Rework Keycloak auth token validation with auth server public key
Bug #1857871 reported by
Renat Akhmerov
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mistral |
Fix Released
|
High
|
Renat Akhmerov |
Bug Description
Currently, when Mistral is configured with to authenticate requests with Keycloak, every time when an HTTP request arrives Mistral extracts an access token from the 'X-Auth-Token' header and sends a request to Keycloak to check if it's valid. However, Mistral can validate it w/o sending a request. It's possible to validate a token on the Mistral side using Keycloak public key.
For more information read this article: https:/
Changed in mistral: | |
milestone: | none → ussuri-2 |
assignee: | nobody → Renat Akhmerov (rakhmerov) |
importance: | Undecided → High |
status: | New → Confirmed |
Changed in mistral: | |
status: | Confirmed → In Progress |
To post a comment you must log in.
Reviewed: https:/ /review. opendev. org/700695 /git.openstack. org/cgit/ openstack/ mistral/ commit/ ?id=c888a46ccc4 6346deee8d483a7 06918341bc0a7f
Committed: https:/
Submitter: Zuul
Branch: master
commit c888a46ccc46346 deee8d483a70691 8341bc0a7f
Author: Renat Akhmerov <email address hidden>
Date: Fri Dec 27 16:20:19 2019 +0700
Fix keycloak authentication
* Implement offline access token validation using Keycloak public key.
Closes-bug: #1857871 1cac005622b16c6 d9e4bed4df6
Change-Id: I0eecec4b4e6438