Page MenuHomePhabricator

[Tunnelbroker] implement OAuth 2.0 JWT token encoding
ClosedPublic

Authored by kamil on Jul 15 2024, 9:35 AM.
Tags
None
Referenced Files
F3571357: D12754.id42524.diff
Sat, Dec 28, 9:04 AM
F3571356: D12754.id42517.diff
Sat, Dec 28, 9:04 AM
F3571354: D12754.id42296.diff
Sat, Dec 28, 9:04 AM
F3571340: D12754.id.diff
Sat, Dec 28, 9:04 AM
F3571336: D12754.diff
Sat, Dec 28, 9:04 AM
Unknown Object (File)
Sat, Nov 30, 9:22 PM
Unknown Object (File)
Nov 28 2024, 4:59 AM
Unknown Object (File)
Nov 28 2024, 4:43 AM
Subscribers

Details

Summary

Implementing what is described in Google's OAuth 2.0 for Server to Server Applications, Forming the JWT claim set.

get_auth_bearer is only public method, will handle generating and refreshing token.

Depends on D12753

Test Plan

Call get_jwt_token and test if returns the correct JWT token in the format

{Base64url encoded header}.{Base64url encoded claim set}

Later in the stack this token is used to make an HTTP call to get an access token for the FCM push service.

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kamil held this revision as a draft.
kamil published this revision for review.Jul 16 2024, 2:36 AM
kamil added inline comments.
services/tunnelbroker/src/notifs/fcm/mod.rs
20 ↗(On Diff #42296)

Docs say: Token must be a short-lived token (60 minutes) and in a reasonable timeframe. so I set this to 55 minutes to leave a buffer to refresh but keep it as long as possible to avoid refreshing this too often.

services/tunnelbroker/src/notifs/fcm/token.rs
21 ↗(On Diff #42296)

This is optional to allow creating instances of this without calling OAuth, I want to create FCMToken and FCMClient regardless of minting access token

36–40 ↗(On Diff #42296)

generating this when is None in next diff

57 ↗(On Diff #42296)
62–65 ↗(On Diff #42296)

See Computing the signature here

bartek added inline comments.
services/tunnelbroker/src/notifs/fcm/mod.rs
20 ↗(On Diff #42296)

Good to add this as an in-code comment

services/tunnelbroker/src/notifs/fcm/token.rs
36–40 ↗(On Diff #42296)

Looked at D12765 and D12766 and generally it can be done better when it comes to code quality, but the logic is just fine so it can stay

This revision is now accepted and ready to land.Jul 18 2024, 7:15 AM