Class: X402::CdpFacilitatorAuth

Inherits:
Object
  • Object
show all
Defined in:
lib/x402/cdp_facilitator_auth.rb

Overview

Bearer JWT auth for the Coinbase CDP facilitator, mirroring @coinbase/cdp-sdk generateJwt: per-request, URI-bound claims, signed with ES256 (PEM EC key) or EdDSA (base64 Ed25519 seed+public key).

Applied automatically by FacilitatorClient when the configured facilitator host is api.cdp.coinbase.com. Credentials come from config.cdp_api_key_id and config.cdp_api_key_secret (or the CDP_API_KEY_ID / CDP_API_KEY_SECRET env vars CDP's own SDKs use). Other facilitators are untouched.

Constant Summary collapse

CDP_HOST =
"api.cdp.coinbase.com"
EXPIRY_SECONDS =
120

Class Method Summary collapse

Class Method Details

.headers_for(facilitator_url:, http_method:, endpoint:) ⇒ Object



20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# File 'lib/x402/cdp_facilitator_auth.rb', line 20

def headers_for(facilitator_url:, http_method:, endpoint:)
  uri = URI(facilitator_url)
  return {} unless uri.host == CDP_HOST

  config = X402.configuration
  key_id = config.cdp_api_key_id
  secret = config.cdp_api_key_secret
  if key_id.nil? || key_id.empty? || secret.nil? || secret.empty?
    X402.logger.error(
      "[x402] CDP facilitator requires cdp_api_key_id and cdp_api_key_secret " \
      "(or CDP_API_KEY_ID / CDP_API_KEY_SECRET); sending the request unauthenticated",
    )
    return {}
  end

  jwt = bearer_jwt(
    key_id: key_id,
    secret: secret,
    http_method: http_method,
    request_host: uri.host,
    request_path: "#{uri.path}/#{endpoint}",
  )
  jwt ? { "Authorization" => "Bearer #{jwt}" } : {}
end