MetaMask · Mrtenz · Apr 2, 2026 · Apr 2, 2026 · Apr 2, 2026
@@ -36,6 +36,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - **BREAKING:** Upgrade TypeScript from `~4.8.4` to `~5.3.3` ([#574](https://github.com/MetaMask/smart-transactions-controller/pull/574))
   - Consumers on TypeScript 4.x may experience type errors and should upgrade to TypeScript 5.x.
+- **BREAKING:** Replace `getBearerToken` constructor parameter with direct `AuthenticationController:getBearerToken` call ([#578](https://github.com/MetaMask/smart-transactions-controller/pull/578))
+  - Consumers must add `AuthenticationController:getBearerToken` to the allowed actions in the controller messenger, and remove any usage of the `getBearerToken` constructor parameter.
 
 ## [23.0.0]
 

@@ -50,9 +50,10 @@
     "@metamask/controller-utils": "^11.0.0",
     "@metamask/eth-json-rpc-provider": "^4.1.6",
     "@metamask/eth-query": "^4.0.0",
-    "@metamask/messenger": "^0.3.0",
+    "@metamask/messenger": "^1.1.0",
     "@metamask/network-controller": "^30.0.0",
     "@metamask/polling-controller": "^16.0.0",
+    "@metamask/profile-sync-controller": "^28.0.2",
     "@metamask/remote-feature-flag-controller": "^4.1.0",
     "@metamask/superstruct": "^3.1.0",
     "@metamask/transaction-controller": "^63.0.0",
@@ -130,7 +131,9 @@
       "@metamask/controller-utils>babel-runtime>core-js": false,
       "@metamask/transaction-controller>@metamask/core-backend>@metamask/keyring-controller>ethereumjs-wallet>ethereum-cryptography>keccak": false,
       "@metamask/transaction-controller>@metamask/core-backend>@metamask/keyring-controller>ethereumjs-wallet>ethereum-cryptography>secp256k1": false,
-      "tsx>esbuild": false
+      "tsx>esbuild": false,
+      "@metamask/profile-sync-controller>@metamask/keyring-controller>ethereumjs-wallet>ethereum-cryptography>keccak": false,
+      "@metamask/profile-sync-controller>@metamask/keyring-controller>ethereumjs-wallet>ethereum-cryptography>secp256k1": false
     }
   }
 }
@@ -865,10 +865,10 @@ describe('SmartTransactionsController', () => {
 
   describe('onNetworkChange', () => {
     it('calls poll', async () => {
-      await withController(({ controller, triggerNetworStateChange }) => {
+      await withController(({ controller, triggerNetworkStateChange }) => {
         const checkPollSpy = jest.spyOn(controller, 'checkPoll');
 
-        triggerNetworStateChange({
+        triggerNetworkStateChange({
           selectedNetworkClientId: NetworkType.sepolia,
           networkConfigurationsByChainId: {},
           networksMetadata: {},
@@ -930,15 +930,15 @@ describe('SmartTransactionsController', () => {
             supportedChainIds: [ChainId.mainnet],
           },
         },
-        ({ controller, triggerNetworStateChange }) => {
+        ({ controller, triggerNetworkStateChange }) => {
           const updateSmartTransactionsSpy = jest.spyOn(
             controller,
             'updateSmartTransactions',
           );
 
           expect(updateSmartTransactionsSpy).not.toHaveBeenCalled();
 
-          triggerNetworStateChange({
+          triggerNetworkStateChange({
             selectedNetworkClientId: NetworkType.sepolia,
             networkConfigurationsByChainId: {},
             networksMetadata: {},
@@ -2179,9 +2179,7 @@ describe('SmartTransactionsController', () => {
       const bearerToken = 'test-bearer-token-123';
       await withController(
         {
-          options: {
-            getBearerToken: async () => Promise.resolve(bearerToken),
-          },
+          bearerToken,
         },
         async ({ controller }) => {
           const apiCall = nock(API_BASE_URL)
@@ -2200,9 +2198,7 @@ describe('SmartTransactionsController', () => {
       const bearerToken = 'test-bearer-token-456';
       await withController(
         {
-          options: {
-            getBearerToken: async () => Promise.resolve(bearerToken),
-          },
+          bearerToken,
         },
         async ({ controller }) => {
           const apiCall = nock(SENTINEL_API_BASE_URL_MAP[ethereumChainIdDec])
@@ -3191,10 +3187,10 @@ describe('SmartTransactionsController', () => {
 
 type WithControllerCallback<ReturnValue> = ({
   controller,
-  triggerNetworStateChange,
+  triggerNetworkStateChange,
 }: {
   controller: SmartTransactionsController;
-  triggerNetworStateChange: (state: NetworkState) => void;
+  triggerNetworkStateChange: (state: NetworkState) => void;
 }) => Promise<ReturnValue> | ReturnValue;
 
 type WithControllerOptions = {
@@ -3207,6 +3203,7 @@ type WithControllerOptions = {
   remoteFeatureFlags?: {
     smartTransactionsNetworks?: Record<string, unknown>;
   };
+  bearerToken?: string;
 };
 
 type WithControllerArgs<ReturnValue> =
@@ -3235,6 +3232,7 @@ async function withController<ReturnValue>(
     getTransactions = jest.fn(),
     updateTransaction = jest.fn(),
     remoteFeatureFlags = {},
+    bearerToken,
   } = rest;
 
   const rootMessenger: RootMessenger = new Messenger({
@@ -3321,6 +3319,11 @@ async function withController<ReturnValue>(
     }),
   );
 
+  rootMessenger.registerActionHandler(
+    'AuthenticationController:getBearerToken',
+    jest.fn().mockResolvedValue(bearerToken),
+  );
+
   const messenger = new Messenger<
     'SmartTransactionsController',
     AllActions,
@@ -3333,6 +3336,7 @@ async function withController<ReturnValue>(
   rootMessenger.delegate({
     messenger,
     actions: [
+      'AuthenticationController:getBearerToken',
       'NetworkController:getNetworkClientById',
       'NetworkController:getState',
       'RemoteFeatureFlagController:getState',
@@ -3360,11 +3364,11 @@ async function withController<ReturnValue>(
     ...options,
   });
 
-  function triggerNetworStateChange(state: NetworkState) {
+  function triggerNetworkStateChange(state: NetworkState) {
     rootMessenger.publish('NetworkController:stateChange', state, []);
   }
 
-  triggerNetworStateChange({
+  triggerNetworkStateChange({
     selectedNetworkClientId: NetworkType.mainnet,
     networkConfigurationsByChainId: {
       [ChainId.mainnet]: {
@@ -3395,7 +3399,7 @@ async function withController<ReturnValue>(
   try {
     return await fn({
       controller,
-      triggerNetworStateChange,
+      triggerNetworkStateChange,
     });
   } finally {
     // eslint-disable-next-line @typescript-eslint/no-floating-promises

@@ -20,6 +20,7 @@
   NetworkControllerStateChangeEvent,
 } from '@metamask/network-controller';
 import { StaticIntervalPollingController } from '@metamask/polling-controller';
+import type { AuthenticationControllerGetBearerTokenAction } from '@metamask/profile-sync-controller/auth';
 import type {
   RemoteFeatureFlagControllerGetStateAction,
   RemoteFeatureFlagControllerStateChangeEvent,
@@ -187,6 +188,7 @@
   | SmartTransactionsControllerMethodActions;
 
 type AllowedActions =
+  | AuthenticationControllerGetBearerTokenAction
   | NetworkControllerGetNetworkClientByIdAction
   | NetworkControllerGetStateAction
   | RemoteFeatureFlagControllerGetStateAction
@@ -256,14 +258,6 @@
    * removed in a future version.
    */
   getFeatureFlags?: () => FeatureFlags;
-  /**
-   * Optional callback to obtain a bearer token for authenticating requests to
-   * the Transaction API. When provided, the token is sent in the
-   * Authorization header for all Transaction API calls. Can be used with
-   * the authentication flow from @metamask/core-backend (e.g. from
-   * AuthenticationController.getBearerToken).
-   */
-  getBearerToken?: () => Promise<string | undefined> | string | undefined;
   trace?: TraceCallback;
 };
 
@@ -292,11 +286,6 @@
 
   readonly #getMetaMetricsProps: () => Promise<MetaMetricsProps>;
 
-  readonly #getBearerToken?: () =>
-    | Promise<string | undefined>
-    | string
-    | undefined;
-
   #trace: TraceCallback;
 
   /**
@@ -340,8 +329,12 @@
       Object.values(SENTINEL_API_BASE_URL_MAP).some((baseUrl) =>
         request.startsWith(baseUrl),
       );
-    if (this.#getBearerToken && urlMatches) {
-      const token = await Promise.resolve(this.#getBearerToken());
+
+    if (urlMatches) {
+      const token = await this.messenger.call(
+        'AuthenticationController:getBearerToken',
+      );
+
       if (token) {
         headers.Authorization = `Bearer ${token}`;
       }
@@ -367,7 +360,6 @@
     state = {},
     messenger,
     getMetaMetricsProps,
-    getBearerToken,
     trace,
   }: SmartTransactionsControllerOptions) {
     super({
@@ -388,7 +380,6 @@
     this.#ethQuery = undefined;
     this.#trackMetaMetricsEvent = trackMetaMetricsEvent;
     this.#getMetaMetricsProps = getMetaMetricsProps;
-    this.#getBearerToken = getBearerToken;
     this.#trace = trace ?? (((_request, fn) => fn?.()) as TraceCallback);
 
     this.initializeSmartTransactionsForChainId();
@@ -452,9 +443,9 @@
      isSmartTransactionPending,
    );
    if (!this.timeoutHandle && pendingTransactions?.length > 0) {
      this.poll();
    } else if (this.timeoutHandle && pendingTransactions?.length === 0) {
      this.stop();
    }
  }

@@ -479,7 +470,7 @@
    }

    this.timeoutHandle = setInterval(() => {
      safelyExecute(async () => this.updateSmartTransactions());
    }, this.#interval);
    await safelyExecute(async () => this.updateSmartTransactions());
  }
@@ -546,7 +537,7 @@
      ethQuery = new EthQuery(provider);
    }

    this.#createOrUpdateSmartTransaction(smartTransaction, {
      chainId,
      ethQuery,
    });