Skip to content

Fix JWE encryption with user provided secret key #18015

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kokosing merged 3 commits into from
Jun 25, 2023
Merged

Fix JWE encryption with user provided secret key #18015

kokosing merged 3 commits into from
Jun 25, 2023

Conversation

@wendigo
Copy link
Contributor

@wendigo wendigo commented Jun 22, 2023

Description

Additional context and related issues

Release notes

( ) This is not user-visible or docs only and no release notes are required.
( ) Release notes are required, please propose a release note for me.
( ) Release notes are required, with the following suggested text:

# Section
* Fix some things. ({issue}`issuenumber`)

@cla-bot cla-bot bot added the cla-signed label Jun 22, 2023
@wendigo wendigo force-pushed the serafin/fix-refresh-tokens branch 2 times, most recently from 7febda2 to e0d4f71 Compare June 22, 2023 15:08
@wendigo wendigo requested a review from s2lomon June 22, 2023 17:28
@wendigo wendigo force-pushed the serafin/fix-refresh-tokens branch from e0d4f71 to ef63c62 Compare June 22, 2023 19:13
s2lomon
s2lomon approved these changes Jun 22, 2023
View reviewed changes
Copy link
Member

@s2lomon s2lomon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like this changes, but I was wondering whether we haven't decided that we prefer to not allow using weaker keys, where your pr adds support for this. Apart from that - lgtm.

@wendigo wendigo requested a review from kokosing June 23, 2023 08:46
lukasz-walkiewicz
lukasz-walkiewicz reviewed Jun 23, 2023
View reviewed changes
@wendigo wendigo force-pushed the serafin/fix-refresh-tokens branch from b5b3802 to ab842c8 Compare June 23, 2023 12:04
@wendigo wendigo force-pushed the serafin/fix-refresh-tokens branch from ab842c8 to b1d8bb2 Compare June 23, 2023 12:24
@wendigo wendigo force-pushed the serafin/fix-refresh-tokens branch from b1d8bb2 to 8988a41 Compare June 23, 2023 16:59
kokosing
kokosing reviewed Jun 23, 2023
View reviewed changes
Copy link
Member

@kokosing kokosing left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Refactors should be before actual change. That way you don't have add a thing (hashCode/equals) in one commit and then in the second commit remove it.

@wendigo
Copy link
Contributor Author

wendigo commented Jun 24, 2023

@kokosing sure, I'll reorder commits

wendigo added 3 commits June 24, 2023 16:28
@wendigo
Convert TokenPair to record class
7bf9b9e
@wendigo
Fix JWE encryption with user provided secret key
59dc1d8 
This verifies key length and sets correct encryption method
and JWE algorithm.

Tests are added to ensure that the roundtrips with the user provided keys
are covered and working as expected.
@wendigo
Refactor and extract JweEncryptedSerializer
e156e01
@wendigo wendigo force-pushed the serafin/fix-refresh-tokens branch from 8988a41 to e156e01 Compare June 24, 2023 14:31
@kokosing kokosing merged commit 6b0360a into trinodb:master Jun 25, 2023
@github-actions github-actions bot added this to the 421 milestone Jun 25, 2023
@wendigo wendigo deleted the serafin/fix-refresh-tokens branch June 25, 2023 20:27
@colebow colebow mentioned this pull request Jun 28, 2023
Merged
@colebow
Copy link
Member

colebow commented Jun 28, 2023

Does this need a release node? @wendigo @kokosing

@wendigo
Copy link
Contributor Author

wendigo commented Jun 28, 2023

@colebow yes. It fixes the ability to provide secret that’s used as symmetric key for JWE token encryption. 16, 24, 32 bytes keys are supported (which translates to 128, 178 and 256 bit encryption of the JWE token)

@wendigo
Copy link
Contributor Author

wendigo commented Jun 28, 2023

User provided secret is important because on every cluster restart new key will be autogenerated when user is not providing it’s own. Then all of the sessions will be invalidated.

@sajjoseph
Copy link
Contributor

sajjoseph commented Feb 21, 2024
edited
Loading

@wendigo - we came across an issue with current implementation.
When access token and refresh token were combined and written into a cookie, the size of the cookie (4334 bytes) was larger than normal (4096 bytes). Browsers (Chrome for example) were rejecting them. We got it working by writing these to separate cookies though.

Has anyone come across that issue? Is it a good idea to separate out these tokens into their own cookies?

@wendigo
Copy link
Contributor Author

wendigo commented Feb 21, 2024

@sajjoseph This won't be a backward compatible change. Maybe splitting them across 4096 ranges is a solution? Adding more cookies and combining them when reading?

@wendigo
Copy link
Contributor Author

wendigo commented Feb 21, 2024

@sajjoseph #20787

@wendigo
Copy link
Contributor Author

wendigo commented Feb 22, 2024

@sajjoseph fixed

@sajjoseph
Copy link
Contributor

sajjoseph commented Feb 22, 2024

Awesome! Thanks. This will help us to use the OAuth Refresh token flow. I will try it out and let you know the results.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kokosing kokosing kokosing approved these changes

@lukasz-walkiewicz lukasz-walkiewicz Awaiting requested review from lukasz-walkiewicz

+1 more reviewer

@s2lomon s2lomon s2lomon approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

cla-signed

Milestone

421

Development

Successfully merging this pull request may close these issues.

6 participants

@wendigo @colebow @sajjoseph @kokosing @s2lomon @lukasz-walkiewicz