Skip to content

[grid] Clarify auth challenge rate limit docs#427

Open
DhruvPareek wants to merge 1 commit intomainfrom
04-30-grid-auth-challenge-rate-limit-docs
Open

[grid] Clarify auth challenge rate limit docs#427
DhruvPareek wants to merge 1 commit intomainfrom
04-30-grid-auth-challenge-rate-limit-docs

Conversation

@DhruvPareek
Copy link
Copy Markdown
Contributor

@DhruvPareek DhruvPareek commented Apr 30, 2026
edited
Loading

Reason

The Grid implementation now rate-limits auth credential challenge reissues for both PASSKEY and EMAIL_OTP credentials. The OpenAPI source still described the 429 RATE_LIMITED response as tied specifically to the OTP rate limit, which makes the generated SDK/docs contract narrower than the implemented behavior.

Overview

  • Update the source OpenAPI 429 description for POST /auth/credentials/{id}/challenge from OTP-only to credential challenge rate limiting.
  • Regenerate the bundled openapi.yaml and mintlify/openapi.yaml outputs from the source spec.
  • Keep this docs/source change aligned with the webdev implementation PR: https://github.com/lightsparkdev/webdev/pull/26929

Test Plan

  • make build
  • make lint

@DhruvPareek
[grid] Clarify auth challenge rate limit docs
6ba6816 
Summary:
- update the source OpenAPI 429 description for auth credential challenges from OTP-only to credential challenge rate limiting
- regenerate bundled openapi.yaml and mintlify/openapi.yaml

Test Plan:
- make build
- make lint
@vercel
Copy link
Copy Markdown

vercel Bot commented Apr 30, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
grid-flow-builder Ready Ready Preview, Comment Apr 30, 2026 9:43pm

Request Review

@DhruvPareek Graphite App
Copy link
Copy Markdown
Contributor Author

DhruvPareek commented Apr 30, 2026
edited
Loading

This stack of pull requests is managed by Graphite. Learn more about stacking.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 30, 2026
edited
Loading

✱ Stainless preview builds

This PR will update the grid SDKs with the following commit messages.

kotlin

chore(internal): regenerate SDK with no functional changes

openapi

docs(api): clarify rate limit description in challenge re-issue endpoint

python

chore(internal): regenerate SDK with no functional changes

typescript

chore(internal): regenerate SDK with no functional changes

Edit this comment to update them. They will appear in their respective SDK's changelogs.

grid-openapi studio · code · diff

Your SDK build had at least one "warning" diagnostic, but this did not represent a regression.
generate ⚠️

grid-kotlin studio · code · diff

Your SDK build had at least one "warning" diagnostic, but this did not represent a regression.
generate ⚠️build ⏭️ (prev: build ✅) → lint ⏭️ (prev: lint ✅) → test ✅

grid-typescript studio · code · diff

Your SDK build had at least one "warning" diagnostic, but this did not represent a regression.
generate ⚠️build ⏭️ (prev: build ✅) → lint ⏭️ (prev: lint ❗) → test ✅

grid-python studio · code · diff

Your SDK build had at least one "warning" diagnostic, but this did not represent a regression.
generate ⚠️build ⏭️ (prev: build ✅) → lint ⏭️ (prev: lint ✅) → test ✅

This comment is auto-generated by GitHub Actions and is automatically kept up to date as you push.
If you push custom code to the preview branch, re-run this workflow to update the comment.
Last updated: 2026-04-30 21:47:32 UTC

@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps Bot commented Apr 30, 2026
edited
Loading

Greptile Summary

This PR updates the POST /auth/credentials/{id}/challenge OpenAPI 429 response description to reflect that rate limiting applies to all credential types (PASSKEY and EMAIL_OTP), not just OTP. The source spec in openapi/ is correctly edited, and both bundled outputs (openapi.yaml, mintlify/openapi.yaml) are consistently regenerated via make build.

Confidence Score: 5/5

Safe to merge — purely a documentation clarification with no logic or behavior changes.

Single-line wording fix across source spec and its two generated bundles; all three files are consistent, the edit follows repo conventions (source-only edit in openapi/), and the new description accurately reflects the implemented behavior.

No files require special attention.

Important Files Changed
Filename Overview
openapi/paths/auth/auth_credentials_{id}_challenge.yaml Source spec updated: 429 description broadened from "OTP rate limit" to "credential challenge rate limit" to cover both PASSKEY and EMAIL_OTP credential types.
openapi.yaml Bundled output regenerated from source spec; 429 description updated consistently with the source change.
mintlify/openapi.yaml Mintlify bundled output regenerated from source spec; 429 description updated consistently with the source change.

Sequence Diagram

 
sequenceDiagram
    participant Client
    participant GridAPI as POST /auth/credentials/{id}/challenge

    Client->>GridAPI: Request new challenge (PASSKEY or EMAIL_OTP)
    alt Within rate limit
        GridAPI-->>Client: 200 OK (new challenge issued)
    else Exceeds credential challenge rate limit
        GridAPI-->>Client: 429 RATE_LIMITED + Retry-After header
        Note over Client: Back off and retry after Retry-After interval
    end
Loading

Reviews (2): Last reviewed commit: "[grid] Clarify auth challenge rate limit..." | Re-trigger Greptile

@DhruvPareek DhruvPareek marked this pull request as draft April 30, 2026 21:48
@DhruvPareek DhruvPareek marked this pull request as ready for review April 30, 2026 21:59
@DhruvPareek DhruvPareek mentioned this pull request Apr 30, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@DhruvPareek