Update Configuration and Authentication Protocol#9
Merged
PearlAegis merged 24 commits intomainfrom Sep 16, 2025
Merged
Conversation
- Add BouncyCastle.Cryptography v2.6.2 package reference - Required for SecretApiKey authentication using Ed25519 signatures 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Add RequestMethodRequired, RequestHostRequired, RequestPathRequired messages - Add InvalidBase64KeyFormat and InvalidEd25519KeyLength error messages - Update ErrorMessages.Designer.cs with new resource properties 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Add SecretApiKeyConfig for REST API authentication configuration - Add SecretApiKeyWebSocketConfig for WebSocket authentication configuration - Both models include KeyName, KeySecret, and default endpoint URLs 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Add SecretApiKeyAuthenticator class with GenerateBearerJWT method - Implements Coinbase's new authentication using Ed25519 digital signatures - Validates Ed25519 key format (64 bytes: 32-byte seed + 32-byte public key) - Generates JWT with proper header, payload, and Ed25519 signature - Includes comprehensive input validation with descriptive error messages - Uses BouncyCastle for cryptographic operations 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Add TestConfigHelper with Ed25519 test key generation - Include factory methods for creating test API and WebSocket configs - Generate valid 64-byte Ed25519 keys with deterministic test patterns 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Add SecretApiKeyAuthenticatorTests with JWT generation validation - Test valid parameter scenarios and JWT format verification - Test error handling for invalid key formats - Verify proper 3-part JWT structure (header.payload.signature) 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Add Authorization header constant to RequestHeaders class - Required for new SecretApiKey JWT-based authentication 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Add BearerTokenFormat resource with value "Bearer {0}"
- Update ErrorMessages.Designer.cs with new resource property
- Enables localization and centralized management of Bearer token format
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Update CoinbaseAdvancedTradeApiClient to use JWT Bearer authentication - Update CoinbaseAdvancedTradeWebSocketClient to use JWT signatures - Replace HMAC-SHA256 signatures with Ed25519 JWT tokens - Use Authorization header with Bearer token format from string resources - Remove deprecated ApiKeyAuthenticator.cs - Switch from ApiClientConfig/WebSocketClientConfig to SecretApiKey variants BREAKING CHANGE: Authentication method changed from HMAC to Ed25519 JWT 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Add [Obsolete] attributes to ApiClientConfig and WebSocketClientConfig - Provide clear migration guidance to SecretApiKey variants - Maintain backward compatibility while encouraging migration 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Update all test files to use SecretApiKeyConfig instead of ApiClientConfig - Update WebSocket tests to use SecretApiKeyWebSocketConfig - Switch from ApiKey/ApiSecret to KeyName/KeySecret property names - Use TestConfigHelper.GenerateTestKeySecret() for proper Ed25519 key generation - All 144 tests continue to pass with new authentication system 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
PearlAegis
changed the title
PearlAegis
changed the title
PearlAegis
changed the title
PearlAegis
commented
Sep 9, 2025
...lient/CoinbaseAdvancedTradeClient.UnitTests/Authentication/SecretApiKeyAuthenticatorTests.cs
Outdated
Show resolved
Hide resolved
PearlAegis
commented
Sep 9, 2025
...eAdvancedTradeClient/CoinbaseAdvancedTradeClient/Authentication/SecretApiKeyAuthenticator.cs
Show resolved
Hide resolved
Owner
Author
|
A human being has reviewed and approved this pull request. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR implements a complete migration from legacy HMAC-SHA256 authentication to modern JWT Bearer token authentication using ECDSA ES256 signatures, aligning with Coinbase's Cloud API authentication standards.
Key Changes
SecretApiKeyAuthenticatorusing JWT Bearer tokens with ES256 signaturesApiClientConfigandWebsocketClientConfiginto singleCoinbaseClientConfigIOptions<T>support withAddCoinbaseAdvancedTradeClient()extension methodBreaking Changes
ApiKey/ApiSecret→KeyName/KeySecretIOptions<CoinbaseClientConfig>ApiKeyAuthenticatorand CB-ACCESS-* header authenticationTest Plan
🤖 Generated with Claude Code