[Extensions] Connect auth token generator to service accounts #2611
Closed
Assignees
Labels
enhancement
New feature or request
triaged
Issues labeled as 'Triaged' have been reviewed and are deemed actionable.
Comments
stephen-crawford
added
enhancement
47 tasks
stephen-crawford
added
triaged
|
[Triage] This is part of the Extensions project. |
|
[Update 4/11]: I am currently working on this here. I have everything but the actual storage of the tokens figured out. |
This was referenced Apr 13, 2023
3 tasks
|
Closing in favor of #3176 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
NOTE: #2567 must be merged before this is actionable.
In order to implement Service Accounts (#2597), we need the Security Plugin to be able to vend an authorization token back to core.
When core requests a Service Account for an extension (#2609), the response from the Security Plugin should include an authorization token associated with the Service Account. The authorization token can be made using the token generator introduced in #2567. This should provide the framework for creating a JWT that can be passed back to core and then later verified by the Security Plugin.
The authorization token should correspond to the Service Account associated with the extensionId that core provides. This PR should be straightforward to implement since the framework for generating a JWT is already introduced.
This issue will be complete when there is a PR that takes in an
extensionUniqueId, fetches the corresponding Service Account from the Internal Users Storage, and finally creates a JWT based on this information. The final PR should contain tests that show that a JWT is created from an arbitrary string (representing the ID) and that this token can later be verified.The text was updated successfully, but these errors were encountered: