Skip to content

WIP Remove internal ID from JWT token #512

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 2 commits into from

Conversation

snazy
Copy link
Member

@snazy snazy commented Dec 9, 2024

The JWT token already has enough information to identify the principal: the client ID. There's no need to have another internal ID, hence removing the principal ID from the JWT.

…retsManager`

The logic _how_ a principal and/or principal secret's are persisted should be transparent to the calling code. Relying on the persistence internals for principals and secrets management makes it impossible to factor out secrets management / make principal management possible.

This change moves the secret validation and retrieval of a principal by client-ID behind an implementation of `PolarisSecretsManager`.
The JWT token already has enough information to identify the principal: the client ID. There's no need to have another _internal_ ID, hence removing the principal ID from the JWT.
Copy link

This PR is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

@github-actions github-actions bot added the Stale label Jan 11, 2025
@snazy snazy removed the Stale label Jan 13, 2025
@snazy snazy closed this Feb 21, 2025
@snazy snazy deleted the no-principal-id-in-token branch February 21, 2025 12:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant