Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

biscuit-auth 6.0.0 #61

Merged
merged 6 commits into from
Jan 27, 2025
Merged

biscuit-auth 6.0.0 #61

merged 6 commits into from
Jan 27, 2025

Conversation

divarvel
Copy link
Collaborator

@divarvel divarvel commented Jan 13, 2025
edited
Loading

Prepping biscuit-cli for biscuit-auth 6.0.0

  • biscuit-datalog v3.3 support
  • ECDSA signatures support
  • apply new snapshot limitations

ECDSA signatures support

keypair and all commands taking either a public or private key now take an extra --key-algorithm option (ed25519 or secp256r1)

Snapshot changes

biscuit-rust does not allow modifying Authorizer contents anymore, so it is not possible to add authorizer contents to a snapshot after parsing it:

  • --authorize-with, --authorize-with-file, --authorize-interactive have been removed from inspect-snapshot;
  • evaluation and authz are always run in inspect-snapshot

Misc

when running queries, evaluation time after querying is now displayed

@divarvel divarvel force-pushed the 3-3 branch 3 times, most recently from fd60c11 to cdb17a7 Compare January 13, 2025 15:31
divarvel
divarvel commented Jan 13, 2025
View reviewed changes
src/inspect.rs Outdated Show resolved Hide resolved
@divarvel
update deps (including biscuit-auth to 6.0.0)
9265456
@divarvel
Migrate to biscuit-auth 6.0.0
93d3568 
- biscuit-datalog v3.3 support
- secp256r1 support
- authorizers are now immutable (except for fact generation): adding code to a parsed snapshot is not possible anymore
@divarvel
inspect: allow dumping and loading policies snapshot
edb136c 
A policies snapshot is built from an `AuthorizerBuilder`, and does not contain a biscuit. It allows to easily share authorizer contents that can be added to a biscuit during verification.

Name is not set in stone. I don’t think using `AuthorizerBuilder` in the CLI would make a lot of sense, since it’s really tied to the rust implementation
@divarvel
use prefixed versions for public & private key string representations
87277e7 
Public and Private keys are now using the following string format everywhere: `{algorithm}/{bytes}`

`--key-algorithm` is now used when reading binary input, or to assert an algorithm when reading a key from a string.
@divarvel
display datalog version in biscuit inspect
272fb5f
@divarvel
biscuit-cli 0.6.0-beta.1
624b7fc
@divarvel divarvel merged commit 27e9287 into main Jan 27, 2025
1 check passed
@divarvel divarvel deleted the 3-3 branch January 27, 2025 15:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@divarvel