Skip to content

feat: add SSO encryption pubkey support (Mobile SSO spec v0.2.2)#202

Merged
johnthecat merged 1 commit into
mainfrom
feat/mds-libraries
Jun 4, 2026
Merged

feat: add SSO encryption pubkey support (Mobile SSO spec v0.2.2)#202
johnthecat merged 1 commit into
mainfrom
feat/mds-libraries

Conversation

@johnthecat

Copy link
Copy Markdown
Contributor

Multi-device SSO support, chat attachment improvements, and a file-transfer fix

This branch brings the SDKs in line with the latest Polkadot Mobile protocol and fixes a file-download bug.

Multi-device SSO handshake

The pairing handshake now carries an extra key (ssoEncPubKey) from the mobile app. The host stores it and hands it to your onAuthSuccess callback, so it can set up an encrypted SSO session with the app. Older app versions that don't send it keep working — the field is just null.

createAuth({
  // ...
  onAuthSuccess: ({ session, identityChatPrivateKey, ssoEncPubKey }) => {
    // ssoEncPubKey is null when paired with an app older than the new protocol
  },
})

Explicit session key

createSession now takes a sessionKey — the value used to derive a session's address. Existing behavior is unchanged: pass the peer's key as before. New multi-device callers can pass the shared secret instead.

createSession({
  localAccount,
  remoteAccount,
  // ...
  sessionKey: remoteAccount.publicKey, // unchanged behavior
})

Chat attachments and messages

  • Image and video attachments can now carry a thumbnail.
  • Attachments include the node endpoint, so the receiver can check it against its allowlist before connecting.
  • Call-signalling and coinage-payment messages are now read correctly. Previously one of these messages could corrupt the rest of a synced batch.

File transfer fix

File downloads were signing the wrong payload, which the server rejected and reported as "Data not found". Downloads now sign the correct payload and succeed.

@johnthecat johnthecat merged commit 7e5ada6 into main Jun 4, 2026
5 checks passed
@johnthecat johnthecat deleted the feat/mds-libraries branch June 11, 2026 09:07
johnthecat added a commit that referenced this pull request Jun 12, 2026
Main (0.8.7) had independently absorbed nearly all of this branch's work
via PRs #178/#202/#205/#206/#212/#215/#216, with newer/cleaner versions.

Conflict resolution (38 files):
- package.json (x14), package-lock.json, CHANGELOG.md, migration doc:
  took main (newer versions, canonical release history). Dropped the
  unused `verifiablejs` dep.
- All SSO V2, statement-store, handoff-service, and host-chat *impl*
  files: took main — strictly newer (ECDH session-key derivation #206,
  RFC-7 entropy #205, statement-store fix #215). The branch's parallel
  May implementations are superseded.
- watchIdentity series: already identical in main (no real conflict).
- Kept BRANCH version for two files where it is genuinely ahead:
  * identity/rpcAdapter.ts — defensive snake_case/camelCase Resources
    decode (fixes "Unknown user" regression on V2 runtime); a clean
    superset of main's version.
  * host-chat/codec/attachment.spec.ts — extra blurhash-thumbnail and
    NodeEndpoint round-trip tests against a byte-identical codec impl.

Verified: build, typecheck, lint (0 errors), 679/679 tests pass.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant