fixes #3680 add revocation management API, CLI, and enforcement#3789
Draft
andrewpmartinez wants to merge 2 commits intomainfrom
Draft
fixes #3680 add revocation management API, CLI, and enforcement#3789andrewpmartinez wants to merge 2 commits intomainfrom
andrewpmartinez wants to merge 2 commits intomainfrom
Conversation
andrewpmartinez
force-pushed
the
fix.openziti.ziti.3680.revocation-management-api
branch
3 times, most recently
from
5cd8641 to
9ed798c
Compare
- adds Management API endpoints for revocations (POST, GET, LIST) with type-aware validation (JTI/API_SESSION require UUID, IDENTITY requires existing identity) - adds CLI commands: ziti edge create revocation identity|api-session|jti - adds revocation checks to resolveOidcSession in security_ctx.go so the REST API returns 401 for revoked OIDC tokens. Previously only ValidateAccessToken (router ctrl channel path) checked revocations, so revoked tokens still received 200 OK from the management and client HTTP APIs - adds api-session revocation check to ValidateAccessToken, which only checked JTI and identity revocations - adds Type field to Revocation model, store, and protobuf message - adds integration tests covering CRUD, input validation, and token enforcement for all three revocation types use working edge-api branch name update ref
andrewpmartinez
force-pushed
the
fix.openziti.ziti.3680.revocation-management-api
branch
from
9ed798c to
5f734d4
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Note: Relies on openziti/edge-api#184 and has commit hash specific deps that need to be resolved before merging.