-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authorization Header expects LSAT, conflicts with Protocol Specification #109
Comments
Good eye, the bLIP spec (which'l replace the spec at that link above), has this section on backwards compat: https://github.com/lightning/blips/blob/d2a8c19ec6f49677d942d1c03f3ab0a3362e7b39/blip-0026.md#backwards-compatibility We should make it clearer though, add test vectors, and also update Aperture to recognize both in the libs. One challenge is that many clients (eg: Lightning Labs liquidity related products) use the existing
Only a single |
It's kind of weird that we changed the header to L402 if both clients and servers will have to keep the backwards compatibility for ever. Should we have left as LSAT in the header for ever then? I think it is early enough for the protocol to deprecate the LSAT (even if aperture still supports it until all clients have been updated) while making sure "new" implementations or deployments use the L402. The idea would be to update Aperture/LL clients as: Aperture
LL Clients
In this way, new deployments of aperture will use L402 by default that looks like new client implementations support. The LL servers will be able to serve old and new clients as long as they understand LSAT in the challenge. As long as all new clients always sent L402, we can track how many clients in the wild do not understand L402 in the challenge, and switch to L402 by default as soon as there are no old clients left. For other libraries/servers out it can be summarize it as: Server: send L402 if new. Keep sending LSAT challenges but accept L402/LSAT in the auth headers. and eventually kill the LSAT. There is a branch in my fork adding the LSAT/L402 handling in the client (when receiving the challenge) and the server (when checking the credentials in the auth header. If I get green light I can add the config for the default (LSAT or L402) when the server creates the challenge + default to L402 when the client sends the header 👍 |
First of all, thanks for Aperture. We have been playing around with it and its great.
Seems like the Authorization Header checker is looking for the
LSAT
prefix, while the protocol specification says the value should beL402
.This piece of code seems to be the cause:
The text was updated successfully, but these errors were encountered: