* 2021 ** 2021-W03 *** 2021-01-21 Thursday **** IN-PROGRESS code jwt-service :work: [2021-01-21 Thu 14:19] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org::*prepare standup bulletpoints for meeting][prepare standup bulletpoints for meeting]] *** 2021-01-22 Friday #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-01-22 Fri 18:49] | Timestamp | Tags | Headline | Time | | | | |------------------------+------+-----------------------------+--------+---+------+------| | | | *Total time* | *8:56* | | | | |------------------------+------+-----------------------------+--------+---+------+------| | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-01-22 Friday][2021-01-22 Friday]] | | | 8:56 | | | [2021-01-22 Fri 09:52] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*refacto jwt-service][refacto jwt-service]] | | | | 8:56 | #+END: **** IN-PROGRESS refacto jwt-service :work: :LOGBOOK: CLOCK: [2021-01-22 Fri 09:53]--[2021-01-22 Fri 18:49] => 8:56 :END: [2021-01-22 Fri 09:52] - ref :: ** 2021-W04 #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-02-01 Mon 14:47] | Timestamp | Tags | Headline | Time | | | | |------------------------+--------------------+---------------------------------------------+---------+-------+-------+------| | | | *Total time* | *41:38* | | | | |------------------------+--------------------+---------------------------------------------+---------+-------+-------+------| | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-W04][2021-W04]] | | 41:38 | | | | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-01-25 Monday][2021-01-25 Monday]] | | | 7:28 | | | [2021-01-25 Mon 19:23] | work, meeting | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Posture Onboarding][Posture Onboarding]] | | | | 0:38 | | [2021-01-25 Mon 15:04] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*cleanup jwt extract feedback][cleanup jwt extract feedback]] | | | | 4:19 | | [2021-01-25 Mon 14:36] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*refacto JWT extraction reviews][refacto JWT extraction reviews]] | | | | 0:15 | | [2021-01-25 Mon 10:16] | work, chat | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*morning chat issues org][morning chat issues org]] | | | | 2:16 | | [2021-01-26 Tue 19:06] | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-01-26 Tuesday][2021-01-26 Tuesday]] | | | 9:03 | | | [2021-01-26 Tue 10:36] | work, review | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Victors UncaughtExceptionHandler][Victors UncaughtExceptionHandler]] | | | | 8:29 | | [2021-01-26 Tue 10:16] | work, review | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*PR review][PR review]] | | | | 0:06 | | [2021-01-26 Tue 09:47] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Weekly meeting Presentation][Weekly meeting Presentation]] | | | | 0:28 | | [2021-01-27 Wed 22:01] | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-01-27 Wednesday][2021-01-27 Wednesday]] | | | 10:59 | | | [2021-01-27 Wed 18:22] | work, meeting | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*CSA Migration workflow presentation][CSA Migration workflow presentation]] | | | | 2:10 | | [2021-01-27 Wed 17:26] | interruption, work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Helping Jessica Bair about client][Helping Jessica Bair about client]] | | | | 0:54 | | [2021-01-27 Wed 16:01] | work, meeting | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*weekly dev meeting][weekly dev meeting]] | | | | 1:25 | | [2021-01-27 Wed 12:07] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*CSA Migration notes preparation][CSA Migration notes preparation]] | | | | 3:54 | | [2021-01-27 Wed 09:31] | work, chat | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*morning chat][morning chat]] | | | | 2:36 | | [2021-01-28 Thu 18:09] | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-01-28 Thursday][2021-01-28 Thursday]] | | | 8:09 | | | [2021-01-28 Thu 09:52] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*CSA Migration API PoC preparation][CSA Migration API PoC preparation]] | | | | 8:09 | | [2021-01-29 Fri 17:46] | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-01-29 Friday][2021-01-29 Friday]] | | | 5:59 | | | [2021-01-29 Fri 15:47] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*create Client for Vitalii in TEST][create Client for Vitalii in TEST]] | | | | 1:59 | | [2021-01-29 Fri 15:46] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*provisionning API][provisionning API]] | | | | 4:00 | #+END: *** 2021-01-25 Monday **** MEETING Posture Onboarding :work:meeting: :LOGBOOK: CLOCK: [2021-01-25 Mon 19:24]--[2021-01-25 Mon 20:02] => 0:38 :END: [2021-01-25 Mon 19:23] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*cleanup jwt extract feedback][cleanup jwt extract feedback]] ***** Notes Martin, Trapani, Didi, Jyoti, Elias, Mirabell, Guillaume @Martin: I am a customer of SecureX Sources (inTune, AMP, Custom, JAMF, Duo, Meraki) Creating the inventory on their behalf. Active AMP, should be onboarded in SecureX. Onboard device managers, Meraki, etc... Into "my" SecureX Tenant. Extra credit if we can do this with OAuth2. Most important make a connection here. - email exchange. @Jyoti @Martin Vault service and what is authorized between services. APIs underneath @Didi webhook to push changes. Ask the vault. Return keys, etc... We need continuation. @Didi Google, trusts, etc... @Martin onboarding, revocation, What about notification? @Didi that's the idea of continuous data flow. Bidirectional webhooks. Some services will need to have webhooks. Orbital webehook is a very good example. You go into orbital, you register webhook. And webhook is triggered. @Elias to Didi use cases? @Martin - continuous flow of data? need to describe use cases. **** DONE cleanup jwt extract feedback :work: :LOGBOOK: CLOCK: [2021-01-25 Mon 15:04]--[2021-01-25 Mon 19:23] => 4:19 :END: [2021-01-25 Mon 15:04] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org::*commander les fruits & légumes][commander les fruits & légumes]] **** DONE refacto JWT extraction reviews :work: :LOGBOOK: CLOCK: [2021-01-25 Mon 14:36]--[2021-01-25 Mon 14:51] => 0:15 :END: [2021-01-25 Mon 14:36] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*morning chat issues org][morning chat issues org]] **** CHAT morning chat issues org :work:chat: :LOGBOOK: CLOCK: [2021-01-25 Mon 10:00]--[2021-01-25 Mon 12:16] => 2:16 :END: [2021-01-25 Mon 10:16] - ref :: *** 2021-01-26 Tuesday #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-01-26 Tue 19:06] | Timestamp | Tags | Headline | Time | | | | |------------------------+--------------+------------------------------------------+--------+---+------+------| | | | *Total time* | *9:03* | | | | |------------------------+--------------+------------------------------------------+--------+---+------+------| | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-01-26 Tuesday][2021-01-26 Tuesday]] | | | 9:03 | | | [2021-01-26 Tue 10:36] | work, review | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Victors UncaughtExceptionHandler][Victors UncaughtExceptionHandler]] | | | | 8:29 | | [2021-01-26 Tue 10:16] | work, review | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*PR review][PR review]] | | | | 0:06 | | [2021-01-26 Tue 09:47] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Weekly meeting Presentation][Weekly meeting Presentation]] | | | | 0:28 | #+END: **** REVIEW Victors UncaughtExceptionHandler :work:review: :LOGBOOK: CLOCK: [2021-01-26 Tue 10:37]--[2021-01-26 Tue 19:06] => 8:29 :END: [2021-01-26 Tue 10:36] **** GEEK Try to write JS warn in dashboard :perso: :LOGBOOK: CLOCK: [2021-01-26 Tue 10:22]--[2021-01-26 Tue 10:32] => 0:10 :END: [2021-01-26 Tue 10:22] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Weekly meeting Presentation][Weekly meeting Presentation]] **** REVIEW PR review :work:review: :LOGBOOK: CLOCK: [2021-01-26 Tue 10:16]--[2021-01-26 Tue 10:22] => 0:06 :END: [2021-01-26 Tue 10:16] **** DONE Weekly meeting Presentation :work: :LOGBOOK: CLOCK: [2021-01-26 Tue 09:47]--[2021-01-26 Tue 10:15] => 0:28 :END: [2021-01-26 Tue 09:47] ***** Weekly Status - Extracted a JWT service - Added audiences as an array. Does not appear to break anything - Updated the SSE OIDC Clients to support CSA Migration - Contacted QA for testing CSA Migration, Houman will probably ping me today. + Testing CSA Migration ***** Tech notes worth seeing by the team ****** naming conventions After a few discussions choose a project/ns naming convention for the =iroh-service= lein template. We do not really have one. Selected this conventions because it is: - shorter than most actual used conventions - iroh specific to make it clear a ns is iroh related. Need to find files via path, not just its name. Sounds ok to me. For an example look at the jwt service: - =project.clj=: ~(defproject iroh/foo ,,,,)~ - =src/iroh/foo/service.clj= => ~(ns iroh.foo.service ,,,)~ - =src/iroh/foo/web_service.clj= => ~(ns iroh.foo.web-service ,,,)~ - =test/iroh/foo/service/test_helpers.clj= => ~(ns iroh.foo.service.test-helpers ,,,)~ I don't think we should move the existing code to the new conventions yet. But new services should probably try to follow this convention. ****** Refacto Plan: Testing web services and cycles. Example: #+begin_src clojure (deftest my-web-service-test (tk-test app svc-helper (let [{:keys [mk-jwt svc-get client-post]} (init-tst-state app "/iroh/my-service") jwt (mk-jwt {}) jwt-admin (mk-jwt {:role roles/admin})] (check-status 403 (svc-get "/sub-route" jwt {})) (check-status 200 (svc-get "/sub-route" jwt-admin {})) (check-status 200 (client-post "/sub-route" jwt {:form-parms {:foo "bar"}}))))) #+end_src See a few =init-tst-state= examples which uses =get-jetty-port=, =mk-http-callers=, =iroh-web.test-helpers.core/gen-jwt=. Takes care of: - starting the web app on a random port. - providing functions to make http call - narrowed to your service (svc-get, svc-post, etc...) - narrowed only the localhost:PORT (client-get, client-post, etc...) - providing a jwt generator. **** GEEK org-fc conf for doom-emacs :perso: :LOGBOOK: CLOCK: [2021-01-26 Tue 09:39]--[2021-01-26 Tue 09:47] => 0:08 :END: [2021-01-26 Tue 09:39] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org::*bouteilles][bouteilles]] *** 2021-01-27 Wednesday #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-01-27 Wed 22:01] | Timestamp | Tags | Headline | Time | | | | |------------------------+--------------------+---------------------------------------------+---------+---+-------+------| | | | *Total time* | *10:59* | | | | |------------------------+--------------------+---------------------------------------------+---------+---+-------+------| | | | \_ [[file:/Users/yaesposi/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-01-27 Wednesday][2021-01-27 Wednesday]] | | | 10:59 | | | [2021-01-27 Wed 18:22] | work, meeting | \_ [[file:/Users/yaesposi/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*CSA Migration workflow presentation][CSA Migration workflow presentation]] | | | | 2:10 | | [2021-01-27 Wed 17:26] | interruption, work | \_ [[file:/Users/yaesposi/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Helping Jessica Bair about client][Helping Jessica Bair about client]] | | | | 0:54 | | [2021-01-27 Wed 16:01] | work, meeting | \_ [[file:/Users/yaesposi/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*weekly dev meeting][weekly dev meeting]] | | | | 1:25 | | [2021-01-27 Wed 12:07] | work | \_ [[file:/Users/yaesposi/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*CSA Migration notes preparation][CSA Migration notes preparation]] | | | | 3:54 | | [2021-01-27 Wed 09:31] | work, chat | \_ [[file:/Users/yaesposi/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*morning chat][morning chat]] | | | | 2:36 | #+END: **** MEETING CSA Migration workflow presentation :work:meeting: :LOGBOOK: CLOCK: [2021-01-27 Wed 18:22]--[2021-01-27 Wed 20:32] => 2:10 :END: [2021-01-27 Wed 18:22] AMP accounts, TG accounts, SSE devices, Orbital Prepare a reset system to reset to before migration. **** DONE Helping Jessica Bair about client :interruption:work: :LOGBOOK: CLOCK: [2021-01-27 Wed 17:27]--[2021-01-27 Wed 18:21] => 0:54 :END: [2021-01-27 Wed 17:26] **** MEETING weekly dev meeting :work:meeting: :LOGBOOK: CLOCK: [2021-01-27 Wed 16:01]--[2021-01-27 Wed 17:26] => 1:25 :END: [2021-01-27 Wed 16:01] - Talk about dahsboard **** DONE CSA Migration notes preparation :work: :LOGBOOK: CLOCK: [2021-01-27 Wed 12:07]--[2021-01-27 Wed 16:01] => 3:54 :END: [2021-01-27 Wed 12:07] - [[https://github.com/threatgrid/iroh/issues/4203][Main Epic]] - https://cisco.invisionapp.com/share/MBYJ09WXP3F#/screens/429343341 - [[file:~/dev/iroh/services/iroh-auth/doc/developer.org::#sxso-migration][SxSO Migration IROH Auth dev docs]] **** CHAT morning chat :work:chat: :LOGBOOK: CLOCK: [2021-01-27 Wed 09:31]--[2021-01-27 Wed 12:07] => 2:36 :END: [2021-01-27 Wed 09:31] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*PR review][PR review]] *** 2021-01-28 Thursday #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-01-28 Thu 18:09] | Timestamp | Tags | Headline | Time | | | | |------------------------+------+-------------------------------------------+--------+---+------+------| | | | *Total time* | *8:09* | | | | |------------------------+------+-------------------------------------------+--------+---+------+------| | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-01-28 Thursday][2021-01-28 Thursday]] | | | 8:09 | | | [2021-01-28 Thu 09:52] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*CSA Migration API PoC preparation][CSA Migration API PoC preparation]] | | | | 8:09 | #+END: **** DONE CSA Migration API PoC preparation :work: :LOGBOOK: CLOCK: [2021-01-29 Fri 15:46]--[2021-01-29 Fri 15:46] => 0:00 CLOCK: [2021-01-28 Thu 10:50]--[2021-01-28 Thu 18:09] => 7:19 CLOCK: [2021-01-28 Thu 09:52]--[2021-01-28 Thu 10:42] => 0:50 :END: [2021-01-28 Thu 09:52] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*CSA Migration workflow presentation][CSA Migration workflow presentation]] *** 2021-01-29 Friday #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-01-29 Fri 17:46] | Timestamp | Tags | Headline | Time | | | | |------------------------+------+-------------------------------------------+--------+---+------+------| | | | *Total time* | *5:59* | | | | |------------------------+------+-------------------------------------------+--------+---+------+------| | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-01-29 Friday][2021-01-29 Friday]] | | | 5:59 | | | [2021-01-29 Fri 15:47] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*create Client for Vitalii in TEST][create Client for Vitalii in TEST]] | | | | 1:59 | | [2021-01-29 Fri 15:46] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*provisionning API][provisionning API]] | | | | 4:00 | #+END: **** IN-PROGRESS create Client for Vitalii in TEST :work: :LOGBOOK: CLOCK: [2021-01-29 Fri 15:47]--[2021-01-29 Fri 17:46] => 1:59 :END: [2021-01-29 Fri 15:47] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*provisionning API][provisionning API]] **** DONE provisionning API :work: :LOGBOOK: CLOCK: [2021-01-29 Fri 14:16]--[2021-01-29 Fri 15:46] => 1:30 CLOCK: [2021-01-29 Fri 09:46]--[2021-01-29 Fri 12:16] => 2:30 :END: [2021-01-29 Fri 15:46] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*CSA Migration API PoC preparation][CSA Migration API PoC preparation]] ** 2021-W05 *** 2021-02-01 Monday **** IN-PROGRESS enforce whoami db check to sync users. :work: :LOGBOOK: CLOCK: [2021-02-01 Mon 17:19]--[2021-02-01 Mon 18:19] => 1:00 :END: [2021-02-01 Mon 17:19] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*fix iroh-auth doc regarding jwks][fix iroh-auth doc regarding jwks]] **** DONE fix iroh-auth doc regarding jwks :work: :LOGBOOK: CLOCK: [2021-02-01 Mon 10:35]--[2021-02-01 Mon 14:53] => 4:18 :END: [2021-02-01 Mon 10:35] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org::*Améliorer son Anglais (bis) (italki)][Améliorer son Anglais (bis) (italki)]] *** 2021-02-02 Tuesday **** IN-PROGRESS Testing CSA Migration :work: :LOGBOOK: CLOCK: [2021-02-02 Tue 10:42]--[2021-02-03 Wed 10:11] => 23:29 :END: [2021-02-02 Tue 10:42] **** DONE morning routine :work: :LOGBOOK: CLOCK: [2021-02-02 Tue 09:48]--[2021-02-02 Tue 10:42] => 0:54 :END: [2021-02-02 Tue 09:48] *** 2021-02-03 Wednesday **** IN-PROGRESS CORS headers bug :work: :LOGBOOK: CLOCK: [2021-02-03 Wed 14:42]--[2021-02-04 Thu 10:24] => 19:42 :END: [2021-02-03 Wed 14:42] - ref :: **** DONE IdP Migration Testing :work: :LOGBOOK: CLOCK: [2021-02-03 Wed 10:11]--[2021-02-03 Wed 10:11] => 0:00 :END: [2021-02-03 Wed 10:11] Note quite complex workflow but worked as expected. Had the "You are in the middle of an Invitation" prompt. *** 2021-02-04 Thursday #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-02-04 Thu 19:00] | Timestamp | Tags | Headline | Time | | | | |------------------------+---------------+------------------------------------------+--------+---+------+------| | | | *Total time* | *9:46* | | | | |------------------------+---------------+------------------------------------------+--------+---+------+------| | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-02-04 Thursday][2021-02-04 Thursday]] | | | 9:46 | | | [2021-02-04 Thu 17:32] | work, meeting | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*didi Posture][didi Posture]] | | | | 1:28 | | [2021-02-04 Thu 10:25] | work, review | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*morning review tour][morning review tour]] | | | | 7:07 | | [2021-02-04 Thu 10:24] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*test and discussion about CSA Migration][test and discussion about CSA...]] | | | | 1:11 | #+END: **** MEETING didi Posture :work:meeting: :LOGBOOK: CLOCK: [2021-02-04 Thu 17:32]--[2021-02-04 Thu 19:00] => 1:28 :END: [2021-02-04 Thu 17:32] Best user experience, etc.. Create a response issue about OAuth2/OIDC/trusted clients. #+begin_src { "scopes": [ "openid","profile" ], "description": "string", "redirects": [ "https://127.0.0.1:5443/callback" ], "availability": "everyone", "name": "int-posture-test", "grants": [ "auth-code" ], "audiences": [ "posture" ] } #+end_src **** REVIEW morning review tour :work:review: :LOGBOOK: CLOCK: [2021-02-04 Thu 10:25]--[2021-02-04 Thu 17:32] => 7:07 :END: [2021-02-04 Thu 10:25] **** DONE test and discussion about CSA Migration :work: :LOGBOOK: CLOCK: [2021-02-04 Thu 09:14]--[2021-02-04 Thu 10:25] => 1:11 :END: [2021-02-04 Thu 10:24] *** 2021-02-05 Friday #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-02-05 Fri 13:58] | Timestamp | Tags | Headline | Time | | | | |------------------------+--------------+-------------------------------------------+--------+---+------+------| | | | *Total time* | *2:59* | | | | |------------------------+--------------+-------------------------------------------+--------+---+------+------| | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-02-05 Friday][2021-02-05 Friday]] | | | 2:59 | | | | work, chat | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Team discussion][Team discussion]] | | | | 0:36 | | [2021-02-05 Fri 11:34] | work, review | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Ambrose review][Ambrose review]] | | | | 0:28 | | [2021-02-05 Fri 09:49] | work, chat | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Client creation review with Diana][Client creation review with Diana]] | | | | 1:55 | #+END: **** IN-PROGRESS playing? :work: :LOGBOOK: CLOCK: [2021-02-05 Fri 13:57]--[2021-02-05 Fri 14:57] => 1:00 :END: [2021-02-05 Fri 13:57] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Ambrose review][Ambrose review]] **** CHAT Team discussion :work:chat: :LOGBOOK: CLOCK: [2021-02-05 Fri 11:42]--[2021-02-05 Fri 12:18] => 0:36 **** REVIEW Ambrose review :work:review: :LOGBOOK: CLOCK: [2021-02-05 Fri 11:14]--[2021-02-05 Fri 11:42] => 0:28 :END: [2021-02-05 Fri 11:34] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Client creation review with Diana][Client creation review with Diana]] **** CHAT Client creation review with Diana :work:chat: :LOGBOOK: CLOCK: [2021-02-05 Fri 09:19]--[2021-02-05 Fri 11:14] => 1:55 :END: [2021-02-05 Fri 09:49] - ref :: https://ui-staging.int.iroh.site/platform/sx-help-docs-1-66-db/help/settings-api-clients Hi Diana, Thanks for reaching out. While reviewing the doc, I also checked the second screenshot. I think it should be changed by another one. The screenshot was made by a super user, so the scopes displayed are private one that none of our customer will ever see. The main difference between a "Client Credentials Grant Client" and an "Authorization Code Grant Client" (those are the technically correct and kind of bad names for the two different kind of clients) is that: 1. /Client Credentials Grant Client/ are for your user only. Also you do not need to own a website. 2. /Authorization Code Grant Client/ can be used to ask other users to trust your application. You need to have a website to host your application. The reason why a customer would want to configure an /Authorization Code Grant Client/ could be: 1. The customer follow a documentation provided by Cisco to integrate a on-premise product. In that case, the customer will probably need to only select a /client-preset/ and enter a custom /Redirect URL/. 2. The customer want to build an integration with SecureX. In this case this will be an advanced usage and the creator will probably be a developer. In this case the advanced developer doc should be mentionned for that customer. https://visibility.amp.cisco.com/iroh/doc/iroh-auth/ So both kind of clients are sufficiently different that I think the section about "Using API Client Credentials to Get Access Token" should be moved just after the API client creation section and before OAuth Code client creation section. Also Explaining how to retrieve the access token from a Authorization Code Grant client is quite a technically advanced topic. This is why I would advise to directly provide a link to the advanced developer doc (the one inside IROH not the Cisco DEVNET; thus https://visibility.amp.cisco.com/iroh/doc/iroh-auth/) So I think it is important to mention important limitations about those client creations. There is a notion of "Auto-approved clients". So a customer will be able to create clients but if some criteria are not met the client will be disabled until an IROH admin approve the client. I think this should probably need to be talked about with someone in the UI/UX team. This system was very convenient for our advanced usage, but I don't know how to handle that nicely in the UI. So here are (some) of the constraints a newly client must have to be automatically approved: 1. The URL must start with =https://= 2. The URL must not contain any wildcard =*= 3. The Availabily must not be =everyone= 4. The client contain some restricted scope (this should never occurs as the UI take care to show only scopes not subject to restriction) 5. The client must not be =public= (the UI does not appear to provide the confidential vs public option) 6. The client configure a list of specific =audiences= (the UI does not appear to provide any mean to configure this field) I think for the documentation perspective we should only be concerned by point 1, 2 and 3. And this should probably be mentionned. I think we could probably give a few hints. So in your point 6 > Enter the Redirect URL that the authorization server uses to redirect back to the application. > Click Add another Redirect URL to enter multiple URLs. I think you should probably mention that all URL must start with =https://= and should not contain any =*=. And for point 7 > Choose the Availability from the drop-down list. You can make the client > available to User, Organization, or Everyone. You should probably mention that selecting Everyone is subject to approval and will need the intervention of a Cisco Administrator to approve your client. We should probably add a short sentence explaining what is Availbility for. This is not an OAuth2 standard field. Availabilty "Org" mean that only member of your own Organization will be able to approve your client and this should probably be your default choice. I hope I have been helpful. Do not hesitate to reach out if you have more questions. ** 2021-W06 *** 2021-02-08 Monday #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-02-08 Mon 19:45] | Timestamp | Tags | Headline | Time | | | | |------------------------+---------------+----------------------------------+--------+---+------+------| | | | *Total time* | *7:36* | | | | |------------------------+---------------+----------------------------------+--------+---+------+------| | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-02-08 Monday][2021-02-08 Monday]] | | | 7:36 | | | [2021-02-08 Mon 17:01] | work, meeting | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*CSA Migration meeting][CSA Migration meeting]] | | | | 2:44 | | [2021-02-08 Mon 12:08] | work, review | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Module configuration doc][Module configuration doc]] | | | | 4:52 | #+END: **** MEETING CSA Migration meeting :work:meeting: :LOGBOOK: CLOCK: [2021-02-08 Mon 17:01]--[2021-02-08 Mon 19:45] => 2:44 :END: [2021-02-08 Mon 17:01] - ref :: Problem with prefixes. Here is the fix: https://github.com/threatgrid/iroh/pull/4763 **** REVIEW Module configuration doc :work:review: :LOGBOOK: CLOCK: [2021-02-08 Mon 12:09]--[2021-02-08 Mon 17:01] => 4:52 :END: [2021-02-08 Mon 12:08] - ref :: https://github.com/threatgrid/response/blob/master/features/platform/module_activation.png *** 2021-02-10 Wednesday **** IN-PROGRESS write weekly status :work: :LOGBOOK: CLOCK: [2021-02-10 Wed 11:01] :END: [2021-02-10 Wed 11:01] - CSA Migration work: - Implemented a PoC for plan B (migration via provisioning API) - Tested the PoC using Vitalii work on AMP team - Jyoti/QA/AMP Team tests (engineering) - Propose other improvements (write a long detailed document about possibilities to help Elias) **** CHAT Jyoti CSA Migration, Account Activation Simplification :work:chat: :LOGBOOK: CLOCK: [2021-02-10 Wed 10:18]--[2021-02-10 Wed 11:01] => 0:43 :END: [2021-02-10 Wed 10:18] - ref ::