You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, when we are adding the device metadata, we require that the attributes from the token parsed by bascule implements the RawAttributes interface in order to copy all of the claims into the device metadata:
This is currently fine, since our device access check mainly only uses partner-id. However, this can be problematic if we decide to add checks to the deviceAccessChecks section of the config that are not partner-id or trust, and device access check will fail. A possible solution is to instead get all of the claims that are described by the deviceCredentialPath in all of the configured checks that are listed in the config:
Currently, when we are adding the device metadata, we require that the attributes from the token parsed by bascule implements the
RawAttributesinterface in order to copy all of the claims into the device metadata:talaria/middleware.go
Line 26 in ee5fb72
If it doesn't implement the
RawAttributesinterface, we only copy thepartner-idandtrustclaims: https://github.com/xmidt-org/talaria/blob/ee5fb72dd3f6a2d3b8a86a770e7354d683cf315f/middleware.go#L29-#L36This is currently fine, since our device access check mainly only uses
partner-id. However, this can be problematic if we decide to add checks to thedeviceAccessCheckssection of the config that are notpartner-idortrust, and device access check will fail. A possible solution is to instead get all of the claims that are described by thedeviceCredentialPathin all of the configured checks that are listed in the config:talaria/talaria.yaml
Line 358 in ee5fb72
The text was updated successfully, but these errors were encountered: