by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    hackerman
    @aeneasr
    @ryankurte just so there's no misunderstanding, not saying I don't want this or it's a bad idea. But maintenance on fosite has showed me that it is critical to first get a good look at the ideas / problems that float around before jumping into breaking changes :)
    Ryan
    @ryankurte
    Yeah, fair enough! Happy to do the issue thing.
    Matthew Hartstonge
    @matthewhartstonge
    @arekkas
    Well that didn't work how I thought.. haha
    anywho, thanks for looking into my contrib. I'll push it into another repo when back at work monday NZST and can let you know.
    i'm looking into creating a mongo storage driver as well, would you like me to keep that out in a separate repo as well? (This is pure Go using mgo.v2)
    Matthew Hartstonge
    @matthewhartstonge
    Lastly, i'm trying to work out how to store sessions with jwt, oauth2 openid flow with prompt=none for implicit grant. Do you have suggestions on where to look at this? I noticed that cookies don't get created/sent back to the client and the session store doesnt seem to update when I squish a jwt into ar.SetSession() using the memory store
    technically, cookies don't have to be created and the nonce should be enough to verify a client, but the session store is <nil> when checking it
    hackerman
    @aeneasr
    @MatthewHartstonge yeah storage should also go in a separate repo :) we will add a nice section at the top of the readme linking to the repos!
    hm that's weird, could you show the code?
    Matthew Hartstonge
    @matthewhartstonge
    hackerman
    @aeneasr
    nice @MatthewHartstonge !!
    Matthew Hartstonge
    @matthewhartstonge
    @arekkas In hydra, what is the jwk.Manager used for?
    I've going between fosite and hydra to work out concrete implementations for a mongo storage backend and wondering where this fits in regards to the example MemoryStore concrete definition
    I'm guessing that its used for storing AccessTokens and RefreshTokens in order to be stored in an encrypted format?
    Matthew Hartstonge
    @matthewhartstonge
    Or should AccessTokens/RefreshTokens conform to the fosite.Requester interface as well?
    You can find my current implementation here if it helps to see the code: https://github.com/MatthewHartstonge/storage
    hackerman
    @aeneasr
    jwk manager is for storing json web keyd
    keys
    eg for signing id tokens
    Matthew Hartstonge
    @matthewhartstonge
    Hmm. Okay will have to research on how they play into using JWTs. I've only used JWS in the past. Thanks :)
    hackerman
    @aeneasr
    the manager is also used to serve TLS and sign consent challenge / responses
    also please be aware that while it's mega uber super cool that you're working on a mongodb adapter, it is quite unlikely that it will be merged in hydra, as we only have limited resources and can't support more database adapters than available at the moment
    Matthew Hartstonge
    @matthewhartstonge
    Yeah, I saw a bit of policy related things in there.
    Oh don't worry :) I'm planning on keeping it more as a pull in storage adapter for fosite, so in terms of where I need to head I think JWK will be outside of scope. We're trying to keep our new platform soley mongo hence the adapter haha
    I'm using Hydra to understand the concrete implementations a bit better of the storage backends as well as fosite-example
    hackerman
    @aeneasr
    ah yeah that makes sense, you don't need to implement anything from hydra except
    that's all you need
    Matthew Hartstonge
    @matthewhartstonge
    Awesome, thanks! Will give a shoutout when i'm confident it's reached a v1.0.0 release on here :raised_hands:.
    Fosite is a very, very cool lib - it's saved me maaaannnnnnyyy hours/headaches/+...
    Trying to give back as much as I can :D
    hackerman
    @aeneasr
    that's really awesome to hear @MatthewHartstonge ! I'm glad it can be of help :)
    by the way, may I ask why you're not considerung hydra?
    Matthew Hartstonge
    @matthewhartstonge
    To be honest, I really only found it last month.
    We speced out how we were going to acheieve Auth last year which included Argon2 and user password credentials flow and implemented a little of it in nodejs.
    Three weeks ago we finally finished specing our new version and decided to move to Golang as nodejs felt like we were fighting with the language and inbetween 3 language states. (So Golang is a first for me too - hit the ground hard right?)
    Found hydra/fosite and decided on fosite as we are creating a identity provider with user management in the one binary
    Oh, also, we are microservicey - so we need to interface to the IDP via gRPC and MQ to update it
    ^ That was more the issue
    Our app is Multitenented where a given tenant can create a bulk set of users in one hit.
    hackerman
    @aeneasr
    ok hydra is really good at leaving you totally alone with your idp
    as in you can implement anything you want as your idp
    hydra only solves oauth2
    and hydra has like really good, battle tested security concepts
    so you could write an IDP with gRPC and AMQP (or any other thingy) and simply connect hydra to it, that's like the core strength of hydra, it works with any idp @MatthewHartstonge
    most of the endpoints hydra uses that aren't for managing hydra itself are IETF specs, so the concepts are all very well thought trough
    plus we do some consulting for hydra and help you get started and understand the security concepts and also verify your architecture and use of hydra, if that's interesting for you.
    Matthew Hartstonge
    @matthewhartstonge
    Hmmm.. I'll have to get in and properly investigate Hydra and get back to you.
    For now due to our timeline of getting to market I don't want to add another change/thing to learn into the mix as we're not far off :/ But Hydra will definitely percolate in the back of my mind.
    (by the way, in case you were worried we're not using the password credential grant anymore, we've moved to implicit grant ;) )
    Anywho, I need to head to bed - it's 1.40am here! :joy:
    Matthew Hartstonge
    @matthewhartstonge
    @arekkas FYI: I've carved a v0.1.0 release of the mongo storage backend @ https://github.com/MatthewHartstonge/storage
    Also, re: ory/fosite#170, it has built correctly, coveralls has intermittant submission issues I've noticed.
    hackerman
    @aeneasr
    awesome!
    Matthew Hartstonge
    @matthewhartstonge
    And again, thankyou for fosite and hydra! 😀
    hackerman
    @aeneasr
    you're very much welcome!
    hackerman
    @aeneasr
    /@all this channel is closing, please go to https://discord.gg/PAMQWkr