New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Browser should generate a Gaia association token when signing in #1733

Open
jcnelson opened this Issue Nov 28, 2018 · 4 comments

Comments

Projects
None yet
4 participants
@jcnelson
Copy link
Member

jcnelson commented Nov 28, 2018

As we work towards adding support for private, user-owned Gaia hubs, we need to make sure that when the user signs into the application, the Browser generates a Gaia association token and passes it in on the authResponse JWT. This is necessary for operating private hubs that only accept writes from the user.

Specifically, the call to makeAuthResponse() here needs to pass in an association token.

You can make an association token using this method:

export function makeAssociationToken(appPrivateKey: string, identityKey: string) : string {
  const appPublicKey = getPublicKeyFromPrivateKey(`${canonicalPrivateKey(appPrivateKey)}01`)

  // replace this with whatever timeout is appropriate -- say, a year
  const FOUR_MONTH_SECONDS = 60 * 60 * 24 * 31 * 4
  const salt = crypto.randomBytes(16).toString('hex')
  const identityPublicKey = getPublicKeyFromPrivateKey(identityKey)
  const associationTokenClaim = {
    childToAssociate: appPublicKey,
    iss: identityPublicKey,
    exp: FOUR_MONTH_SECONDS + (new Date()/1000),
    salt 
  }
  const associationToken = new jsontokens.TokenSigner('ES256K', identityKey)
    .sign(associationTokenClaim)
  return associationToken
}

export function canonicalPrivateKey(privkey: string) : string {
  if (privkey.length == 66 && privkey.slice(-2) === '01') {
    return privkey.substring(0,64);
  }
  return privkey;
}

(While we're at it, the call to makeAuthResponse() should also pass in URL to the user's desired Core node).

@hstove hstove self-assigned this Nov 30, 2018

@markmhx

This comment has been minimized.

Copy link

markmhx commented Dec 6, 2018

@hstove I'm not sure this issue is strictly required by OKR 5.4, is it? I believe the OKR only calls for public hub support.

@moxiegirl

This comment has been minimized.

Copy link
Contributor

moxiegirl commented Jan 8, 2019

From GAIA bug review: This is important for when people are installing their own hubs.

@jcnelson

This comment has been minimized.

Copy link
Member Author

jcnelson commented Feb 5, 2019

Is this something we can address this quarter?

@jcnelson

This comment has been minimized.

Copy link
Member Author

jcnelson commented Feb 11, 2019

Fixed in #1830

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment