Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make encoding user groups in access tokens configurable #2085

Merged
merged 5 commits into from
Sep 21, 2021
Merged

Make encoding user groups in access tokens configurable #2085

merged 5 commits into from
Sep 21, 2021

Conversation

ishank011
Copy link
Contributor

@ishank011 ishank011 commented Sep 20, 2021
edited
Loading

This PR adds a shared config parameter skip_user_groups_in_token which can be used to control whether user groups should be encoded in the reva access tokens or not. If these are skipped, these are retrieved from the userprovider service and cached in the authentication interceptors, where these tokens are dismantled.

Closes #2084

@ishank011 ishank011 requested a review from labkode as a code owner September 20, 2021 11:59
@ishank011 ishank011 force-pushed the jwt-token-reduce-size branch from 3dcbb3f to bfe1d61 Compare September 20, 2021 15:49
@ishank011 ishank011 changed the title Don't encode user groups in JWT tokens Make encoding user groups in access tokens configurable Sep 20, 2021
@ishank011 ishank011 requested a review from glpatcern September 20, 2021 15:53
@ishank011 ishank011 force-pushed the jwt-token-reduce-size branch from edfaef0 to dfc453f Compare September 20, 2021 16:18
@ishank011
Copy link
Contributor Author

Size of token for user einstein (member of three groups):

  • Before the change: 620 bytes
  • After the change: 538 bytes

@ishank011 ishank011 mentioned this pull request Sep 21, 2021
Closed
glpatcern
glpatcern approved these changes Sep 21, 2021
View reviewed changes
Copy link
Member

@glpatcern glpatcern left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, as far as I can understand. Hopefully we'll see the immediate benefit with the token provided to WOPI :)

@ishank011
Copy link
Contributor Author

Merging, since all the changes are controlled by a flag so we've ensured it doesn't break anything.

@ishank011 ishank011 merged commit 912cd44 into cs3org:master Sep 21, 2021
@ishank011 ishank011 deleted the jwt-token-reduce-size branch September 21, 2021 12:09
glpatcern pushed a commit to glpatcern/reva that referenced this pull request Sep 23, 2021
@ishank011 @glpatcern
Make encoding user groups in access tokens configurable (cs3org#2085)
ffddc30
@ishank011 ishank011 mentioned this pull request Sep 29, 2021
Closed
@glpatcern glpatcern mentioned this pull request Oct 1, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@glpatcern glpatcern glpatcern approved these changes

@labkode labkode Awaiting requested review from labkode

@butonic butonic Awaiting requested review from butonic

@C0rby C0rby Awaiting requested review from C0rby

@wkloucek wkloucek Awaiting requested review from wkloucek

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Reduce JWT token size
2 participants
@ishank011 @glpatcern