Page MenuHomePhabricator

Add Conduit Tokens to make authentication in Conduit somewhat more sane
ClosedPublic

Authored by epriestley on Dec 12 2014, 9:41 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Mar 20, 8:26 PM
Unknown Object (File)
Tue, Mar 5, 12:25 AM
Unknown Object (File)
Feb 25 2024, 2:57 AM
Unknown Object (File)
Feb 3 2024, 1:28 AM
Unknown Object (File)
Feb 1 2024, 12:45 AM
Unknown Object (File)
Jan 31 2024, 7:45 PM
Unknown Object (File)
Jan 31 2024, 7:35 PM
Unknown Object (File)
Jan 31 2024, 5:58 PM
Subscribers
Tokens
"Grey Medal" token, awarded by btrahan.

Details

Summary

Ref T5955. Summary of intended changes:

Improve Granularity of Authorization: Currently, users have one Conduit Certificate. This isn't very flexible, and means that you can't ever generate an API token with limited permissions or IP block controls (see T6706). This moves toward a world where you can generate multiple tokens, revoke them individually, and assign disparate privileges to them.

Standardize Token Management: This moves Conduit to work the same way that sessions, OAuth authorizations, and temporary tokens already work, instead of being this crazy bizarre mess.

Make Authentication Faster: Authentication currently requires a handshake (conduit.connect) to establish a session, like the web UI. This is unnecessary from a security point of view and puts an extra round trip in front of all Conduit activity. Essentially no other API anywhere works like this.

Make Authentication Simpler: The handshake is complex, and involves deriving hashes. The session is also complex, and creates issues like T4377. Handshake and session management require different inputs.

Make Token Management Simpler: The certificate is this huge long thing right now, which is not necessary from a security perspective. There are separate Arcanist handshake tokens, but they have a different set of issues. We can move forward to a token management world where neither of these problems exist.

Lower Protocol Barrier: The simplest possible API client is very complex right now. It should be curl. Simplifying authentication is a necessary step toward this.

Unblock T2783: T2783 is blocked on nodes in the cluster making authenticated API calls to other nodes. This provides a simpler way forward than the handshake mess (or enormous-hack-mess) which would currently be required.

Test Plan
  • Generated tokens.
  • Generated tokens for a bot account.
  • Terminated tokens (and for a bot account).
  • Terminated all tokens (and for a bot account).
  • Ran GC and saw it reap all the expired tokens.
NOTE: These tokens can not actually be used to authenticate yet!

Screen_Shot_2014-12-12_at_1.39.35_PM.png (1×1 px, 212 KB)

Diff Detail

Repository
rP Phabricator
Branch
ctoken1
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 3252
Build 3258: [Placeholder Plan] Wait for 30 Seconds

Event Timeline

epriestley retitled this revision from to Add Conduit Tokens to make authentication in Conduit somewhat more sane.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: btrahan.

I guess the description doesn't actually describe what this does: it adds a Conduit token mangement UI, similar to the existing management UIs for OAuth tokens, sessions, SSH keys, and temporary tokens.

  • Remove reference to HandshakeController which I haven't actually written yet.
btrahan edited edge metadata.
This revision is now accepted and ready to land.Dec 12 2014, 11:09 PM