Tokens in the database
My WIP Synapse implementation now checks against tokens stored in a database table. The tokens can have an expiry time and/or a limited number of uses. The table could look a bit like this:
| token | allowed_uses | pending | completed | expiry_time |
|---|---|---|---|---|
| abcd | NULL | 0 | 3 | NULL |
| limited | 1 | 1 | 0 | NULL |
| expires | 5 | 0 | 1 | 1625102880000 |
- The token
abcdcan be used an unlimited number of times, does not expire and has been used to successfully register three people. - There is once person who has passed UIA using the token
limited, but not completed registration yet. That token can only be used once, so while it has a pending use it is invalid for anyone else. - The token
expireshas four uses left, and will be invalid after 01:28 UTC on July 1st 2021 (expiry_timeis given in milliseconds since the Unix epoch).
This involved: creating a table; writing functions to check token validity, set a pending use, and complete a use; and storing the token in the UIA session so that the token is only used once registration is complete. There are still a few things to smooth out, but it works pretty well. Next I'll implement the validity checking endpoint, and then probably the fallback too, before getting on to the admin API for managing tokens.
<- Back to index