feat(backend): serve jwks.json from client payment pointer #758
Conversation
github-actions
bot
added
pkg: backend
| @@ -125,7 +126,8 @@ export const createAuthenticatedClient = async ( | |||
| grant: createGrantRoutes({ | |||
| axiosInstance, | |||
| openApi: authServerOpenApi, | |||
| logger | |||
| logger, | |||
| client: args.client | |||
There was a problem hiding this comment.
I was going to have createAuthenticatedClient query ${client}/jwks.json to validate that the key with the specified keyid is served there, but backend calls createAuthenticatedClient long before its routes are set up.
There was a problem hiding this comment.
Yeah I was thinking you'd possibly get some kind of race condition type behaviour - could add some kind of retry mechanism but gets too complicated for what it's worth.
Is there a more straightforward name than client? Even just paymentPointerUrl? or clientPaymentPointer?
wilsonianb
requested review from
omertoast,
mkurapov,
sabineschaller and
njlie
| @@ -125,7 +126,8 @@ export const createAuthenticatedClient = async ( | |||
| grant: createGrantRoutes({ | |||
| axiosInstance, | |||
| openApi: authServerOpenApi, | |||
| logger | |||
| logger, | |||
| client: args.client | |||
There was a problem hiding this comment.
Yeah I was thinking you'd possibly get some kind of race condition type behaviour - could add some kind of retry mechanism but gets too complicated for what it's worth.
Is there a more straightforward name than client? Even just paymentPointerUrl? or clientPaymentPointer?
| ctx.throw(404) | ||
| const url = `https://${ctx.request.host}/${ctx.params.paymentPointerPath}` | ||
| const config = await ctx.container.use('config') | ||
| if (url !== config.paymentPointerUrl) { |
There was a problem hiding this comment.
In which situations will this equality happen?
There was a problem hiding this comment.
When this is an Open Payments resource request for the RS's own payment pointer, which will now/soon be happening when a separate AS is querying RS's client payment pointer /jwks.json
| deps.config.paymentPointerUrl === | ||
| `https://${ctx.request.host}/${ctx.params.paymentPointerPath}` |
There was a problem hiding this comment.
Should this be made into a function we can use across this package? Any function name will also help with the self-commenting of the code IMO
There was a problem hiding this comment.
I'd like to be able to do this via a paymentPointerUrl getter on AppContext(?), but I'm struggling to pull it off.
| @@ -93,6 +93,7 @@ export interface CreateAuthenticatedClientArgs | |||
| extends CreateUnauthenticatedClientArgs { | |||
There was a problem hiding this comment.
Kind of outside the scope of this PR, but I'm a bit confused why TS doesn't complain about
const axiosInstance = createAxiosInstance({
privateKey: args.privateKey,
keyId: args.keyId,
requestTimeoutMs:
args?.requestTimeoutMs ?? config.DEFAULT_REQUEST_TIMEOUT_MS
}when privateKey and keyId are optional in createUnauthenticatedClient.
There was a problem hiding this comment.
I think this due to
Line 28 in 2f17be3
which was toggled in
@matdehaast @traviscrist Do either of you remember why we disabled strict type checking?
There was a problem hiding this comment.
@wilsonianb I think its was due to it not being run properly so when run it was showing tons of issues and we didn't want to fix them all when getting pnpm setup. If you enable it how many issues does it find?
There was a problem hiding this comment.
If you enable it how many issues does it find?
tbd
Changes proposed in this pull request
Context
Checklist
fixes #number