Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate 'aud' in DID Token #111

Merged
merged 4 commits into from
Jul 10, 2023
Merged

Validate 'aud' in DID Token #111

merged 4 commits into from
Jul 10, 2023

Conversation

magic-ravi
Copy link
Contributor

@magic-ravi magic-ravi commented Jun 29, 2023
edited
Loading

📦 Pull Request

  • Add Admin SDK support for Magic Connect
  • Validate aud in DID Token against the client ID associated with the secret key.
  • Pull client ID from Magic servers using secret key if not present.
  • Skip validation of attachments if the string 'none' is passed. (This will make it easier for 3rd Party wallets (like Metamask) to sign DID tokens.

✅ Fixed Issues

N/A

🚨 Test instructions

  1. yarn build && npm link
  2. In new repo run npm link @magic-sdk/admin@1.10.0
  3. Try the following code snippet
const { Magic } = require('@magic-sdk/admin');

const maSecretKey = "";
const mcSecretKey = "";
const maClientId = "";

const DIDT = "";

async function exec() {
    const magicAuth = await Magic.init(maSecretKey);
   magicAuth.token.validate(DIDT);
    console.log("MA Token validated.")
    const metadataResult = await magicAuth.users.getMetadataByToken(DIDT);
    console.log(metadataResult);

   // old constructor way
   const oldMagicAuth = new Magic(maSecretKey);
   oldMagicAuth.token.validate(DIDT);
   console.log(oldMagicAuth.users.getMetadataByToken(DIDT));

    const magicConnect = await Magic.init(mcSecretKey);
    // Should fail
    try {
        await magicConnect.token.validate(DIDT);
    } catch (e) {
       console.log(e);
    }
    try {
        await magicConnect.users.getMetadataByToken(DIDT);
    } catch (e) {
        console.log(e);
    }

    const magicConnectWithClient = await Magic.init(mcSecretKey, {clientId: maClientId});
    await magicConnectWithClient.token.validate(DIDT);
    console.log("MC Token validated with MA client ID.");
}

⚠️ Don't forget to add a semver label!

@magic-ravi magic-ravi self-assigned this Jun 29, 2023
justinnout
justinnout previously approved these changes Jun 29, 2023
View reviewed changes
@magic-ravi magic-ravi added the major Increment the major version when merged label Jun 29, 2023
@magic-ravi magic-ravi marked this pull request as ready for review June 29, 2023 20:03
justinnout
justinnout previously approved these changes Jun 29, 2023
View reviewed changes
Dizigen
Dizigen reviewed Jul 10, 2023
View reviewed changes
README.md
});
// Validate a token
try {
magic.token.validate("DIDToken");
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NIT: this can be extracted into a variable

@magic-ravi magic-ravi merged commit 1720c53 into master Jul 10, 2023
1 check passed
@magic-ravi magic-ravi deleted the ravi-sc80094-ValidateAud branch July 10, 2023 18:13
@magiclabsFE
Copy link

🚀 PR was released in v2.0.0 🚀

@magiclabsFE magiclabsFE added the released This issue/pull request has been released. label Jul 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Dizigen Dizigen Dizigen approved these changes

@justinnout justinnout Awaiting requested review from justinnout

Assignees

@magic-ravi magic-ravi

Labels
major Increment the major version when merged released This issue/pull request has been released.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@magic-ravi @magiclabsFE @Dizigen @justinnout