docs(connector): specify the canonicalPermissions signing contract#104
Open
seonghobae wants to merge 2 commits into
Open
docs(connector): specify the canonicalPermissions signing contract#104seonghobae wants to merge 2 commits into
seonghobae wants to merge 2 commits into
Conversation
The buyer playbook and OpenAPI referenced 'canonicalPermissions' in the HMAC payload but never defined it, so integrators that sign the raw X-Clearfolio-Permissions header get 401s whenever the config has whitespace or duplicates. Document the exact derivation TenantAccessService/TenantContext apply (split, sanitize, drop-empty, order-preserving dedup, re-join) and that tenant/subject are sanitized too, so gateways sign what the verifier re-derives. Found while building the pg-erd-cloud buyer connector. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01AxU2xaupAjp912oDNFuWyd
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01RjGVapDZ3k7V7zKYk16P4C
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The buyer playbook + OpenAPI put
canonicalPermissionsin the HMAC payload but never define it.TenantAccessService.signClaimsverifies againstTenantContext.canonicalPermissions()— the header split on comma, each entry NUL-stripped + trimmed, empties dropped, de-duplicated preserving first-seen order, re-joined — and sanitizes tenant/subject too. A buyer gateway that signs the raw header value therefore gets401whenever its permissions config has whitespace or a duplicate (the demo string happens to be clean, hiding it).This documents the exact derivation in both the playbook and the
Permissionsparameter so integrators sign what the verifier re-derives. Doc-only; no code change.Found while building the pg-erd-cloud buyer connector (which now canonicalizes identically before signing).
🤖 Generated with Claude Code