Page MenuHomePhabricator

[identity] introduce RPC to update reserved usernames list
ClosedPublic

Authored by varun on Jun 6 2023, 12:39 PM.
Tags
None
Referenced Files
Unknown Object (File)
Feb 27 2024, 1:42 AM
Unknown Object (File)
Feb 27 2024, 1:42 AM
Unknown Object (File)
Feb 27 2024, 1:42 AM
Unknown Object (File)
Feb 27 2024, 1:42 AM
Unknown Object (File)
Feb 27 2024, 1:42 AM
Unknown Object (File)
Feb 27 2024, 1:40 AM
Unknown Object (File)
Feb 2 2024, 1:11 PM
Unknown Object (File)
Jan 20 2024, 7:13 PM
Subscribers

Details

Summary

when accounts are created/deleted on ashoat's keyserver, it will need to inform the identity service so that the list of reserved usernames can be updated.

Test Plan

will be tested when implemented on identity service

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

varun requested review of this revision.Jun 6 2023, 12:58 PM
ashoat requested changes to this revision.Jun 7 2023, 12:46 PM

I think we need some way to authenticate this request. We can't use the access token until keyservers are able to register with the identity service, which is still several weeks away. In yesterday's 1:1, you and I had talked about using a signed message for this, similar to how RegisterReservedPasswordUserStart works. To make that work we'd have to change the .proto here, though. What do you think?

This revision now requires changes to proceed.Jun 7 2023, 12:46 PM
jon requested changes to this revision.Jun 7 2023, 3:11 PM
jon added inline comments.
shared/protos/identity_client.proto
341–345 ↗(On Diff #27510)

Feel we should have a separate remove and add rpc. Why conflate the two?

Makes sense. To address replay attacks we should definitely make sure that the signature has a recent timestamp

This revision is now accepted and ready to land.Jun 9 2023, 11:01 AM

changed username to message since we need to include timestamp