-
Notifications
You must be signed in to change notification settings - Fork 145
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Passing opaque user data up from CredentialRepository
?
#274
Comments
This both would and would not work. This method is used for two things:
This is used to check that the username and user handle refer to the same account, in case
This is required at the moment, due to how the logic in It's also used to set
Yes, that sounds right. The library uses the Does that help? Anything I missed? |
Ah, I missed the If I set If I set It is something I'll have to think about. Thanks for the detailed description! |
If you can spare the bytes I would recommend storing the user handle as an opaque value in the user record, even if it's derived from other values. For example, should you ever need to rotate that hash key, you would no longer be able to re-derive user handles older than the new key (and thus validation for those discoverable credentials would fail under the current library implementation). Or you'd have to keep record of which hash key was used for which user account, at which point you might as well store the user handle directly instead. |
I hope you got your questions answered! You're welcome to re-open the issue if you have more. |
If you don't mind me requesting further input, since I'm really trying to avoid "fighting the library" here: Assume I have some opaque server-generated metadata that is attached to each credential. My credential repository's What would an "appropriate" way of passing this metadata out of the credential repository and through the library code be that ends up with the metadata accessible to my application logic? My naive approach would've been to simply subclass Is there some other "supported" way to pass opaque data alongside a |
Hm, good questions. There is no "appropriate" way to do this right now, but it certainly seems like it would be a common need, so I am in favour of adding one. A simple approach that immediately springs to mind is to add a new field like The reason the values types are marked |
In the meantime while we figure that out, there does exist a workaround. It's a horrible hack, definitely qualifying as "fighting the library", but it does seem to work: you can smuggle extra data in the CBOR of the
you could set this:
For example, your application code could do something like this: import com.upokecenter.cbor.CBORObject;
CBORObject extra = CBORObject.NewMap();
extra.set("foo", CBORObject.FromObject("bar"));
CBORObject cose = CBORObject.DecodeFromBytes(publicKeyCose.getBytes());
cose.set("extra", extra);
ByteArray newPublicKeyCose = new ByteArray(cose.EncodeToBytes); and then extract the data back out from Again, this is a horrible hack, but it could work in a pinch. |
|
CredentialRepository
methods are required?CredentialRepository
?
Alright, sorry for the delay, but I've now had some time to try sketching some things out along the lined described in #289 (comment). I'm not sure where this will go in the end, but I like some aspects of this prototype at least. Please take a look at the A couple of things, including some other types, change with
So, although this is far from finished just yet - does this look like a path forward that would help your use case? I'm having the next two weeks off so I might not respond within that time, but I'll continue with this when I'm back. |
Just as a heads-up, the technical demonstrator project on our end is wrapped up, so I may not find much time to be active in these issues (though they continue to be of great personal interest to me). |
Thanks for your patience and sorry for the delay - the experimental |
Not necessarily an issue, but the JavaDoc isn't entirely clear on this. (Or, if it is, I couldn't find it - apologies if so.)
I am trying to integrate passwordless authentication using client-side discoverable credentials into existing infrastructure, which imposes some limitations.
We intend to store
(credential, user identifier)
pairs, indexed bycredentialId
. We identify users internally using an identifier that is personal data, and which we thus cannot store directly in the user handle. As I understand it, the user handle's primary purpose is deduplication of resident credentials; therefore, we intended to specify a keyed hash digest (using a server private key) as the user handle. This is of course not reversible, but since we index all known credentials by their ID, this is not an issue for us.I am now trying to map this behavior onto the
CredentialRepository
interface.getCredentialIdsForUsername
: is returning an empty set permissible when using client-side discoverable credentials (e.g., this is only used to populateallowCredentials
) or would this cause validation to fail?getUserHandleForUsername
: is this used/required when using client-side discoverable credentials?getUsernameForUserHandle
: is this used when validating the received credential, or can I safely returnOptional.empty
?lookup
: I assume this is used when validating a credential; I would retrieve the credential by ID, re-calculate the user handle, and returnOptional.empty
on failure; does this match what the library expects?The text was updated successfully, but these errors were encountered: