: 'token',
+        access_token: 'access',
+        refresh_token: 'refresh',
+        expired: false,
+        profile: { sub: 'user-123', email: 'test@example.com', nickname: 'tester' },
+      };
+
+      (decodeJwtPayload as jest.Mock).mockReturnValue({
+        passport: {
+          arbitrum_one: {
+            eth_address: '0xarbaddress',
+            user_admin_address: '0xarbadmin',
+          },
+        },
+      });
+
+      const result = (Auth as any).mapOidcUserToDomainModel(mockOidcUser);
+
+      expect(result.arbitrum_one).toEqual({
+        ethAddress: '0xarbaddress',
+        userAdminAddress: '0xarbadmin',
+      });
+    });
+
+    it('extracts both zkEvm and arbitrum_one when present', () => {
+      const mockOidcUser = {
+        id_token: 'token',
+        access_token: 'access',
+        refresh_token: 'refresh',
+        expired: false,
+        profile: { sub: 'user-123', email: 'test@example.com', nickname: 'tester' },
+      };
+
+      (decodeJwtPayload as jest.Mock).mockReturnValue({
+        passport: {
+          zkevm_eth_address: '0xzkevmaddress',
+          zkevm_user_admin_address: '0xzkevmadmin',
+          arbitrum_one: {
+            eth_address: '0xarbaddress',
+            user_admin_address: '0xarbadmin',
+          },
+        },
+      });
+
+      const result = (Auth as any).mapOidcUserToDomainModel(mockOidcUser);
+
+      expect(result.zkEvm).toEqual({
+        ethAddress: '0xzkevmaddress',
+        userAdminAddress: '0xzkevmadmin',
+      });
+      expect(result.arbitrum_one).toEqual({
+        ethAddress: '0xarbaddress',
+        userAdminAddress: '0xarbadmin',
+      });
+    });
+
     it('maps username when creating OIDC user from device tokens', () => {
       const tokenResponse = {
         id_token: 'token',

packages/auth/src/Auth.ts

@@ -29,6 +29,7 @@ import {
   PassportMetadata,
   IdTokenPayload,
   isUserZkEvm,
+  EvmChain,
 } from './types';
 import EmbeddedLoginPrompt from './login/embeddedLoginPrompt';
 import TypedEventEmitter from './utils/typedEventEmitter';
@@ -570,12 +571,25 @@ export class Auth {
         username,
       },
     };
+
     if (passport?.zkevm_eth_address && passport?.zkevm_user_admin_address) {
       user.zkEvm = {
         ethAddress: passport.zkevm_eth_address,
         userAdminAddress: passport.zkevm_user_admin_address,
       };
     }
+
+    const chains = Object.values(EvmChain).filter((chain) => chain !== EvmChain.ZKEVM);
+    for (const chain of chains) {
+      const chainMetadata = passport?.[chain as Exclude<EvmChain, EvmChain.ZKEVM>];
+      if (chainMetadata?.eth_address && chainMetadata?.user_admin_address) {
+        user[chain] = {
+          ethAddress: chainMetadata.eth_address,
+          userAdminAddress: chainMetadata.user_admin_address,
+        };
+      }
+    }
+
     return user;
   };
 

packages/auth/src/index.ts

@@ -17,12 +17,18 @@ export type {
   AuthModuleConfiguration,
   PopupOverlayOptions,
   PassportMetadata,
+  PassportChainMetadata,
+  ChainAddress,
   IdTokenPayload,
   PKCEData,
   AuthEventMap,
 } from './types';
 export {
-  isUserZkEvm, RollupType, MarketingConsentStatus, AuthEvents,
+  isUserZkEvm,
+  RollupType,
+  EvmChain,
+  MarketingConsentStatus,
+  AuthEvents,
 } from './types';
 
 // Export TypedEventEmitter

packages/auth/src/types.ts

@@ -16,22 +16,45 @@ export enum RollupType {
   ZKEVM = 'zkEvm',
 }
 
+/**
+ * Supported EVM chains for user registration
+ * Matches EvmChain from @imtbl/wallet but defined here to avoid circular dependency
+ */
+export enum EvmChain {
+  ZKEVM = 'zkevm',
+  ARBITRUM_ONE = 'arbitrum_one',
+}
+
+export type ChainAddress = {
+  ethAddress: string;
+  userAdminAddress: string;
+};
+
 export type User = {
   idToken?: string;
   accessToken: string;
   refreshToken?: string;
   profile: UserProfile;
   expired?: boolean;
-  [RollupType.ZKEVM]?: {
-    ethAddress: string;
-    userAdminAddress: string;
-  };
+  [RollupType.ZKEVM]?: ChainAddress;
+} & {
+  [K in Exclude<EvmChain, EvmChain.ZKEVM>]?: ChainAddress;
 };
 
+export type PassportChainMetadata = {
+  eth_address: string;
+  user_admin_address: string;
+};
+
+/**
+ * Passport metadata
+ * - zkEVM: flat fields (zkevm_eth_address, zkevm_user_admin_address)
+ * - Other chains: nested objects (arbitrum_one: { eth_address, user_admin_address })
+ */
 export type PassportMetadata = {
   zkevm_eth_address?: string;
   zkevm_user_admin_address?: string;
-};
+} & Partial<Record<Exclude<EvmChain, EvmChain.ZKEVM>, PassportChainMetadata>>;
 
 export interface OidcConfiguration {
   clientId: string;