Device Shared Secret Authentication #1139
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
joshk
force-pushed
the
alt-device-auth-jk-twist
branch
4 times, most recently
from
c986666
to
c91fd09
Compare
jjcarstens
reviewed
Dec 10, 2023
joshk
force-pushed
the
alt-device-auth-jk-twist
branch
2 times, most recently
from
ff1a94e
to
93f55db
Compare
jjcarstens
reviewed
Dec 12, 2023
joshk
force-pushed
the
alt-device-auth-jk-twist
branch
6 times, most recently
from
0f8941d
to
7ccb6c6
Compare
joshk
force-pushed
the
alt-device-auth-jk-twist
branch
from
118bb0b
to
b8060e1
Compare
|
All least from my level of review, this looks great, and I think it's really going to help people get started. Thank you so much for all of the effort to push this feature through. |
Thanks @fhunleth, its been my pleasure to get involved. More to come soon! |
oestrich
reviewed
Dec 18, 2023
joshk
force-pushed
the
alt-device-auth-jk-twist
branch
from
86f2dc3
to
9ee83c8
Compare
this is based upon 0d44fc2 with the addition of Product Auth Tokens (needs some naming love)
we seem to be missing a lot of these
joshk
force-pushed
the
alt-device-auth-jk-twist
branch
from
4a1d5cb
to
518d87c
Compare
jjcarstens
force-pushed
the
alt-device-auth-jk-twist
branch
3 times, most recently
from
faebc83
to
b220a04
Compare
joshk
force-pushed
the
alt-device-auth-jk-twist
branch
from
b220a04
to
bf435e7
Compare
jjcarstens
reviewed
Dec 28, 2023
jjcarstens
approved these changes
Dec 28, 2023
jjcarstens
added a commit
that referenced
this pull request
Jan 7, 2024
this is based upon 0d44fc2 with the addition of Product Shared Secrets * device token auth strategy requires opt in during runtime * add an `Experimental` badge * improvements to the shared secrets UI * add authorization to the Product Settings LiveView --------- Co-authored-by: Jon Carstens <[email protected]>
joshk
added a commit
that referenced
this pull request
Jan 13, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds support for Shared Secret authentication, which allows Devices to connect to Nerves Hub using a shared key and secret. This is similar to the AWS HMAC signatures used for S3.
This is based on #1136
Some key highlights:
This feature is opt-in, on the server level, using the environment variable
DEVICE_SHARED_SECRET_AUTH.Some tech bits
I've added a series of useful mounts which are used by a
live_session. As we expand LiveView usage we can reuse a lot of this structure.And I've added a centralized permissions checking module, abstracting away from checking for
:admin,:manage, and:view.Not included in this PR, but to be added in a future PR...
Screenshots
Updated Product Settings page (now using LiveView)
One active Shared Secret
Two active Shared Secrets, one deactivated
Feature not enabled for the server
