Continuum CLI Connection Improvements #22
Description
The CLI should follow this flow when connecting to the gateway.
- CLI Logs in anonymously
- Requests session upgrade, CLI is given unique token for session upgrade request
- User authenticates through the browser and approves session upgrade request using session upgrade token
- CLI session is now upgraded to use the Authenticated users "Participant" and roles.
Additional expectations
- Session upgrade token is a secure random value with enough entropy to make it effectively unguessable
- After upgrade CLI Participant should contain information identifying the user that approved the upgrade and the CLI connection itself. This can then be used for auditing purposes.
- CLI should be automatically disconnected if upgrade request is not approved within a specified amount of time.
- CLI should be disconnected and possibly blacklisted if it tries to send any data other than the upgrade request.
- This could indicate a malicious client