Uploaded image for project: 'Identity Gateway'
  1. Identity Gateway
  2. OPENIG-4801

Expose a secret through a JwkSet

    XMLWordPrintable

Details

    • Story
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 7.0.0
    • 7.1.0
    • None
    • None
    • 2020.16 - IG / Microservices, 2020.17 - IG / Microservices, 2021.01 - IG / Microservices, IG 2020 Winter Hack Week
    • 5

    Description

      With the JwtBuilderFilter we can build some signed or encrypted JWT. So the consumers of these JWT will need to verify them and thus access the crypto stuff that IG used to verify or decrypt the produced JWT. Unfortunately there is no built-in feature in IG that allows to publish such info. 

      That would be very handy for a user to setup a Handler / Filter with the same configuration used in the JwtBuilderFilter (or having the JwtBuilderFilter catching a specific requested endpoint) to produce a JwkSet containing the crypto material that the JWT consumer will need to verify the JWT.

      Acceptance Criteria

      • Add a JwkSetHandler with an associated Heaplet
        • Keep in mind that it could be used in other places
      • Need a SecretProvider reference
      • Plus a list of Purpose
        • Need to include the secret type (SigningKey, DataEncryptionKey, ...)
      • Plain text only

      Example configuration (not mandatory, for the example purpose only):

      {
        purposes: [
          {
            secretId: "your.secret.id",
            type: "VERIFICATION_KEY" // would export the certificate, not the private key
          }
        ]
      }
      

      In subsequent stories:

      • Secrets filtering options need to be determined
        • -restrict to public info only (== no shared secrets, no private keys)- -> Not done in that issue.
        • -only valid ? only active ? only named ?- (Only Valid - see comment below)

      Attachments

        Issue Links

          Activity

            People

              violette Violette Roche Montane
              laurent.vaills Laurent Vaills
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: