Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Extensions] Issue access token on behalf of user stored in scheduled job identity index #2603

Open
Tracked by #2528
cwperks opened this issue Mar 29, 2023 · 1 comment
Open
Tracked by #2528

[Extensions] Issue access token on behalf of user stored in scheduled job identity index #2603

cwperks opened this issue Mar 29, 2023 · 1 comment
Labels
triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.

Comments

@cwperks
Copy link
Member

cwperks commented Mar 29, 2023
edited
Loading

For scheduled jobs, there needs to be a secure mechanism for Job Scheduler to issue new access tokens on behalf of the user associated with a job to provide to a job runner. In the current plugin architecture, plugins persist the user's roles roles at time of creation in the job details index associated with the plugin and then inject them into the ThreadContext when the job executes to evaluate privileges. For extensions, this model is being changed in favor of stored user info associated with a job in a single secure index.

Job Scheduler can use then identity system to request a new access token on behalf of a user associated with a scheduled job stored in the scheduled job identity index.
@github-actions github-actions bot added the untriaged Require the attention of the repository maintainers and may need to be prioritized label Mar 29, 2023
@cwperks cwperks changed the title Create secure mechanism for vending access tokens to user absent of the user present for job scheduler [Extensions] Create secure mechanism for vending access tokens to user absent of the user present for job scheduler Mar 31, 2023
@cwperks cwperks mentioned this issue Mar 31, 2023
Open
8 tasks
@cwperks cwperks changed the title [Extensions] Create secure mechanism for vending access tokens to user absent of the user present for job scheduler [Extensions] Vend new access token provided a refresh token Mar 31, 2023
@stephen-crawford stephen-crawford added triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable. and removed untriaged Require the attention of the repository maintainers and may need to be prioritized labels Apr 3, 2023
@stephen-crawford
Copy link
Contributor

[Triage] This is part of the Extensions project.

@cwperks cwperks changed the title [Extensions] Vend new access token provided a refresh token [Extensions] Issue access token on behalf of user stored in scheduled job identity index May 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.
Projects
Security for Extensions
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cwperks @stephen-crawford