4nk/smart_ide
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
smart_ide/services/smart-ide-sso-gateway/README.md
Nicolas Cantu 0af507143a Add smart-ide-global API layer, SSO delegates proxy, .logs access logs 
- New smart-ide-global-api (127.0.0.1:37149): internal bearer, upstream proxy, X-OIDC forward
- SSO gateway calls global API with GLOBAL_API_INTERNAL_TOKEN; logs to .logs/sso-gateway/
- Aggregated config example, docs, VERSION 0.0.2, claw proxy local URL hint
2026-04-03 23:08:52 +02:00

38 lines
1.8 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# smart-ide-sso-gateway
HTTP gateway that validates **user** access tokens from the docv / Enso OIDC issuer, then forwards requests to **`smart-ide-global-api`**, which proxies to internal `smart_ide` micro-services using each services **technical** credentials (Bearer or `X-API-Key`).
## Responsibilities
- Verify `Authorization: Bearer <access_token>` with JWKS (`OIDC_ISSUER`, optional `OIDC_AUDIENCE`, optional `OIDC_JWKS_URI`).
- Expose `GET /health` without auth.
- Expose `GET /v1/token/verify` and `GET /v1/upstreams` with user Bearer.
- Proxy `ANY /proxy/<upstream_key>/<path>` to **smart-ide-global-api** (`GLOBAL_API_URL`, `GLOBAL_API_INTERNAL_TOKEN`), which relays to the target service and adds upstream auth plus `X-OIDC-Sub` / `X-OIDC-Email` when present in the JWT.
Structured request logs (except `GET /health` and `OPTIONS`) are appended to **`.logs/sso-gateway/access.log`** under the monorepo root.
User accounts, project membership, and product databases stay in **each applications backend** (docv, Enso, etc.); this gateway does not store them.
## Run
Start **smart-ide-global-api** first, then:
```bash
cd services/smart-ide-sso-gateway
cp .env.example .env # edit OIDC_ISSUER, GLOBAL_API_INTERNAL_TOKEN (match global API)
set -a && source .env && set +a
npm ci
npm run build
npm start
```
Default listen: `http://127.0.0.1:37148`.
Micro-service URLs and tokens are configured on **smart-ide-global-api** (`services/smart-ide-global-api/.env.example` or aggregated `config/services.local.env`).
## Documentation
- Feature: [`docs/features/sso-gateway-service.md`](../../docs/features/sso-gateway-service.md)
- API: [`docs/API/sso-gateway-api.md`](../../docs/API/sso-gateway-api.md)
- Global API: [`docs/API/global-api.md`](../../docs/API/global-api.md)
Reference in New Issue View Git Blame Copy Permalink