• Ramallo Alejandro M.'s avatar
    Fixed missing removal of OAuth tokens on user delete · d211cf12
    Ramallo Alejandro M. authored
    - Internal wamp subscriptions
        - We have implemented a first version of an internal WAMP subscription so that Bondy internally can subscribe to WAMP events. This is done through new functions in bondy_broker and the new module bondy_broker_events
    - OAuth 2 Security
        - Major changes to security subsytem including harmonisation of APIs, deduplication and bug fixes.
        - Use new internal wamp subscriptions to avoid coupling Bondy Security with Bondy API Gateway & OAuth.
            - Bondy Security modules publishe wamp events on entity actions e.g. user creation, deletion, etc.
            - Bondy API Gateway modules and bondy_api_gateway_client subscribe to the user delete events to cleanup OAuth tokens
        - Fixed a bug where internal security operations will not trigger token revocation.
            - Bondy API Gateway modules, i.e. are now implemented by calling Bondy Security modules e.g. bondy_security_user instead of calling bondy_security (former Basho Riak Core Security) directly. This will help in the refactoring of bondy_security and in addition all event publishing is centralised in bondy_security_user.
            - Implemented additional index for tokens to enable deletion of all users’ tokens
            - Added two db maintenance functions to (i) remove dangling tokens and (ii) rebuild the indices on an existing db
        - Added additional Internal wamp events to subsystems e.g. bondy_realm and bondy_backup
    d211cf12
Name
Last commit
Last update
..
settings.json Loading commit data...