Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature]: Implement simple Entra ID service principal-based OIDC auth #10212

Open
5 tasks
joelverhagen opened this issue Oct 9, 2024 · 0 comments
Open
5 tasks
Assignees
Labels
feature-request Customer feature request Triaged

Comments

@joelverhagen
Copy link
Member

joelverhagen commented Oct 9, 2024

Related Problem

This is a baby step towards #9332.

Let's make NuGet.org able to accept a very specific kind of tokens, for specific (opted in) users.

At the end of this work, specific users in a flight (user-specific feature flag) will be able to request an Entra ID token for https://www.nuget.org, send it to a new token trade endpoint, and receive a short-lived API key.

They will be able to perform push, unlist, and relist with this short-lived API key.

Pieces of work:

  • Enable nuget.org as an identified resource URL (https://www.nuget.org).
  • New DB schema for federated credential trust policies
  • Code to validate Entra ID OIDC tokens
  • New token endpoint to trade a OIDC token for a short lived API key
  • New admin panel to add trust policy for another user

The Elevator Pitch

We can enable a OIDC auth for internal dogfooding first (via Entra ID SP) allowing us to lay bunch common groundwork for 1P and 3P (GitHub Actions) scenarios.

Additional Context and Details

No response

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature-request Customer feature request Triaged
Projects
None yet
Development

No branches or pull requests

3 participants