Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWT authentication #3

Merged
merged 18 commits into from
Jul 19, 2024
Merged

JWT authentication #3

merged 18 commits into from
Jul 19, 2024

Conversation

achouippe
Copy link
Contributor

@achouippe achouippe commented Jul 17, 2024
edited
Loading

  • Add JWT authentication to the public and internal apis,
  • Rework the contracts of the public and internal apis.
  • Rework the way to configure JWT authentication settings per environment.

@gitguardian-for-doctolib GitGuardian for Doctolib
Copy link

gitguardian-for-doctolib bot commented Jul 17, 2024
edited
Loading

️✅ There are no secrets present in this pull request anymore.

If these secrets were true positive and are still valid, we highly recommend you to revoke them.
Once a secret has been leaked into a git repository, you should consider it compromised, even if it was deleted immediately.
Find here more information about risks.

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

achouippe
achouippe commented Jul 17, 2024
View reviewed changes
lib/neurow/jwt_auth_plug.ex Outdated
def init(options), do: options

def call(conn, options) do
case jwt_token_from_request(conn) do
Copy link
Contributor Author

@achouippe achouippe Jul 17, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I try to use what seems to be idiomatic of Elixir, but I wonder if I should not use a try / rescue instead.

achouippe
achouippe commented Jul 17, 2024
View reviewed changes
lib/neurow/public_api.ex

get "v1/subscribe" do
case conn.assigns[:jwt_payload] do
%{"iss" => issuer, "sub" => sub} ->
Copy link
Contributor Author

@achouippe achouippe Jul 17, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The topic name is expected in the sub claim of the jwt token.

The idea here is to use the issuer as a way to isolate multiple systems that use neurow for each others.

@achouippe achouippe marked this pull request as ready for review July 17, 2024 17:56
@achouippe achouippe requested a review from bpaquet as a code owner July 17, 2024 17:56
bpaquet
bpaquet reviewed Jul 18, 2024
View reviewed changes
lib/neurow/internal_api.ex
post "v1/publish" do
issuer = conn.assigns[:jwt_payload]["iss"]

topic = "#{issuer}-#{conn.body_params["topic"]}"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
topic = "#{issuer}-#{conn.body_params["topic"]}"
topic = "#{issuer}:#{conn.body_params["topic"]}"

lib/neurow/public_api.ex
get "v1/subscribe" do
case conn.assigns[:jwt_payload] do
%{"iss" => issuer, "sub" => sub} ->
topic = "#{issuer}-#{sub}"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
topic = "#{issuer}-#{sub}"
topic = "#{issuer}:#{sub}"

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I considered it, but we need to discuss it. Where to we set the topic & sub topic part ? The sub will eventually contains something like user:123. By generating a topic name like issuer-user:123 the sub topic is used for the record id.

But the purpose of topic / subtopic in the phoenix pubsub is not totally clear for me for now.

config/runtime.exs Outdated Show resolved Hide resolved
@achouippe achouippe merged commit 5dcfb41 into main Jul 19, 2024
3 checks passed
@achouippe achouippe deleted the jwt_authentication branch July 19, 2024 09:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bpaquet bpaquet bpaquet approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@achouippe @bpaquet