• Valery Sizov's avatar
    Reduce the scope of Geo JWT (JSON Web Tokens). Step 1 · 3ccfff27
    Valery Sizov authored
    Currently, we generate a large number of JWTs
    for Geo - one per file synced, per secondary.
    They are short-lived but do not have any restrictions
    on scope, so a token valid for downloading one file
    or repo could, in theory, be used to download another.
    
    In this commit we add scope to every token but not
    enforce it yet.
    3ccfff27
security_review.md 13.3 KB