Check already registered on prove possession#550
Merged
pablothedude merged 1 commit intoAug 21, 2025
Conversation
pablothedude
force-pushed
the
bugfix/add-prove-possession-for-already-registered-tokens
branch
from
3266b81 to
2043383
Compare
Member
|
As discussed: the business rule is no registration of a second token of en existing type allowed. Only the type of the token counts, not the token_id, so two Yubikeys with different token_is are still not allowed. The goal is to prevent a user from having two tokens of the same type. Reason: prevent confusion and make token sharing less attractive. (Token sharing as poorly executed delegation; link a second token to your account and give that and your password to your secretary) |
pablothedude
force-pushed
the
bugfix/add-prove-possession-for-already-registered-tokens
branch
from
2043383 to
b8c5768
Compare
pablothedude
force-pushed
the
bugfix/add-prove-possession-for-already-registered-tokens
branch
from
b8c5768 to
83c5fe4
Compare
We add a check to prevent the same token having multiple in flight registration processes for the same token.
pablothedude
force-pushed
the
bugfix/add-prove-possession-for-already-registered-tokens
branch
from
83c5fe4 to
0f7f8fd
Compare
Contributor
Author
|
I've also added this check in the Identity aggregate in the move token logic (which is used by a console command) to comply with this business rule. |
pablothedude
deleted the
bugfix/add-prove-possession-for-already-registered-tokens
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
We add a check to prevent the same token having multiple in flight registration processes for the same token.
OpenConext/Stepup-Gateway#462
OpenConext/Stepup-SelfService#463