Why validate auth token in local cache?

xbt1024 · September 21, 2023, 3:26pm

Why does it continue to validate whether the parsed token is in the local cache or not? It doesn’t work in distributed servers I think.

github.com

heroiclabs/nakama/blob/master/server/api.go#L411


      
          		}
          		if len(auth) != 1 {
          			// Value of "authorization" or "grpc-authorization" was empty or repeated.
          			return nil, status.Error(codes.Unauthenticated, "Auth token invalid")
          		}
          		userID, username, vars, exp, token, ok := parseBearerAuth([]byte(config.GetSession().EncryptionKey), auth[0])
          		if !ok {
          			// Value of "authorization" or "grpc-authorization" was malformed or expired.
          			return nil, status.Error(codes.Unauthenticated, "Auth token invalid")
          		}
          		if !sessionCache.IsValidSession(userID, exp, token) {
          			return nil, status.Error(codes.Unauthenticated, "Auth token invalid")
          		}
          		ctx = context.WithValue(context.WithValue(context.WithValue(context.WithValue(ctx, ctxUserIDKey{}, userID), ctxUsernameKey{}, username), ctxVarsKey{}, vars), ctxExpiryKey{}, exp)
          	default:
          		// Unless explicitly defined above, handlers require full user authentication.
          		md, ok := metadata.FromIncomingContext(ctx)
          		if !ok {
          			logger.Error("Cannot extract metadata from incoming context")
          			return nil, status.Error(codes.FailedPrecondition, "Cannot extract metadata from incoming context")
          		}

mofirouz · September 25, 2023, 7:47am

Are you referring to Nakama Enterprise? Have you caught a bug? Can you tell us more?

Topic		Replies	Views
Auth token invalid even if it is valid Client Libraries authentication , sdk-unity	2	210	October 18, 2023
Validate session token in different server env? Runtime Framework server-framework , authentication , typescript	2	229	August 7, 2023
Questions about Token and refreshToken invalidating after Nakama restart Runtime Framework server-framework , authentication	11	1158	September 1, 2022
Auth token invalid unity Local Setup getting-started , authentication	5	1594	October 25, 2020
Standard API access? Local Setup authentication	3	292	August 7, 2023

Why validate auth token in local cache?

Related Topics