Skip to content

feat: hide auth details from listNetwork and mint self-signed token server-side#1872

Open
mjuchli-da wants to merge 7 commits into
mainfrom
mjuchli/list-networks-restricted
Open

feat: hide auth details from listNetwork and mint self-signed token server-side#1872
mjuchli-da wants to merge 7 commits into
mainfrom
mjuchli/list-networks-restricted

Conversation

@mjuchli-da
Copy link
Copy Markdown
Contributor

@mjuchli-da mjuchli-da commented May 22, 2026
edited
Loading

Closes #1802

Since we want to hide sensitive information such as the clientSecret to be exposed via the API, we need to handle the self-signed login server-side. This PR therefore introduces a new endpoint selfSignedAccessToken to issue an access token.

In a follow-up, one could think of combining this call with the creation of a Session (currently the workflow is: selfSignedAccessToken + addSession) and return the session object to the frontend.

mjuchli-da added 2 commits May 22, 2026 10:57
@mjuchli-da
feat: hide secret details from listNetwork
84bd68d 
The absence of the clientSecret also implies that the self-signed login
can no longer be done on the frontend. Instead, the backend now must
mint a self-signed token.

Signed-off-by: Marc Juchli <marc.juchli@digitalasset.com>
@mjuchli-da
mint self signed access token on server
1815100 
Signed-off-by: Marc Juchli <marc.juchli@digitalasset.com>
@mjuchli-da mjuchli-da self-assigned this May 22, 2026
@mjuchli-da mjuchli-da marked this pull request as draft May 22, 2026 16:52
mjuchli-da added 2 commits May 26, 2026 10:29
@mjuchli-da
minor adjustments
6efd058 
Signed-off-by: Marc Juchli <marc.juchli@digitalasset.com>
@mjuchli-da
renaming
6884ff0 
Signed-off-by: Marc Juchli <marc.juchli@digitalasset.com>
@mjuchli-da mjuchli-da marked this pull request as ready for review May 26, 2026 09:05
mjuchli-da and others added 3 commits May 26, 2026 13:11
@mjuchli-da
types
a2ed9c8 
Signed-off-by: Marc Juchli <marc.juchli@digitalasset.com>
@mjuchli-da
fix test
52a36da 
Signed-off-by: Marc Juchli <marc.juchli@digitalasset.com>
@mjuchli-da
Merge branch 'main' into mjuchli/list-networks-restricted
09606a3
@mjuchli-da mjuchli-da requested a review from alexmatson-da May 26, 2026 12:07
alexmatson-da
alexmatson-da approved these changes May 26, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@alexmatson-da alexmatson-da left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alexmatson-da alexmatson-da alexmatson-da approved these changes

Assignees

@mjuchli-da mjuchli-da

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Remove auth details from listNetworks response

2 participants

@mjuchli-da @alexmatson-da