Allow selecting root public key by ID #154
Conversation
In order to more easily accommodate rotating of root private keys when issuing biscuits, allow consumers to choose which root public key to use when verifying the biscuit based on the key ID embedded within it at composition time, if any. Consumers can then accept biscuits signed with several root keys, learning to accept signatures from a rolling set of both older and newer keys. Introduce the "(*Biscuit).AuthorizerFor" method as an eventual replacement for the longstanding "(*Biscuit).Authorizer" method, along with with two new options for supplying either a single public key or a mapping from ID to public key (together with an optional default public key to use when the biscuit in question embeds no root key ID). Alternately, callers may supply a projection function that consumes an optional root key ID.
|
I started using this patch in my project by way of a |
|
Something that's a little odd about this approach: Given that we already merged #151 that exposed the |
|
In other libraries (biscuit-rust, biscuit-haskell at least), parsing and signature verification are done at the same time. This makes the library harder to misuse, and in the case of biscuit-haskell, this allows to abort parsing as soon as possible. (It is still possible to parse a biscuit into an I think the go library would benefit from this approach. |
If I follow you correctly, in the Go library, rather that having the existing |
In order to more easily accommodate rotating of root private keys when issuing biscuits, allow consumers to choose which root public key to use when verifying the biscuit based on the key ID embedded within it at composition time, if any. Consumers can then accept biscuits signed with several root keys, learning to accept signatures from a rolling set of both older and newer keys.
Introduce the
(*Biscuit).AuthorizerFormethod as an eventual replacement for the longstanding(*Biscuit).Authorizermethod, along with with two new options for supplying either a single public key or a mapping from ID to public key (together with an optional default public key to use when the biscuit in question embeds no root key ID). Alternately, callers may supply a projection function that consumes an optional root key ID.Fixes #150.