Page MenuHomePhabricator
Differential D12754

[Tunnelbroker] implement OAuth 2.0 JWT token encoding
ClosedPublic
Actions

Authored by kamil on Jul 15 2024, 9:35 AM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Sep 25, 7:05 PM
Unknown Object (File)
Wed, Sep 25, 7:05 PM
Unknown Object (File)
Sat, Sep 21, 10:46 PM
Unknown Object (File)
Sat, Sep 21, 10:30 AM
Unknown Object (File)
Fri, Sep 20, 11:40 PM
Unknown Object (File)
Fri, Sep 20, 6:47 PM
Unknown Object (File)
Sep 16 2024, 3:16 AM
Unknown Object (File)
Sep 15 2024, 10:07 AM
View All 40 Files
Subscribers
ashoat
tomek

Details

Reviewers
bartek
marcin
Commits
rCOMM4a7e8b46ea8b: [Tunnelbroker] implement OAuth 2.0 JWT token encoding
Summary

Implementing what is described in Google's OAuth 2.0 for Server to Server Applications, Forming the JWT claim set.

get_auth_bearer is only public method, will handle generating and refreshing token.

Depends on D12753

Test Plan

Call get_jwt_token and test if returns the correct JWT token in the format

{Base64url encoded header}.{Base64url encoded claim set}

Later in the stack this token is used to make an HTTP call to get an access token for the FCM push service.

Diff Detail

Repository
rCOMM Comm
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

kamil created this revision.Jul 15 2024, 9:35 AM
kamil held this revision as a draft.
Herald added subscribers: tomek, ashoat. · View Herald TranscriptJul 15 2024, 9:35 AM
Harbormaster completed remote builds in B30334: Diff 42296.Jul 15 2024, 9:57 AM
kamil added a child revision: D12765: [Tunnelbroker] implement requesting FCM access token using OAuth 2.0.Jul 16 2024, 1:21 AM
kamil edited the test plan for this revision. (Show Details)Jul 16 2024, 2:25 AM
kamil published this revision for review.Jul 16 2024, 2:36 AM
kamil added inline comments.
services/tunnelbroker/src/notifs/fcm/mod.rs
20

Docs say: Token must be a short-lived token (60 minutes) and in a reasonable timeframe. so I set this to 55 minutes to leave a buffer to refresh but keep it as long as possible to avoid refreshing this too often.

services/tunnelbroker/src/notifs/fcm/token.rs
21

This is optional to allow creating instances of this without calling OAuth, I want to create FCMToken and FCMClient regardless of minting access token

36–40

generating this when is None in next diff

57

Link to why this scope: https://firebase.google.com/docs/reference/fcm/rest/v1/projects.messages/send

62–65

See Computing the signature here

bartek accepted this revision.Jul 18 2024, 7:15 AM
bartek added inline comments.
services/tunnelbroker/src/notifs/fcm/mod.rs
20

Good to add this as an in-code comment

services/tunnelbroker/src/notifs/fcm/token.rs
36–40

Looked at D12765 and D12766 and generally it can be done better when it comes to code quality, but the logic is just fine so it can stay

This revision is now accepted and ready to land.Jul 18 2024, 7:15 AM
kamil updated this revision to Diff 42517.Jul 19 2024, 2:13 AM

add code comment

Harbormaster completed remote builds in B30504: Diff 42517.Jul 19 2024, 2:30 AM
Closed by commit rCOMM4a7e8b46ea8b: [Tunnelbroker] implement OAuth 2.0 JWT token encoding (authored by kamil). · Explain WhyJul 19 2024, 5:05 AM
This revision was automatically updated to reflect the committed changes.
kamil added a commit: rCOMM4a7e8b46ea8b: [Tunnelbroker] implement OAuth 2.0 JWT token encoding.

Revision Contents
Changeset List

PathSize
services/
tunnelbroker/
src/
notifs/
fcm/
1 line
9 lines
68 lines

Diff 42296

View Options

services/tunnelbroker/src/notifs/fcm/error.rs

Loading...
View Options

services/tunnelbroker/src/notifs/fcm/mod.rs

Loading...
View Options

services/tunnelbroker/src/notifs/fcm/token.rs

Loading...