Simplify invite token for users #17
Comments
|
Expiring invite tokens seem incompatible with allowing people to self-register multiple devices. Did we have a good idea to solve that yet? (I propose tokens simply don't expire for now.) |
Sounds good to me. Let's leave the expiry date out then :) |
|
636315c made progress here: the CA is now a fingerprint rather than needing the full CA certificate (through a file / URL) |
|
I think we're gonna solve this with #115 instead |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, registering to a circle requires four values:
We could simplify this by creating a single token that contains all values.
Proposal: The new token starts with the circle name, and contains an encoded version of the username, an expiry date, some checksum of the CA certificate and a hash over these values plus private key produced by discovery earlier. The client can read the username, expiry date & checksum from the token. The client connects to discovery using the circle name, checks that its CA certificate matches the checksum, then passes the encoded value. Discovery can also read the username and expiry date, and check that they were produced by itself by checking against the private key.
The text was updated successfully, but these errors were encountered: