@@ -634,6 +634,8 @@ import CZitiPrivate
634634 private static func runQueryProviders( zid: ZitiIdentity ,
635635 cb: @escaping ( _ providers: [ ZitiEvent . JwtSigner ] ? , _ error: ZitiError ? ) -> Void ) {
636636 let ziti = Ziti ( withId: zid)
637+ // All event callbacks, timer callbacks, and perform {} blocks run serially
638+ // on the single uv loop thread, so `completed` needs no synchronization.
637639 var completed = false
638640
639641 // Listen for auth events - SelectExternal carries the provider list
@@ -743,7 +745,9 @@ import CZitiPrivate
743745 ? { $0. canCertEnroll }
744746 : { $0. canTokenEnroll }
745747
746- // Track whether enrollment config has been received (waiting for context to authenticate)
748+ // Track whether enrollment config has been received (waiting for context to authenticate).
749+ // All event callbacks and perform {} blocks run serially on the single uv loop thread,
750+ // so this flag needs no synchronization.
747751 var enrollmentConfigReceived = false
748752 let tempKeychainTag = zid. id // UUID used for keychain until real ID is known
749753
@@ -917,7 +921,6 @@ import CZitiPrivate
917921 certPEMPtr = UnsafeMutablePointer< Int8> . allocate( capacity: certPEM!. count + 1 )
918922 certPEMPtr!. initialize ( from: certPEM!, count: certPEM!. count + 1 )
919923 } else {
920- // is there any way to know at this point that ext auth is needed? maybe check ext auth signers? add "extAuthEnabled" field?
921924 log. debug ( " identity \( id. id) does not have certificates. this is ok if using external authentication " )
922925 }
923926
0 commit comments