Details

Reviewers

varun
michal
ashoat

Commits

rCOMMecaaf648a29c: [identity] Add RPC for secondary device login

Summary

This diff adds a RPC that is called by secondary device, after receiving information from primary device that it has been added to the device list.

This RPC serves two purposes:

Perform a device key upload for newly added secondary device
Mint an access token for the secondary device

The implementation is done in the next diff

Depends on D10800

Test Plan

Identity service and grpc_cliends compile
Flow for grpc-web codegen

Diff Detail

Repository

rCOMM Comm

Lint

No Lint Coverage

Unit

No Test Coverage

Event Timeline

bartek created this revision.Jan 29 2024, 4:39 AM

bartek held this revision as a draft.

Herald added a subscriber: tomek. · View Herald TranscriptJan 29 2024, 4:39 AM

bartek added a child revision: D10862: [identity] Implement RPC for secondary device registration.Jan 29 2024, 4:44 AM

Harbormaster completed remote builds in B26246: Diff 36257.Jan 29 2024, 4:59 AM

bartek published this revision for review.Jan 29 2024, 5:29 AM

Concerned that we're short-circuiting the proper "Existing Device Log-in" protocol here

shared/protos/identity_unauth.proto
29	Would this RPC ever be used in a different case that isn't secondary device auth? I'm wondering if we should pick a different name. For instance, `UploadKeysForRegisteredDeviceAndLogIn`. I spent some time looking at the whitepaper, and I can't find any other examples of "New Device and Comm run Key Upload (5.2.2) and Existing Device Log-in (5.3.6)" occurring, so I think we can probably leave it as-is, unless you prefer the alternate name I proposed.
218–220	In the whitepaper, I think this request is described as "New Device and Comm run Key Upload (5.2.2) and Existing Device Log-in (5.3.6)". I think you're taking a slightly different approach here. Instead of a proper "Existing Device Log-in", you're authing the user just based on their `DeviceKeyUpload`. I don't think this is as safe. By skipping the nonce and timestamp steps, you make the system hypothetically vulnerable to replay attacks.
223–227	Realized that this message is repeated many times in this file: `RegistrationFinishResponse` `OpaqueLoginFinishResponse` `WalletLoginResponse` This case: `SecondaryDeviceLoginResponse` Is there a reason we're repeating it so many times? Does it make it easier to make changes later if we need to?

This revision now requires changes to proceed.Jan 29 2024, 11:21 AM

bartek planned changes to this revision.Jan 31 2024, 3:35 AM

bartek added inline comments.

shared/protos/identity_unauth.proto
29	Glad you raised this. Yes, this RPC is intended to be called in this only specific case (QR code auth). My name isn't perfect but I didn't have any better idea. I'll follow your proposal.
218–220	This is my bad, I treated our password/wallet login RPCs as "Existing Device Log-in (5.3.6)" but now looking at `LogInWalletUser` RPC implementation I see that it indeed validates the nonce.
223–227	Yeah I noticed this pattern too, so I followed it. This probably can be merged into one message unless I'm missing something, cc @varun. If so, I can create a task and do this. But I prefer doing it separately from this stack, for clarity.

Renamed the RPC; added request field for the nonce/timestamp challenge

bartek added inline comments.Feb 5 2024, 5:08 AM

shared/protos/identity_unauth.proto
218 ↗	(On Diff #36611)	Not sure of the best name for this field.

Harbormaster failed remote builds in B26487: Diff 36611!Feb 5 2024, 5:11 AM

bartek planned changes to this revision.Feb 5 2024, 5:13 AM

Fix flow

Harbormaster completed remote builds in B26489: Diff 36613.Feb 5 2024, 5:38 AM

Assuming the RPC for vending the challenge will be handled separately. Proto changes and grpc-web changes look good to me – resigning so that somebody else can take a look at the Rust

shared/protos/identity_unauth.proto
218 ↗	(On Diff #36613)	For this to work, don't we need another RPC to vend the challenge?

varun accepted this revision.Feb 6 2024, 7:14 AM

varun added inline comments.

shared/protos/identity_unauth.proto
223–227	i think we can merge them

This revision is now accepted and ready to land.Feb 6 2024, 7:14 AM

bartek added inline comments.Feb 7 2024, 2:39 AM

shared/protos/identity_unauth.proto
223–227	https://linear.app/comm/issue/ENG-6686/merge-identity-login-response-messages

varun added inline comments.Feb 15 2024, 9:05 AM

shared/protos/identity_unauth.proto
224–228 ↗	(On Diff #36613)	we can remove this now or create a new task to replace this with the message introduced in D11061

Rebase on AuthResponse

Harbormaster completed remote builds in B26954: Diff 37297.Feb 16 2024, 2:25 AM

Closed by commit rCOMMecaaf648a29c: [identity] Add RPC for secondary device login (authored by bartek). · Explain WhyFeb 16 2024, 6:26 AM

This revision was automatically updated to reflect the committed changes.

bartek added a commit: rCOMMecaaf648a29c: [identity] Add RPC for secondary device login.

[identity] Add RPC for secondary device login
ClosedPublic
Actions

Details

Diff Detail

Event Timeline

Revision Contents
Changeset List

Diff 36257

services/identity/src/client_service.rs

services/identity/src/grpc_utils.rs

shared/protos/identity_unauth.proto

web/protobufs/identity-unauth-structs.cjs

web/protobufs/identity-unauth-structs.cjs.flow

web/protobufs/identity-unauth.cjs

web/protobufs/identity-unauth.cjs.flow

[identity] Add RPC for secondary device loginClosedPublicActions

Details

Diff Detail

Event Timeline

Revision ContentsChangeset List

Diff 36257

services/identity/src/client_service.rs

services/identity/src/grpc_utils.rs

shared/protos/identity_unauth.proto

web/protobufs/identity-unauth-structs.cjs

web/protobufs/identity-unauth-structs.cjs.flow

web/protobufs/identity-unauth.cjs

web/protobufs/identity-unauth.cjs.flow

[identity] Add RPC for secondary device login
ClosedPublic
Actions

Revision Contents
Changeset List