Implement UMA ticket for forward-auth #31

Merged
hurui200320 merged 3 commits from feat/28 into develop 2025-06-30 09:05:16 +00:00
Member

According to design https://docs.cleverthis.com/en/architecture/microservices/feature-discussion/service-specific-permission-system, this PR replaced the role-based forward auth with UMA ticket to allow keycloak to verify permission based on client authorization rules, which supports roles, with extra features like resource access control and group/organization.

Other than that, this PR also:

  • add config properties objects, which allows easier unit test
  • adapt setup from clevermicro/identity-management#9, now the auth-service works with the dev realm created in identity management repo
  • add pass-through config, allow clients to configure a list of rules to skip the token checking. Use case: CleverBRAG's token for its API access

This PR bumps the coverage rate to 73%, which is still below 85%. Thus the pipeline is failing.

According to design https://docs.cleverthis.com/en/architecture/microservices/feature-discussion/service-specific-permission-system, this PR replaced the role-based forward auth with UMA ticket to allow keycloak to verify permission based on client authorization rules, which supports roles, with extra features like resource access control and group/organization. Other than that, this PR also: + add config properties objects, which allows easier unit test + adapt setup from clevermicro/identity-management#9, now the auth-service works with the dev realm created in identity management repo + add pass-through config, allow clients to configure a list of rules to skip the token checking. Use case: CleverBRAG's token for its API access This PR bumps the coverage rate to 73%, which is still below 85%. Thus the pipeline is failing.
refactor(General): replace role-based auth with UMA ticket
Some checks failed
Unit test coverage / gradle-test (push) Failing after 2m2s
CI for publishing docker image / build-and-publish (push) Successful in 2m39s
Unit test coverage / gradle-test (pull_request) Failing after 1m20s
0aeb9af696
add config properties, adapt setup from clevermicro/identity-management#9
replace role-based forward auth with UMA ticket
add pass-through config
implement unit tests for the change.

ISSUES CLOSED: clevermicro/user-management#28

Coverage is 74%

Coverage is 74%
requested reviews from abed.alrahman, stanislav.hejny 2025-06-16 15:52:57 +00:00
fix(General): fix application yaml
Some checks failed
Unit test coverage / gradle-test (push) Failing after 2m48s
Unit test coverage / gradle-test (pull_request) Failing after 2m56s
CI for publishing docker image / build-and-publish (push) Successful in 3m18s
8f8b507e01

Coverage is 74%

Coverage is 74%

Coverage is 75%

Coverage is 75%
hurui200320 deleted branch feat/28 2025-06-30 09:05:17 +00:00
Sign in to join this conversation.
No milestone
No project
No assignees
3 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Blocks
Reference: clevermicro/user-management#31
No description provided.