Skip to content

docs(examples): add authN/authZ for supply chain app example #1579

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
petermetz opened this issue Nov 24, 2021 · 2 comments · Fixed by #1801
Closed

docs(examples): add authN/authZ for supply chain app example #1579

petermetz opened this issue Nov 24, 2021 · 2 comments · Fixed by #1801
Assignees
@elenaizaguirre
Labels
Developer_Experience documentation Improvements or additions to documentation enhancement New feature or request P1 Priority 1: Highest Security Related to existing or potential security vulnerabilities

Comments

@petermetz
Copy link
Contributor

petermetz commented Nov 24, 2021
edited by elenaizaguirre
Loading

Description

We want to be reasonably sure that we haven't forgotten anything basic from the JWT support code in the API server and the best way to find out is to try and make one of the end to end examples work with JWT authorization so that we can put ourselves in the shoves of someone who is developing an application with the framework leveraging the plugins and the API server.
While doing the above, likely some issues will come to light that otherwise would've been hidden until we go to 1.0.0 and people start using it so this way we can get ahead of that.
If any issues arise, please make sure to create new, separate tasks for fixing those that can also be addressed by separate PRs so that we avoid one huge PR that updates the examples and also updates core/API-server/core-api package code at the same time.
By the end of it in the PR resolving this issue we should only have the changes that are touching only the examples folder code because everything else necessary (prerequisites) was done already.

Acceptance Criteria

  1. The supply chain example is locked down by default with authorization, e.g. JWT validation is enabled
  2. To keep it user friendly the example tutorials need to end with valid JWTs printed to the command line at the very end so that end users can see/use them with the least amount of hassle possible
  3. Do not mix changes between examples and core code (further explained above but wanted to underline it here too)
  4. Make sure the documentation is updated accordingly as well
  5. Publish the container image to GHCR and also make sure to update the root README.md and the inner supply-chain-app README.md with those images. This part will be done in issue docs(examples): update container image for supply chain #1815
@petermetz petermetz added Developer_Experience documentation Improvements or additions to documentation enhancement New feature or request P1 Priority 1: Highest Security Related to existing or potential security vulnerabilities labels Nov 24, 2021
elenaizaguirre added a commit to elenaizaguirre/cactus that referenced this issue Dec 22, 2021
@elenaizaguirre
fix: add optional parameter token to CactusNode
305c8f4 
add token to apiClient.ofLedger and PluginConsortiumManual
getConsortiumJws method when property is setted

relationed with hyperledger-cacti#1579

Signed-off-by: Elena Izaguirre <[email protected]>
@elenaizaguirre elenaizaguirre mentioned this issue Dec 22, 2021
Merged
elenaizaguirre added a commit to elenaizaguirre/cactus that referenced this issue Jan 4, 2022
@elenaizaguirre
fix: add optional auth token to api-client and consortium-manual
29dce58 
relationed with hyperledger-cacti#1579

Signed-off-by: Elena Izaguirre <[email protected]>
elenaizaguirre added a commit to elenaizaguirre/cactus that referenced this issue Jan 5, 2022
@elenaizaguirre
fix: add optional auth token to api-client and consortium-manual
d585af4 
relationed with hyperledger-cacti#1579

Signed-off-by: Elena Izaguirre <[email protected]>
elenaizaguirre added a commit to elenaizaguirre/cactus that referenced this issue Jan 12, 2022
@elenaizaguirre
fix: add optional auth token to api-client and consortium-manual
734ee47 
relationed with hyperledger-cacti#1579

Signed-off-by: Elena Izaguirre <[email protected]>
elenaizaguirre added a commit to elenaizaguirre/cactus that referenced this issue Jan 14, 2022
@elenaizaguirre
fix: add optional auth token to api-client and consortium-manual
485c49e 
relationed with hyperledger-cacti#1579

Signed-off-by: Elena Izaguirre <[email protected]>
petermetz pushed a commit that referenced this issue Jan 17, 2022
@elenaizaguirre @petermetz
fix: add optional auth token to api-client and consortium-manual
c2feebf 
relationed with #1579

Signed-off-by: Elena Izaguirre <[email protected]>
aldousalvarez pushed a commit to aldousalvarez/cactus that referenced this issue Jan 19, 2022
@elenaizaguirre @aldousalvarez
fix: add optional auth token to api-client and consortium-manual
e4b8a51 
relationed with hyperledger-cacti#1579

Signed-off-by: Elena Izaguirre <[email protected]>
Signed-off-by: aldousalvarez <[email protected]>
aldousalvarez pushed a commit to aldousalvarez/cactus that referenced this issue Jan 19, 2022
@elenaizaguirre @aldousalvarez
fix: add optional auth token to api-client and consortium-manual
40a145a 
relationed with hyperledger-cacti#1579

Signed-off-by: Elena Izaguirre <[email protected]>
Signed-off-by: aldousalvarez <[email protected]>
@elenaizaguirre
Copy link
Contributor

@petermetz In point 5 of Acceptance Criteria you say "Publish the container image to GHCR" but I cannot do it before merge changes because I need the npm version, so I think the right order is this:

  1. Create the PR for these changes
  2. Publish new npm packages (I don´t have permissions)
  3. Create and publish the container image (I have permissions for this)
  4. Create another PR to update README with newest container image

elenaizaguirre added a commit to elenaizaguirre/cactus that referenced this issue Jan 20, 2022
@elenaizaguirre
feat: add jwt authorization to supply chain example
0a8f83b 
closes hyperledger-cacti#1579

Signed-off-by: Elena Izaguirre <[email protected]>
@elenaizaguirre elenaizaguirre mentioned this issue Jan 20, 2022
Merged
elenaizaguirre added a commit to elenaizaguirre/cactus that referenced this issue Jan 21, 2022
@elenaizaguirre
feat: add jwt authorization to supply chain example
b403bfa 
closes hyperledger-cacti#1579

Signed-off-by: Elena Izaguirre <[email protected]>
elenaizaguirre added a commit to elenaizaguirre/cactus that referenced this issue Jan 24, 2022
@elenaizaguirre
feat: add jwt authorization to supply chain example
f642c23 
closes hyperledger-cacti#1579

Signed-off-by: Elena Izaguirre <[email protected]>
elenaizaguirre added a commit to elenaizaguirre/cactus that referenced this issue Jan 25, 2022
@elenaizaguirre
feat: add jwt authorization to supply chain example
c099442 
closes hyperledger-cacti#1579

Signed-off-by: Elena Izaguirre <[email protected]>
@petermetz
Copy link
Contributor Author

petermetz commented Jan 27, 2022
edited
Loading

@petermetz In point 5 of Acceptance Criteria you say "Publish the container image to GHCR" but I cannot do it before merge changes because I need the npm version, so I think the right order is this:

  1. Create the PR for these changes
  2. Publish new npm packages (I don´t have permissions)
  3. Create and publish the container image (I have permissions for this)
  4. Create another PR to update README with newest container image

@elenaizaguirre Oops, you are right. We can break this issue down into two separate ones to model the reality of the dependent steps. Could you create that other issue and move the container image publishing criteria over to that one from this one?

@elenaizaguirre elenaizaguirre mentioned this issue Jan 27, 2022
Closed
elenaizaguirre added a commit to elenaizaguirre/cactus that referenced this issue Feb 1, 2022
@elenaizaguirre
feat: add jwt authorization to supply chain example
cc0ab56 
closes hyperledger-cacti#1579

Signed-off-by: Elena Izaguirre <[email protected]>
elenaizaguirre added a commit to elenaizaguirre/cactus that referenced this issue Feb 2, 2022
@elenaizaguirre
feat: add jwt authorization to supply chain example
62c7e93 
closes hyperledger-cacti#1579

Signed-off-by: Elena Izaguirre <[email protected]>
elenaizaguirre added a commit to elenaizaguirre/cactus that referenced this issue Feb 7, 2022
@elenaizaguirre
feat: add jwt authorization to supply chain example
8e68bb4 
closes hyperledger-cacti#1579

Signed-off-by: Elena Izaguirre <[email protected]>
elenaizaguirre added a commit to elenaizaguirre/cactus that referenced this issue Feb 10, 2022
@elenaizaguirre
feat: add jwt authorization to supply chain example
0df4510 
closes hyperledger-cacti#1579

Signed-off-by: Elena Izaguirre <[email protected]>
elenaizaguirre added a commit to elenaizaguirre/cactus that referenced this issue Feb 16, 2022
@elenaizaguirre
feat: add jwt authorization to supply chain example
b9382d5 
closes hyperledger-cacti#1579

Signed-off-by: Elena Izaguirre <[email protected]>
petermetz pushed a commit to elenaizaguirre/cactus that referenced this issue Apr 5, 2022
@elenaizaguirre @petermetz
feat: add jwt authorization to supply chain example
ca29240 
1. The JWT token to be used is printed by the Supply Chain App after
it successfully bootstrapped itself (pulled up the ledgers, API server)
2. The web application uses a native window prompt for getting the token
which might need to be refactored in the future because there are ideas
floating around on the internet that the window prompt/alert APIs should
be discontinued in web browsers altogether.
3. The image built from this source code has been pushed to ghcr.io as:
ghcr.io/hyperledger/cactus-example-supply-chain-app:2022-04-05--feat-1579

closes hyperledger-cacti#1579

Signed-off-by: Elena Izaguirre <[email protected]>
Signed-off-by: Peter Somogyvari <[email protected]>
petermetz pushed a commit that referenced this issue Apr 6, 2022
@elenaizaguirre @petermetz
feat: add jwt authorization to supply chain example
a4f07f6 
1. The JWT token to be used is printed by the Supply Chain App after
it successfully bootstrapped itself (pulled up the ledgers, API server)
2. The web application uses a native window prompt for getting the token
which might need to be refactored in the future because there are ideas
floating around on the internet that the window prompt/alert APIs should
be discontinued in web browsers altogether.
3. The image built from this source code has been pushed to ghcr.io as:
ghcr.io/hyperledger/cactus-example-supply-chain-app:2022-04-05--feat-1579

closes #1579

Signed-off-by: Elena Izaguirre <[email protected]>
Signed-off-by: Peter Somogyvari <[email protected]>
micoferdinand98 pushed a commit to micoferdinand98/cactus that referenced this issue May 5, 2022
@elenaizaguirre @micoferdinand98
feat: add jwt authorization to supply chain example
5fc6657 
1. The JWT token to be used is printed by the Supply Chain App after
it successfully bootstrapped itself (pulled up the ledgers, API server)
2. The web application uses a native window prompt for getting the token
which might need to be refactored in the future because there are ideas
floating around on the internet that the window prompt/alert APIs should
be discontinued in web browsers altogether.
3. The image built from this source code has been pushed to ghcr.io as:
ghcr.io/hyperledger/cactus-example-supply-chain-app:2022-04-05--feat-1579

closes hyperledger-cacti#1579

Signed-off-by: Elena Izaguirre <[email protected]>
Signed-off-by: Peter Somogyvari <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@elenaizaguirre elenaizaguirre

Labels
Developer_Experience documentation Improvements or additions to documentation enhancement New feature or request P1 Priority 1: Highest Security Related to existing or potential security vulnerabilities
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: add jwt authorization to supply chain example elenaizaguirre/cactus
2 participants
@petermetz @elenaizaguirre