Include 'generation' field in signed certificates. #530
Conversation
Hmm, @lloyd's example here suggests we should call this "fxa-generation": https://github.com/mozilla/browserid-verifier#extra-idp-claims Consensus? |
I just made that up on the spot. I abstain from the vote here! |
@lloyd seems to be suggesting we prefix our IdP specific claims. I'm fine with it. |
@@ -196,7 +197,8 @@ module.exports = function ( | |||
uid: emailRecord.uid, | |||
email: emailRecord.email, | |||
emailCode: emailRecord.emailCode, | |||
emailVerified: emailRecord.emailVerified | |||
emailVerified: emailRecord.emailVerified, | |||
verifierSetAt: emailRecord.verifierSetAt |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
since we're adding verifierSetAt
I think we should add it to the "getter" db.sessionToken
too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nevermind, its already there. I'll look at this again when the 💊 has worn off.
I don't care either way but namespacing seems safer in general. |
LGTM, r+ modulo whether we care to change the property name. |
namespacing it is, will update and merge shortly |
|
Include 'fxa-generation' field in signed certificates.
Preliminary implementation of #486. This all needs to be revisited for new-format certificates, but this should be enough to get things working for now. @dannycoates r?