[3.2.7 backport] CBG-4971 create a one time session id for blipsync #7858
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Redocly previews |
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR implements one-time session functionality for BLIP sync authentication in Sync Gateway. It adds support for creating sessions that are automatically deleted after a single use, specifically designed for WebSocket-based BLIP sync connections.
- Adds a
one_timequery parameter to the/_sessionendpoint to create single-use sessions - Implements WebSocket token authentication for BLIP sync using one-time session IDs
- Updates session management to handle automatic deletion of one-time sessions upon authentication
Reviewed Changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| rest/session_api.go | Adds one-time session creation logic and TTL constants |
| rest/handler.go | Implements WebSocket token extraction and one-time session authentication |
| rest/blip_sync.go | Defines constants for WebSocket protocol headers and session ID prefixes |
| auth/session.go | Adds one-time session field and deletion logic to session management |
| rest/session_test.go | Adds test for one-time session cookie authentication |
| rest/blip_sync_test.go | Adds comprehensive tests for one-time session BLIP sync authentication |
| auth/session_test.go | Updates existing tests and adds one-time session specific tests |
| rest/oidc_api.go | Updates OIDC session creation to support new one-time parameter |
| docs/api/paths/public/db-_session.yaml | Updates API documentation for the new one_time parameter |
| func (h *handler) respondWithSessionInfo() error { | ||
|
|
||
| response := h.formatSessionResponse(h.user) | ||
| response := h.formatSessionResponse(h.user, "") |
There was a problem hiding this comment.
[nitpick] The empty string parameter is unclear. Consider using a constant or named parameter to make the intent explicit that this is for non-one-time sessions.
|
|
||
| func (auth *Authenticator) CreateSession(ctx context.Context, user User, ttl time.Duration) (*LoginSession, error) { | ||
| // AuthenticateOneTimeSession authenticates a session and deletes it upon successful authentication if it was marked as | ||
| // a one time sesssion. If it is a one time session, delete the session. |
There was a problem hiding this comment.
Corrected spelling of 'sesssion' to 'session'.
Suggested change
| // a one time sesssion. If it is a one time session, delete the session. | |
| // a one time session. If it is a one time session, delete the session. |
adamcfraser
previously approved these changes
Oct 31, 2025
adamcfraser
approved these changes
Oct 31, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
[3.2.7 backport] CBG-4971 create a one time session id for blipsync
clean backport of f4f2e44