New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Browser should generate a Gaia association token when signing in #1733

jcnelson opened this Issue Nov 28, 2018 · 4 comments


None yet
4 participants
Copy link

jcnelson commented Nov 28, 2018

As we work towards adding support for private, user-owned Gaia hubs, we need to make sure that when the user signs into the application, the Browser generates a Gaia association token and passes it in on the authResponse JWT. This is necessary for operating private hubs that only accept writes from the user.

Specifically, the call to makeAuthResponse() here needs to pass in an association token.

You can make an association token using this method:

export function makeAssociationToken(appPrivateKey: string, identityKey: string) : string {
  const appPublicKey = getPublicKeyFromPrivateKey(`${canonicalPrivateKey(appPrivateKey)}01`)

  // replace this with whatever timeout is appropriate -- say, a year
  const FOUR_MONTH_SECONDS = 60 * 60 * 24 * 31 * 4
  const salt = crypto.randomBytes(16).toString('hex')
  const identityPublicKey = getPublicKeyFromPrivateKey(identityKey)
  const associationTokenClaim = {
    childToAssociate: appPublicKey,
    iss: identityPublicKey,
    exp: FOUR_MONTH_SECONDS + (new Date()/1000),
  const associationToken = new jsontokens.TokenSigner('ES256K', identityKey)
  return associationToken

export function canonicalPrivateKey(privkey: string) : string {
  if (privkey.length == 66 && privkey.slice(-2) === '01') {
    return privkey.substring(0,64);
  return privkey;

(While we're at it, the call to makeAuthResponse() should also pass in URL to the user's desired Core node).

@hstove hstove self-assigned this Nov 30, 2018


This comment has been minimized.

Copy link

markmhx commented Dec 6, 2018

@hstove I'm not sure this issue is strictly required by OKR 5.4, is it? I believe the OKR only calls for public hub support.


This comment has been minimized.

Copy link

moxiegirl commented Jan 8, 2019

From GAIA bug review: This is important for when people are installing their own hubs.


This comment has been minimized.

Copy link
Member Author

jcnelson commented Feb 5, 2019

Is this something we can address this quarter?


This comment has been minimized.

Copy link
Member Author

jcnelson commented Feb 11, 2019

Fixed in #1830

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment