This Week #4: Authentication, and pre-built packages index
Lucille
Last week, I created a login flow on the website using Stytch. This week, I focused on implementing token auto-refresh logic and building OAuth endpoints for Daniel’s authentication CLI.
Since Monday, my brain was jumping around organization creation, regular auth, Jetpack as an identity provider, our oauth providers, RLS for Supabase DB, JWTs and JWKS, session management, session tokens, access tokens, id tokens, custom claims, cookies, domain, etc. It was a bit confusing at times (or very confusing I should say), but we’ve finally got it working in production!
It feels like someone should have solved this authentication challenge long ago, but here we are, doing it all over again.
Daniel
Last week I created an openid + oath compatible authentication library for use when authenticating CLIs.
This week I continued that work by:
- Adding support for caching sessions
- Better support for ID tokens
- Testing the library by integrating it with our website acting as an Identity Provider (IdP)
The final step is to integrate it with our products!
Mohsen
This week I continued the work on envsec identity federation as well as envsec CLI. Ended up collaborating with Mike on the implementation details. I then focused on optimizing envsec so that it makes fewer HTTP API calls hence reducing the delay in which a user is able to get results.
On the side I also published a docker image for devbox in dockerhub and as a result simplified the Dockerfile a user might need to run their project in a container.
Next week I’m off, but when I come back I plan on catching up on a few reported user issues with devbox in devcontainers, and add a couple of requested features to devbox’s VSCode extension.
John
Merged a PR to improve our NGINX plugin by integrating envsubst, which should allow users to modify the default NGINX config by setting environment variables. This approach is similar to the one used in the official NGINX docker image.
I also did some testing and prepared docs for the upcoming 0.5.12 release. This release includes the ability to install packages conditional on the host architecture (e.g., only install certain packages on Linux or macOS), which is a much requested feature from our users!
Finally, met with a few customers to learn more about how they use Devbox, and some workflows they’ve developed to manage multiple Devbox projects at once. I’m planning to dive more into this topic this week!
Savil
I've been thinking of two major issues with Devbox. One is an issue users sometimes run into with GLIBC version incompatibilities. The other is that users have to wait a lot of time to download nixpkgs.
For the GLIBC issue, we did a deep dive the week before and understand the sequence of steps at a linker level that lead to the problem. The ideal fix is still a bit unclear so I deferred working on it this week in favor of tackling the second problem.
For the second problem, Rodrigo and I have been working on a solution for a couple of months. Its very close to being done. This week I did a few work items to get it to the finish line:
- Helped fix an issue with our cli-tests Github actions running out of space. This was affecting all Devbox development, but blocking Rodrigo from landing one of his fixes for this feature.
- We run tests against many of the devbox projects in the examples/ folder. I wrote a script that would apply devbox update on each of them. This gave them an updated devbox.lock file that enables the "fast path" to run.
- Unsurprisingly, having these more extensive tests run did uncover a couple of bugs, which got addressed.
We're going to do a release of Devbox early this week, but without this feature. Once that release goes out, we'll enable the "fast path" internally so we all dogfood it prior to the next Devbox release.
Greg
Short update this week. I spent most of my time getting the prebuilt status of nixpkgs binaries into the search index for Devbox and Nixhub. Now that the index has that information, the next step well be exposing it via our search API.