Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Several consumers of Panda are exposed to internals that maybe could be avoided #153

Open
rtyley opened this issue Aug 8, 2024 · 0 comments

Comments

@rtyley
Copy link
Member

rtyley commented Aug 8, 2024

If a consumer calls the current PanDomain.authStatus method, or directly references 'PublicKey', it's possibly exposed to internals of Panda that we might be able to avoid.

The above examples are calling PanDomain.authStatus, which means they express in their own code the assumption that Panda uses a single PublicKey to perform verification. That assumption will be broken by #150 - at that point the consumer code can be updated to cope with that, but maybe even better would be for the consumer code to make no assumption at all- could we just ask Panda "Is this cookie valid?", without having to reference a 'public key' at all...?

rtyley added a commit to guardian/login.gutools that referenced this issue Aug 9, 2024
This is pretty minor change, but due to guardian/pan-domain-authentication#147
and guardian/pan-domain-authentication#153, there are a couple of changes required:

* imports for `PublicKey`
*
rtyley added a commit to guardian/login.gutools that referenced this issue Aug 9, 2024
This is pretty minor change, but due to guardian/pan-domain-authentication#147
and guardian/pan-domain-authentication#153, there are a couple of changes required:

* imports for `PublicKey`
* `settings.privateKey` becomes `settings.signingKeyPair.getPrivate`
rtyley added a commit to guardian/login.gutools that referenced this issue Aug 9, 2024
This is pretty minor change, but due to guardian/pan-domain-authentication#147
and guardian/pan-domain-authentication#153, there are a couple of changes required:

* imports for `PublicKey`
* `settings.privateKey` becomes `settings.signingKeyPair.getPrivate`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant