Description
This task is to create an async login service in support of the new Device Agent onboarding flow - FlowFuse/device-agent#678
This is going to make use of the rendezvous pattern
- An agent does
POST /start/device/registration (url tbd)
- An
AsyncLoginSession database record is created including:
sessionToken (text) - a session identifier token. Must not be guessable or enumerable.
doneToken (text) - a session identifier token. Must not be guessable or enumerable.
status - pending|success|failure - the state of the session
result (text) - a JSON blob containing the 'result' of the login session
- The session/done tokens are returned in response to the POST:
registerURL: TBD/{sessionToken}
doneURL: TBD/{doneToken}
- The agent prompts the user to access
registerURL in their browser
- They create a new remote instance.
- On completion, the device OTC is written to the
AsyncLoginSession.result field and the session status marked success.
A new endpoint GET {doneURL} can be polled to get the current status.
- If status is
pending, it returns 202 and sets the Retry-After header to 5/10 seconds.
- if status is
success, it returns 200 with the result in the payload.
- If status is
error, it returns 401 with the value of result.
- If
doneToken can't be correlated to an AsyncLoginSession it returns 404.
It only returns result once before the AsyncLoginSession record is deleted.
The AsyncLoginSession will have a max-age of 30 minutes - after which any access to its doneToken will result in a 404.
The scope of this task is to build the core infrastructure for the async login service. The UI work to complete step 3 (They create a new remote instance) is a separate task that will plug into this.
Epic/Story
No response
Have you provided an initial effort estimate for this issue?
I have provided an initial effort estimate
Description
This task is to create an async login service in support of the new Device Agent onboarding flow - FlowFuse/device-agent#678
This is going to make use of the rendezvous pattern
POST /start/device/registration(url tbd)AsyncLoginSessiondatabase record is created including:sessionToken(text) - a session identifier token. Must not be guessable or enumerable.doneToken(text) - a session identifier token. Must not be guessable or enumerable.status-pending|success|failure- the state of the sessionresult(text) - a JSON blob containing the 'result' of the login sessionregisterURL:TBD/{sessionToken}doneURL:TBD/{doneToken}registerURLin their browserAsyncLoginSession.resultfield and the session status markedsuccess.A new endpoint
GET {doneURL}can be polled to get the current status.pending, it returns202and sets theRetry-Afterheader to 5/10 seconds.success, it returns200with theresultin the payload.error, it returns401with the value ofresult.doneTokencan't be correlated to anAsyncLoginSessionit returns404.It only returns
resultonce before theAsyncLoginSessionrecord is deleted.The
AsyncLoginSessionwill have a max-age of 30 minutes - after which any access to itsdoneTokenwill result in a404.The scope of this task is to build the core infrastructure for the async login service. The UI work to complete step 3 (
They create a new remote instance) is a separate task that will plug into this.Epic/Story
No response
Have you provided an initial effort estimate for this issue?
I have provided an initial effort estimate