Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[OIDC 4] Add method to create a short-lived API key (minimal) #10267

Merged
merged 3 commits into from
Nov 22, 2024
Merged

[OIDC 4] Add method to create a short-lived API key (minimal) #10267

merged 3 commits into from
Nov 22, 2024

Conversation

joelverhagen
Copy link
Member

Progress on #10212.
Depends on #10262.

This adds a new method to CredentialBuilder which creates a short-lived API key given a federated credential trust policy.

This method has a TODO in it linking to the OIDC work item because the exact shape of the short lived API key is still in discussion. The created credential is not yet associated with a user (the created by user account) because this is the responsibility of IAuthenticationService.AddCredential:

NuGetGallery/src/NuGetGallery.Services/Authentication/AuthenticationService.cs

Lines 629 to 641 in 0ec9961

public virtual async Task AddCredential(User user, Credential credential)
{
if (user is Organization)
{
throw new InvalidOperationException(ServicesStrings.OrganizationsCannotCreateCredentials);
}
user.Credentials.Add(credential);
await Entities.SaveChangesAsync();
await Auditing.SaveAuditRecordAsync(new UserAuditRecord(user, AuditedUserAction.AddCredential, credential));
_telemetryService.TrackNewCredentialCreated(user, credential);
}

This will be called in a future PR while executing the token trade endpoint.

This stub allows me to perform the token trade flow with a current V4 API key, without any of the improvements we will need (such as hiding this API keys from the API key page, not sending API key expiration messages, etc.).

@joelverhagen
Add method to create a short lived API key
830c4c4 
This is a stub implementation until we have finalized the new API key design.
@joelverhagen joelverhagen requested a review from a team as a code owner November 15, 2024 17:10
@joelverhagen joelverhagen mentioned this pull request Nov 15, 2024
Merged
@joelverhagen joelverhagen changed the title [OIDC 4] Add method to create a short-lived API key [OIDC 4] Add method to create a short-lived API key (minimal) Nov 19, 2024
zhhyu
zhhyu previously approved these changes Nov 21, 2024
View reviewed changes
@joelverhagen joelverhagen merged commit d84cb2c into dev Nov 22, 2024
2 checks passed
@joelverhagen joelverhagen deleted the jver-oidc-ship branch November 22, 2024 00:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@agr agr agr left review comments

@zhhyu zhhyu zhhyu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@joelverhagen @agr @zhhyu