feat: pair social login to profile sync by lwin-kyaw · Pull Request #8652 · MetaMask/core

lwin-kyaw · 2026-04-30T09:18:59Z

Explanation

Telegram social login needs to carry a profile-pairing token through seedless onboarding so the same social identity can be linked to profile sync after onboarding completes.

Before this change, SeedlessOnboardingController could authenticate a seedless onboarding user, but it could not persist the Telegram pairing token needed for later profile pairing or submit it to the profile service once onboarding finished. This PR adds Telegram profile-pairing support by:

adding pairProfileServiceWithSocialLogin, which POSTs the stored profilePairingToken to profilePairingEndpoint using a profile-service bearer token
extending controller state, types, assertions, and encrypted-vault handling to carry profilePairingToken
updating authenticate to accept and store profilePairingToken
requiring profilePairingToken for AuthConnection.Telegram and treating Telegram users without it as unauthenticated
expanding test coverage for Telegram auth validation, token persistence, pairing behavior, and related error cases
updating the package changelog

Breaking: SeedlessOnboardingControllerOptions now requires fetchFunction and profilePairingEndpoint.

References

Related to Telegram social login/profile sync pairing work.
Consumer follow-up: callers constructing SeedlessOnboardingController must now provide fetchFunction and profilePairingEndpoint.

Checklist

I've updated the test suite for new or updated code as appropriate
I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate
I've communicated my changes to consumers by updating changelogs for packages I've changed
I've introduced breaking changes in this PR and have prepared draft pull requests for clients and consumer packages to resolve them

Note

Medium Risk
Adds a new Telegram-only profile-pairing flow that persists a new token through vault unlock/creation and performs an external HTTP POST, plus a breaking constructor/options change requiring fetchFunction and profilePairingEndpoint.

Overview
Adds Telegram support to seedless onboarding by introducing AuthConnection.Telegram, tracking a profilePairingToken through authenticate, vault serialization/deserialization, and unlock/lock flows, and tightening getIsUserAuthenticated requirements for Telegram users.

Introduces pairProfileServiceWithSocialLogin (messenger-exposed) which POSTs the stored pairing JWT to a configured profilePairingEndpoint using an injected fetchFunction, and records success/failure on the primary SocialBackupsMetadata entry via new profilePairingStatus/ProfilePairingStatus.

Breaking: SeedlessOnboardingControllerOptions now requires fetchFunction and profilePairingEndpoint; assertions/types/tests/changelog are updated accordingly, and eslint-suppressions.json removes a suppression entry for assertions.ts.

^{Reviewed by Cursor Bugbot for commit 95a687a. Bugbot is set up for automated code reviews on this repo. Configure here.}

… user

lwin-kyaw · 2026-05-04T04:27:20Z

@metamaskbot publish-preview

github-actions · 2026-05-04T04:36:24Z

Preview builds have been published. Learn how to use preview builds in other projects.

Expand for full list of packages and versions.

@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]

lwin-kyaw · 2026-05-04T04:39:58Z

@metamaskbot publish-preview

cursor · 2026-05-04T04:42:51Z

+  /**
+   * The revoke token used to revoke refresh token and get new refresh token and new revoke token.
+   */
+  revokeToken: string;


Missing assertion for required revokeToken in type guard

Medium Severity

revokeToken: string was added as a required field on AuthenticatedUserDetails, but assertIsSeedlessOnboardingUserAuthenticated — which is a type guard (asserts value is AuthenticatedUserDetails) — never validates that revokeToken exists or is a string. After the assertion passes, TypeScript trusts revokeToken is a string, but it can actually be undefined (e.g., authenticate only sets it conditionally via if (revokeToken)). This is inconsistent with metadataAccessToken, which was also newly added to the type but is checked by the assertion.

Additional Locations (1)

packages/seedless-onboarding-controller/src/assertions.ts#L34-L89

^{Reviewed by Cursor Bugbot for commit b676cc5. Configure here.}

github-actions · 2026-05-04T04:48:45Z

Preview builds have been published. Learn how to use preview builds in other projects.

Expand for full list of packages and versions.

@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]

lwin-kyaw · 2026-05-04T07:36:26Z

@metamaskbot publish-preview

github-actions · 2026-05-04T07:45:38Z

Preview builds have been published. Learn how to use preview builds in other projects.

Expand for full list of packages and versions.

@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]

cursor

Cursor Bugbot has reviewed your changes and found 1 potential issue.

There are 2 total unresolved issues (including 1 from previous review).

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 1d44681. Configure here.}

lwin-kyaw · 2026-05-04T09:41:30Z

@metamaskbot publish-preview

github-actions · 2026-05-04T09:50:22Z

Preview builds have been published. Learn how to use preview builds in other projects.

Expand for full list of packages and versions.

@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]
@metamask-previews/[email protected]

lwin-kyaw added 3 commits April 30, 2026 12:56

feat: telegram profile token minting

06041d1

chore: add tests

ce1c40e

feat: pairing social login to profile sync

917395b

lwin-kyaw requested a review from a team as a code owner April 30, 2026 09:19

lwin-kyaw had a problem deploying to default-branch April 30, 2026 09:19 — with GitHub Actions Failure

cursor Bot reviewed Apr 30, 2026

View reviewed changes

Comment thread packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts Outdated

Comment thread packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts

lwin-kyaw added 2 commits April 30, 2026 18:16

chore: updated ChangeLog

f2d9456

feat: update isSeedlessOnboardingUserAuthenticated state for telegram…

cb2aeca

… user

lwin-kyaw requested a review from a team as a code owner April 30, 2026 10:17

cursor Bot reviewed Apr 30, 2026

View reviewed changes

Comment thread packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts

lwin-kyaw added 3 commits April 30, 2026 18:28

fix: fixed build

7c06ac6

feat: removed minting method from the controller and updated tests

7b757ac

fix: fixed lint

dccbcec

feat: cleanup profilePairingToken when locked

f6a2341

fix: fixed eslint suppressions

b676cc5