tangled.org / core
Monorepo for Tangled tangled.org
fork atom

appview/oauth: use client attestation #721

merged opened by oppi.li targeting master from push-qryntruoqzmt

this change makes our tangled appview a "confidential" client.

this change includes breaking changes to the appview service, it now requires two different environment variables:

  • TANGLED_OAUTH_CLIENT_SECRET: the secret component of the old JWKs object
  • TANGLED_OAUTH_CLIENT_KID: the key ID the old JWKs object

both of these can be extracted from the old JWKs object: obj.d and obj.kid respectively.

Signed-off-by: oppiliappan me@oppi.li

Labels

None yet.

assignee

None yet.

Participants 2
AT URI
at://did:plc:qfpnj4og54vl56wngdriaxug/sh.tangled.repo.pull/3m4bdyfrbw222
-1
Interdiff #0 โ†’ #1
unified split
appview/config/config.go

This file has not been changed.

appview/oauth/handler.go

This file has not been changed.

appview/oauth/oauth.go

This file has not been changed.

cmd/genjwks/main.go

This file has not been changed.

docs/hacking.md

This file has not been changed.

flake.nix

This file has not been changed.

nix/pkgs/genjwks.nix

This file has not been changed.

-1
nix/pkgs/goat.nix
··· 10 10 vendorHash = "sha256-VbDrcN4r5b7utRFQzVsKgDsVgdQLSXl7oZ5kdPA/huw="; 11 11 doCheck = false; 12 12 } 13 -
scripts/appview.sh

This file has not been changed.

scripts/generate-jwks.sh

This file has not been changed.

History

2 rounds 2 comments
sign up or login to add to the discussion
oppi.li submitted #1
diff
1 commit
expand
fee93915
appview/oauth: use client attestation
3/3 success
expand
build.yml
fmt.yml
test.yml
expand 0 comments
pull request successfully merged
oppi.li submitted #0
diff
1 commit
expand
ef5fde78
appview/oauth: use client attestation
1/3 failed, 2/3 timeout
expand
build.yml
fmt.yml
test.yml
expand 2 comments
boltless.me

lgtm! tested with #684 and can confirm it works fine.

oppi.li

thanks for testing!