4nk/smart_ide
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
smart_ide/services/smart-ide-sso-gateway/README.md
Nicolas Cantu 940cf59178 Share upstream definitions in @4nk/smart-ide-upstreams, systemd user units 
- Add packages/smart-ide-upstreams (versioned dist) for resolveUpstream + listUpstreamKeys
- Wire smart-ide-global-api and smart-ide-sso-gateway via file: dependency
- Add systemd user unit templates and install-smart-ide-gateway-systemd-user.sh (SSO After/Requires global API)
- Update docs and VERSION 0.0.3
2026-04-04 15:37:58 +02:00

38 lines
1.8 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# smart-ide-sso-gateway
HTTP gateway that validates **user** access tokens from the docv / Enso OIDC issuer, then forwards requests to **`smart-ide-global-api`**, which proxies to internal `smart_ide` micro-services using each services **technical** credentials (Bearer or `X-API-Key`).
## Responsibilities
- Verify `Authorization: Bearer <access_token>` with JWKS (`OIDC_ISSUER`, optional `OIDC_AUDIENCE`, optional `OIDC_JWKS_URI`).
- Expose `GET /health` without auth.
- Expose `GET /v1/token/verify` and `GET /v1/upstreams` with user Bearer (upstream keys from **`@4nk/smart-ide-upstreams`**).
- Proxy `ANY /proxy/<upstream_key>/<path>` to **smart-ide-global-api** (`GLOBAL_API_URL`, `GLOBAL_API_INTERNAL_TOKEN`), which relays to the target service and adds upstream auth plus `X-OIDC-Sub` / `X-OIDC-Email` when present in the JWT.
Structured request logs (except `GET /health` and `OPTIONS`) are appended to **`.logs/sso-gateway/access.log`** under the monorepo root.
User accounts, project membership, and product databases stay in **each applications backend** (docv, Enso, etc.); this gateway does not store them.
## Run
Start **smart-ide-global-api** first, then:
```bash
cd services/smart-ide-sso-gateway
cp .env.example .env # edit OIDC_ISSUER, GLOBAL_API_INTERNAL_TOKEN (match global API)
set -a && source .env && set +a
npm ci
npm run build
npm start
```
Default listen: `http://127.0.0.1:37148`.
Micro-service URLs and tokens are configured on **smart-ide-global-api** (`services/smart-ide-global-api/.env.example` or aggregated `config/services.local.env`).
## Documentation
- Feature: [`docs/features/sso-gateway-service.md`](../../docs/features/sso-gateway-service.md)
- API: [`docs/API/sso-gateway-api.md`](../../docs/API/sso-gateway-api.md)
- Global API: [`docs/API/global-api.md`](../../docs/API/global-api.md)
Reference in New Issue View Git Blame Copy Permalink