WIP docs/proposal: submit poll based binding by s-urbaniak · Pull Request #157 · kbind-dev/kbind

s-urbaniak · 2023-03-27T10:26:13Z

No description provided.

lhaendler · 2023-06-30T09:13:09Z

+  // +kubebuilder:validation:MinLength=1
+  ClusterID string `json:"clusterID"`
+
+  // sessionSecret is an ephemeral secret that is valid for this session only.


Is there an advantage to the back-end generating the session secret?

yes, as it is the only trusted source for the secret. clients could be compromised.

lhaendler · 2023-06-30T09:15:08Z

+- **MUST** The authentication URL includes a session ID query parameter `s` that was returned from the backend.
+- **MUST** The authentication URL includes a base64 encoded SHA256 HMAC signature query parameter `h` that is generated on client side.
+The signature signs a payload consisting of all request parameters, the host, scheme, and request body.
+- **MUST** The authentication URL includes a random nonce `n` that is generated on client side.


n is missing in the illustrations.

it is not really necessary for understanding the flow, it is a non-cryptographic unique number, could even be a counter.

lhaendler · 2023-06-30T09:17:35Z

+### Reference implementation
+
+The existing reference implementation needs to be extended to be able to handle the above described polling based approach.
+Most notably the existing implementation needs to maintain session state.


What does the session state contain? Probably

session secret

nonces used

cluster id

session id

used nonces are not necessary, they are just salting the request.

s-urbaniak · 2023-07-04T18:36:03Z

@lhaendler thanks a ton for the review! 🎉 I'll continue enhancing this in the next days 🎉

s-urbaniak · 2023-07-05T07:41:53Z

@lhaendler @sttts fyi: I'll rework this and will try to submit a new version of the proposal as I believe the process can indeed reuse OAuth device flow instead reinventing it.

s-urbaniak force-pushed the poll-based-approach branch 3 times, most recently from c6114df to bc0e163 Compare March 28, 2023 10:55

docs/proposal: submit poll based binding

5a368fc

s-urbaniak force-pushed the poll-based-approach branch from bc0e163 to 5a368fc Compare March 28, 2023 13:22

s-urbaniak mentioned this pull request Mar 28, 2023

Community Meeting March 28 2023 kcp-dev/kcp#2926

Closed

lhaendler reviewed Jun 30, 2023

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

WIP docs/proposal: submit poll based binding#157

WIP docs/proposal: submit poll based binding#157
s-urbaniak wants to merge 1 commit into
kbind-dev:mainfrom
s-urbaniak:poll-based-approach

s-urbaniak commented Mar 27, 2023

Uh oh!

lhaendler Jun 30, 2023

Uh oh!

s-urbaniak Jul 5, 2023

Uh oh!

lhaendler Jun 30, 2023

Uh oh!

s-urbaniak Jul 5, 2023

Uh oh!

lhaendler Jun 30, 2023

Uh oh!

s-urbaniak Jul 5, 2023

Uh oh!

s-urbaniak commented Jul 4, 2023

Uh oh!

s-urbaniak commented Jul 5, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

Conversation

s-urbaniak commented Mar 27, 2023

Uh oh!

lhaendler Jun 30, 2023

Choose a reason for hiding this comment

Uh oh!

s-urbaniak Jul 5, 2023

Choose a reason for hiding this comment

Uh oh!

lhaendler Jun 30, 2023

Choose a reason for hiding this comment

Uh oh!

s-urbaniak Jul 5, 2023

Choose a reason for hiding this comment

Uh oh!

lhaendler Jun 30, 2023

Choose a reason for hiding this comment

Uh oh!

s-urbaniak Jul 5, 2023

Choose a reason for hiding this comment

Uh oh!

s-urbaniak commented Jul 4, 2023

Uh oh!

s-urbaniak commented Jul 5, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants