Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sdk should retrieve platform issuer from well-known idp.issuer instead of platform_issuer #119

Open
jakedoublev opened this issue Aug 16, 2024 · 0 comments
Open

sdk should retrieve platform issuer from well-known idp.issuer instead of platform_issuer #119

jakedoublev opened this issue Aug 16, 2024 · 0 comments

Comments

@jakedoublev
Copy link

The SDK currently looks at the well-known field platform_issuer which is a duplicate of the newer idp.issuer. If the Java SDK no longer looks at platform_issuer directly on the top level config, we can deprecate that extra field.

java-sdk/sdk/src/main/java/io/opentdf/platform/sdk/SDKBuilder.java

Line 39 in 36a29df

private static final String PLATFORM_ISSUER = "platform_issuer";

https://github.com/opentdf/platform/actions/runs/10425431103/job/28876436696?pr=1365
@jakedoublev jakedoublev mentioned this issue Aug 16, 2024
Merged
github-merge-queue bot pushed a commit to opentdf/platform that referenced this issue Aug 19, 2024
@jakedoublev
feat(sdk): public client and other enhancements to well-known SDK fun…
3be50a4 
…ctionality (#1365)

Resolves #1373

This PR makes the following changes:
1. provisions a public client to keycloak with an allowlisted
redirectUri of `http://localhost:9000` to support `otdfctl`
2. adds a few `idP` accessor methods to the SDK for reading the
well-known configuration of the platform pre-auth
3. removes a few errors about the SDK being unauthenticated now that
reading from the well-known pre-auth is a valid SDK use
4. adds a `public_client_id` to the well-known idP config (with example
configs updated) and a warning log about discovery if not provided in
the config on startup
5. cannot remove `platform_issuer` as a top-level well-known config key
that is a duplicate of `idp.issuer` because of this issue
opentdf/java-sdk#119

```json
{
  "configuration": {
    "health": {
      "endpoint": "/healthz"
    },
    "idp": {
      "authorization_endpoint": "http://localhost:8888/auth/realms/opentdf/protocol/openid-connect/auth",
      "id_token_signing_alg_values_supported": [
        "PS384",
        "RS384",
        "EdDSA",
        "ES384",
        "HS256",
        "HS512",
        "ES256",
        "RS256",
        "HS384",
        "ES512",
        "PS256",
        "PS512",
        "RS512"
      ],
      "issuer": "http://localhost:8888/auth/realms/opentdf",
      "jwks_uri": "http://localhost:8888/auth/realms/opentdf/protocol/openid-connect/certs",
      "public_client_id": "opentdf-public", // this is new
      "require_request_uri_registration": true,
      "response_types_supported": [
        "code",
        "none",
        "id_token",
        "token",
        "id_token token",
        "code id_token",
        "code token",
        "code id_token token"
      ],
      "subject_types_supported": [
        "public",
        "pairwise"
      ],
      "token_endpoint": "http://localhost:8888/auth/realms/opentdf/protocol/openid-connect/token"
    }
  }
}
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jakedoublev