[PM-31711] Remove unused auth token and user agent

[dani-garcia]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-31711

📔 Objective

Now that the authentication token is handled by the middleware and the user agent is set by default during client construction, we can remove these fields from the API Configuration structs, as they are unused.

🚨 Breaking Changes

[github-actions]

Checkmarx One – Scan Summary & Details – b0ff3491-0919-4ad5-9c4c-a78f7781c43c

Great job! No new security vulnerabilities introduced in this pull request

[github-actions]

🔍 SDK Breaking Change Detection Results

SDK Version: ps/PM-31711-remove-unused-token (8a667e5)
Completed: 2026-03-23 10:53:45 UTC
Total Time: 247s

Client	Status	Details
typescript	✅ No breaking changes detected	TypeScript compilation passed with new SDK version - View Details

---

Breaking change detection completed. View SDK workflow

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 82.77%. Comparing base (003b44a) to head (8a667e5).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #831   +/-   ##
=======================================
  Coverage   82.77%   82.77%           
=======================================
  Files         353      353           
  Lines       42301    42285   -16     
=======================================
- Hits        35014    35003   -11     
+ Misses       7287     7282    -5     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Patrick-Pimentel-Bitwarden]

👍 Auth changs are minimal

[Patrick-Pimentel-Bitwarden]

@dani-garcia could you help me understand what (if anything) needs to be updated if we ever see that we've introduced breaking changes like this pr has in that "SDK Breaking Change Detection Results" github actions section?

[dani-garcia]

@Patrick-Pimentel-Bitwarden The reported breaking change is from the PR previously merged into main: #829, which has a client PR fixing it already: bitwarden/clients#19433. This PR shouldn't contain any external breaking changes itself.

In the general case, you should document any breaking breaking changes and how to fix them in the PR description. I don't think we have a specific format, just whatever you think would be helpful for someone trying to update the SDK version. Then other teams like mobile can more easily know how to fix those breaking changes.

The CI action is just a reminder so you don't accidentally introduce breaking changes, but it does have some false positives when main has some breaking changes that haven't been solved yet on clients.

[dani-garcia]

Resolved the conflict with #661, which removed the vault-owned sync file

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud