Bearer token doesn't have any issuer field inside #266
Labels
enhancement
Improving existing functionality
I3
Minimal impact
S2
Regular significance
U4
Nothing urgent
Milestone
Comments
roman-khimov
added
U4
cthulhu-rider
added a commit
that referenced
this issue
Feb 26, 2024
Previously, `BearerToken` message had no explicit field for the token issuer. This could become a limitation on subject identification because only public key derivation was supported. To prevent this, `issuer` field is added. Closes #266. Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
cthulhu-rider
added a commit
to nspcc-dev/neofs-api-go
that referenced
this issue
Mar 4, 2024
The field was added within nspcc-dev/neofs-api#266. Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
cthulhu-rider
added a commit
to nspcc-dev/neofs-sdk-go
that referenced
this issue
Mar 4, 2024
Dedicated field for the bearer token issuer was recently added to the protocol nspcc-dev/neofs-api#266. SDK should provide functionality to work with it. Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
cthulhu-rider
added a commit
to nspcc-dev/neofs-sdk-go
that referenced
this issue
Mar 5, 2024
Dedicated field for the bearer token issuer was recently added to the protocol nspcc-dev/neofs-api#266. SDK should provide functionality to work with it. Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
cthulhu-rider
added a commit
to nspcc-dev/neofs-sdk-go
that referenced
this issue
Mar 18, 2024
Dedicated field for the bearer token issuer was recently added to the protocol nspcc-dev/neofs-api#266. Now SDK provides getter and setter for it. Previously, `Token` type accepted `neofscrypto.Signer` parameter in `Sign` method to calculate and set signature of the bearer token. Obviously, the method did not set nonexistent issuer field. The only way to access the issuer was `ResolveIssuer` method resolving user ID from the public key. Now `Sign` method accepts parameter of `user.Signer` type to additionally set issuer field. This is a breaking change overall, but still needed for stable system authorization and library usage. `ResolveIssuer` method is marked as deprecated in favor of new `Issuer` one. Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
cthulhu-rider
added a commit
to nspcc-dev/neofs-sdk-go
that referenced
this issue
Mar 18, 2024
After protocol extension nspcc-dev/neofs-api#266, bearer token's signed data include issuer ID. Since 435df25, `Sign` method accepts `user .Signer` parameter. In order to stabilize UX of so-called static signing, caller should be forced to specify who's going to sign the token. While this is a breaking change, it will work better than doc requirement to call `SetIssuer` in advance. Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
cthulhu-rider
added a commit
to nspcc-dev/neofs-sdk-go
that referenced
this issue
Mar 18, 2024
Dedicated field for the bearer token issuer was recently added to the protocol nspcc-dev/neofs-api#266. Now SDK provides getter and setter for it. Previously, `Token` type accepted `neofscrypto.Signer` parameter in `Sign` method to calculate and set signature of the bearer token. Obviously, the method did not set nonexistent issuer field. The only way to access the issuer was `ResolveIssuer` method resolving user ID from the public key. Now `Sign` method accepts parameter of `user.Signer` type to additionally set issuer field. This is a breaking change overall, but still needed for stable system authorization and library usage. `ResolveIssuer` method is marked as deprecated in favor of new `Issuer` one. Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
cthulhu-rider
added a commit
to nspcc-dev/neofs-sdk-go
that referenced
this issue
Mar 18, 2024
After protocol extension nspcc-dev/neofs-api#266, bearer token's signed data include issuer ID. Since 435df25, `Sign` method accepts `user .Signer` parameter. In order to stabilize UX of so-called static signing, caller should be forced to specify who's going to sign the token. While this is a breaking change, it will work better than doc requirement to call `SetIssuer` in advance. Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
cthulhu-rider
added a commit
to nspcc-dev/neofs-sdk-go
that referenced
this issue
Mar 18, 2024
Dedicated field for the bearer token issuer was recently added to the protocol nspcc-dev/neofs-api#266. Now SDK provides getter and setter for it. Previously, `Token` type accepted `neofscrypto.Signer` parameter in `Sign` method to calculate and set signature of the bearer token. Obviously, the method did not set nonexistent issuer field. The only way to access the issuer was `ResolveIssuer` method resolving user ID from the public key. Now `Sign` method accepts parameter of `user.Signer` type to additionally set issuer field. This is a breaking change overall, but still needed for stable system authorization and library usage. `ResolveIssuer` method is marked as deprecated in favor of new `Issuer` one. Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
cthulhu-rider
added a commit
to nspcc-dev/neofs-sdk-go
that referenced
this issue
Mar 18, 2024
After protocol extension nspcc-dev/neofs-api#266, bearer token's signed data include issuer ID. Since 435df25, `Sign` method accepts `user .Signer` parameter. In order to stabilize UX of so-called static signing, caller should be forced to specify who's going to sign the token. While this is a breaking change, it will work better than doc requirement to call `SetIssuer` in advance. Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
cthulhu-rider
added a commit
to nspcc-dev/neofs-sdk-go
that referenced
this issue
Mar 18, 2024
Dedicated field for the bearer token issuer was recently added to the protocol nspcc-dev/neofs-api#266. Now SDK provides getter and setter for it. Previously, `Token` type accepted `neofscrypto.Signer` parameter in `Sign` method to calculate and set signature of the bearer token. Obviously, the method did not set nonexistent issuer field. The only way to access the issuer was `ResolveIssuer` method resolving user ID from the public key. Now `Sign` method accepts parameter of `user.Signer` type to additionally set issuer field. This is a breaking change overall, but still needed for stable system authorization and library usage. `ResolveIssuer` method is marked as deprecated in favor of new `Issuer` one. Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
cthulhu-rider
added a commit
to nspcc-dev/neofs-sdk-go
that referenced
this issue
Mar 18, 2024
After protocol extension nspcc-dev/neofs-api#266, bearer token's signed data include issuer ID. Since 435df25, `Sign` method accepts `user .Signer` parameter. In order to stabilize UX of so-called static signing, caller should be forced to specify who's going to sign the token. While this is a breaking change, it will work better than doc requirement to call `SetIssuer` in advance. Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
cthulhu-rider
added a commit
to nspcc-dev/neofs-sdk-go
that referenced
this issue
Mar 25, 2024
Dedicated field for the bearer token issuer was recently added to the protocol nspcc-dev/neofs-api#266. Now SDK provides getter and setter for it. Previously, `Token` type accepted `neofscrypto.Signer` parameter in `Sign` method to calculate and set signature of the bearer token. Obviously, the method did not set nonexistent issuer field. The only way to access the issuer was `ResolveIssuer` method resolving user ID from the public key. Now `Sign` method accepts parameter of `user.Signer` type to additionally set issuer field. This is a breaking change overall, but still needed for stable system authorization and library usage. `ResolveIssuer` method now dual: it starts like `Issuer` and falls back to the old behavior when field is missing. Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It's derived from the key like in https://pkg.go.dev/github.com/nspcc-dev/neofs-sdk-go/bearer#ResolveIssuer, but this defeats
neofsidor any other non-standard account mapping scheme.The text was updated successfully, but these errors were encountered: