add fxa uid and device_id to tokens #81
Conversation
|
Is it odd that one has an "fxa" prefix and the other doesn't..? shrug |
| email = request.validated['assertion']['email'] | ||
| id_key = request.registry.settings.get("fxa.metrics_uid_secret_key") | ||
| if id_key is None: | ||
| id_key = 'insecure' |
There was a problem hiding this comment.
I think we should at least log a warning here if the key is not configured.
There was a problem hiding this comment.
Better to log once at startup than every request, yeah?
|
But generally 👍 on tunneling this all the way through |
| if id_key is None: | ||
| logger.warning( | ||
| 'fxa.metrics_uid_secret_key is not set. ' | ||
| 'This will allow PII to be more easily identified') |
|
r+, although I guess you need #83 to get the green tick from CircleCI? Let's keep an eye out when QA'ing this to just check that the increased token size doesn't break anything. I can't imagine it will, but there may be e.g. header size limitations that we accidentally bump up against. And for completeness we'll have to check that the loadtests are accurately reflecting the new token size. |
|
apparently I don't have merge privileges on this or server-syncstorage |
|
you're now a member of "sagrada-devs" which owns these repos; oh man, that's a project code-name I haven't heard in a while... |
add fxa uid and device_id to tokens
This change adds
fxa_uidanddevice_idto the generated token as well as logging them for metrics.For
device_idit relies on the newfxa-deviceIdclaim from FxA coming in v1.57. When not present it will be a hash offxa_uid + 'none'.