yogsototh/deft
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
deft/notes/redirect_to_new_page_with_useridentity_jwt.org
Yann Esposito (Yogsototh) 344b1ca1e0
notes/redirect_to_new_page_with_useridentity_jwt.org
2022-02-01 12:01:04 +01:00

2.3 KiB
Raw Blame History

Redirect To New Page with UserIdentity JWT

tags
Cisco FT SecureX Simplified Registration Cisco
source
https://github.com/advthreat/iroh/issues/6076
related
https://github.com/advthreat/response/issues/821

Goals

Create a new function that will generate a tokens response with only IdP provided infos without any org-id or org-name specified.

tokens response
see iroh-auth.oauth2-service.schemas/TokenResponse

The new function should be similar to iroh-auth.iroh-auth-service.code/gen-tokens-get-code but for UserIdentity. The consequence will probably be to either have a new parameter to gen-access-token-resp or have a complete newer function specialized in producing UserIdentity only tokens.

Have a feature flag, that if enabled, instead of generating the HTML page for the account creation, this should redirect to some new registration endpoint with a generated code as a query parameter of the URL.

Have a new, for development only, minimalist HTML page that could retrieve the code and save the tokens in the local storage.

Details

  1. the feature flag should be named registration See the :feature-flags field in the config.edn file.
  2. We need to add a new optional configuration to point to the registration URL ; bonus point if the configuration is mandatory when the feature flag is on.
  3. We should probably create a new html file and configure the registration endpoint to this file (we already have a dev-resources/public/index.html) I suggest dev-resources/public/registration.html and I think you could almost copy big chunks of the js code of the index.html file. You should just take care the name of the localStorage key should be different to prevent any collision with the normal JWT.
  4. Regarding code organization we should probably provide a new function for these specific tokens. Typically gen-user-identity-token and be prepared to potentially provide specific refresh tokens along these user-identity-token in a short future. So we should probably have some specific namespace dedicated to UserIdentity and their related objects.