Closed Bug 971994 Opened 11 years ago Closed 11 years ago

Server needs to generate temporary session URIs to send to unregistered users

Categories

(Hello (Loop) :: Server, defect)

Product:
Hello (Loop)
Component:
Server
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED DUPLICATE of bug 974317

People

(Reporter: abr, Assigned: alexis+bugs)

References

Details

User Story

This is the "call-me" URI. Contains information including the caller (this is what allows the client to display who is calling), the callee, an expiry, and an HMAC with some salt.
      No description provided.
Blocks: loop_mvp
Component: General → Server
This is the "call-me" URI. Contains information including the caller (this is what allows the client to display who is calling), the callee, an expiry, and an HMAC with some salt. (Do we have tickets for server/client code for serving/fetching these URIs, or is that part of this ticket?)
(In reply to Byron Campen [:bwc] from comment #1)
> This is the "call-me" URI. Contains information including 
> an HMAC with some salt.

Why do we want to have a HMAC and a salt here? What would they be used for?
I think the idea is that we will not be maintaining any list of these URIs server side, so we need to prevent them from being forged, hence the HMAC. I'm not sure about the salt though; we probably need to think that through a little more carefully.
Blocks: loop_mlp
User Story: (updated)
Depends on: 976098
Assignee: nobody → alexis+bugs
Status: NEW → ASSIGNED
This has landed already, it only misses the uuid generation part of the token, which will be taken care of with the patch attached to bug 974317.
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
OK. Verifying as a duplicate.
Status: RESOLVED → VERIFIED
QA Contact: jbonacci
You need to log in before you can comment on or make changes to this bug.