Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Device redirection token (JWT) includes a hardcoded empty string value for tenantId #1767

Open
bgmckown opened this issue Jan 9, 2025 · 0 comments
Open

Device redirection token (JWT) includes a hardcoded empty string value for tenantId #1767

bgmckown opened this issue Jan 9, 2025 · 0 comments

Comments

@bgmckown
Copy link

bgmckown commented Jan 9, 2025

Describe the bug 🪲
The JWT for device authentication (redirection) currently includes a field for tenantId but is hardcoded to an empty string.

If an implementation of the toolkit is using the tenantId value to manage multi-tenancy, will this hardcoded line in the JWT signature creation method create any issues with devices that are associated to a tenantId?

To Reproduce 🪜
Steps to reproduce the behavior:

  1. Go to /src/routes/auth/signature.ts#L14 (currently in the main branch)

Expected behavior

  • If the tenantId field is to be used in the JWT, then it should be set to the actual tenantId associated with the device in the toolkit database.
  • Consider removing the tenantId field from the JWT signature if there isn't a multi-tenancy need for it.

Screenshots 🖼️
n/a

AMT Device (please complete the following information): 🖥️
n/a

Service Deployment (please complete the following information): ⛈️
present in MPS source code for version 2.26.0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Sprint Planning
Status: No status
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bgmckown