Uploaded image for project: 'GPII - Global Public Inclusive Infrastructure'
  1. GPII - Global Public Inclusive Infrastructure
  2. GPII-3716

Design new OAuth grant type for use with keyless login

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      Auto key-in on Windows logon without user folder for GPII-3711 requires us to design a new OAuth grant type. This will be requested by the Access requestor component designed for GPII-2436 when requesting the new access token. This will allow for both GPII keys and safes/vaults to be automatically provisioned at the point that the client requests a write. This grant type needs to be kept distinguished from the standard ones that we already support, e.g. for USB keys, RFID tokens, etc. and other kinds of provisioned tokens so that we are not subjected to DoS attacks when presented by unprovisioned keys. The fact that this grant type is permitted will be stored in the GPII App Installation Clients table (currently shown the existing design at https://wiki.gpii.net/w/Keys,_KeyTokens,_and_Preferences ) for the particular client installation that a machine secret/client credential is attached to.

      We need to choose a name for the grant type, be clear what it authorises the user to do, and design an OAuth workflow that employs it to allocate an access token.

        Attachments

          Activity

            People

            • Assignee:
              amb26 Antranig Basman
              Reporter:
              amb26 Antranig Basman
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: