hyperswitch icon indicating copy to clipboard operation
hyperswitch copied to clipboard

Published 20 hours ago verified publisher icon juspay

feat(users): Implemented cookie parsing for auth

Open racnan opened this issue 10 months ago • 2 comments

Type of Change

  • [ ] Bugfix
  • [X] New feature
  • [ ] Enhancement
  • [ ] Refactoring
  • [ ] Dependency updates
  • [ ] Documentation
  • [ ] CI/CD

Description

This is the second PR for cookie implementation. In this PR, cookie header is parsed to retrieve JWT that was set during dashboard entry. This PR does not remove old auth flow where Authorization header was used to retrieve JWT from request. Instead, it compares the JWT retrieved from Authorization header and Cookie header and logs the result.

Additional Changes

  • [ ] This PR modifies the API contract
  • [ ] This PR modifies the database schema
  • [ ] This PR modifies application configuration/environment variables

Motivation and Context

Storing JWT in cookies instead of local storage.

How did you test it?

No testing required, feature is not complete and hence is not enabled.

Checklist

  • [X] I formatted the code cargo +nightly fmt --all
  • [X] I addressed lints thrown by cargo clippy
  • [X] I reviewed the submitted code
  • [ ] I added unit tests for my changes where possible
  • [ ] I added a CHANGELOG entry if applicable

racnan avatar Apr 04 '24 10:04 racnan

Either auth_type function should be changed to use parse_jwt_payload function or is_jwt_auth function should also check in cookies for the jwt.

https://github.com/juspay/hyperswitch/blob/63d2b6855acee1adeae2efff10f424e056af0bcb/crates/router/src/services/authentication.rs#L975

@ThisIsMani As mentioned in the description, this pr doesn't use cookies for auth. This is just parsing cookies and checking if it is working as expected. Not changing any of the old flows in this pr. If, by analysing logs, we are happy with cookie parsing then we would move from old flow to new one.

racnan avatar Apr 04 '24 12:04 racnan

@ThisIsMani As mentioned in the description, this pr doesn't use cookies for auth. This is just parsing cookies and checking if it is working as expected. Not changing any of the old flows in this pr. If, by analysing logs, we are happy with cookie parsing then we would move from old flow to new one.

My bad, makes sense.

ThisIsMani avatar Apr 04 '24 12:04 ThisIsMani