feat: token introspection, api clients and auth method private_key_jwt (#1276)

* introspect * testingapplication key * date * client keys * fix client keys * fix client keys * access tokens only for users * AuthMethodPrivateKeyJWT * client keys * set introspection info correctly * managae apis * update oidc pkg * cleanup * merge msater * set current sequence in migration * set current sequence in migration * set current sequence in migration * Apply suggestions from code review Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * DeleteAuthNKeysByObjectID * ensure authn keys uptodate * update oidc version * merge master * merge master Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
2025-10-19 06:32:23 +00:00 · 2021-02-17 15:31:47 +01:00
parent 39eb172804
commit 744185449e
64 changed files with 2275 additions and 836 deletions
--- a/migrations/cockroach/V1.30__auth_keys.sql
+++ b/migrations/cockroach/V1.30__auth_keys.sql
@@ -0,0 +1,92 @@
+CREATE TABLE auth.authn_keys
+(
+    key_id          TEXT,
+    object_id       TEXT,
+    object_type     SMALLINT,
+    auth_identifier TEXT,
+
+    key_type        SMALLINT,
+    sequence        BIGINT,
+    expiration_date TIMESTAMPTZ,
+    creation_date   TIMESTAMPTZ,
+    public_key      BYTES,
+    state           SMALLINT,
+
+    PRIMARY KEY (key_id, object_id, object_type, auth_identifier)
+);
+
+INSERT INTO auth.authn_keys (
+    key_id,
+    object_id,
+    object_type,
+    auth_identifier,
+    key_type,
+    sequence,
+    expiration_date,
+    creation_date,
+    public_key,
+    state
+    )
+    SELECT
+        id,
+        user_id,
+        0,
+        user_id,
+        machine_type,
+        sequence,
+        expiration_date,
+        creation_date,
+        public_key,
+        0
+    FROM auth.machine_keys;
+
+CREATE TABLE management.authn_keys
+(
+    key_id          TEXT,
+    object_id       TEXT,
+    object_type     SMALLINT,
+    auth_identifier TEXT,
+
+    key_type        SMALLINT,
+    sequence        BIGINT,
+    expiration_date TIMESTAMPTZ,
+    creation_date   TIMESTAMPTZ,
+    public_key      BYTES,
+    state           SMALLINT,
+
+    PRIMARY KEY (key_id, object_id, object_type, auth_identifier)
+);
+
+INSERT INTO management.authn_keys (
+    key_id,
+    object_id,
+    object_type,
+    auth_identifier,
+    key_type,
+    sequence,
+    expiration_date,
+    creation_date,
+    public_key,
+    state
+)
+SELECT
+    id,
+    user_id,
+    0,
+    user_id,
+    machine_type,
+    sequence,
+    expiration_date,
+    creation_date,
+    public_key,
+    0
+FROM management.machine_keys;
+
+INSERT INTO auth.current_sequences (view_name, event_timestamp, current_sequence, last_successful_spooler_run, aggregate_type)
+    SELECT 'auth.authn_keys', event_timestamp, current_sequence, last_successful_spooler_run, aggregate_type FROM auth.current_sequences WHERE view_name = 'auth.machine_keys';
+
+INSERT INTO management.current_sequences (view_name, event_timestamp, current_sequence, last_successful_spooler_run, aggregate_type)
+    SELECT 'management.authn_keys', event_timestamp, current_sequence, last_successful_spooler_run, aggregate_type FROM management.current_sequences WHERE view_name = 'management.machine_keys';
+
+ALTER TABLE auth.authn_keys OWNER TO admin;
+ALTER TABLE management.authn_keys OWNER TO admin;