Nicolas Cantu
0af507143a
- New smart-ide-global-api (127.0.0.1:37149): internal bearer, upstream proxy, X-OIDC forward - SSO gateway calls global API with GLOBAL_API_INTERNAL_TOKEN; logs to .logs/sso-gateway/ - Aggregated config example, docs, VERSION 0.0.2, claw proxy local URL hint
1.8 KiB
1.8 KiB
smart-ide-sso-gateway
HTTP gateway that validates user access tokens from the docv / Enso OIDC issuer, then forwards requests to smart-ide-global-api, which proxies to internal smart_ide micro-services using each service’s technical credentials (Bearer or X-API-Key).
Responsibilities
- Verify
Authorization: Bearer <access_token>with JWKS (OIDC_ISSUER, optionalOIDC_AUDIENCE, optionalOIDC_JWKS_URI). - Expose
GET /healthwithout auth. - Expose
GET /v1/token/verifyandGET /v1/upstreamswith user Bearer. - Proxy
ANY /proxy/<upstream_key>/<path>to smart-ide-global-api (GLOBAL_API_URL,GLOBAL_API_INTERNAL_TOKEN), which relays to the target service and adds upstream auth plusX-OIDC-Sub/X-OIDC-Emailwhen present in the JWT.
Structured request logs (except GET /health and OPTIONS) are appended to .logs/sso-gateway/access.log under the monorepo root.
User accounts, project membership, and product databases stay in each application’s backend (docv, Enso, etc.); this gateway does not store them.
Run
Start smart-ide-global-api first, then:
cd services/smart-ide-sso-gateway
cp .env.example .env # edit OIDC_ISSUER, GLOBAL_API_INTERNAL_TOKEN (match global API)
set -a && source .env && set +a
npm ci
npm run build
npm start
Default listen: http://127.0.0.1:37148.
Micro-service URLs and tokens are configured on smart-ide-global-api (services/smart-ide-global-api/.env.example or aggregated config/services.local.env).
Documentation
- Feature:
docs/features/sso-gateway-service.md - API:
docs/API/sso-gateway-api.md - Global API:
docs/API/global-api.md