when accounts are created/deleted on ashoat's keyserver, it will need to inform the identity service so that the list of reserved usernames can be updated.
Details
Details
will be tested when implemented on identity service
Diff Detail
Diff Detail
- Repository
- rCOMM Comm
- Lint
Lint Not Applicable - Unit
Tests Not Applicable
Event Timeline
Comment Actions
I think we need some way to authenticate this request. We can't use the access token until keyservers are able to register with the identity service, which is still several weeks away. In yesterday's 1:1, you and I had talked about using a signed message for this, similar to how RegisterReservedPasswordUserStart works. To make that work we'd have to change the .proto here, though. What do you think?
shared/protos/identity_client.proto | ||
---|---|---|
341–345 ↗ | (On Diff #27510) | Feel we should have a separate remove and add rpc. Why conflate the two? |
Comment Actions
Makes sense. To address replay attacks we should definitely make sure that the signature has a recent timestamp