Nicolas Cantu
940cf59178
- Add packages/smart-ide-upstreams (versioned dist) for resolveUpstream + listUpstreamKeys - Wire smart-ide-global-api and smart-ide-sso-gateway via file: dependency - Add systemd user unit templates and install-smart-ide-gateway-systemd-user.sh (SSO After/Requires global API) - Update docs and VERSION 0.0.3
1.8 KiB
1.8 KiB
smart-ide-sso-gateway
HTTP gateway that validates user access tokens from the docv / Enso OIDC issuer, then forwards requests to smart-ide-global-api, which proxies to internal smart_ide micro-services using each service’s technical credentials (Bearer or X-API-Key).
Responsibilities
- Verify
Authorization: Bearer <access_token>with JWKS (OIDC_ISSUER, optionalOIDC_AUDIENCE, optionalOIDC_JWKS_URI). - Expose
GET /healthwithout auth. - Expose
GET /v1/token/verifyandGET /v1/upstreamswith user Bearer (upstream keys from@4nk/smart-ide-upstreams). - Proxy
ANY /proxy/<upstream_key>/<path>to smart-ide-global-api (GLOBAL_API_URL,GLOBAL_API_INTERNAL_TOKEN), which relays to the target service and adds upstream auth plusX-OIDC-Sub/X-OIDC-Emailwhen present in the JWT.
Structured request logs (except GET /health and OPTIONS) are appended to .logs/sso-gateway/access.log under the monorepo root.
User accounts, project membership, and product databases stay in each application’s backend (docv, Enso, etc.); this gateway does not store them.
Run
Start smart-ide-global-api first, then:
cd services/smart-ide-sso-gateway
cp .env.example .env # edit OIDC_ISSUER, GLOBAL_API_INTERNAL_TOKEN (match global API)
set -a && source .env && set +a
npm ci
npm run build
npm start
Default listen: http://127.0.0.1:37148.
Micro-service URLs and tokens are configured on smart-ide-global-api (services/smart-ide-global-api/.env.example or aggregated config/services.local.env).
Documentation
- Feature:
docs/features/sso-gateway-service.md - API:
docs/API/sso-gateway-api.md - Global API:
docs/API/global-api.md