feature(agent,pkg): remove timed authentication #4022
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
henrybarreto
force-pushed
the
chore/agent_remove_ping
branch
from
434d164 to
24b3645
Compare
henrybarreto
force-pushed
the
chore/agent_remove_ping
branch
from
24b3645 to
4de5ccb
Compare
henrybarreto
force-pushed
the
chore/agent_remove_ping
branch
from
4de5ccb to
7270bfc
Compare
henrybarreto
changed the title
henrybarreto
force-pushed
the
chore/agent_remove_ping
branch
from
7270bfc to
a40fb05
Compare
henrybarreto
force-pushed
the
chore/agent_remove_ping
branch
from
a40fb05 to
93d0c9f
Compare
henrybarreto
changed the title
henrybarreto
added
kind/feature
henrybarreto
force-pushed
the
chore/agent_remove_ping
branch
from
93d0c9f to
6ef1258
Compare
henrybarreto
force-pushed
the
chore/agent_remove_ping
branch
from
6ef1258 to
9713079
Compare
To replace the re-authentication process that could be required if the server changed its API or SSH keys, we've added an a new error check on the dial process, that verify whether a `401` error is returned when the reverse tunnel is initialized to the server.
henrybarreto
force-pushed
the
chore/agent_remove_ping
branch
2 times, most recently
from
e29fe6a to
652f881
Compare
henrybarreto
force-pushed
the
chore/agent_remove_ping
branch
from
652f881 to
bffd81c
Compare
henrybarreto
force-pushed
the
chore/agent_remove_ping
branch
from
c739e48 to
fe513d7
Compare
|
Authentication request is critical for the device presence on ShellHub, what makes its remotion difficult to do. One of the main limitations is the addition of devices to a namespace. When it is initialized, it authenticates on the namespace, and starts to listen for connections. If the device, after being accepted, is removed, the Agent won't notice it until it loses the connection to the server, showing it as offline in the system. To remove timed authentication, we should also be able to identify this deletion on the tunnel, or refactor core components for device to server communication, possibly breaking compatibility. JWT invalidation is also a problem, as the connection could also remain open while the tunnel is established. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.