Skip to content

feat: add rate limit (429) handling to AuthenticationController #6993

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

feat: add rate limit (429) handling to AuthenticationController #6993

wants to merge 9 commits into from

Conversation

@mathieuartu
Copy link
Contributor

@mathieuartu mathieuartu commented Oct 29, 2025
edited by cursor bot
Loading

Explanation

References

Related to: MUL-1214

Checklist

  • I've updated the test suite for new or updated code as appropriate
  • I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate
  • I've communicated my changes to consumers by updating changelogs for packages I've changed, highlighting breaking changes as necessary
  • I've prepared draft pull requests for clients and consumer packages to resolve any breaking changes

Note

Add 429 rate-limit handling across authentication services and SRPJwtBearerAuth, including a single retry with configurable cooldown and improved error messaging; add tests and a small time util.

  • SDK Authentication Services (src/sdk/authentication-jwt-bearer/services.ts):
    • Add handleErrorResponse with Retry-After parsing to surface RateLimitedError on HTTP 429 and include HTTP codes in other errors.
    • Update authenticate, authorizeOIDC, getNonce, pairIdentifiers, getUserProfileLineage to use centralized error handling and rethrow 429s.
  • SRP Auth Flow (flow-srp.ts):
    • Add retry logic #loginWithRetry to retry once on 429 with cooldown (default 10s, configurable via rateLimitRetry.cooldownDefaultMs).
    • Integrate delay via new utils/time.delay and coalesce concurrent logins via in-flight promise map.
  • Errors (errors.ts):
    • Introduce RateLimitedError with optional retryAfterMs and isRateLimitError type guard.
  • Utils:
    • New utils/time.ts providing delay(ms).
  • Tests:
    • Add flow-srp.test.ts covering coalesced logins, 429 retry with cooldown, and immediate failure on non-429.
  • Docs:
    • Update CHANGELOG.md to document rate-limit handling and retry configuration.

Written by Cursor Bugbot for commit ee982eb. This will update automatically on new commits. Configure here.

@mathieuartu mathieuartu self-assigned this Oct 29, 2025
@mathieuartu mathieuartu changed the title feat: (wip) add 429 handling and request throttling to authentication… feat: (wip) add 429 handling to AuthenticationController Nov 7, 2025
@mathieuartu mathieuartu changed the title feat: (wip) add 429 handling to AuthenticationController feat: add rate limit (429) handling to AuthenticationController Nov 7, 2025
@mathieuartu mathieuartu marked this pull request as ready for review November 7, 2025 12:41
@mathieuartu mathieuartu requested review from a team as code owners November 7, 2025 12:41
@mathieuartu
Copy link
Contributor Author

mathieuartu commented Nov 7, 2025

@metamaskbot publish-preview

@github-actions
Copy link
Contributor

github-actions bot commented Nov 7, 2025

Preview builds have been published. See these instructions for more information about preview builds.

Expand for full list of packages and versions. 
{
  "@metamask-previews/account-tree-controller": "2.0.0-preview-ee982ebe",
  "@metamask-previews/accounts-controller": "34.0.0-preview-ee982ebe",
  "@metamask-previews/address-book-controller": "7.0.0-preview-ee982ebe",
  "@metamask-previews/analytics-controller": "0.0.0-preview-ee982ebe",
  "@metamask-previews/announcement-controller": "8.0.0-preview-ee982ebe",
  "@metamask-previews/app-metadata-controller": "2.0.0-preview-ee982ebe",
  "@metamask-previews/approval-controller": "8.0.0-preview-ee982ebe",
  "@metamask-previews/assets-controllers": "87.1.0-preview-ee982ebe",
  "@metamask-previews/base-controller": "9.0.0-preview-ee982ebe",
  "@metamask-previews/bridge-controller": "59.0.0-preview-ee982ebe",
  "@metamask-previews/bridge-status-controller": "59.0.0-preview-ee982ebe",
  "@metamask-previews/build-utils": "3.0.4-preview-ee982ebe",
  "@metamask-previews/chain-agnostic-permission": "1.2.2-preview-ee982ebe",
  "@metamask-previews/composable-controller": "12.0.0-preview-ee982ebe",
  "@metamask-previews/controller-utils": "11.15.0-preview-ee982ebe",
  "@metamask-previews/core-backend": "4.0.0-preview-ee982ebe",
  "@metamask-previews/delegation-controller": "1.0.0-preview-ee982ebe",
  "@metamask-previews/earn-controller": "9.0.0-preview-ee982ebe",
  "@metamask-previews/eip-5792-middleware": "2.0.0-preview-ee982ebe",
  "@metamask-previews/eip-7702-internal-rpc-middleware": "0.1.0-preview-ee982ebe",
  "@metamask-previews/eip1193-permission-middleware": "1.0.2-preview-ee982ebe",
  "@metamask-previews/ens-controller": "18.0.0-preview-ee982ebe",
  "@metamask-previews/error-reporting-service": "3.0.0-preview-ee982ebe",
  "@metamask-previews/eth-block-tracker": "14.0.0-preview-ee982ebe",
  "@metamask-previews/eth-json-rpc-middleware": "21.0.0-preview-ee982ebe",
  "@metamask-previews/eth-json-rpc-provider": "5.0.1-preview-ee982ebe",
  "@metamask-previews/foundryup": "1.0.1-preview-ee982ebe",
  "@metamask-previews/gas-fee-controller": "25.0.0-preview-ee982ebe",
  "@metamask-previews/gator-permissions-controller": "0.4.0-preview-ee982ebe",
  "@metamask-previews/json-rpc-engine": "10.1.1-preview-ee982ebe",
  "@metamask-previews/json-rpc-middleware-stream": "8.0.8-preview-ee982ebe",
  "@metamask-previews/keyring-controller": "24.0.0-preview-ee982ebe",
  "@metamask-previews/logging-controller": "7.0.0-preview-ee982ebe",
  "@metamask-previews/message-manager": "14.0.0-preview-ee982ebe",
  "@metamask-previews/messenger": "0.3.0-preview-ee982ebe",
  "@metamask-previews/multichain-account-service": "2.1.0-preview-ee982ebe",
  "@metamask-previews/multichain-api-middleware": "1.2.4-preview-ee982ebe",
  "@metamask-previews/multichain-network-controller": "2.0.0-preview-ee982ebe",
  "@metamask-previews/multichain-transactions-controller": "6.0.0-preview-ee982ebe",
  "@metamask-previews/name-controller": "9.0.0-preview-ee982ebe",
  "@metamask-previews/network-controller": "25.0.0-preview-ee982ebe",
  "@metamask-previews/network-enablement-controller": "3.1.0-preview-ee982ebe",
  "@metamask-previews/notification-services-controller": "19.0.0-preview-ee982ebe",
  "@metamask-previews/permission-controller": "12.1.0-preview-ee982ebe",
  "@metamask-previews/permission-log-controller": "5.0.0-preview-ee982ebe",
  "@metamask-previews/phishing-controller": "15.0.0-preview-ee982ebe",
  "@metamask-previews/polling-controller": "15.0.0-preview-ee982ebe",
  "@metamask-previews/preferences-controller": "21.0.0-preview-ee982ebe",
  "@metamask-previews/profile-sync-controller": "26.0.0-preview-ee982ebe",
  "@metamask-previews/rate-limit-controller": "7.0.0-preview-ee982ebe",
  "@metamask-previews/remote-feature-flag-controller": "2.0.0-preview-ee982ebe",
  "@metamask-previews/sample-controllers": "3.0.0-preview-ee982ebe",
  "@metamask-previews/seedless-onboarding-controller": "6.1.0-preview-ee982ebe",
  "@metamask-previews/selected-network-controller": "25.0.0-preview-ee982ebe",
  "@metamask-previews/shield-controller": "2.0.0-preview-ee982ebe",
  "@metamask-previews/signature-controller": "36.0.0-preview-ee982ebe",
  "@metamask-previews/subscription-controller": "3.3.0-preview-ee982ebe",
  "@metamask-previews/token-search-discovery-controller": "4.0.0-preview-ee982ebe",
  "@metamask-previews/transaction-controller": "61.1.0-preview-ee982ebe",
  "@metamask-previews/transaction-pay-controller": "3.1.0-preview-ee982ebe",
  "@metamask-previews/user-operation-controller": "40.0.0-preview-ee982ebe"
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@mathieuartu mathieuartu

Labels

team-accounts

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mathieuartu