Closed shotexa closed 3 days ago
github-actions[bot]
commented
3 days ago 16 files ±0 16 suites ±0 2s :stopwatch: ±0s 34 tests ±0 34 :white_check_mark: ±0 0 :zzz: ±0 0 :x: ±0 59 runs ±0 59 :white_check_mark: ±0 0 :zzz: ±0 0 :x: ±0
Results for commit 1a52bf58. ± Comparison against base commit 6117a3cc.
:recycle: This comment has been updated with latest results.
github-actions[bot]
commented
3 days ago 96 files ±0 96 suites ±0 22m 51s :stopwatch: -13s 826 tests ±0 818 :white_check_mark: ±0 8 :zzz: ±0 0 :x: ±0 833 runs ±0 825 :white_check_mark: ±0 8 :zzz: ±0 0 :x: ±0
Results for commit 1a52bf58. ± Comparison against base commit 6117a3cc.
:recycle: This comment has been updated with latest results.
patlo-iog
commented
3 days ago If it's just for analytic purpose, maybe you can just decode the raw JWT header directly. No need to actually verify token. The sub claim should represent the account in keycloak. (Other IAM might use opaque token though)
shotexa
commented
3 days ago If it's just for analytic purpose, maybe you can just decode the raw JWT header directly. No need to actually verify token. The
subclaim should represent the account in keycloak. (Other IAM might use opaque token though)
It is just for analytics yes.
I've decided to add a token (without decoding, just in <headers base64>.<claims base64>.<signature base64> format and API key. what is the need for decoding? would the token itself be unique per user anyway? :thinking:
Description:
This PR adds a browser fingerprint label to HTTP metrics, as well as API key or bearer token if present from headers
Alternatives Considered (optional):
Link to existing ADR (Architecture Decision Record), if any. If relevant, describe other approaches explored and the selected approach. Documenting why the methods were not selected will create a knowledge base for future reference, helping prevent others from revisiting less optimal ideas.
Checklist: