Add JWT backed implementation of influxdb.Authorizer #14971

GeorgeMac · 2019-09-05T17:24:43Z

Implement a JWT backed authorizer: https://github.com/influxdata/influxdb/blob/master/authz.go#L19

This authorizer should be serializable as a JWT token to be used in communication with gateway. Much like how session works https://github.com/influxdata/influxdb/blob/master/session.go#L35.

Howevever, the token will contain a set of allowed permissions rather than describing the identity of author or owner.

Example scaffold:

package jwt

import platform "github.com/influxdata/influxdb"

var _ platform.Authorizer = (*Authorization)(nil)

type Authorization struct{
    Permissions []platform.Permission
}

func FromToken(token, secret string) (*Authorization, error) {
  // return deserialized authorization or JWT validation error
}

func (a *Authorization) ToToken(secret string) (string, error) {
  // serialize as JWT token string
}

// other required Authorizer methods

Success Criteria

We can start work on adding support for this type of token in gateway.

GeorgeMac added area/auth team/compute labels Sep 5, 2019

GeorgeMac self-assigned this Sep 10, 2019

GeorgeMac mentioned this issue Sep 16, 2019

feat(auth): add new jsonweb package #15151

Merged

7 tasks

GeorgeMac closed this as completed in #15151 Sep 19, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add JWT backed implementation of influxdb.Authorizer #14971

Add JWT backed implementation of influxdb.Authorizer #14971

GeorgeMac commented Sep 5, 2019

Add JWT backed implementation of influxdb.Authorizer #14971

Add JWT backed implementation of influxdb.Authorizer #14971

Comments

GeorgeMac commented Sep 5, 2019

Success Criteria