Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create JWT Validation Flow #5

Open
10 of 14 tasks
tmthecoder opened this issue Oct 17, 2023 · 0 comments
Open
10 of 14 tasks

Create JWT Validation Flow #5

tmthecoder opened this issue Oct 17, 2023 · 0 comments
Assignees
@SamratSahoo

Comments

@tmthecoder
Copy link
Contributor

tmthecoder commented Oct 17, 2023
edited by SamratSahoo

Create JWT Validation Flow

Context

We need to provide an API endpoint that ingests a JWT and returns whether it is valid or not

Requirements & Criteria

  • All logic is written within the auth service
  • This is NOT an exposed endpoint (only in use from other local services, not as an API endpoint)
  • The Request Body is validated to follow these guidelines:
    • EMPTY
  • Request contains an Authorization header with Bearer [JWT] as the value
  • Return a 200 response if valid
  • Return a 401 response if invalid
  • Validation Criteria:
    • JWT is valid
    • API Key hash is found in list of API Keys (in case the key was revoked while this token was still active)

Testing

  • Please ensure there are tests written for the following cases (at a minimum):
    • JWT Validation with an empty payload
    • JWT Validation with a JWT whose issuing API key has been revoked
    • JWT Validation with an invalid JWT (either with an invalid payload + invalid signature)
    • JWT Validation with a valid token
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SamratSahoo SamratSahoo

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@SamratSahoo @tmthecoder