Update Providers Data On Rolodex
Closed this issue · 6 comments
Once a rolodex-access, Rolodex service should check if the $domain from the request is known to it. If not, Rolodex should send a providers-get request to the Registration Service.
Providers-get should look like this:
{"request":{"$domain":"hcs-javascript.hookflash.me","$id":"b3c3d3a7f7","$handler":"registration","$method":"providers-get","$timestamp":0}}
- by setting timestamp 0, it results in the whole list of providers known to Registration service.
- by setting timestamp to some real moment of time, result in the list of providers that are updated after the given timestamp
A valid result should look like:
{"result":{"$domain":"hcs-javascript.hookflash.me","$id":"3f5801d495","$handler":"registration","$method":"providers-get","$timestamp":1378915800,"providers":{"provider":[{"providerId":12,"domain":"idpro vider-javascript.hookflash.me","loginUrl":"idprovider-javascript.hookflash.me/login.html","hostingSecret":"8bd2a966a49a4794246d2d491c08224fdca102c7","identityAccessValidateUrl":"https://idprovider-javasc ript.hookflash.me/api.php","name":"ExampleProvider","identitySecretServerMagicValue":"572e45b4cee68081a68cec2b9131cf89f1e9505d","active":1},{"providerId":13,"domain":"hcs-javascript.hookflash.me","hostin gSecret":"66ee99680d2c4ebb5c0fbdf6aae1d0a0dc40da61","name":"Hookflash","identitySecretServerMagicValue":"d01c53a2355c9493db9cf5289ee1a798c86d1cac","active":1}]}}}
or just this, in case that no providers are newer then the timestamp:
{"result":{"$domain":"hcs-javascript.hookflash.me","$id":"3f5801d495","$handler":"registration","$method":"providers-get","$timestamp":1378915800}}
- Please note that Registration Service should be hardcoded in a config file, since it's a constant in the system. At the moment registration URL is: http://hcs-javascript.hookflash.me/registration
Please, have in mind that you should store somewhere the last timestamp you asked for the list of providers, so that you don't need to get all of them returned every time, since in that case you have to check for the changes...
So I presume the http://hcs-javascript.hookflash.me/registration url is protected so only our internal services can access it?
Do we need this step only because we are using the 'hostingSecret' for the rolodex shared secret as it may change often?
Maybe it would be better if the rolodex can generate a shared secret for a $domain and we update that secret in the customer portal manually.
Registration service is something that no outer world entity needs to know exist. But, it also should be secured in other ways...
hostingSecret is something that can change anytime since it's being changed by the users themselves through the Customer Portal. And, of course, it might never change as well. Rolodex can't generate it, it's being done on Customer Portal.
providers-get is what all other services ask the registration service, too. They call it periodically every 10 mins. So it's a working mechanism, that we can easily use in this case, too.
Rolodex should call it in two situations:
- If there comes a rolodex-access with $domain indicating a provider rolodex is not aware exists.
- If Rolodex can't decrypt the serverToken, in which case it should, before resulting in failure, try getting the newest update for the providers since maybe just the hostingSecret has changed.
Ok, if the rest of the system works that way then we should probably do the same for the rolodex.
But that registration url needs to be secured right away.
Rather than fetching whole list or deltas it would be good to fetch provider for domain. See: https://github.com/openpeer/hcs-servers-java/issues/48
Done; uploaded; tested.