@@ -30,8 +30,28 @@ import (
3030 "github.com/gravitational/teleport/lib/join/internal/messages"
3131)
3232
33- // handleBoundKeypairJoin takes over the join process after the ClientInit
34- // message has been received for the bound keypair join method.
33+ // handleBoundKeypairJoin handles join attempts for the bound keypair join
34+ // method.
35+ //
36+ // The bound keypair join method involves the following messages:
37+ //
38+ // client->server ClientInit
39+ // client<-server ServerInit
40+ // client->server BoundKeypairInit
41+ // client<-server BoundKeypairChallenge
42+ // client->server BoundKeypairChallengeSolution
43+ //
44+ // (optional additional steps if keypair rotation is required)
45+ // client<-server: BoundKeypairRotationRequest
46+ // client->server: BoundKeypairRotationResponse
47+ // client<-server: BoundKeypairChallenge
48+ // client->server: BoundKeypairChallengeSolution
49+ //
50+ // client<-server: Result containing BoundKeypairResult
51+ //
52+ // At this point the ServerInit message has already been sent, what's left is
53+ // to receive the BoundKeypairInit message, handle the challenge-response (and
54+ // rotation if necessary), and send the final result if everything checks out.
3555func (s * Server ) handleBoundKeypairJoin (
3656 stream messages.ServerStream ,
3757 authCtx * authz.Context ,
@@ -45,11 +65,6 @@ func (s *Server) handleBoundKeypairJoin(
4565 if clientInit .SystemRole != types .RoleBot .String () {
4666 return nil , trace .BadParameter ("bound keypair joining is only supported for bots" )
4767 }
48- if err := stream .Send (& messages.ServerInit {
49- JoinMethod : string (types .JoinMethodBoundKeypair ),
50- }); err != nil {
51- return nil , trace .Wrap (err )
52- }
5368 boundKeypairInit , err := messages.RecvRequest [* messages.BoundKeypairInit ](stream )
5469 if err != nil {
5570 return nil , trace .Wrap (err )
0 commit comments