Validate JWTs on gRPC service calls #69

New issue

Closed

opened 2026-03-03 15:18:21 -08:00 by fable · 0 comments

fable commented 2026-03-03 15:18:21 -08:00

Contributor

Copy link

Add a tonic interceptor that validates the microclimate JWT on incoming channel service calls and rejects unauthenticated requests.

The interceptor should:

• Extract the Authorization: Bearer header from incoming metadata
• Verify the JWT signature against JWT_SECRET
• Reject expired tokens with an UNAUTHENTICATED status
• Attach the verified DID to the request context so handlers can use it without re-parsing the token

Once this is in place, username can be removed from GetChannelTokenRequest—the server will source identity from the validated token rather than trusting a client-supplied value (see comment on #9).

Related to #9.

Add a tonic interceptor that validates the microclimate JWT on incoming channel service calls and rejects unauthenticated requests. The interceptor should: - Extract the Authorization: Bearer <token> header from incoming metadata - Verify the JWT signature against JWT_SECRET - Reject expired tokens with an UNAUTHENTICATED status - Attach the verified DID to the request context so handlers can use it without re-parsing the token Once this is in place, username can be removed from `GetChannelTokenRequest`—the server will source identity from the validated token rather than trusting a client-supplied value (see comment on #9). Related to #9.

puregarlic added the

enhancement

area

server

labels 2026-03-03 15:26:24 -08:00

puregarlic added this to the Ludwig (MVP) milestone 2026-03-03 15:26:26 -08:00

puregarlic added this to the Feature Development project 2026-03-03 15:28:10 -08:00

fable referenced this issue 2026-03-04 12:37:19 -08:00

Implement client-side ATProto OAuth login flow #74

puregarlic referenced this issue 2026-03-04 12:47:40 -08:00

Gate server access #75

puregarlic referenced this issue from a pull request that will close it, 2026-03-05 13:37:12 -08:00

Implement client-side ATProto OAuth login flow #74

puregarlic closed this issue 2026-03-06 16:05:10 -08:00

puregarlic referenced this issue from a commit 2026-03-06 16:05:12 -08:00

Implement client-side ATProto OAuth login flow (#74)

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

issue/9

issue/9-server

issue/42

issue/59-extract-sidebar

issue-38/use-inset-sidebar

issue/3

issue/34

issue/27

issues/10-server-url

issues/3-channel-ui

issue/25

issue/11

7-channel-display-sidebar

7-channel-display-sidebar-two

issue/21

27-frontend-libs

issue/6-channel-status-procedure

issue/17-client-setup

issue/2

No results found.

Labels

Clear labels   

area

client

Concerns the Tauri app

  

area

server

Concerns the server component

  

bug

Something is not working

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

help wanted

Need some help

  

invalid

Something is wrong

  

question

More information is needed

  

ui

Involves updating the client UI

  

wontfix

This won't be fixed

No labels

area

client

area

server

bug

duplicate

enhancement

help wanted

invalid

question

ui

wontfix

Milestone

Clear milestone

No items

No milestone

Ludwig (MVP)

Projects

Clear projects

No items

No project

Feature Development

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

puregarlic/microclimate#69

No description provided.