Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: Proposed refactoring of API Plugin from Scratch with OAuth #13063

Open
wants to merge 2 commits into
base: dev
Choose a base branch
from
Open

refactor: Proposed refactoring of API Plugin from Scratch with OAuth #13063

wants to merge 2 commits into from

Conversation

BobGerman
Copy link

@BobGerman BobGerman commented Jan 16, 2025
edited
Loading

Proposed changes to TTK Scaffolding for Declarative Agent with OAuth

The currently generated code requires modifying the middleware to meet application needs; this is not ideal because:

* it causes the developer to do extra work to understand and modify the middleware
* it will cause the middleware to vary between projects
* it will make it harder to replace the middleware with a supported token validation library in the future

These changes are proposed to better separate the API code (Azure functions) from the "middleware".
It was my intent not to change the logic or default settings at all - these changes should only rearrange things to make it less necessary for agent developers to modify the middleware.

IF accepted, I will submit a similar PR for the JavaScript version.

Summary of changes

  1. Instead of hard-coding, pass arguments to the authMiddleware function for things that are likely to vary in different apps. The default values for optional arguments will be the same as the current hard-coded values, which are indeed the most commonly needed.

    a. scope (mandatory) - the authorization scope, currently hard coded to "repairs_read". The proposed argument supports either a single scope (string) or an array of scopes ([string]) since some apps will support many scopes for different permissions.

    b. allowedTenants (optional) - an array of tenant IDs that are authorized to use the app

    c. cloudType (optional) - the cloud type which is used to retrieve the correct JWKS URI to handle common, government, and national clouds

    d. issuer (optional) - the issuer, which will vary for multi-tenant apps and different clouds

  2. Return claims from authMiddleware so the API can access the user ID, name, upn, tenant ID, etc. that are commonly used to organize data for each user and/or tenant

  3. Other changes:

    a. Made the req argument on authMiddleWare mandatory; it was optional but the code would fail if it wasn't specified

    b. Expose the CloudType enum and EntraJwtPayload interface from authMiddlweare.ts so developers don't take dependencies on the libry functions, which may change

    c. Added commonly needed claims such as name and oid to the EntraJwtPayload interface in tokenValidator.ts

Thanks!

@BobGerman BobGerman changed the title Proposed refactoring of API Plugin from Scratch with OAuth refactor: Proposed refactoring of API Plugin from Scratch with OAuth Jan 16, 2025
@therealjohn
Copy link
Contributor

CC @MuyangAmigo

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eriolchan eriolchan Awaiting requested review from eriolchan eriolchan is a code owner

@huimiu huimiu Awaiting requested review from huimiu huimiu is a code owner

@Yimin-Jin Yimin-Jin Awaiting requested review from Yimin-Jin Yimin-Jin is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@BobGerman @therealjohn