Make it easier to store credential flags correctly

[imirkin]

It seems like the general idea is to store the "raw" credential flags (i.e. a byte value) as of v0.11.0. However there's no practical example for how to store a credential -- just a generic "AddCredential" call. Given the json annotations, one might be tempted to take the Credential object and marshal it to JSON. However this will encode the flags "incorrectly", i.e. will not include the raw value.

Please consider making this easier. Ideas include custom marshal/unmarshal JSON handlers, an explicit serialize/deserialize for credential object, etc.

[james-d-elliott]

I can look at adding some decorator types to handle this, may as well not break people who're already using the existing. What issue have you actually had with the Credential Flags as is?

[imirkin]

I haven't had any issues. I just read the documentation note about v0.11 which basically says that some of the stored credentials may be bad if one just used json.Marshal(credential). And the problem will continue until the full raw flags are stored.

So maybe some sort of MarshalJSON function which stores the raw value when available rather than the flags individually (and similar unmarshal)?

Or perhaps I misunderstood the issue entirely?

[james-d-elliott]

The specific issue was the introduction of some of these flags in later specs and the requirement to validate them. In 0.11 we added the appropriate validations. However prior to 0.11 the flags were not included in the Credential struct. This meant that the BE flag which MUST NOT change at any point in a credentials lifetime would be 0 / false in the credential struct for those who didn't manually save the credential flags and restore them, which would be considered invalid if a login occurred where it was set to 1 / true.

I would recommend saving the raw value regardless so that it is always accurate if the spec changes, and I can't recall exactly why I didn't make that the value to store, I suspect it's probably due to the boolean values being more helpful to implementers which sounds like me. So there is no harm in adding the tooling to make this possible.

[imirkin]

Right, so the whole thing is about implementing your recommendation of saving the raw value -- as it stands, we're told to save the "credential" after registration somehow. So if I just json.Marshal it, would be nice if that were enough.

[imirkin]

Or put another way, what's the recommended way of saving the credential? Basically I just need to make a blob that will be able to be restored as a credential later on.