Skip to content

feat: integrate oidc digest#76

Merged
matias-gonz merged 4 commits intofeat/oidc-account-recoveryfrom
oidc/digest
Feb 21, 2025
Merged

feat: integrate oidc digest#76
matias-gonz merged 4 commits intofeat/oidc-account-recoveryfrom
oidc/digest

Conversation

@matias-gonz
Copy link
Member

@matias-gonz matias-gonz commented Feb 21, 2025

Description

Add nx to salt service
Generate oidc digest and save it

@matias-gonz
feat: add nx to salt
cb082d2 
add nx to salt
@matias-gonz
feat: integrate digest
b4da05d 
integrate digest
@matias-gonz
feat: add AUTH_SERVER_URL
88e98e9 
add AUTH_SERVER_URL
matias-gonz
matias-gonz commented Feb 21, 2025
View reviewed changes
packages/auth-server/components/account-recovery/google-flow/Step2.vue Outdated
Comment on lines +45 to +57
const response = await fetch("http://127.0.0.1:3003/salt", {
method: "GET",
headers: {
Authorization: `Bearer ${props.jwt.raw}`,
},
})
.then((res) => res.json())
.catch((e) => {
console.error(e);
});

const salt = response.salt;
const oidcDigest = new OidcDigest(props.jwt.iss, props.jwt.aud, props.jwt.sub, ByteVector.fromHex(salt)).serialize();
Copy link
Member Author

@matias-gonz matias-gonz Feb 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we keep it here or move it to /utils/salt.ts / /utils/oidcDigest.ts?

packages/oidc-server/src/salt-service.ts

const app = express();

app.use(cors({ origin: env.AUTH_SERVER_URL }));
Copy link
Member Author

@matias-gonz matias-gonz Feb 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need any more origins or a default?

Copy link

@calvogenerico calvogenerico Feb 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, let's be restrictive by default.

@github-actions
Copy link

github-actions bot commented Feb 21, 2025
edited
Loading

Visit the preview URL for this PR (updated for commit 5176d8d):

https://zksync-auth-server-staging--pr76-oidc-digest-6wakmmoc.web.app

(expires Fri, 28 Feb 2025 15:10:07 GMT)

🔥 via Firebase Hosting GitHub Action 🌎

Sign: 509a9c9ea42583076f531c53cf2979c544d5d0b7

matias-gonz
matias-gonz commented Feb 21, 2025
View reviewed changes
packages/auth-server/components/account-recovery/google-flow/Step2.vue Outdated
const { addOidcAccount, addOidcAccountIsLoading } = useRecoveryOidc();

if (props.jwt !== null) {
const response = await fetch("http://127.0.0.1:3003/salt", {
Copy link
Member Author

@matias-gonz matias-gonz Feb 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we keep a constant or use env?

Copy link

@calvogenerico calvogenerico Feb 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My vote is to use the runtimeconfig inside nuxt.config.ts.

It can be then accessed using useRuntimeConfig.

calvogenerico
calvogenerico approved these changes Feb 21, 2025
View reviewed changes
packages/oidc-server/src/salt-service.ts

const app = express();

app.use(cors({ origin: env.AUTH_SERVER_URL }));
Copy link

@calvogenerico calvogenerico Feb 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, let's be restrictive by default.

packages/auth-server/components/account-recovery/google-flow/Step2.vue Outdated
const { addOidcAccount, addOidcAccountIsLoading } = useRecoveryOidc();

if (props.jwt !== null) {
const response = await fetch("http://127.0.0.1:3003/salt", {
Copy link

@calvogenerico calvogenerico Feb 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My vote is to use the runtimeconfig inside nuxt.config.ts.

It can be then accessed using useRuntimeConfig.

@matias-gonz
refactor: move url to runtimeconfig
5176d8d 
move url to runtimeconfig
@matias-gonz matias-gonz merged commit 0c60a41 into feat/oidc-account-recovery Feb 21, 2025
4 checks passed
@matias-gonz matias-gonz deleted the oidc/digest branch February 21, 2025 15:15
cpb8010 pushed a commit that referenced this pull request Jul 16, 2025
@matias-gonz
feat: integrate oidc digest (#76)
2f6c8d0 
* feat: add nx to salt

add nx to salt

* feat: integrate digest

integrate digest

* feat: add AUTH_SERVER_URL

add AUTH_SERVER_URL

* refactor: move url to runtimeconfig

move url to runtimeconfig
cpb8010 pushed a commit that referenced this pull request Jul 16, 2025
@matias-gonz
feat: integrate oidc digest (#76)
05de4a9 
* feat: add nx to salt

add nx to salt

* feat: integrate digest

integrate digest

* feat: add AUTH_SERVER_URL

add AUTH_SERVER_URL

* refactor: move url to runtimeconfig

move url to runtimeconfig
cpb8010 pushed a commit that referenced this pull request Jul 16, 2025
@matias-gonz
feat: integrate oidc digest (#76)
378f8a0 
* feat: add nx to salt

add nx to salt

* feat: integrate digest

integrate digest

* feat: add AUTH_SERVER_URL

add AUTH_SERVER_URL

* refactor: move url to runtimeconfig

move url to runtimeconfig
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@calvogenerico calvogenerico calvogenerico approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@matias-gonz @calvogenerico