-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Introduce endpoint for removing pending activation client-side #468
Labels
Comments
What about to provide a We can modify byte[] activationIdBytes = ACTIVATION_ID.getBytes("UTF-8");
byte[] fingerprintBytes = ByteUtils.concat(K_DEVICE_PUBLIC_BYTES, ByteUtils.concat(activationIdBytes, K_SERVER_PUBLIC_BYTES));
byte[] truncatedBytes = ByteUtils.truncate(Mac.hmacSha256(KEY_TRANSPORT, fingerprintBytes), 4);
int H_K_DEVICE_PUBLIC = ByteUtils.getInt(truncatedBytes) & 0x7FFFFFFF); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If the user cancels the activation on the device after it has been committed on the client, the server has no way of learning that the registration has been canceled.
We could provide an endpoint to remove such registration. The endpoint would allow modifications only for
CREATED
andPENDING_COMMIT
activations. As the activation ID is sufficiently random and the new endpoint would have no effect onACTIVE
,BLOCKED
orREMOVED
activations, we should evaluate if we need to authenticate the endpoint or if we can simply rely on the time window.If the authentication is omitted, the server should always return a blank success response, to provide minimum information about if such activation exists (this should also remove any motivation to just send requests to the endpoint).
Endpoint
Request
Response 200 - OK
The text was updated successfully, but these errors were encountered: