-
Notifications
You must be signed in to change notification settings - Fork 432
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PDS proxy to appview performance #2773
Conversation
return nodeCrypto.createPrivateKey(privKeyEncoded) | ||
} | ||
|
||
describe('entryway auth', () => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Testing expiration could be nice too!
} | ||
|
||
const res = await jose | ||
.jwtVerify(token, this.entrywayJwtPublicKey) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For good measure, we should ensure that the right issuer is used, even if this should already be covered by the fact that entrywayJwtPublicKey
is specific to entryway.
Maybe the payload's iss
can be used to determine if this method should be used (in standardOptionalParameterized
)
.jwtVerify(token, this.entrywayJwtPublicKey) | |
.jwtVerify(token, this.entrywayJwtPublicKey, { iss: ... }) |
Introduces a temporary measure where a PDS can proxy directly through to the appview without signing a service auth header. This is mean to reduce load on Bluesky PDS instances, and is not intended to be implemented by other Appviews in the network. While this is a bit awkward, it is directionally aligned with possible plans to have the client talk directly to the Appview.