Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP: Issue 668 #797

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

WIP: Issue 668 #797

wants to merge 1 commit into from

Conversation

MateusAmin
Copy link
Contributor

@MateusAmin MateusAmin commented May 29, 2022
edited

I started looking at the code today. Will push my work incrementally to this PR.

Fixes #668

  • cargo fmt has been run
  • cargo clippy has been run
  • cargo test has been run and passes
  • book chapter included (if relevant)
  • design document included (if relevant)

@yaleman
Copy link
Member

yaleman commented May 29, 2022

If this isn't ready to merge, could you please turn it a draft?

Firstyear
Firstyear reviewed May 30, 2022
View reviewed changes
kanidmd/score/src/https/mod.rs
@@ -555,7 +553,8 @@ pub fn create_https_server(
.post(oauth2_id_scopemap_post)
.delete(oauth2_id_scopemap_delete);

let mut self_route = appserver.at("/v1/self");
// TODO(mea): self -> whoami?
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The "whoami" is just a reflector of details about the currently authenticated user. This is a bit of a "hold-over" from the past, where the auth-bearer tokens used to be opaque, so they couldn't be client-side introspected.

However, recently we have changed these so they CAN be client side introspected, meaning it's possible that we may NOT need the "whoami" route at all.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The lines around here:

https://github.com/kanidm/kanidm/blob/master/kanidm_tools/src/cli/common.rs#L115

You could use "uat.uuid" instead which gives you the ID of the token holder, since the tokens are JWT's internally.

@MateusAmin MateusAmin marked this pull request as draft May 30, 2022 02:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Firstyear Firstyear Firstyear left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
Organising Everything
Status: 📋 Backlog
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

UX and api design for common functionality between "account" and "self"
3 participants
@MateusAmin @yaleman @Firstyear