Add AuthCtx to ReducerContext for rust#3288
Merged
Merged
Conversation
gefjon
reviewed
Sep 24, 2025
gefjon
reviewed
Sep 24, 2025
gefjon
reviewed
Sep 25, 2025
bfops
added
the
release-any
Centril
requested changes
Oct 1, 2025
Centril
reviewed
Oct 8, 2025
Centril
left a comment
Centril
left a comment
Contributor
There was a problem hiding this comment.
Looks like there were also stuff from my previous review that was not addressed.
Centril
approved these changes
Oct 16, 2025
Centril
left a comment
Centril
left a comment
Contributor
There was a problem hiding this comment.
I have some improvements atop of this PR, primarily wrt. docs, but this looks good to merge.
gefjon
reviewed
Oct 17, 2025
gefjon
approved these changes
Oct 17, 2025
gefjon
left a comment
gefjon
left a comment
Contributor
There was a problem hiding this comment.
I don't think I'm a code-owner of anything touched by this PR anymore, but it looks good.
bfops
approved these changes
Oct 17, 2025
bfops
left a comment
bfops
left a comment
Collaborator
There was a problem hiding this comment.
Signing off on my code-owned files under crates/cli. Afaict they're unrelated cleanups, but innocuous enough.
github-merge-queue
Bot
removed this pull request from the merge queue due to a conflict with the base branch
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Oct 21, 2025
# Description of Changes This exposes JWT claims for csharp modules, similar to how they are exposed to rust modules in #3288. This adds the new types `AuthCtx` and `JwtClaims`, and adds an `AuthCtx` to the `ReducerContext`. `AuthCtx` represents the credentials associated with the request, and `JwtClaims` represents a jwt token. One difference from the rust version is that I didn't create helpers to build an `AuthCtx` from a jwt payload. The reason is that we would need to be able to compute the identity from the payload claims, which requires a blake3 hash implementation. The first two c# libraries I found had issues at runtime ([Blake3](https://www.nuget.org/packages/Blake3) is wrapping a rust implementation, and [HashifyNet](https://github.com/Deskasoft/HashifyNET/tree/main/HashifyNet/Algorithms/Blake3) seems to be broken by our trimming because it uses reflection heavily). I can look into taking the implementation from `HashifyNet`, since it is MIT licensed, but I don't think we need to block merging on that. # API and ABI breaking changes This adds the new types `AuthCtx` and `JwtClaims`, and adds an `AuthCtx` to the `ReducerContext`. This also adds a csharp wrapper for the get_jwt ABI function added in #3288. # Expected complexity level and risk 2. # Testing This has a very minimal unit test of JwtClaims. I manually tested using this locally with the csharp quickstart, and I was able to print jwt tokens inside the module.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description of Changes
This exposes client credentials in reducer calls for rust.
API and ABI breaking changes
API Changes:
The main API change is the addition of
AuthCtxand thesender_authinReducerContext. This also adds JwtClaims, which has some helpers for getting commonly used claims.ABI Changes:
This adds one new functions
get_jwt. This usesst_connection_credentialsto look up the credentials associated with a connection id.This adds ABI version 10.2.
Expected complexity level and risk
Testing
I've done some manual testing with modified versions of the quickstart. We should add some examples that use the new API.