Blind authentication #675
Merged
Blind authentication #675
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ok300
reviewed
Jan 29, 2025
| # - Add the client ID "cashu-client" | ||
| # - Enable the ES256 and RS256 algorithms for this client | ||
| # - If you want to use the authorization flow, you must add the redirect URI "http://localhost:33388/callback". | ||
| # - To support other wallets, use the well-known list of allowed redirect URIs here: https://...TODO.md |
There was a problem hiding this comment.
... use the well-known list of allowed redirect URIs here https://...TODO.md
Looks like an unaddressed TODO.
There was a problem hiding this comment.
Yes, we will have the link only when we merge the corresponding NUT: cashubtc/nuts#198
| ) -> List[MeltQuote]: | ||
| rows = await (conn or db).fetchall( | ||
| f""" | ||
| SELECT * from {db.table_with_schema('melt_quotes')} WHERE quote in (SELECT DISTINCT melt_quote FROM {db.table_with_schema('proofs_pending')}) |
There was a problem hiding this comment.
Suggested change
| SELECT * from {db.table_with_schema('melt_quotes')} WHERE quote in (SELECT DISTINCT melt_quote FROM {db.table_with_schema('proofs_pending')}) | |
| SELECT * from {db.table_with_schema('melt_quotes')} | |
| WHERE quote in ( | |
| SELECT DISTINCT melt_quote FROM {db.table_with_schema('proofs_pending')} | |
| ) |
NIT: formatting to make it easier to read
| secret TEXT NOT NULL, | ||
| y TEXT NOT NULL, | ||
| witness TEXT, | ||
| created TIMESTAMP, |
cashu/mint/auth/router.py
Outdated
| ) | ||
| async def keys(): | ||
| """This endpoint returns a dictionary of all supported token values of the mint and their associated public key.""" | ||
| logger.trace("> GET /v1/keys") |
There was a problem hiding this comment.
Suggested change
| logger.trace("> GET /v1/keys") | |
| logger.trace("> GET /v1/auth/blind/keys") |
cashu/mint/auth/router.py
Outdated
Comment on lines
59
to
65
| # BEGIN BACKWARDS COMPATIBILITY < 0.15.0 | ||
| # if keyset_id is not hex, we assume it is base64 and sanitize it | ||
| try: | ||
| int(keyset_id, 16) | ||
| except ValueError: | ||
| keyset_id = keyset_id.replace("-", "+").replace("_", "/") | ||
| # END BACKWARDS COMPATIBILITY < 0.15.0 |
There was a problem hiding this comment.
IMO can be removed, as there is no previous nutshell or API version that supported auth, with which we want to keep backward compatibility.
|
ACK. Added a few NITs and comments (see above), but otherwise LGTM. Also ran a few tests with the provided Keycloak test data, looked good. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Implements clear and blind authentication NUT cashubtc/nuts#198 with keycloak (docker-compose provided)