Summary#
- Implements
POST /v1/accounts/mobile— the combined mobile account creation endpoint for the iOS identity wallet onboarding flow - Atomically redeems a claim code, creates a pending account, registers the device, and issues a pending session token in a single SQLite transaction
- Adds
V007__pending_sessions.sqlmigration for apending_sessionstable that holds pre-DID session tokens (mirrors thepending_accountspattern) - Adds
ClaimCodeRedeemederror code (409) to distinguish already-redeemed codes from invalid/expired ones (404), per spec AC - Promotes
validate_handleandis_valid_platformtopub(crate)for reuse across handlers
Acceptance criteria#
- Single POST completes account + device + session setup → 201
- Invalid/expired claim code → 404 (
NOT_FOUND) - Already-redeemed claim code → 409 (
CLAIM_CODE_REDEEMED) - Transaction atomicity verified — duplicate email/handle in pending_accounts INSERT rolls back claim code redemption, leaving no orphans
Test plan#
- Run
cargo test— all 161 tests pass, including 15 new tests increate_mobile_account - Run
cargo clippy --workspace -- -D warnings— clean - In Bruno: open
Create Mobile Account.bru, set a validclaimCodefromPOST /v1/accounts/claim-codes, verify 201 response with all five fields - Reuse same claim code — verify 409
CLAIM_CODE_REDEEMED - Use a nonexistent claim code — verify 404
NOT_FOUND