Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWT token decoding is not done #1297

Closed
AdamISZ opened this issue May 31, 2022 · 1 comment · Fixed by #1480
Closed

JWT token decoding is not done #1297

AdamISZ opened this issue May 31, 2022 · 1 comment · Fixed by #1480
Labels
help wanted RPC-API

Comments

@AdamISZ
Copy link
Member

AdamISZ commented May 31, 2022

Recent merging of #1291 reminded me that this has not been done.
Currently we use this as a token and intended for it to expire, but as you can see from jmclient.wallet_rpc.JMWalletDaemon.check_cookie we are only checking the encoded secret and not decoding it.

joinmarket-clientserver/jmclient/jmclient/wallet_rpc.py

Line 362 in 537d2ac

if request_cookie==None or self.cookie != request_cookie:

I would appreciate it if someone researches (or already knows) the best way to use such JWT tokens could chime in and either PR or just explain the best way to use them for our use case. What we have now is extremely crude.
@AdamISZ
Copy link
Member Author

AdamISZ commented Sep 11, 2022

Added help wanted because this is certainly something that someone, especially someone even moderately familiar with JWT or API authentication in general, could do, instead of me.

@roshii roshii mentioned this issue Apr 24, 2023
Merged
@AdamISZ AdamISZ closed this as completed in 6e6e68b Sep 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted RPC-API
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Decode JWT token for validation roshii/joinmarket-clientserver
1 participant
@AdamISZ