Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add key-related APIs in the security-proxy-auth service to enable support for external JWT verification #5038

Open
lindseysimple opened this issue Dec 26, 2024 · 0 comments · May be fixed by #5039
Open

Add key-related APIs in the security-proxy-auth service to enable support for external JWT verification #5038

lindseysimple opened this issue Dec 26, 2024 · 0 comments · May be fixed by #5039
Assignees
@lindseysimple
Labels
enhancement New feature or request

Comments

@lindseysimple
Copy link
Contributor

🚀 Feature Request

Relevant Package [REQUIRED]

This feature request is for EdgeX services use the AuthenticationHandlerFunc middleware provided by go-mod-bootstrap module.

Description [REQUIRED]

Relates to edgexfoundry/go-mod-bootstrap#810.

Currently the /auth API invokes the SecretStoreAuthenticationHandlerFunc middleware from go-mod-bootstrap under the hook which only supports the JWT verification from the secret provider (OpenBAO) while using the API gateway.

edgex-go/internal/security/proxyauth/init.go

Lines 54 to 60 in 0ef5369

authenticationHook := handlers.SecretStoreAuthenticationHandlerFunc(secretProvider, lc)
// Common
_ = controller.NewCommonController(dic, b.router, b.serviceName, edgex.Version)
// Run authentication hook for a nil route
b.router.GET("/auth", emptyHandler, authenticationHook)

The need arises to authenticate users using JWTs issued by an external JWT provider when accessing EdgeX services via the API gateway.

Describe the solution you'd like

Add the POST key and GET verification key APIs in security-proxy-auth service to support the verification of JWT issued from external JWT provider.

  • The POST key API is used for users to upload the public key for verifying the JWT issued by the external issuers.
  • The GET verification key API is utilized by the AuthenticationHandlerFunc in the go-mod-bootstrap module to verify JWTs issued by external issuers for each EdgeX service that integrates with the go-mod-bootstrap module.
@lindseysimple lindseysimple added the enhancement New feature or request label Dec 26, 2024
@lindseysimple lindseysimple self-assigned this Dec 26, 2024
@github-project-automation github-project-automation bot moved this to New Issues in Technical WG Dec 26, 2024
@lindseysimple lindseysimple moved this from New Issues to In Progress in Technical WG Dec 26, 2024
lindseysimple added a commit to lindseysimple/edgex-go that referenced this issue Dec 27, 2024
@lindseysimple
feat: Add key-related APIs in security-proxy-auth
b41f93f 
Resolves edgexfoundry#5038. Add key-related APIs in security-proxy-auth to enable support for external JWT verification.

Signed-off-by: Lindsey Cheng <beckysocute@gmail.com>
@lindseysimple lindseysimple linked a pull request Dec 27, 2024 that will close this issue
Draft
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lindseysimple lindseysimple

Labels
enhancement New feature or request
Projects
Technical WG
Status: In Progress
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: Add key-related APIs in security-proxy-auth lindseysimple/edgex-go
1 participant
@lindseysimple