Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Token ID #202

Closed
jirenius opened this issue Aug 25, 2021 · 1 comment
Closed

Token ID #202

jirenius opened this issue Aug 25, 2021 · 1 comment

Comments

@jirenius
Copy link
Collaborator

jirenius commented Aug 25, 2021
edited
Loading

Issue

When revoking or updating a token previously set using a token event, it requires the service to keep track of all the connection IDs (cid) for which a specific token has been granted.

It should be possible to more easily update tokens belonging to one or more users, without the need to keep track of connection ID's.

Solution

In the token event, an optional parameter for a token ID (tid) string should be added. This value identifies the token, and is stored by Resgate on the connection together with the token. In practice, the token ID would often be the string representation of the user's identifier, such as user ID or username.

The updated token event with the optional tid parameter would look like this:

Connection token event

Subject
conn.<cid>.token

Sets the connection's access token, discarding any previously set token.
A change of token will invalidate any previous access response received using the old token.
The event payload has the following parameter:

token
Access token.
A null token clears any previously set token.

tid
Token ID used to identify the token on System token reset events.
MUST be a string.
May be omitted.

Example payload

{
  "token": {
    "userid": 42,
    "username": "foo",
    "role": "admin",
  },
  "tid": "42"
}

In addition, a new event should be added, that allows services to tell Resgate which token IDs should be updated:

System token reset event

Subject
system.tokenReset

Signals that tokens matching one or more token IDs (tid) are to be considered out of date.
A service MUST send an auth request to the provided subject for each connection with a token matching any of the token IDs.
The event payload has the following parameters:

tids
An array of token ID (tid) strings.
MUST be an array of strings.

subject
A subject string to which the auth requests should be sent.
May be the subject of an auth request handler, but it is not required.
MUST be a string.

Example payload

{
  "tids": [ "12", "42" ],
  "subject": "auth.authentication.renewToken"
}

Implications

  • The feature requires a backwards compatible (patch) update to the RES service protocol
jirenius added a commit that referenced this issue Aug 25, 2021
@jirenius
GH-202: Implemented token ID feature.
2bb2002
jirenius added a commit that referenced this issue Aug 25, 2021
@jirenius
GH-202: Added tests for system token reset event.
ad5a25b 
Fixed bug in codec.go found through tests.
jirenius added a commit that referenced this issue Aug 26, 2021
@jirenius
Merge pull request #205 from resgateio/feature/gh-202-token-id
eb9f727 
Feature/gh 202 token
@jirenius
Copy link
Collaborator Author

Resolved in PR #205

@jirenius jirenius mentioned this issue Sep 24, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jirenius