Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Token Refactor Step 5: Improve Audience Handling #3747

Closed
Tracked by #3743
paullatzelsperger opened this issue Dec 29, 2023 · 1 comment · Fixed by #3786
Closed
Tracked by #3743

Token Refactor Step 5: Improve Audience Handling #3747

paullatzelsperger opened this issue Dec 29, 2023 · 1 comment · Fixed by #3786
Assignees
@wolf4ood
Labels
breaking-change Will require manual intervention for version update core feature dataspace-protocol related to the dataspace protocol dcp enhancement New feature or request refactoring Cleaning up code and dependencies

Comments

@paullatzelsperger
Copy link
Member

Feature Request

Currently, the aud claim of tokens is always derived from the remote message's counterPartyAddress property, which contains the DSP callback address, which
is obviously incorrect.

What the aud claim is supposed to contain will depend on the type of IdentityService: IATP may use a DID, OAuth2 may use a URL, etc. To accommodate that, the RemoteMessage will
get a counterPartyId field which is assigned by the IdentityService implementation upon message egress and can be obtained from a prior ContractNegotiation or TransferProcess.

On message ingress, the IdentityService validates the audience. This is already in place and does not need to change.

Which Areas Would Be Affected?

dsp protocol layers

Why Is the Feature Desired?

Use the correct audience depending on the IdentityService impl

Solution Proposal

  • Add RemoteMessage#getCounterPartyId()
  • Adjust TokenParameters: 
    - private String audience;
+ private String counterPartyId;
+ private String counterPartyAddress;
@paullatzelsperger paullatzelsperger added breaking-change Will require manual intervention for version update core feature dataspace-protocol related to the dataspace protocol enhancement New feature or request dcp refactoring Cleaning up code and dependencies labels Dec 29, 2023
@paullatzelsperger paullatzelsperger mentioned this issue Dec 29, 2023
Closed
9 tasks
@github-actions GitHub Actions
Copy link

This issue is stale because it has been open for 14 days with no activity.

@github-actions github-actions bot added the stale Open for x days with no activity label Jan 13, 2024
@wolf4ood wolf4ood removed the stale Open for x days with no activity label Jan 16, 2024
@wolf4ood wolf4ood self-assigned this Jan 16, 2024
@wolf4ood wolf4ood mentioned this issue Jan 17, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wolf4ood wolf4ood

Labels
breaking-change Will require manual intervention for version update core feature dataspace-protocol related to the dataspace protocol dcp enhancement New feature or request refactoring Cleaning up code and dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: improve audience handling wolf4ood/DataSpaceConnector
2 participants
@wolf4ood @paullatzelsperger