Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix the endpoint for short-lived tokens #1907

Merged
merged 12 commits into from
Oct 25, 2024
Merged

Fix the endpoint for short-lived tokens #1907

merged 12 commits into from
Oct 25, 2024

Conversation

jsdt
Copy link
Contributor

@jsdt jsdt commented Oct 24, 2024
edited
Loading

Description of Changes

NB: This was branched off #1892, so you can ignore the earlier commits.

The main change here is to fix the identity/websocket_token token route that clients can use to get a short-lived token. That endpoint will now validate the token normally, and return a token with the same clients, signed with the local key. This means the short lived token is not necessarily signed with issuers key. This is ok, because when we validate tokens, we first check if the token was signed with our key before we even look at the issuer.

This also has a few innocuous changes to work with this private PR https://github.com/clockworklabs/SpacetimeDBPrivate/pull/1081.

Expected complexity level and risk

Testing

The tests in token_validation verify how/when we are supposed to look at the issuer when validating keys.

@jsdt jsdt marked this pull request as ready for review October 25, 2024 00:20
@jsdt jsdt requested a review from PuruVJ October 25, 2024 00:20
@jsdt jsdt requested a review from kim October 25, 2024 16:01
coolreader18
coolreader18 approved these changes Oct 25, 2024
View reviewed changes
Copy link
Collaborator

@coolreader18 coolreader18 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems reasonable to me.

@jsdt jsdt added this pull request to the merge queue Oct 25, 2024
@jsdt jsdt removed this pull request from the merge queue due to a manual request Oct 25, 2024
@jsdt jsdt enabled auto-merge October 25, 2024 19:41
@jsdt jsdt added this pull request to the merge queue Oct 25, 2024
Merged via the queue into master with commit 25ea57d Oct 25, 2024
7 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coolreader18 coolreader18 coolreader18 approved these changes

@cloutiertyler cloutiertyler Awaiting requested review from cloutiertyler

@PuruVJ PuruVJ Awaiting requested review from PuruVJ

@kim kim Awaiting requested review from kim

Assignees

@cloutiertyler cloutiertyler

Labels
release-rc1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jsdt @coolreader18 @cloutiertyler