James Hodgkinson
James Hodgkinson
> the kanidm server processes the intent to logout (decision about sync vs async needed here ... probably sync) I'd say a sync processing of the logout request would be...
> sync vs replication delays Replication delay's always going to be a thing, and it's always part of the expectations management I guess. From a kill-(this|all)-tokens perspective I'd argue for...
Ah, I think one feeds into the other, from my understanding - OT's about a single format for collating (not necessarily collecting) and exposing things
I've made a mess of things in ^ there but as discussed this could be part of work around making uuid2spn more ergonomic.
If this isn't ready to merge, could you please turn it a draft?
XFF is currently supported by the tide config as-is: ```shell curl -H "X-Forwarded-For: 1.2.3.4" https://kanidm.example.com/fooooooo ``` Slightly reformatted logs: ``` [security.info]: Request received | src: "1.2.3.4" | http.host: "kanidm.example.com" |...
Looks sensible so far, thanks for putting it into words 😄 ## Implicit scope removal For the migration to the new config and removal of implicit scopes, would it be...
It does look that way - were we going to make the origin public?
I wouldn't call this done - so far it's only taking env vars for the current command line things (config file path, etc), not the things _in_ the config files......
Cheering along the current ideas - one API endpoint for a given action regardless of target UUID makes a lot more sense than having to support multiple routes 😄 I'd...