Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: adds verification context #3677

Merged
merged 4 commits into from
Dec 1, 2023
Merged

feat: adds verification context #3677

merged 4 commits into from
Dec 1, 2023
+299 −72

Conversation

wolf4ood
Copy link
Contributor

@wolf4ood wolf4ood commented Nov 30, 2023
edited
Loading

What this PR changes/adds

Adds VerificationContext in the IdentityService#verifyJwt methods

Why it does that

To be able to attach contextual information in the verification phase

Further notes

For now the Policy it's always an empty one. Policy extraction will be tackled in subsequent PRs on each area (catalog/transfer process/ contract negotiation)

Linked Issue(s)

Closes #3675

@wolf4ood wolf4ood force-pushed the feat/3675_verification_context branch from 3f7b765 to 9cc1bf1 Compare November 30, 2023 14:27
@wolf4ood wolf4ood self-assigned this Nov 30, 2023
@wolf4ood wolf4ood added the enhancement New feature or request label Nov 30, 2023
@wolf4ood
feat: add verification context

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode
a8ed6dc
@wolf4ood wolf4ood force-pushed the feat/3675_verification_context branch from 9cc1bf1 to a8ed6dc Compare November 30, 2023 14:43
@wolf4ood wolf4ood added the breaking-change Will require manual intervention for version update label Nov 30, 2023
@wolf4ood wolf4ood marked this pull request as ready for review November 30, 2023 15:04
wolf4ood and others added 2 commits November 30, 2023 16:58
@wolf4ood @jimmarino
Update spi/common/core-spi/src/main/java/org/eclipse/edc/spi/iam/Veri…
c88a3cb 
…ficationContext.java

Co-authored-by: Jim Marino <jim.marino@gmail.com>
@wolf4ood @jimmarino
Update spi/common/core-spi/src/main/java/org/eclipse/edc/spi/iam/Veri…
edbf07c 
…ficationContext.java

Co-authored-by: Jim Marino <jim.marino@gmail.com>
paullatzelsperger
paullatzelsperger approved these changes Dec 1, 2023
View reviewed changes
spi/common/core-spi/src/main/java/org/eclipse/edc/spi/iam/IdentityService.java
* @return Result of the validation.
*/
Result<ClaimToken> verifyJwtToken(TokenRepresentation tokenRepresentation, String audience);
Result<ClaimToken> verifyJwtToken(TokenRepresentation tokenRepresentation, VerificationContext context);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can already here voices whining about backwards compatibility and breaking changes... Could we leave the old signature in place in a default method, and have it delegate to this new method?
the VerificationContext contains the audience anyway

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can, but that method will not be called by our code in the protocol service layer, as we would need to populate the VerificationContext . Also the audience there will go away soon :)

Copy link
Member

@ndr-brt ndr-brt Dec 1, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@paullatzelsperger hey, that's me 😆
In my opinion it really depends on how many extensions of this could exist, seems to be a pretty used interface so I'd go for the deprecation, but I will be also ok in changing without deprecating
(interface changes are generally more tolerated because only devs are involved, instead rest apis... well, you know)

ndr-brt
ndr-brt approved these changes Dec 1, 2023
View reviewed changes
spi/common/core-spi/src/main/java/org/eclipse/edc/spi/iam/IdentityService.java
* @return Result of the validation.
*/
Result<ClaimToken> verifyJwtToken(TokenRepresentation tokenRepresentation, String audience);
Result<ClaimToken> verifyJwtToken(TokenRepresentation tokenRepresentation, VerificationContext context);
Copy link
Member

@ndr-brt ndr-brt Dec 1, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@paullatzelsperger hey, that's me 😆
In my opinion it really depends on how many extensions of this could exist, seems to be a pretty used interface so I'd go for the deprecation, but I will be also ok in changing without deprecating
(interface changes are generally more tolerated because only devs are involved, instead rest apis... well, you know)

@wolf4ood
Copy link
Contributor Author

wolf4ood commented Dec 1, 2023

I've restored as default method the one with audience, but anyway the audience is going away soon :)

@wolf4ood wolf4ood merged commit c756a4a into eclipse-edc:main Dec 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jimmarino jimmarino

@ndr-brt ndr-brt

@paullatzelsperger paullatzelsperger

@bscholtes1A bscholtes1A

Assignees

@wolf4ood wolf4ood

Labels
breaking-change Will require manual intervention for version update enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Identity Service: introduce VerificationContext
4 participants
@wolf4ood @jimmarino @ndr-brt @paullatzelsperger