Skip to content

feat: provide full mutual authentication#58

Merged
ndr-brt merged 1 commit intomainfrom
56-authorization-data-plane
Mar 25, 2026
Merged

feat: provide full mutual authentication#58
ndr-brt merged 1 commit intomainfrom
56-authorization-data-plane

Conversation

@ndr-brt
Copy link
Copy Markdown
Contributor

@ndr-brt ndr-brt commented Mar 25, 2026

What

Implement full mutual authorization

Notes

  • using an authorization mechanism is mandatory in order to being able to correlate the control plane id.
  • the flow tests have been set with a "test authorization", that's easier than the oauth2 one. The latter has a dedicated test

@ndr-brt ndr-brt requested a review from ronjaquensel March 25, 2026 14:57
@ndr-brt ndr-brt added the enhancement New feature or request label Mar 25, 2026
ronjaquensel
ronjaquensel approved these changes Mar 25, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@ronjaquensel ronjaquensel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One thing that comes to mind is that we now have the Authorization header hardcoded as the auth header used for the control plane. Couldn't potentially other headers be used as well, like e.g. the X-Api-Key one, depending on the setup? Nothing for this PR though, just maybe something we can discuss.

@ndr-brt
Copy link
Copy Markdown
Contributor Author

ndr-brt commented Mar 25, 2026
edited
Loading

One thing that comes to mind is that we now have the Authorization header hardcoded as the auth header used for the control plane. Couldn't potentially other headers be used as well, like e.g. the X-Api-Key one, depending on the setup? Nothing for this PR though, just maybe something we can discuss.

@ronjaquensel I thought about this, but since jersey spi use MultivaluedMap instead of a simple map it was just easier to pass the Authorization header directly. Let's keep this as a potential refactor for the future, but given that the only authorization profile defined in the spec is the oauth2 one, the implementation should cover the vast majority of the cases

@ndr-brt ndr-brt merged commit db40972 into main Mar 25, 2026
3 checks passed
@ndr-brt ndr-brt deleted the 56-authorization-data-plane branch March 25, 2026 16:02
@ndr-brt ndr-brt linked an issue Mar 26, 2026 that may be closed by this pull request
Authorization for data plane #56
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ronjaquensel ronjaquensel ronjaquensel approved these changes

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Authorization for data plane

2 participants

@ndr-brt @ronjaquensel