james/dt4a auth #2149
james/dt4a auth #2149
Conversation
ee/localserver/server.go
Outdated
| // In the future, we will want to make this authenticated; for now, it is not authenticated. | ||
| mux.Handle("/zta", ls.requestZtaInfoHandler()) | ||
| mux.Handle("/zta", ztaAuthMiddleware.Wrap(ls.requestZtaInfoHandler())) |
There was a problem hiding this comment.
rename endpoint to dt4a
There was a problem hiding this comment.
I'm afraid this review will get really gnarly if I rename all the zta references to dt4a, so I want to wait until after this merges
ee/localserver/server.go
Outdated
| mux.Handle("/zta", ls.requestZtaInfoHandler()) | ||
|
|
||
| // mux.Handle("/zta", ztaAuthMiddleware.Wrap(ls.requestZtaInfoHandler())) | ||
| mux.Handle("/v0/dt4a", ztaAuthMiddleware.Wrap(ls.requestZtaInfoHandler())) |
There was a problem hiding this comment.
This shouldn't be on /v0 or /v1 unless it's in ecKryptoMiddleware.
Could be /dt4a or /dt4a/v0
I guess we could also call it /v3/dt4a but my hunch is that we're not going to bring more into this api. Or if we do, it might be dt4a/app-list
There was a problem hiding this comment.
Maybe /v3/dt4a and then /v3/app-list (if needed) is growing on me 🤷
There was a problem hiding this comment.
yea, it grew on me too, updated to /v3/dt4a
ee/localserver/certs.go
Outdated
| "encoding/json" | ||
| "fmt" | ||
|
|
||
| "github.com/lestrrat-go/jwx/jwk" |
There was a problem hiding this comment.
Do we need to pull in this library? It feels a little sprawling, and I feel very -_- about third parties these days
There was a problem hiding this comment.
yea, it had quite a few dependencies, I dropped it and now just using std lib. More code to handle key conversions, but once separated, makes core logic code simpler. Updated
James-Pickett
dismissed stale reviews from zackattack01 and RebeccaMahany
via
a542e4f
adds chain of trust / NaCl auth middleware to dt4a endpoint
relates to https://github.com/kolide/k2/issues/11530