Add option to verify JWT tokens in the HTTP Authorization header #72
Conversation
|
👋 Thanks for assigning @tnull as a reviewer! |
tankyleo
force-pushed
the
rust-jwt-auth
branch
from
96d6359 to
d127bd1
Compare
|
🔔 1st Reminder Hey @tnull! This PR has been waiting for your review. |
tnull
left a comment
tnull
left a comment
There was a problem hiding this comment.
Seems relatively straightforward - but for my understanding: is the plan to also add the issuance part in this PR?
rust/server/src/util/config.rs
Outdated
| pub(crate) struct Config { | ||
| pub(crate) server_config: ServerConfig, | ||
| pub(crate) postgresql_config: Option<PostgreSQLConfig>, | ||
| pub(crate) postgresql_config: PostgreSQLConfig, |
There was a problem hiding this comment.
Why is this mandatory now? How will this work with the InMemoryStore or any other impl we'll add?
There was a problem hiding this comment.
We currently don't support any alternative backends, and expect if this is None. I would prefer failing earlier, with the Config member type to represent our current status (ie not Option<PostgreSQLConfig> but PostgreSQLConfig).
The error message if the postgresql_config table is not present is this one:
Failed to load configuration: TOML parse error at line 1, column 1
|
1 | [server_config]
| ^
missing field `postgresql_config`
There was a problem hiding this comment.
That being said, I'm thinking we keep this Option to open up the InMemoryStore use case later.
Do you think issuance is in-scope for VSS-server ? My immediate thinking is VSS-server should only be verifying, and not touch the private key. Issuance should be handled by something separate with different security measures that does have this privileged access to the private key. See vss channel, it seems the immediate request from users is just the ability to set the public key for verifying JWT tokens. |
3 participants
No description provided.