Skip to content

feat: add rate limit (429) handling to AuthenticationController #6993

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Nov 17, 2025
Merged

feat: add rate limit (429) handling to AuthenticationController #6993

merged 11 commits into from
Nov 17, 2025

Conversation

@mathieuartu
Copy link
Contributor

@mathieuartu mathieuartu commented Oct 29, 2025
edited by cursor bot
Loading

Explanation

References

Related to: MUL-1214

Checklist

  • I've updated the test suite for new or updated code as appropriate
  • I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate
  • I've communicated my changes to consumers by updating changelogs for packages I've changed, highlighting breaking changes as necessary
  • I've prepared draft pull requests for clients and consumer packages to resolve any breaking changes

Note

Adds 429-aware error handling with configurable retry/cooldown to SRP JWT auth and centralizes HTTP error parsing, with tests and changelog updates.

  • SDK Auth (SRP):
    • Add retry on RateLimitedError (429) with cooldown and maxLoginRetries options in SRPJwtBearerAuth (#loginWithRetry, default cooldown 10s).
    • Continue to coalesce concurrent logins via deferred login path.
  • Services:
    • Centralize HTTP error handling via handleErrorResponse, parsing Retry-After and throwing RateLimitedError on 429.
    • Improve error messages to include HTTP status codes across getNonce, authenticate, authorizeOIDC, pairIdentifiers, getUserProfileLineage.
  • Utils & Errors:
    • Add HTTP_STATUS_CODES and utils/time.delay.
    • Introduce RateLimitedError with optional retryAfterMs and isRateLimitError type guard.
  • Tests:
    • Add flow-srp.test.ts covering retry with cooldown, exhausting retries, no-retry on non-429, and concurrent call coalescing.
  • Docs:
    • Update CHANGELOG.md with new 429 handling and retry behavior.

Written by Cursor Bugbot for commit fb123d2. This will update automatically on new commits. Configure here.

@mathieuartu mathieuartu self-assigned this Oct 29, 2025
@mathieuartu mathieuartu changed the title feat: (wip) add 429 handling and request throttling to authentication… feat: (wip) add 429 handling to AuthenticationController Nov 7, 2025
@mathieuartu mathieuartu changed the title feat: (wip) add 429 handling to AuthenticationController feat: add rate limit (429) handling to AuthenticationController Nov 7, 2025
@mathieuartu mathieuartu marked this pull request as ready for review November 7, 2025 12:41
@mathieuartu mathieuartu requested review from a team as code owners November 7, 2025 12:41
@mathieuartu
Copy link
Contributor Author

mathieuartu commented Nov 7, 2025

@metamaskbot publish-preview

@github-actions
Copy link
Contributor

github-actions bot commented Nov 7, 2025

Preview builds have been published. See these instructions for more information about preview builds.

Expand for full list of packages and versions. 
{
  "@metamask-previews/account-tree-controller": "2.0.0-preview-ee982ebe",
  "@metamask-previews/accounts-controller": "34.0.0-preview-ee982ebe",
  "@metamask-previews/address-book-controller": "7.0.0-preview-ee982ebe",
  "@metamask-previews/analytics-controller": "0.0.0-preview-ee982ebe",
  "@metamask-previews/announcement-controller": "8.0.0-preview-ee982ebe",
  "@metamask-previews/app-metadata-controller": "2.0.0-preview-ee982ebe",
  "@metamask-previews/approval-controller": "8.0.0-preview-ee982ebe",
  "@metamask-previews/assets-controllers": "87.1.0-preview-ee982ebe",
  "@metamask-previews/base-controller": "9.0.0-preview-ee982ebe",
  "@metamask-previews/bridge-controller": "59.0.0-preview-ee982ebe",
  "@metamask-previews/bridge-status-controller": "59.0.0-preview-ee982ebe",
  "@metamask-previews/build-utils": "3.0.4-preview-ee982ebe",
  "@metamask-previews/chain-agnostic-permission": "1.2.2-preview-ee982ebe",
  "@metamask-previews/composable-controller": "12.0.0-preview-ee982ebe",
  "@metamask-previews/controller-utils": "11.15.0-preview-ee982ebe",
  "@metamask-previews/core-backend": "4.0.0-preview-ee982ebe",
  "@metamask-previews/delegation-controller": "1.0.0-preview-ee982ebe",
  "@metamask-previews/earn-controller": "9.0.0-preview-ee982ebe",
  "@metamask-previews/eip-5792-middleware": "2.0.0-preview-ee982ebe",
  "@metamask-previews/eip-7702-internal-rpc-middleware": "0.1.0-preview-ee982ebe",
  "@metamask-previews/eip1193-permission-middleware": "1.0.2-preview-ee982ebe",
  "@metamask-previews/ens-controller": "18.0.0-preview-ee982ebe",
  "@metamask-previews/error-reporting-service": "3.0.0-preview-ee982ebe",
  "@metamask-previews/eth-block-tracker": "14.0.0-preview-ee982ebe",
  "@metamask-previews/eth-json-rpc-middleware": "21.0.0-preview-ee982ebe",
  "@metamask-previews/eth-json-rpc-provider": "5.0.1-preview-ee982ebe",
  "@metamask-previews/foundryup": "1.0.1-preview-ee982ebe",
  "@metamask-previews/gas-fee-controller": "25.0.0-preview-ee982ebe",
  "@metamask-previews/gator-permissions-controller": "0.4.0-preview-ee982ebe",
  "@metamask-previews/json-rpc-engine": "10.1.1-preview-ee982ebe",
  "@metamask-previews/json-rpc-middleware-stream": "8.0.8-preview-ee982ebe",
  "@metamask-previews/keyring-controller": "24.0.0-preview-ee982ebe",
  "@metamask-previews/logging-controller": "7.0.0-preview-ee982ebe",
  "@metamask-previews/message-manager": "14.0.0-preview-ee982ebe",
  "@metamask-previews/messenger": "0.3.0-preview-ee982ebe",
  "@metamask-previews/multichain-account-service": "2.1.0-preview-ee982ebe",
  "@metamask-previews/multichain-api-middleware": "1.2.4-preview-ee982ebe",
  "@metamask-previews/multichain-network-controller": "2.0.0-preview-ee982ebe",
  "@metamask-previews/multichain-transactions-controller": "6.0.0-preview-ee982ebe",
  "@metamask-previews/name-controller": "9.0.0-preview-ee982ebe",
  "@metamask-previews/network-controller": "25.0.0-preview-ee982ebe",
  "@metamask-previews/network-enablement-controller": "3.1.0-preview-ee982ebe",
  "@metamask-previews/notification-services-controller": "19.0.0-preview-ee982ebe",
  "@metamask-previews/permission-controller": "12.1.0-preview-ee982ebe",
  "@metamask-previews/permission-log-controller": "5.0.0-preview-ee982ebe",
  "@metamask-previews/phishing-controller": "15.0.0-preview-ee982ebe",
  "@metamask-previews/polling-controller": "15.0.0-preview-ee982ebe",
  "@metamask-previews/preferences-controller": "21.0.0-preview-ee982ebe",
  "@metamask-previews/profile-sync-controller": "26.0.0-preview-ee982ebe",
  "@metamask-previews/rate-limit-controller": "7.0.0-preview-ee982ebe",
  "@metamask-previews/remote-feature-flag-controller": "2.0.0-preview-ee982ebe",
  "@metamask-previews/sample-controllers": "3.0.0-preview-ee982ebe",
  "@metamask-previews/seedless-onboarding-controller": "6.1.0-preview-ee982ebe",
  "@metamask-previews/selected-network-controller": "25.0.0-preview-ee982ebe",
  "@metamask-previews/shield-controller": "2.0.0-preview-ee982ebe",
  "@metamask-previews/signature-controller": "36.0.0-preview-ee982ebe",
  "@metamask-previews/subscription-controller": "3.3.0-preview-ee982ebe",
  "@metamask-previews/token-search-discovery-controller": "4.0.0-preview-ee982ebe",
  "@metamask-previews/transaction-controller": "61.1.0-preview-ee982ebe",
  "@metamask-previews/transaction-pay-controller": "3.1.0-preview-ee982ebe",
  "@metamask-previews/user-operation-controller": "40.0.0-preview-ee982ebe"
}

ccharly
ccharly reviewed Nov 17, 2025
View reviewed changes
@mathieuartu mathieuartu merged commit ee3a8c0 into main Nov 17, 2025
272 checks passed
@mathieuartu mathieuartu deleted the feat/authentication-controller-429-throttling branch November 17, 2025 15:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@ccharly ccharly ccharly approved these changes

Assignees

@mathieuartu mathieuartu

Labels

team-accounts

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mathieuartu @ccharly