Why validate auth token in local cache?

xbt1024 · September 21, 2023, 3:26pm

Why does it continue to validate whether the parsed token is in the local cache or not? It doesn’t work in distributed servers I think.

github.com

heroiclabs/nakama/blob/master/server/api.go#L411


      
          		}
          		if len(auth) != 1 {
          			// Value of "authorization" or "grpc-authorization" was empty or repeated.
          			return nil, status.Error(codes.Unauthenticated, "Auth token invalid")
          		}
          		userID, username, vars, exp, token, ok := parseBearerAuth([]byte(config.GetSession().EncryptionKey), auth[0])
          		if !ok {
          			// Value of "authorization" or "grpc-authorization" was malformed or expired.
          			return nil, status.Error(codes.Unauthenticated, "Auth token invalid")
          		}
          		if !sessionCache.IsValidSession(userID, exp, token) {
          			return nil, status.Error(codes.Unauthenticated, "Auth token invalid")
          		}
          		ctx = context.WithValue(context.WithValue(context.WithValue(context.WithValue(ctx, ctxUserIDKey{}, userID), ctxUsernameKey{}, username), ctxVarsKey{}, vars), ctxExpiryKey{}, exp)
          	default:
          		// Unless explicitly defined above, handlers require full user authentication.
          		md, ok := metadata.FromIncomingContext(ctx)
          		if !ok {
          			logger.Error("Cannot extract metadata from incoming context")
          			return nil, status.Error(codes.FailedPrecondition, "Cannot extract metadata from incoming context")
          		}

mofirouz · September 25, 2023, 7:47am

Are you referring to Nakama Enterprise? Have you caught a bug? Can you tell us more?

Topic		Replies	Views
Extending nakama source code Local Setup	8	2280	September 24, 2019
Questions about Token and refreshToken invalidating after Nakama restart Runtime Framework server-framework , authentication	11	1596	September 1, 2022
Problem with new version of nakama Game Design authentication	1	1160	June 6, 2020
Auth token invalid unity Local Setup getting-started , authentication	5	1824	October 25, 2020
Auth token expiring? Client Libraries	3	484	March 31, 2022

Why validate auth token in local cache?

Related topics