refactor!: collapse create_session proof type into session x create#866
Open
kilianglas wants to merge 16 commits into
Open
refactor!: collapse create_session proof type into session x create#866kilianglas wants to merge 16 commits into
kilianglas wants to merge 16 commits into
Conversation
kilianglas
requested review from
a team,
0xThemis,
dkales,
fabian1409 and
philsippl
as code owners
July 14, 2026 12:03
3 tasks
Replace the dedicated create-session proof type with a three-state session reference so request semantics are explicit on the wire. Co-authored-by: Cursor <cursoragent@cursor.com>
Carry the RP-signed uniqueness action separately from the session OPRF seed so nodes can safely authorize atomic session creation. Co-authored-by: Cursor <cursoragent@cursor.com>
Accept create and existing session references on uniqueness requests, mint sessions through the authenticator, and validate the corresponding response semantics. Co-authored-by: Cursor <cursoragent@cursor.com>
Exercise the signed-action create flow end to end and generate verifier fixtures from a session minted by the uniqueness request. Co-authored-by: Cursor <cursoragent@cursor.com>
Document create, existing, and unbound uniqueness modes together with the signed-action OPRF flow and deployment order. Co-authored-by: Cursor <cursoragent@cursor.com>
kilianglas
force-pushed
the
kilianglas/collapse-create-session
branch
from
July 14, 2026 13:25
5fee2df to
f651855
Compare
0xThemis
approved these changes
Jul 17, 2026
dkales
approved these changes
Jul 17, 2026
Comment on lines
+339
to
+341
| fn visit_unit<E: serde::de::Error>(self) -> Result<Self::Value, E> { | ||
| Ok(SessionRef::None) | ||
| } |
Collaborator
There was a problem hiding this comment.
Is visit unit needed? The serializer does not actually use it?
Comment on lines
+225
to
+226
| SessionRef::None => { | ||
| unreachable!("SessionRef::None should be handled by the guard above") |
Collaborator
There was a problem hiding this comment.
why not move the above if block in here then?
| /// required (see [`Self::binds_session`]). | ||
| /// The proof will only be valid if the session ID is meant for this context and | ||
| /// this particular World ID holder. | ||
| pub session_id: Option<SessionId>, |
Collaborator
There was a problem hiding this comment.
An old request might actually parse as a SessionRef::Existing here, depending on how the autogenerated serde derive handles the option here. I guess this is fine though and maybe even wanted?
| /// If omitted, the request is strictly treated as a [`ProofType::Uniqueness`] request. | ||
| /// Session creation and session proving must opt in explicitly. | ||
| #[serde(default)] | ||
| pub proof_type: ProofType, |
Collaborator
There was a problem hiding this comment.
Old create_session requests will now fail for sure though.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Removes
ProofType::CreateSessionand redesigns the request model:proof_typeshrinks to{uniqueness, session}andsession_idbecomes a three-state field. Creating a session was always create-and-prove (a session proof in the same response), so it collapses intoproof_type: "session"+session_id: "create"with no capability change. Hence, there are only two proof types now, Uniqueness Proofs and Session Proofs. Both can create a session, or be bound to an existing session. Therefore, sessions can either be bound to a nullifier, or can be started without any binding. Note, that Uniquess Proofs can still be requested without creating or binding a session.Stacked on #862.
Request model
New
SessionReftype carried byProofRequest.session_id:nullSessionRef::None"create"SessionRef::Create— mint a fresh session, prove it in the same response"session_<hex>"SessionRef::Existing(SessionId)Note: The
SessionRefis not in the signed part of the request.Validation matrix (
validate_proof_type):null"create""session_<hex>"uniquenesssessioncreate_session)actionremains forbidden forproof_type: "session"(both sub-states).Different combinations have different use cases:
uniqueness,null: Standalone uniqueness proof that does not require session.uniqueness,"create": Uniqueness proof that requires bound session for later session proof.uniqueness,"session_<hex>": Uniqueness proof that is bound to existing session. The need for this mode is less obvious. But seems to be useful once OPRF key rotation is implemented.session,"create": Create new standalone session to prove human continuity without uniqueness guarantees. Used e.g., in the upcoming DeepFace proof type.session,"session_<hex>": Session proof for existing session. This is used for anysession_id, uniqueness bound or not.Changes to OPRF nodes
To make this work, the auth module of the ORPF nodes had to be slightly changed. OPRF queries with prefix
0x01(used to obtain the session seed), can now originate from Uniqueness Proof RP requests. Those have anactionfield iin the signed data. Hence, in order to verify the RP Request signature, the OPRF request needs to carry thisaction, which differs fromaction = oprf_seedwhich is used for the query. We introduce a new field calledrp_signature_verificationonNullifierOprfRequestAuthV1struct.WIP-101 RPs
Important: Combined uniqueness + create session requests are not yet supported. This will be implemented in a follow-up PR.