You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Internally, in my server, I need a means to check if credentials are valid under the following scenario: User A tries to access the files of user B. E.g., user A tries to download one of user B’s files.
If B is an owning user the final/authoritative check will be made by the owning cloud service, and will be terminated there if B’s credentials are invalid or have been revoked.
If B is a sharing user the situation seems more complicated. The file can be virtually owned by user B (i.e., B initiated the upload), but really owned by say owning user C—where C is a real owning user. In this case, we need to do what we can to make sure that B’s credentials are valid before allowing the download. It doesn’t seem to make sense to allow a download for a file when its (virtual) owner is invalid. For Apple Sign In credentials, we may need to make a 24 hour validity check with Apple if that call hasn’t been made in the last 24 hours. We may also need to check some field in our Apple Sign In credentials (in our custom server database) to see if the credentials are known to be invalid—which could have occurred by Mechanism 2 (see my second Apple Sign In Medium article). This suggests we need an alteration to our Account interface (in https://github.com/SyncServerII/ServerAccount.git) that enables a synchronous check to credentials to see if they are valid or not.
The above also suggests that for our ServerFacebookAccount, we need a polling mechanism to check if the credentials are valid. This is different than the existing generateTokens call for ServerFacebookAccount. The check for valid credentials is not trying to generate tokens, but rather just needing to check if the credentials have been revoked.
The text was updated successfully, but these errors were encountered:
Internally, in my server, I need a means to check if credentials are valid under the following scenario: User A tries to access the files of user B. E.g., user A tries to download one of user B’s files.
If B is an owning user the final/authoritative check will be made by the owning cloud service, and will be terminated there if B’s credentials are invalid or have been revoked.
If B is a sharing user the situation seems more complicated. The file can be virtually owned by user B (i.e., B initiated the upload), but really owned by say owning user C—where C is a real owning user. In this case, we need to do what we can to make sure that B’s credentials are valid before allowing the download. It doesn’t seem to make sense to allow a download for a file when its (virtual) owner is invalid. For Apple Sign In credentials, we may need to make a 24 hour validity check with Apple if that call hasn’t been made in the last 24 hours. We may also need to check some field in our Apple Sign In credentials (in our custom server database) to see if the credentials are known to be invalid—which could have occurred by Mechanism 2 (see my second Apple Sign In Medium article). This suggests we need an alteration to our Account interface (in https://github.com/SyncServerII/ServerAccount.git) that enables a synchronous check to credentials to see if they are valid or not.
The above also suggests that for our ServerFacebookAccount, we need a polling mechanism to check if the credentials are valid. This is different than the existing generateTokens call for ServerFacebookAccount. The check for valid credentials is not trying to generate tokens, but rather just needing to check if the credentials have been revoked.
The text was updated successfully, but these errors were encountered: