DIG-898: allow service_token to view user_key #56

daisieh · 2024-05-01T18:48:20Z

Specifically allow the service token to view the decoded user key.

To test: clean/docker-volumes/build/compose opa, then try calling

curl -X "POST" "http://candig.docker.internal:8181/v1/data/idp" \
     -H 'Content-Type: application/json' \
     -H 'Accept: application/json' \
     -H 'X-Opa: opa-service-token' \
     -d $'{
  "input": {
    "token": "user token"
  }
}'

You should get the value of the user key (the email) as a response.

OrdiNeu

Works as expected for a service token ✔️ I double checked the JWT manually as well

allow service_token to view user_key

9aba05c

daisieh requested a review from OrdiNeu May 1, 2024 18:50

OrdiNeu approved these changes May 1, 2024

View reviewed changes

daisieh merged commit a989584 into develop May 1, 2024
2 checks passed

daisieh deleted the daisieh/user_id branch May 1, 2024 20:31

candigbot mentioned this pull request May 1, 2024

CanDIG/candig-opa merging: DIG-898: allow service_token to view user_key CanDIG/CanDIGv2#564

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

DIG-898: allow service_token to view user_key #56

DIG-898: allow service_token to view user_key #56

daisieh commented May 1, 2024 •

edited

Loading

OrdiNeu left a comment

DIG-898: allow service_token to view user_key #56

DIG-898: allow service_token to view user_key #56

Conversation

daisieh commented May 1, 2024 • edited Loading

OrdiNeu left a comment

Choose a reason for hiding this comment

daisieh commented May 1, 2024 •

edited

Loading