Skip to content

Add domain authentication configuration for Auvex#767

Closed
pablorod1 wants to merge 2 commits intoDomain-Connect:masterfrom
Auvex-Group:master
Closed

Add domain authentication configuration for Auvex#767
pablorod1 wants to merge 2 commits intoDomain-Connect:masterfrom
Auvex-Group:master

Conversation

@pablorod1
Copy link
Contributor

@pablorod1 pablorod1 commented Feb 11, 2026

Description

<-- short description of the template(s) and/or reason for update -->

Type of change

Please mark options that are relevant.

  • New template
  • Bug fix (non-breaking change which fixes an issue in the template)
  • New feature (non-breaking change which adds functionality to the template)
  • Breaking change (fix or feature that would cause existing template behavior to be not backward compatible)

How Has This Been Tested?

Please mark the following checks done

  • Schema validated using JSON Schema template.schema
  • Template functionality checked using Online Editor
  • Template is checked using template linter
  • Template file name follows the pattern <providerId>.<serviceId>.json
  • resource URL provided with logoUrl is actually served by a webserver

Checklist of common problems

Mark all the checkboxes after conducting the check. Comment on any point which is not fulfilled.

  • digital signatures are used and syncPubKeyDomain specified (yes, warnPhishing is an option, but some providers reject such templates by policy, so signing shall be a default)
  • syncRedirectDomain is specified when intended to use redirect_uri parameter in the synchronous flow
  • no TXT record with SPF content (i.e. "v=spf1 ...") instead of using SPFM record type on APEX
  • txtConflictMatchingMode is set on TXT records which shall be unique on a label (like DMARC)
  • variables are set to the smallest scope needed (i.e. limit possibility to be misused to set any arbitrary record and conflict with other template). Too broad scope example: @ TXT "%verification%". Better usage: @ TXT "foo-verification=%verification%".
  • no variables as a host name to apply template on subdomain instead of standard host parameter
  • no explicit usage of %host% variable in host attribute
  • essential setting is used on records, which the user shall be able to change or remove manually later without dropping the whole template (like DMARC)

Example variable values

<-- to make review process easier please provide the whole testData object from the Online Editor after testing and using "Add as test" button. Hint: test also with "host" variable set. -->

"testData": {
    "testingSet": {
      "variables": {
        "domain": "example.com",
        "host": "foo",
        "example": "bar"
      },
      "results": [
        {
          "type": "TXT",
          "name": "foo",
          "ttl": 86400,
          "data": "\"bar\""
        }
      ]
    }
  }

@github-actions
Copy link

github-actions bot commented Feb 11, 2026

Linter OK:

Linter result for auvex.es.domain-authentication.json

@kerolasa
Copy link
Collaborator

kerolasa commented Feb 12, 2026

There are 9 different groupId fields in the template. That feels a bit excessive, are you sure about this is a good design?

@pawel-kow pawel-kow added the PR description incomplete The PR description template was not filled in at all, altered or filled in improperly. label Feb 16, 2026
@pawel-kow
Copy link
Member

pawel-kow commented Feb 16, 2026

also, provide a valid test data set in the PR description

@Auvex-Group Auvex-Group closed this by deleting the head repository Feb 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

PR description incomplete The PR description template was not filled in at all, altered or filled in improperly.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@pablorod1 @kerolasa @pawel-kow @Auvex-Group