MetaMask · grvgoel81 · Apr 8, 2026 · Apr 8, 2026 · Apr 8, 2026 · Apr 10, 2026
@@ -197,6 +197,7 @@ jobs:
           METAMASK_BUILD_TYPE: ${{ inputs.build_type }}
           IS_TEST: true
           E2E: 'true'
+          E2E_MOCK_OAUTH: 'true'
           IGNORE_BOXLOGS_DEVELOPMENT: true
           GITHUB_CI: 'true'
           CI: 'true'
@@ -249,6 +250,7 @@ jobs:
           METAMASK_BUILD_TYPE: ${{ inputs.build_type }}
           IS_TEST: true
           E2E: 'true'
+          E2E_MOCK_OAUTH: 'true'
           IGNORE_BOXLOGS_DEVELOPMENT: true
           GITHUB_CI: 'true'
           CI: 'true'

@@ -257,7 +257,7 @@ jobs:
           ENV_VARS=$(jq -n \
             --arg byoa "${{ secrets.E2E_BYOA_AUTH_SECRET }}" \
             --arg email "${{ secrets.E2E_MOCK_OAUTH_EMAIL }}" \
-            '[{"mapped_to":"DISABLE_NOTIFICATION_PROMPT","value":"true","is_expand":true},{"mapped_to":"E2E_MOCK_OAUTH","value":"true","is_expand":true},{"mapped_to":"E2E_BYOA_AUTH_SECRET","value":$byoa,"is_expand":true},{"mapped_to":"E2E_MOCK_OAUTH_EMAIL","value":$email,"is_expand":true}]')
+            '[{"mapped_to":"DISABLE_NOTIFICATION_PROMPT","value":"true","is_expand":true},{"mapped_to":"E2E_MOCK_OAUTH","value":"true","is_expand":true},{"mapped_to":"E2E_BYOA_AUTH_SECRET","value":$byoa,"is_expand":true},{"mapped_to":"E2E_MOCK_OAUTH_EMAIL","value":$email,"is_expand":true},{"mapped_to":"OAUTH_BUILD_TYPE","value":"main_uat","is_expand":true}]')
           CUSTOM_ID="MetaMask-Android-Without-SRP-${{ github.run_id }}"
 
           # Trigger Android workflow

@@ -42,6 +42,7 @@ jobs:
       METAMASK_BUILD_TYPE: ${{ inputs.build_type }}
       IS_TEST: true
       E2E: 'true'
+      E2E_MOCK_OAUTH: 'true'
       IGNORE_BOXLOGS_DEVELOPMENT: true
       CI: 'true'
       NODE_OPTIONS: '--max-old-space-size=8192'
@@ -183,6 +184,7 @@ jobs:
           METAMASK_ENVIRONMENT: main
           METAMASK_BUILD_TYPE: main
           IS_TEST: true
+          E2E_MOCK_OAUTH: 'true'
           IS_SIM_BUILD: 'true' # Ensures simulator build (.app) not device build (.ipa)
           IGNORE_BOXLOGS_DEVELOPMENT: true
           GITHUB_CI: 'true'
@@ -219,6 +221,7 @@ jobs:
           METAMASK_BUILD_TYPE: main
           IS_TEST: true
           E2E: 'true'
+          E2E_MOCK_OAUTH: 'true'
           IGNORE_BOXLOGS_DEVELOPMENT: true
           GITHUB_CI: 'true'
           CI: 'true'

@@ -258,7 +258,7 @@ jobs:
           ENV_VARS=$(jq -n \
             --arg byoa "${{ secrets.E2E_BYOA_AUTH_SECRET }}" \
             --arg email "${{ secrets.E2E_MOCK_OAUTH_EMAIL }}" \
-            '[{"mapped_to":"DISABLE_NOTIFICATION_PROMPT","value":"true","is_expand":true},{"mapped_to":"E2E_MOCK_OAUTH","value":"true","is_expand":true},{"mapped_to":"E2E_BYOA_AUTH_SECRET","value":$byoa,"is_expand":true},{"mapped_to":"E2E_MOCK_OAUTH_EMAIL","value":$email,"is_expand":true}]')
+            '[{"mapped_to":"DISABLE_NOTIFICATION_PROMPT","value":"true","is_expand":true},{"mapped_to":"E2E_MOCK_OAUTH","value":"true","is_expand":true},{"mapped_to":"E2E_BYOA_AUTH_SECRET","value":$byoa,"is_expand":true},{"mapped_to":"E2E_MOCK_OAUTH_EMAIL","value":$email,"is_expand":true},{"mapped_to":"OAUTH_BUILD_TYPE","value":"main_uat","is_expand":true}]')
           CUSTOM_ID="MetaMask-iOS-Without-SRP-${{ github.run_id }}"
 
           # Trigger iOS workflow

diff --git a/android/app/src/main/res/xml/react_native_config.xml b/android/app/src/main/res/xml/react_native_config.xml
@@ -1,10 +1,15 @@
 <?xml version="1.0" encoding="utf-8"?>
 <network-security-config>
+	<base-config cleartextTrafficPermitted="${isDebug}">
+		<trust-anchors>
+			<certificates src="system" />
+			<certificates src="user" />
+		</trust-anchors>
+	</base-config>
 	<domain-config cleartextTrafficPermitted="true">
-    <domain includeSubdomains="true">sslip.io</domain>
+		<domain includeSubdomains="true">sslip.io</domain>
 		<domain includeSubdomains="false">localhost</domain>
 		<domain includeSubdomains="false">10.0.2.2</domain>
 		<domain includeSubdomains="false">10.0.3.2</domain>
 	</domain-config>
-  <base-config cleartextTrafficPermitted="${isDebug}" />
 </network-security-config>
diff --git a/app/components/Views/ResetPassword/__snapshots__/index.test.tsx.snap b/app/components/Views/ResetPassword/__snapshots__/index.test.tsx.snap
@@ -348,6 +348,7 @@ exports[`ResetPassword render matches snapshot 1`] = `
                   }
                 >
                   <TextInput
+                    accessibilityLabel="create-password-first-input-field"
                     autoComplete="password"
                     autoFocus={false}
                     editable={true}

diff --git a/app/components/Views/ResetPassword/index.tsx b/app/components/Views/ResetPassword/index.tsx
@@ -572,6 +572,9 @@ const ResetPassword = ({ navigation, route }: ResetPasswordProps) => {
               value={password}
               onSubmitEditing={reauthenticateWithPassword}
               testID={ChoosePasswordSelectorsIDs.NEW_PASSWORD_INPUT_ID}
+              accessibilityLabel={
+                ChoosePasswordSelectorsIDs.NEW_PASSWORD_INPUT_ID
+              }
               keyboardAppearance={themeAppearance}
               autoComplete="password"
             />
@@ -648,6 +651,9 @@ const ResetPassword = ({ navigation, route }: ResetPasswordProps) => {
                       'reset_password.new_password_placeholder',
                     )}
                     testID={ChoosePasswordSelectorsIDs.NEW_PASSWORD_INPUT_ID}
+                    accessibilityLabel={
+                      ChoosePasswordSelectorsIDs.NEW_PASSWORD_INPUT_ID
+                    }
                     onSubmitEditing={jumpToConfirmPassword}
                     returnKeyType="next"
                     autoComplete="password-new"
@@ -694,6 +700,9 @@ const ResetPassword = ({ navigation, route }: ResetPasswordProps) => {
                     testID={
                       ChoosePasswordSelectorsIDs.CONFIRM_PASSWORD_INPUT_ID
                     }
+                    accessibilityLabel={
+                      ChoosePasswordSelectorsIDs.CONFIRM_PASSWORD_INPUT_ID
+                    }
                     returnKeyType={'done'}
                     autoComplete="password-new"
                     autoCapitalize="none"

diff --git a/app/core/Authentication/Authentication.test.ts b/app/core/Authentication/Authentication.test.ts
@@ -1218,7 +1218,7 @@ describe('Authentication', () => {
         }
       });
 
-      it('skips createAndBackupSeedPhrase for OAuth when E2E_MOCK_OAUTH is true', async () => {
+      it('calls createAndBackupSeedPhrase for OAuth even when E2E_MOCK_OAUTH is true', async () => {
         mockIsE2EMockOAuth.mockReturnValue(true);
 
         const mockDispatchLocal = jest.fn();
@@ -1241,8 +1241,8 @@ describe('Authentication', () => {
           oauth2Login: true,
         });
 
-        expect(createWalletSpy).toHaveBeenCalledWith('password');
-        expect(backupSpy).not.toHaveBeenCalled();
+        expect(backupSpy).toHaveBeenCalledWith('password');
+        expect(createWalletSpy).not.toHaveBeenCalled();
 
         createWalletSpy.mockRestore();
         backupSpy.mockRestore();

diff --git a/app/core/Authentication/Authentication.ts b/app/core/Authentication/Authentication.ts
@@ -36,7 +36,6 @@ import StorageWrapper from '../../store/storage-wrapper';
 import NavigationService from '../NavigationService';
 import Routes from '../../constants/navigation/Routes';
 import { TraceName, TraceOperation, trace, endTrace } from '../../util/trace';
-import { isE2EMockOAuth } from '../../util/environment';
 import { discoverAccounts } from '../../multichain-accounts/discovery';
 import ReduxService from '../redux';
 import { retryWithExponentialDelay } from '../../util/exponential-retry';
@@ -549,7 +548,7 @@ class AuthenticationService {
     authData: AuthData,
   ): Promise<void> => {
     try {
-      if (authData.oauth2Login && !isE2EMockOAuth()) {
+      if (authData.oauth2Login) {
         await this.createAndBackupSeedPhrase(password);
       } else {
         await this.createWalletVaultAndKeychain(password);

@@ -10,7 +10,7 @@ interface OAUTH_CONFIG_TYPE {
   IOS_APPLE_AUTH_CONNECTION_ID: string;
 }
 
-enum BUILD_TYPE {
+export enum BUILD_TYPE {
   development = 'development',
   main_prod = 'main_prod',
   main_uat = 'main_uat',

@@ -1,10 +1,10 @@
 import { ACTIONS, PREFIXES, PROTOCOLS } from '../../../constants/deeplinks';
 import Device from '../../../util/device';
 import ReduxService from '../../redux';
-import { isQa } from '../../../util/test/utils';
 import AppConstants from '../../AppConstants';
 import { AuthConnection } from '../OAuthInterface';
 import { OAUTH_CONFIG } from './config';
+import { resolveOAuthConfigKey } from './oauthBuildType';
 import {
   DEFAULT_LEGACY_IOS_GOOGLE_CONFIG_ENABLED,
   selectLegacyIosGoogleConfigEnabled,
@@ -13,45 +13,8 @@ import {
 export const SEEDLESS_ONBOARDING_ENABLED =
   process.env.SEEDLESS_ONBOARDING_ENABLED === 'true';
 
-/**
- * Mapping of old Build Type to new BuildType formatting for oauth config
- * Main -> main_prod
- * QA -> main_uat
- * Debug -> main_dev
- * flask -> flask_prod
- * flask QA -> flask_uat
- * flask Debug -> flask_dev
- *
- * new build types
- * main_beta -> main_prod
- * main_rc -> main_prod
- *
- * @param buildType - The build type to map
- * @param isDev - Whether the build is a development build
- * @returns The mapped build type
- */
-const buildTypeMapping = (buildType: string, isDev: boolean) => {
-  // use development config for now
-  if (process.env.DEV_OAUTH_CONFIG === 'true' && isDev) {
-    return 'development';
-  }
-
-  switch (buildType) {
-    case 'qa':
-      return 'main_uat';
-    case 'main':
-      return isQa ? 'main_uat' : isDev ? 'main_dev' : 'main_prod';
-    case 'flask':
-      return isQa ? 'flask_uat' : isDev ? 'flask_dev' : 'flask_prod';
-    default:
-      return 'development';
-  }
-};
-
-const BuildType = buildTypeMapping(
-  AppConstants.METAMASK_BUILD_TYPE || 'main',
-  AppConstants.IS_DEV,
-);
+/** OAuth config key: env override or build-type mapping */
+const BuildType = resolveOAuthConfigKey();
 const CURRENT_OAUTH_CONFIG = OAUTH_CONFIG[BuildType];
 
 export const web3AuthNetwork = CURRENT_OAUTH_CONFIG.WEB3AUTH_NETWORK;

@@ -0,0 +1,83 @@
+import { BUILD_TYPE, OAUTH_CONFIG } from './config';
+import { buildTypeMapping } from './oauthBuildType';
+
+describe('buildTypeMapping', () => {
+  const originalDevOAuth = process.env.DEV_OAUTH_CONFIG;
+
+  afterEach(() => {
+    if (originalDevOAuth === undefined) {
+      delete process.env.DEV_OAUTH_CONFIG;
+    } else {
+      process.env.DEV_OAUTH_CONFIG = originalDevOAuth;
+    }
+  });
+
+  it('returns development when DEV_OAUTH_CONFIG is true and isDev', () => {
+    process.env.DEV_OAUTH_CONFIG = 'true';
+    expect(buildTypeMapping('main', true, false)).toBe(BUILD_TYPE.development);
+  });
+
+  it('maps qa to main_uat', () => {
+    expect(buildTypeMapping('qa', false, false)).toBe(BUILD_TYPE.main_uat);
+  });
+
+  it('maps main with QA channel to main_uat', () => {
+    expect(buildTypeMapping('main', false, true)).toBe(BUILD_TYPE.main_uat);
+  });
+
+  it('maps main without QA to main_dev when isDev', () => {
+    expect(buildTypeMapping('main', true, false)).toBe(BUILD_TYPE.main_dev);
+  });
+
+  it('maps main without QA to main_prod when not isDev', () => {
+    expect(buildTypeMapping('main', false, false)).toBe(BUILD_TYPE.main_prod);
+  });
+
+  it('maps flask with QA channel to flask_uat', () => {
+    expect(buildTypeMapping('flask', false, true)).toBe(BUILD_TYPE.flask_uat);
+  });
+
+  it('maps flask without QA to flask_dev when isDev', () => {
+    expect(buildTypeMapping('flask', true, false)).toBe(BUILD_TYPE.flask_dev);
+  });
+
+  it('maps flask without QA to flask_prod when not isDev', () => {
+    expect(buildTypeMapping('flask', false, false)).toBe(BUILD_TYPE.flask_prod);
+  });
+
+  it('returns development for unknown build type', () => {
+    expect(buildTypeMapping('unknown', false, false)).toBe(
+      BUILD_TYPE.development,
+    );
+  });
+});
+
+describe('resolveOAuthConfigKey', () => {
+  const originalOauthBuildType = process.env.OAUTH_BUILD_TYPE;
+
+  afterEach(() => {
+    if (originalOauthBuildType === undefined) {
+      delete process.env.OAUTH_BUILD_TYPE;
+    } else {
+      process.env.OAUTH_BUILD_TYPE = originalOauthBuildType;
+    }
+  });
+
+  it('returns OAUTH_BUILD_TYPE when set to a valid config key', () => {
+    jest.resetModules();
+    process.env.OAUTH_BUILD_TYPE = BUILD_TYPE.main_prod;
+    // eslint-disable-next-line @typescript-eslint/no-require-imports, @typescript-eslint/no-var-requires -- Jest reload after resetModules; dynamic import needs experimental-vm-modules
+    const { resolveOAuthConfigKey } = require('./oauthBuildType');
+    expect(resolveOAuthConfigKey()).toBe(BUILD_TYPE.main_prod);
+  });
+
+  it('ignores OAUTH_BUILD_TYPE when not a key of OAUTH_CONFIG', () => {
+    jest.resetModules();
+    process.env.OAUTH_BUILD_TYPE = 'not_a_real_key';
+    // eslint-disable-next-line @typescript-eslint/no-require-imports, @typescript-eslint/no-var-requires
+    const { resolveOAuthConfigKey } = require('./oauthBuildType');
+    const key = resolveOAuthConfigKey();
+    expect(key).not.toBe('not_a_real_key');
+    expect(key in OAUTH_CONFIG).toBe(true);
+  });
+});
@@ -0,0 +1,58 @@
+import AppConstants from '../../AppConstants';
+import { isQa } from '../../../util/test/utils';
+import { BUILD_TYPE, OAUTH_CONFIG } from './config';
+
+/**
+ * Maps MetaMask build type + dev/QA flags to OAuth config keys.
+ * @param buildType - e.g. main, qa, flask
+ * @param isDev - development build
+ * @param isQaChannel - QA / e2e / exp channel
+ */
+export function buildTypeMapping(
+  buildType: string,
+  isDev: boolean,
+  isQaChannel: boolean,
+): BUILD_TYPE {
+  if (process.env.DEV_OAUTH_CONFIG === 'true' && isDev) {
+    return BUILD_TYPE.development;
+  }
+
+  switch (buildType) {
+    case 'qa':
+      return BUILD_TYPE.main_uat;
+    case 'main':
+      return isQaChannel
+        ? BUILD_TYPE.main_uat
+        : isDev
+          ? BUILD_TYPE.main_dev
+          : BUILD_TYPE.main_prod;
+    case 'flask':
+      return isQaChannel
+        ? BUILD_TYPE.flask_uat
+        : isDev
+          ? BUILD_TYPE.flask_dev
+          : BUILD_TYPE.flask_prod;
+    default:
+      return BUILD_TYPE.development;
+  }
+}
+
+/**
+ * Resolves which {@link OAUTH_CONFIG} entry applies (env override or build mapping).
+ */
+export function resolveOAuthConfigKey(): keyof typeof OAUTH_CONFIG {
+  const fromEnv = process.env.OAUTH_BUILD_TYPE;
+  if (
+    typeof fromEnv === 'string' &&
+    fromEnv.length > 0 &&
+    fromEnv in OAUTH_CONFIG
+  ) {
+    return fromEnv as keyof typeof OAUTH_CONFIG;
+  }
+
+  return buildTypeMapping(
+    AppConstants.METAMASK_BUILD_TYPE || 'main',
+    AppConstants.IS_DEV,
+    isQa,
+  );
+}