feat: integrate AuthenticationController for bearer token handling in…

[meltingice1337]

Explanation

RampsService.getBuyWidgetUrl previously issued unauthenticated requests to the ramps API (/providers/<provider>/buy-widget). The upstream API is being gated behind authentication, so without a bearer token the call will start to fail and break the Buy flow for every consumer (mobile, extension).

This PR makes getBuyWidgetUrl authenticated by sourcing a bearer token from AuthenticationController via the messenger and attaching it as an Authorization: Bearer <token> header on the outgoing request.

How it works:

• A new private method RampsService.#getRequestHeaders calls the messenger action AuthenticationController:getBearerToken and returns the Authorization header. It is awaited once per getBuyWidgetUrl invocation (verified by a new test) before the request is dispatched through the existing #policy.execute wrapper, so token retrieval happens outside the retry/circuit-breaker loop. If the token call rejects (e.g. wallet is locked, user signed out), the rejection propagates and no HTTP call is made — also covered by a new test.
• RampsServiceMessenger's AllowedActions is widened from never to AuthenticationController.AuthenticationControllerGetBearerTokenAction. This is a breaking change to the messenger contract: consumers must delegate the AuthenticationController:getBearerToken action into the ramps messenger before calling getBuyWidgetUrl.
• The scope of the auth requirement is deliberately narrow — only getBuyWidgetUrl is authenticated in this PR. Other endpoints (e.g. getGeolocation) remain unauthenticated and explicitly do not request a bearer token; this is locked in by tests that assert getBearerToken is not called and that no Authorization header is sent for those endpoints.

Dependency added:

@metamask/profile-sync-controller@^28.1.0 is added as a runtime dependency solely for its AuthenticationController type export (the AuthenticationControllerGetBearerTokenAction action type). It is not instantiated by ramps-controller; the implementing controller lives in the consuming app and is wired up via the messenger.

Demo:

auth_demo.mp4

Test updates:

• Existing happy-path tests for getBuyWidgetUrl now assert the Authorization: Bearer mock-bearer-token header is present on the nock interceptor.
• New tests cover: bearer token is fetched exactly once per call; rejection from getBearerToken short-circuits before any HTTP request; and the scope assertion that getGeolocation remains unauthenticated.
• The getRootMessenger/getService test helpers now delegate the AuthenticationController:getBearerToken action and expose a mockGetBearerToken jest mock so individual tests can override the resolution behavior.

References

• Fixes TRAM-3502
• Consumer adoption (mobile): feat: delegate AuthenticationController:getBearerToken in RampsServic… metamask-mobile#30319

Checklist

• I've updated the test suite for new or updated code as appropriate
• I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate
• I've communicated my changes to consumers by updating changelogs for packages I've changed
• I've introduced breaking changes in this PR and have prepared draft pull requests for clients and consumer packages to resolve them

---

Note

Medium Risk
Medium risk due to a breaking messenger contract change requiring consumers to delegate AuthenticationController:getBearerToken, and because it changes how getBuyWidgetUrl performs network requests by adding auth headers and failing early when tokens are unavailable.

Overview
RampsService.getBuyWidgetUrl now authenticates buy-widget requests by retrieving a bearer token via the messenger action AuthenticationController:getBearerToken and sending Authorization: Bearer <token> on the HTTP call.

This widens RampsServiceMessenger allowed actions (a breaking change for consumers that must delegate/register the new action), adds @metamask/profile-sync-controller as a runtime dependency for the action type, updates TS project references, and extends tests to assert auth header behavior, token fetch call counts, and that unrelated endpoints (e.g. getGeolocation) remain unauthenticated.

^{Reviewed by Cursor Bugbot for commit bdad742. Bugbot is set up for automated code reviews on this repo. Configure here.}

[meltingice1337]

@metamaskbot publish-previews

[github-actions]

Preview builds have been published. Learn how to use preview builds in other projects.

Expand for full list of packages and versions.

@metamask-previews/account-tree-controller@7.4.0-preview-bdad7425c
@metamask-previews/accounts-controller@38.1.1-preview-bdad7425c
@metamask-previews/address-book-controller@7.1.2-preview-bdad7425c
@metamask-previews/ai-controllers@0.6.3-preview-bdad7425c
@metamask-previews/analytics-controller@1.0.1-preview-bdad7425c
@metamask-previews/analytics-data-regulation-controller@0.0.0-preview-bdad7425c
@metamask-previews/announcement-controller@8.1.0-preview-bdad7425c
@metamask-previews/app-metadata-controller@2.0.1-preview-bdad7425c
@metamask-previews/approval-controller@9.0.1-preview-bdad7425c
@metamask-previews/assets-controller@7.1.2-preview-bdad7425c
@metamask-previews/assets-controllers@108.1.0-preview-bdad7425c
@metamask-previews/authenticated-user-storage@2.0.0-preview-bdad7425c
@metamask-previews/base-controller@9.1.0-preview-bdad7425c
@metamask-previews/base-data-service@0.1.3-preview-bdad7425c
@metamask-previews/bridge-controller@72.0.4-preview-bdad7425c
@metamask-previews/bridge-status-controller@71.1.4-preview-bdad7425c
@metamask-previews/build-utils@3.0.4-preview-bdad7425c
@metamask-previews/chain-agnostic-permission@1.6.1-preview-bdad7425c
@metamask-previews/chomp-api-service@3.1.0-preview-bdad7425c
@metamask-previews/claims-controller@0.5.1-preview-bdad7425c
@metamask-previews/client-controller@1.0.1-preview-bdad7425c
@metamask-previews/compliance-controller@2.0.1-preview-bdad7425c
@metamask-previews/composable-controller@12.0.1-preview-bdad7425c
@metamask-previews/config-registry-controller@0.3.1-preview-bdad7425c
@metamask-previews/connectivity-controller@0.2.0-preview-bdad7425c
@metamask-previews/controller-utils@12.1.0-preview-bdad7425c
@metamask-previews/core-backend@6.3.0-preview-bdad7425c
@metamask-previews/delegation-controller@3.0.0-preview-bdad7425c
@metamask-previews/earn-controller@12.1.2-preview-bdad7425c
@metamask-previews/eip-5792-middleware@3.0.4-preview-bdad7425c
@metamask-previews/eip-7702-internal-rpc-middleware@0.1.1-preview-bdad7425c
@metamask-previews/eip1193-permission-middleware@2.0.1-preview-bdad7425c
@metamask-previews/ens-controller@19.1.3-preview-bdad7425c
@metamask-previews/eth-block-tracker@15.0.1-preview-bdad7425c
@metamask-previews/eth-json-rpc-middleware@23.1.3-preview-bdad7425c
@metamask-previews/eth-json-rpc-provider@6.0.1-preview-bdad7425c
@metamask-previews/foundryup@1.0.1-preview-bdad7425c
@metamask-previews/gas-fee-controller@26.2.2-preview-bdad7425c
@metamask-previews/gator-permissions-controller@4.1.2-preview-bdad7425c
@metamask-previews/geolocation-controller@0.1.3-preview-bdad7425c
@metamask-previews/json-rpc-engine@10.5.0-preview-bdad7425c
@metamask-previews/json-rpc-middleware-stream@8.0.8-preview-bdad7425c
@metamask-previews/keyring-controller@25.5.0-preview-bdad7425c
@metamask-previews/logging-controller@8.0.2-preview-bdad7425c
@metamask-previews/message-manager@14.1.2-preview-bdad7425c
@metamask-previews/messenger@1.2.0-preview-bdad7425c
@metamask-previews/messenger-cli@0.2.0-preview-bdad7425c
@metamask-previews/money-account-balance-service@1.0.2-preview-bdad7425c
@metamask-previews/money-account-controller@0.3.0-preview-bdad7425c
@metamask-previews/money-account-upgrade-controller@2.0.2-preview-bdad7425c
@metamask-previews/multichain-account-service@10.0.0-preview-bdad7425c
@metamask-previews/multichain-api-middleware@3.1.2-preview-bdad7425c
@metamask-previews/multichain-network-controller@3.1.2-preview-bdad7425c
@metamask-previews/multichain-transactions-controller@7.1.0-preview-bdad7425c
@metamask-previews/name-controller@9.1.2-preview-bdad7425c
@metamask-previews/network-controller@32.0.0-preview-bdad7425c
@metamask-previews/network-enablement-controller@5.2.0-preview-bdad7425c
@metamask-previews/notification-services-controller@24.1.0-preview-bdad7425c
@metamask-previews/passkey-controller@2.0.1-preview-bdad7425c
@metamask-previews/permission-controller@13.1.1-preview-bdad7425c
@metamask-previews/permission-log-controller@5.1.0-preview-bdad7425c
@metamask-previews/perps-controller@6.1.0-preview-bdad7425c
@metamask-previews/phishing-controller@17.2.0-preview-bdad7425c
@metamask-previews/polling-controller@16.0.6-preview-bdad7425c
@metamask-previews/preferences-controller@23.1.0-preview-bdad7425c
@metamask-previews/profile-metrics-controller@3.1.4-preview-bdad7425c
@metamask-previews/profile-sync-controller@28.1.0-preview-bdad7425c
@metamask-previews/ramps-controller@13.3.1-preview-bdad7425c
@metamask-previews/rate-limit-controller@7.0.1-preview-bdad7425c
@metamask-previews/react-data-query@0.2.1-preview-bdad7425c
@metamask-previews/remote-feature-flag-controller@4.2.1-preview-bdad7425c
@metamask-previews/sample-controllers@5.0.1-preview-bdad7425c
@metamask-previews/seedless-onboarding-controller@9.1.0-preview-bdad7425c
@metamask-previews/selected-network-controller@26.1.3-preview-bdad7425c
@metamask-previews/shield-controller@5.1.2-preview-bdad7425c
@metamask-previews/signature-controller@39.2.2-preview-bdad7425c
@metamask-previews/snap-account-service@0.1.0-preview-bdad7425c
@metamask-previews/social-controllers@2.2.1-preview-bdad7425c
@metamask-previews/storage-service@1.0.1-preview-bdad7425c
@metamask-previews/subscription-controller@6.1.3-preview-bdad7425c
@metamask-previews/transaction-controller@65.4.0-preview-bdad7425c
@metamask-previews/transaction-pay-controller@22.5.0-preview-bdad7425c
@metamask-previews/user-operation-controller@41.2.2-preview-bdad7425c
@metamask-previews/wallet@0.0.0-preview-bdad7425c