Allow selecting root public key by ID #154
Conversation
|
I started using this patch in my project by way of a |
|
Something that's a little odd about this approach: Given that we already merged #151 that exposed the |
|
In other libraries (biscuit-rust, biscuit-haskell at least), parsing and signature verification are done at the same time. This makes the library harder to misuse, and in the case of biscuit-haskell, this allows to abort parsing as soon as possible. (It is still possible to parse a biscuit into an I think the go library would benefit from this approach. |
If I follow you correctly, in the Go library, rather that having the existing |
In order to more easily accommodate rotating of root private keys when issuing biscuits, allow consumers to choose which root public key to use when verifying the biscuit based on the key ID embedded within it at composition time, if any. Consumers can then accept biscuits signed with several root keys, learning to accept signatures from a rolling set of both older and newer keys. Introduce the "(*Biscuit).AuthorizerFor" method as an eventual replacement for the longstanding "(*Biscuit).Authorizer" method, along with with two new options for supplying either a single public key or a mapping from ID to public key (together with an optional default public key to use when the biscuit in question embeds no root key ID). Alternately, callers may supply a projection function that consumes an optional root key ID.
seh
force-pushed
the
allow-selecting-root-key-by-id
branch
from
8bf6ea3 to
7b44ee4
Compare
I agree, but I'm not sure if you're proposing that as work to follow merging this proposed patch, or something we should pursue now instead of this patch? In other words, do we have any hope of this patch getting merged soon? |
|
i’m sorry i was not clear, that’s something i think should be done at some point, not instead of this |
|
patch looks good to me, i can merge it if you don’t have anything to add to it. thanks! |
Thank you. It's settled for me. I've been using it to good effect. After we merge it, I'll then start asking about a point or minor release of the module so that I can rely on a "real" version. |
See #155 for that request. |
In order to more easily accommodate rotating of root private keys when issuing biscuits, allow consumers to choose which root public key to use when verifying the biscuit based on the key ID embedded within it at composition time, if any. Consumers can then accept biscuits signed with several root keys, learning to accept signatures from a rolling set of both older and newer keys.
Introduce the
(*Biscuit).AuthorizerFormethod as an eventual replacement for the longstanding(*Biscuit).Authorizermethod, along with with two new options for supplying either a single public key or a mapping from ID to public key (together with an optional default public key to use when the biscuit in question embeds no root key ID). Alternately, callers may supply a projection function that consumes an optional root key ID.Fixes #150.