Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Extensions] Connect auth token generator to service accounts #2611

Closed
Tracked by #2596 ...
stephen-crawford opened this issue Mar 30, 2023 · 3 comments
Closed
Tracked by #2596 ...
Assignees
Labels
enhancement New feature or request triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.

Comments

@stephen-crawford
Copy link
Contributor

stephen-crawford commented Mar 30, 2023

NOTE: #2567 must be merged before this is actionable.

In order to implement Service Accounts (#2597), we need the Security Plugin to be able to vend an authorization token back to core.

When core requests a Service Account for an extension (#2609), the response from the Security Plugin should include an authorization token associated with the Service Account. The authorization token can be made using the token generator introduced in #2567. This should provide the framework for creating a JWT that can be passed back to core and then later verified by the Security Plugin.

The authorization token should correspond to the Service Account associated with the extensionId that core provides. This PR should be straightforward to implement since the framework for generating a JWT is already introduced.

This issue will be complete when there is a PR that takes in an extensionUniqueId, fetches the corresponding Service Account from the Internal Users Storage, and finally creates a JWT based on this information. The final PR should contain tests that show that a JWT is created from an arbitrary string (representing the ID) and that this token can later be verified.

@stephen-crawford stephen-crawford added enhancement New feature or request untriaged Require the attention of the repository maintainers and may need to be prioritized labels Mar 30, 2023
@stephen-crawford stephen-crawford added triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable. and removed untriaged Require the attention of the repository maintainers and may need to be prioritized labels Apr 3, 2023
@stephen-crawford
Copy link
Contributor Author

[Triage] This is part of the Extensions project.

@stephen-crawford
Copy link
Contributor Author

stephen-crawford commented Apr 11, 2023

[Update 4/11]: I am currently working on this here. I have everything but the actual storage of the tokens figured out.

@davidlago
Copy link

Closing in favor of #3176

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.
Projects
Status: Done
Development

No branches or pull requests

2 participants