Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gather detailed auth requirements #12

Open
suprjinx opened this issue Aug 29, 2024 · 4 comments
Open

Gather detailed auth requirements #12

suprjinx opened this issue Aug 29, 2024 · 4 comments

Comments

@suprjinx
Copy link
Collaborator

Assuming OIDC/JWT -- with groups claim or sub (owner) matching the domain name of the request.

But this may be complicated by service accounts or other auth types.
@GeorgeJahad
Copy link
Collaborator

with groups claim or sub (owner) matching the domain name of the request.

I considered both group and sub claims when implementing the OIDC primitives here: #49

The problem with groups is it doesn't give us the granularity we need for user specific policies.

While sub-claim matching is certainly doable, it wasn't clear to me for now where we would get the sub-id number to match against. So for now I just used email addresses, that users can include in their astral request.

We will need to investigate further with our users.

@GeorgeJahad GeorgeJahad mentioned this issue Oct 10, 2024
Merged
@dave-gantenbein
Copy link
Contributor

Two questions:

  1. How do users get the JWT?
  2. How does Astral validate the token? Is there an extant library for this? Is it open source?

@GeorgeJahad
Copy link
Collaborator

being addressed by #68

@GeorgeJahad
Copy link
Collaborator

#68 is done so i think we can close this one

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@GeorgeJahad @dave-gantenbein @suprjinx