yogsototh/deft
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
deft/notes/redirect_to_new_page_with_useridentity_jwt.org
Yann Esposito (Yogsototh) 344b1ca1e0
notes/redirect_to_new_page_with_useridentity_jwt.org
2022-02-01 12:01:04 +01:00

49 lines
2.3 KiB
Org Mode
Raw Permalink Blame History

:PROPERTIES:
:ID: f46a4a9e-6a06-4b9e-8764-30cd8c501d7e
:END:
#+TITLE: Redirect To New Page with UserIdentity JWT
#+Author: Yann Esposito
#+Date: [2022-02-01]
- tags :: [[id:1208f09c-d37d-4e6b-9110-151f3c6b7d34][Cisco FT SecureX Simplified Registration]] [[id:91f33b35-6e4e-4213-b214-972ee20722df][Cisco]]
- source :: https://github.com/advthreat/iroh/issues/6076
- related :: https://github.com/advthreat/response/issues/821
* Goals
Create a new function that will generate a /tokens response/ with only IdP provided infos
without any =org-id= or =org-name= specified.
- tokens response :: see ~iroh-auth.oauth2-service.schemas/TokenResponse~
The new function should be similar to
~iroh-auth.iroh-auth-service.code/gen-tokens-get-code~ but for =UserIdentity=.
The consequence will probably be to either have a new parameter to ~gen-access-token-resp~
or have a complete newer function specialized in producing =UserIdentity=
only tokens.
Have a feature flag, that if enabled, instead of generating the HTML page
for the account creation, this should redirect to some new =registration=
endpoint with a generated =code= as a query parameter of the URL.
Have a new, for development only, minimalist HTML page that could retrieve
the =code= and save the tokens in the local storage.
* Details
1. the feature flag should be named =registration=
See the =:feature-flags= field in the =config.edn= file.
2. We need to add a new *optional* configuration to point to the registration
URL ; bonus point if the configuration is mandatory when the feature flag
is on.
3. We should probably create a new html file and configure the registration
endpoint to this file (we already have a =dev-resources/public/index.html=)
I suggest =dev-resources/public/registration.html= and I think you could
almost copy big chunks of the js code of the =index.html= file. You
should just take care the name of the =localStorage= key should be
different to prevent any collision with the normal JWT.
4. Regarding code organization we should probably provide a new function
for these specific tokens.
Typically ~gen-user-identity-token~ and be prepared to potentially provide
specific refresh tokens along these user-identity-token in a short future.
So we should probably have some specific namespace dedicated to
=UserIdentity= and their related objects.
Reference in a new issue View git blame Copy permalink