Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add httpsig to RS token introspection requests #576

Closed
wilsonianb opened this issue Aug 29, 2022 · 2 comments
Closed

Add httpsig to RS token introspection requests #576

wilsonianb opened this issue Aug 29, 2022 · 2 comments
Labels
pkg: backend Changes in the backend package.
Milestone
Rafiki <> Auth Se...

Comments

@wilsonianb
Copy link
Contributor

https://datatracker.ietf.org/doc/html/draft-ietf-gnap-core-protocol#section-7.3

https://github.com/interledger/rafiki/blob/main/packages/backend/src/open_payments/auth/service.ts#L47
@wilsonianb wilsonianb added the pkg: backend Changes in the backend package. label Aug 29, 2022
@wilsonianb
Copy link
Contributor Author

Since we're assuming the RS and AS are operated by the same account provider, we can make token introspection http signature validation optional. The AS won't publicly expose that endpoint.

@wilsonianb wilsonianb mentioned this issue Aug 29, 2022
Merged
4 tasks
@sabineschaller sabineschaller mentioned this issue Sep 19, 2022
Closed
@matdehaast
Copy link
Collaborator

Closing for now due to AS-RS being in a trusted zone

@matdehaast matdehaast moved this to Done in Rafiki Sep 26, 2022
@wilsonianb wilsonianb closed this as not planned Won't fix, can't repro, duplicate, stale Sep 26, 2022
This was referenced Sep 26, 2022
Closed
Closed
Closed
Closed
@wilsonianb wilsonianb mentioned this issue Sep 28, 2022
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
pkg: backend Changes in the backend package.
Projects
No open projects
Rafiki
Status: Done
Milestone
Rafiki <> Auth Server Integration
Development

No branches or pull requests
3 participants
@wilsonianb @matdehaast @sabineschaller