You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When using SecuredDesktopAgent to broadcast a signed message on the current user channel, the signature is considered invalid in the receiving app.
It appears that the channel id is not included in the content to sign when using SecuredDesktopAgent.broadcast, however it is included in the expected content when validating the signature, which causes the signature to be considered invalid
Steps to Reproduce:
Updated example apps from demo folder:
sp1: added efdc3.addContextListener to log the received context and metadata
sp2: updated the button to use sfdc3.broadcast(context)
Joined both apps the the same user channel
Expected Result:
Signature should be valid in context metadata for recieving app: {"authenticity":{"verified":true,"valid":true}}
Actual Result:
SIGNING {"context":{"id":{"ticker":"EURUSD"},"type":"fdc3.instrument"},"timestamp":"2024-09-21T13:18:44.282Z"}
CHECKING {"channelId":"green","context":{"id":{"ticker":"EURUSD"},"type":"fdc3.instrument"},"timestamp":"2024-09-21T13:18:44.282Z"}
BAD
Received: {"type":"fdc3.instrument","id":{"ticker":"EURUSD"}} and meta {"source":{"appId":"something"},"resultId":"not for context","authenticity":{"verified":true,"valid":false,"publicKeyUrl":"/sp2-public-key"}}
Workaround:
This works correctly when broadcasting on a specific channel: sfdc3.getCurrentChannel().then(channel => channel?.broadcast(context))
SIGNING {"channelId":"green","context":{"id":{"ticker":"EURUSD"},"type":"fdc3.instrument"},"timestamp":"2024-09-21T13:20:12.050Z"}
CHECKING {"channelId":"green","context":{"id":{"ticker":"EURUSD"},"type":"fdc3.instrument"},"timestamp":"2024-09-21T13:20:12.050Z"}
OK
Received: {"type":"fdc3.instrument","id":{"ticker":"EURUSD"}} and meta {"source":{"appId":"something"},"resultId":"not for context","authenticity":{"verified":true,"valid":true,"publicKeyUrl":"/sp2-public-key"}}
Environment:
Same behavior using either OpenFin or FDC3 Sail desktop agents
The text was updated successfully, but these errors were encountered:
Bug Report
When using SecuredDesktopAgent to broadcast a signed message on the current user channel, the signature is considered invalid in the receiving app.
It appears that the channel id is not included in the content to sign when using
SecuredDesktopAgent.broadcast, however it is included in the expected content when validating the signature, which causes the signature to be considered invalidSteps to Reproduce:
Updated example apps from demo folder:
efdc3.addContextListenerto log the received context and metadatasfdc3.broadcast(context)Expected Result:
Signature should be valid in context metadata for recieving app: {"authenticity":{"verified":true,"valid":true}}
Actual Result:
SIGNING {"context":{"id":{"ticker":"EURUSD"},"type":"fdc3.instrument"},"timestamp":"2024-09-21T13:18:44.282Z"}
CHECKING {"channelId":"green","context":{"id":{"ticker":"EURUSD"},"type":"fdc3.instrument"},"timestamp":"2024-09-21T13:18:44.282Z"}
BAD
Received: {"type":"fdc3.instrument","id":{"ticker":"EURUSD"}} and meta {"source":{"appId":"something"},"resultId":"not for context","authenticity":{"verified":true,"valid":false,"publicKeyUrl":"/sp2-public-key"}}
Workaround:
This works correctly when broadcasting on a specific channel:
sfdc3.getCurrentChannel().then(channel => channel?.broadcast(context))SIGNING {"channelId":"green","context":{"id":{"ticker":"EURUSD"},"type":"fdc3.instrument"},"timestamp":"2024-09-21T13:20:12.050Z"}
CHECKING {"channelId":"green","context":{"id":{"ticker":"EURUSD"},"type":"fdc3.instrument"},"timestamp":"2024-09-21T13:20:12.050Z"}
OK
Received: {"type":"fdc3.instrument","id":{"ticker":"EURUSD"}} and meta {"source":{"appId":"something"},"resultId":"not for context","authenticity":{"verified":true,"valid":true,"publicKeyUrl":"/sp2-public-key"}}
Environment:
Same behavior using either OpenFin or FDC3 Sail desktop agents
The text was updated successfully, but these errors were encountered: