Modify Auth Service to Replace Token with User Metadata Headers #5
Labels
No labels
Blocked
Bounty
$100
Bounty
$1000
Bounty
$10000
Bounty
$20
Bounty
$2000
Bounty
$250
Bounty
$50
Bounty
$500
Bounty
$5000
Bounty
$750
MoSCoW
Could have
MoSCoW
Must have
MoSCoW
Should have
Needs feedback
Points
1
Points
13
Points
2
Points
21
Points
3
Points
34
Points
5
Points
55
Points
8
Points
88
Priority
Backlog
Priority
Critical
Priority
High
Priority
Low
Priority
Medium
Signed-off: Owner
Signed-off: Scrum Master
Signed-off: Tech Lead
Spike
State
Completed
State
Duplicate
State
In Progress
State
In Review
State
Paused
State
Unverified
State
Verified
State
Wont Do
Type
Bug
Type
Discussion
Type
Documentation
Type
Epic
Type
Feature
Type
Legendary
Type
Support
Type
Task
Type
Testing
No project
No assignees
3 participants
Notifications
Due date
No due date set.
Blocks
Depends on
You do not have permission to read 1 dependency
#16 Replace-User-Metadata-#5
clevermicro/user-management
Reference: clevermicro/user-management#5
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Ref epic: #13
Goal: Enhance the forward authentication process so that the auth-service, upon successfully authenticating and authorizing a request, instructs Traefik to remove the original user token and inject user metadata (like ID, groups, roles) as headers before forwarding the request to the backend service.
Background:
To simplify backend microservices, we want them to receive clear information about the authenticated user directly via headers, rather than needing to parse and validate JWTs themselves. The auth-service, acting as the Traefik forwardAuth endpoint, is the ideal place to perform this token validation, extraction, and header preparation.
Description:
This ticket should modify the request processing flow. The auth-service should extract the user's token, verify it, and transform it into an object containing user information (username, email, groups, permissions, etc.). This metadata, represented as headers, will be handed off to downstream services, replacing the original token, so they can directly use this information for their internal permission checks.
Prerequisites:
What needs to be done:
Key Considerations:
Deliverables:
depends on / is blocked by 'have independent keycloak instance deployed' in CleverThis company context, as a DEVELOPMENT env instance (identity-management project task)
@stanislav.hejny @aleenaumair
This ticket doesnt have a milestone. Fix that before proceeding.