Skip to content

feat: hide auth details from listNetwork and mint self-signed token server-side#1872

Merged
mjuchli-da merged 8 commits into
mainfrom
mjuchli/list-networks-restricted
May 27, 2026
Merged

feat: hide auth details from listNetwork and mint self-signed token server-side#1872
mjuchli-da merged 8 commits into
mainfrom
mjuchli/list-networks-restricted

Conversation

@mjuchli-da
Copy link
Copy Markdown
Contributor

@mjuchli-da mjuchli-da commented May 22, 2026
edited
Loading

Closes #1802

Since we want to hide sensitive information such as the clientSecret to be exposed via the API, we need to handle the self-signed login server-side. This PR therefore introduces a new endpoint selfSignedAccessToken to issue an access token.

In a follow-up, one could think of combining this call with the creation of a Session (currently the workflow is: selfSignedAccessToken + addSession) and return the session object to the frontend.

mjuchli-da added 2 commits May 22, 2026 10:57
@mjuchli-da
feat: hide secret details from listNetwork
84bd68d 
The absence of the clientSecret also implies that the self-signed login
can no longer be done on the frontend. Instead, the backend now must
mint a self-signed token.

Signed-off-by: Marc Juchli <marc.juchli@digitalasset.com>
@mjuchli-da
mint self signed access token on server
1815100 
Signed-off-by: Marc Juchli <marc.juchli@digitalasset.com>
@mjuchli-da mjuchli-da self-assigned this May 22, 2026
@mjuchli-da mjuchli-da marked this pull request as draft May 22, 2026 16:52
mjuchli-da added 2 commits May 26, 2026 10:29
@mjuchli-da
minor adjustments
6efd058 
Signed-off-by: Marc Juchli <marc.juchli@digitalasset.com>
@mjuchli-da
renaming
6884ff0 
Signed-off-by: Marc Juchli <marc.juchli@digitalasset.com>
@mjuchli-da mjuchli-da marked this pull request as ready for review May 26, 2026 09:05
mjuchli-da and others added 3 commits May 26, 2026 13:11
@mjuchli-da
types
a2ed9c8 
Signed-off-by: Marc Juchli <marc.juchli@digitalasset.com>
@mjuchli-da
fix test
52a36da 
Signed-off-by: Marc Juchli <marc.juchli@digitalasset.com>
@mjuchli-da
Merge branch 'main' into mjuchli/list-networks-restricted
09606a3
@mjuchli-da mjuchli-da requested a review from alexmatson-da May 26, 2026 12:07
alexmatson-da
alexmatson-da approved these changes May 26, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@alexmatson-da alexmatson-da left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice!

@mjuchli-da mjuchli-da merged commit 1c9b4bb into main May 27, 2026
27 checks passed
@mjuchli-da mjuchli-da deleted the mjuchli/list-networks-restricted branch May 27, 2026 07:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alexmatson-da alexmatson-da alexmatson-da approved these changes

Assignees

@mjuchli-da mjuchli-da

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Remove auth details from listNetworks response

2 participants

@mjuchli-da @alexmatson-da