feat(linked-accounts): surface unverifiable claims behind opt-in toggle#413
Open
jalcine wants to merge 3 commits into
Open
feat(linked-accounts): surface unverifiable claims behind opt-in toggle#413jalcine wants to merge 3 commits into
jalcine wants to merge 3 commits into
Conversation
When a kind:10011 external identity claim cannot be auto-verified by the verification service (e.g. for Bluesky accounts on a non-canonical PDS-viewer, or when the service returns a 'manual' result), the LinkedAccounts component currently hides the badge entirely. This makes legitimately-linked accounts invisible on profiles. Add a user-controlled 'Show unverified' toggle that reveals these claims behind a Question icon and a 'Verify manually' link in the popover. The verified path is unchanged. Toggle state persists in localStorage. Also cache 'manual' verification results so the badge appears immediately on subsequent page loads instead of flickering through a loading state. Stops discarding the 'manual' cache entry that was previously used as initialData in IdentityBadge. Closes #412. Refs divinevideo/divine-identify-verification-service#12 (blocker: the underlying verification service still hardcodes bsky.social and fails to auto-verify these claims; the upstream PR switches the service to public.api.bsky.app).
🚀 Preview Deployment
|
Deploying divine-web with
|
| Latest commit: |
224f693
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://3228f027.divine-web.pages.dev |
| Branch Preview URL: | https://feat-linked-accounts-show-un.divine-web.pages.dev |
…1 read path Add LinkedAccountsDebug component that renders below LinkedAccounts and the settings page identity list. Gated on the ?debug query param so it ships invisibly to real users. Surfaces the raw useExternalIdentities query state (status, fetchStatus, error, identities, queryKey) to diagnose why unverified kind:10011 claims render nothing on the profile page. This is a temporary diagnostic. Remove before merging #413 once the issue is diagnosed and fixed.
The diagnostic render (gated on ?debug=linked-accounts) served its purpose: confirmed useExternalIdentities is stuck in 'fetching' state when wss://relay.ditto.pub/ is unreachable from the browser. The query never resolves because NPool waits for all configured relays to respond. The relay routing bug is tracked separately in #415. The verifyer-service 401 is tracked in the comment on divinevideo/divine-identify-verification-service#12. Keep the 'Show unverified' toggle and the manual cache write from #413 intact; the toggle remains useful as defense-in-depth once #415 and #12 (or its successor) are resolved. Closes #412.
rabble
requested changes
Jun 25, 2026
rabble
left a comment
rabble
left a comment
Member
There was a problem hiding this comment.
Requesting changes for missing visual evidence. This PR adds visible profile UI: the opt-in toggle at src/components/LinkedAccounts.tsx:276-288, the unverified badge variant at src/components/LinkedAccounts.tsx:126-134, and new popover states at src/components/LinkedAccounts.tsx:159-189. The PR body still leaves UI screenshots/video unchecked and manual visual verification unchecked. Repo rules require visual evidence for UI changes, so please attach toggle-off, toggle-on, and popover screenshots/video before merge.
I did not find a code-blocking issue in the linked-account logic. Minor follow-up: non-English locale files currently get English strings, e.g. src/lib/i18n/locales/de/common.json:675-681.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
LinkedAccountsthat reveals NIP-39 external identity claims the verification service cannot auto-verify, behind a Question icon and a "Verify manually" link in the popover.error: 'manual'results so badges appear immediately on subsequent page loads instead of flickering through a loading state.manualcache entry inIdentityBadgeso the cached result is now used asinitialData.Motivation
When a kind:10011 external identity claim cannot be auto-verified by the verification service — for example, a Bluesky account linked via a proof post on a non-canonical PDS-viewer, or any other platform where the service returns
error: 'manual'— the linked-account badge is currently hidden entirely from the profile.This means legitimately-linked accounts are invisible: the kind:10011 event is published (the user gets a "Linked" toast), but the badge never appears on the profile.
This PR adds a small opt-in toggle so users can reveal these claims explicitly. The verified path is unaffected, and the toggle state persists in localStorage.
Related Issue
bsky.socialand fails to auto-verify these claims; the upstream PR switches the service topublic.api.bsky.app). This PR is the client-side defense-in-depth for that gap and remains useful even after the blocker merges.Testing
npm run test(type-check, lint, 1126 unit tests, build) passes locally onfeat/linked-accounts-show-unverifiednpx vitest run src/components/LinkedAccounts.test.tsxpasses (7 tests, all new behavior covered)npx vitest run src/hooks/useExternalIdentities.test.tspasses (49 tests, cache change is non-breaking)npx vitest run src/lib/i18n/locales.test.tspasses (locale parity maintained across 16 locales)?badgeVisuals
Diff summary
src/components/LinkedAccounts.tsx— three-tier render (verified / manual / error),Show unverifiedtoggle button,buildManualVerifyUrlhelpersrc/components/LinkedAccounts.test.tsx— 6 new tests covering the new behavior + 1 updated existing testsrc/hooks/useExternalIdentities.ts— cacheerror: 'manual'results so the toggle UX is stable across page loadssrc/lib/i18n/locales/{ar,de,en,es,fil,fr,id,it,ja,ko,nl,pl,pt,ro,sv,tr}/common.json— 7 new keys + 1 updated key (English source; other locales inherit English until translated)Blocked by
This PR is blocked by divinevideo/divine-identify-verification-service#12 (the service-side fix that switches the verification AppView to
public.api.bsky.app). Merging this client PR first is fine — the toggle is defense-in-depth and remains useful after the blocker merges.