Closed Bug 777936 Opened 12 years ago Closed 12 years ago

Solitude API to verify BlueVia postback/chargeback JWT

Categories

(Marketplace Graveyard :: Payments/Refunds, defect)

x86
macOS
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: kumar, Assigned: andy+bugzilla)

References

Details

Solitude holds the BlueVia developer secret so we need to ask Solitude to verify the signature of all JWTs that come from BlueVia. This can be used to verify postbacks and chargebacks.

bug 776644 will guide the design of this API.
No longer depends on: 777933
Depends on: 770921
Blocks: 770921
No longer depends on: 770921
I'm leaning toward this breakdown of responsibilities:

- Solitude is responsible for verifying the signature of the JWT and that's it
- Marketplace is responsible for verifying the integrity of the JWT (fields, data, etc)

I'm open to other ideas though. Either way, I split apart all the JWT verifiers so that they can be used directly: http://moz-inapp-pay.readthedocs.org/en/latest/#module-moz_inapp_pay.verify This isn't so useful for signature verification since it's one line of code but is more useful for verifying JWT claims.
Works for me.
Assignee: nobody → amckay
https://github.com/mozilla/solitude/commit/85426b
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.