Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IAM: Refactor user session management to middleware #3139

Merged
merged 3 commits into from
May 31, 2024
Merged

IAM: Refactor user session management to middleware #3139

merged 3 commits into from
May 31, 2024

Conversation

reinkrul
Copy link
Member

@reinkrul reinkrul commented May 24, 2024
edited
Loading

Fixes #3005

Moves user session management to Echo middleware. Functional changes:

  • If a user session already exists and preauthorized user details are provided, earlier it checked whether the user details of the subsequent "user access token flow" were the same as the one that were used to create the session (XIS sanity check). This check is now became unpractical, since the user details aren't available as-is in the session any more. Also, this is the responsibility of the calling XIS.
  • Before, only 1 session cookie could exist for a user, so if the user performed a user access token flow for a different did:web DID, things would break (session not found/invalid). This is now fixed, by allowing multiple sessions (bound to web DID) to co-exist, allowing multi-tenancy.
  • Changed the session from Host prefix to Secure prefix, as Host prefix does not allow a path other than /

@reinkrul reinkrul force-pushed the usersession-middleware branch from b10cd44 to 41e442f Compare May 24, 2024 09:39
@reinkrul reinkrul requested review from gerardsn and woutslakhorst and removed request for gerardsn May 25, 2024 06:53
@reinkrul reinkrul force-pushed the usersession-middleware branch from 1fef2a8 to b316fe8 Compare May 25, 2024 06:55
@reinkrul reinkrul marked this pull request as ready for review May 25, 2024 06:57
@reinkrul reinkrul force-pushed the usersession-middleware branch from b316fe8 to d466a36 Compare May 25, 2024 07:20
woutslakhorst
woutslakhorst requested changes May 29, 2024
View reviewed changes
Copy link
Member

@woutslakhorst woutslakhorst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think middleware should be located next to other middleware. Maybe in http/session or http/user? This would solve most weird naming. user.Wallet vs usersession.UserWallet.... and user.Session vs usersession.Data

auth/api/iam/user.go Outdated Show resolved Hide resolved
auth/api/iam/usersession/util.go Outdated Show resolved Hide resolved
auth/api/iam/usersession/data.go Outdated Show resolved Hide resolved
auth/api/iam/usersession/data.go Outdated Show resolved Hide resolved
@reinkrul reinkrul requested a review from woutslakhorst May 30, 2024 11:12
@reinkrul reinkrul merged commit 340e015 into master May 31, 2024
8 of 9 checks passed
@reinkrul reinkrul deleted the usersession-middleware branch May 31, 2024 07:09
reinkrul added a commit that referenced this pull request May 31, 2024
@reinkrul
IAM: Refactor user session management to middleware (#3139)
1dd6b74
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@woutslakhorst woutslakhorst woutslakhorst approved these changes

@gerardsn gerardsn Awaiting requested review from gerardsn gerardsn is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

IAM: move user session management to middleware
2 participants
@reinkrul @woutslakhorst