Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature / Move gateway authentication to a separate service #477

Merged
merged 137 commits into from
Dec 8, 2024
Merged

Feature / Move gateway authentication to a separate service #477

merged 137 commits into from
Dec 8, 2024

Conversation

martin-traverse
Copy link
Collaborator

  • Added trac-auth service with responsibility to issue and refresh TRAC auth tokens
  • Gateway auth handler performs validation only, browsers are redirected to trac-auth for login
  • Gateway issues token refresh requests in parallel and combines auth headers, so refresh happens silently for clients
  • Authentication and login providers are plugins and can be replaced / customized
  • Improved automatic routing setup based on platform config services section (custom routes are still possible)
  • Token validation and management in back end services is not affected

@martin-traverse
Add a new auth service to Gradle build files
ef6c1a4
@martin-traverse
Rename GrpcAuthValidator
aa7efc8
@martin-traverse
Add thread local logging helper
0f14633
@martin-traverse
Rename GrpcAuthHelpers
3ac0b5d
@martin-traverse
Provide a general HTTP/1 auth validator as part of the common auth (i…
fdcef9f 
…nternal) package
@martin-traverse
Include HTTP codecs (1 & 2) in the common lib package
18bc2f6
@martin-traverse
Use the new auth validator as the auth handler in the gateway. Login …
395ede4 
…processing is removed from the gateway and will now be handled by the auth service.
@martin-traverse
Remove gateway dependency on -lib-auth. Gateway is just using interna…
17993ed 
…l auth validation, the same as a regular service.
@martin-traverse
Disable auth for protocol negotiation test
2fc212d
@martin-traverse
Explicit protocol version check in protocol negotiation test
059f770
@martin-traverse
Allow for Web Sockets in the HTTP/1 auth validator
e5619e5
@martin-traverse
Disable auth in the HTTP/1 proxy test
be2ad33
@martin-traverse
Do not prepare auth in platform tests if auth is disabled
e2aa7f9
@martin-traverse
Disable auth in unit tests where it is not needed
8fbd187
@martin-traverse
Clean up some code warnings
290861b
@martin-traverse
Disable auth for web API testing workflow
0071992
@martin-traverse
Move HTTP test helpers into common test library
a429a56
@martin-traverse
Stub class for the authentication service
aedd7d2
@martin-traverse
Add auth service to the platform test framework
9f0aaab
@martin-traverse
Start skeleton auth service in a test case
573e01a
@martin-traverse
Stub test cases for guest login
e1d3d17
@martin-traverse
Factor protocol negotiator into a common base class and move to commo…
257147f 
…n lib
@martin-traverse
Move protocol negotiator test to common lib
b5ecafc
@martin-traverse
Make the gateway use the new common protocol negotiator
89cb2dc
@martin-traverse
Move web server onto the common protocol negotiator
61a201e
@martin-traverse
Fix setup of HTTP codec for different scenarios in the protocol negot…
007bac9 
…iator
@martin-traverse
Let the auth service start up and install the auth router
959c329
@martin-traverse
Rename TRAC auth providers package
388c243
@martin-traverse
Move user DB into impl package for TRAC auth
e8daf08
@martin-traverse
Rename login provider interface
fffd121
@martin-traverse
Implemented token refresh in GW HTTP/1 auth handler
a37352e
@martin-traverse
Close connections in the GW auth handler if authentication fails
8a09592
@martin-traverse
Logging and idle handling improvements for the gateway
5baf5d9
@martin-traverse
Update log messages for token refresh
f95c001
@martin-traverse
Remove unused code
57c55c1
@martin-traverse
Update expiry header name
9310c0b
@martin-traverse
Rename common auth package, to reflect namespace change in -lib-auth
610345e
@martin-traverse
More intelligent setup of the gw routing for services
1326638
@martin-traverse
Use auth service info to set up login redirect path in auth handler s…
be4bd66 
…ettings
@martin-traverse
Fix tests for login expiry token
f2b280a
@martin-traverse
Use some different ports for end-to-end tests
83e8f28
@martin-traverse
Use service enabled flag to enable / disable the web server
573dce4
@martin-traverse
Update dev local config for web server enabled change
a73c1e6
@martin-traverse
Use some different ports for testing
a188ef8
@martin-traverse
Update dev local and platform template config files
1e8f9cc
@martin-traverse
Fix rewrites of the platform config file for web API test in CI
b5d6fdd
@martin-traverse
Use the same ports as dev-local in template platform config
ca950d3
@martin-traverse
Fix rewrites of the platform config file for web API test in CI
d6f1e3f
@martin-traverse
Config updates
7a5542d
@martin-traverse
Web socket fixes
03a9533
@martin-traverse
Fix header prefix for header translation in websockets router
dcc5d7f
@martin-traverse
Fix log noise for web sockets in the Gateway
c1086bc
@martin-traverse
Add log for web sockets translation
0aae134
@martin-traverse
Logger types for core router
b500026
@martin-traverse
Fix lib auth tests
b66e622
@martin-traverse
Fix lib common tests
17c26f1
@martin-traverse
Simpler log setup in core router baser class
a926993
@martin-traverse martin-traverse force-pushed the feature/separate_auth_service branch from 3b35dd6 to a926993 Compare December 8, 2024 23:32
@martin-traverse martin-traverse merged commit f52ca0b into finos:main Dec 8, 2024
41 checks passed
@martin-traverse martin-traverse deleted the feature/separate_auth_service branch December 8, 2024 23:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@martin-traverse