Skip to content

Opaque tokens #313

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
jonbarrow wants to merge 7 commits into
base: dev
Choose a base branch
from
Draft

Opaque tokens #313

jonbarrow wants to merge 7 commits into from

Conversation

@jonbarrow
Copy link
Member

@jonbarrow jonbarrow commented Jan 2, 2026
edited
Loading

Resolves #107 and #108

Changes:

Moves tokens to random data instead of storing the data directly. Trying to fit all the data inside the token was a losing battle because of how space-limited it all ways. This removes clients abilities to handle data entirely locally, but that's fine since it's only a single network hop. I made the tokens be the length of what they are from the official sources, despite the fact that some can sometimes be bigger, just to keep things simple

Marking as a draft because this isn't finished. The entire gRPC side needs to be done, which relies on PretendoNetwork/grpc#10 being merged. Also for gRPC, I think we should just ditch the v1 implementation entirely since it's token handling is fundementally incomaptible with this new handling. Just cut our losses there

github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 2, 2026
View reviewed changes
src/database.ts
Comment on lines +114 to +116
const oauthToken = await OAuthToken.findOne({
token: token
});

Check failure

Code scanning / CodeQL

Database query built from user-controlled sources High

This query object depends on a
user-provided value
Loading
.
This query object depends on a
user-provided value
Loading
.
mrjvs
mrjvs requested changes Jan 2, 2026
View reviewed changes
@mrjvs
Copy link
Contributor

mrjvs commented Jan 2, 2026

I haven't checked token sizes in my review, will possibly need to be checked by someone else

@jonbarrow jonbarrow mentioned this pull request Jan 4, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrjvs mrjvs mrjvs requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Enhancement]: Store tokens in database

3 participants

@jonbarrow @mrjvs