@biscuitauth@hachyderm.io avatar

biscuitauth

@biscuitauth@hachyderm.io

Account for the biscuit auth platform

This profile is from a federated server and may be incomplete. Browse more on the original instance.

biscuitauth, to random French
@biscuitauth@hachyderm.io avatar

Work has started on the next biscuit version: https://github.com/orgs/biscuit-auth/projects/4/views/1

Some features are already specified, with a candidate implementation in biscuit-rust, some are specified with no implementation yet, and some are yet to be specified.

Also, there are still v4 features that are not implemented everywhere.

So there's a lot to do for people willing to actually contribute to biscuit 🎉

biscuitauth, (edited ) to random French
@biscuitauth@hachyderm.io avatar

biscuit-haskell-0.3.0.1 and biscuit-servant-0.3.0.1 have been released, bringing support for newer GHCs (9.4, 9.6, 9.8), as well as a couple datalog improvements.

biscuit-haskell changelog
biscuit-servant changelog

biscuitauth, to random French
@biscuitauth@hachyderm.io avatar

https://crates.io/crates/biscuit-cli/0.4.2 has been released. You can get it from crates.io or download pre-built binaries.

Notable features include:

  • evaluation stats (time and iteration count) are displayed in inspect and inspect-snapshot
  • authorizer contents now display facts origins
biscuitauth, to random French
@biscuitauth@hachyderm.io avatar

Snapshots are a unique feature provided by biscuit and make out-of-band auditing and debugging a breeze. What to learn more about them? https://www.biscuitsec.org/blog/snapshots/

The good news is that you can inspect them directly in your browser: https://www.biscuitsec.org/docs/tooling/snapshot-inspector/

biscuitauth, to random French
@biscuitauth@hachyderm.io avatar

Good news everyone!

It's now possible to inspect biscuit snapshots directly from the web tools: https://www.biscuitsec.org/docs/tooling/snapshot-inspector/ in addition to biscuit-cli.

biscuit-rust and biscuit-python support saving and loading snapshots.

Snapshots capture the entire authorization context, allowing you to debug / audit the authorization process after the fact.

biscuitauth, to random French
@biscuitauth@hachyderm.io avatar

biscuit-python 0.2.1 has been released on PyPi.

Notable features include:

biscuitauth, to random French
@biscuitauth@hachyderm.io avatar

https://crates.io/crates/biscuit-cli/0.4.1 has been released. You can get it from crates.io or download pre-built binaries.

Notable features include:

  • json output for biscuit inspect and biscuit inspect-snapshot
  • query support in biscuit inspect and biscuit inspect-snapshot
  • continue authorization in biscuit inspect-snapshot
prma, to random
@prma@fosstodon.org avatar

Seeing every other alternative to (@biscuitauth), I think the only other viable alternative is to store a random token in-memory. Maybe using persy, and just delegate role management to another time. Or bite the bullet and learn datalog.

biscuitauth,
@biscuitauth@hachyderm.io avatar

@prma random session tokens are always a solid choice, if you can afford centralization. Biscuit can be used in conjunction with them, actually (that's useful if you want attenuated delegation for server-side sessions)

prma, to random
@prma@fosstodon.org avatar

Trying to use (@biscuitauth) instead of , yet, I cannot say I fully understood the docs. Nor do I see any links to any communities, anywhere that I can ask my questions. I'm not sure if using it instead of JWT is the right move for me at this point, even though the performance and rust nativity seem pretty nice.

biscuitauth,
@biscuitauth@hachyderm.io avatar

@prma we'd love to get your feedback of the documentation.
The best place to ask questions is on matrix: https://matrix.to/#/!MXwhyfCFLLCfHSYJxg:matrix.org

biscuitauth, to random French
@biscuitauth@hachyderm.io avatar

https://crates.io/crates/biscuit-auth/4.0.0 has been released.

The major version bump is due to a dependency update, but there should not be actual breaking changes in almost all cases.

This dependency update follows the issuance of a security advisory: https://github.com/biscuit-auth/biscuit-rust/issues/185
biscuit-rust itself is not affected, but you should audit your use of ed25519-dalek.

biscuitauth, (edited ) to random French
@biscuitauth@hachyderm.io avatar

Good news everyone! biscuit-python 0.2.0 has been released!

https://www.biscuitsec.org/blog/biscuit-python-0-2-0/

biscuitauth, (edited )
@biscuitauth@hachyderm.io avatar

@gduchaussois nope, just channelling my devoops past.

biscuitauth, to random French
@biscuitauth@hachyderm.io avatar

People often ask us about how to integrate biscuit in oauth flows.

@geal wrote up an in-depth explanation https://www.biscuitsec.org/blog/oauth-oidc/

biscuitauth, to random French
@biscuitauth@hachyderm.io avatar

There is an open PR for specifying a public key publication mechanism: https://github.com/biscuit-auth/biscuit/pull/139

please chime in!

biscuitauth, to random French
@biscuitauth@hachyderm.io avatar

If you are proficient with go, you might want to chime in on https://github.com/biscuit-auth/biscuit-go/pull/122 as it introduces a new (hopefully better) way to use biscuit-go

https://github.com/biscuit-auth/biscuit-go/pull/120 and https://github.com/biscuit-auth/biscuit-go/pull/121 would also benefit from external reviewers.

biscuitauth, to random French
@biscuitauth@hachyderm.io avatar

We would like to provide tools for PKI when working with biscuit tokens. Here's an open issue for distributing keys over HTTPs:

https://github.com/biscuit-auth/biscuit/issues/136

Feedback is very welcome!

biscuitauth, to random French
@biscuitauth@hachyderm.io avatar

Biscuit web compontents are now documented (a bit):

https://doc.biscuitsec.org/usage/web-components.html

They're super useful when documenting an auth system: you can make all the examples interactive.

biscuitauth, to random French
@biscuitauth@hachyderm.io avatar

Howdy pythonistas! Would you have a spare minute to have a look at the current state of the biscuit-python API and let @clementd know if it's pythonic enough?

https://github.com/biscuit-auth/biscuit-python/blob/biscuit-v3/biscuit_test.py

biscuitauth, to random French
@biscuitauth@hachyderm.io avatar

And a special thanks to Netlify, who's graciously hosting biscuitsec.org and doc.biscuitsec.org

biscuitauth, to random French
@biscuitauth@hachyderm.io avatar

https://www.biscuitsec.org/ has been updated, and technical documentation now lives at https://doc.biscuitsec.org/

Special thanks to Julia, who ported technical documentation to mdbook, which provides a better reading and navigation experience

biscuitauth, to random French
@biscuitauth@hachyderm.io avatar

Python bindings are coming along nicely https://github.com/biscuit-auth/biscuit-python/blob/biscuit-v3/biscuit_test.py

There's a lot of work left to do, and distribution is an open question, but that's good progress.

biscuitauth, to random French
@biscuitauth@hachyderm.io avatar

🥳 :terminal_blinker: biscuit-cli 0.3.0 has been released with a ton of improvements! snapshot inspection, third-party blocks, parameter interpolation, and more!

https://crates.io/crates/biscuit-cli

biscuitauth, to random French
@biscuitauth@hachyderm.io avatar

🎉 :WebAssembly_Logo: The biscuit-wasm npm package has been released in version 0.4.0: https://www.npmjs.com/package/@biscuit-auth/biscuit-wasm

It comes with a lot of improvements. Most notably, you can use template strings to easily embed datalog snippets from JS code, and there is a middleware letting you protect Express applications.

You can learn more on the release blog post: https://www.biscuitsec.org/blog/biscuit-wasm-0-4-0/

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • GTA5RPClips
  • thenastyranch
  • tacticalgear
  • ethstaker
  • InstantRegret
  • DreamBathrooms
  • ngwrru68w68
  • magazineikmin
  • Youngstown
  • mdbf
  • khanakhh
  • slotface
  • rosin
  • provamag3
  • kavyap
  • everett
  • cisconetworking
  • Durango
  • modclub
  • osvaldo12
  • tester
  • Leos
  • cubers
  • normalnudes
  • megavids
  • anitta
  • lostlight
  • All magazines
    •