[openstreetmap/openstreetmap-website] oauth_filter intercepts OAuth2.0 endpoints meant for Doorkeeper (#3245)
mmd
notifications at github.com
Sat Jul 3 08:04:35 UTC 2021
So based on https://github.com/zmartzone/mod_oauth2 I'm now able to send requests to an Overpass instance, and the Bearer token would be validated on-the-fly using introspection. Also, successful lookups are cached in a local Redis (or shm, file, memcache) instance, to avoid excessive load on the Rails port. :+1:
At one point I thought it might be helpful to have the subject info in the introspection response, e.g. to single out excessive users of a service.
Depending on privacy requirements we could return the user id, or use a more sophisticated approach based on a hashed user id, client id, and some server secret/or salt, maybe.
>From doorkeeper.rb:
```
custom_introspection_response do |token, context|
user = User.find(token.resource_owner_id)
{
"sub": ::Digest::SHA256.hexdigest(
user.id.to_s + token.application.try(:uid ) + SERVER_SECRET)
}
end
```
This is low prio at the moment, and more of a nice to have.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/3245#issuecomment-873366498
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20210703/a6217a60/attachment.htm>
More information about the rails-dev
mailing list