Deal with various auth token types #247
Conversation
src/aggregator_api_mock.rs
Outdated
There was a problem hiding this comment.
Not related to this PR: This file is dead code and should have been removed in #246. No need to modify it in this PR, but it also doesn't hurt anything
There was a problem hiding this comment.
Yeah, I was wondering about that when I had to fix up both this file and src/api_mocks/aggregator_api.rs! Let's nuke the file in a separate PR.
| pub struct AuthenticationToken { | ||
| /// Type of the authentication token. Always "Bearer" in divviup-api. | ||
| #[serde(rename = "type")] | ||
| typ: String, |
There was a problem hiding this comment.
Nit:
| typ: String, | |
| r#type: String, |
avoids having to rename (and the awkward typ)
If you don't like that, maybe call it token_type in rust and rename to "type" in serde?
There was a problem hiding this comment.
Oh, cool, I didn't know about this bit of syntax. I'm happy to use r#type in this project if you like it better.
src/routes/tasks.rs
Outdated
| @@ -102,6 +103,8 @@ pub mod collector_auth_tokens { | |||
| let leader = task.leader_aggregator(&db).await?; | |||
| let client = leader.client(client); | |||
| let task_response = client.get_task(&task.id).await?; | |||
| Ok(Json([task_response.collector_auth_token])) | |||
| Ok(Json([task_response | |||
There was a problem hiding this comment.
I'm surprised this is what rustfmt likes but who am I to second-guess the linter
|
Not necessarily in this PR, but should we have code that checks the token type and errors if it's not |
In the future, we may need to support partner aggregators that implement all sorts of different authentication schemes that aren't necessarily bearer tokens. For example, Daphne currently only supports the |
|
In that case it seems like we probably should error out if we encounter a token type that's not Bearer? #248 |
|
Let's hold off on merging this until the corresponding Janus change lands. I'll take care of merging when appropriate (and rebase as needed). |
| @@ -101,12 +101,33 @@ impl From<Option<i64>> for QueryType { | |||
| } | |||
| } | |||
|
|
|||
| #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)] | |||
| pub struct AuthenticationToken { | |||
There was a problem hiding this comment.
Note that we use a Serde struct for this object here, and an internally-tagged enum in Janus. In follow-up work, I think it might make sense to treat the authentication token as an opaque JSON blob.
There was a problem hiding this comment.
Oh! In thinking this through I realized we never need to use these tokens in this repo, only pass them between servers? In that case I can close #248 and I agree with this comment. Unless divviup-api needs to be the owner of acceptable tokens, we could just pass around a serde_json::Value
There was a problem hiding this comment.
That would work for the aggregator auth tokens, which are opaque to divviup-api, but not necessarily for collector auth tokens. The tension here is that the Janus aggregator API can express multiple token types, hence the { "type": <>, "token": <> } structure, but divviup-api represents collector auth tokens as a string which implicitly should be used as Bearer tokens. So when providing collector auth tokens to subscribers, divviup-api needs to extract the token field of the AuthenticationToken structure.
We could make this less awkward but using the AuthenticationToken representation in the API divviup-api offers to its clients.
tgeoghegan
force-pushed
the
timg/agg-api-bearer-token
branch
from
427140c
to
a9c14f8
Compare
|
Do we need to validate anything about the bearer token here? We are going to check if it works, which matters more than the format |
client/src/aggregator.rs
Outdated
|
|
||
| #[derive(Serialize, Deserialize, Debug, Clone, Eq, PartialEq)] | ||
| pub struct CollectorAuthenticationToken { | ||
| pub r#type: String, |
There was a problem hiding this comment.
Is this currently always expected to be Bearer? Could this be an internally-tagged enum?
I think that the aggregator capability/config query you're wiring up in divviup/janus#1646 / #340 is sufficient validation that the token is well formed and valid. |
tgeoghegan
force-pushed
the
timg/agg-api-bearer-token
branch
from
d7bdc5d
to
050bee6
Compare
tgeoghegan
force-pushed
the
timg/agg-api-bearer-token
branch
from
050bee6
to
69df990
Compare
There was a problem hiding this comment.
If we're planning to blow away some database tables anyway, then yeah, let's skip the migrations. Let's talk tomorrow (Tuesday) about a deployment plan since we have a bunch of disruptive changes going out this week.
There was a problem hiding this comment.
Based on discussion in Slack today, our plan is to delete all existing aggregators from the staging deploy of divviup-api before we deploy this change and #302, and then re-create any aggregators as needed, eliminating the need to migrate existing data. Accordingly, I've rolled back the commit that added the DB migration (and rebased for good measure).
tgeoghegan
force-pushed
the
timg/agg-api-bearer-token
branch
2 times, most recently
from
9b7d350
to
d86536f
Compare
As of [1], the Janus aggregator API is explicit about which kind of authentication token it uses (`Bearer` or `DapAuth`) and also generates bearer tokens by default. This PR adopts changes to the aggregator API message definitions. [1]: divviup/janus#1548
tgeoghegan
force-pushed
the
timg/agg-api-bearer-token
branch
from
d86536f
to
a494af8
Compare
As of 1, the Janus aggregator API is explicit about which kind of authentication token it uses (
BearerorDapAuth) and also generates bearer tokens by default. This PR adopts changes to the aggregator API message definitions.