fix(verification/api): Return URL-safe nonce in challenge response sessions#428
fix(verification/api): Return URL-safe nonce in challenge response sessions#428cowbon wants to merge 5 commits into
Conversation
yogeshbdeshpande
left a comment
There was a problem hiding this comment.
please have a look!
|
@cowbon : I am not clear about this change, can we have a meeting today to understand the change? As far as I understand, Verifier does two things.
|
Hi Yogesh, thanks for the info about the verifier design. However, |
Signed-off-by: Ian Chin Wang <ian.chin.wang@oracle.com>
Signed-off-by: Ian Chin Wang <ian.chin.wang@oracle.com>
| // Keep reading sessions created before the nonce wire format switched | ||
| // from standard base64 to base64url. | ||
| if nonce, stdErr := base64.StdEncoding.DecodeString(v); stdErr == nil { | ||
| return nonce, nil | ||
| } | ||
|
|
There was a problem hiding this comment.
| // Keep reading sessions created before the nonce wire format switched | |
| // from standard base64 to base64url. | |
| if nonce, stdErr := base64.StdEncoding.DecodeString(v); stdErr == nil { | |
| return nonce, nil | |
| } |
Signed-off-by: Ian Chin Wang <ian.chin.wang@oracle.com>
Signed-off-by: Ian Chin Wang <ian.chin.wang@oracle.com>
|
Hi @yogeshbdeshpande , thanks for sharing your thoughts. This should now reflected what we discussed. |
|
@cowbon : As discussed let us first fix the API documentation properly before proceeding correctly with this PR! |
See veraison/docs#78 |
Signed-off-by: Ian Chin Wang <Ian.chin.wang@oracle.com> Co-authored-by: setrofim <setrofim@proton.me>
ratsd uses URL-safe base64 encoded nonce instead of standard encoded base64. See veraison/ratsd#37. Align the implementation so the nonce can be used directly from the
/challenge-response/v1/newSessionresponse body