Add Zod Validation for Authentication Utility Endpoints

[Harxhit]

Summary

Add request validation for authentication utility endpoints to ensure request payloads are validated before processing sensitive authentication operations.

Contexts

The authentication utility endpoints currently accept request payloads without Zod validation. Since these endpoints handle refresh tokens and mobile authentication exchanges, input validation should be enforced to improve security, consistency, and maintainability.

Tasks

• Create Zod schema for POST /auth/mobile/exchange
• Validate exchange code payload before processing
• Create Zod schema for POST /auth/refresh
• Validate refresh token payload when provided in request body
• Return standardized validation errors for invalid requests
• Add/update tests for validation failures and successful requests

Acceptance Criteria

• Invalid mobile exchange requests are rejected with validation errors
• Invalid refresh requests are rejected with validation errors
• POST /auth/mobile/exchange uses Zod validation
• POST /auth/refresh uses Zod validation
• Tests added for validation success and failure cases
• Documentation updated if necessary

Area

backend

Difficulty

Easy

[github-actions]

Hi @Harxhit,

Thanks for opening this issue.

Please reply with one of the following areas so the issue can be routed to the appropriate team member:

- /backend
- /web
- /mobile
- /devops

Once an area is selected, the corresponding label will be added automatically.

[Harxhit]

/backend

[github-actions]

The issue has been classified as backend.

@Harxhit, please review and triage this issue when available.

The backend label has been applied and the issue has been routed accordingly.

[udaycodespace]

Hi @Harxhit,

I'd like to work on this issue.

My plan is to first inspect the existing implementation and validation patterns around these endpoints, look for any edge cases that should be handled, and then add the required Zod schemas along with tests for both valid and invalid requests.

If that approach looks good, could you please assign it to me?

[Chaitanya-970]

Hey @Harxhit

I can handle this issue.

[Harxhit]

Assignments for these issues are being handled by @ShantKhatri

[Harxhit]

@Chaitanya-970 I have assigned this issue to you.

[udaycodespace]

@Chaitanya-970 I have assigned this issue to you.

No problem, thanks for the update.

Could I be considered for #543 instead if it's still available?

[Chaitanya-970]

Noted By when should I do it?

…

On Sun, 14 Jun 2026, 6:26 pm SOMAPURAM UDAY, ***@***.***> wrote: *udaycodespace* left a comment (Dev-Card/DevCard#540) <#540 (comment)> @Chaitanya-970 <https://github.com/Chaitanya-970> I have assigned this issue to you. Can you assign me the — Reply to this email directly, view it on GitHub <#540?email_source=notifications&email_token=ASZ5GST2UC4GUW5RYKA4I4D472OGHA5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTINZQGE4DCMBVHA32M4TFMFZW63VHNVSW45DJN5XKKZLWMVXHJLDGN5XXIZLSL5RWY2LDNM#issuecomment-4701810587>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ASZ5GSWGOBQ64XYAZLDTAEL472OGHAVCNFSNUABGKJSXA33TNF2G64TZHMYTCNZZHA3DMNRUGU5US43TOVSTWNBWGQZTKOBXHA2DTILWAI> . Triage notifications, keep track of coding agent tasks and review pull requests on the go with GitHub Mobile for iOS <https://github.com/notifications/mobile/ios/ASZ5GST34YOSDEHVJTE3NFL472OGHA5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTINZQGE4DCMBVHA32M4TFMFZW63VHNVSW45DJN5XKKZLWMVXHJKTGN5XXIZLSL5UW64Y> and Android <https://github.com/notifications/mobile/android/ASZ5GST7LX3ZGM3JFFMXFBD472OGHA5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTINZQGE4DCMBVHA32M4TFMFZW63VHNVSW45DJN5XKKZLWMVXHJLTGN5XXIZLSL5QW4ZDSN5UWI>. Download it today! You are receiving this because you were mentioned.Message ID: ***@***.***>

[Harxhit]

Noted

By when should I do it?
…

Do what?