ROKMETRO Updates

[roberlander2]

Description

This PR merges in updates from the ROKMETRO team, which includes WebAuthn authentication, a split of existing AccountAuthType data into AccountAuthType and AccountIdentifier to allow users to authenticate with any identifier/auth type combination, account following support, app org token duration policies, and various bug fixes and logging improvements.

All of these changes should be backwards compatible with existing client applications and existing building blocks. This is a combination of many different changes, so please let me know if you notice any issues or have questions or concerns. Thanks!

Resolves #659, #677, #472, #674

Review Time Estimate

Please give your idea of how soon this pull request needs to be reviewed by selecting one of the options below. This can be based on the criticality of the issue at hand and/or other relevant factors.

• [ ] Immediately
• [ ] Within a week
• [x] When possible

Type of changes

Please select a relevant option:

• [x] Bug fix (non-breaking change which fixes an issue).
• [x] New feature (non-breaking change which adds functionality).
• [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected).
• [ ] Other (any another change that does not fall in one of the above categories.)

Checklist:

Please select all applicable options:

• [x] I have signed the Rokwire Contributor License Agreement (CLA). (Any contributor who is not an employee of the University of Illinois whose official duties include contributing to the Rokwire software, or who is not paid by the Rokwire project, needs to sign the CLA before their contribution can be accepted.)
• [x] I have updated the CHANGELOG.
• [x] I have read the Contributor Guidelines.
• [x] I have performed a self-review of my own code.
• [x] I have commented my code, particularly in hard-to-understand areas.
• [x] My change requires updating the documentation.
• [x] I have made necessary changes to the documentation.
• [ ] I have added tests related to my changes.
• [x] My changes generate no new warnings.
• [x] New and existing unit tests pass locally with my changes.
• [x] Any dependent changes have been merged and published in downstream modules.

---

[roberlander2]

Hi @roberlander2 ,

I am back on reviewing this. The review is in progress. I left two comments. Also, do we need to add (or update) any environment variables with these changes? Thanks.

Thank you @petyos,

There are five new environment variables (listed below) and all are optional. The first two are used to set parameters that determine how verification emails are sent to users and the last three are used to support private key rotation for the service (we should only set them when we want to perform a rotation).

• ROKWIRE_CORE_VERIFY_WAIT_TIME
• ROKWIRE_CORE_VERIFY_EXPIRY
• ROKWIRE_CORE_OLD_SUPPORT_LEGACY_SIGNATURES
• ROKWIRE_CORE_OLD_AUTH_PRIV_KEY
• ROKWIRE_CORE_OLD_AUTH_PRIV_KEY_PATH

[petyos]

Hi @roberlander2 , I am back on reviewing this. The review is in progress. I left two comments. Also, do we need to add (or update) any environment variables with these changes? Thanks.

Thank you @petyos,

There are five new environment variables (listed below) and all are optional. The first two are used to set parameters that determine how verification emails are sent to users and the last three are used to support private key rotation for the service (we should only set them when we want to perform a rotation).

* ROKWIRE_CORE_VERIFY_WAIT_TIME

* ROKWIRE_CORE_VERIFY_EXPIRY

* ROKWIRE_CORE_OLD_SUPPORT_LEGACY_SIGNATURES

* ROKWIRE_CORE_OLD_AUTH_PRIV_KEY

* ROKWIRE_CORE_OLD_AUTH_PRIV_KEY_PATH

Ok, thanks!

[roberlander2]

@roberlander2 remember to update rokmetro:rokwire-develop with changes from rokmetro:develop in addition to rokwire:develop.