docs(auth): enforce nine-byte contract for client_id with MUST-level language#45
Open
VasilevNStas wants to merge 1 commit into
Open
docs(auth): enforce nine-byte contract for client_id with MUST-level language#45VasilevNStas wants to merge 1 commit into
VasilevNStas wants to merge 1 commit into
Conversation
Contributor
Author
|
@davvd please review |
Member
|
@VasilevNStas we have merge conflicts here, please resolve them and we'll merge |
VasilevNStas
force-pushed
the
13-docs/client-id-length
branch
from
July 4, 2026 18:01
0803261 to
df5ecb3
Compare
Contributor
Author
|
@davvd conflicts resolved. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Strengthens the documentation for
Auth.client_idto explicitly state that the field MUST be exactly nine bytes and that implementations MUST validate this length before HMAC computation or verification.Problem
Auth.client_idis declared asbyteswith no proto-level length constraint. The comment said "exactly nine raw UTF-8 bytes" as a description, not a requirement. The HMAC covers(client_id || timestamp), so a non-nine-byte value verifies cleanly as long as both sides use the same wrong-length bytes — the nine-byte identity contract is silently unenforced.Changes
client_idcomment rewritten: "MUST be exactly nine bytes", explicit warning about HMAC passing with wrong lengths, validation requirement for both sender and receiver.hmaccomment updated: "Implementations MUST verify client_id is exactly 9 bytes before computing or checking this tag."The underlying issue (no schema-level enforcement) cannot be fully fixed without protoc-gen-validate or a custom plugin, but this makes the contract unmistakable.
Closes #13