opendut icon indicating copy to clipboard operation
opendut copied to clipboard
verified publisher icon eclipse-opendut

CARL should validate bearer tokens contained in requests

Open kKdH opened this issue 1 year ago • 1 comments

CARL should validate bearer tokens contained in requests against Keycloak to protect its routes.

  • [ ] Implement authentication service
    • [ ] Fetch keycloak certificate for token validation
    • [ ] Implement token validation
    • [ ] DDOS prevention with caching of keycloak certificate

kKdH avatar Jan 18 '24 14:01 kKdH

To be checked:

  • access token signature
  • token validity
  • token valid for user

token header contains certificate id used for signature validation caching in memory

mirenz1 avatar Apr 10 '24 13:04 mirenz1

This branch was rebased locally, merged locally and development was pushed before the feature branch. Therefore the commit id did not match when code went into the development branch. Consequently this pull request is wrongfully flagged as being rejected/closed despite the fact that the code was merged.

Note to future self:

  • First rebase AND push feature branch
  • Then merge to development

reimarstier avatar Aug 01 '24 13:08 reimarstier