chore: guard pairing calls from concurrent execution

mirceanis · mirceanis · commit 5fbb850358eb · 2025-06-30T09:32:56.000+02:00
diff --git a/packages/profile-sync-controller/src/controllers/authentication/AuthenticationController.ts b/packages/profile-sync-controller/src/controllers/authentication/AuthenticationController.ts
@@ -34,6 +34,7 @@ export type AuthenticationControllerState = {
   srpSessionData?: Record<string, LoginResponse>;
   socialPairingToken?: string;
   socialPairingDone?: boolean;
+  pairingInProgress?: boolean;
 };
 export const defaultState: AuthenticationControllerState = {
   isSignedIn: false,
@@ -55,6 +56,10 @@ const metadata: StateMetadata<AuthenticationControllerState> = {
     persist: true,
     anonymous: true,
   },
+  pairingInProgress: {
+    persist: false,
+    anonymous: true,
+  }
 };
 
 // Messenger Actions
@@ -353,13 +358,16 @@ export default class AuthenticationController extends BaseController<
 
   async #tryPairingWithSocialToken(): Promise<void> {
     console.log(`GIGEL: trying to pair with seedless token`);
-    const { socialPairingToken, socialPairingDone } = this.state;
-    if (socialPairingDone || !socialPairingToken) {
+    const { socialPairingToken, socialPairingDone, pairingInProgress } = this.state;
+    if (socialPairingDone || !socialPairingToken || pairingInProgress) {
       console.log(`GIGEL: pairing conditions not met`);
       return;
     }
 
     try {
+      this.update((state) => {
+        state.pairingInProgress = true;
+      });
       console.log(`GIGEL: pairing with seedless token ${socialPairingToken}`);
       if (await this.#auth.pairSocialIdentifier(socialPairingToken)) {
         console.log(`GIGEL: successfully paired with seedless onboarding token`);
@@ -374,6 +382,10 @@ export default class AuthenticationController extends BaseController<
     } catch (error) {
       console.error('GIGEL: Failed to pair identifiers:', error);
       // ignore the error
+    } finally {
+      this.update((state) => {
+        state.pairingInProgress = false;
+      });
     }
   }
 
diff --git a/packages/profile-sync-controller/src/sdk/authentication-jwt-bearer/flow-srp.ts b/packages/profile-sync-controller/src/sdk/authentication-jwt-bearer/flow-srp.ts
@@ -26,6 +26,7 @@ import {
   isSnapConnected,
 } from '../utils/messaging-signing-snap-requests';
 import { validateLoginResponse } from '../utils/validate-login-response';
+import { Env } from '../../shared/env';
 
 type JwtBearerAuth_SRP_Options = {
   storage: AuthStorageOptions;
@@ -213,7 +214,10 @@ export class SRPJwtBearerAuth implements IBaseAuth {
       `GIGEL: pairing primary SRP with social token ${jwt}`,
     );
 
-    const { env, platform } = this.#config;
+    // TODO: need to hardcode the env as web3auth prod is not available.
+    // const { env, platform } = this.#config;
+    const { platform } = this.#config;
+    const env = Env.DEV;
 
     // Exchange the social token with an access token
     console.log(`GIGEL: exchanging social token for access token`);
@@ -239,6 +243,7 @@ export class SRPJwtBearerAuth implements IBaseAuth {
     const pairUrl = new URL(PAIR_SOCIAL_IDENTIFIER(env));
 
     try {
+      // TODO: this will FAIL as long as the ENV don't match.
       const response = await fetch(pairUrl, {
         method: 'POST',
         headers: {
diff --git a/packages/profile-sync-controller/src/sdk/authentication-jwt-bearer/services.ts b/packages/profile-sync-controller/src/sdk/authentication-jwt-bearer/services.ts
@@ -156,30 +156,35 @@ export async function authorizeOIDC(
   urlEncodedBody.append('client_id', getOidcClientId(env, platform));
   urlEncodedBody.append('assertion', jwtToken);
 
+  console.log(`GIGEL [identity auth] requesting OIDC token with grant_type: ${grantType}, client_id: ${getOidcClientId(env, platform)} from ${OIDC_TOKEN_URL(env)} using jwtToken: ${jwtToken}`);
   try {
     const response = await fetch(OIDC_TOKEN_URL(env), {
       method: 'POST',
       headers,
       body: urlEncodedBody.toString(),
     });
+    console.log(`GIGEL [identity auth] OIDC token response status: ${response.status}`);
 
     if (!response.ok) {
       const responseBody = (await response.json()) as {
         error_description: string;
         error: string;
       };
+      console.error(`GIGEL [identity auth] OIDC token error response: ${JSON.stringify(responseBody)}`);
       throw new Error(
         `HTTP error: ${responseBody.error_description}, error code: ${responseBody.error}`,
       );
     }
 
     const accessTokenResponse = await response.json();
+    console.log(`GIGEL [identity auth] OIDC token response: ${JSON.stringify(accessTokenResponse)}`);
     return {
       accessToken: accessTokenResponse.access_token,
       expiresIn: accessTokenResponse.expires_in,
       obtainedAt: Date.now(),
     };
   } catch (e) {
+    console.error(`GIGEL [identity auth] OIDC token request failed: ${e as Error}`);
     /* istanbul ignore next */
     const errorMessage =
       e instanceof Error ? e.message : JSON.stringify(e ?? '');
