Revive Cookies. (#2788)

* Revive Cookies.
* change from tikv-jemalloc to mimalloc.

Cargo.lock

@@ -129,9 +129,9 @@ dependencies = [
 
 [[package]]
 name = "anyhow"
-version = "1.0.83"
+version = "1.0.86"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "25bdb32cbbdce2b519a9cd7df3a678443100e265d5e25ca763b7572a5104f5f3"
+checksum = "b3d1d046238990b9cf5bcde22a3fb3584ee5cf65fb2765f454ed428c7a0063da"
 
 [[package]]
 name = "anymap2"
@@ -232,7 +232,7 @@ checksum = "3b43422f69d8ff38f95f1b2bb76517c91589a924d1559a0e935d7c8ce0274c11"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.63",
+ "syn 2.0.65",
 ]
 
 [[package]]
@@ -254,7 +254,7 @@ checksum = "16e62a023e7c117e27523144c5d2459f4397fcc3cab0085af8e2224f643a0193"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.63",
+ "syn 2.0.65",
 ]
 
 [[package]]
@@ -265,7 +265,7 @@ checksum = "c6fa2087f2753a7da8cc1c0dbfcf89579dd57458e36769de5ac750b4671737ca"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.63",
+ "syn 2.0.65",
 ]
 
 [[package]]
@@ -380,6 +380,28 @@ dependencies = [
  "tokio",
 ]
 
+[[package]]
+name = "axum-extra"
+version = "0.7.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a93e433be9382c737320af3924f7d5fc6f89c155cf2bf88949d8f5126fab283f"
+dependencies = [
+ "axum",
+ "axum-core",
+ "bytes",
+ "cookie 0.17.0",
+ "futures-util",
+ "http",
+ "http-body",
+ "mime",
+ "pin-project-lite",
+ "serde",
+ "tokio",
+ "tower",
+ "tower-layer",
+ "tower-service",
+]
+
 [[package]]
 name = "axum-macros"
 version = "0.3.8"
@@ -389,7 +411,7 @@ dependencies = [
  "heck 0.4.1",
  "proc-macro2",
  "quote",
- "syn 2.0.63",
+ "syn 2.0.65",
 ]
 
 [[package]]
@@ -505,7 +527,7 @@ dependencies = [
  "regex",
  "rustc-hash",
  "shlex",
- "syn 2.0.63",
+ "syn 2.0.65",
  "which",
 ]
 
@@ -528,7 +550,7 @@ dependencies = [
  "regex",
  "rustc-hash",
  "shlex",
- "syn 2.0.63",
+ "syn 2.0.65",
  "which",
 ]
 
@@ -647,9 +669,9 @@ checksum = "37b2a672a2cb129a2e41c10b1224bb368f9f37a2b16b612598138befd7b37eb5"
 
 [[package]]
 name = "cc"
-version = "1.0.97"
+version = "1.0.98"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "099a5357d84c4c61eb35fc8eafa9a79a902c2f76911e5747ced4e032edd8d9b4"
+checksum = "41c270e7540d725e65ac7f1b212ac8ce349719624d7bcff99f8e2e488e8cf03f"
 
 [[package]]
 name = "cexpr"
@@ -771,7 +793,7 @@ dependencies = [
  "heck 0.5.0",
  "proc-macro2",
  "quote",
- "syn 2.0.63",
+ "syn 2.0.65",
 ]
 
 [[package]]
@@ -940,9 +962,9 @@ dependencies = [
 
 [[package]]
 name = "crc32fast"
-version = "1.4.0"
+version = "1.4.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b3855a8a784b474f333699ef2bbca9db2c4a1f6d9088a90a2d25b1eb53111eaa"
+checksum = "a97769d94ddab943e4510d138150169a2758b5ef3eb191a9ee688de3e23ef7b3"
 dependencies = [
  "cfg-if",
 ]
@@ -1009,9 +1031,9 @@ dependencies = [
 
 [[package]]
 name = "crossbeam-channel"
-version = "0.5.12"
+version = "0.5.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ab3db02a9c5b5121e1e42fbdb1aeb65f5e02624cc58c43f2884c6ccac0b82f95"
+checksum = "33480d6946193aa8033910124896ca395333cae7e2d1113d1fef6c3272217df2"
 dependencies = [
  "crossbeam-utils",
 ]
@@ -1046,9 +1068,9 @@ dependencies = [
 
 [[package]]
 name = "crossbeam-utils"
-version = "0.8.19"
+version = "0.8.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "248e3bacc7dc6baa3b21e405ee045c3047101a49145e7e9eca583ab4c2ca5345"
+checksum = "22ec99545bb0ed0ea7bb9b8e1e9122ea386ff8a48c0922e43f36d45ab09e0e80"
 
 [[package]]
 name = "crunchy"
@@ -1100,6 +1122,7 @@ dependencies = [
  "kanidm_proto",
  "kanidm_utils_users",
  "kanidmd_core",
+ "mimalloc",
  "opentelemetry",
  "opentelemetry_api",
  "prctl",
@@ -1109,7 +1132,6 @@ dependencies = [
  "serde_json",
  "sketching",
  "tempfile",
- "tikv-jemallocator",
  "tokio",
  "tokio-util",
  "toml",
@@ -1129,12 +1151,12 @@ dependencies = [
 
 [[package]]
 name = "darling"
-version = "0.20.8"
+version = "0.20.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "54e36fcd13ed84ffdfda6f5be89b31287cbb80c439841fe69e04841435464391"
+checksum = "83b2eb4d90d12bdda5ed17de686c2acb4c57914f8f921b8da7e112b5a36f3fe1"
 dependencies = [
- "darling_core 0.20.8",
+ "darling_core 0.20.9",
- "darling_macro 0.20.8",
+ "darling_macro 0.20.9",
 ]
 
 [[package]]
@@ -1153,16 +1175,16 @@ dependencies = [
 
 [[package]]
 name = "darling_core"
-version = "0.20.8"
+version = "0.20.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9c2cf1c23a687a1feeb728783b993c4e1ad83d99f351801977dd809b48d0a70f"
+checksum = "622687fe0bac72a04e5599029151f5796111b90f1baaa9b544d807a5e31cd120"
 dependencies = [
  "fnv",
  "ident_case",
  "proc-macro2",
  "quote",
- "strsim 0.10.0",
+ "strsim 0.11.1",
- "syn 2.0.63",
+ "syn 2.0.65",
 ]
 
 [[package]]
@@ -1178,13 +1200,13 @@ dependencies = [
 
 [[package]]
 name = "darling_macro"
-version = "0.20.8"
+version = "0.20.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a668eda54683121533a393014d8692171709ff57a7d61f187b6e782719f8933f"
+checksum = "733cabb43482b1a1b53eee8583c2b9e8684d592215ea83efd305dd31bc2f0178"
 dependencies = [
- "darling_core 0.20.8",
+ "darling_core 0.20.9",
  "quote",
- "syn 2.0.63",
+ "syn 2.0.65",
 ]
 
 [[package]]
@@ -1336,7 +1358,7 @@ checksum = "487585f4d0c6655fe74905e2504d8ad6908e4db67f744eb140876906c2f3175d"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.63",
+ "syn 2.0.65",
 ]
 
 [[package]]
@@ -1359,9 +1381,9 @@ checksum = "0d6ef0072f8a535281e4876be788938b528e9a1d43900b82c2569af7da799125"
 
 [[package]]
 name = "either"
-version = "1.11.0"
+version = "1.12.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a47c1c47d2f5964e29c61246e81db715514cd532db6b5116a25ea3c03d6780a2"
+checksum = "3dca9240753cf90908d7e4aac30f630662b02aebaa1b58a3cadabdb23385b58b"
 
 [[package]]
 name = "encode_unicode"
@@ -1395,7 +1417,7 @@ checksum = "a1ab991c1362ac86c61ab6f556cff143daa22e5a15e4e189df818b2fd19fe65b"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.63",
+ "syn 2.0.65",
 ]
 
 [[package]]
@@ -1415,7 +1437,7 @@ checksum = "5c785274071b1b420972453b306eeca06acf4633829db4223b58a2a8c5953bc4"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.63",
+ "syn 2.0.65",
 ]
 
 [[package]]
@@ -1516,11 +1538,11 @@ checksum = "9fc0510504f03c51ada170672ac806f1f105a88aa97a5281117e1ddc3368e51a"
 
 [[package]]
 name = "fernet"
-version = "0.2.1"
+version = "0.2.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3364d69f691f3903b1a71605fa04f40a7c2d259f0f0512347e36d19a63debf1f"
+checksum = "c66b725fe9483b9ee72ccaec072b15eb8ad95a3ae63a8c798d5748883b72fd33"
 dependencies = [
- "base64 0.21.7",
+ "base64 0.22.1",
  "byteorder",
  "getrandom",
  "openssl",
@@ -1690,7 +1712,7 @@ checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.63",
+ "syn 2.0.65",
 ]
 
 [[package]]
@@ -1886,9 +1908,9 @@ dependencies = [
 
 [[package]]
 name = "gix-date"
-version = "0.8.5"
+version = "0.8.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "180b130a4a41870edfbd36ce4169c7090bca70e195da783dea088dd973daa59c"
+checksum = "367ee9093b0c2b04fd04c5c7c8b6a1082713534eab537597ae343663a518fa99"
 dependencies = [
  "bstr",
  "itoa",
@@ -2001,7 +2023,7 @@ checksum = "1dff438f14e67e7713ab9332f5fd18c8f20eb7eb249494f6c2bf170522224032"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.63",
+ "syn 2.0.65",
 ]
 
 [[package]]
@@ -2797,9 +2819,9 @@ dependencies = [
 
 [[package]]
 name = "instant"
-version = "0.1.12"
+version = "0.1.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7a5bbe824c507c5da5956355e86a746d82e0e1464f65d862cc5e71da70e94b2c"
+checksum = "e0242819d153cba4b4b05a5a8f2a7e9bbf97b6055b2a002b395c96b5ff3c0222"
 dependencies = [
  "cfg-if",
 ]
@@ -3118,6 +3140,7 @@ dependencies = [
  "libc",
  "libsqlite3-sys",
  "lru 0.8.1",
+ "mimalloc",
  "notify-debouncer-full",
  "prctl",
  "rpassword 7.3.1",
@@ -3150,6 +3173,7 @@ dependencies = [
  "axum",
  "axum-auth",
  "axum-csp",
+ "axum-extra",
  "axum-macros",
  "axum-server",
  "bytes",
@@ -3260,7 +3284,7 @@ version = "1.3.0-dev"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.63",
+ "syn 2.0.65",
 ]
 
 [[package]]
@@ -3472,9 +3496,9 @@ dependencies = [
 
 [[package]]
 name = "libc"
-version = "0.2.154"
+version = "0.2.155"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ae743338b92ff9146ce83992f766a31066a91a8c84a45e0e9f21e7cf6de6d346"
+checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c"
 
 [[package]]
 name = "libloading"
@@ -3486,6 +3510,16 @@ dependencies = [
  "windows-targets 0.52.5",
 ]
 
+[[package]]
+name = "libmimalloc-sys"
+version = "0.1.38"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0e7bb23d733dfcc8af652a78b7bf232f0e967710d044732185e561e47c0336b6"
+dependencies = [
+ "cc",
+ "libc",
+]
+
 [[package]]
 name = "libnss"
 version = "0.4.0"
@@ -3540,9 +3574,9 @@ dependencies = [
 
 [[package]]
 name = "linux-raw-sys"
-version = "0.4.13"
+version = "0.4.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "01cda141df6706de531b6c46c3a33ecca755538219bd484262fa09410c13539c"
+checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89"
 
 [[package]]
 name = "lock_api"
@@ -3645,6 +3679,15 @@ dependencies = [
  "autocfg",
 ]
 
+[[package]]
+name = "mimalloc"
+version = "0.1.42"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e9186d86b79b52f4a77af65604b51225e8db1d6ee7e3f41aec1e40829c71a176"
+dependencies = [
+ "libmimalloc-sys",
+]
+
 [[package]]
 name = "mime"
 version = "0.3.17"
@@ -3669,9 +3712,9 @@ checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
 
 [[package]]
 name = "miniz_oxide"
-version = "0.7.2"
+version = "0.7.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9d811f3e15f28568be3407c8e7fdb6514c1cda3cb30683f15b6a1a1dc4ea14a7"
+checksum = "87dfd01fe195c66b572b37921ad8803d010623c0aca821bea2302239d155cdae"
 dependencies = [
  "adler",
 ]
@@ -4036,7 +4079,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.63",
+ "syn 2.0.65",
 ]
 
 [[package]]
@@ -4180,11 +4223,11 @@ dependencies = [
  "kanidm_client",
  "kanidm_proto",
  "mathru",
+ "mimalloc",
  "rand",
  "rand_chacha",
  "serde",
  "serde_json",
- "tikv-jemallocator",
  "tokio",
  "toml",
  "tracing",
@@ -4405,7 +4448,7 @@ checksum = "2f38a4412a78282e09a2cf38d195ea5420d15ba0602cb375210efbc877243965"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.63",
+ "syn 2.0.65",
 ]
 
 [[package]]
@@ -4439,9 +4482,9 @@ checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec"
 
 [[package]]
 name = "plotters"
-version = "0.3.5"
+version = "0.3.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d2c224ba00d7cadd4d5c660deaf2098e5e80e07846537c51f9cfa4be50c1fd45"
+checksum = "a15b6eccb8484002195a3e44fe65a4ce8e93a625797a063735536fd59cb01cf3"
 dependencies = [
  "num-traits",
  "plotters-backend",
@@ -4452,15 +4495,15 @@ dependencies = [
 
 [[package]]
 name = "plotters-backend"
-version = "0.3.5"
+version = "0.3.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9e76628b4d3a7581389a35d5b6e2139607ad7c75b17aed325f210aa91f4a9609"
+checksum = "414cec62c6634ae900ea1c56128dfe87cf63e7caece0852ec76aba307cebadb7"
 
 [[package]]
 name = "plotters-svg"
-version = "0.3.5"
+version = "0.3.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "38f6d39893cca0701371e3c27294f09797214b86f1fb951b89ade8ec04e2abab"
+checksum = "81b30686a7d9c3e010b84284bdd26a29f2138574f52f5eb6f794fc0ad924e705"
 dependencies = [
  "plotters-backend",
 ]
@@ -4531,7 +4574,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5f12335488a2f3b0a83b14edad48dca9879ce89b2edd10e80237e4e852dd645e"
 dependencies = [
  "proc-macro2",
- "syn 2.0.63",
+ "syn 2.0.65",
 ]
 
 [[package]]
@@ -4576,9 +4619,9 @@ checksum = "dc375e1527247fe1a97d8b7156678dfe7c1af2fc075c9a4db3690ecd2a148068"
 
 [[package]]
 name = "proc-macro2"
-version = "1.0.82"
+version = "1.0.83"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8ad3d49ab951a01fbaafe34f2ec74122942fe18a3f9814c3268f1bb72042131b"
+checksum = "0b33eb56c327dec362a9e55b3ad14f9d2f0904fb5a5b03b513ab5465399e9f43"
 dependencies = [
  "unicode-ident",
 ]
@@ -4940,7 +4983,7 @@ dependencies = [
  "quote",
  "rust-embed-utils",
  "shellexpand 3.1.0",
- "syn 2.0.63",
+ "syn 2.0.65",
  "walkdir",
 ]
 
@@ -4999,9 +5042,9 @@ dependencies = [
 
 [[package]]
 name = "rustversion"
-version = "1.0.16"
+version = "1.0.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "092474d1a01ea8278f69e6a358998405fae5b8b963ddaeb2b0b04a128bf1dfb0"
+checksum = "955d28af4278de8121b7ebeb796b6a45735dc01436d898801014aced2773a3d6"
 
 [[package]]
 name = "ryu"
@@ -5119,9 +5162,9 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b"
 
 [[package]]
 name = "serde"
-version = "1.0.201"
+version = "1.0.202"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "780f1cebed1629e4753a1a38a3c72d30b97ec044f0aef68cb26650a3c5cf363c"
+checksum = "226b61a0d411b2ba5ff6d7f73a476ac4f8bb900373459cd00fab8512828ba395"
 dependencies = [
  "serde_derive",
 ]
@@ -5179,13 +5222,13 @@ dependencies = [
 
 [[package]]
 name = "serde_derive"
-version = "1.0.201"
+version = "1.0.202"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c5e405930b9796f1c00bee880d03fc7e0bb4b9a11afc776885ffe84320da2865"
+checksum = "6048858004bcff69094cd972ed40a32500f153bd3be9f716b2eed2e8217c4838"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.63",
+ "syn 2.0.65",
 ]
 
 [[package]]
@@ -5245,10 +5288,10 @@ version = "3.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "65569b702f41443e8bc8bbb1c5779bd0450bbe723b56198980e80ec45780bce2"
 dependencies = [
- "darling 0.20.8",
+ "darling 0.20.9",
  "proc-macro2",
  "quote",
- "syn 2.0.63",
+ "syn 2.0.65",
 ]
 
 [[package]]
@@ -5479,9 +5522,9 @@ dependencies = [
 
 [[package]]
 name = "syn"
-version = "2.0.63"
+version = "2.0.65"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bf5be731623ca1a1fb7d8be6f261a3be6d3e2337b8a1f97be944d020c8fcb704"
+checksum = "d2863d96a84c6439701d7a38f9de935ec562c8832cc55d1dde0f513b52fad106"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -5557,27 +5600,27 @@ version = "0.1.0"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.63",
+ "syn 2.0.65",
 ]
 
 [[package]]
 name = "thiserror"
-version = "1.0.60"
+version = "1.0.61"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "579e9083ca58dd9dcf91a9923bb9054071b9ebbd800b342194c9feb0ee89fc18"
+checksum = "c546c80d6be4bc6a00c0f01730c08df82eaa7a7a61f11d656526506112cc1709"
 dependencies = [
  "thiserror-impl",
 ]
 
 [[package]]
 name = "thiserror-impl"
-version = "1.0.60"
+version = "1.0.61"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e2470041c06ec3ac1ab38d0356a6119054dedaea53e12fbefc0de730a1c08524"
+checksum = "46c3384250002a6d5af4d114f2845d37b57521033f30d5c3f46c4d70e1197533"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.63",
+ "syn 2.0.65",
 ]
 
 [[package]]
@@ -5590,26 +5633,6 @@ dependencies = [
  "once_cell",
 ]
 
-[[package]]
-name = "tikv-jemalloc-sys"
-version = "0.5.4+5.3.0-patched"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9402443cb8fd499b6f327e40565234ff34dbda27460c5b47db0db77443dd85d1"
-dependencies = [
- "cc",
- "libc",
-]
-
-[[package]]
-name = "tikv-jemallocator"
-version = "0.5.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "965fe0c26be5c56c94e38ba547249074803efd52adfb66de62107d95aab3eaca"
-dependencies = [
- "libc",
- "tikv-jemalloc-sys",
-]
-
 [[package]]
 name = "time"
 version = "0.3.36"
@@ -5704,7 +5727,7 @@ checksum = "5b8a1e28f2deaa14e508979454cb3a223b10b938b45af148bc0986de36f1923b"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.63",
+ "syn 2.0.65",
 ]
 
 [[package]]
@@ -5765,9 +5788,9 @@ dependencies = [
 
 [[package]]
 name = "toml_datetime"
-version = "0.6.5"
+version = "0.6.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3550f4e9685620ac18a50ed434eb3aec30db8ba93b0287467bca5826ea25baf1"
+checksum = "4badfd56924ae69bcc9039335b2e017639ce3f9b001c393c1b2d1ef846ce2cbf"
 
 [[package]]
 name = "toml_edit"
@@ -5888,7 +5911,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.63",
+ "syn 2.0.65",
 ]
 
 [[package]]
@@ -6133,7 +6156,7 @@ dependencies = [
  "proc-macro2",
  "quote",
  "regex",
- "syn 2.0.63",
+ "syn 2.0.65",
  "url",
  "uuid",
 ]
@@ -6245,7 +6268,7 @@ dependencies = [
  "once_cell",
  "proc-macro2",
  "quote",
- "syn 2.0.63",
+ "syn 2.0.65",
  "wasm-bindgen-shared",
 ]
 
@@ -6279,7 +6302,7 @@ checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.63",
+ "syn 2.0.65",
  "wasm-bindgen-backend",
  "wasm-bindgen-shared",
 ]
@@ -6312,7 +6335,7 @@ checksum = "b7f89739351a2e03cb94beb799d47fb2cac01759b40ec441f7de39b00cbf7ef0"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.63",
+ "syn 2.0.65",
 ]
 
 [[package]]
@@ -6852,7 +6875,7 @@ checksum = "15e934569e47891f7d9411f1a451d947a60e000ab3bd24fbb970f000387d1b3b"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.63",
+ "syn 2.0.65",
 ]
 
 [[package]]
@@ -6872,7 +6895,7 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.63",
+ "syn 2.0.65",
 ]
 
 [[package]]

Cargo.toml

@@ -153,6 +153,7 @@ libsqlite3-sys = "^0.25.2"
 lodepng = "3.10.1"
 lru = "^0.8.1"
 mathru = "^0.13.0"
+mimalloc = "0.1.42"
 notify-debouncer-full = { version = "0.1" }
 num_enum = "^0.5.11"
 oauth2_ext = { version = "^4.4.2", package = "oauth2", default-features = false }
@@ -207,8 +208,6 @@ tempfile = "3.10.1"
 testkit-macros = { path = "./server/testkit-macros" }
 time = { version = "^0.3.34", features = ["formatting", "local-offset"] }
 
-tikv-jemallocator = "0.5"
-
 tokio = "^1.36.0"
 tokio-openssl = "^0.6.4"
 tokio-util = "^0.7.10"

examples/insecure_server.toml

@@ -5,7 +5,7 @@ db_fs_type = "zfs"
 db_path = "/tmp/kanidm/kanidm.db"
 tls_chain = "/tmp/kanidm/chain.pem"
 tls_key = "/tmp/kanidm/key.pem"
-tls_client_ca = "/tmp/kanidm/client_ca"
+# tls_client_ca = "/tmp/kanidm/client_ca"
 
 #   The log level of the server. May be one of info, debug, trace
 #

libs/client/src/lib.rs

@@ -27,8 +27,7 @@ use std::time::Duration;
 use compact_jwt::Jwk;
 use kanidm_proto::constants::uri::V1_AUTH_VALID;
 use kanidm_proto::constants::{
-    APPLICATION_JSON, ATTR_ENTRY_MANAGED_BY, ATTR_NAME, CLIENT_TOKEN_CACHE, KOPID, KSESSIONID,
+    APPLICATION_JSON, ATTR_ENTRY_MANAGED_BY, ATTR_NAME, CLIENT_TOKEN_CACHE, KOPID, KVERSION,
-    KVERSION,
 };
 use kanidm_proto::internal::*;
 use kanidm_proto::v1::*;
@@ -186,7 +185,6 @@ pub struct KanidmClient {
     pub(crate) origin: Url,
     pub(crate) builder: KanidmClientBuilder,
     pub(crate) bearer_token: RwLock<Option<String>>,
-    pub(crate) auth_session_id: RwLock<Option<String>>,
     pub(crate) check_version: Mutex<bool>,
     /// Where to store the tokens when you auth, only modify in testing.
     token_cache_path: String,
@@ -528,7 +526,6 @@ impl KanidmClientBuilder {
             builder: self,
             bearer_token: RwLock::new(None),
             origin,
-            auth_session_id: RwLock::new(None),
             check_version: Mutex::new(true),
             token_cache_path,
         })
@@ -761,16 +758,6 @@ impl KanidmClient {
             }
         };
 
-        // If we have a session header, set it now.
-        let response = {
-            let sguard = self.auth_session_id.read().await;
-            if let Some(sessionid) = &(*sguard) {
-                response.header(KSESSIONID, sessionid)
-            } else {
-                response
-            }
-        };
-
         let response = response
             .send()
             .await
@@ -779,16 +766,6 @@ impl KanidmClient {
         self.expect_version(&response).await;
 
         // If we have a sessionid header in the response, get it now.
-
-        let headers = response.headers();
-
-        {
-            let mut sguard = self.auth_session_id.write().await;
-            *sguard = headers
-                .get(KSESSIONID)
-                .and_then(|hv| hv.to_str().ok().map(str::to_string));
-        }
-
         let opid = self.get_kopid_from_response(&response);
 
         match response.status() {

proto/src/internal/mod.rs

@@ -24,6 +24,9 @@ pub use self::error::*;
 pub use self::raw::*;
 pub use self::token::*;
 
+pub const COOKIE_AUTH_SESSION_ID: &str = "auth-session-id";
+pub const COOKIE_BEARER_TOKEN: &str = "bearer";
+
 #[derive(Debug, Serialize, Deserialize, Clone, ToSchema)]
 /// This is a description of a linked or connected application for a user. This is
 /// used in the UI to render applications on the dashboard for a user to access.

proto/src/v1/auth.rs

@@ -110,8 +110,10 @@ impl fmt::Display for AuthMech {
 #[derive(Debug, Serialize, Deserialize, Copy, Clone, ToSchema)]
 #[serde(rename_all = "lowercase")]
 pub enum AuthIssueSession {
-    // Previously supported other types beside token.
+    /// Issue a bearer token for this client. This is the default.
     Token,
+    /// Issue a cookie for this client.
+    Cookie,
 }
 
 /// A request for the next step of an authentication.

server/core/Cargo.toml

@@ -20,6 +20,7 @@ async-trait = { workspace = true }
 axum = { workspace = true }
 axum-auth = "0.4.1"
 axum-csp = { workspace = true }
+axum-extra = { version = "0.7.7", features = ["cookie"] }
 axum-macros = "0.3.8"
 axum-server = { version = "0.5.1", features = ["tls-openssl"] }
 bytes = { workspace = true }

server/core/src/https/extractors/mod.rs

@@ -7,8 +7,12 @@ use axum::{
     },
     RequestPartsExt,
 };
+
+use axum_extra::extract::cookie::CookieJar;
+
 use hyper::server::conn::AddrStream;
 use kanidm_proto::constants::X_FORWARDED_FOR;
+use kanidm_proto::internal::COOKIE_BEARER_TOKEN;
 use kanidmd_lib::prelude::{ClientAuthInfo, ClientCertInfo, Source};
 
 use compact_jwt::JwsCompact;
@@ -156,7 +160,14 @@ impl FromRequestParts<ServerState> for VerifiedClientInformation {
                 (None, None)
             }
         } else {
-            (None, None)
+            // Only if there are no credentials in bearer, do we examine cookies.
+            let jar = CookieJar::from_headers(&parts.headers);
+
+            let value: Option<&str> = jar.get(COOKIE_BEARER_TOKEN).map(|c| c.value());
+
+            let maybe_bearer = value.and_then(|authz_data| JwsCompact::from_str(authz_data).ok());
+
+            (None, maybe_bearer)
         };
 
         Ok(VerifiedClientInformation(ClientAuthInfo {

server/core/src/https/mod.rs

@@ -25,12 +25,13 @@ use axum::response::Redirect;
 use axum::routing::*;
 use axum::Router;
 use axum_csp::{CspDirectiveType, CspValue};
-use axum_macros::FromRef;
+use axum_extra::extract::cookie::CookieJar;
 use compact_jwt::{JwsCompact, JwsHs256Signer, JwsVerifier};
 use hashbrown::HashMap;
 use hyper::server::accept::Accept;
 use hyper::server::conn::{AddrStream, Http};
 use kanidm_proto::constants::KSESSIONID;
+use kanidm_proto::internal::COOKIE_AUTH_SESSION_ID;
 use kanidmd_lib::idm::ClientCertInfo;
 use kanidmd_lib::status::StatusActor;
 use openssl::nid;
@@ -57,7 +58,7 @@ use crate::CoreAction;
 
 use self::v1::SessionId;
 
-#[derive(Clone, FromRef)]
+#[derive(Clone)]
 pub struct ServerState {
     pub status_ref: &'static StatusActor,
     pub qe_w_ref: &'static QueryServerWriteV1,
@@ -68,6 +69,9 @@ pub struct ServerState {
     pub js_files: JavaScriptFiles,
     pub(crate) trust_x_forward_for: bool,
     pub csp_header: HeaderValue,
+    pub domain: String,
+    // This is set to true by default, and is only false on integration tests.
+    pub secure_cookies: bool,
 }
 
 impl ServerState {
@@ -85,15 +89,24 @@ impl ServerState {
         }
     }
 
-    fn get_current_auth_session_id(&self, headers: &HeaderMap) -> Option<Uuid> {
+    #[instrument(level = "trace", skip_all)]
+    fn get_current_auth_session_id(&self, headers: &HeaderMap, jar: &CookieJar) -> Option<Uuid> {
         // We see if there is a signed header copy first.
         headers
             .get(KSESSIONID)
             .and_then(|hv| {
+                trace!("trying header");
                 // Get the first header value.
                 hv.to_str().ok()
             })
-            .and_then(|s| self.reinflate_uuid_from_bytes(s))
+            .or_else(|| {
+                trace!("trying cookie");
+                jar.get(COOKIE_AUTH_SESSION_ID).map(|c| c.value())
+            })
+            .and_then(|s| {
+                trace!(id_jws = %s);
+                self.reinflate_uuid_from_bytes(s)
+            })
     }
 }
 
@@ -239,6 +252,8 @@ pub async fn create_https_server(
         js_files,
         trust_x_forward_for,
         csp_header: csp_header.finish(),
+        domain: config.domain.clone(),
+        secure_cookies: config.integration_test_config.is_none(),
     };
 
     let static_routes = match config.role {

server/core/src/https/v1.rs

@@ -6,6 +6,7 @@ use axum::middleware::from_fn;
 use axum::response::{IntoResponse, Response};
 use axum::routing::{delete, get, post, put};
 use axum::{Extension, Json, Router};
+use axum_extra::extract::cookie::{Cookie, CookieJar, SameSite};
 use compact_jwt::{Jwk, Jws, JwsSigner};
 use kanidm_proto::constants::uri::V1_AUTH_VALID;
 use serde::{Deserialize, Serialize};
@@ -15,7 +16,8 @@ use uuid::Uuid;
 use kanidm_proto::internal::{
     ApiToken, AppLink, CUIntentToken, CURequest, CUSessionToken, CUStatus, CreateRequest,
     CredentialStatus, DeleteRequest, IdentifyUserRequest, IdentifyUserResponse, ModifyRequest,
-    RadiusAuthToken, SearchRequest, SearchResponse, UserAuthToken,
+    RadiusAuthToken, SearchRequest, SearchResponse, UserAuthToken, COOKIE_AUTH_SESSION_ID,
+    COOKIE_BEARER_TOKEN,
 };
 use kanidm_proto::v1::{
     AccountUnixExtend, ApiTokenGenerate, AuthIssueSession, AuthRequest, AuthResponse,
@@ -208,12 +210,14 @@ pub async fn logout(
     State(state): State<ServerState>,
     Extension(kopid): Extension<KOpId>,
     VerifiedClientInformation(client_auth_info): VerifiedClientInformation,
-) -> Result<Json<()>, WebError> {
+    jar: CookieJar,
+) -> Result<Response, WebError> {
     state
         .qe_w_ref
         .handle_logout(client_auth_info, kopid.eventid)
         .await
         .map(Json::from)
+        .map(|json| (jar, json).into_response())
         .map_err(WebError::from)
 }
 
@@ -2730,6 +2734,7 @@ pub async fn applinks_get(
 pub async fn reauth(
     State(state): State<ServerState>,
     VerifiedClientInformation(client_auth_info): VerifiedClientInformation,
+    jar: CookieJar,
     Extension(kopid): Extension<KOpId>,
     Json(obj): Json<AuthIssueSession>,
 ) -> Result<Response, WebError> {
@@ -2739,7 +2744,7 @@ pub async fn reauth(
         .handle_reauth(client_auth_info, obj, kopid.eventid)
         .await;
     debug!("ReAuth result: {:?}", inter);
-    auth_session_state_management(state, inter)
+    auth_session_state_management(state, jar, inter)
 }
 
 #[utoipa::path(
@@ -2757,6 +2762,7 @@ pub async fn reauth(
 pub async fn auth(
     State(state): State<ServerState>,
     VerifiedClientInformation(client_auth_info): VerifiedClientInformation,
+    jar: CookieJar,
     headers: HeaderMap,
     Extension(kopid): Extension<KOpId>,
     Json(obj): Json<AuthRequest>,
@@ -2765,8 +2771,9 @@ pub async fn auth(
     // Do anything here first that's needed like getting the session details
     // out of the req cookie.
 
-    let maybe_sessionid = state.get_current_auth_session_id(&headers);
+    let maybe_sessionid = state.get_current_auth_session_id(&headers, &jar);
     debug!("Session ID: {:?}", maybe_sessionid);
+
     // We probably need to know if we allocate the cookie, that this is a
     // new session, and in that case, anything *except* authrequest init is
     // invalid.
@@ -2775,12 +2782,13 @@ pub async fn auth(
         .handle_auth(maybe_sessionid, obj, kopid.eventid, client_auth_info)
         .await;
     debug!("Auth result: {:?}", inter);
-    auth_session_state_management(state, inter)
+    auth_session_state_management(state, jar, inter)
 }
 
 #[instrument(skip(state))]
 fn auth_session_state_management(
     state: ServerState,
+    mut jar: CookieJar,
     inter: Result<AuthResult, OperationError>,
 ) -> Result<Response, WebError> {
     let mut auth_session_id_tok = None;
@@ -2793,8 +2801,7 @@ fn auth_session_state_management(
             // Do some response/state management.
             match auth_state {
                 AuthState::Choose(allowed) => {
-                    debug!("🧩 -> AuthState::Choose"); // TODO: this should be ... less work
+                    debug!("🧩 -> AuthState::Choose");
-                                                       // Ensure the auth-session-id is set
                     let kref = &state.jws_signer;
                     let jws = Jws::into_json(&SessionId { sessionid }).map_err(|e| {
                         error!(?e);
@@ -2835,6 +2842,24 @@ fn auth_session_state_management(
 
                     match issue {
                         AuthIssueSession::Token => Ok(ProtoAuthState::Success(token.to_string())),
+                        AuthIssueSession::Cookie => {
+                            // Update jar
+                            let token_str = token.to_string();
+                            let mut bearer_cookie =
+                                Cookie::new(COOKIE_BEARER_TOKEN, token_str.clone());
+                            bearer_cookie.set_secure(state.secure_cookies);
+                            bearer_cookie.set_same_site(SameSite::Lax);
+                            bearer_cookie.set_http_only(true);
+                            // We set a domain here because it allows subdomains
+                            // of the idm to share the cookie. If domain was incorrect
+                            // then webauthn won't work anyway!
+                            bearer_cookie.set_domain(state.domain.clone());
+                            bearer_cookie.set_path("/");
+                            jar = jar
+                                .add(bearer_cookie)
+                                .remove(Cookie::named(COOKIE_AUTH_SESSION_ID));
+                            Ok(ProtoAuthState::Success(token_str))
+                        }
                     }
                 }
                 AuthState::Denied(reason) => {
@@ -2849,7 +2874,23 @@ fn auth_session_state_management(
 
     // if the sessionid was injected into our cookie, set it in the header too.
     res.map(|response| {
-        let mut res = Json::from(response).into_response();
+        jar = if let Some(token) = auth_session_id_tok.clone() {
+            let mut token_cookie = Cookie::new(COOKIE_AUTH_SESSION_ID, token);
+            token_cookie.set_secure(state.secure_cookies);
+            token_cookie.set_same_site(SameSite::Strict);
+            token_cookie.set_http_only(true);
+            // Not setting domains limits the cookie to precisely this
+            // url that was used.
+            // token_cookie.set_domain(state.domain.clone());
+            jar.add(token_cookie)
+        } else {
+            jar
+        };
+
+        trace!(?jar);
+
+        let mut res = (jar, Json::from(response)).into_response();
+
         match auth_session_id_tok {
             Some(tok) => {
                 match HeaderValue::from_str(&tok) {

server/core/src/lib.rs

@@ -39,7 +39,7 @@ use std::fmt::{Display, Formatter};
 use std::sync::Arc;
 
 use crate::utils::touch_file_or_quit;
-use compact_jwt::JwsHs256Signer;
+use compact_jwt::{JwsHs256Signer, JwsSigner};
 use kanidm_proto::internal::OperationError;
 use kanidmd_lib::be::{Backend, BackendConfig, BackendTransaction};
 use kanidmd_lib::idm::ldap::LdapServer;
@@ -853,7 +853,7 @@ pub async fn create_server_core(
     // Extract any configuration from the IDMS that we may need.
     // For now we just do this per run, but we need to extract this from the db later.
     let jws_signer = match JwsHs256Signer::generate_hs256() {
-        Ok(k) => k,
+        Ok(k) => k.set_sign_option_embed_kid(false),
         Err(e) => {
             error!("Unable to setup jws signer -> {:?}", e);
             return Err(());

server/daemon/Cargo.toml

@@ -28,6 +28,7 @@ fs2 = { workspace = true }
 futures = { workspace = true }
 
 clap = { workspace = true, features = ["env"] }
+mimalloc = { workspace = true }
 reqwest = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
 tokio = { workspace = true, features = ["rt-multi-thread", "macros", "signal"] }
@@ -51,7 +52,6 @@ whoami = { workspace = true }
 
 [target.'cfg(not(target_family = "windows"))'.dependencies]
 kanidm_utils_users = { workspace = true }
-tikv-jemallocator = { workspace = true }
 
 [build-dependencies]
 serde = { workspace = true, features = ["derive"] }

server/daemon/src/main.rs

@@ -12,7 +12,7 @@
 
 #[cfg(not(target_family = "windows"))]
 #[global_allocator]
-static ALLOC: tikv_jemallocator::Jemalloc = tikv_jemallocator::Jemalloc;
+static GLOBAL: mimalloc::MiMalloc = mimalloc::MiMalloc;
 
 use std::fs::{metadata, File};
 // This works on both unix and windows.

server/lib/src/server/migrations.rs

@@ -52,9 +52,9 @@ impl QueryServer {
 
         debug!(?db_domain_version, "Before setting internal domain info");
 
-        // No domain info was present, so neither was the rest of the IDM. We need to bootstrap
-        // the base-schema here.
         if db_domain_version == 0 {
+            // No domain info was present, so neither was the rest of the IDM. We need to bootstrap
+            // the base-schema here.
             write_txn.initialise_schema_idm()?;
 
             write_txn.reload()?;
@@ -64,6 +64,13 @@ impl QueryServer {
             // very early in the bootstrap process, and very few entries exist,
             // reindexing is very fast here.
             write_txn.reindex()?;
+        } else {
+            // Domain info was present, so we need to reflect that in our server
+            // domain structures. If we don't do this, the in memory domain level
+            // is stuck at 0 which can confuse init domain info below.
+            write_txn.force_domain_reload();
+
+            write_txn.reload()?;
         }
 
         // Indicate the schema is now ready, which allows dyngroups to work when they

server/lib/src/server/mod.rs

@@ -1898,6 +1898,10 @@ impl<'a> QueryServerWriteTransaction<'a> {
         self.changed_flags.insert(ChangeFlag::SCHEMA);
     }
 
+    fn force_domain_reload(&mut self) {
+        self.changed_flags.insert(ChangeFlag::DOMAIN);
+    }
+
     pub(crate) fn upgrade_reindex(&mut self, v: i64) -> Result<(), OperationError> {
         self.be_txn.upgrade_reindex(v)
     }

server/web_ui/login_flows/src/components.rs

@@ -22,8 +22,8 @@ use kanidmd_web_ui_shared::constants::{
     URL_USER_HOME,
 };
 use kanidmd_web_ui_shared::models::{
-    self, clear_bearer_token, get_bearer_token, get_login_hint, pop_login_hint,
+    self, get_login_hint, pop_login_hint, pop_login_remember_me, pop_return_location,
-    pop_login_remember_me, pop_return_location, push_login_remember_me, set_bearer_token,
+    push_login_remember_me,
 };
 use kanidmd_web_ui_shared::{do_request, error::FetchError, utils, RequestMethod};
 use serde::Serialize;
@@ -34,18 +34,6 @@ pub struct LoginApp {
     state: LoginState,
 }
 
-impl Default for LoginApp {
-    fn default() -> Self {
-        Self {
-            state: LoginState::InitLogin {
-                enable: true,
-                remember_me: false,
-                username: String::new(),
-            },
-        }
-    }
-}
-
 #[derive(PartialEq, Clone, Copy)]
 pub enum LoginWorkflow {
     Login,
@@ -148,16 +136,11 @@ impl From<SessionStatus> for LoginAppMsg {
 }
 
 impl LoginApp {
-    /// Validate that the current auth token's OK
-    async fn fetch_session_valid() -> Result<LoginAppMsg, FetchError> {
-        fetch_session_valid().await.map(|v| v.into())
-    }
-
     async fn auth_init(username: String) -> Result<LoginAppMsg, FetchError> {
         let authreq = AuthRequest {
             step: AuthStep::Init2 {
                 username,
-                issue: AuthIssueSession::Token,
+                issue: AuthIssueSession::Cookie,
                 privileged: false,
             },
         };
@@ -187,7 +170,7 @@ impl LoginApp {
     }
 
     async fn reauth_init() -> Result<LoginAppMsg, FetchError> {
-        let issue = AuthIssueSession::Token;
+        let issue = AuthIssueSession::Cookie;
         let req_jsvalue = issue
             .serialize(&serde_wasm_bindgen::Serializer::json_compatible())
             .expect("Failed to serialise request");
@@ -662,48 +645,30 @@ impl Component for LoginApp {
         let state = match workflow {
             LoginWorkflow::Login => {
                 // let's check if they're already authenticated!
-                if get_bearer_token().is_some() {
+                ctx.link().send_future(async {
-                    ctx.link().send_future(async {
+                    match fetch_session_valid().await {
-                        match Self::fetch_session_valid().await {
+                        Ok(SessionStatus::TokenValid) => {
-                            Ok(_) => {
+                            console::info!("Already logged in, redirecting to user home page");
-                                console::info!(
+                            let window = gloo_utils::window();
-                                    "Already logged in, redirecting to user home page"
+                            window.location().set_href(URL_USER_HOME).expect_throw(
-                                );
+                                &["failed to set location to ", URL_USER_HOME].concat(),
-                                let window = gloo_utils::window();
+                            );
-                                window
-                                    .location()
-                                    .set_href(URL_USER_HOME)
-                                    .expect_throw(&["failed to set location to ", URL_USER_HOME].concat());
 
-                                LoginAppMsg::AlreadyAuthenticated
+                            LoginAppMsg::AlreadyAuthenticated
-                                }
-                            Err(v) => {
-                                console::error!(
-                                    "Error checking session validity, clearing token and returning to login page: {:?}",
-                                    v.as_string()
-                                );
-                                clear_bearer_token();
-                                LoginAppMsg::Restart
-                            }
                         }
-                    });
+                        Err(_) | Ok(SessionStatus::LoginRequired) => LoginAppMsg::Restart,
-                }
+                        Ok(SessionStatus::Error { emsg, kopid }) => {
-
+                            LoginAppMsg::Error { emsg, kopid }
-                if get_bearer_token().is_some() {
+                        }
-                    // We're already logged in, so we're going to redirect to the apps page.
+                    }
-                    return Self::default();
+                });
-                }
-
-                // Do we have a login hint?
-                let (username, remember_me) = get_login_hint()
-                    .map(|user| (user, false))
-                    .or_else(|| models::get_login_remember_me().map(|user| (user, true)))
-                    .unwrap_or_default();
 
+                // Disable the form while we wait. We either get to AlreadyAuthenticated, or
+                // Restart from the above async call.
                 LoginState::InitLogin {
-                    enable: true,
+                    enable: false,
-                    remember_me,
+                    remember_me: false,
-                    username,
+                    username: String::new(),
                 }
             }
             LoginWorkflow::Reauth => match get_login_hint() {
@@ -1050,16 +1015,10 @@ impl Component for LoginApp {
                         self.state = LoginState::Denied(reason);
                         true
                     }
-                    AuthState::Success(bearer_token) => {
+                    AuthState::Success(_bearer_token) => {
-                        // Store the bearer here!
+                        // No need to store bearer, it is a cookie now.
-                        // We need to format the bearer onto it.
-                        #[cfg(debug_assertions)]
-                        console::info!(
-                            "User has successfully authenticated, setting the bearer token"
-                        );
-                        let bearer_token = format!("Bearer {}", bearer_token);
-                        set_bearer_token(bearer_token);
                         self.state = LoginState::Authenticated;
+                        // No need to render, that's the next page's job.
                         true
                     }
                 }

server/web_ui/login_flows/src/oauth2.rs

@@ -15,8 +15,8 @@ use yew_router::prelude::*;
 
 use super::router::LoginRoute;
 use kanidmd_web_ui_shared::models::{
-    get_bearer_token, pop_oauth2_authorisation_request, push_login_hint,
+    pop_oauth2_authorisation_request, push_login_hint, push_oauth2_authorisation_request,
-    push_oauth2_authorisation_request, push_return_location,
+    push_return_location,
 };
 use kanidmd_web_ui_shared::{do_request, error::FetchError, utils, RequestMethod};
 
@@ -166,12 +166,14 @@ impl Oauth2App {
             .set(CONTENT_TYPE, APPLICATION_JSON)
             .expect_throw("failed to set header");
 
+        /*
         if let Some(bearer_token) = get_bearer_token() {
             request
                 .headers()
                 .set("authorization", &bearer_token)
                 .expect_throw("failed to set authorisation header");
         }
+        */
 
         let window = utils::window();
         let resp_value = JsFuture::from(window.fetch_with_request(&request)).await?;

server/web_ui/pkg/kanidmd_web_ui_admin.js

@@ -232,19 +232,19 @@ function addBorrowedObject(obj) {
 }
 function __wbg_adapter_38(arg0, arg1, arg2) {
     try {
-        wasm._dyn_core__ops__function__FnMut___A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h669f989b94be751f(arg0, arg1, addBorrowedObject(arg2));
+        wasm._dyn_core__ops__function__FnMut___A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h5869fca7f8c0640c(arg0, arg1, addBorrowedObject(arg2));
     } finally {
         heap[stack_pointer++] = undefined;
     }
 }
 
 function __wbg_adapter_41(arg0, arg1, arg2) {
-    wasm._dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__hec179d3e9a07fffa(arg0, arg1, addHeapObject(arg2));
+    wasm._dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h1aa6653248d58742(arg0, arg1, addHeapObject(arg2));
 }
 
 function __wbg_adapter_44(arg0, arg1, arg2) {
     try {
-        wasm._dyn_core__ops__function__FnMut___A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__heeb70e791d5cf4d1(arg0, arg1, addBorrowedObject(arg2));
+        wasm._dyn_core__ops__function__FnMut___A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__haed7e087111b3b75(arg0, arg1, addBorrowedObject(arg2));
     } finally {
         heap[stack_pointer++] = undefined;
     }
@@ -529,10 +529,6 @@ function __wbg_get_imports() {
         const ret = getObject(arg0).localStorage;
         return isLikeNone(ret) ? 0 : addHeapObject(ret);
     }, arguments) };
-    imports.wbg.__wbg_sessionStorage_0a3bf8c7b2253d1a = function() { return handleError(function (arg0) {
-        const ret = getObject(arg0).sessionStorage;
-        return isLikeNone(ret) ? 0 : addHeapObject(ret);
-    }, arguments) };
     imports.wbg.__wbg_fetch_c4b6afebdb1f918e = function(arg0, arg1) {
         const ret = getObject(arg0).fetch(getObject(arg1));
         return addHeapObject(ret);
@@ -595,19 +591,9 @@ function __wbg_get_imports() {
     imports.wbg.__wbg_setvalue_78cb4f1fef58ae98 = function(arg0, arg1, arg2) {
         getObject(arg0).value = getStringFromWasm0(arg1, arg2);
     };
-    imports.wbg.__wbg_getItem_164e8e5265095b87 = function() { return handleError(function (arg0, arg1, arg2, arg3) {
-        const ret = getObject(arg1).getItem(getStringFromWasm0(arg2, arg3));
-        var ptr1 = isLikeNone(ret) ? 0 : passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
-        var len1 = WASM_VECTOR_LEN;
-        getInt32Memory0()[arg0 / 4 + 1] = len1;
-        getInt32Memory0()[arg0 / 4 + 0] = ptr1;
-    }, arguments) };
     imports.wbg.__wbg_removeItem_c0321116dc514363 = function() { return handleError(function (arg0, arg1, arg2) {
         getObject(arg0).removeItem(getStringFromWasm0(arg1, arg2));
     }, arguments) };
-    imports.wbg.__wbg_setItem_ba2bb41d73dac079 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) {
-        getObject(arg0).setItem(getStringFromWasm0(arg1, arg2), getStringFromWasm0(arg3, arg4));
-    }, arguments) };
     imports.wbg.__wbg_value_d7f5bfbd9302c14b = function(arg0, arg1) {
         const ret = getObject(arg1).value;
         const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
@@ -700,13 +686,6 @@ function __wbg_get_imports() {
         getInt32Memory0()[arg0 / 4 + 1] = len1;
         getInt32Memory0()[arg0 / 4 + 0] = ptr1;
     }, arguments) };
-    imports.wbg.__wbg_href_2edbae9e92cdfeff = function(arg0, arg1) {
-        const ret = getObject(arg1).href;
-        const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
-        const len1 = WASM_VECTOR_LEN;
-        getInt32Memory0()[arg0 / 4 + 1] = len1;
-        getInt32Memory0()[arg0 / 4 + 0] = ptr1;
-    };
     imports.wbg.__wbg_parentNode_6be3abff20e1a5fb = function(arg0) {
         const ret = getObject(arg0).parentNode;
         return isLikeNone(ret) ? 0 : addHeapObject(ret);
@@ -776,6 +755,13 @@ function __wbg_get_imports() {
     imports.wbg.__wbg_pushState_b8e8d346f8bb33fd = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4, arg5) {
         getObject(arg0).pushState(getObject(arg1), getStringFromWasm0(arg2, arg3), arg4 === 0 ? undefined : getStringFromWasm0(arg4, arg5));
     }, arguments) };
+    imports.wbg.__wbg_href_2edbae9e92cdfeff = function(arg0, arg1) {
+        const ret = getObject(arg1).href;
+        const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+        const len1 = WASM_VECTOR_LEN;
+        getInt32Memory0()[arg0 / 4 + 1] = len1;
+        getInt32Memory0()[arg0 / 4 + 0] = ptr1;
+    };
     imports.wbg.__wbg_headers_abb199c3be8d817c = function(arg0) {
         const ret = getObject(arg0).headers;
         return addHeapObject(ret);
@@ -906,28 +892,6 @@ function __wbg_get_imports() {
         const ret = result;
         return ret;
     };
-    imports.wbg.__wbg_instanceof_Error_e20bb56fd5591a93 = function(arg0) {
-        let result;
-        try {
-            result = getObject(arg0) instanceof Error;
-        } catch (_) {
-            result = false;
-        }
-        const ret = result;
-        return ret;
-    };
-    imports.wbg.__wbg_message_5bf28016c2b49cfb = function(arg0) {
-        const ret = getObject(arg0).message;
-        return addHeapObject(ret);
-    };
-    imports.wbg.__wbg_name_e7429f0dda6079e2 = function(arg0) {
-        const ret = getObject(arg0).name;
-        return addHeapObject(ret);
-    };
-    imports.wbg.__wbg_toString_ffe4c9ea3b3532e9 = function(arg0) {
-        const ret = getObject(arg0).toString();
-        return addHeapObject(ret);
-    };
     imports.wbg.__wbg_isSafeInteger_f7b04ef02296c4d2 = function(arg0) {
         const ret = Number.isSafeInteger(getObject(arg0));
         return ret;
@@ -999,16 +963,16 @@ function __wbg_get_imports() {
         const ret = wasm.memory;
         return addHeapObject(ret);
     };
-    imports.wbg.__wbindgen_closure_wrapper1297 = function(arg0, arg1, arg2) {
+    imports.wbg.__wbindgen_closure_wrapper1260 = function(arg0, arg1, arg2) {
-        const ret = makeMutClosure(arg0, arg1, 592, __wbg_adapter_38);
+        const ret = makeMutClosure(arg0, arg1, 582, __wbg_adapter_38);
         return addHeapObject(ret);
     };
-    imports.wbg.__wbindgen_closure_wrapper1408 = function(arg0, arg1, arg2) {
+    imports.wbg.__wbindgen_closure_wrapper1368 = function(arg0, arg1, arg2) {
-        const ret = makeMutClosure(arg0, arg1, 639, __wbg_adapter_41);
+        const ret = makeMutClosure(arg0, arg1, 630, __wbg_adapter_41);
         return addHeapObject(ret);
     };
-    imports.wbg.__wbindgen_closure_wrapper1439 = function(arg0, arg1, arg2) {
+    imports.wbg.__wbindgen_closure_wrapper1399 = function(arg0, arg1, arg2) {
-        const ret = makeMutClosure(arg0, arg1, 656, __wbg_adapter_44);
+        const ret = makeMutClosure(arg0, arg1, 647, __wbg_adapter_44);
         return addHeapObject(ret);
     };
 

server/web_ui/pkg/kanidmd_web_ui_login_flows.js

@@ -239,19 +239,19 @@ function addBorrowedObject(obj) {
 }
 function __wbg_adapter_48(arg0, arg1, arg2) {
     try {
-        wasm._dyn_core__ops__function__FnMut___A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__hc006ce98f00d83e0(arg0, arg1, addBorrowedObject(arg2));
+        wasm._dyn_core__ops__function__FnMut___A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__hde2cadb5f0b706d2(arg0, arg1, addBorrowedObject(arg2));
     } finally {
         heap[stack_pointer++] = undefined;
     }
 }
 
 function __wbg_adapter_51(arg0, arg1, arg2) {
-    wasm._dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__hec179d3e9a07fffa(arg0, arg1, addHeapObject(arg2));
+    wasm._dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h1aa6653248d58742(arg0, arg1, addHeapObject(arg2));
 }
 
 function __wbg_adapter_54(arg0, arg1, arg2) {
     try {
-        wasm._dyn_core__ops__function__FnMut___A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h8e5f8844707a2983(arg0, arg1, addBorrowedObject(arg2));
+        wasm._dyn_core__ops__function__FnMut___A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h1adeb92879459ba7(arg0, arg1, addBorrowedObject(arg2));
     } finally {
         heap[stack_pointer++] = undefined;
     }
@@ -630,12 +630,6 @@ function __wbg_get_imports() {
     imports.wbg.__wbg_focus_39d4b8ba8ff9df14 = function() { return handleError(function (arg0) {
         getObject(arg0).focus();
     }, arguments) };
-    imports.wbg.__wbg_add_dcb05a8ba423bdac = function() { return handleError(function (arg0, arg1, arg2) {
-        getObject(arg0).add(getStringFromWasm0(arg1, arg2));
-    }, arguments) };
-    imports.wbg.__wbg_remove_698118fb25ab8150 = function() { return handleError(function (arg0, arg1, arg2) {
-        getObject(arg0).remove(getStringFromWasm0(arg1, arg2));
-    }, arguments) };
     imports.wbg.__wbg_href_2edbae9e92cdfeff = function(arg0, arg1) {
         const ret = getObject(arg1).href;
         const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
@@ -643,6 +637,12 @@ function __wbg_get_imports() {
         getInt32Memory0()[arg0 / 4 + 1] = len1;
         getInt32Memory0()[arg0 / 4 + 0] = ptr1;
     };
+    imports.wbg.__wbg_add_dcb05a8ba423bdac = function() { return handleError(function (arg0, arg1, arg2) {
+        getObject(arg0).add(getStringFromWasm0(arg1, arg2));
+    }, arguments) };
+    imports.wbg.__wbg_remove_698118fb25ab8150 = function() { return handleError(function (arg0, arg1, arg2) {
+        getObject(arg0).remove(getStringFromWasm0(arg1, arg2));
+    }, arguments) };
     imports.wbg.__wbg_href_706b235ecfe6848c = function() { return handleError(function (arg0, arg1) {
         const ret = getObject(arg1).href;
         const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
@@ -1101,16 +1101,16 @@ function __wbg_get_imports() {
         const ret = wasm.memory;
         return addHeapObject(ret);
     };
-    imports.wbg.__wbindgen_closure_wrapper1418 = function(arg0, arg1, arg2) {
+    imports.wbg.__wbindgen_closure_wrapper1415 = function(arg0, arg1, arg2) {
-        const ret = makeMutClosure(arg0, arg1, 537, __wbg_adapter_48);
+        const ret = makeMutClosure(arg0, arg1, 538, __wbg_adapter_48);
         return addHeapObject(ret);
     };
-    imports.wbg.__wbindgen_closure_wrapper1729 = function(arg0, arg1, arg2) {
+    imports.wbg.__wbindgen_closure_wrapper1726 = function(arg0, arg1, arg2) {
-        const ret = makeMutClosure(arg0, arg1, 626, __wbg_adapter_51);
+        const ret = makeMutClosure(arg0, arg1, 627, __wbg_adapter_51);
         return addHeapObject(ret);
     };
-    imports.wbg.__wbindgen_closure_wrapper1760 = function(arg0, arg1, arg2) {
+    imports.wbg.__wbindgen_closure_wrapper1757 = function(arg0, arg1, arg2) {
-        const ret = makeMutClosure(arg0, arg1, 643, __wbg_adapter_54);
+        const ret = makeMutClosure(arg0, arg1, 644, __wbg_adapter_54);
         return addHeapObject(ret);
     };
 

server/web_ui/pkg/kanidmd_web_ui_user.js

@@ -232,7 +232,7 @@ function makeMutClosure(arg0, arg1, dtor, f) {
     return real;
 }
 function __wbg_adapter_48(arg0, arg1) {
-    wasm._dyn_core__ops__function__FnMut_____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__ha7a71f5685f97bb7(arg0, arg1);
+    wasm._dyn_core__ops__function__FnMut_____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h96f7c6547f3957ee(arg0, arg1);
 }
 
 let stack_pointer = 128;
@@ -244,19 +244,19 @@ function addBorrowedObject(obj) {
 }
 function __wbg_adapter_51(arg0, arg1, arg2) {
     try {
-        wasm._dyn_core__ops__function__FnMut___A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__hb09f5f6641eb5a79(arg0, arg1, addBorrowedObject(arg2));
+        wasm._dyn_core__ops__function__FnMut___A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__hb105de8e9efc9ac9(arg0, arg1, addBorrowedObject(arg2));
     } finally {
         heap[stack_pointer++] = undefined;
     }
 }
 
 function __wbg_adapter_54(arg0, arg1, arg2) {
-    wasm._dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__hec179d3e9a07fffa(arg0, arg1, addHeapObject(arg2));
+    wasm._dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h1aa6653248d58742(arg0, arg1, addHeapObject(arg2));
 }
 
 function __wbg_adapter_57(arg0, arg1, arg2) {
     try {
-        wasm._dyn_core__ops__function__FnMut___A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h7b56640cab7c6d87(arg0, arg1, addBorrowedObject(arg2));
+        wasm._dyn_core__ops__function__FnMut___A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__he6ae5361a1f44a8b(arg0, arg1, addBorrowedObject(arg2));
     } finally {
         heap[stack_pointer++] = undefined;
     }
@@ -658,6 +658,13 @@ function __wbg_get_imports() {
         const ret = getObject(arg0).get(getStringFromWasm0(arg1, arg2));
         return addHeapObject(ret);
     };
+    imports.wbg.__wbg_href_2edbae9e92cdfeff = function(arg0, arg1) {
+        const ret = getObject(arg1).href;
+        const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+        const len1 = WASM_VECTOR_LEN;
+        getInt32Memory0()[arg0 / 4 + 1] = len1;
+        getInt32Memory0()[arg0 / 4 + 0] = ptr1;
+    };
     imports.wbg.__wbg_addEventListener_4283b15b4f039eb5 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) {
         getObject(arg0).addEventListener(getStringFromWasm0(arg1, arg2), getObject(arg3), getObject(arg4));
     }, arguments) };
@@ -670,13 +677,6 @@ function __wbg_get_imports() {
     imports.wbg.__wbg_remove_698118fb25ab8150 = function() { return handleError(function (arg0, arg1, arg2) {
         getObject(arg0).remove(getStringFromWasm0(arg1, arg2));
     }, arguments) };
-    imports.wbg.__wbg_href_2edbae9e92cdfeff = function(arg0, arg1) {
-        const ret = getObject(arg1).href;
-        const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
-        const len1 = WASM_VECTOR_LEN;
-        getInt32Memory0()[arg0 / 4 + 1] = len1;
-        getInt32Memory0()[arg0 / 4 + 0] = ptr1;
-    };
     imports.wbg.__wbg_href_706b235ecfe6848c = function() { return handleError(function (arg0, arg1) {
         const ret = getObject(arg1).href;
         const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
@@ -1149,18 +1149,18 @@ function __wbg_get_imports() {
         return addHeapObject(ret);
     };
     imports.wbg.__wbindgen_closure_wrapper1348 = function(arg0, arg1, arg2) {
-        const ret = makeMutClosure(arg0, arg1, 693, __wbg_adapter_48);
+        const ret = makeMutClosure(arg0, arg1, 692, __wbg_adapter_48);
         return addHeapObject(ret);
     };
-    imports.wbg.__wbindgen_closure_wrapper3881 = function(arg0, arg1, arg2) {
+    imports.wbg.__wbindgen_closure_wrapper3876 = function(arg0, arg1, arg2) {
         const ret = makeMutClosure(arg0, arg1, 1949, __wbg_adapter_51);
         return addHeapObject(ret);
     };
-    imports.wbg.__wbindgen_closure_wrapper3960 = function(arg0, arg1, arg2) {
+    imports.wbg.__wbindgen_closure_wrapper3955 = function(arg0, arg1, arg2) {
         const ret = makeMutClosure(arg0, arg1, 1975, __wbg_adapter_54);
         return addHeapObject(ret);
     };
-    imports.wbg.__wbindgen_closure_wrapper3991 = function(arg0, arg1, arg2) {
+    imports.wbg.__wbindgen_closure_wrapper3986 = function(arg0, arg1, arg2) {
         const ret = makeMutClosure(arg0, arg1, 1992, __wbg_adapter_57);
         return addHeapObject(ret);
     };

server/web_ui/shared/src/lib.rs

@@ -5,19 +5,18 @@ use error::FetchError;
 use gloo::console;
 
 use kanidm_proto::constants::uri::V1_AUTH_VALID;
+use kanidm_proto::constants::APPLICATION_JSON;
 use kanidm_proto::constants::KOPID;
-use kanidm_proto::constants::{APPLICATION_JSON, KSESSIONID};
-use models::{clear_bearer_token, get_bearer_token};
 use serde::{Deserialize, Serialize};
 use wasm_bindgen::prelude::*;
 use wasm_bindgen::JsValue;
 use wasm_bindgen_futures::JsFuture;
 use web_sys::{Headers, Request, RequestInit, RequestMode, Response};
 
-use gloo::storage::{SessionStorage as TemporaryStorage, Storage};
 use yew::{html, Html};
 
 use crate::constants::{CSS_ALERT_WARNING, IMG_LOGO_SQUARE};
+use crate::models::clear_bearer_token;
 
 pub mod constants;
 pub mod error;
@@ -27,23 +26,6 @@ pub mod models;
 pub mod ui;
 pub mod utils;
 
-const AUTH_SESSION_ID: &str = "auth_session_id";
-
-pub fn pop_auth_session_id() -> Option<String> {
-    let l: Result<String, _> = TemporaryStorage::get(AUTH_SESSION_ID);
-    #[cfg(debug_assertions)]
-    console::debug!(format!("auth_session_id -> {:?}", l).as_str());
-    TemporaryStorage::delete(AUTH_SESSION_ID);
-    l.ok()
-}
-
-pub fn push_auth_session_id(r: String) {
-    TemporaryStorage::set(AUTH_SESSION_ID, r).expect_throw(&format!(
-        "failed to set {} in temporary storage",
-        AUTH_SESSION_ID
-    ));
-}
-
 /// Build and send a request to the backend, with some standard headers and pull back
 /// (kopid, status, json, headers)
 pub async fn do_request<JV: AsRef<JsValue>>(
@@ -70,30 +52,12 @@ pub async fn do_request<JV: AsRef<JsValue>>(
         .set(CONTENT_TYPE, APPLICATION_JSON)
         .expect_throw("failed to set content-type header");
 
-    if let Some(sessionid) = pop_auth_session_id() {
-        request
-            .headers()
-            .set(KSESSIONID, &sessionid)
-            .expect_throw(&format!("failed to set {} header", KSESSIONID));
-    }
-
-    if let Some(bearer_token) = get_bearer_token() {
-        request
-            .headers()
-            .set("authorization", &bearer_token)
-            .expect_throw("failed to set authorization header");
-    }
-
     let window = utils::window();
     let resp_value = JsFuture::from(window.fetch_with_request(&request)).await?;
     let resp: Response = resp_value.dyn_into().expect_throw("Invalid response type");
     let status = resp.status();
     let headers: Headers = resp.headers();
 
-    if let Some(sessionid) = headers.get(KSESSIONID).ok().flatten() {
-        push_auth_session_id(sessionid);
-    }
-
     let kopid = headers.get(KOPID).ok().flatten();
 
     let body = match resp.json() {

server/web_ui/shared/src/models.rs

@@ -14,21 +14,6 @@ const LOGIN_REMEMBER_ME: &str = "login_remember_me";
 const RETURN_LOCATION: &str = "return_location";
 const OAUTH2_AUTHORIZATION_REQUEST: &str = "oauth2_authorisation_request";
 
-/// Store the bearer token `r` in local storage
-pub fn set_bearer_token(r: String) {
-    LocalStorage::set(BEARER_TOKEN, r).expect_throw(&format!("failed to set {}", BEARER_TOKEN));
-}
-
-pub fn get_bearer_token() -> Option<String> {
-    let l: Result<String, _> = LocalStorage::get(BEARER_TOKEN);
-    #[cfg(debug_assertions)]
-    console::debug!(&format!(
-        "login_hint::get_login_remember_me -> present={:?}",
-        l.is_ok()
-    ));
-    l.ok()
-}
-
 pub fn clear_bearer_token() {
     #[cfg(debug_assertions)]
     console::debug!("clearing the bearer token from local storage");

tools/orca/Cargo.toml

@@ -27,6 +27,7 @@ hashbrown = { workspace = true }
 kanidm_client = { workspace = true }
 kanidm_proto = { workspace = true }
 mathru = { workspace = true }
+mimalloc = { workspace = true }
 rand = { workspace = true }
 rand_chacha = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
@@ -37,9 +38,6 @@ tracing = { workspace = true }
 tracing-subscriber = { workspace = true }
 uuid = { workspace = true, features = ["serde", "v4" ] }
 
-[target.'cfg(not(target_family = "windows"))'.dependencies]
-tikv-jemallocator = { workspace = true }
-
 [build-dependencies]
 kanidm_build_profiles = { workspace = true }
 

tools/orca/src/main.rs

@@ -8,7 +8,7 @@
 
 #[cfg(not(target_family = "windows"))]
 #[global_allocator]
-static ALLOC: tikv_jemallocator::Jemalloc = tikv_jemallocator::Jemalloc;
+static GLOBAL: mimalloc::MiMalloc = mimalloc::MiMalloc;
 
 #[macro_use]
 extern crate tracing;

unix_integration/Cargo.toml

@@ -67,6 +67,7 @@ kanidm_proto = { workspace = true }
 kanidm-hsm-crypto = { workspace = true }
 kanidm_lib_crypto = { workspace = true }
 kanidm_lib_file_permissions = { workspace = true }
+mimalloc = { workspace = true }
 notify-debouncer-full = { workspace = true }
 rpassword = { workspace = true }
 rusqlite = { workspace = true }

unix_integration/src/daemon.rs

@@ -53,6 +53,9 @@ use kanidm_hsm_crypto::{soft::SoftTpm, AuthValue, BoxedDynTpm, Tpm};
 
 use notify_debouncer_full::{new_debouncer, notify::RecursiveMode, notify::Watcher};
 
+#[global_allocator]
+static ALLOC: mimalloc::MiMalloc = mimalloc::MiMalloc;
+
 //=== the codec
 
 type AsyncTaskRequest = (TaskRequest, oneshot::Sender<()>);