Nicolas Cantu
68cb5737c5
- New service smart-ide-sso-gateway (port 37148): JWKS verify, /health, /v1/token/verify, /v1/upstreams, /proxy/<key>/... - CORS on JSON responses when SSO_CORS_ORIGIN is set; optional empty bearer for langextract upstream - Docs: feature, API, repo index; wire sso-docv-enso and services scope - Extend config/services.local.env.example with OIDC and gateway vars
smart-ide-sso-gateway
HTTP gateway that validates user access tokens from the docv / Enso OIDC issuer, then proxies requests to internal smart_ide micro-services using each service’s technical credentials (Bearer or X-API-Key).
Responsibilities
- Verify
Authorization: Bearer <access_token>with JWKS (OIDC_ISSUER, optionalOIDC_AUDIENCE, optionalOIDC_JWKS_URI). - Expose
GET /healthwithout auth. - Expose
GET /v1/token/verifyandGET /v1/upstreamswith user Bearer. - Proxy
ANY /proxy/<upstream_key>/<path>to the configured upstream, replacing the user token with the service token and addingX-OIDC-Sub/X-OIDC-Emailwhen present in the JWT.
Run
cd services/smart-ide-sso-gateway
cp .env.example .env # edit OIDC_ISSUER and service tokens
set -a && source .env && set +a
npm ci
npm run build
npm start
Default listen: http://127.0.0.1:37148.
Upstream URLs and tokens reuse the same environment variables as the rest of the monorepo (ORCHESTRATOR_*, TOOLS_BRIDGE_*, LOCAL_OFFICE_URL / LOCAL_OFFICE_API_KEY, etc.). See src/upstreams.ts.