Skip to content

fix: authorizeSession API fixes and example update#48

Merged
chaitanyapotti merged 1 commit intomasterfrom
fix/authorizeSessionBug
Mar 23, 2026
Merged

fix: authorizeSession API fixes and example update#48
chaitanyapotti merged 1 commit intomasterfrom
fix/authorizeSessionBug

Conversation

@grvgoel81
Copy link
Copy Markdown
Contributor

@grvgoel81 grvgoel81 commented Mar 23, 2026
edited
Loading

Motivation and Context

Jira Link:

Description

  • authorizeSession API fixes.
  • update example

How has this been tested?

  • on Emulator

Screenshots (if appropriate):

Screen.Recording.2026-03-23.at.12.22.23.PM.mov
Screenshot 2026-03-23 at 12 32 40 PM

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

  • My code follows the code style of this project. (run lint)
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • My code requires a db migration.

Note

Medium Risk
Touches session authorization, origin allow-listing, and decryption metadata parsing, so regressions could break login/session establishment across platforms. No new external dependencies, but error-handling behavior and sample credentials were changed.

Overview
Session authorization requests are corrected and hardened. Web3AuthApi.authorizeSession now derives the origin header from the provided redirect URL (authority only) and simplifies JSON deserialization handling.

Session creation now uses a specific allowed origin instead of a wildcard. Calls to createSession in Web3Auth.cs pass the current redirect URL rather than "*", tightening origin constraints.

Store response parsing is made more robust. Web3Auth.cs adds parseShareMetadataFromStoreMessage to handle both direct and wrapped ({ value: ... }) share-metadata formats, and adds stricter null/field validation with updated log messages in both authorize and timeout flows.

Sample config is updated. The sample scene/script updates the embedded clientId value (and removes a BOM in Web3AuthSample.cs).

Written by Cursor Bugbot for commit 17c19f0. Configure here.

@grvgoel81 grvgoel81 self-assigned this Mar 23, 2026
cursor[bot]
cursor bot reviewed Mar 23, 2026
View reviewed changes
Copy link
Copy Markdown

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.

@chaitanyapotti chaitanyapotti merged commit 9c8271a into master Mar 23, 2026
4 checks passed
@chaitanyapotti chaitanyapotti deleted the fix/authorizeSessionBug branch March 23, 2026 07:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@chaitanyapotti chaitanyapotti chaitanyapotti approved these changes

Assignees

@grvgoel81 grvgoel81

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@grvgoel81 @chaitanyapotti