Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

clarified current server behaviour #213

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

clarified current server behaviour #213

wants to merge 1 commit into from

Conversation

aricart
Copy link
Member

@aricart aricart commented Apr 3, 2023

No description provided.

Comment on lines +30 to +32
it will utilize the connected account. The request will be a signed
`AuthorizationRequest` JWT signed by the server's nkey and can be encrypted if
configured.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Attempted to simplify, hopefully I interpreted this correctly.

Suggested change
it will utilize the connected account. The request will be a signed
`AuthorizationRequest` JWT signed by the server's nkey and can be encrypted if
configured.
it will utilize the connected account. The `AuthorizationRequest`, representing a JWT,
will be signed by the server's configured public nkey and optionally encrypted by a
configured xkey.

Comment on lines +34 to +38
The response to the request is a `AuthorizationResponse` JWT. If the callout is
set to encrypt, the response will be encrypted for the server's nkey. The
decoded JWT will be issued by auth account nkey as configured in the server. In
operator mode, it is possibly for the `AuthorizationResponse` to be issued by an
a signing key for the auth account.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Again, hopefully interpreting correctly...

Suggested change
The response to the request is a `AuthorizationResponse` JWT. If the callout is
set to encrypt, the response will be encrypted for the server's nkey. The
decoded JWT will be issued by auth account nkey as configured in the server. In
operator mode, it is possibly for the `AuthorizationResponse` to be issued by an
a signing key for the auth account.
The expected response to the request is an `AuthorizationResponse` JWT. If encryption
is configured, the response must be encrypted by the server's configured xkey. The
embedded JWT is expected to be issued by the nkey configured on the server.
In operator mode, an alternate issuer to the JWT within `AuthorizationResponse` can
be a signing key of the configured nkey.


The response JWT has its `aud` (audience) field set to the server ID that was
specified in the request, and includes two fields, an `error` field where the
auth callout can return an error. Or a `jwt` field. In configuration mode, the
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
auth callout can return an error. Or a `jwt` field. In configuration mode, the
auth callout can return an error or a `jwt` field. In configuration mode, the

The response JWT has its `aud` (audience) field set to the server ID that was
specified in the request, and includes two fields, an `error` field where the
auth callout can return an error. Or a `jwt` field. In configuration mode, the
user will be issued by the configured auth account key, and the placement for
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
user will be issued by the configured auth account key, and the placement for
user will be issued by the configured auth account key, and the placement of

@bruth
Copy link
Member

bruth commented Apr 4, 2023

My mental model of this is not fully formed and I think there is still some more room to clarify, but I am going to review the auth callout tests and then offer some more feedback.

@ripienaar
Copy link
Contributor

@aricart do you plan to finish this one? Else we close it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants