Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add JWT validation auth middleware #57

Merged
merged 9 commits into from
Jul 21, 2023
Merged

Add JWT validation auth middleware #57

merged 9 commits into from
Jul 21, 2023

Conversation

RichDom2185
Copy link
Member

Part of #16.

Adds a middleware that ensures all requests to protected routes must be authenticated (unless in development mode). Authentication is based on RS256 public key verification, with the JWKS source coming from the main backend (currently defined using an environment variable, to be refactored in a future PR).

Note that as our backend does not have the necessary DB schema/structure to support full user verification, as of now, the middleware only validates that the user has been authenticated with the main backend before granting requests (it has no notion of which user is currently accessing the service in order to support the features/roles defined in #15 and #18).

@RichDom2185 RichDom2185 self-assigned this Jul 21, 2023
RichDom2185
RichDom2185 commented Jul 21, 2023
View reviewed changes
Copy link
Member Author

@RichDom2185 RichDom2185 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are some areas for improvement such as the elimination of the global variables within the auth package, but this will be done in a future refactor PR instead.

@github-actions
Copy link

Coverage Status

coverage: 84.066%. remained the same when pulling e5cbf43 on jwt-auth-validation into 5fc47cc on main.

@RichDom2185
Copy link
Member Author

@YaleChen299 due to the way the service uses a singular JWKS source, at the moment. This service can only support a one-to-many relationship between the main backend and the stories backend.

However, this implementation should be flexible enough to support a many-to-many relationship to fully support multitenancy as defined in #15, via a relatively simple refactor to use maps instead of strings pointing to multiple JWKS sources.

@RichDom2185 RichDom2185 enabled auto-merge (squash) July 21, 2023 14:12
@RichDom2185 RichDom2185 merged commit aac89e9 into main Jul 21, 2023
2 checks passed
@RichDom2185 RichDom2185 deleted the jwt-auth-validation branch July 21, 2023 14:28
@RichDom2185 RichDom2185 mentioned this pull request Jul 22, 2023
Merged
@YaleChen299
Copy link
Contributor

@YaleChen299 due to the way the service uses a singular JWKS source, at the moment. This service can only support a one-to-many relationship between the main backend and the stories backend.

However, this implementation should be flexible enough to support a many-to-many relationship to fully support multitenancy as defined in #15, via a relatively simple refactor to use maps instead of strings pointing to multiple JWKS sources.

This is to say to allow tokens issued by other trusted backends as well right? In this case, do we need add the respected source manually?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gracelimshiern gracelimshiern gracelimshiern approved these changes

@YaleChen299 YaleChen299 Awaiting requested review from YaleChen299

@ngruiyanrena ngruiyanrena Awaiting requested review from ngruiyanrena

Assignees

@RichDom2185 RichDom2185

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@RichDom2185 @YaleChen299 @gracelimshiern