Include ecosystem headers in auth flow

[0xFirekeeper]

Add support for propagating ecosystem identifiers through the auth flow. Introduce constants and a helper (extract_ecosystem_headers) to read x-ecosystem-id and x-ecosystem-partner-id from request headers in server extractors, and pass them into ThirdwebClientIdAndServiceKey. Extend ThirdwebClientIdAndServiceKey with optional ecosystem_id and ecosystem_partner_id (with serde defaults), and emit these headers when building request headers in ThirdwebAuth::ClientIdServiceKey. This preserves backward compatibility while allowing ecosystem metadata to be forwarded with auth credentials.

Summary by CodeRabbit

Release Notes

• New Features
  • Added support for optional ecosystem and ecosystem partner identifier headers in request authentication. These identifiers are now extracted and included in credential management for improved ecosystem tracking.

[coderabbitai]

Walkthrough

The changes add support for two new optional HTTP headers (x-ecosystem-id and x-ecosystem-partner-id) to the authentication flow. The extractors parse these headers as UTF-8 strings, and the values are integrated into the ThirdwebClientIdAndServiceKey structure, which conditionally serializes and includes them in header maps when present.

Changes

Cohort / File(s)	Summary
Ecosystem ID Header Support server/src/http/extractors.rs, thirdweb-core/src/auth.rs	Added extraction and integration of optional x-ecosystem-id and x-ecosystem-partner-id headers. Extractors parse these headers and pass values to ThirdwebClientIdAndServiceKey; the struct stores them as optional fields and conditionally includes them in header map serialization when present.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 25.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Include ecosystem headers in auth flow' clearly and concisely summarizes the main change: adding ecosystem header support to the authentication flow.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch firekeeper/ecosystem-7702

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (2)

server/src/http/extractors.rs (1)

89-97: Consider deduplicating ThirdwebClientIdAndServiceKey construction.

Both paths build the same auth payload now. A small helper would reduce drift risk when auth fields evolve again.

♻️ Suggested refactor

+fn build_client_id_service_key_auth(
+    client_id: &str,
+    service_key: &str,
+    parts: &Parts,
+) -> ThirdwebAuth {
+    let (ecosystem_id, ecosystem_partner_id) = extract_ecosystem_headers(parts);
+    ThirdwebAuth::ClientIdServiceKey(thirdweb_core::auth::ThirdwebClientIdAndServiceKey {
+        client_id: client_id.to_string(),
+        service_key: service_key.to_string(),
+        ecosystem_id,
+        ecosystem_partner_id,
+    })
+}
...
-        let (ecosystem_id, ecosystem_partner_id) = extract_ecosystem_headers(parts);
-
         Ok(RpcCredentialsExtractor(RpcCredentials::Thirdweb(
-            ThirdwebAuth::ClientIdServiceKey(thirdweb_core::auth::ThirdwebClientIdAndServiceKey {
-                client_id: client_id.to_string(),
-                service_key: service_key.to_string(),
-                ecosystem_id,
-                ecosystem_partner_id,
-            }),
+            build_client_id_service_key_auth(client_id, service_key, parts),
         )))
...
-            let (ecosystem_id, ecosystem_partner_id) = extract_ecosystem_headers(parts);
-
-            let thirdweb_auth = ThirdwebAuth::ClientIdServiceKey(
-                thirdweb_core::auth::ThirdwebClientIdAndServiceKey {
-                    client_id: client_id.to_string(),
-                    service_key: service_key.to_string(),
-                    ecosystem_id,
-                    ecosystem_partner_id,
-                },
-            );
+            let thirdweb_auth = build_client_id_service_key_auth(client_id, service_key, parts);

Also applies to: 254-262

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@server/src/http/extractors.rs` around lines 89 - 97, Both branches are
constructing the same ThirdwebClientIdAndServiceKey payload repeatedly; add a
small helper function (e.g., build_thirdweb_client_and_key) that accepts
client_id, service_key and the ecosystem tuple returned by
extract_ecosystem_headers and returns
thirdweb_core::auth::ThirdwebClientIdAndServiceKey, then replace the inline
constructions used when creating
RpcCredentialsExtractor(RpcCredentials::Thirdweb(...)) /
ThirdwebAuth::ClientIdServiceKey(...) in both locations (including the other
occurrence that matches lines 254-262) to call this helper so the auth payload
is built in one place.

thirdweb-core/src/auth.rs (1)

37-51: Add focused unit tests for optional ecosystem header behavior.

Please add tests for: no optional headers, only ecosystem_id, only ecosystem_partner_id, and both present.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@thirdweb-core/src/auth.rs` around lines 37 - 51, Add focused unit tests that
exercise the header-building behavior when creds has neither optional field,
only ecosystem_id, only ecosystem_partner_id, and both present: instantiate the
credentials struct used by the auth code (referencing creds and the optional
fields ecosystem_id and ecosystem_partner_id) and call the function that
builds/returns headers (the code that inserts "x-ecosystem-id" and
"x-ecosystem-partner-id" HeaderValue entries). For each test assert that no
error is returned and that the resulting headers map contains neither header for
the no-optional case, contains only "x-ecosystem-id" with the exact value when
ecosystem_id is set, contains only "x-ecosystem-partner-id" when
ecosystem_partner_id is set, and contains both keys with exact values when both
are set; include edge cases for parsing (valid header strings) and fail-fast
behavior is not expected.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@server/src/http/extractors.rs`:
- Around line 89-97: Both branches are constructing the same
ThirdwebClientIdAndServiceKey payload repeatedly; add a small helper function
(e.g., build_thirdweb_client_and_key) that accepts client_id, service_key and
the ecosystem tuple returned by extract_ecosystem_headers and returns
thirdweb_core::auth::ThirdwebClientIdAndServiceKey, then replace the inline
constructions used when creating
RpcCredentialsExtractor(RpcCredentials::Thirdweb(...)) /
ThirdwebAuth::ClientIdServiceKey(...) in both locations (including the other
occurrence that matches lines 254-262) to call this helper so the auth payload
is built in one place.

In `@thirdweb-core/src/auth.rs`:
- Around line 37-51: Add focused unit tests that exercise the header-building
behavior when creds has neither optional field, only ecosystem_id, only
ecosystem_partner_id, and both present: instantiate the credentials struct used
by the auth code (referencing creds and the optional fields ecosystem_id and
ecosystem_partner_id) and call the function that builds/returns headers (the
code that inserts "x-ecosystem-id" and "x-ecosystem-partner-id" HeaderValue
entries). For each test assert that no error is returned and that the resulting
headers map contains neither header for the no-optional case, contains only
"x-ecosystem-id" with the exact value when ecosystem_id is set, contains only
"x-ecosystem-partner-id" when ecosystem_partner_id is set, and contains both
keys with exact values when both are set; include edge cases for parsing (valid
header strings) and fail-fast behavior is not expected.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a6e9d37a-aea4-452d-90e9-c70af4160ede

📥 Commits

Reviewing files that changed from the base of the PR and between 1f4db8d and c512057.

📒 Files selected for processing (2)

• server/src/http/extractors.rs
• thirdweb-core/src/auth.rs