Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Duplicated FusionAuth env vars #289

Closed
slifty opened this issue Oct 26, 2023 · 1 comment · Fixed by #305
Closed

Duplicated FusionAuth env vars #289

slifty opened this issue Oct 26, 2023 · 1 comment · Fixed by #305

Comments

@slifty
Copy link
Contributor

slifty commented Oct 26, 2023
edited
Loading

There seem to be two sets of env vars related to fusionauth configuration that contain the same values in practice:

  1. FUSION_AUTH_SFTP_APP_ID and FUSION_AUTH_SFTP_CLIENT_ID
  2. FUSION_AUTH_KEY and FUSION_AUTH_SFTP_CLIENT_SECRET

We should either (A) confirm they are potentially distinct and document as such or (B) eliminate the redundancy and just keep one of each pairing.
@slifty
Copy link
Contributor Author

slifty commented Oct 26, 2023

For context, these were added as part of #192

slifty added a commit to PermanentOrg/infrastructure that referenced this issue Oct 26, 2023
@slifty
Add new sftp environment variables
061fdf2 
The SFTP service needs some additional environment variables to be
populated, as a result of some recent changes to how refresh tokens are
used to generate auth tokens [1].

A few of these vriables are redundant [2], and that's why we use the
same "source" variable to map them as late as possible in the
provisioning.  Eventually if the redundancy is removed from the sftp
service we'll want to update the provisioner to stop populating the
obsolete copies.

Issue #138

[1] PermanentOrg/sftp-service#192
[2] PermanentOrg/sftp-service#289
@slifty slifty mentioned this issue Oct 26, 2023
Merged
slifty added a commit that referenced this issue Nov 7, 2023
@slifty
Move token management to dedicated class
a7f797d 
We had organically coupled token management with the initial
authentication flow, but they don't actually belong together.

This separates token management (e.g. utilization of refresh tokens)
from the SSH authentication system.  It also refactors the sftp session
handler to use the token manager rather than the authentication session.

Finally, the tokens are now retrieved just-in-time by the permanent file
system (rather than being passed during the creation of the permanent
file system).  This is a critical fix because (1) it prevents certain
paths that would lead to stale tokens but also (2) it means that
creating a permanent file system becomes a synchronous operation.  This
also resolves a bug where the failure to generate a token could result
in a hanging sftp connection.

While doing these refactors we took out a redundant environment
variable.

Issue #288 Permanent file system errors can result in hung connections
Issue #289 Duplicated FusionAuth env vars
@slifty slifty mentioned this issue Nov 7, 2023
Merged
slifty added a commit that referenced this issue Nov 7, 2023
@slifty
Move token management to dedicated class
04c7d3c 
We had organically coupled token management with the initial
authentication flow, but they don't actually belong together.

This separates token management (e.g. utilization of refresh tokens)
from the SSH authentication system.  It also refactors the sftp session
handler to use the token manager rather than the authentication session.

While doing these refactors we took out a redundant environment
variable.

Issue #289 Duplicated FusionAuth env vars
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Refactor refresh tokens PermanentOrg/sftp-service
1 participant
@slifty