Skip to content

Allow any DII to be validated in token validate #2169

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
vishalegbert-ttd merged 17 commits into from
Dec 3, 2025
Merged

Allow any DII to be validated in token validate #2169

vishalegbert-ttd merged 17 commits into from
Dec 3, 2025

Conversation

@vishalegbert-ttd
Copy link
Contributor

@vishalegbert-ttd vishalegbert-ttd commented Nov 28, 2025
edited
Loading

Changes:

  • Add siteKeyId to AdvertisingToken class when decoding token
  • Update token validation to:
    • Check if token's siteKeyId belongs to calling participant
    • Allow validation of any input DII
    • Return validation error if input token is not valid
    • Record metrics of validation results
  • Update /token/validate CORS handler to allow Authorization header from browsers
  • Add metrics to track site keyset status

Testing:

  • Unit tests
  • Deployed to candidate operator, verified metrics are working as expected

vishalegbert-ttd and others added 16 commits November 28, 2025 22:58
@vishalegbert-ttd
Allow any DII to be validated in token validate
c1c35f3
@vishalegbert-ttd
Update CORS
817b68a
@vishalegbert-ttd
Add mismatch test
5692811
@github-actions
[CI Pipeline] Released Snapshot version: 5.61.15-alpha-261-SNAPSHOT
bb79c12
@vishalegbert-ttd
Add keyset metrics
6a3da41
@vishalegbert-ttd
Merge branch 'vse-UID2-6322-allow-any-dii-token-validate' of github.c…
81d4078 
…om:IABTechLab/uid2-operator into vse-UID2-6322-allow-any-dii-token-validate
@github-actions
[CI Pipeline] Released Snapshot version: 5.61.16-alpha-262-SNAPSHOT
80b9a2f
@vishalegbert-ttd
Ignore vuln
32b96ba
@github-actions
[CI Pipeline] Released Snapshot version: 5.61.17-alpha-263-SNAPSHOT
9c93b89
@vishalegbert-ttd
Fix typo
a126eef
@vishalegbert-ttd
Merge branch 'vse-UID2-6322-allow-any-dii-token-validate' of github.c…
fc9c092 
…om:IABTechLab/uid2-operator into vse-UID2-6322-allow-any-dii-token-validate
@github-actions
[CI Pipeline] Released Snapshot version: 5.61.18-alpha-264-SNAPSHOT
d81a107
@vishalegbert-ttd
Unignore vulns
529214c
@vishalegbert-ttd
Merge branch 'vse-UID2-6322-allow-any-dii-token-validate' of github.c…
5e58969 
…om:IABTechLab/uid2-operator into vse-UID2-6322-allow-any-dii-token-validate
@vishalegbert-ttd
Ignore vulns
0a64011
@vishalegbert-ttd
Merge remote-tracking branch 'origin/main' into vse-UID2-6322-allow-a…
e6cd193 
…ny-dii-token-validate
sophia-chen-ttd
sophia-chen-ttd reviewed Dec 3, 2025
View reviewed changes
src/main/java/com/uid2/operator/service/EncryptedTokenEncoder.java
Instant.ofEpochMilli(establishedMillis),
Instant.ofEpochMilli(expiresMillis),
new OperatorIdentity(0, OperatorType.Service, 0, masterKeyId),
new PublisherIdentity(siteId, siteKeyId, 0),
Copy link
Contributor

@sophia-chen-ttd sophia-chen-ttd Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we directly use the siteKeyId stored in PublisherIdentity for validation?

@vishalegbert-ttd vishalegbert-ttd merged commit 65ab0b9 into main Dec 3, 2025
9 checks passed
@vishalegbert-ttd vishalegbert-ttd deleted the vse-UID2-6322-allow-any-dii-token-validate branch December 3, 2025 06:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sophia-chen-ttd sophia-chen-ttd sophia-chen-ttd approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@vishalegbert-ttd @sophia-chen-ttd