c19ff6cd8d
The endpoints for the mail integration are added here. The ThirdPartyIntegrationKeys class in admin.lib.keys is intended to be used on both the sending and receiving part of communications. Implementations in other languages should closely follow its design, so we are sure communication happens as it is expected. Broadly speaking: - Each party receives a name (DD is always "DD") that is well-known to all communicating parties - Each party sets up an endpoint sharing their public key in JWK format See: https://datatracker.ietf.org/doc/html/rfc7517 And the many JWK implementations around. This class uses python-jose's - In a key_store folder, the remote party's public key will be cached and the local private key will be generated and saved - Any data exchanged between the two parties must: - Be first encrypted with the remote party's public key See: https://datatracker.ietf.org/doc/html/rfc7516 - Then signed with the local party's private key, by adding its payload to a 'data' claim. See: https://datatracker.ietf.org/doc/html/rfc7515 - Have an Authorization header with a signed JWT containing the local party's name as the 'kid' header. This aids the remote party in deciding which key needs to be used. |
||
---|---|---|
.. | ||
admin | ||
docker | ||
docker-compose-parts | ||
init/keycloak | ||
.gitignore | ||
.isort.cfg |