JWT Api Key #2371
Merged
JWT Api Key #2371
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CDimonaco
added
enhancement
arbulu89
reviewed
Feb 29, 2024
There was a problem hiding this comment.
Super great work @CDimonaco
I dropped a lot of comments, but most of them are nitpic.
Let me know when the PR is finished so I can do a new review, but most probably everything is alright
- I'm not sure if we should call the main
JWTasAPP. In reality it should beAPI, but I understand that it makes things difficult to differentiate between api and api-key - Remove the
tabin the docstrings
priv/repo/migrations/20240227102315_add_api_key_settings_to_settings_schema.exs
Show resolved
Hide resolved
Rename api_key_created_at to created_at and api_key_expire_at to expire_at
CDimonaco
force-pushed
the
jwt_api_key
branch
2 times, most recently
from
1174e44 to
8fa99d5
Compare
arbulu89
approved these changes
Feb 29, 2024
There was a problem hiding this comment.
Super super great @CDimonaco
Ready to merge from my side, but i put some nitpick comments as always.
| alias TrentoWeb.OpenApi.V1.Schema | ||
|
|
||
| use OpenApiSpex.ControllerSpecs | ||
| plug OpenApiSpex.Plug.CastAndValidate, json_render_error_v2: true | ||
| action_fallback TrentoWeb.FallbackController |
There was a problem hiding this comment.
well, but deprecated means that it will be removed in some future version, right?
CDimonaco
force-pushed
the
jwt_api_key
branch
2 times, most recently
from
e112969 to
ad43a43
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR includes a JWT implementation of the API KEY.
This new implementation allows the rotation of api keys as a result of configurable expiration of api keys.
Expiration could be infinite, where "infinite" is a very reasonable amount of time, because jwt standard wants an expiration timestamp.
This implies the store of JTI, used for token whitelisting and invalidation and creation and expiration date of api tokens, used for key generation, THE JWT KEY IS NOT STORED IN THE DATABASE.
Api key settings are stored into settings table, refactored with current settings as InstallationSettings, following a single table inheritance approach in the settings table.
Installation controller supports operation on the new type of settings, and returns the generated key when needed.
A new Plug for validating api key with jwt, validating issuer and JTI is enabled.
When Trento is installed a default api key with infinite expiration is created
How was this tested?
Automated tests