49 lines
2.3 KiB
Org Mode
49 lines
2.3 KiB
Org Mode
:PROPERTIES:
|
|
:ID: f46a4a9e-6a06-4b9e-8764-30cd8c501d7e
|
|
:END:
|
|
#+TITLE: Redirect To New Page with UserIdentity JWT
|
|
#+Author: Yann Esposito
|
|
#+Date: [2022-02-01]
|
|
- tags :: [[id:1208f09c-d37d-4e6b-9110-151f3c6b7d34][Cisco FT SecureX Simplified Registration]] [[id:91f33b35-6e4e-4213-b214-972ee20722df][Cisco]]
|
|
- source :: https://github.com/advthreat/iroh/issues/6076
|
|
- related :: https://github.com/advthreat/response/issues/821
|
|
|
|
* Goals
|
|
|
|
Create a new function that will generate a /tokens response/ with only IdP provided infos
|
|
without any =org-id= or =org-name= specified.
|
|
|
|
- tokens response :: see ~iroh-auth.oauth2-service.schemas/TokenResponse~
|
|
|
|
The new function should be similar to
|
|
~iroh-auth.iroh-auth-service.code/gen-tokens-get-code~ but for =UserIdentity=.
|
|
The consequence will probably be to either have a new parameter to ~gen-access-token-resp~
|
|
or have a complete newer function specialized in producing =UserIdentity=
|
|
only tokens.
|
|
|
|
Have a feature flag, that if enabled, instead of generating the HTML page
|
|
for the account creation, this should redirect to some new =registration=
|
|
endpoint with a generated =code= as a query parameter of the URL.
|
|
|
|
Have a new, for development only, minimalist HTML page that could retrieve
|
|
the =code= and save the tokens in the local storage.
|
|
|
|
* Details
|
|
|
|
1. the feature flag should be named =registration=
|
|
See the =:feature-flags= field in the =config.edn= file.
|
|
2. We need to add a new *optional* configuration to point to the registration
|
|
URL ; bonus point if the configuration is mandatory when the feature flag
|
|
is on.
|
|
3. We should probably create a new html file and configure the registration
|
|
endpoint to this file (we already have a =dev-resources/public/index.html=)
|
|
I suggest =dev-resources/public/registration.html= and I think you could
|
|
almost copy big chunks of the js code of the =index.html= file. You
|
|
should just take care the name of the =localStorage= key should be
|
|
different to prevent any collision with the normal JWT.
|
|
4. Regarding code organization we should probably provide a new function
|
|
for these specific tokens.
|
|
Typically ~gen-user-identity-token~ and be prepared to potentially provide
|
|
specific refresh tokens along these user-identity-token in a short future.
|
|
So we should probably have some specific namespace dedicated to
|
|
=UserIdentity= and their related objects.
|