Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ability for BSS to perform client credentials grant for access token #23

Merged
merged 33 commits into from
Mar 8, 2024
Merged

Add ability for BSS to perform client credentials grant for access token #23

merged 33 commits into from
Mar 8, 2024

Conversation

davidallendj
Copy link
Contributor

This PR gives BSS the ability to create an OAuth client, register it with an authorization server (presumably Ory Hydra currently), and fetch a token using client credentials received from registration (i.e. client credentials grant). This PR is necessary for BSS to make requests to other microservices, such as SMD, for public endpoints that do not require the user to submit an access token, such as /boot/v1/bootscript, which would cause the request to fail.

@davidallendj davidallendj added enhancement New feature or request not ready Not ready to merge needs testing labels Feb 28, 2024
@davidallendj davidallendj self-assigned this Feb 28, 2024
This was referenced Feb 28, 2024
Closed
Closed
@davidallendj
Copy link
Contributor Author

@synackd Can you test this with the deployment recipes and see if it prints an access token?

synackd
synackd requested changes Feb 28, 2024
View reviewed changes
cmd/boot-script-service/main.go Outdated Show resolved Hide resolved
@davidallendj davidallendj removed the not ready Not ready to merge label Feb 29, 2024
@davidallendj davidallendj changed the title [DRAFT] Add ability for BSS to perform client credentials grant for access token Add ability for BSS to perform client credentials grant for access token Feb 29, 2024
synackd and others added 15 commits February 29, 2024 14:07
@synackd
Add --oauth2-base-url and BSS_OAUTH2_BASE_URL
b3a95cf
@synackd
Dockerfile: Document BSS_JWKS_URL and BSS_OAUTH2_BASE_URL
de9cc92
@davidallendj
Merge pull request #1 from synackd/bss-auth-flag-and-env-vars
c1ec85f 
Add flag and environment variable for OAUTH2 server
@synackd
Move client credentials grant to requestClientCreds()
60e48c7
@synackd
OAuth -> OAuth2
b9a225b
@synackd
Differentiate admin vs. public OAuth2 base URL
96de4d3
@synackd
requestClientCreds(): Add log and debug messages
bb35458
@synackd
Add Triad license
ce3924a
@synackd
Move RequestClientCreds and accessToken to oauth.go
c2e022d
@synackd
oauth.go: Add JWT validation/polling functions
4414f04
@synackd
sm.go: Add JWT testing functionality (rm from main.go)
34de2a0
@synackd
Use http.MethodXXX instead of "XXX" string
404c805
@synackd
oauth.go: Add JWTTestAndRefresh()
8f80f0b
@synackd
sm.go: Remove JWT refresh code in favor of function
9484b95
@synackd
getStateFromHSM: Implement JWT authentication
b7bf17e
synackd and others added 14 commits March 4, 2024 08:53
@synackd
Try multiple times to test SMD auth enablement
542ebfa 
Sometimes the endpoint isn't ready right away, and testing at intervals
avoids BSS crashing because of it.
@synackd
RequestClientCreds(): fmt.Printf -> log.Printf
09a6e1c
@synackd
smClient: Change type from *http.Client to *OAuthClient
8225a2e
@synackd
TestSMAuthEnabled: Add log msg for success
f709047
@synackd
Attach JWT getting functions to OAuthClient, use with smClient
5665c90
@synackd
Add smClient nil checks in TestSM* functions
9df675a
@synackd
JWTIsValid(): Add debug statements for checking JWT validity date range
c27d985
@synackd
getStateFromHSM(): Fix wrong error variable (rerr/err)
d9b3d75
@synackd
getStateFromHSM(): Debug responses
5ed2c3d
@synackd
Remove printing of access token in logs
3e22839
@synackd
Correct BSS_OAUTH2_USER_BASE_URL IP comment in Dockerfile
9353c0c
@synackd
Update copyright year in oauth.go: 2023 -> 2024
9cd350a
@davidallendj
Merge pull request #2 from synackd/bss-auth-impl-token
8f40cfa 
Add JWT verification and use JWT with SMD
@synackd @davidallendj
Fix Errorf/Printf statements with missing args
b18d281
@davidallendj davidallendj merged commit d1474d6 into OpenCHAMI:main Mar 8, 2024
1 check passed
@davidallendj davidallendj deleted the bss-auth branch March 8, 2024 01:13
@davidallendj davidallendj mentioned this pull request Mar 13, 2024
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@synackd synackd synackd approved these changes

Assignees

@davidallendj davidallendj

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@davidallendj @synackd