Conduit authentication currently supports two mechanisms:
- A session-based mechanism, where you use conduit.connect to establish a session.
- An undocumented stateless mechanism likely used only by Facebook.
The first mechanism is unnecessarily complex and makes Conduit slow (extra round trips) and hard to use (can't use CURL, pain to write clients). We should move away from it and deprecate it.
The actual wire token is needlessly complicated. We transmit a proof-of-token, not the token itself. The proof we transmit is not a request signature, so all this does is make replay attacks moderately more difficult. In practice, it just causes a bunch of issues for users with bad client or server timestamps or goofy environmental problems. No one has ever expressed interest in upgrading to a request signature scheme.
Because the wire token is needlessly complicated, the token/handshake/certificate UIs are also needlessly complicated and users hit a bunch of issues using them. These UIs should just be "generate session", which gives you a durable token, with attendant session management/review capabilities.
- Deprecate conduit sessions and conduit.connect.
- Support direct token-based auth (?token=abdef123) and make this the standard.
- Leave room for a proof-of-token + request-signature flavor of this eventually.
- Support SSH auth.
- Support multiple request encodings (likely BSON, protobuf, or messagepack). Leave JSON as the default, but in cases where messages can not be represented in JSON this gives us a plausible way forward.
- Fix the UIs to make handshakes and session management straightforward.