Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Client attestation UI improvement #19239

Open
Achintha444 opened this issue Jan 28, 2024 · 2 comments
Open

Client attestation UI improvement #19239

Achintha444 opened this issue Jan 28, 2024 · 2 comments

Comments

@Achintha444
Copy link

Describe the improvement
When disabling the client attestation from api auth attestation configurations should not be removed. Once it's enabled back it should be possible to proceed without re-adding configs.

Same with enabling or disabling app native api authentication

@Achintha444 Achintha444 added Type/Improvement ui Issues reported in the user interface of the embedded portals (Ex: Myaccount, Console) frontend Affected/7.0.0-beta6 labels Jan 28, 2024
@Achintha444 Achintha444 added backend and removed ui Issues reported in the user interface of the embedded portals (Ex: Myaccount, Console) frontend labels Jan 30, 2024
@Thumimku
Copy link
Contributor

Thumimku commented Jan 30, 2024

Here we are checking some attributes before loading the data for that application.

The reason is

  1. Retrieving the secret involves additional db call
  • The secret is not stored in the application meta data, its stored in the secret manager.
  • To retrieve the secret first we have to check the secret exist in the secret manager.
  • If there is no secret, this will be a cache miss and cost a db call.
  1. Above db call happen every time an application is retrieved.
  • This secret or whole attestation meta data have no dedicated endpoint for CRUD operation, it uses application REST API.
  • Whenever an application retrieved from BE, above db call will happen in backend.
  • Since most of the applications not going to have this attestation data, removing said check will gonna cost several db calls for multi application enviornment.

Common ground

To achieve above optimisation without compromising the performance, we can relax the check by checking only android package existence for the application like below.

 if (StringUtils.isNotEmpty(clientAttestationMetaData.getAndroidPackageName())) {
                clientAttestationMetaData.setAndroidAttestationServiceCredentials
                        (getAndroidAttestationServiceCredentials(serviceProvider));
            }

PR: wso2/carbon-identity-framework#5526

@Achintha444
Copy link
Author

Achintha444 commented Jan 30, 2024

Other than the above backend improvements, the following can also be done as an improvement on the frontend side:

  • Hide the technology configurations from the UI if client attestation is disabled.
  • Make the Service Account credential an accordion component. Since the service account key is not deleted from the DB, we have to show a message that the previous key is available and provide an option to the user to use it or enter a completely new one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: Open
Status: No status
Development

No branches or pull requests

4 participants