Nathan Lie

icon indicating an email [email protected]

icon location Software Engineer at the Interledger Foundation

Results 38 issues of Nathan Lie

Support grant issuance without interaction

For some access types, like `incoming-payments`, the AS should support issuing the access tokens for these grants immediately without requiring interaction from the user. `incoming-payments` shouldn't carry any financial risk...

Validate `/introspect` with RS key instead of client key

3 comment

Bind the RS to the AS in some way, then use that binding to determine if the key submitted in the request belongs to said RS and then validate the...

Audit security of shared secret between identity provider and auth server

Document Grant Interaction Flow

Once a grant is initialized, there are four main endpoints that are used as part of an interaction to authorize the grant, if the AS deems it necessary. The endpoints,...

Host auth server api endpoints intended for IDPs on separate server

Host the following on a separate server from the main AS: ``` GET /grant/:interactId/:nonce POST /grant/:interactId/:nonce/accept POST /grant/:interactId/:nonce/reject ```

Factor out interaction functionality out of `/grant`

There's a bunch of stuff that's interaction specific in `/grant/service.ts` and `/grant/routes.ts` that could be factored out into its own directory.

type: quality

feat(auth): use split auth specs in app

1 comment

## Changes proposed in this pull request - Updates the AS to use the split openAPI specs. ## Context With the updated OpenAPI specs, this branch now suffers from https://github.com/interledger/rafiki/issues/630...

type: tests
type: source
pkg: auth

Update interaction finish body in Auth OpenAPI specs

Once https://github.com/interledger/rafiki/pull/684 is merged in, re-introduce the changes introduced in https://github.com/interledger/open-payments/pull/202 in the Rafiki repo.

Add content-digest verification to httpsig verification.

2 comment

The content-digest signature component contains a sha-256 hash of the request body. The AS httpsig verifier should verifiy this hash by hashing the request body and making sure it matches.

Validate GNAP requests with OpenAPI

1 comment

From https://github.com/interledger/rafiki/pull/343#discussion_r880691528: > 🤔 Maybe this OpenAPI validation middleware (#339) could be a workspace in the monorepo: [https://github.com/interledger/rafiki/tree/bw-openapi/packages/backend/src/openapi](https://github.com/interledger/rafiki/tree/bw-openapi/packages/backend/src/openapi?rgh-link-date=2022-05-24T16%3A04%3A12Z) Then this could validate requests based on [https://github.com/interledger/open-payments/blob/master/auth-server-open-api-spec.yaml](https://github.com/interledger/open-payments/blob/master/auth-server-open-api-spec.yaml?rgh-link-date=2022-05-24T16%3A04%3A12Z) See: https://github.com/interledger/rafiki/pull/339/commits/4556d21258dc2c8c61d3b0f735b6a50d2f430b14