You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We need to provide an API endpoint that ingests an API key and process a Bearer JWT for short-lived use with the API (to avoid the sensitive key being used in all areas and to allow potential scoped tokens and/or client-given tokens).
Requirements & Criteria
All logic is written within the auth service
JWT is generated with the appropriate info when sending a POST request to /api/auth/authorize
The Request Body is validated to follow these guidelines:
EMPTY
Request contains an X-Api-Key header with the API key
If the API key is found to be a valid entry, return a JWT that contains with the following information in its body:
Project ID (name)
Valid Scopes (unused at the moment)
Hash of Requesting API Key
The created JWT should be short lived (<24 hour duration)
The response body returns the JWT if successful and an error message if not
Testing
Please ensure there are tests written for the following cases (at a minimum):
New JWT Generation with correct parameters (just the API Key)
New JWT Generation with a missing API Key
New JWT Generation with a bad API Key
The text was updated successfully, but these errors were encountered:
tmthecoder
changed the title
Create JWT Validation Flow & Middleware in Auth Service
Create JWT Validation Flow
Oct 17, 2023
tmthecoder
changed the title
Create JWT Validation Flow
Create JWT Generation Flow
Oct 17, 2023
Create JWT Generation Flow
Context
We need to provide an API endpoint that ingests an API key and process a Bearer JWT for short-lived use with the API (to avoid the sensitive key being used in all areas and to allow potential scoped tokens and/or client-given tokens).
Requirements & Criteria
POST
request to/api/auth/authorize
X-Api-Key
header with the API keyTesting
The text was updated successfully, but these errors were encountered: