New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add fxa uid and device_id to tokens #81
Conversation
Is it odd that one has an "fxa" prefix and the other doesn't..? shrug |
email = request.validated['assertion']['email'] | ||
id_key = request.registry.settings.get("fxa.metrics_uid_secret_key") | ||
if id_key is None: | ||
id_key = 'insecure' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should at least log a warning here if the key is not configured.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Better to log once at startup than every request, yeah?
But generally 👍 on tunneling this all the way through |
if id_key is None: | ||
logger.warning( | ||
'fxa.metrics_uid_secret_key is not set. ' | ||
'This will allow PII to be more easily identified') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rfk better?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
❤️ 👍
r+, although I guess you need #83 to get the green tick from CircleCI? Let's keep an eye out when QA'ing this to just check that the increased token size doesn't break anything. I can't imagine it will, but there may be e.g. header size limitations that we accidentally bump up against. And for completeness we'll have to check that the loadtests are accurately reflecting the new token size. |
apparently I don't have merge privileges on this or server-syncstorage |
you're now a member of "sagrada-devs" which owns these repos; oh man, that's a project code-name I haven't heard in a while... |
add fxa uid and device_id to tokens
This change adds
fxa_uid
anddevice_id
to the generated token as well as logging them for metrics.For
device_id
it relies on the newfxa-deviceId
claim from FxA coming in v1.57. When not present it will be a hash offxa_uid + 'none'
.