This is an attempt to clean up auth-related code. To summarize the main changes:
We don't use a global OIDC key cache any more.
The 4 JWT related functions in the NodeDelegate trait were removed, and the functionality was put in the JwtAuthProvider trait. NodeDelegate now just has one function to return an auth provider. This should make it easier to change this in the future. The new trait also exposes functions for signing and verifying keys, rather than giving the concrete keys.
SpacetimeIdentityClaims2 is now the only SpacetimeIdentityClaims.
Instead of using jsonwebkey in the token validation tests, we use the same key generate code that is used for standalone key generation. There were some small changes to the key generate code to make it easier to reuse.
Description of Changes
This is an attempt to clean up auth-related code. To summarize the main changes:
NodeDelegatetrait were removed, and the functionality was put in theJwtAuthProvidertrait.NodeDelegatenow just has one function to return an auth provider. This should make it easier to change this in the future. The new trait also exposes functions for signing and verifying keys, rather than giving the concrete keys.SpacetimeIdentityClaims2is now the onlySpacetimeIdentityClaims.jsonwebkeyin the token validation tests, we use the same key generate code that is used for standalone key generation. There were some small changes to the key generate code to make it easier to reuse.There is a corresponding private PR.
API and ABI breaking changes
None.
Expected complexity level and risk
Testing
Most of the unit tests for this code are in
token_validation.rs.