Skip to content

PIN-6662 Auth Server M2M token generation #1824

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 47 commits into
base: develop
Choose a base branch
from
Open

PIN-6662 Auth Server M2M token generation #1824

wants to merge 47 commits into from

Conversation

Viktor-K
Copy link
Collaborator

@Viktor-K Viktor-K commented Apr 23, 2025
edited
Loading

Closes PIN-6662

Description

This PR enable Authorization server to provide a API Token with role M2M_ADMIN, this role allows users to API v2 usages.
The JWT Token with this role has claim "userId" with Client's AdminId.

Test

✅ Improve integration and unit tests with Token M2M_ADMIN role case

Screenshot 2025-04-23 at 15 13 27

ecamellini and others added 30 commits April 7, 2025 16:55
@ecamellini @galales
PIN-6329 - refactor authorization & context AuthData - pt 1 (#1717)
9e4c277 
Co-authored-by: Alessio Gallitano <[email protected]>
@ecamellini
Merge branch 'develop' into refactor/authorization
eca022c
@ecamellini
Merge branch 'develop' into refactor/authorization
79c179f
@ecamellini
PIN-6329 - Refactor/authorization agreement process (#1746)
7907e07
@ecamellini
PIN-6329 - Refactor/authorization unit tests (#1741)
923658f
@ecamellini
PIN-6329 - Refactor/authorization purpose process (#1747)
6022ee7
@ecamellini
PIN-6329 - Refactor/authorization auth process (#1750)
d81188e
@ecamellini
PIN-6329 - Refactor/authorization BFF & API GW (#1753)
1977b45
@ecamellini
PIN-6329 - Refactor/authorization e-service template process (#1756)
a9f1d58
@ecamellini
PIN-6329 - Refactor/authorization delegation process (#1755)
24c4265
@ecamellini
PIN-6329 - Refactor/authorization tenant process (#1748)
1d42b8b
@ecamellini
Merge branch 'develop' into refactor/authorization
9548881
@ecamellini
Fixing tests
7dc89e9
@ecamellini
Adding selfcareId to existing comments
529d055
@ecamellini
Commenting example
7ce93d6
@ecamellini
Using emptyErrorMapper everywhere
51e3faf
@ecamellini
Merge branch 'develop' into refactor/authorization
5f8c198
@ecamellini
Improving example comment
1929abe
@ecamellini
Merge branch 'develop' into refactor/authorization
a50bb91
@ecamellini
Fixing tests after merge from develop
62505b1
@ecamellini
Merge branch 'develop' into refactor/authorization
dbfd2a4
@rGregnanin
update client model
90d93e5
@rGregnanin
wip
99e395f
@rGregnanin
Merge branch 'develop' into PIN-6663_update-client-model
25dcbf2
@rGregnanin
Merge branch 'develop' into PIN-6663_update-client-model
ab3c0d1
@rGregnanin
fixed as suggested
e07f4af
@rGregnanin
Merge branch 'develop' into PIN-6663_update-client-model
5abd763
@rGregnanin
refactor
e6e02e3
@rGregnanin
fixed as suggested
05990fb
@rGregnanin
Merge branch 'develop' into PIN-6663_update-client-model
5f14fe4
@Viktor-K Viktor-K changed the base branch from develop to PIN-6663_update-client-model April 23, 2025 08:33
@Viktor-K Viktor-K force-pushed the PIN-6662-auth-server-m2m-token-generation branch from 575aac1 to 299c3cc Compare April 23, 2025 09:01
@Viktor-K Viktor-K force-pushed the PIN-6662-auth-server-m2m-token-generation branch from 299c3cc to 8b43f20 Compare April 23, 2025 10:02
AsterITA
AsterITA reviewed Apr 24, 2025
View reviewed changes
Copy link
Contributor

@AsterITA AsterITA left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, just a few points

@AsterITA AsterITA requested a review from rGregnanin April 28, 2025 08:04
Base automatically changed from PIN-6663_update-client-model to develop April 28, 2025 08:26
rGregnanin
rGregnanin approved these changes Apr 28, 2025
View reviewed changes
Copy link
Contributor

@rGregnanin rGregnanin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice job 🚀
I just suggest adminId as field name inside the token

@Viktor-K Viktor-K requested a review from AsterITA April 28, 2025 15:31
@Viktor-K Viktor-K marked this pull request as ready for review April 30, 2025 08:08
ecamellini
ecamellini approved these changes Apr 30, 2025
View reviewed changes
Copy link
Collaborator

@ecamellini ecamellini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! You discussed about reusing the token models defined in AuthData, that now seem to be duplicated in the interop-token/models - is it tracked as a further task?

packages/commons/src/interop-token/models.ts
========================================== */
export type InteropJwtInternalPayload = InteropJwtCommonPayload & {
sub: string;
role: string;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
role: string;
role: Extract<SystemRole, "internal">

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ecamellini ecamellini ecamellini approved these changes

@AsterITA AsterITA AsterITA approved these changes

@Alepazz Alepazz Alepazz approved these changes

@rGregnanin rGregnanin rGregnanin approved these changes

@beetlecrunch beetlecrunch Awaiting requested review from beetlecrunch beetlecrunch is a code owner

@galales galales Awaiting requested review from galales galales is a code owner

@Carminepo2 Carminepo2 Awaiting requested review from Carminepo2 Carminepo2 is a code owner

@taglioni-r taglioni-r Awaiting requested review from taglioni-r taglioni-r is a code owner

Assignees
No one assigned
Labels
admin-client authorization-server
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Viktor-K @ecamellini @AsterITA @Alepazz @rGregnanin