Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding explict Function Invoke claim for non-Platform tokens #9787

Merged
merged 1 commit into from
Jan 18, 2024
Merged

Adding explict Function Invoke claim for non-Platform tokens #9787

merged 1 commit into from
Jan 18, 2024

Conversation

mathewc
Copy link
Member

@mathewc mathewc commented Jan 10, 2024
edited
Loading

Adding a new custom claim for direct http invocations. The auth requirements used by the function invocation middleware will require this claim to be present.

Our existing auth handlers for Keys and JWTs have been updated to add the claim to the principle, since those are the only auth schemes supported by the DefaultFunctionPolicy.

Only need to backport to v3. In v1, ONLY key auth is supported for http function invocations.

Pull request checklist

  • My changes do not require documentation changes
    • Otherwise: Documentation issue linked to PR
  • My changes should not be added to the release notes for the next release
    • Otherwise: I've added my notes to release_notes.md
  • My changes do not need to be backported to a previous version
  • My changes do not require diagnostic events changes
    • Otherwise: I have added/updated all related diagnostic events and their documentation (Documentation issue linked to PR)
  • I have added all required tests (Unit tests, E2E tests)

@mathewc mathewc requested a review from a team as a code owner January 10, 2024 21:09
@mathewc mathewc requested a review from fabiocav January 10, 2024 22:19
fabiocav
fabiocav reviewed Jan 11, 2024
View reviewed changes
Copy link
Member

@fabiocav fabiocav left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small comment.

src/WebJobs.Script.WebHost/Security/Authentication/Jwt/ScriptJwtBearerExtensions.cs Outdated Show resolved Hide resolved
fabiocav
fabiocav approved these changes Jan 18, 2024
View reviewed changes
Copy link
Member

@fabiocav fabiocav left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Flagging as approved, but it would be good to have the claim value updated so that it is lowercased.

src/WebJobs.Script.WebHost/Security/Authentication/Jwt/ScriptJwtBearerExtensions.cs Outdated Show resolved Hide resolved
src/WebJobs.Script.WebHost/Security/Authentication/Keys/AuthenticationLevelHandler.cs Outdated Show resolved Hide resolved
@mathewc mathewc merged commit d6653fb into dev Jan 18, 2024
9 checks passed
@mathewc mathewc deleted the token-invoke-claim branch January 18, 2024 18:07
@mathewc mathewc mentioned this pull request Jan 19, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fabiocav fabiocav fabiocav approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@mathewc @fabiocav