Move CICO provider url composition server-side

[tarikbellamine]

Description

Moving all provider API keys server-side for better security and ease of future key rotation.

Other changes

• Formatting asset codes on ProviderOptionsScreen to dry up code
• Added Ramp API key to enable debit card purchases

Tested

Manually

Related issues

• Fixes Enable card payments on Ramp #68
• Fixes Move CICO provider keys server-side #71

Backwards compatibility

Yes

[jeanregisser]

Thanks! Great changes overall.
However biggest security concern is about returning some private keys to the client.

[gnardini]

Looks great, the code on valora-auth is very tidy :)

[gnardini]

Not really necessary but we could have a bash function that receives the env variable name as parameter and runs grep $1 .env | cut -d '=' -f 2- and call it in all these lines to make them slightly more readable.

Addressed

[jeanregisser]

Cool! Couple of additional comments.

Also wondering if we should find a different name for valora-auth that doesn't contain valora.
i.e. to be more in line with the other services names we have and given we've put all Valora branding into a private repo.

[tarikbellamine]

Also wondering if we should find a different name for valora-auth that doesn't contain valora.
i.e. to be more in line with the other services names we have and given we've put all Valora branding into a private repo.

@jeanregisser I've renamed it to provider-url-service. I'm flexible on naming though so lmk if you have a suggestion you like more.

[jeanregisser]

Thanks! 👍
Left some optional comments, but since this is working and looks good relative to security, I'm approving 😄

[jeanregisser]

nit: there's a way to import dotenv variables in a single command and also slightly more robustly (handles no quotes, single and double quotes) that we're using in our run_app.sh script https://github.com/celo-org/wallet/blob/4e6cc3a42d654fa072eccb79e6b836a44b123f7d/packages/mobile/scripts/run_app.sh#L42-L44

[tarikbellamine]

Leaving this somewhat manual for now because I couldn't figure out how to properly nest provider specific variables (e.g., do moonpay.public_key instead of moonpay_public_key) and didn't want to crowd the env namesapce

[ValoraQA]

Hi @tarikbellamine can you give more information to test this task. Thanks!

[tarikbellamine]

Hi @Celoqa! The way to test this is to see if the WebView or InAppBrowser loads correctly for each cash-in option. For example, if you select "MoonPay", then it should load the MoonPay url in app.

If there is a failure, you will see that there is a loading indicator going on forever when you select an option.

[ValoraQA]

Hi @tarikbellamine Thank you so much for giving more information about this task.
Here we have verified this task using latest Android Internal Build V1.12.0(1004294340) & Test flight build V1.12.0(49) and observe the followings.

Selecting MoonPay:

• iOS: 1) Loading indicator is shown for 2seconds & "celo wants to use moonpay.io to signin popup is shown after 2 seconds.
  2) User should redirected to Buy.moonpay.io inAppBrowser by tapping on continue button.
• Android: 1) Loading indicator is shown for 2seconds & User should redirected to Buy.moonpay.io inAppBrowser after 2 seconds.

Selecting Simplex:

• iOS: User should redirect to Valoraapp.com Webview by tapping on Simplex after 4 seconds
• Android: User should redirect to Valoraapp.com Webview by tapping on Simplex after 4 seconds

Selecting Ramp:

• iOS: 1) Loading indicator is shown for 2seconds & "celo wants to use ramp.network to signin popup is shown after 2 seconds.
  2) User should redirected to Buy.ramp.network inAppBrowser by tapping on continue button.

Selecting Transak:

• iOS: Loading indicator is shown for 4 seconds & user redirected to global.transak.com after 4 seconds
• Android: Loading indicator is shown for 4 seconds & user redirected to global.transak.com after 4 seconds

Can you please let us know if we need to test anything else in this task.

[tarikbellamine]

That's all. Thanks!