genofire
/
unified-push-xmpp
2
1
Fork 1
Code Issues 6 Pull Requests 3 Projects Releases Activity

Hide JabberID use JWE Token #5

New Issue
Open
opened 2021-09-14 01:35:05 +02:00 by genofire · 3 comments
genofire commented 2021-09-14 01:35:05 +02:00
Owner
Copy Link

Net yet implemented: https://github.com/golang-jwt/jwt/issues/67 in go.

Signing is nice but not encrypted

Net yet implemented: https://github.com/golang-jwt/jwt/issues/67 in go. Signing is nice but not encrypted
genofire added the
gateway
help wanted
 labels 2021-09-14 01:39:46 +02:00
genofire commented 2021-09-14 08:26:24 +02:00
Author
Owner
Copy Link

Otherwise Token could be unbase64 ... and platform could see the jwt, like in this debugging tool https://jwt.io/

Otherwise Token could be unbase64 ... and platform could see the jwt, like in this debugging tool https://jwt.io/
karmanyaahm commented 2021-09-14 22:25:21 +02:00
Collaborator
Copy Link

I'm not sure if this currently works, but not encrypting this could be a feature if app-servers could bypass the distributor and send stuff directly to xmpp in the future using a library that can do the bypass for multiple UP push providers.

I'm not sure if this currently works, but not encrypting this could be a feature if app-servers could bypass the distributor and send stuff directly to xmpp in the future using a library that can do the bypass for multiple UP push providers.
genofire commented 2021-09-15 12:51:12 +02:00
Author
Owner
Copy Link

i believe that is not a good idea:

  1. out of UnifiedPush it is an leak of your xmpp address (could be used to spam your directly)
  2. if the app server wants to send direct notification per XMPP, we do not require UnifiedPush (against there Idea to make the push system replaceable like the perpose of the users)

At the moment (the distributor) allows just one push-gateway to pretend point 1:
We could extends the UnifiedPush register system, that the app could ask for a prefered address (with his app-name and app-token), so that the gateway could be part of the app-server.
But therefore we need to change the UnifiedPush specification, before we make changes to this project.

i believe that is not a good idea: 1. out of UnifiedPush it is an leak of your xmpp address (could be used to spam your directly) 2. if the app server wants to send direct notification per XMPP, we do not require UnifiedPush (against there Idea to make the push system replaceable like the perpose of the users) At the moment (the distributor) allows just one push-gateway to pretend point 1: We could extends the UnifiedPush register system, that the app could ask for a prefered address (with his app-name and app-token), so that the gateway could be part of the app-server. But therefore we need to change the UnifiedPush specification, before we make changes to this project.
👍 1
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
license
docs-service-discovery
Labels
Clear labels   
bug

Something is not working

  
distributor

Distributor (DBus) component

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
gateway

Gateway component

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

No Label
bug
distributor
duplicate
enhancement
gateway
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: genofire/unified-push-xmpp#5
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?