Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[VI-1012] adds SiS pkey jwt ClientConfig seed #20855

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

[VI-1012] adds SiS pkey jwt ClientConfig seed #20855

wants to merge 5 commits into from

Conversation

bramleyjl
Copy link
Contributor

Summary

  • This work is behind a feature toggle (flipper): NO
  • Updates development seed file to include an example SignIn::ClientConfig for private key JWT clients

Related issue(s)

Testing done

  • New code is covered by unit tests

Token request testing

  • pull down the latest Postman collection update
  • run the seed file: bin/rails db:seed
  • verify the new ClientConfig exists
SignIn::ClientConfig.find_by(client_id: 'sample_client_pkey_jwt').client_id
=> "sample_client_pkey_jwt"
  • call the SiS /authorize endpoint with the sample_client_pkey_jwt client id & authenticate
http://localhost:3000/v0/sign_in/authorize?type=idme&acr=loa3&client_id=sample_client_pkey_jwt&code_challenge=JNkFflCkxk1K6gQUf23P_5Ctl_T65_xkkOU_y-Cc2XI=&code_challenge_method=S256&state=c4addf6001661631d2524043ca31107e
  • copy the returned code URL parameter into the Postman collection as the sis_client-auth_code variable & make a Sign In Service / Client Auth (User) / Private Key JWT Auth / token request - you should receive a 200 response with access & refresh tokens
    image

Token usage testing

  • update vets-api/app/controllers/concerns/authentication_and_sso_concerns.rb to allow the sample_client_pkey_jwt client id to access authenticated routes
  included do
    before_action :authenticate, :set_session_expiration_header

    validates_access_token_audience ['sample_client_pkey_jwt', Settings.sign_in.vaweb_client_id, ('vamock' if MockedAuthentication.mockable_env?)]
  end
  • Make a Postman request to an authenticated route, such as the vets-api / User / ICN call - you should receive a 200 response

@bramleyjl bramleyjl marked this pull request as ready for review February 19, 2025 19:59
@bramleyjl bramleyjl requested review from a team as code owners February 19, 2025 19:59
@va-vfs-bot va-vfs-bot temporarily deployed to VI-1012_sis_pkey_jwt_seed/main/main February 19, 2025 20:00 Inactive
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 19, 2025
View reviewed changes
@va-vfs-bot va-vfs-bot temporarily deployed to VI-1012_sis_pkey_jwt_seed/main/main February 19, 2025 20:12 Inactive
@bramleyjl bramleyjl force-pushed the VI-1012_sis_pkey_jwt_seed branch from c12b86e to 57e850f Compare February 20, 2025 19:06
@va-vfs-bot va-vfs-bot temporarily deployed to VI-1012_sis_pkey_jwt_seed/main/main February 20, 2025 19:07 Inactive
@RachalCassity RachalCassity self-assigned this Feb 24, 2025
@va-vfs-bot va-vfs-bot temporarily deployed to VI-1012_sis_pkey_jwt_seed/main/main March 4, 2025 16:15 Inactive
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RachalCassity RachalCassity RachalCassity approved these changes

Assignees

@RachalCassity RachalCassity

Labels
require-backend-approval test-failure
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bramleyjl @RachalCassity @va-vfs-bot