Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(userInfo): implement persisting user info to support limited tokens #24729

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat(userInfo): implement persisting user info to support limited tokens #24729

wants to merge 1 commit into from

Conversation

kuangp
Copy link
Member

@kuangp kuangp commented May 10, 2024

Hey, I just made a Pull Request!

Part of BEP-0003
Fixes #24420

✔️ Checklist

  • A changeset describing the change and affected packages. (more info)
  • Added or updated documentation
  • Tests for new functionality and regression tests for bug fixes
  • Screenshots attached (for UI changes)
  • All your commits have a Signed-off-by line in the message. (more info)

@kuangp kuangp requested review from a team as code owners May 10, 2024 22:32
@kuangp kuangp requested review from freben and vinzscam May 10, 2024 22:32
@github-actions github-actions bot added the auth label May 10, 2024
@backstage-goalie
Copy link
Contributor

Changed Packages

Package Name Package Path Changeset Bump Current Version
@backstage/backend-app-api packages/backend-app-api patch v0.7.3-next.1
@backstage/plugin-auth-backend plugins/auth-backend patch v0.22.5-next.2

kuangp
kuangp commented May 10, 2024
View reviewed changes
plugins/auth-backend/src/identity/TokenFactory.ts
@@ -190,7 +189,7 @@ export class TokenFactory implements TokenIssuer {
alg: key.alg,
kid: key.kid,
},
payload: { sub, ent, iat, exp },
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did we want to remove ent from all tokens now that the user info service is flushed out or just from limited ones?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The goal is to remove it from all tokens. But we may want to keep it in there still for some time, while the userInfo usage ramps up. As long as plugins exist that look at the claim directly (via an old IdentityService for example), the data may need to stay. It's fine to make the deprecation of that field a separate effort from implementing the endpoint fully.

freben
freben reviewed May 13, 2024
View reviewed changes
plugins/auth-backend/migrations/20240510120825_user_info.js
/**
* @param {import('knex').Knex} knex
*/
exports.up = async function up(knex) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

note that there's a migrations.test.ts that you may want to add this to; follow the pattern of updating to the version before this one, then going the extra step and populating with like a row of data, and then downgrading again

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh cool wasn't aware of that test file - updated!

freben
freben reviewed May 13, 2024
View reviewed changes
plugins/auth-backend/migrations/20240510120825_user_info.js Outdated
.comment('User entity reference');

table
.text('ownership_entity_refs', 'longtext')
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

An open question here (maybe @Rugvip) - should we make this one just user_info (with all json stringified info) and not storing all possible pieces of data one by one? Not sure that the service really will care about the detailed contents.

For context, we were discussing before about what to do with custom claims - why not store custom claims here too? Then where to put those?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, I think we will want to store custom claims here too and make this an opaque user info blob.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sounds good - updated!

@kuangp kuangp requested review from freben and Rugvip May 20, 2024 12:51
@sachingharge
Copy link

Any rough estimation on when this PR will be merged and part of release as it is affecting all our users (such as leaders, tech leads etc.) who are part of many ad groups?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vinzscam vinzscam Awaiting requested review from vinzscam vinzscam is a code owner automatically assigned from backstage/reviewers

@freben freben Awaiting requested review from freben

@Rugvip Rugvip Awaiting requested review from Rugvip

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
auth
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

🐛 Bug Report: TechDocs cookie authentication fails due to 'cookie was too large'
4 participants
@kuangp @sachingharge @freben @Rugvip