[11:42:30] <vgutierrez>	 hnowlan: when you have the chance could you point me to the public key of the RSA pair used by api.wm.o to sign JWTs?
[11:50:18] <taavi>	 cdanis: I missed your ping at https://phabricator.wikimedia.org/T303725#8229475 - is that something you're still interested in?
[12:01:27] <hnowlan>	 vgutierrez: I'm afraid I set that option a long time ago so I don't fully remember - I *believe* it's the same as wgOAuth2PublicKey in PrivateSettings.php, just adapted to the format required
[12:02:33] <hnowlan>	 ah yes, it is
[12:03:06] <vgutierrez>	 hmm I'm using that and I'm failing to validate jwt tokens I'm seeing
[12:04:12] <vgutierrez>	 I'll try to reproduce with a client under my control
[12:07:06] <hnowlan>	 where are the tokens coming from currently? 
[12:07:51] <vgutierrez>	 a client
[12:27:02] <cdanis>	 taavi: definitely, happy to help too
[12:35:48] <vgutierrez>	 hnowlan: ok... I got some success with manual validation now `Token is valid`... so I need to revisit my haproxy stuff :)
[12:39:46] <taavi>	 cdanis: cool, I don't think I have the capasity to do the refactoring to extract those headers the task description wants to do, but when that's done (or if you're not too against just copying the values to our config) I can do the work to roll those out to our web servers
[12:40:36] <cdanis>	 taavi: yeah I should update the task with this, but, it's been N years since we deployed NEL and we've almost never changed the configuration in that time; copying and pasting is fine actually
[12:42:29] <cdanis>	 does remarkup not support strikethrough 😅
[12:42:57] <cdanis>	 oh no it just calls it 'deleted'
[12:43:08] <taavi>	 ~~text~~
[12:46:54] <taavi>	 ok, I split our part to https://phabricator.wikimedia.org/T400994 and will try to find some time for that soonish
[12:51:32] <cdanis>	 thanks taavi, I updated the parent's description with the recommended response header values
[13:52:08] <hnowlan>	 vgutierrez: nice! if there's anything i can help with from translating the envoy stuff lemme know, not sure how much crossover there will be there
[13:52:34] <vgutierrez>	 hnowlan: already fixed.. had a bug on JWT exp date validation
[13:52:59] <vgutierrez>	 hnowlan: https://phabricator.wikimedia.org/T400238#11053764 I've already seen haproxy validating JWTs from api.wm.o, rest API and action API
[13:53:57] <cdanis>	 vgutierrez: hm, do we put x-trusted-req grade into x-analytics?
[13:54:06] <hnowlan>	 vgutierrez: cool! 
[13:54:45] <vgutierrez>	 cdanis: not at the moment
[13:55:07] <cdanis>	 i can put it on my list