Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add key-related APIs in the security-proxy-auth service to enable support for external JWT verification #5038

Closed
lindseysimple opened this issue Dec 26, 2024 · 0 comments · Fixed by #5039
Closed

Add key-related APIs in the security-proxy-auth service to enable support for external JWT verification #5038

lindseysimple opened this issue Dec 26, 2024 · 0 comments · Fixed by #5039
Assignees
@lindseysimple
Labels
enhancement New feature or request

Comments

@lindseysimple
Copy link
Contributor

🚀 Feature Request

Relevant Package [REQUIRED]

This feature request is for EdgeX services use the AuthenticationHandlerFunc middleware provided by go-mod-bootstrap module.

Description [REQUIRED]

Relates to edgexfoundry/go-mod-bootstrap#810.

Currently the /auth API invokes the SecretStoreAuthenticationHandlerFunc middleware from go-mod-bootstrap under the hook which only supports the JWT verification from the secret provider (OpenBAO) while using the API gateway.

edgex-go/internal/security/proxyauth/init.go

Lines 54 to 60 in 0ef5369

authenticationHook := handlers.SecretStoreAuthenticationHandlerFunc(secretProvider, lc)
// Common
_ = controller.NewCommonController(dic, b.router, b.serviceName, edgex.Version)
// Run authentication hook for a nil route
b.router.GET("/auth", emptyHandler, authenticationHook)

The need arises to authenticate users using JWTs issued by an external JWT provider when accessing EdgeX services via the API gateway.

Describe the solution you'd like

Add the POST key and GET verification key APIs in security-proxy-auth service to support the verification of JWT issued from external JWT provider.

  • The POST key API is used for users to upload the public key for verifying the JWT issued by the external issuers.
  • The GET verification key API is utilized by the AuthenticationHandlerFunc in the go-mod-bootstrap module to verify JWTs issued by external issuers for each EdgeX service that integrates with the go-mod-bootstrap module.
@lindseysimple lindseysimple added the enhancement New feature or request label Dec 26, 2024
@lindseysimple lindseysimple self-assigned this Dec 26, 2024
@github-project-automation github-project-automation bot moved this to New Issues in Technical WG Dec 26, 2024
@lindseysimple lindseysimple moved this from New Issues to In Progress in Technical WG Dec 26, 2024
lindseysimple added a commit to lindseysimple/edgex-go that referenced this issue Dec 27, 2024
@lindseysimple
feat: Add key-related APIs in security-proxy-auth
b41f93f 
Resolves edgexfoundry#5038. Add key-related APIs in security-proxy-auth to enable support for external JWT verification.

Signed-off-by: Lindsey Cheng <[email protected]>
@lindseysimple lindseysimple mentioned this issue Dec 27, 2024
Merged
5 tasks
lindseysimple added a commit to lindseysimple/edgex-go that referenced this issue Dec 30, 2024
@lindseysimple
fix: Add unit tests for new security-proxy-auth funcs
41c46f3 
Relates to edgexfoundry#5038. Add unit tests for new security-proxy-auth funcs on the controller and app layers.

Signed-off-by: Lindsey Cheng <[email protected]>
lindseysimple added a commit to lindseysimple/edgex-go that referenced this issue Dec 30, 2024
@lindseysimple
feat: Add unit tests for new security-proxy-auth funcs
6eb01cb 
Relates to edgexfoundry#5038. Add unit tests for new security-proxy-auth funcs on the controller and app layers.

Signed-off-by: Lindsey Cheng <[email protected]>
lindseysimple added a commit to lindseysimple/edgex-go that referenced this issue Dec 30, 2024
@lindseysimple
feat: Add unit tests for new functions
48ba4ff 
Relates to edgexfoundry#5038. Add unit tests on the controller and app layers.

Signed-off-by: Lindsey Cheng <[email protected]>
lindseysimple added a commit to lindseysimple/edgex-go that referenced this issue Jan 7, 2025
@lindseysimple
feat: Add key-related APIs in security-proxy-auth
470e743 
Resolves edgexfoundry#5038. Add key-related APIs in security-proxy-auth to enable support for external JWT verification.

Signed-off-by: Lindsey Cheng <[email protected]>
@github-project-automation github-project-automation bot moved this from In Progress to Odessa Done in Technical WG Jan 8, 2025
lindseysimple added a commit to lindseysimple/edgex-go that referenced this issue Jan 10, 2025
@lindseysimple
fix: Upgrade go-mod-bootstrap version
74fc147 
Relates to edgexfoundry#5038. Update go-mod-bootstrap version and proxy-auth dockerfile.

Signed-off-by: Lindsey Cheng <[email protected]>
@lindseysimple lindseysimple mentioned this issue Jan 10, 2025
Merged
5 tasks
lindseysimple added a commit to lindseysimple/edgex-go that referenced this issue Jan 10, 2025
@lindseysimple
fix: Add the /key path to API gateaway
2a92b0a 
Relates to edgexfoundry#5038. Add the POST /key path to API gateaway from security-proxy-auth.

Signed-off-by: Lindsey Cheng <[email protected]>
This was referenced Jan 10, 2025
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lindseysimple lindseysimple

Labels
enhancement New feature or request
Projects
Technical WG
Status: Odessa Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: Add key-related APIs in security-proxy-auth lindseysimple/edgex-go
1 participant
@lindseysimple