chore: DRY up auth approval for signup deeplinks

e2e/src/tests/auth.rs

@@ -221,7 +221,10 @@ async fn signup_authz() {
     };
     assert_eq!(signup_deep_link.capabilities(), &caps);
     assert_eq!(
-        signup_deep_link.relay().as_str(),
+        signup_deep_link
+            .relay()
+            .expect("signup deep link should include relay")
+            .as_str(),
         testnet.http_relay().local_link_url().as_str()
     );
     assert_eq!(signup_deep_link.homeserver(), &server.public_key());
@@ -274,6 +277,49 @@ async fn signup_authz() {
     );
 }
 
+#[tokio::test]
+#[pubky_testnet::test]
+async fn signup_via_direct_deeplink() {
+    let testnet = build_full_testnet().await;
+    let server = testnet.homeserver_app();
+    let pubky = testnet.sdk().unwrap();
+
+    let signer = pubky.signer(Keypair::random());
+    let deeplink = format!("pubkyauth://signup?hs={}", server.public_key().z32());
+
+    signer.approve_auth(&deeplink).await.unwrap();
+
+    let session = signer.signin().await.unwrap();
+    assert_eq!(session.info().public_key(), &signer.public_key());
+}
+
+#[tokio::test]
+#[pubky_testnet::test]
+async fn signup_via_direct_deeplink_with_token() {
+    let testnet = build_full_testnet().await;
+    let server = testnet.homeserver_app();
+    let pubky = testnet.sdk().unwrap();
+
+    let token = server
+        .admin_server()
+        .expect("admin server should be enabled")
+        .create_signup_token()
+        .await
+        .unwrap();
+
+    let signer = pubky.signer(Keypair::random());
+    let deeplink = format!(
+        "pubkyauth://signup?hs={}&st={}",
+        server.public_key().z32(),
+        token
+    );
+
+    signer.approve_auth(&deeplink).await.unwrap();
+
+    let session = signer.signin().await.unwrap();
+    assert_eq!(session.info().public_key(), &signer.public_key());
+}
+
 #[tokio::test]
 #[pubky_testnet::test]
 async fn persist_and_restore_info() {

pubky-sdk/bindings/js/pkg/tests/auth.ts

@@ -98,6 +98,45 @@ test("Auth: 3rd party signin", async (t) => {
   t.end();
 });
 
+test("Auth: direct signup deeplink", async (t) => {
+  const sdk = Pubky.testnet();
+
+  const signer = sdk.signer(Keypair.random());
+  const deeplink = `pubkyauth://signup?hs=${HOMESERVER_PUBLICKEY.z32()}`;
+
+  await signer.approveAuthRequest(deeplink);
+
+  const session = await signer.signin();
+  t.equal(
+    session.info.publicKey.z32(),
+    signer.publicKey.z32(),
+    "session belongs to expected user",
+  );
+
+  t.end();
+});
+
+test("Auth: direct signup deeplink with token", async (t) => {
+  const sdk = Pubky.testnet();
+
+  const signupToken = await createSignupToken();
+  const signer = sdk.signer(Keypair.random());
+  const deeplink = `pubkyauth://signup?hs=${HOMESERVER_PUBLICKEY.z32()}&st=${encodeURIComponent(
+    signupToken,
+  )}`;
+
+  await signer.approveAuthRequest(deeplink);
+
+  const session = await signer.signin();
+  t.equal(
+    session.info.publicKey.z32(),
+    signer.publicKey.z32(),
+    "session belongs to expected user",
+  );
+
+  t.end();
+});
+
 test("startAuthFlow: rejects malformed capabilities; normalizes valid; allows empty", async (t) => {
   const sdk = Pubky.testnet(); // uses local testnet mapping so URLs are resolvable in-node
 

pubky-sdk/bindings/js/pkg/tests/deep_links.ts

@@ -36,12 +36,19 @@ test("signup deep link valid", async (t) => {
   const deepLink = SignupDeepLink.parse(url);
   t.equal(deepLink.capabilities, "/pub/pubky.app/:rw");
   t.equal(deepLink.baseRelayUrl, TESTNET_HTTP_RELAY);
-  t.deepEqual(deepLink.secret, new Uint8Array([146, 169, 220, 120, 67, 32, 172, 212, 12, 255, 24, 180, 234, 132, 23, 140, 13, 220, 36, 117, 255, 69, 9, 176, 212, 22, 58, 36, 77, 91, 177, 239]));
+  t.deepEqual(
+    deepLink.secret,
+    new Uint8Array([
+      146, 169, 220, 120, 67, 32, 172, 212, 12, 255, 24, 180, 234, 132, 23,
+      140, 13, 220, 36, 117, 255, 69, 9, 176, 212, 22, 58, 36, 77, 91, 177,
+      239,
+    ]),
+  );
   t.equal(deepLink.homeserver.z32(), HOMESERVER_PUBLICKEY.z32());
   t.equal(deepLink.signupToken, "1234567890");
 
-  t.equal(deepLink.toString(), url);
+  const expectedUrl = "pubkyauth://signup?hs=8pinxxgqs41n4aididenw5apqp1urfmzdztr8jt4abrkdn435ewo&st=1234567890&relay=http://localhost:15412/link&secret=kqnceEMgrNQM_xi06oQXjA3cJHX_RQmw1BY6JE1bse8&caps=/pub/pubky.app/:rw";
+  t.equal(deepLink.toString(), expectedUrl);
 
   t.end();
 });
-

pubky-sdk/bindings/js/src/actors/deep_links/signup.rs

@@ -31,13 +31,15 @@ impl SignupDeepLink {
     }
 
     #[wasm_bindgen(js_name = "baseRelayUrl", getter)]
-    pub fn base_relay_url(&self) -> String {
-        self.0.relay().to_string()
+    pub fn base_relay_url(&self) -> Option<String> {
+        self.0.relay().map(|relay| relay.to_string())
     }
 
     #[wasm_bindgen(getter)]
-    pub fn secret(&self) -> Uint8Array {
-        Uint8Array::from(self.0.secret().as_ref())
+    pub fn secret(&self) -> Option<Uint8Array> {
+        self.0
+            .secret()
+            .map(|secret| Uint8Array::from(secret.as_ref()))
     }
 
     #[wasm_bindgen(getter)]