Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement and document service-to-service authentication #889

Closed
1 of 2 tasks
Bento007 opened this issue Jan 22, 2018 · 6 comments
Closed
1 of 2 tasks

Implement and document service-to-service authentication #889

Bento007 opened this issue Jan 22, 2018 · 6 comments
Assignees
@kislyuk
Labels
Q2
Milestone
DSS Sprint 17

Comments

@Bento007
Copy link
Member

Bento007 commented Jan 22, 2018
edited by mweiden
Loading

Need (user-story)

As user of the Ingestion service
my requests should be authenticated against the DSS uploaders whitelist
so that I can be approved (or denied) to upload files.

Definition of done

Integrate with the following services

  • upload service
  • green box
@Bento007 Bento007 added the Q1 label Jan 22, 2018
@Bento007 Bento007 added this to the DSS Sprint 15 milestone Jan 22, 2018
@Bento007
Copy link
Member Author

Bento007 commented Feb 5, 2018

Design stage is mostly complete. Implementation stage will start soon.

@Bento007 Bento007 modified the milestones: DSS Sprint 15, DSS Sprint 16 Feb 6, 2018
@Bento007 Bento007 modified the milestones: DSS Sprint 16, Sprint 17 Feb 23, 2018
@kozbo kozbo added the HIGH High priority issue that should be finished before anything else. label Mar 19, 2018
@Bento007 Bento007 removed the HIGH High priority issue that should be finished before anything else. label Mar 19, 2018
@kozbo kozbo mentioned this issue Apr 13, 2018
Closed
@kozbo
Copy link
Contributor

kozbo commented Apr 17, 2018
edited
Loading

  • upload service
  • green box

@kozbo kozbo added Q2 and removed Q1 labels May 14, 2018
@kozbo
Copy link
Contributor

kozbo commented May 25, 2018

@kislyuk was there progress made on this ticket during the Boston developer F2F?

@mweiden mweiden mentioned this issue Jul 23, 2018
Closed
@Bento007
Copy link
Member Author

Bento007 commented Aug 6, 2018
edited
Loading

From David Bernick on slack/HumanCellAtlast/dcp-security

all “service to service” auth is going to use Google Service Account keys generating access_tokens and passing them to each other’s applications

@Bento007
Copy link
Member Author

Bento007 commented Aug 6, 2018
edited
Loading

  1. move white list into secrets store
  2. update blue box to use JWT for authentication.
  3. add support for jwt in connexion
    Connexion jwt support spec-first/connexion#607
  4. convert google auth token to JWT bearer token
    https://developers.google.com/identity/protocols/OAuth2ServiceAccount
  5. define service to service permissions/claims

@mweiden
Copy link
Contributor

mweiden commented Aug 6, 2018

I'm going to close this ticket. I've broken it down in to the tickets below.

@mweiden mweiden closed this as completed Aug 6, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kislyuk kislyuk

Labels
Q2
Projects
None yet
Milestone
DSS Sprint 17
Development

No branches or pull requests
4 participants
@mweiden @kislyuk @Bento007 @kozbo