Commit Graph

2 Commits (05197ed70dc15a197b4c215ee61a4e3102ce0b11)

Author SHA1 Message Date
Evilham c19ff6cd8d
[sso-admin] Add third-party integrations
The endpoints for the mail integration are added here.

The ThirdPartyIntegrationKeys class in admin.lib.keys is intended to be
used on both the sending and receiving part of communications.

Implementations in other languages should closely follow its design, so
we are sure communication happens as it is expected.

Broadly speaking:

- Each party receives a name (DD is always "DD") that is well-known to
  all communicating parties
- Each party sets up an endpoint sharing their public key in JWK format
  See: https://datatracker.ietf.org/doc/html/rfc7517
  And the many JWK implementations around. This class uses python-jose's
- In a key_store folder, the remote party's public key will be cached
  and the local private key will be generated and saved
- Any data exchanged between the two parties must:
  - Be first encrypted with the remote party's public key
    See: https://datatracker.ietf.org/doc/html/rfc7516
  - Then signed with the local party's private key, by adding its
    payload to a 'data' claim.
    See: https://datatracker.ietf.org/doc/html/rfc7515
  - Have an Authorization header with a signed JWT containing the local
    party's name as the 'kid' header.
    This aids the remote party in deciding which key needs to be used.
2022-07-31 12:18:13 +02:00
Evilham e98323913d
[sso-admin] Add base for QA checks
This is all relative to the dd-sso/admin directory.

With https://pipenv.pypa.io/en/latest/ it is simple to setup a
development environment (pipenv install --dev).

By running:

    echo "PYTHONPATH=$(pwd)/src" > .env

The admin module will be loaded in the virtualenvironment and e.g.
running mypy src/admin will throw different errors in the existing code.
2022-07-29 13:10:33 +02:00