Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Well Known Security #42

Merged
merged 5 commits into from
Oct 20, 2022
Merged

Well Known Security #42

merged 5 commits into from
Oct 20, 2022

Conversation

bbengfort
Copy link
Contributor

@bbengfort bbengfort commented Oct 20, 2022
edited
Loading

Scope of changes

This PR adds the "well known security" files to the ./well-known endpoint including:

  1. /.well-known/jwks.json: https://auth0.com/docs/secure/tokens/json-web-tokens/json-web-key-sets#learn-more
  2. /.well-known/security.txt: https://securitytxt.org/
  3. /.well-known/openid-configuration: https://connect2id.com/learn/openid-connect

These endpoints allow clients to verify the security model of Quarterdeck and to use Quarterdeck as an authentication service.

Fixes SC-10002

Type of change

  • new feature
  • bug fix
  • documentation
  • testing
  • technical debt
  • other (describe)

Acceptance criteria

Check to ensure that the security model exposed by these endpoints makes sense.

Author checklist

  • I have manually tested the change and/or added automation in the form of unit tests or integration tests
  • I have updated the dependencies list
  • I have recompiled and included new protocol buffers to reflect changes I made
  • I have added new test fixtures as needed to support added tests
  • Check this box if a reviewer can merge this pull request after approval (leave it unchecked if you want to do it yourself)
  • I have moved the associated Shortcut story to "Ready for Review"

Reviewer(s) checklist

  • Any new user-facing content that has been added for this PR has been QA'ed to ensure correct grammar, spelling, and understandability.

@shortcut-integration
Copy link

This pull request has been linked to Shortcut Story #10002: Quarterdeck OpenID Tokens and JWKS.

@bbengfort bbengfort marked this pull request as ready for review October 20, 2022 17:45
daniellemaxwell
daniellemaxwell approved these changes Oct 20, 2022
View reviewed changes
Copy link
Contributor

@daniellemaxwell daniellemaxwell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good!

pkg/quarterdeck/api/v1/api.go Show resolved Hide resolved
pkg/quarterdeck/wellknown.go Outdated Show resolved Hide resolved
pkg/quarterdeck/wellknown.go Outdated Show resolved Hide resolved
@codecov
Copy link

codecov bot commented Oct 20, 2022
edited
Loading

Codecov upload limit reached ⚠️

This org is currently on the free Basic Plan; which includes 250 free private repo uploads each rolling month. This limit has been reached and additional reports cannot be generated. For unlimited uploads, upgrade to our pro plan.

Do you have questions or need help? Connect with our sales team today at sales@codecov.io

@bbengfort @daniellemaxwell
Apply suggestions from code review
c8e2470 
Co-authored-by: Danielle <danielle@rotational.io>
@bbengfort bbengfort merged commit 3e05135 into main Oct 20, 2022
@bbengfort bbengfort deleted the sc-10002/openid branch October 20, 2022 20:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daniellemaxwell daniellemaxwell daniellemaxwell approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bbengfort @daniellemaxwell