veyron/{services,tools}/identity: Make the identity tool much more usable and secure.
Identity providers in veyron essentially verify that a client has a valid
claim to a particular name and then issue a blessing with that name, rooted
at the identity provider's self-signed certificate.
Prior to this commit:
- There was an HTTP server that would use OAuth to validate that a client
has a valid claim to a particular name (managed by Google)
- And then ship the PrivateID (including a newly minted private key) over the
wire to the caller.
- The command-line tool could not interact with this flow and thus one
had to visit the HTTP page and "copy-paste" the response into a file.
This scheme had various issues:
- The private key was known to the HTTP server and was shipped across
the wire. In veyron we intend to *NEVER* ship private keys outside
the host machine.
- The command-line tool wasn't usable for the most useful identities
(i.e., those with a blessing from the HTTP server).
This commit changes the flow:
- A Veyron service is provided that uses an OAuth authentication code
to obtain the username of a client and then provides a blessing
via a veyron RPC. Thus, no private keys are shipped on the wire
and ownership of the private key by the cient is ensured via the
Veyron authentication protocol
- The command-line tool initiates the OAuth flow, obtains the authentication
code and the uses that to invoke the Veyron service to get a blessing.
This hopefully makes the tool significantly more usable and avoids the
need for any copy-pastes or any private keys being shipped around.
For now, the original HTTP server code is kept, but once WSPR is
also migrated to this scheme, we hope to remove the code that
transmits a private key over the wire.
Change-Id: I720b59bf23747b69c60681cb564279efc9d0fccf
diff --git a/services/identity/identity.vdl.go b/services/identity/identity.vdl.go
new file mode 100644
index 0000000..5f3c637
--- /dev/null
+++ b/services/identity/identity.vdl.go
@@ -0,0 +1,197 @@
+// This file was auto-generated by the veyron vdl tool.
+// Source: identity.vdl
+
+// Package identity defines services for identity providers in the veyron ecosystem.
+package identity
+
+import (
+ // The non-user imports are prefixed with "_gen_" to prevent collisions.
+ _gen_veyron2 "veyron2"
+ _gen_context "veyron2/context"
+ _gen_ipc "veyron2/ipc"
+ _gen_naming "veyron2/naming"
+ _gen_rt "veyron2/rt"
+ _gen_vdlutil "veyron2/vdl/vdlutil"
+ _gen_wiretype "veyron2/wiretype"
+)
+
+// OAuthBlesser exchanges the provided authorization code for an email addres
+// from an OAuth-based identity provider and uses the email address as the
+// name to bless the client with.
+//
+// The redirect URL used to obtain the authorization code must also be
+// provided in order to ensure a successful exchange.
+// OAuthBlesser is the interface the client binds and uses.
+// OAuthBlesser_ExcludingUniversal is the interface without internal framework-added methods
+// to enable embedding without method collisions. Not to be used directly by clients.
+type OAuthBlesser_ExcludingUniversal interface {
+ // TODO(ashankar,toddw): Once the "OneOf" type becomes available in VDL,
+ // then the "any" should be replaced by:
+ // OneOf<wire.ChainPublicID, []wire.ChainPublicID>
+ // where wire is from:
+ // import "veyron2/security/wire"
+ Bless(ctx _gen_context.T, authcode string, redirecturl string, opts ..._gen_ipc.CallOpt) (reply _gen_vdlutil.Any, err error)
+}
+type OAuthBlesser interface {
+ _gen_ipc.UniversalServiceMethods
+ OAuthBlesser_ExcludingUniversal
+}
+
+// OAuthBlesserService is the interface the server implements.
+type OAuthBlesserService interface {
+
+ // TODO(ashankar,toddw): Once the "OneOf" type becomes available in VDL,
+ // then the "any" should be replaced by:
+ // OneOf<wire.ChainPublicID, []wire.ChainPublicID>
+ // where wire is from:
+ // import "veyron2/security/wire"
+ Bless(context _gen_ipc.ServerContext, authcode string, redirecturl string) (reply _gen_vdlutil.Any, err error)
+}
+
+// BindOAuthBlesser returns the client stub implementing the OAuthBlesser
+// interface.
+//
+// If no _gen_ipc.Client is specified, the default _gen_ipc.Client in the
+// global Runtime is used.
+func BindOAuthBlesser(name string, opts ..._gen_ipc.BindOpt) (OAuthBlesser, error) {
+ var client _gen_ipc.Client
+ switch len(opts) {
+ case 0:
+ client = _gen_rt.R().Client()
+ case 1:
+ switch o := opts[0].(type) {
+ case _gen_veyron2.Runtime:
+ client = o.Client()
+ case _gen_ipc.Client:
+ client = o
+ default:
+ return nil, _gen_vdlutil.ErrUnrecognizedOption
+ }
+ default:
+ return nil, _gen_vdlutil.ErrTooManyOptionsToBind
+ }
+ stub := &clientStubOAuthBlesser{client: client, name: name}
+
+ return stub, nil
+}
+
+// NewServerOAuthBlesser creates a new server stub.
+//
+// It takes a regular server implementing the OAuthBlesserService
+// interface, and returns a new server stub.
+func NewServerOAuthBlesser(server OAuthBlesserService) interface{} {
+ return &ServerStubOAuthBlesser{
+ service: server,
+ }
+}
+
+// clientStubOAuthBlesser implements OAuthBlesser.
+type clientStubOAuthBlesser struct {
+ client _gen_ipc.Client
+ name string
+}
+
+func (__gen_c *clientStubOAuthBlesser) Bless(ctx _gen_context.T, authcode string, redirecturl string, opts ..._gen_ipc.CallOpt) (reply _gen_vdlutil.Any, err error) {
+ var call _gen_ipc.Call
+ if call, err = __gen_c.client.StartCall(ctx, __gen_c.name, "Bless", []interface{}{authcode, redirecturl}, opts...); err != nil {
+ return
+ }
+ if ierr := call.Finish(&reply, &err); ierr != nil {
+ err = ierr
+ }
+ return
+}
+
+func (__gen_c *clientStubOAuthBlesser) UnresolveStep(ctx _gen_context.T, opts ..._gen_ipc.CallOpt) (reply []string, err error) {
+ var call _gen_ipc.Call
+ if call, err = __gen_c.client.StartCall(ctx, __gen_c.name, "UnresolveStep", nil, opts...); err != nil {
+ return
+ }
+ if ierr := call.Finish(&reply, &err); ierr != nil {
+ err = ierr
+ }
+ return
+}
+
+func (__gen_c *clientStubOAuthBlesser) Signature(ctx _gen_context.T, opts ..._gen_ipc.CallOpt) (reply _gen_ipc.ServiceSignature, err error) {
+ var call _gen_ipc.Call
+ if call, err = __gen_c.client.StartCall(ctx, __gen_c.name, "Signature", nil, opts...); err != nil {
+ return
+ }
+ if ierr := call.Finish(&reply, &err); ierr != nil {
+ err = ierr
+ }
+ return
+}
+
+func (__gen_c *clientStubOAuthBlesser) GetMethodTags(ctx _gen_context.T, method string, opts ..._gen_ipc.CallOpt) (reply []interface{}, err error) {
+ var call _gen_ipc.Call
+ if call, err = __gen_c.client.StartCall(ctx, __gen_c.name, "GetMethodTags", []interface{}{method}, opts...); err != nil {
+ return
+ }
+ if ierr := call.Finish(&reply, &err); ierr != nil {
+ err = ierr
+ }
+ return
+}
+
+// ServerStubOAuthBlesser wraps a server that implements
+// OAuthBlesserService and provides an object that satisfies
+// the requirements of veyron2/ipc.ReflectInvoker.
+type ServerStubOAuthBlesser struct {
+ service OAuthBlesserService
+}
+
+func (__gen_s *ServerStubOAuthBlesser) GetMethodTags(call _gen_ipc.ServerCall, method string) ([]interface{}, error) {
+ // TODO(bprosnitz) GetMethodTags() will be replaces with Signature().
+ // Note: This exhibits some weird behavior like returning a nil error if the method isn't found.
+ // This will change when it is replaced with Signature().
+ switch method {
+ case "Bless":
+ return []interface{}{}, nil
+ default:
+ return nil, nil
+ }
+}
+
+func (__gen_s *ServerStubOAuthBlesser) Signature(call _gen_ipc.ServerCall) (_gen_ipc.ServiceSignature, error) {
+ result := _gen_ipc.ServiceSignature{Methods: make(map[string]_gen_ipc.MethodSignature)}
+ result.Methods["Bless"] = _gen_ipc.MethodSignature{
+ InArgs: []_gen_ipc.MethodArgument{
+ {Name: "authcode", Type: 3},
+ {Name: "redirecturl", Type: 3},
+ },
+ OutArgs: []_gen_ipc.MethodArgument{
+ {Name: "blessing", Type: 65},
+ {Name: "err", Type: 66},
+ },
+ }
+
+ result.TypeDefs = []_gen_vdlutil.Any{
+ _gen_wiretype.NamedPrimitiveType{Type: 0x1, Name: "anydata", Tags: []string(nil)}, _gen_wiretype.NamedPrimitiveType{Type: 0x1, Name: "error", Tags: []string(nil)}}
+
+ return result, nil
+}
+
+func (__gen_s *ServerStubOAuthBlesser) UnresolveStep(call _gen_ipc.ServerCall) (reply []string, err error) {
+ if unresolver, ok := __gen_s.service.(_gen_ipc.Unresolver); ok {
+ return unresolver.UnresolveStep(call)
+ }
+ if call.Server() == nil {
+ return
+ }
+ var published []string
+ if published, err = call.Server().Published(); err != nil || published == nil {
+ return
+ }
+ reply = make([]string, len(published))
+ for i, p := range published {
+ reply[i] = _gen_naming.Join(p, call.Name())
+ }
+ return
+}
+
+func (__gen_s *ServerStubOAuthBlesser) Bless(call _gen_ipc.ServerCall, authcode string, redirecturl string) (reply _gen_vdlutil.Any, err error) {
+ reply, err = __gen_s.service.Bless(call, authcode, redirecturl)
+ return
+}
