Update Configuration and Authentication Protocol

CHANGELOG.md

@@ -7,6 +7,23 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.4.0] - 2025-09-08
+
+### Added
+- JWT Bearer Authentication with ES256 signatures replacing legacy HMAC
+- Unified `CoinbaseClientConfig` for both API and WebSocket clients
+- Dependency Injection support with `AddCoinbaseAdvancedTradeClient()` extension
+- Enhanced security with JWT tokens (2-minute expiration and replay protection)
+
+### Changed
+- Migrated from HMAC-SHA256 to JWT Bearer tokens with ECDSA ES256 signatures
+- Configuration properties renamed: `ApiKey`/`ApiSecret` → `KeyName`/`KeySecret`
+- Requires Coinbase Cloud API keys (EC P-256 private keys in PEM format)
+- Constructor parameters now use `IOptions<CoinbaseClientConfig>`
+
+### Removed
+- Legacy `ApiKeyAuthenticator` and CB-ACCESS-* header authentication
+
 ## [0.3.0] - 2025-08-25
 
 ### Added

CoinbaseAdvancedTradeClient/CoinbaseAdvancedTradeClient.UnitTests/Authentication/SecretApiKeyAuthenticatorTests.cs

@@ -0,0 +1,47 @@
+using CoinbaseAdvancedTradeClient.Authentication;
+using CoinbaseAdvancedTradeClient.UnitTests.TestHelpers;
+using Xunit;
+
+namespace CoinbaseAdvancedTradeClient.UnitTests.Authentication
+{
+    public class SecretApiKeyAuthenticatorTests
+    {
+        [Fact]
+        public void GenerateBearerJWT_ValidParameters_ReturnsJWT()
+        {
+            // Arrange
+            var testKeySecret = TestConfigHelper.GenerateTestKeySecret();
+
+            // Act
+            var result = SecretApiKeyAuthenticator.GenerateBearerJWT(
+                "test-key-name",
+                testKeySecret,
+                "GET",
+                "api.coinbase.com",
+                "/v1/test"
+            );
+
+            // Assert
+            Assert.NotNull(result);
+            Assert.Contains(".", result);
+            var parts = result.Split('.');
+            Assert.Equal(3, parts.Length); // header.payload.signature
+        }
+
+        [Fact]
+        public void GenerateBearerJWT_InvalidKeySecret_ThrowsArgumentException()
+        {
+            // Act & Assert
+            Assert.Throws<ArgumentException>(() =>
+            {
+                SecretApiKeyAuthenticator.GenerateBearerJWT(
+                    "test-key-name",
+                    "invalid-key-format",
+                    "GET",
+                    "api.coinbase.com",
+                    "/v1/test"
+                );
+            });
+        }
+    }
+}

CoinbaseAdvancedTradeClient/CoinbaseAdvancedTradeClient.UnitTests/CoinbaseAdvancedTradeApiClientTests.cs

@@ -1,4 +1,5 @@
 using CoinbaseAdvancedTradeClient.Models.Config;
+using Microsoft.Extensions.Options;
 using Xunit;
 
 namespace CoinbaseAdvancedTradeClient.UnitTests
@@ -9,7 +10,7 @@ public class CoinbaseAdvancedTradeApiClientTests
         public void Constructor_NullConfig_ThrowsArgumentNullException()
         {
             //Arrange
-            ApiClientConfig config = null;
+            IOptions<CoinbaseClientConfig> config = null;
 
             //Act & Assert
             Assert.Throws<ArgumentNullException>(() => 
@@ -27,11 +28,12 @@ public void Constructor_NullConfig_ThrowsArgumentNullException()
         public void Constructor_EmptyConfigSetting_ThrowsArgumentException(string key, string secret)
         {
             //Arrange
-            ApiClientConfig config = new ApiClientConfig()
+            var configValue = new CoinbaseClientConfig()
             {
-                ApiKey = key,
-                ApiSecret = secret
+                KeyName = key,
+                KeySecret = secret
             };
+            var config = Options.Create(configValue);
 
             //Act & Assert
             Assert.Throws<ArgumentException>(() => 

CoinbaseAdvancedTradeClient/CoinbaseAdvancedTradeClient.UnitTests/CoinbaseAdvancedTradeClient.UnitTests.csproj

@@ -9,6 +9,7 @@
   <ItemGroup>
     <PackageReference Include="FakeItEasy" Version="8.3.0" />
     <PackageReference Include="Flurl.Http" Version="3.2.4" />
+    <PackageReference Include="Microsoft.Extensions.Options" Version="9.0.8" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.11.1" />
     <PackageReference Include="xunit" Version="2.4.2" />
     <PackageReference Include="xunit.runner.visualstudio" Version="2.4.5">

CoinbaseAdvancedTradeClient/CoinbaseAdvancedTradeClient.UnitTests/CoinbaseAdvancedTradeWebSocketClientTests.cs

@@ -1,6 +1,7 @@
 using CoinbaseAdvancedTradeClient.Constants;
 using CoinbaseAdvancedTradeClient.Interfaces;
 using CoinbaseAdvancedTradeClient.Models.Config;
+using Microsoft.Extensions.Options;
 using System.Net.Sockets;
 using Xunit;
 
@@ -12,7 +13,7 @@ public class CoinbaseAdvancedTradeWebSocketClientTests
         public void Constructor_NullConfig_ThrowsArgumentNullException()
         {
             //Arrange
-            WebSocketClientConfig config = null;
+            IOptions<CoinbaseClientConfig> config = null;
 
             //Act & Assert
             Assert.Throws<ArgumentNullException>(() =>
@@ -30,11 +31,12 @@ public void Constructor_NullConfig_ThrowsArgumentNullException()
         public void Constructor_EmptyConfigSetting_ThrowsArgumentException(string key, string secret)
         {
             //Arrange
-            WebSocketClientConfig config = new WebSocketClientConfig()
+            var configValue = new CoinbaseClientConfig()
             {
-                ApiKey = key,
-                ApiSecret = secret
+                KeyName = key,
+                KeySecret = secret
             };
+            var config = Options.Create(configValue);
 
             //Act & Assert
             Assert.Throws<ArgumentException>(() =>
@@ -164,11 +166,12 @@ public void Unsubscribe_EmptyProductIds_ThrowsArgumentNullException()
 
         private ICoinbaseAdvancedTradeWebSocketClient CreateTestClient()
         {
-            WebSocketClientConfig config = new WebSocketClientConfig()
+            var configValue = new CoinbaseClientConfig()
             {
-                ApiKey = "testKey",
-                ApiSecret = "testSecret"
+                KeyName = "testKey",
+                KeySecret = TestHelpers.TestConfigHelper.GenerateTestKeySecret()
             };
+            var config = Options.Create(configValue);
 
             return new CoinbaseAdvancedTradeWebSocketClient(config);
         }

CoinbaseAdvancedTradeClient/CoinbaseAdvancedTradeClient.UnitTests/Endpoints/AccountsEndpointTests.cs

@@ -5,6 +5,7 @@
 using CoinbaseAdvancedTradeClient.Models.Pages;
 using Flurl.Http;
 using Flurl.Http.Testing;
+using Microsoft.Extensions.Options;
 using System.Globalization;
 using Xunit;
 
@@ -16,11 +17,12 @@ public class AccountsEndpointTests
 
         public AccountsEndpointTests()
         {
-            var config = new ApiClientConfig()
+            var configValue = new CoinbaseClientConfig()
             {
-                ApiKey = "key",
-                ApiSecret = "secret"
+                KeyName = "key",
+                KeySecret = TestHelpers.TestConfigHelper.GenerateTestKeySecret()
             };
+            var config = Options.Create(configValue);
 
             _testClient = new CoinbaseAdvancedTradeApiClient(config);
         }

CoinbaseAdvancedTradeClient/CoinbaseAdvancedTradeClient.UnitTests/Endpoints/OrdersEndpointTests.cs

@@ -7,6 +7,7 @@
 using FakeItEasy;
 using Flurl.Http;
 using Flurl.Http.Testing;
+using Microsoft.Extensions.Options;
 using Xunit;
 
 namespace CoinbaseAdvancedTradeClient.UnitTests.Endpoints
@@ -17,11 +18,12 @@ public class OrdersEndpointTests
 
         public OrdersEndpointTests()
         {
-            var config = new ApiClientConfig()
+            var configValue = new CoinbaseClientConfig()
             {
-                ApiKey = "key",
-                ApiSecret = "secret"
+                KeyName = "key",
+                KeySecret = TestHelpers.TestConfigHelper.GenerateTestKeySecret()
             };
+            var config = Options.Create(configValue);
 
             _testClient = new CoinbaseAdvancedTradeApiClient(config);
         }

CoinbaseAdvancedTradeClient/CoinbaseAdvancedTradeClient.UnitTests/Endpoints/ProductsEndpointTests.cs

@@ -7,6 +7,7 @@
 using CoinbaseAdvancedTradeClient.Resources;
 using Flurl.Http;
 using Flurl.Http.Testing;
+using Microsoft.Extensions.Options;
 using Xunit;
 
 namespace CoinbaseAdvancedTradeClient.UnitTests.Endpoints
@@ -17,11 +18,12 @@ public class ProductsEndpointTests
 
         public ProductsEndpointTests()
         {
-            var config = new ApiClientConfig()
+            var configValue = new CoinbaseClientConfig()
             {
-                ApiKey = "key",
-                ApiSecret = "secret"
+                KeyName = "key",
+                KeySecret = TestHelpers.TestConfigHelper.GenerateTestKeySecret()
             };
+            var config = Options.Create(configValue);
 
             _testClient = new CoinbaseAdvancedTradeApiClient(config);
         }

CoinbaseAdvancedTradeClient/CoinbaseAdvancedTradeClient.UnitTests/Endpoints/TransactionSummaryEndpointTests.cs

@@ -6,6 +6,7 @@
 using CoinbaseAdvancedTradeClient.Models.Config;
 using Flurl.Http;
 using Flurl.Http.Testing;
+using Microsoft.Extensions.Options;
 using Xunit;
 
 namespace CoinbaseAdvancedTradeClient.UnitTests.Endpoints
@@ -16,11 +17,12 @@ public class TransactionSummaryEndpointTests
 
         public TransactionSummaryEndpointTests()
         {
-            var config = new ApiClientConfig()
+            var configValue = new CoinbaseClientConfig()
             {
-                ApiKey = "key",
-                ApiSecret = "secret"
+                KeyName = "key",
+                KeySecret = TestHelpers.TestConfigHelper.GenerateTestKeySecret()
             };
+            var config = Options.Create(configValue);
 
             _testClient = new CoinbaseAdvancedTradeApiClient(config);
         }

CoinbaseAdvancedTradeClient/CoinbaseAdvancedTradeClient.UnitTests/TestHelpers/TestConfigHelper.cs

@@ -0,0 +1,31 @@
+using Org.BouncyCastle.Asn1.Sec;
+using Org.BouncyCastle.Crypto.Generators;
+using Org.BouncyCastle.Crypto.Parameters;
+using Org.BouncyCastle.OpenSsl;
+using Org.BouncyCastle.Security;
+
+namespace CoinbaseAdvancedTradeClient.UnitTests.TestHelpers
+{
+    public static class TestConfigHelper
+    {
+        // Generate a valid EC P-256 private key for testing purposes
+        public static string GenerateTestKeySecret()
+        {
+            // Generate P-256 (secp256r1) key pair
+            var keyGen = new ECKeyPairGenerator();
+            var curveParams = SecNamedCurves.GetByName("secp256r1");
+            var domainParams = new ECDomainParameters(curveParams.Curve, curveParams.G, curveParams.N, curveParams.H);
+            keyGen.Init(new ECKeyGenerationParameters(domainParams, new SecureRandom()));
+
+            var keyPair = keyGen.GenerateKeyPair();
+            var privateKey = (ECPrivateKeyParameters)keyPair.Private;
+
+            // Convert to PEM format
+            using var stringWriter = new StringWriter();
+            var pemWriter = new PemWriter(stringWriter);
+            pemWriter.WriteObject(privateKey);
+
+            return stringWriter.ToString();
+        }
+    }
+}