-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Why do we require AuthenticationToken
values to be valid HTTP header values?
#1384
Comments
We could resolve this if we distinguished between DAP-Auth-Token and Authentication: Bearer auth tokens, i.e. if each task only supported one of the two methods. Then we could represent them with different types internally, and limitations on non-base64-encoded tokens wouldn't infect code for base64-encoded tokens. |
Yes, we need to do that anyway so that Janus can keep track of how it should authenticate to different helpers it may be working with. I'm working on that in the scope of #472; I think I can resolve this, too. |
I see now why we insist on the actual value being header-safe. It's this (unwise, bad) text from draft-ietf-ppm-dap-01:
So if we want to preserve that semantic, then yes, David is correct, we need to treat |
Yep, the tricky part is that We could make the implementation choice to store the "raw" entropy (i.e. unencoded bytes), encoding only as needed to transmit or verify values. But this would only save us a few bytes of storage cost per task, and not save anything on-the-wire. Another good reason to split bearer tokens by "type" ( |
The above discussion helped me understand why things are the way they are, but there's no further code change or action needed here. |
When we generate an
AuthenticationToken
, we generate 16 random bytes, then encode those into hex. The resulting 32 bytes is the authentication token:When we receive an auth token in an HTTP message or read it out of a database row, we first decode from Base64[URL] as needed, and then insist that the resulting bytes be valid HTTP header values.
This is inefficient: the tokens we generate contain 16 bytes of entropy, but consume 32 bytes in storage and on the wire because of the hex encoding. Further, it forces these awkward validations on us. Finally, we can't guarantee that all
DAP-Auth-Token
values will satisfy this requirement: suppose a Janus leader runs with a Daphne helper, and Daphne generates the token Janus is to use to authenticate requests to run aggregation jobs. The token generated by Daphne may not meet our requirements.We should instead treat the contents of an
AuthenticationToken
as an opaque blob of bytes. We can then ensure it's safe to put into HTTP requests by either base64 or hex encoding it. HTTP header safety is a transport layer concern.The text was updated successfully, but these errors were encountered: