Skip to content

feat: expose frontendRequest block on SessionData#17

Merged
rubenhensen merged 1 commit into
mainfrom
feat/expose-frontend-request
Jun 19, 2026
Merged

feat: expose frontendRequest block on SessionData#17
rubenhensen merged 1 commit into
mainfrom
feat/expose-frontend-request

Conversation

@dobby-coder

@dobby-coder dobby-coder Bot commented Jun 18, 2026

Copy link
Copy Markdown

Summary

Since irmago v0.14.0, POST /session returns an extra frontendRequest block carrying an authorization token (plus protocol-version bounds). irmars previously dropped this field silently via serde. This PR exposes it so downstream consumers can drive the IRMA/Yivi frontend directly — most importantly to complete the pairing handshake, which has been mandatory by default for IRMA clients since v0.13.0.

Changes

  • Add frontend_request: Option<FrontendRequest> to SessionData (serde rename = "frontendRequest", absent-tolerant via default, omitted on serialization when None).
  • Add a new public FrontendRequest struct exposing:
    • authorization: String
    • min_protocol_version: Option<String> (minProtocolVersion)
    • max_protocol_version: Option<String> (maxProtocolVersion)
  • Re-export FrontendRequest from the crate root.

Compatibility

Fully backwards compatible: servers older than v0.14.0 that omit the block deserialize to None. The optional protocol-version fields also tolerate servers that send only authorization.

Testing

  • Added three unit tests covering: a full frontendRequest block, an absent block (older servers, asserts the field is skipped on serialize), and a block with only authorization.
  • Extended the test_full_client_interaction integration test to assert frontend_request.authorization is present and non-empty.
  • cargo test (unit), cargo clippy --all-targets, and cargo fmt --check all pass.
  • Ran the full integration test suite locally against a real irmago v0.19.2 server — passes, confirming the real server populates the block and we deserialize it correctly.

Closes #6

Since irmago v0.14.0, POST /session returns a frontendRequest block
carrying an authorization token (and protocol version bounds) used to
drive the IRMA/Yivi frontend directly — most importantly to complete the
pairing handshake, which is mandatory by default since v0.13.0.

This block was previously dropped by serde. Add an optional
frontend_request: Option<FrontendRequest> field to SessionData and a
FrontendRequest struct exposing authorization, min_protocol_version and
max_protocol_version. The field is absent-tolerant (older servers) and
skipped on serialization when None.

Closes #6

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@dobby-coder dobby-coder Bot marked this pull request as ready for review June 18, 2026 23:15
@rubenhensen rubenhensen merged commit aff8103 into main Jun 19, 2026
4 checks passed
@rubenhensen rubenhensen deleted the feat/expose-frontend-request branch June 19, 2026 07:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Expose frontendRequest.authorization on SessionData

1 participant