From 07a1dbd28f6e758d36b54b44957ca132fd21793f Mon Sep 17 00:00:00 2001 From: Elizabeth Healy <35498075+elizabethhealy@users.noreply.github.com> Date: Fri, 22 Nov 2024 12:30:34 -0500 Subject: [PATCH 1/2] fix(core): Set token endpoint manually if client creds provided in server sdk_config (#1780) ### Proposed Changes We run the server sdk in IPC mode so it does not reach out to well-known on instantiation because well-known isnt running yet. This means the token endpoint is never set. So if a service using the server sdk wanted to do a decrypt for example (a request that needs an auth token) they would get an error. This will manually set the token endpoint on instantiation using the issuer provided in the yaml config. ### Checklist - [ ] I have added or updated unit tests - [ ] I have added or updated integration tests (if appropriate) - [ ] I have added or updated documentation ### Testing Instructions --- service/pkg/server/start.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/service/pkg/server/start.go b/service/pkg/server/start.go index 1e86a91f8..4b3a4ae6c 100644 --- a/service/pkg/server/start.go +++ b/service/pkg/server/start.go @@ -10,6 +10,7 @@ import ( "syscall" "github.com/opentdf/platform/sdk" + "github.com/opentdf/platform/service/internal/auth" "github.com/opentdf/platform/service/internal/config" "github.com/opentdf/platform/service/internal/server" "github.com/opentdf/platform/service/logger" @@ -164,6 +165,14 @@ func Start(f ...StartOptions) error { // If client credentials are provided, use them if cfg.SDKConfig.ClientID != "" && cfg.SDKConfig.ClientSecret != "" { sdkOptions = append(sdkOptions, sdk.WithClientCredentials(cfg.SDKConfig.ClientID, cfg.SDKConfig.ClientSecret, nil)) + + oidcconfig, err := auth.DiscoverOIDCConfiguration(ctx, cfg.Server.Auth.Issuer, logger) + if err != nil { + return fmt.Errorf("could not retrieve oidc configuration: %w", err) + } + + // provide token endpoint -- sdk cannot discover it since well-known service isnt running yet + sdkOptions = append(sdkOptions, sdk.WithTokenEndpoint(oidcconfig.TokenEndpoint)) } // If the mode is all, use IPC for the SDK client From 98c5899de25e5766cea8132e57eb95ed6ae629ee Mon Sep 17 00:00:00 2001 From: Elizabeth Healy <35498075+elizabethhealy@users.noreply.github.com> Date: Fri, 22 Nov 2024 15:35:21 -0500 Subject: [PATCH 2/2] fix(sdk): Dont require mimetype in manifest schema (#1777) ### Proposed Changes * mimetype is not required by the spec, dont require it in the manifest schema ### Checklist - [ ] I have added or updated unit tests - [ ] I have added or updated integration tests (if appropriate) - [ ] I have added or updated documentation ### Testing Instructions --- sdk/schema/manifest.schema.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/schema/manifest.schema.json b/sdk/schema/manifest.schema.json index 557862409..dfb920d38 100644 --- a/sdk/schema/manifest.schema.json +++ b/sdk/schema/manifest.schema.json @@ -33,7 +33,7 @@ "type": "string" } }, - "required": ["type", "url", "protocol", "isEncrypted","mimeType"] + "required": ["type", "url", "protocol", "isEncrypted"] }, "encryptionInformation": { "type": "object",