Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Relax format restrictions on authentication tokens #1978

Merged
merged 1 commit into from
Sep 25, 2023

Conversation

divergentdave
Copy link
Collaborator

This relaxes the requirements we place on authentication tokens. The last time we changed this, we required that all DAP-Auth-Token and Authorization: Bearer values were in unpadded base64url. This causes problems when using the interop test API outside of Janus's integration tests, because it's more restrictive than it used to be. In one case, I was using structured values for these, consisting of a word describing the token's role, a hyphen, and then some random hexadecimal bytes. This failed the base64url check in one case because it had an impossible length. (base64 cannot produce an output with length one more than a multiple of four, ignoring padding)

This PR places different, looser, validation requirements on each kind of authentication token. For DAP-Auth-Token, we require that the value be a valid HTTP header value. (i.e. we exclude some nonprintable control characters) Unlike in older versions, we also require that the value be valid UTF-8. (this makes implementation simpler, and there's no need to go out of our way supporting invalid UTF-8 inside a HTTP payload) For Authorization: Bearer, we check against the language described in RFC 6750. In addition to unpadded base64url, we will now support other base64 variants, compact JWT, and other formats that fit in the expanded alphabet. For both kinds of authentication tokens, we still generate their values internally by base64url-encoding random bytes.

This change ought to go in now, during our pre-release window, because it makes breaking changes to variants of a public enum.

@divergentdave divergentdave requested a review from a team as a code owner September 25, 2023 14:46
Copy link
Contributor

@inahga inahga left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍. This should also make it a bit easier to generate valid tokens at the shell, i.e. can just do openssl rand 32 | base64.

core/src/task.rs Outdated
@@ -632,30 +632,30 @@ pub enum AuthenticationToken {
/// [2]: https://datatracker.ietf.org/doc/html/draft-dcook-ppm-dap-interop-test-design-03#section-4.3.3
/// [3]: https://datatracker.ietf.org/doc/html/draft-dcook-ppm-dap-interop-test-design-03#section-4.4.2
/// [4]: https://datatracker.ietf.org/doc/html/draft-ietf-ppm-dap-01#name-https-sender-authentication
DapAuth(TokenInner),
DapAuth(DapAuthTokenInner),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider just having these be BearerToken and DapAuthToken. The Inner suffix suggests that there's some different public opaque outer type, which is not the case here.

core/src/task.rs Outdated
/// Base64 alphabet, as specified in [RFC 4648 section 5][1]. The unpadded, URL-safe Base64 string
/// is the canonical form of the token and is used in configuration files, Janus aggregator API
/// requests and HTTP authentication headers.
/// This token is used directly in HTTP request headers without further encoding and so much be a
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
/// This token is used directly in HTTP request headers without further encoding and so much be a
/// This token is used directly in HTTP request headers without further encoding and so must be a

@divergentdave divergentdave merged commit fde0ff7 into main Sep 25, 2023
@divergentdave divergentdave deleted the david/relax-auth-token branch September 25, 2023 17:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants