refactor: remove `auth` feature flag from codebase (#1599)

* refactor: remove `auth` feature flag from codebase

The `auth` feature was gating authentication code (NUT-21/NUT-22) behind a
compile-time flag across the entire workspace. This removes the feature
entirely, making auth code always compiled. This simplifies the build matrix
and eliminates ~400 lines of dual code paths (`#[cfg(feature = "auth")]` /
`#[cfg(not(feature = "auth"))]`).

Changes across 43 files in 13 crates:
- Remove `auth` feature definitions from all Cargo.toml files
- Make `strum`, `strum_macros`, `regex` (cashu) and `jsonwebtoken` (cdk)
  unconditional dependencies
- Remove all `#[cfg(feature = "auth")]` gates from source files
- Merge dual code paths, keeping auth versions and deleting non-auth fallbacks
- Simplify combined cfgs (e.g. `#[cfg(all(feature = "auth", feature =
  "postgres"))]` → `#[cfg(feature = "postgres")]`)
- Remove auth-specific CI checks from flake.nix

* Use currency unit to determine keyset fetch client in metadata cache

Select the appropriate client based on `CurrencyUnit::Auth` rather than falling
through client availability. Auth keysets are now explicitly fetched via the
blind auth client, and all other keysets via the regular client, preventing
incorrect client selection.

The previous logic tried the regular client first and fell back to the auth
client, which could use the wrong client for a given keyset. The fix makes the
decision based on keyset_info.unit, which is the correct discriminant.

crates/cashu/Cargo.toml

@@ -11,11 +11,10 @@ license.workspace = true
 readme = "README.md"
 
 [features]
-default = ["mint", "wallet", "auth"]
+default = ["mint", "wallet"]
 swagger = ["dep:utoipa"]
 mint = []
 wallet = []
-auth = ["dep:strum", "dep:strum_macros", "dep:regex"]
 nostr = ["dep:nostr-sdk"]
 bench = []
 
@@ -34,9 +33,9 @@ url.workspace = true
 utoipa = { workspace = true, optional = true }
 serde_json.workspace = true
 serde_with.workspace = true
-regex = { workspace = true, optional = true }
-strum = { workspace = true, optional = true }
-strum_macros = { workspace = true, optional = true }
+regex.workspace = true
+strum.workspace = true
+strum_macros.workspace = true
 nostr-sdk = { workspace = true, optional = true }
 zeroize = "1"
 web-time.workspace = true

crates/cashu/src/nuts/mod.rs

@@ -29,10 +29,8 @@ pub mod nut26;
 #[cfg(all(feature = "wallet", feature = "nostr"))]
 pub mod nut27;
 
-#[cfg(feature = "auth")]
 mod auth;
 
-#[cfg(feature = "auth")]
 pub use auth::{
     nut21, nut22, AuthProof, AuthRequired, AuthToken, BlindAuthSettings, BlindAuthToken,
     ClearAuthSettings, Method, MintAuthRequest, ProtectedEndpoint, RoutePath,

crates/cashu/src/nuts/nut06.rs

@@ -2,18 +2,17 @@
 //!
 //! <https://github.com/cashubtc/nuts/blob/main/06.md>
 
-#[cfg(feature = "auth")]
-use std::collections::HashMap;
-use std::collections::HashSet;
+use std::collections::{HashMap, HashSet};
 
 use serde::{Deserialize, Deserializer, Serialize, Serializer};
 
 use super::nut01::PublicKey;
 use super::nut17::SupportedMethods;
 use super::nut19::CachedEndpoint;
-use super::{nut04, nut05, nut15, nut19, MppMethodSettings};
-#[cfg(feature = "auth")]
-use super::{AuthRequired, BlindAuthSettings, ClearAuthSettings, ProtectedEndpoint};
+use super::{
+    nut04, nut05, nut15, nut19, AuthRequired, BlindAuthSettings, ClearAuthSettings,
+    MppMethodSettings, ProtectedEndpoint,
+};
 use crate::CurrencyUnit;
 
 /// Mint Version
@@ -220,7 +219,6 @@ impl MintInfo {
     }
 
     /// Get protected endpoints
-    #[cfg(feature = "auth")]
     pub fn protected_endpoints(&self) -> HashMap<ProtectedEndpoint, AuthRequired> {
         let mut protected_endpoints = HashMap::new();
 
@@ -239,7 +237,6 @@ impl MintInfo {
     }
 
     /// Get Openid discovery of the mint if it is set
-    #[cfg(feature = "auth")]
     pub fn openid_discovery(&self) -> Option<String> {
         self.nuts
             .nut21
@@ -248,13 +245,11 @@ impl MintInfo {
     }
 
     /// Get Openid discovery of the mint if it is set
-    #[cfg(feature = "auth")]
     pub fn client_id(&self) -> Option<String> {
         self.nuts.nut21.as_ref().map(|s| s.client_id.clone())
     }
 
     /// Max bat mint
-    #[cfg(feature = "auth")]
     pub fn bat_max_mint(&self) -> Option<u64> {
         self.nuts.nut22.as_ref().map(|s| s.bat_max_mint)
     }
@@ -330,12 +325,10 @@ pub struct Nuts {
     /// NUT21 Settings
     #[serde(rename = "21")]
     #[serde(skip_serializing_if = "Option::is_none")]
-    #[cfg(feature = "auth")]
     pub nut21: Option<ClearAuthSettings>,
     /// NUT22 Settings
     #[serde(rename = "22")]
     #[serde(skip_serializing_if = "Option::is_none")]
-    #[cfg(feature = "auth")]
     pub nut22: Option<BlindAuthSettings>,
 }
 

crates/cdk-axum/Cargo.toml

@@ -11,10 +11,8 @@ readme = "README.md"
 
 
 [features]
-default = ["auth"]
 redis = ["dep:redis"]
 swagger = ["cdk/swagger", "dep:utoipa"]
-auth = ["cdk/auth"]
 prometheus = ["dep:cdk-prometheus"]
 [dependencies]
 anyhow.workspace = true

crates/cdk-axum/src/auth.rs

@@ -13,7 +13,6 @@ use cdk::nuts::{
 };
 use serde::{Deserialize, Serialize};
 
-#[cfg(feature = "auth")]
 use crate::{get_keyset_pubkeys, into_response, MintState};
 
 const CLEAR_AUTH_KEY: &str = "Clear-auth";
@@ -99,7 +98,6 @@ where
 /// Get all active keyset IDs of the mint
 ///
 /// This endpoint returns a list of keysets that the mint currently supports and will accept tokens from.
-#[cfg(feature = "auth")]
 pub async fn get_auth_keysets(
     State(state): State<MintState>,
 ) -> Result<Json<KeysetResponse>, Response> {

crates/cdk-axum/src/custom_handlers.rs

@@ -12,7 +12,6 @@ use axum::http::request::Parts;
 use axum::http::StatusCode;
 use axum::response::{IntoResponse, Response};
 use cdk::mint::QuoteId;
-#[cfg(feature = "auth")]
 use cdk::nuts::nut21::{Method, ProtectedEndpoint, RoutePath};
 use cdk::nuts::{
     MeltQuoteBolt11Request, MeltQuoteBolt11Response, MeltQuoteBolt12Request,
@@ -23,7 +22,6 @@ use cdk::nuts::{
 use serde_json::Value;
 use tracing::instrument;
 
-#[cfg(feature = "auth")]
 use crate::auth::AuthHeader;
 use crate::router_handlers::into_response;
 use crate::MintState;
@@ -77,22 +75,19 @@ where
 /// For other methods, it passes the request data directly to the payment processor.
 #[instrument(skip_all, fields(method = ?method))]
 pub async fn post_mint_custom_quote(
-    #[cfg(feature = "auth")] auth: AuthHeader,
+    auth: AuthHeader,
     State(state): State<MintState>,
     Path(method): Path<String>,
     Json(payload): Json<Value>,
 ) -> Result<Response, Response> {
-    #[cfg(feature = "auth")]
-    {
-        state
-            .mint
-            .verify_auth(
-                auth.into(),
-                &ProtectedEndpoint::new(Method::Post, RoutePath::MintQuote(method.clone())),
-            )
-            .await
-            .map_err(into_response)?;
-    }
+    state
+        .mint
+        .verify_auth(
+            auth.into(),
+            &ProtectedEndpoint::new(Method::Post, RoutePath::MintQuote(method.clone())),
+        )
+        .await
+        .map_err(into_response)?;
 
     match method.as_str() {
         "bolt11" => {
@@ -160,21 +155,18 @@ pub async fn post_mint_custom_quote(
 /// Get custom payment method mint quote status
 #[instrument(skip_all, fields(method = ?method, quote_id = ?quote_id))]
 pub async fn get_check_mint_custom_quote(
-    #[cfg(feature = "auth")] auth: AuthHeader,
+    auth: AuthHeader,
     State(state): State<MintState>,
     Path((method, quote_id)): Path<(String, QuoteId)>,
 ) -> Result<Response, Response> {
-    #[cfg(feature = "auth")]
-    {
-        state
-            .mint
-            .verify_auth(
-                auth.into(),
-                &ProtectedEndpoint::new(Method::Get, RoutePath::MintQuote(method.clone())),
-            )
-            .await
-            .map_err(into_response)?;
-    }
+    state
+        .mint
+        .verify_auth(
+            auth.into(),
+            &ProtectedEndpoint::new(Method::Get, RoutePath::MintQuote(method.clone())),
+        )
+        .await
+        .map_err(into_response)?;
 
     let quote_response = state
         .mint
@@ -214,22 +206,19 @@ pub async fn get_check_mint_custom_quote(
 /// Mint tokens with custom payment method
 #[instrument(skip_all, fields(method = ?method, quote_id = ?payload.quote))]
 pub async fn post_mint_custom(
-    #[cfg(feature = "auth")] auth: AuthHeader,
+    auth: AuthHeader,
     State(state): State<MintState>,
     Path(method): Path<String>,
     Json(payload): Json<MintRequest<QuoteId>>,
 ) -> Result<Json<MintResponse>, Response> {
-    #[cfg(feature = "auth")]
-    {
-        state
-            .mint
-            .verify_auth(
-                auth.into(),
-                &ProtectedEndpoint::new(Method::Post, RoutePath::Mint(method.clone())),
-            )
-            .await
-            .map_err(into_response)?;
-    }
+    state
+        .mint
+        .verify_auth(
+            auth.into(),
+            &ProtectedEndpoint::new(Method::Post, RoutePath::Mint(method.clone())),
+        )
+        .await
+        .map_err(into_response)?;
 
     // Note: process_mint_request will validate the quote internally
     // including checking if it's paid and matches the expected payment method
@@ -245,22 +234,19 @@ pub async fn post_mint_custom(
 /// Request a melt quote for custom payment method
 #[instrument(skip_all, fields(method = ?method))]
 pub async fn post_melt_custom_quote(
-    #[cfg(feature = "auth")] auth: AuthHeader,
+    auth: AuthHeader,
     State(state): State<MintState>,
     Path(method): Path<String>,
     Json(payload): Json<Value>,
 ) -> Result<Json<MeltQuoteBolt11Response<QuoteId>>, Response> {
-    #[cfg(feature = "auth")]
-    {
-        state
-            .mint
-            .verify_auth(
-                auth.into(),
-                &ProtectedEndpoint::new(Method::Post, RoutePath::MeltQuote(method.clone())),
-            )
-            .await
-            .map_err(into_response)?;
-    }
+    state
+        .mint
+        .verify_auth(
+            auth.into(),
+            &ProtectedEndpoint::new(Method::Post, RoutePath::MeltQuote(method.clone())),
+        )
+        .await
+        .map_err(into_response)?;
 
     let response = match method.as_str() {
         "bolt11" => {
@@ -310,21 +296,18 @@ pub async fn post_melt_custom_quote(
 /// Get custom payment method melt quote status
 #[instrument(skip_all, fields(method = ?method, quote_id = ?quote_id))]
 pub async fn get_check_melt_custom_quote(
-    #[cfg(feature = "auth")] auth: AuthHeader,
+    auth: AuthHeader,
     State(state): State<MintState>,
     Path((method, quote_id)): Path<(String, QuoteId)>,
 ) -> Result<Json<MeltQuoteBolt11Response<QuoteId>>, Response> {
-    #[cfg(feature = "auth")]
-    {
-        state
-            .mint
-            .verify_auth(
-                auth.into(),
-                &ProtectedEndpoint::new(Method::Get, RoutePath::MeltQuote(method.clone())),
-            )
-            .await
-            .map_err(into_response)?;
-    }
+    state
+        .mint
+        .verify_auth(
+            auth.into(),
+            &ProtectedEndpoint::new(Method::Get, RoutePath::MeltQuote(method.clone())),
+        )
+        .await
+        .map_err(into_response)?;
 
     // Note: check_melt_quote returns the response directly
     // The payment method validation is done when the quote was created
@@ -340,23 +323,20 @@ pub async fn get_check_melt_custom_quote(
 /// Melt tokens with custom payment method
 #[instrument(skip_all, fields(method = ?method))]
 pub async fn post_melt_custom(
-    #[cfg(feature = "auth")] auth: AuthHeader,
+    auth: AuthHeader,
     prefer: PreferHeader,
     State(state): State<MintState>,
     Path(method): Path<String>,
     Json(payload): Json<cdk::nuts::MeltRequest<QuoteId>>,
 ) -> Result<Json<MeltQuoteBolt11Response<QuoteId>>, Response> {
-    #[cfg(feature = "auth")]
-    {
-        state
-            .mint
-            .verify_auth(
-                auth.into(),
-                &ProtectedEndpoint::new(Method::Post, RoutePath::Melt(method.clone())),
-            )
-            .await
-            .map_err(into_response)?;
-    }
+    state
+        .mint
+        .verify_auth(
+            auth.into(),
+            &ProtectedEndpoint::new(Method::Post, RoutePath::Melt(method.clone())),
+        )
+        .await
+        .map_err(into_response)?;
 
     let res = if prefer.respond_async {
         // Asynchronous processing - return immediately after setup
@@ -380,7 +360,7 @@ pub async fn post_melt_custom(
 /// Cached version of post_mint_custom for NUT-19 caching support
 #[instrument(skip_all, fields(method = ?method, quote_id = ?payload.quote))]
 pub async fn cache_post_mint_custom(
-    #[cfg(feature = "auth")] auth: AuthHeader,
+    auth: AuthHeader,
     state: State<MintState>,
     method: Path<String>,
     payload: Json<MintRequest<QuoteId>>,
@@ -394,10 +374,7 @@ pub async fn cache_post_mint_custom(
         Some(key) => key,
         None => {
             // Could not calculate key, just return the handler result
-            #[cfg(feature = "auth")]
             return post_mint_custom(auth, state, method, payload).await;
-            #[cfg(not(feature = "auth"))]
-            return post_mint_custom(state, method, payload).await;
         }
     };
 
@@ -405,10 +382,7 @@ pub async fn cache_post_mint_custom(
         return Ok(Json(cached_response));
     }
 
-    #[cfg(feature = "auth")]
     let result = post_mint_custom(auth, state, method, payload).await?;
-    #[cfg(not(feature = "auth"))]
-    let result = post_mint_custom(state, method, payload).await?;
 
     // Cache the response
     mint_state.cache.set(cache_key, result.deref()).await;
@@ -528,7 +502,7 @@ mod tests {
 /// Cached version of post_melt_custom for NUT-19 caching support
 #[instrument(skip_all, fields(method = ?method))]
 pub async fn cache_post_melt_custom(
-    #[cfg(feature = "auth")] auth: AuthHeader,
+    auth: AuthHeader,
     prefer: PreferHeader,
     state: State<MintState>,
     method: Path<String>,
@@ -543,10 +517,7 @@ pub async fn cache_post_melt_custom(
         Some(key) => key,
         None => {
             // Could not calculate key, just return the handler result
-            #[cfg(feature = "auth")]
             return post_melt_custom(auth, prefer, state, method, payload).await;
-            #[cfg(not(feature = "auth"))]
-            return post_melt_custom(prefer, state, method, payload).await;
         }
     };
 
@@ -558,10 +529,7 @@ pub async fn cache_post_melt_custom(
         return Ok(Json(cached_response));
     }
 
-    #[cfg(feature = "auth")]
     let result = post_melt_custom(auth, prefer, state, method, payload).await?;
-    #[cfg(not(feature = "auth"))]
-    let result = post_melt_custom(prefer, state, method, payload).await?;
 
     // Cache the response
     mint_state.cache.set(cache_key, result.deref()).await;

crates/cdk-axum/src/lib.rs

@@ -5,7 +5,6 @@
 use std::sync::Arc;
 
 use anyhow::Result;
-#[cfg(feature = "auth")]
 use auth::create_auth_router;
 use axum::middleware::from_fn;
 use axum::response::Response;
@@ -17,7 +16,6 @@ use router_handlers::*;
 
 mod metrics;
 
-#[cfg(feature = "auth")]
 mod auth;
 pub mod cache;
 mod custom_handlers;
@@ -48,9 +46,7 @@ mod swagger_imports {
         MeltQuoteBolt11Request, MeltQuoteBolt11Response, MintQuoteBolt11Request,
         MintQuoteBolt11Response,
     };
-    #[cfg(feature = "auth")]
-    pub use cdk::nuts::MintAuthRequest;
-    pub use cdk::nuts::{nut04, nut05, nut15, MeltQuoteState, MintQuoteState};
+    pub use cdk::nuts::{nut04, nut05, nut15, MeltQuoteState, MintAuthRequest, MintQuoteState};
 }
 
 #[cfg(feature = "swagger")]
@@ -97,64 +93,8 @@ macro_rules! define_api_doc {
     };
 }
 
-// Configuration without auth feature
-#[cfg(all(feature = "swagger", not(feature = "auth")))]
-define_api_doc! {
-    schemas: [
-        Amount,
-        BlindedMessage,
-        BlindSignature,
-        BlindSignatureDleq,
-        CheckStateRequest,
-        CheckStateResponse,
-        ContactInfo,
-        CurrencyUnit,
-        ErrorCode,
-        ErrorResponse,
-        HTLCWitness,
-        Keys,
-        KeysResponse,
-        KeysetResponse,
-        KeySet,
-        KeySetInfo,
-        MeltRequest<String>,
-        MeltQuoteBolt11Request,
-        MeltQuoteBolt11Response<String>,
-        MeltQuoteState,
-        MeltMethodSettings,
-        MintRequest<String>,
-        MintResponse,
-        MintInfo,
-        MintQuoteBolt11Request,
-        MintQuoteBolt11Response<String>,
-        MintQuoteState,
-        MintMethodSettings,
-        MintVersion,
-        Mpp,
-        MppMethodSettings,
-        Nuts,
-        P2PKWitness,
-        PaymentMethod,
-        Proof,
-        ProofDleq,
-        ProofState,
-        PublicKey,
-        RestoreRequest,
-        RestoreResponse,
-        SecretKey,
-        State,
-        SupportedSettings,
-        SwapRequest,
-        SwapResponse,
-        Witness,
-        nut04::Settings,
-        nut05::Settings,
-        nut15::Settings
-    ]
-}
-
 // Configuration with auth feature
-#[cfg(all(feature = "swagger", feature = "auth"))]
+#[cfg(feature = "swagger")]
 define_api_doc! {
     schemas: [
         Amount,
@@ -227,10 +167,7 @@ async fn cors_middleware(
     req: axum::http::Request<axum::body::Body>,
     next: axum::middleware::Next,
 ) -> Response {
-    #[cfg(feature = "auth")]
     let allowed_headers = "Content-Type, Clear-auth, Blind-auth";
-    #[cfg(not(feature = "auth"))]
-    let allowed_headers = "Content-Type";
 
     // Handle preflight requests
     if req.method() == axum::http::Method::OPTIONS {
@@ -296,7 +233,6 @@ pub async fn create_mint_router_with_custom_cache(
 
     let mint_router = Router::new().nest("/v1", v1_router);
 
-    #[cfg(feature = "auth")]
     let mint_router = {
         let auth_router = create_auth_router(state.clone());
         mint_router.nest("/v1", auth_router)

crates/cdk-axum/src/router_handlers.rs

@@ -4,7 +4,6 @@ use axum::extract::{Json, Path, State};
 use axum::http::StatusCode;
 use axum::response::{IntoResponse, Response};
 use cdk::error::ErrorResponse;
-#[cfg(feature = "auth")]
 use cdk::nuts::nut21::{Method, ProtectedEndpoint, RoutePath};
 use cdk::nuts::{
     CheckStateRequest, CheckStateResponse, Id, KeysResponse, KeysetResponse, MintInfo,
@@ -14,7 +13,6 @@ use cdk::util::unix_time;
 use paste::paste;
 use tracing::instrument;
 
-#[cfg(feature = "auth")]
 use crate::auth::AuthHeader;
 use crate::ws::main_websocket;
 use crate::MintState;
@@ -27,7 +25,7 @@ macro_rules! post_cache_wrapper {
             /// Cache wrapper function for $handler:
             /// Wrap $handler into a function that caches responses using the request as key
             pub async fn [<cache_ $handler>](
-                #[cfg(feature = "auth")] auth: AuthHeader,
+                auth: AuthHeader,
                 state: State<MintState>,
                 payload: Json<$request_type>
             ) -> Result<Json<$response_type>, Response> {
@@ -38,19 +36,13 @@ macro_rules! post_cache_wrapper {
                     Some(key) => key,
                     None => {
                         // Could not calculate key, just return the handler result
-                        #[cfg(feature = "auth")]
                         return $handler(auth, state, payload).await;
-                        #[cfg(not(feature = "auth"))]
-                        return $handler( state, payload).await;
                     }
                 };
                 if let Some(cached_response) = mint_state.cache.get::<$response_type>(&cache_key).await {
                     return Ok(Json(cached_response));
                 }
-                #[cfg(feature = "auth")]
                 let response = $handler(auth, state, payload).await?;
-                #[cfg(not(feature = "auth"))]
-                let response = $handler(state, payload).await?;
                 mint_state.cache.set(cache_key, &response.deref()).await;
                 Ok(response)
             }
@@ -66,7 +58,7 @@ macro_rules! post_cache_wrapper_with_prefer {
             /// Cache wrapper function for $handler with PreferHeader support:
             /// Wrap $handler into a function that caches responses using the request as key
             pub async fn [<cache_ $handler>](
-                #[cfg(feature = "auth")] auth: AuthHeader,
+                auth: AuthHeader,
                 prefer: PreferHeader,
                 state: State<MintState>,
                 payload: Json<$request_type>
@@ -79,19 +71,13 @@ macro_rules! post_cache_wrapper_with_prefer {
                     Some(key) => key,
                     None => {
                         // Could not calculate key, just return the handler result
-                        #[cfg(feature = "auth")]
                         return $handler(auth, prefer, state, payload).await;
-                        #[cfg(not(feature = "auth"))]
-                        return $handler(prefer, state, payload).await;
                     }
                 };
                 if let Some(cached_response) = mint_state.cache.get::<$response_type>(&cache_key).await {
                     return Ok(Json(cached_response));
                 }
-                #[cfg(feature = "auth")]
                 let response = $handler(auth, prefer, state, payload).await?;
-                #[cfg(not(feature = "auth"))]
-                let response = $handler(prefer, state, payload).await?;
                 mint_state.cache.set(cache_key, &response.deref()).await;
                 Ok(response)
             }
@@ -168,21 +154,18 @@ pub(crate) async fn get_keysets(
 
 #[instrument(skip_all)]
 pub(crate) async fn ws_handler(
-    #[cfg(feature = "auth")] auth: AuthHeader,
+    auth: AuthHeader,
     State(state): State<MintState>,
     ws: WebSocketUpgrade,
 ) -> Result<impl IntoResponse, Response> {
-    #[cfg(feature = "auth")]
-    {
-        state
-            .mint
-            .verify_auth(
-                auth.into(),
-                &ProtectedEndpoint::new(Method::Get, RoutePath::Ws),
-            )
-            .await
-            .map_err(into_response)?;
-    }
+    state
+        .mint
+        .verify_auth(
+            auth.into(),
+            &ProtectedEndpoint::new(Method::Get, RoutePath::Ws),
+        )
+        .await
+        .map_err(into_response)?;
 
     Ok(ws.on_upgrade(|ws| main_websocket(ws, state)))
 }
@@ -202,21 +185,18 @@ pub(crate) async fn ws_handler(
 /// Check whether a secret has been spent already or not.
 #[instrument(skip_all, fields(y_count = ?payload.ys.len()))]
 pub(crate) async fn post_check(
-    #[cfg(feature = "auth")] auth: AuthHeader,
+    auth: AuthHeader,
     State(state): State<MintState>,
     Json(payload): Json<CheckStateRequest>,
 ) -> Result<Json<CheckStateResponse>, Response> {
-    #[cfg(feature = "auth")]
-    {
-        state
-            .mint
-            .verify_auth(
-                auth.into(),
-                &ProtectedEndpoint::new(Method::Post, RoutePath::Checkstate),
-            )
-            .await
-            .map_err(into_response)?;
-    }
+    state
+        .mint
+        .verify_auth(
+            auth.into(),
+            &ProtectedEndpoint::new(Method::Post, RoutePath::Checkstate),
+        )
+        .await
+        .map_err(into_response)?;
 
     let state = state.mint.check_state(&payload).await.map_err(|err| {
         tracing::error!("Could not check state of proofs");
@@ -270,21 +250,18 @@ pub(crate) async fn get_mint_info(
 /// This endpoint can be used by Alice to swap a set of proofs before making a payment to Carol. It can then used by Carol to redeem the tokens for new proofs.
 #[instrument(skip_all, fields(inputs_count = ?payload.inputs().len()))]
 pub(crate) async fn post_swap(
-    #[cfg(feature = "auth")] auth: AuthHeader,
+    auth: AuthHeader,
     State(state): State<MintState>,
     Json(payload): Json<SwapRequest>,
 ) -> Result<Json<SwapResponse>, Response> {
-    #[cfg(feature = "auth")]
-    {
-        state
-            .mint
-            .verify_auth(
-                auth.into(),
-                &ProtectedEndpoint::new(Method::Post, RoutePath::Swap),
-            )
-            .await
-            .map_err(into_response)?;
-    }
+    state
+        .mint
+        .verify_auth(
+            auth.into(),
+            &ProtectedEndpoint::new(Method::Post, RoutePath::Swap),
+        )
+        .await
+        .map_err(into_response)?;
 
     let swap_response = state
         .mint
@@ -311,21 +288,18 @@ pub(crate) async fn post_swap(
 /// Restores blind signature for a set of outputs.
 #[instrument(skip_all, fields(outputs_count = ?payload.outputs.len()))]
 pub(crate) async fn post_restore(
-    #[cfg(feature = "auth")] auth: AuthHeader,
+    auth: AuthHeader,
     State(state): State<MintState>,
     Json(payload): Json<RestoreRequest>,
 ) -> Result<Json<RestoreResponse>, Response> {
-    #[cfg(feature = "auth")]
-    {
-        state
-            .mint
-            .verify_auth(
-                auth.into(),
-                &ProtectedEndpoint::new(Method::Post, RoutePath::Restore),
-            )
-            .await
-            .map_err(into_response)?;
-    }
+    state
+        .mint
+        .verify_auth(
+            auth.into(),
+            &ProtectedEndpoint::new(Method::Post, RoutePath::Restore),
+        )
+        .await
+        .map_err(into_response)?;
 
     let restore_response = state.mint.restore(payload).await.map_err(|err| {
         tracing::error!("Could not process restore: {}", err);

crates/cdk-cli/Cargo.toml

@@ -22,7 +22,7 @@ npubcash = ["cdk/npubcash"]
 anyhow.workspace = true
 bip39.workspace = true
 bitcoin.workspace = true
-cdk = { workspace = true, default-features = false, features = ["wallet", "auth", "nostr", "bip353"]}
+cdk = { workspace = true, default-features = false, features = ["wallet", "nostr", "bip353"]}
 cdk-redb = { workspace = true, features = ["wallet"], optional = true }
 cdk-sqlite = { workspace = true, features = ["wallet"] }
 cdk-common = { workspace = true, features = ["wallet"] }

crates/cdk-common/Cargo.toml

@@ -17,7 +17,6 @@ test = []
 bench = []
 wallet = ["cashu/wallet", "dep:uuid"]
 mint = ["cashu/mint", "dep:uuid"]
-auth = ["cashu/auth"]
 nostr = ["wallet", "cashu/nostr"]
 prometheus = ["cdk-prometheus/default"]
 

crates/cdk-common/src/database/mint/mod.rs

@@ -17,13 +17,11 @@ use crate::nuts::{
 };
 use crate::payment::PaymentIdentifier;
 
-#[cfg(feature = "auth")]
 mod auth;
 
 #[cfg(feature = "test")]
 pub mod test;
 
-#[cfg(feature = "auth")]
 pub use auth::{DynMintAuthDatabase, MintAuthDatabase, MintAuthTransaction};
 
 // Re-export KVStore types from shared module for backward compatibility

crates/cdk-common/src/database/mod.rs

@@ -25,7 +25,7 @@ pub use mint::{
     SignaturesDatabase as MintSignaturesDatabase,
     SignaturesTransaction as MintSignatureTransaction, Transaction as MintTransaction,
 };
-#[cfg(all(feature = "mint", feature = "auth"))]
+#[cfg(feature = "mint")]
 pub use mint::{DynMintAuthDatabase, MintAuthDatabase, MintAuthTransaction};
 #[cfg(feature = "wallet")]
 pub use wallet::Database as WalletDatabase;
@@ -140,7 +140,6 @@ pub enum Error {
     NUT02(#[from] crate::nuts::nut02::Error),
     /// NUT22 Error
     #[error(transparent)]
-    #[cfg(feature = "auth")]
     NUT22(#[from] crate::nuts::nut22::Error),
     /// NUT04 Error
     #[error(transparent)]

crates/cdk-common/src/error.rs

@@ -438,11 +438,9 @@ pub enum Error {
     NUT20(#[from] crate::nuts::nut20::Error),
     /// NUT21 Error
     #[error(transparent)]
-    #[cfg(feature = "auth")]
     NUT21(#[from] crate::nuts::nut21::Error),
     /// NUT22 Error
     #[error(transparent)]
-    #[cfg(feature = "auth")]
     NUT22(#[from] crate::nuts::nut22::Error),
     /// NUT23 Error
     #[error(transparent)]
@@ -635,9 +633,7 @@ impl Error {
             Self::NUT14(_) => true,
             Self::NUT18(_) => true,
             Self::NUT20(_) => true,
-            #[cfg(feature = "auth")]
             Self::NUT21(_) => true,
-            #[cfg(feature = "auth")]
             Self::NUT22(_) => true,
             Self::NUT23(_) => true,
             #[cfg(feature = "mint")]

crates/cdk-ffi/Cargo.toml

@@ -15,7 +15,7 @@ name = "cdk_ffi"
 [dependencies]
 async-trait = { workspace = true }
 bip39 = { workspace = true }
-cdk = { workspace = true, default-features = false, features = ["wallet", "auth", "bip353", "nostr"] }
+cdk = { workspace = true, default-features = false, features = ["wallet", "bip353", "nostr"] }
 cdk-sqlite = { workspace = true }
 cdk-postgres = { workspace = true, optional = true }
 cdk-npubcash = { workspace = true, optional = true }

crates/cdk-integration-tests/Cargo.toml

@@ -20,16 +20,16 @@ rand.workspace = true
 bip39 = { workspace = true, features = ["rand"] }
 anyhow.workspace = true
 cashu = { workspace = true, features = ["mint", "wallet"] }
-cdk = { workspace = true, features = ["mint", "wallet", "auth", "bip353"] }
+cdk = { workspace = true, features = ["mint", "wallet", "bip353"] }
 cdk-cln = { workspace = true }
 cdk-lnd = { workspace = true }
 cdk-ldk-node = { workspace = true }
-cdk-axum = { workspace = true, features = ["auth"] }
+cdk-axum = { workspace = true }
 cdk-sqlite = { workspace = true }
 cdk-redb = { workspace = true }
 cdk-fake-wallet = { workspace = true }
-cdk-common = { workspace = true, features = ["mint", "wallet", "auth"] }
-cdk-mintd = { workspace = true, features = ["cln", "lnd", "fakewallet", "grpc-processor", "auth", "lnbits", "management-rpc", "sqlite", "postgres", "ldk-node", "prometheus"] }
+cdk-common = { workspace = true, features = ["mint", "wallet"] }
+cdk-mintd = { workspace = true, features = ["cln", "lnd", "fakewallet", "grpc-processor", "lnbits", "management-rpc", "sqlite", "postgres", "ldk-node", "prometheus"] }
 futures = { workspace = true, default-features = false, features = [
     "executor",
 ] }

crates/cdk-mintd/Cargo.toml

@@ -27,7 +27,6 @@ sqlcipher = ["sqlite", "cdk-sqlite/sqlcipher"]
 # MSRV is not committed to with swagger enabled
 swagger = ["cdk-axum/swagger", "dep:utoipa", "dep:utoipa-swagger-ui"]
 redis = ["cdk-axum/redis"]
-auth = ["cdk/auth", "cdk-axum/auth", "cdk-sqlite?/auth", "cdk-postgres?/auth"]
 prometheus = ["cdk/prometheus", "dep:cdk-prometheus", "cdk-sqlite?/prometheus", "cdk-axum/prometheus"]
 
 [dependencies]

crates/cdk-mintd/src/config.rs

@@ -574,7 +574,6 @@ pub struct Settings {
     pub fake_wallet: Option<FakeWallet>,
     pub grpc_processor: Option<GrpcProcessor>,
     pub database: Database,
-    #[cfg(feature = "auth")]
     pub auth_database: Option<AuthDatabase>,
     #[cfg(feature = "management-rpc")]
     pub mint_management_rpc: Option<MintManagementRpc>,

crates/cdk-mintd/src/env_vars/mod.rs

@@ -11,7 +11,6 @@ mod limits;
 mod ln;
 mod mint_info;
 
-#[cfg(feature = "auth")]
 mod auth;
 #[cfg(feature = "cln")]
 mod cln;
@@ -34,7 +33,6 @@ use std::env;
 use std::str::FromStr;
 
 use anyhow::{anyhow, bail, Result};
-#[cfg(feature = "auth")]
 pub use auth::*;
 #[cfg(feature = "cln")]
 pub use cln::*;
@@ -78,27 +76,23 @@ impl Settings {
             );
         }
 
-        // Parse auth database configuration from environment variables (when auth is enabled)
-        #[cfg(feature = "auth")]
-        {
-            self.auth_database = Some(crate::config::AuthDatabase {
-                postgres: Some(
-                    self.auth_database
-                        .clone()
-                        .unwrap_or_default()
-                        .postgres
-                        .unwrap_or_default()
-                        .from_env(),
-                ),
-            });
-        }
+        // Parse auth database configuration from environment variables
+        self.auth_database = Some(crate::config::AuthDatabase {
+            postgres: Some(
+                self.auth_database
+                    .clone()
+                    .unwrap_or_default()
+                    .postgres
+                    .unwrap_or_default()
+                    .from_env(),
+            ),
+        });
 
         self.info = self.info.clone().from_env();
         self.mint_info = self.mint_info.clone().from_env();
         self.ln = self.ln.clone().from_env();
         self.limits = self.limits.clone().from_env();
 
-        #[cfg(feature = "auth")]
         {
             // Check env vars for auth config even if None
             let auth = self.auth.clone().unwrap_or_default().from_env();

crates/cdk-mintd/src/lib.rs

@@ -2,7 +2,6 @@
 //! Cdk mintd lib
 
 // std
-#[cfg(feature = "auth")]
 use std::collections::HashMap;
 use std::env::{self};
 use std::net::SocketAddr;
@@ -34,9 +33,9 @@ use cdk::nuts::nut19::{CachedEndpoint, Method as NUT19Method, Path as NUT19Path}
     feature = "ldk-node"
 ))]
 use cdk::nuts::CurrencyUnit;
-#[cfg(feature = "auth")]
-use cdk::nuts::{AuthRequired, Method, ProtectedEndpoint, RoutePath};
-use cdk::nuts::{ContactInfo, MintVersion, PaymentMethod};
+use cdk::nuts::{
+    AuthRequired, ContactInfo, Method, MintVersion, PaymentMethod, ProtectedEndpoint, RoutePath,
+};
 use cdk_axum::cache::HttpCache;
 use cdk_common::common::QuoteTTL;
 use cdk_common::database::DynMintDatabase;
@@ -44,18 +43,16 @@ use cdk_common::database::DynMintDatabase;
 #[cfg(feature = "prometheus")]
 use cdk_common::payment::MetricsMintPayment;
 use cdk_common::payment::MintPayment;
-#[cfg(all(feature = "auth", feature = "postgres"))]
+#[cfg(feature = "postgres")]
 use cdk_postgres::MintPgAuthDatabase;
 #[cfg(feature = "postgres")]
 use cdk_postgres::MintPgDatabase;
-#[cfg(all(feature = "auth", feature = "sqlite"))]
+#[cfg(feature = "sqlite")]
 use cdk_sqlite::mint::MintSqliteAuthDatabase;
 #[cfg(feature = "sqlite")]
 use cdk_sqlite::MintSqliteDatabase;
 use cli::CLIArgs;
-#[cfg(feature = "auth")]
-use config::AuthType;
-use config::{DatabaseEngine, LnBackend};
+use config::{AuthType, DatabaseEngine, LnBackend};
 use env_vars::ENV_WORK_DIR;
 use setup::LnBackendSetup;
 use tower::ServiceBuilder;
@@ -689,7 +686,6 @@ fn configure_cache(
     mint_builder.with_cache(Some(cache.ttl.as_secs()), cached_endpoints)
 }
 
-#[cfg(feature = "auth")]
 async fn setup_authentication(
     settings: &config::Settings,
     _work_dir: &Path,
@@ -894,7 +890,7 @@ async fn start_services_with_shutdown(
     mint_builder_info: cdk::nuts::MintInfo,
     shutdown_signal: impl std::future::Future<Output = ()> + Send + 'static,
     routers: Vec<Router>,
-    #[cfg(feature = "auth")] auth_localstore: Option<cdk_common::database::DynMintAuthDatabase>,
+    auth_localstore: Option<cdk_common::database::DynMintAuthDatabase>,
 ) -> Result<()> {
     let listen_addr = settings.info.listen_host.clone();
     let listen_port = settings.info.listen_port;
@@ -1007,7 +1003,6 @@ async fn start_services_with_shutdown(
     tracing::info!("Payment methods: {:?}", custom_methods);
 
     // Configure auth for custom payment methods if auth is enabled
-    #[cfg(feature = "auth")]
     if let (Some(ref auth_settings), Some(auth_db)) = (&settings.auth, &auth_localstore) {
         if auth_settings.auth_enabled {
             use std::collections::HashMap;
@@ -1378,7 +1373,6 @@ pub async fn run_mintd_with_shutdown(
 
     let mint_builder =
         configure_mint_builder(settings, maybe_mint_builder, runtime, work_dir, Some(kv)).await?;
-    #[cfg(feature = "auth")]
     let (mint_builder, auth_localstore) =
         setup_authentication(settings, work_dir, mint_builder, db_password).await?;
 
@@ -1397,7 +1391,6 @@ pub async fn run_mintd_with_shutdown(
         config_mint_info,
         shutdown_signal,
         routers,
-        #[cfg(feature = "auth")]
         auth_localstore,
     )
     .await

crates/cdk-postgres/Cargo.toml

@@ -11,10 +11,9 @@ rust-version.workspace = true                            # MSRV
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 [features]
-default = ["mint", "wallet", "auth"]
+default = ["mint", "wallet"]
 mint = ["cdk-common/mint", "cdk-sql-common/mint"]
 wallet = ["cdk-common/wallet", "cdk-sql-common/wallet"]
-auth = ["cdk-common/auth", "cdk-sql-common/auth"]
 
 [dependencies]
 async-trait.workspace = true

crates/cdk-postgres/src/lib.rs

@@ -322,7 +322,6 @@ impl DatabaseExecutor for PostgresConnection {
 pub type MintPgDatabase = SQLMintDatabase<PgConnectionPool>;
 
 /// Mint Auth database with Postgres
-#[cfg(feature = "auth")]
 pub type MintPgAuthDatabase = SQLMintAuthDatabase<PgConnectionPool>;
 
 /// Wallet DB implementation with PostgreSQL

crates/cdk-redb/Cargo.toml

@@ -12,9 +12,8 @@ readme = "README.md"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 [features]
-default = ["wallet", "auth"]
+default = ["wallet"]
 wallet = ["cdk-common/wallet"]
-auth = ["cdk-common/auth"]
 
 [dependencies]
 async-trait.workspace = true

crates/cdk-signatory/Cargo.toml

@@ -20,7 +20,6 @@ async-trait.workspace = true
 bitcoin.workspace = true
 cdk-common = { workspace = true, default-features = false, features = [
     "mint",
-    "auth",
 ] }
 tonic = { workspace = true, optional = true, features = ["transport", "tls-ring", "codegen", "router"] }
 tonic-prost = { workspace = true, optional = true }
@@ -31,7 +30,7 @@ rustls = { workspace = true }
 [target.'cfg(not(target_arch = "wasm32"))'.dependencies]
 # main.rs dependencies
 anyhow.workspace = true
-cdk-sqlite = { workspace = true, features = ["mint", "auth"], optional = true }
+cdk-sqlite = { workspace = true, features = ["mint"], optional = true }
 clap = { workspace = true }
 bip39.workspace = true
 home.workspace = true

crates/cdk-sql-common/Cargo.toml

@@ -12,10 +12,9 @@ readme = "README.md"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 [features]
-default = ["mint", "wallet", "auth"]
+default = ["mint", "wallet"]
 mint = ["cdk-common/mint"]
 wallet = ["cdk-common/wallet"]
-auth = ["cdk-common/auth"]
 prometheus = ["cdk-prometheus"]
 [dependencies]
 async-trait.workspace = true

crates/cdk-sql-common/src/mint/mod.rs

@@ -18,7 +18,6 @@ use crate::common::migrate;
 use crate::database::{ConnectionWithTransaction, DatabaseExecutor};
 use crate::pool::{DatabasePool, Pool, PooledResource};
 
-#[cfg(feature = "auth")]
 mod auth;
 mod completed_operations;
 mod keys;
@@ -33,7 +32,6 @@ mod migrations {
     include!(concat!(env!("OUT_DIR"), "/migrations_mint.rs"));
 }
 
-#[cfg(feature = "auth")]
 pub use auth::SQLMintAuthDatabase;
 #[cfg(feature = "prometheus")]
 use cdk_prometheus::METRICS;

crates/cdk-sqlite/Cargo.toml

@@ -12,10 +12,9 @@ readme = "README.md"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 [features]
-default = ["mint", "wallet", "auth"]
+default = ["mint", "wallet"]
 mint = ["cdk-common/mint", "cdk-sql-common/mint"]
 wallet = ["cdk-common/wallet", "cdk-sql-common/wallet"]
-auth = ["cdk-common/auth", "cdk-sql-common/auth"]
 sqlcipher = ["rusqlite/bundled-sqlcipher"]
 prometheus = ["cdk-sql-common/prometheus", "cdk-prometheus"]
 [dependencies]

crates/cdk-sqlite/src/mint/mod.rs

@@ -11,7 +11,6 @@ pub mod memory;
 pub type MintSqliteDatabase = SQLMintDatabase<SqliteConnectionManager>;
 
 /// Mint Auth database with rusqlite
-#[cfg(feature = "auth")]
 pub type MintSqliteAuthDatabase = SQLMintAuthDatabase<SqliteConnectionManager>;
 
 #[cfg(test)]

crates/cdk/Cargo.toml

@@ -11,12 +11,11 @@ license.workspace = true
 
 
 [features]
-default = ["mint", "wallet", "auth", "nostr", "bip353"]
+default = ["mint", "wallet", "nostr", "bip353"]
 wallet = ["dep:futures", "dep:reqwest", "cdk-common/wallet", "dep:rustls"]
 nostr = ["wallet", "dep:nostr-sdk", "cdk-common/nostr"]
 npubcash = ["wallet", "nostr", "dep:cdk-npubcash"]
 mint = ["dep:futures", "dep:reqwest", "cdk-common/mint", "cdk-signatory"]
-auth = ["dep:jsonwebtoken", "cdk-common/auth", "cdk-common/auth"]
 bip353 = ["dep:hickory-resolver"]
 # We do not commit to a MSRV with swagger enabled
 swagger = ["mint", "dep:utoipa", "cdk-common/swagger"]
@@ -57,7 +56,7 @@ futures = { workspace = true, optional = true, features = ["alloc"] }
 url.workspace = true
 utoipa = { workspace = true, optional = true }
 uuid.workspace = true
-jsonwebtoken = { workspace = true, optional = true }
+jsonwebtoken.workspace = true
 nostr-sdk = { workspace = true, optional = true }
 cdk-npubcash = { workspace = true, optional = true }
 cdk-prometheus = {workspace = true, optional = true}
@@ -122,7 +121,7 @@ required-features = ["wallet"]
 
 [[example]]
 name = "auth_wallet"
-required-features = ["wallet", "auth"]
+required-features = ["wallet"]
 
 [[example]]
 name = "bip353"

crates/cdk/examples/mint-token-bolt12-with-custom-http.rs

@@ -115,12 +115,8 @@ async fn main() -> Result<(), Error> {
     let amount = Amount::from(10);
 
     let mint_url = MintUrl::from_str(mint_url)?;
-    #[cfg(feature = "auth")]
     let http_client = CustomConnector::new(mint_url.clone(), None);
 
-    #[cfg(not(feature = "auth"))]
-    let http_client = CustomConnector::new(mint_url.clone());
-
     // Create a new wallet
     let wallet = WalletBuilder::new()
         .mint_url(mint_url)

crates/cdk/src/lib.rs

@@ -8,7 +8,7 @@ compile_error!("The 'tor' feature is not supported on wasm32 targets (browser).
 pub mod cdk_database {
     //! CDK Database
     pub use cdk_common::database::Error;
-    #[cfg(all(feature = "mint", feature = "auth"))]
+    #[cfg(feature = "mint")]
     pub use cdk_common::database::MintAuthDatabase;
     #[cfg(feature = "wallet")]
     pub use cdk_common::database::WalletDatabase;
@@ -33,7 +33,7 @@ mod bip353;
 #[cfg(feature = "wallet")]
 mod lightning_address;
 
-#[cfg(all(any(feature = "wallet", feature = "mint"), feature = "auth"))]
+#[cfg(any(feature = "wallet", feature = "mint"))]
 mod oidc_client;
 
 #[cfg(feature = "mint")]
@@ -46,7 +46,7 @@ pub use cdk_common::{
     error::{self, Error},
     lightning_invoice, mint_url, nuts, secret, util, ws, Amount, Bolt11Invoice,
 };
-#[cfg(all(any(feature = "wallet", feature = "mint"), feature = "auth"))]
+#[cfg(any(feature = "wallet", feature = "mint"))]
 pub use oidc_client::OidcClient;
 
 #[cfg(any(feature = "wallet", feature = "mint"))]

crates/cdk/src/mint/builder.rs

@@ -4,14 +4,13 @@ use std::collections::HashMap;
 use std::sync::Arc;
 
 use bitcoin::bip32::DerivationPath;
-use cdk_common::database::{DynMintDatabase, MintKeysDatabase};
+use cdk_common::database::{DynMintAuthDatabase, DynMintDatabase, MintKeysDatabase};
 use cdk_common::error::Error;
 use cdk_common::nut00::KnownMethod;
 use cdk_common::nut04::MintMethodOptions;
 use cdk_common::nut05::MeltMethodOptions;
 use cdk_common::payment::DynMintPayment;
-#[cfg(feature = "auth")]
-use cdk_common::{database::DynMintAuthDatabase, nut21, nut22};
+use cdk_common::{nut21, nut22};
 use cdk_signatory::signatory::{RotateKeyArguments, Signatory};
 
 use super::nut17::SupportedMethods;
@@ -20,11 +19,9 @@ use super::Nuts;
 use crate::amount::Amount;
 use crate::cdk_database;
 use crate::mint::Mint;
-#[cfg(feature = "auth")]
-use crate::nuts::ProtectedEndpoint;
 use crate::nuts::{
     ContactInfo, CurrencyUnit, MeltMethodSettings, MintInfo, MintMethodSettings, MintVersion,
-    MppMethodSettings, PaymentMethod,
+    MppMethodSettings, PaymentMethod, ProtectedEndpoint,
 };
 use crate::types::PaymentProcessorKey;
 
@@ -32,7 +29,6 @@ use crate::types::PaymentProcessorKey;
 pub struct MintBuilder {
     mint_info: MintInfo,
     localstore: DynMintDatabase,
-    #[cfg(feature = "auth")]
     auth_localstore: Option<DynMintAuthDatabase>,
     payment_processors: HashMap<PaymentProcessorKey, DynMintPayment>,
     supported_units: HashMap<CurrencyUnit, (u64, u8)>,
@@ -70,7 +66,6 @@ impl MintBuilder {
         MintBuilder {
             mint_info,
             localstore,
-            #[cfg(feature = "auth")]
             auth_localstore: None,
             payment_processors: HashMap::new(),
             supported_units: HashMap::new(),
@@ -88,7 +83,6 @@ impl MintBuilder {
     }
 
     /// Set clear auth settings
-    #[cfg(feature = "auth")]
     pub fn with_auth(
         mut self,
         auth_localstore: DynMintAuthDatabase,
@@ -131,7 +125,6 @@ impl MintBuilder {
     }
 
     /// Set blind auth settings
-    #[cfg(feature = "auth")]
     pub fn with_blind_auth(
         mut self,
         bat_max_mint: u64,
@@ -407,7 +400,6 @@ impl MintBuilder {
         let active_keysets = signatory.keysets().await?;
 
         // Ensure Auth keyset is created when auth is enabled
-        #[cfg(feature = "auth")]
         if self.auth_localstore.is_some() {
             self.supported_units
                 .entry(CurrencyUnit::Auth)
@@ -466,7 +458,6 @@ impl MintBuilder {
             }
         }
 
-        #[cfg(feature = "auth")]
         if let Some(auth_localstore) = self.auth_localstore {
             return Mint::new_with_auth(
                 self.mint_info,

crates/cdk/src/mint/issue/mod.rs

@@ -20,7 +20,6 @@ use tracing::instrument;
 use crate::mint::Verification;
 use crate::Mint;
 
-#[cfg(feature = "auth")]
 mod auth;
 
 /// Request for creating a mint quote

crates/cdk/src/mint/keysets/mod.rs

@@ -6,7 +6,6 @@ use super::{
 };
 use crate::Error;
 
-#[cfg(feature = "auth")]
 mod auth;
 
 impl Mint {

crates/cdk/src/mint/mod.rs

@@ -7,9 +7,7 @@ use std::time::Duration;
 use arc_swap::ArcSwap;
 use cdk_common::common::{PaymentProcessorKey, QuoteTTL};
 use cdk_common::database::mint::Acquired;
-#[cfg(feature = "auth")]
-use cdk_common::database::DynMintAuthDatabase;
-use cdk_common::database::{self, DynMintDatabase};
+use cdk_common::database::{self, DynMintAuthDatabase, DynMintDatabase};
 use cdk_common::nuts::{BlindSignature, BlindedMessage, CurrencyUnit, Id};
 use cdk_common::payment::{DynMintPayment, WaitPaymentResponse};
 pub use cdk_common::quote_id::QuoteId;
@@ -17,7 +15,6 @@ pub use cdk_common::quote_id::QuoteId;
 use cdk_prometheus::global;
 use cdk_signatory::signatory::{Signatory, SignatoryKeySet};
 use futures::StreamExt;
-#[cfg(feature = "auth")]
 use nut21::ProtectedEndpoint;
 use subscription::PubSubManager;
 use tokio::sync::{Mutex, Notify};
@@ -27,11 +24,8 @@ use tracing::instrument;
 use crate::error::Error;
 use crate::fees::calculate_fee;
 use crate::nuts::*;
-use crate::Amount;
-#[cfg(feature = "auth")]
-use crate::OidcClient;
+use crate::{Amount, OidcClient};
 
-#[cfg(feature = "auth")]
 pub(crate) mod auth;
 mod builder;
 mod check_spendable;
@@ -67,13 +61,11 @@ pub struct Mint {
     /// Mint Storage backend
     localstore: DynMintDatabase,
     /// Auth Storage backend (only available with auth feature)
-    #[cfg(feature = "auth")]
     auth_localstore: Option<DynMintAuthDatabase>,
     /// Payment processors for mint
     payment_processors: Arc<HashMap<PaymentProcessorKey, DynMintPayment>>,
     /// Subscription manager
     pubsub_manager: Arc<PubSubManager>,
-    #[cfg(feature = "auth")]
     oidc_client: Option<OidcClient>,
     /// In-memory keyset
     keysets: Arc<ArcSwap<Vec<SignatoryKeySet>>>,
@@ -114,7 +106,6 @@ impl Mint {
             mint_info,
             signatory,
             localstore,
-            #[cfg(feature = "auth")]
             None,
             payment_processors,
             max_inputs,
@@ -124,7 +115,6 @@ impl Mint {
     }
 
     /// Create new [`Mint`] with authentication support
-    #[cfg(feature = "auth")]
     pub async fn new_with_auth(
         mint_info: MintInfo,
         signatory: Arc<dyn Signatory + Send + Sync>,
@@ -152,7 +142,7 @@ impl Mint {
         mint_info: MintInfo,
         signatory: Arc<dyn Signatory + Send + Sync>,
         localstore: DynMintDatabase,
-        #[cfg(feature = "auth")] auth_localstore: Option<DynMintAuthDatabase>,
+        auth_localstore: Option<DynMintAuthDatabase>,
         payment_processors: HashMap<PaymentProcessorKey, DynMintPayment>,
         max_inputs: usize,
         max_outputs: usize,
@@ -200,7 +190,6 @@ impl Mint {
 
                 // Merge auth settings from computed_info if stored doesn't have them
                 // Protected endpoints will be populated dynamically from auth database
-                #[cfg(feature = "auth")]
                 {
                     if stored.nuts.nut21.is_none() && computed_info.nuts.nut21.is_some() {
                         stored.nuts.nut21 = computed_info.nuts.nut21.clone();
@@ -245,7 +234,6 @@ impl Mint {
             signatory,
             pubsub_manager: PubSubManager::new((localstore.clone(), payment_processors.clone())),
             localstore,
-            #[cfg(feature = "auth")]
             oidc_client: computed_info.nuts.nut21.as_ref().map(|nut21| {
                 OidcClient::new(
                     nut21.openid_discovery.clone(),
@@ -253,7 +241,6 @@ impl Mint {
                 )
             }),
             payment_processors,
-            #[cfg(feature = "auth")]
             auth_localstore,
             keysets: Arc::new(ArcSwap::new(keysets.keysets.into())),
             task_state: Arc::new(Mutex::new(TaskState::default())),
@@ -511,7 +498,6 @@ impl Mint {
 
         let mint_info: MintInfo = serde_json::from_slice(&mint_info)?;
 
-        #[cfg(feature = "auth")]
         let mint_info = if let Some(auth_db) = self.auth_localstore.as_ref() {
             let mut mint_info = mint_info;
             let auth_endpoints = auth_db.get_auth_for_endpoints().await?;

crates/cdk/src/wallet/builder.rs

@@ -2,18 +2,14 @@ use std::collections::HashMap;
 use std::sync::Arc;
 use std::time::Duration;
 
-use cdk_common::database;
 use cdk_common::parking_lot::RwLock;
-#[cfg(feature = "auth")]
-use cdk_common::AuthToken;
-#[cfg(any(feature = "auth", feature = "npubcash"))]
+use cdk_common::{database, AuthToken};
 use tokio::sync::RwLock as TokioRwLock;
 
 use crate::cdk_database::WalletDatabase;
 use crate::error::Error;
 use crate::mint_url::MintUrl;
 use crate::nuts::CurrencyUnit;
-#[cfg(feature = "auth")]
 use crate::wallet::auth::AuthWallet;
 use crate::wallet::mint_metadata_cache::MintMetadataCache;
 use crate::wallet::{HttpClient, MintConnector, SubscriptionManager, Wallet};
@@ -24,7 +20,6 @@ pub struct WalletBuilder {
     unit: Option<CurrencyUnit>,
     localstore: Option<Arc<dyn WalletDatabase<database::Error> + Send + Sync>>,
     target_proof_count: Option<usize>,
-    #[cfg(feature = "auth")]
     auth_wallet: Option<AuthWallet>,
     seed: Option<[u8; 64]>,
     use_http_subscription: bool,
@@ -51,7 +46,6 @@ impl Default for WalletBuilder {
             unit: None,
             localstore: None,
             target_proof_count: Some(3),
-            #[cfg(feature = "auth")]
             auth_wallet: None,
             seed: None,
             client: None,
@@ -123,7 +117,6 @@ impl WalletBuilder {
     }
 
     /// Set the auth wallet
-    #[cfg(feature = "auth")]
     pub fn auth_wallet(mut self, auth_wallet: AuthWallet) -> Self {
         self.auth_wallet = Some(auth_wallet);
         self
@@ -174,7 +167,6 @@ impl WalletBuilder {
     /// # Errors
     ///
     /// Returns an error if `mint_url` or `localstore` have not been set on the builder.
-    #[cfg(feature = "auth")]
     pub fn set_auth_cat(mut self, cat: String) -> Result<Self, Error> {
         let mint_url = self
             .mint_url
@@ -223,19 +215,8 @@ impl WalletBuilder {
 
         let client = match self.client {
             Some(client) => client,
-            None => {
-                #[cfg(feature = "auth")]
-                {
-                    Arc::new(HttpClient::new(mint_url.clone(), self.auth_wallet.clone()))
-                        as Arc<dyn MintConnector + Send + Sync>
-                }
-
-                #[cfg(not(feature = "auth"))]
-                {
-                    Arc::new(HttpClient::new(mint_url.clone()))
-                        as Arc<dyn MintConnector + Send + Sync>
-                }
-            }
+            None => Arc::new(HttpClient::new(mint_url.clone(), self.auth_wallet.clone()))
+                as Arc<dyn MintConnector + Send + Sync>,
         };
 
         let metadata_cache_ttl = self.metadata_cache_ttl;
@@ -257,7 +238,6 @@ impl WalletBuilder {
             metadata_cache,
             metadata_cache_ttl: Arc::new(RwLock::new(metadata_cache_ttl)),
             target_proof_count: self.target_proof_count.unwrap_or(3),
-            #[cfg(feature = "auth")]
             auth_wallet: Arc::new(TokioRwLock::new(self.auth_wallet)),
             #[cfg(feature = "npubcash")]
             npubcash_client: Arc::new(TokioRwLock::new(None)),

crates/cdk/src/wallet/mint_connector/http_client.rs

@@ -4,14 +4,11 @@ use std::sync::{Arc, RwLock as StdRwLock};
 
 use async_trait::async_trait;
 use cdk_common::{
-    nut19, MeltQuoteBolt12Request, MeltQuoteBolt12Response, MeltQuoteCustomResponse,
-    MintQuoteBolt12Request, MintQuoteBolt12Response,
+    nut19, MeltQuoteBolt12Request, MeltQuoteBolt12Response, MeltQuoteCustomResponse, Method,
+    MintQuoteBolt12Request, MintQuoteBolt12Response, ProtectedEndpoint, RoutePath,
 };
-#[cfg(feature = "auth")]
-use cdk_common::{Method, ProtectedEndpoint, RoutePath};
 use serde::de::DeserializeOwned;
 use serde::Serialize;
-#[cfg(feature = "auth")]
 use tokio::sync::RwLock;
 use tracing::instrument;
 use url::Url;
@@ -21,7 +18,6 @@ use super::transport::Transport;
 use super::{Error, MintConnector};
 use crate::mint_url::MintUrl;
 use crate::nuts::nut00::{KnownMethod, PaymentMethod};
-#[cfg(feature = "auth")]
 use crate::nuts::nut22::MintAuthRequest;
 use crate::nuts::{
     AuthToken, CheckStateRequest, CheckStateResponse, Id, KeySet, KeysResponse, KeysetResponse,
@@ -30,7 +26,6 @@ use crate::nuts::{
     MintQuoteCustomResponse, MintRequest, MintResponse, RestoreRequest, RestoreResponse,
     SwapRequest, SwapResponse,
 };
-#[cfg(feature = "auth")]
 use crate::wallet::auth::{AuthMintConnector, AuthWallet};
 
 type Cache = (u64, HashSet<(nut19::Method, nut19::Path)>);
@@ -44,7 +39,6 @@ where
     transport: Arc<T>,
     mint_url: MintUrl,
     cache_support: Arc<StdRwLock<Cache>>,
-    #[cfg(feature = "auth")]
     auth_wallet: Arc<RwLock<Option<AuthWallet>>>,
 }
 
@@ -53,7 +47,6 @@ where
     T: Transport + Send + Sync + 'static,
 {
     /// Create new [`HttpClient`] with a provided transport implementation.
-    #[cfg(feature = "auth")]
     pub fn with_transport(
         mint_url: MintUrl,
         transport: T,
@@ -67,18 +60,7 @@ where
         }
     }
 
-    /// Create new [`HttpClient`] with a provided transport implementation.
-    #[cfg(not(feature = "auth"))]
-    pub fn with_transport(mint_url: MintUrl, transport: T) -> Self {
-        Self {
-            transport: transport.into(),
-            mint_url,
-            cache_support: Default::default(),
-        }
-    }
-
     /// Create new [`HttpClient`]
-    #[cfg(feature = "auth")]
     pub fn new(mint_url: MintUrl, auth_wallet: Option<AuthWallet>) -> Self {
         Self {
             transport: T::default().into(),
@@ -88,18 +70,7 @@ where
         }
     }
 
-    #[cfg(not(feature = "auth"))]
-    /// Create new [`HttpClient`]
-    pub fn new(mint_url: MintUrl) -> Self {
-        Self {
-            transport: T::default().into(),
-            cache_support: Default::default(),
-            mint_url,
-        }
-    }
-
     /// Get auth token for a protected endpoint
-    #[cfg(feature = "auth")]
     #[instrument(skip(self))]
     pub async fn get_auth_token(
         &self,
@@ -131,7 +102,6 @@ where
         Ok(Self {
             transport: transport.into(),
             mint_url,
-            #[cfg(feature = "auth")]
             auth_wallet: Arc::new(RwLock::new(None)),
             cache_support: Default::default(),
         })
@@ -289,7 +259,6 @@ where
             .mint_url
             .join_paths(&["v1", "mint", "quote", "bolt11"])?;
 
-        #[cfg(feature = "auth")]
         let auth_token = self
             .get_auth_token(
                 Method::Post,
@@ -297,9 +266,6 @@ where
             )
             .await?;
 
-        #[cfg(not(feature = "auth"))]
-        let auth_token = None;
-
         self.transport.http_post(url, auth_token, &request).await
     }
 
@@ -313,7 +279,6 @@ where
             .mint_url
             .join_paths(&["v1", "mint", "quote", "bolt11", quote_id])?;
 
-        #[cfg(feature = "auth")]
         let auth_token = self
             .get_auth_token(
                 Method::Get,
@@ -321,8 +286,6 @@ where
             )
             .await?;
 
-        #[cfg(not(feature = "auth"))]
-        let auth_token = None;
         self.transport.http_get(url, auth_token).await
     }
 
@@ -333,14 +296,10 @@ where
         method: &PaymentMethod,
         request: MintRequest<String>,
     ) -> Result<MintResponse, Error> {
-        #[cfg(feature = "auth")]
         let auth_token = self
             .get_auth_token(Method::Post, RoutePath::Mint(method.to_string()))
             .await?;
 
-        #[cfg(not(feature = "auth"))]
-        let auth_token = None;
-
         let path = match method {
             PaymentMethod::Known(KnownMethod::Bolt11) => {
                 nut19::Path::Custom("/v1/mint/bolt11".to_string())
@@ -364,7 +323,6 @@ where
         let url = self
             .mint_url
             .join_paths(&["v1", "melt", "quote", "bolt11"])?;
-        #[cfg(feature = "auth")]
         let auth_token = self
             .get_auth_token(
                 Method::Post,
@@ -372,8 +330,6 @@ where
             )
             .await?;
 
-        #[cfg(not(feature = "auth"))]
-        let auth_token = None;
         self.transport.http_post(url, auth_token, &request).await
     }
 
@@ -387,7 +343,6 @@ where
             .mint_url
             .join_paths(&["v1", "melt", "quote", "bolt11", quote_id])?;
 
-        #[cfg(feature = "auth")]
         let auth_token = self
             .get_auth_token(
                 Method::Get,
@@ -395,8 +350,6 @@ where
             )
             .await?;
 
-        #[cfg(not(feature = "auth"))]
-        let auth_token = None;
         self.transport.http_get(url, auth_token).await
     }
 
@@ -408,14 +361,10 @@ where
         method: &PaymentMethod,
         request: MeltRequest<String>,
     ) -> Result<MeltQuoteBolt11Response<String>, Error> {
-        #[cfg(feature = "auth")]
         let auth_token = self
             .get_auth_token(Method::Post, RoutePath::Melt(method.to_string()))
             .await?;
 
-        #[cfg(not(feature = "auth"))]
-        let auth_token = None;
-
         let path = match method {
             PaymentMethod::Known(KnownMethod::Bolt11) => {
                 nut19::Path::Custom("/v1/melt/bolt11".to_string())
@@ -433,12 +382,8 @@ where
     /// Swap Token [NUT-03]
     #[instrument(skip(self, swap_request), fields(mint_url = %self.mint_url))]
     async fn post_swap(&self, swap_request: SwapRequest) -> Result<SwapResponse, Error> {
-        #[cfg(feature = "auth")]
         let auth_token = self.get_auth_token(Method::Post, RoutePath::Swap).await?;
 
-        #[cfg(not(feature = "auth"))]
-        let auth_token = None;
-
         self.retriable_http_request(
             nut19::Method::Post,
             nut19::Path::Swap,
@@ -470,12 +415,10 @@ where
         Ok(info)
     }
 
-    #[cfg(feature = "auth")]
     async fn get_auth_wallet(&self) -> Option<AuthWallet> {
         self.auth_wallet.read().await.clone()
     }
 
-    #[cfg(feature = "auth")]
     async fn set_auth_wallet(&self, wallet: Option<AuthWallet>) {
         *self.auth_wallet.write().await = wallet;
     }
@@ -487,13 +430,10 @@ where
         request: CheckStateRequest,
     ) -> Result<CheckStateResponse, Error> {
         let url = self.mint_url.join_paths(&["v1", "checkstate"])?;
-        #[cfg(feature = "auth")]
         let auth_token = self
             .get_auth_token(Method::Post, RoutePath::Checkstate)
             .await?;
 
-        #[cfg(not(feature = "auth"))]
-        let auth_token = None;
         self.transport.http_post(url, auth_token, &request).await
     }
 
@@ -501,13 +441,10 @@ where
     #[instrument(skip(self, request), fields(mint_url = %self.mint_url))]
     async fn post_restore(&self, request: RestoreRequest) -> Result<RestoreResponse, Error> {
         let url = self.mint_url.join_paths(&["v1", "restore"])?;
-        #[cfg(feature = "auth")]
         let auth_token = self
             .get_auth_token(Method::Post, RoutePath::Restore)
             .await?;
 
-        #[cfg(not(feature = "auth"))]
-        let auth_token = None;
         self.transport.http_post(url, auth_token, &request).await
     }
 
@@ -521,7 +458,6 @@ where
             .mint_url
             .join_paths(&["v1", "mint", "quote", "bolt12"])?;
 
-        #[cfg(feature = "auth")]
         let auth_token = self
             .get_auth_token(
                 Method::Post,
@@ -529,9 +465,6 @@ where
             )
             .await?;
 
-        #[cfg(not(feature = "auth"))]
-        let auth_token = None;
-
         self.transport.http_post(url, auth_token, &request).await
     }
 
@@ -545,7 +478,6 @@ where
             .mint_url
             .join_paths(&["v1", "mint", "quote", "bolt12", quote_id])?;
 
-        #[cfg(feature = "auth")]
         let auth_token = self
             .get_auth_token(
                 Method::Get,
@@ -553,8 +485,6 @@ where
             )
             .await?;
 
-        #[cfg(not(feature = "auth"))]
-        let auth_token = None;
         self.transport.http_get(url, auth_token).await
     }
 
@@ -567,7 +497,6 @@ where
         let url = self
             .mint_url
             .join_paths(&["v1", "melt", "quote", "bolt12"])?;
-        #[cfg(feature = "auth")]
         let auth_token = self
             .get_auth_token(
                 Method::Post,
@@ -575,8 +504,6 @@ where
             )
             .await?;
 
-        #[cfg(not(feature = "auth"))]
-        let auth_token = None;
         self.transport.http_post(url, auth_token, &request).await
     }
 
@@ -590,7 +517,6 @@ where
             .mint_url
             .join_paths(&["v1", "melt", "quote", "bolt12", quote_id])?;
 
-        #[cfg(feature = "auth")]
         let auth_token = self
             .get_auth_token(
                 Method::Get,
@@ -598,8 +524,6 @@ where
             )
             .await?;
 
-        #[cfg(not(feature = "auth"))]
-        let auth_token = None;
         self.transport.http_get(url, auth_token).await
     }
 
@@ -614,14 +538,10 @@ where
             .mint_url
             .join_paths(&["v1", "mint", "quote", &method.to_string()])?;
 
-        #[cfg(feature = "auth")]
         let auth_token = self
             .get_auth_token(Method::Post, RoutePath::MintQuote(method.to_string()))
             .await?;
 
-        #[cfg(not(feature = "auth"))]
-        let auth_token = None;
-
         self.transport.http_post(url, auth_token, &request).await
     }
 
@@ -636,14 +556,10 @@ where
             .mint_url
             .join_paths(&["v1", "mint", "quote", method, quote_id])?;
 
-        #[cfg(feature = "auth")]
         let auth_token = self
             .get_auth_token(Method::Get, RoutePath::MintQuote(method.to_string()))
             .await?;
 
-        #[cfg(not(feature = "auth"))]
-        let auth_token = None;
-
         self.transport.http_get(url, auth_token).await
     }
 
@@ -657,14 +573,10 @@ where
             .mint_url
             .join_paths(&["v1", "melt", "quote", &request.method])?;
 
-        #[cfg(feature = "auth")]
         let auth_token = self
             .get_auth_token(Method::Post, RoutePath::MeltQuote(request.method.clone()))
             .await?;
 
-        #[cfg(not(feature = "auth"))]
-        let auth_token = None;
-
         self.transport.http_post(url, auth_token, &request).await
     }
 
@@ -679,14 +591,10 @@ where
             .mint_url
             .join_paths(&["v1", "melt", "quote", method, quote_id])?;
 
-        #[cfg(feature = "auth")]
         let auth_token = self
             .get_auth_token(Method::Get, RoutePath::MeltQuote(method.to_string()))
             .await?;
 
-        #[cfg(not(feature = "auth"))]
-        let auth_token = None;
-
         self.transport.http_get(url, auth_token).await
     }
 }
@@ -694,7 +602,6 @@ where
 /// Http Client
 
 #[derive(Debug, Clone)]
-#[cfg(feature = "auth")]
 pub struct AuthHttpClient<T>
 where
     T: Transport + Send + Sync + 'static,
@@ -704,7 +611,6 @@ where
     cat: Arc<RwLock<AuthToken>>,
 }
 
-#[cfg(feature = "auth")]
 impl<T> AuthHttpClient<T>
 where
     T: Transport + Send + Sync + 'static,
@@ -723,7 +629,6 @@ where
 
 #[cfg_attr(target_arch = "wasm32", async_trait(?Send))]
 #[cfg_attr(not(target_arch = "wasm32"), async_trait)]
-#[cfg(feature = "auth")]
 impl<T> AuthMintConnector for AuthHttpClient<T>
 where
     T: Transport + Send + Sync + 'static,

crates/cdk/src/wallet/mint_connector/mod.rs

@@ -17,14 +17,12 @@ use crate::nuts::{
     MintQuoteBolt11Response, MintQuoteCustomRequest, MintQuoteCustomResponse, MintRequest,
     MintResponse, PaymentMethod, RestoreRequest, RestoreResponse, SwapRequest, SwapResponse,
 };
-#[cfg(feature = "auth")]
 use crate::wallet::AuthWallet;
 
 pub mod http_client;
 pub mod transport;
 
 /// Auth HTTP Client with async transport
-#[cfg(feature = "auth")]
 pub type AuthHttpClient = http_client::AuthHttpClient<transport::Async>;
 /// Default Http Client with async transport (non-Tor)
 pub type HttpClient = http_client::HttpClient<transport::Async>;
@@ -108,11 +106,9 @@ pub trait MintConnector: Debug {
     async fn post_restore(&self, request: RestoreRequest) -> Result<RestoreResponse, Error>;
 
     /// Get the auth wallet for the client
-    #[cfg(feature = "auth")]
     async fn get_auth_wallet(&self) -> Option<AuthWallet>;
 
     /// Set auth wallet on client
-    #[cfg(feature = "auth")]
     async fn set_auth_wallet(&self, wallet: Option<AuthWallet>);
     /// Mint Quote [NUT-04]
     async fn post_mint_bolt12_quote(

crates/cdk/src/wallet/mint_metadata_cache.rs

@@ -34,14 +34,12 @@ use cdk_common::database::{self, WalletDatabase};
 use cdk_common::mint_url::MintUrl;
 use cdk_common::nuts::{KeySetInfo, Keys};
 use cdk_common::parking_lot::RwLock;
-use cdk_common::{KeySet, MintInfo};
+use cdk_common::{CurrencyUnit, KeySet, MintInfo};
 use tokio::sync::Mutex;
 use web_time::Instant;
 
 use crate::nuts::Id;
-use crate::wallet::MintConnector;
-#[cfg(feature = "auth")]
-use crate::wallet::{AuthMintConnector, AuthWallet};
+use crate::wallet::{AuthMintConnector, AuthWallet, MintConnector};
 use crate::{Error, Wallet};
 
 /// Metadata freshness and versioning information
@@ -94,8 +92,7 @@ pub struct MintMetadata {
     /// Freshness tracking for regular (non-auth) mint data
     status: FreshnessStatus,
 
-    /// Freshness tracking for blind auth keysets (when `auth` feature enabled)
-    #[cfg(feature = "auth")]
+    /// Freshness tracking for blind auth keysets
     auth_status: FreshnessStatus,
 }
 
@@ -161,7 +158,6 @@ impl Wallet {
     }
 }
 
-#[cfg(feature = "auth")]
 impl AuthWallet {
     /// Get information about metadata cache info
     pub fn get_metadata_cache_info(&self) -> FreshnessStatus {
@@ -264,12 +260,8 @@ impl MintMetadataCache {
         }
 
         // Perform the fetch
-        #[cfg(feature = "auth")]
         let metadata = self.fetch_from_http(Some(client), None).await?;
 
-        #[cfg(not(feature = "auth"))]
-        let metadata = self.fetch_from_http(Some(client)).await?;
-
         // Persist to database
         self.database_sync(storage.clone(), metadata.clone()).await;
 
@@ -349,7 +341,6 @@ impl MintMetadataCache {
     /// # Returns
     ///
     /// Metadata containing auth keysets and keys
-    #[cfg(feature = "auth")]
     pub async fn load_auth(
         &self,
         storage: &Arc<dyn WalletDatabase<database::Error> + Send + Sync>,
@@ -544,7 +535,7 @@ impl MintMetadataCache {
     async fn fetch_from_http(
         &self,
         client: Option<&Arc<dyn MintConnector + Send + Sync>>,
-        #[cfg(feature = "auth")] auth_client: Option<&Arc<dyn AuthMintConnector + Send + Sync>>,
+        auth_client: Option<&Arc<dyn AuthMintConnector + Send + Sync>>,
     ) -> Result<Arc<MintMetadata>, Error> {
         tracing::debug!("Fetching mint metadata from HTTP for {}", self.mint_url);
 
@@ -572,7 +563,6 @@ impl MintMetadataCache {
         }
 
         // Fetch auth keysets if auth client provided
-        #[cfg(feature = "auth")]
         if let Some(auth_client) = auth_client.as_ref() {
             keysets_to_fetch.extend(auth_client.get_mint_blind_auth_keysets().await?.keysets);
         }
@@ -599,20 +589,18 @@ impl MintMetadataCache {
             if let std::collections::hash_map::Entry::Vacant(e) =
                 new_metadata.keys.entry(keyset_info.id)
             {
-                let keyset = if let Some(client) = client.as_ref() {
-                    client.get_mint_keyset(keyset_info.id).await?
+                let keyset = if keyset_info.unit == CurrencyUnit::Auth {
+                    auth_client
+                        .as_ref()
+                        .ok_or(Error::Internal)?
+                        .get_mint_blind_auth_keyset(keyset_info.id)
+                        .await?
                 } else {
-                    #[cfg(feature = "auth")]
-                    if let Some(auth_client) = auth_client.as_ref() {
-                        auth_client
-                            .get_mint_blind_auth_keyset(keyset_info.id)
-                            .await?
-                    } else {
-                        return Err(Error::Internal);
-                    }
-
-                    #[cfg(not(feature = "auth"))]
-                    return Err(Error::Internal);
+                    client
+                        .as_ref()
+                        .ok_or(Error::Internal)?
+                        .get_mint_keyset(keyset_info.id)
+                        .await?
                 };
 
                 // Verify the keyset ID matches the keys
@@ -629,7 +617,6 @@ impl MintMetadataCache {
             new_metadata.status.version += 1;
         }
 
-        #[cfg(feature = "auth")]
         if auth_client.is_some() {
             new_metadata.auth_status.is_populated = true;
             new_metadata.auth_status.updated_at = Instant::now();

crates/cdk/src/wallet/mod.rs

@@ -13,7 +13,6 @@ use cdk_common::subscription::WalletParams;
 use cdk_common::wallet::ProofInfo;
 use getrandom::getrandom;
 use subscription::{ActiveSubscription, SubscriptionManager};
-#[cfg(any(feature = "auth", feature = "npubcash"))]
 use tokio::sync::RwLock as TokioRwLock;
 use tracing::instrument;
 use zeroize::Zeroize;
@@ -31,11 +30,8 @@ use crate::nuts::{
 };
 use crate::util::unix_time;
 use crate::wallet::mint_metadata_cache::MintMetadataCache;
-use crate::Amount;
-#[cfg(feature = "auth")]
-use crate::OidcClient;
+use crate::{Amount, OidcClient};
 
-#[cfg(feature = "auth")]
 mod auth;
 #[cfg(feature = "nostr")]
 mod nostr_backup;
@@ -66,18 +62,17 @@ pub mod test_utils;
 mod transactions;
 pub mod util;
 
-#[cfg(feature = "auth")]
 pub use auth::{AuthMintConnector, AuthWallet};
 pub use builder::WalletBuilder;
 pub use cdk_common::wallet as types;
 pub use melt::{MeltConfirmOptions, PreparedMelt};
-#[cfg(feature = "auth")]
-pub use mint_connector::http_client::AuthHttpClient as BaseAuthHttpClient;
-pub use mint_connector::http_client::HttpClient as BaseHttpClient;
+pub use mint_connector::http_client::{
+    AuthHttpClient as BaseAuthHttpClient, HttpClient as BaseHttpClient,
+};
 pub use mint_connector::transport::Transport as HttpTransport;
-#[cfg(feature = "auth")]
-pub use mint_connector::AuthHttpClient;
-pub use mint_connector::{HttpClient, LnurlPayInvoiceResponse, LnurlPayResponse, MintConnector};
+pub use mint_connector::{
+    AuthHttpClient, HttpClient, LnurlPayInvoiceResponse, LnurlPayResponse, MintConnector,
+};
 pub use multi_mint_wallet::{MultiMintReceiveOptions, MultiMintSendOptions, MultiMintWallet};
 #[cfg(feature = "nostr")]
 pub use nostr_backup::{BackupOptions, BackupResult, RestoreOptions, RestoreResult};
@@ -109,7 +104,6 @@ pub struct Wallet {
     /// The targeted amount of proofs to have at each size
     pub target_proof_count: usize,
     metadata_cache_ttl: Arc<RwLock<Option<Duration>>>,
-    #[cfg(feature = "auth")]
     auth_wallet: Arc<TokioRwLock<Option<AuthWallet>>>,
     #[cfg(feature = "npubcash")]
     npubcash_client: Arc<TokioRwLock<Option<Arc<cdk_npubcash::NpubCashClient>>>>,
@@ -334,7 +328,6 @@ impl Wallet {
         }
 
         // Create or update auth wallet
-        #[cfg(feature = "auth")]
         {
             let mut auth_wallet = self.auth_wallet.write().await;
             match &*auth_wallet {

crates/cdk/src/wallet/multi_mint_wallet.rs

@@ -92,7 +92,6 @@ pub struct WalletConfig {
     /// Custom mint connector implementation
     pub mint_connector: Option<Arc<dyn super::MintConnector + Send + Sync>>,
     /// Custom auth connector implementation
-    #[cfg(feature = "auth")]
     pub auth_connector: Option<Arc<dyn super::auth::AuthMintConnector + Send + Sync>>,
     /// Target number of proofs to maintain at each denomination
     pub target_proof_count: Option<usize>,
@@ -123,7 +122,6 @@ impl WalletConfig {
     }
 
     /// Set custom auth connector
-    #[cfg(feature = "auth")]
     pub fn with_auth_connector(
         mut self,
         connector: Arc<dyn super::auth::AuthMintConnector + Send + Sync>,
@@ -627,7 +625,6 @@ impl MultiMintWallet {
                 }
 
                 // TODO: Handle auth_connector if provided
-                #[cfg(feature = "auth")]
                 if let Some(_auth_connector) = config.auth_connector {
                     // For now, we can't easily inject auth_connector into the wallet
                     // This would require additional work on the Wallet API
@@ -644,7 +641,6 @@ impl MultiMintWallet {
     /// Set the auth client (AuthWallet) for a specific mint
     ///
     /// This allows updating the auth wallet for an existing mint wallet without recreating it.
-    #[cfg(feature = "auth")]
     #[instrument(skip_all)]
     pub async fn set_auth_client(
         &self,
@@ -739,7 +735,6 @@ impl MultiMintWallet {
                 }
 
                 // TODO: Handle auth_connector if provided
-                #[cfg(feature = "auth")]
                 if let Some(_auth_connector) = &cfg.auth_connector {
                     // For now, we can't easily inject auth_connector into the wallet
                     // This would require additional work on the Wallet/WalletBuilder API
@@ -762,16 +757,7 @@ impl MultiMintWallet {
                 None,
                 true,
             )
-            .unwrap_or_else(|_| {
-                #[cfg(feature = "auth")]
-                {
-                    crate::wallet::HttpClient::new(mint_url.clone(), None)
-                }
-                #[cfg(not(feature = "auth"))]
-                {
-                    crate::wallet::HttpClient::new(mint_url.clone())
-                }
-            });
+            .unwrap_or_else(|_| crate::wallet::HttpClient::new(mint_url.clone(), None));
             let mut builder = WalletBuilder::new()
                 .mint_url(mint_url.clone())
                 .unit(self.unit.clone())
@@ -791,18 +777,7 @@ impl MultiMintWallet {
                 // Create wallet with Tor transport client, cloning the shared transport
                 let client = {
                     let transport = tor.clone();
-                    #[cfg(feature = "auth")]
-                    {
-                        crate::wallet::TorHttpClient::with_transport(
-                            mint_url.clone(),
-                            transport,
-                            None,
-                        )
-                    }
-                    #[cfg(not(feature = "auth"))]
-                    {
-                        crate::wallet::TorHttpClient::with_transport(mint_url.clone(), transport)
-                    }
+                    crate::wallet::TorHttpClient::with_transport(mint_url.clone(), transport, None)
                 };
 
                 let mut builder = WalletBuilder::new()
@@ -2573,7 +2548,6 @@ impl MultiMintWallet {
     /// Mint blind auth tokens for a specific mint
     ///
     /// This is a convenience method that calls the underlying wallet's mint_blind_auth.
-    #[cfg(feature = "auth")]
     #[instrument(skip_all)]
     pub async fn mint_blind_auth(
         &self,
@@ -2591,7 +2565,6 @@ impl MultiMintWallet {
     /// Get unspent auth proofs for a specific mint
     ///
     /// This is a convenience method that calls the underlying wallet's get_unspent_auth_proofs.
-    #[cfg(feature = "auth")]
     #[instrument(skip_all)]
     pub async fn get_unspent_auth_proofs(
         &self,
@@ -2608,7 +2581,6 @@ impl MultiMintWallet {
     /// Set Clear Auth Token (CAT) for authentication at a specific mint
     ///
     /// This is a convenience method that calls the underlying wallet's set_cat.
-    #[cfg(feature = "auth")]
     #[instrument(skip_all)]
     pub async fn set_cat(&self, mint_url: &MintUrl, cat: String) -> Result<(), Error> {
         let wallets = self.wallets.read().await;
@@ -2622,7 +2594,6 @@ impl MultiMintWallet {
     /// Set refresh token for authentication at a specific mint
     ///
     /// This is a convenience method that calls the underlying wallet's set_refresh_token.
-    #[cfg(feature = "auth")]
     #[instrument(skip_all)]
     pub async fn set_refresh_token(
         &self,
@@ -2640,7 +2611,6 @@ impl MultiMintWallet {
     /// Refresh CAT token for a specific mint
     ///
     /// This is a convenience method that calls the underlying wallet's refresh_access_token.
-    #[cfg(feature = "auth")]
     #[instrument(skip(self))]
     pub async fn refresh_access_token(&self, mint_url: &MintUrl) -> Result<(), Error> {
         let wallets = self.wallets.read().await;

crates/cdk/src/wallet/subscription/ws.rs

@@ -1,7 +1,6 @@
 use cdk_common::nut17::ws::WsMessageOrResponse;
 use cdk_common::pub_sub::remote_consumer::{InternalRelay, StreamCtrl, SubscribeMessage};
 use cdk_common::pub_sub::Error as PubsubError;
-#[cfg(feature = "auth")]
 use cdk_common::{Method, RoutePath};
 use futures::{SinkExt, StreamExt};
 use tokio::sync::mpsc;
@@ -29,21 +28,12 @@ pub(crate) async fn stream_client(
         url.set_scheme("ws").expect("Could not set scheme");
     }
 
-    #[cfg(not(feature = "auth"))]
-    let request = url.to_string().into_client_request().map_err(|err| {
-        tracing::error!("Failed to create client request: {:?}", err);
-        // Fallback to HTTP client if we can't create the WebSocket request
-        cdk_common::pub_sub::Error::NotSupported
-    })?;
-
-    #[cfg(feature = "auth")]
     let mut request = url.to_string().into_client_request().map_err(|err| {
         tracing::error!("Failed to create client request: {:?}", err);
         // Fallback to HTTP client if we can't create the WebSocket request
         cdk_common::pub_sub::Error::NotSupported
     })?;
 
-    #[cfg(feature = "auth")]
     {
         let auth_wallet = client.http_client.get_auth_wallet().await;
         let token = match auth_wallet.as_ref() {

crates/cdk/src/wallet/test_utils.rs

@@ -289,12 +289,10 @@ impl MintConnector for MockMintConnector {
             .expect("MockMintConnector: post_restore called without configured response")
     }
 
-    #[cfg(feature = "auth")]
     async fn get_auth_wallet(&self) -> Option<crate::wallet::AuthWallet> {
         None
     }
 
-    #[cfg(feature = "auth")]
     async fn set_auth_wallet(&self, _wallet: Option<crate::wallet::AuthWallet>) {}
 
     async fn get_mint_quote_custom_status(

flake.nix

@@ -306,21 +306,18 @@
           "cashu-no-default" = "-p cashu --no-default-features";
           "cashu-wallet" = "-p cashu --no-default-features --features wallet";
           "cashu-mint" = "-p cashu --no-default-features --features mint";
-          "cashu-auth" = "-p cashu --no-default-features --features auth";
 
           # Core crate: cdk-common
           "cdk-common" = "-p cdk-common";
           "cdk-common-no-default" = "-p cdk-common --no-default-features";
           "cdk-common-wallet" = "-p cdk-common --no-default-features --features wallet";
           "cdk-common-mint" = "-p cdk-common --no-default-features --features mint";
-          "cdk-common-auth" = "-p cdk-common --no-default-features --features auth";
 
           # Core crate: cdk
           "cdk" = "-p cdk";
           "cdk-no-default" = "-p cdk --no-default-features";
           "cdk-wallet" = "-p cdk --no-default-features --features wallet";
           "cdk-mint" = "-p cdk --no-default-features --features mint";
-          "cdk-auth" = "-p cdk --no-default-features --features auth";
 
           # SQL crates
           "cdk-sql-common" = "-p cdk-sql-common";
@@ -374,8 +371,6 @@
           "cdk-mintd-fakewallet-postgres" = "-p cdk-mintd --no-default-features --features fakewallet,postgres";
           "cdk-mintd-grpc-processor-postgres" = "-p cdk-mintd --no-default-features --features grpc-processor,postgres";
           "cdk-mintd-management-rpc-cln-postgres" = "-p cdk-mintd --no-default-features --features management-rpc,cln,postgres";
-          "cdk-mintd-auth-sqlite-fakewallet" = "-p cdk-mintd --no-default-features --features auth,sqlite,fakewallet";
-          "cdk-mintd-auth-postgres-lnd" = "-p cdk-mintd --no-default-features --features auth,postgres,lnd";
 
           # Binaries: cdk-mint-cli (binary name, package is cdk-mint-rpc)
           "cdk-mint-cli" = "-p cdk-mint-rpc";
@@ -386,10 +381,10 @@
         # ========================================
         msrvChecks = {
           # Core library with all features (except swagger which breaks MSRV)
-          "cdk-all-features" = "-p cdk --features \"mint,wallet,auth\"";
+          "cdk-all-features" = "-p cdk --features \"mint,wallet\"";
 
           # Mintd with all backends, databases, and features (no swagger)
-          "cdk-mintd-all" = "-p cdk-mintd --no-default-features --features \"cln,lnd,lnbits,fakewallet,ldk-node,grpc-processor,sqlite,postgres,auth,redis,management-rpc\"";
+          "cdk-mintd-all" = "-p cdk-mintd --no-default-features --features \"cln,lnd,lnbits,fakewallet,ldk-node,grpc-processor,sqlite,postgres,redis,management-rpc\"";
 
           # CLI - default features (excludes redb which breaks MSRV)
           "cdk-cli" = "-p cdk-cli";