Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add key-related APIs in the security-proxy-auth service to enable support for external JWT verification #5038

Open
lindseysimple opened this issue Dec 26, 2024 · 0 comments · May be fixed by #5039
Assignees
Labels
enhancement New feature or request

Comments

@lindseysimple
Copy link
Contributor

🚀 Feature Request

Relevant Package [REQUIRED]

This feature request is for EdgeX services use the AuthenticationHandlerFunc middleware provided by go-mod-bootstrap module.

Description [REQUIRED]

Relates to edgexfoundry/go-mod-bootstrap#810.

Currently the /auth API invokes the SecretStoreAuthenticationHandlerFunc middleware from go-mod-bootstrap under the hook which only supports the JWT verification from the secret provider (OpenBAO) while using the API gateway.

authenticationHook := handlers.SecretStoreAuthenticationHandlerFunc(secretProvider, lc)
// Common
_ = controller.NewCommonController(dic, b.router, b.serviceName, edgex.Version)
// Run authentication hook for a nil route
b.router.GET("/auth", emptyHandler, authenticationHook)

The need arises to authenticate users using JWTs issued by an external JWT provider when accessing EdgeX services via the API gateway.

Describe the solution you'd like

Add the POST key and GET verification key APIs in security-proxy-auth service to support the verification of JWT issued from external JWT provider.

  • The POST key API is used for users to upload the public key for verifying the JWT issued by the external issuers.
  • The GET verification key API is utilized by the AuthenticationHandlerFunc in the go-mod-bootstrap module to verify JWTs issued by external issuers for each EdgeX service that integrates with the go-mod-bootstrap module.
@lindseysimple lindseysimple added the enhancement New feature or request label Dec 26, 2024
@lindseysimple lindseysimple self-assigned this Dec 26, 2024
@github-project-automation github-project-automation bot moved this to New Issues in Technical WG Dec 26, 2024
@lindseysimple lindseysimple moved this from New Issues to In Progress in Technical WG Dec 26, 2024
lindseysimple added a commit to lindseysimple/edgex-go that referenced this issue Dec 27, 2024
Resolves edgexfoundry#5038. Add key-related APIs in security-proxy-auth to enable support for external JWT verification.

Signed-off-by: Lindsey Cheng <[email protected]>
@lindseysimple lindseysimple linked a pull request Dec 27, 2024 that will close this issue
5 tasks
lindseysimple added a commit to lindseysimple/edgex-go that referenced this issue Dec 30, 2024
Relates to edgexfoundry#5038. Add unit tests for new security-proxy-auth funcs on the controller and app layers.

Signed-off-by: Lindsey Cheng <[email protected]>
lindseysimple added a commit to lindseysimple/edgex-go that referenced this issue Dec 30, 2024
Relates to edgexfoundry#5038. Add unit tests for new security-proxy-auth funcs on the controller and app layers.

Signed-off-by: Lindsey Cheng <[email protected]>
lindseysimple added a commit to lindseysimple/edgex-go that referenced this issue Dec 30, 2024
Relates to edgexfoundry#5038. Add unit tests on the controller and app layers.

Signed-off-by: Lindsey Cheng <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
Status: In Progress
Development

Successfully merging a pull request may close this issue.

1 participant