The endpoints for the mail integration are added here.
The ThirdPartyIntegrationKeys class in admin.lib.keys is intended to be
used on both the sending and receiving part of communications.
Implementations in other languages should closely follow its design, so
we are sure communication happens as it is expected.
Broadly speaking:
- Each party receives a name (DD is always "DD") that is well-known to
all communicating parties
- Each party sets up an endpoint sharing their public key in JWK format
See: https://datatracker.ietf.org/doc/html/rfc7517
And the many JWK implementations around. This class uses python-jose's
- In a key_store folder, the remote party's public key will be cached
and the local private key will be generated and saved
- Any data exchanged between the two parties must:
- Be first encrypted with the remote party's public key
See: https://datatracker.ietf.org/doc/html/rfc7516
- Then signed with the local party's private key, by adding its
payload to a 'data' claim.
See: https://datatracker.ietf.org/doc/html/rfc7515
- Have an Authorization header with a signed JWT containing the local
party's name as the 'kid' header.
This aids the remote party in deciding which key needs to be used.
This is all relative to the dd-sso/admin directory.
With https://pipenv.pypa.io/en/latest/ it is simple to setup a
development environment (pipenv install --dev).
By running:
echo "PYTHONPATH=$(pwd)/src" > .env
The admin module will be loaded in the virtualenvironment and e.g.
running mypy src/admin will throw different errors in the existing code.
Evilham