Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create JWT Generation Flow #3

Open
10 of 14 tasks
tmthecoder opened this issue Oct 17, 2023 · 0 comments · May be fixed by #11
Open
10 of 14 tasks

Create JWT Generation Flow #3

tmthecoder opened this issue Oct 17, 2023 · 0 comments · May be fixed by #11
Assignees
@SamratSahoo

Comments

@tmthecoder
Copy link
Contributor

tmthecoder commented Oct 17, 2023
edited by SamratSahoo

Create JWT Generation Flow

Context

We need to provide an API endpoint that ingests an API key and process a Bearer JWT for short-lived use with the API (to avoid the sensitive key being used in all areas and to allow potential scoped tokens and/or client-given tokens).

Requirements & Criteria

  • All logic is written within the auth service
  • JWT is generated with the appropriate info when sending a POST request to /api/auth/authorize
  • The Request Body is validated to follow these guidelines:
    • EMPTY
  • Request contains an X-Api-Key header with the API key
  • If the API key is found to be a valid entry, return a JWT that contains with the following information in its body:
    • Project ID (name)
    • Valid Scopes (unused at the moment)
    • Hash of Requesting API Key
  • The created JWT should be short lived (<24 hour duration)
  • The response body returns the JWT if successful and an error message if not

Testing

  • Please ensure there are tests written for the following cases (at a minimum):
    • New JWT Generation with correct parameters (just the API Key)
    • New JWT Generation with a missing API Key
    • New JWT Generation with a bad API Key
@tmthecoder tmthecoder changed the title Create JWT Validation Flow & Middleware in Auth Service Create JWT Validation Flow Oct 17, 2023
@tmthecoder tmthecoder changed the title Create JWT Validation Flow Create JWT Generation Flow Oct 17, 2023
@SamratSahoo SamratSahoo self-assigned this Oct 23, 2023
@SamratSahoo SamratSahoo linked a pull request Oct 29, 2023 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SamratSahoo SamratSahoo

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Create JWT + Validate JWT Functionality GTBitsOfGood/juno
2 participants
@SamratSahoo @tmthecoder