:PROPERTIES: :ID: f46a4a9e-6a06-4b9e-8764-30cd8c501d7e :END: #+TITLE: Redirect To New Page with UserIdentity JWT #+Author: Yann Esposito #+Date: [2022-02-01] - tags :: [[id:1208f09c-d37d-4e6b-9110-151f3c6b7d34][Cisco FT SecureX Simplified Registration]] [[id:91f33b35-6e4e-4213-b214-972ee20722df][Cisco]] - source :: https://github.com/advthreat/iroh/issues/6076 - related :: https://github.com/advthreat/response/issues/821 * Goals Create a new function that will generate a /tokens response/ with only IdP provided infos without any =org-id= or =org-name= specified. - tokens response :: see ~iroh-auth.oauth2-service.schemas/TokenResponse~ The new function should be similar to ~iroh-auth.iroh-auth-service.code/gen-tokens-get-code~ but for =UserIdentity=. The consequence will probably be to either have a new parameter to ~gen-access-token-resp~ or have a complete newer function specialized in producing =UserIdentity= only tokens. Have a feature flag, that if enabled, instead of generating the HTML page for the account creation, this should redirect to some new =registration= endpoint with a generated =code= as a query parameter of the URL. Have a new, for development only, minimalist HTML page that could retrieve the =code= and save the tokens in the local storage. * Details 1. the feature flag should be named =registration= See the =:feature-flags= field in the =config.edn= file. 2. We need to add a new *optional* configuration to point to the registration URL ; bonus point if the configuration is mandatory when the feature flag is on. 3. We should probably create a new html file and configure the registration endpoint to this file (we already have a =dev-resources/public/index.html=) I suggest =dev-resources/public/registration.html= and I think you could almost copy big chunks of the js code of the =index.html= file. You should just take care the name of the =localStorage= key should be different to prevent any collision with the normal JWT. 4. Regarding code organization we should probably provide a new function for these specific tokens. Typically ~gen-user-identity-token~ and be prepared to potentially provide specific refresh tokens along these user-identity-token in a short future. So we should probably have some specific namespace dedicated to =UserIdentity= and their related objects.