Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature]: Implement simple Entra ID service principal-based OIDC auth #10212

Open
5 tasks
joelverhagen opened this issue Oct 9, 2024 · 0 comments
Open
5 tasks

[Feature]: Implement simple Entra ID service principal-based OIDC auth #10212

joelverhagen opened this issue Oct 9, 2024 · 0 comments
Assignees
@joelverhagen
Labels
feature-request Customer feature request
Milestone
Sprint 2024-10

Comments

@joelverhagen
Copy link
Member

joelverhagen commented Oct 9, 2024
edited
Loading

Related Problem

This is a baby step towards #9332.

Let's make NuGet.org able to accept a very specific kind of tokens, for specific (opted in) users.

At the end of this work, specific users in a flight (user-specific feature flag) will be able to request an Entra ID token for https://www.nuget.org, send it to a new token trade endpoint, and receive a short-lived API key.

They will be able to perform push, unlist, and relist with this short-lived API key.

Pieces of work:

  • Enable nuget.org as an identified resource URL (https://www.nuget.org).
  • New DB schema for federated credential trust policies
  • Code to validate Entra ID OIDC tokens
  • New token endpoint to trade a OIDC token for a short lived API key
  • New admin panel to add trust policy for another user

The Elevator Pitch

We can enable a OIDC auth for internal dogfooding first (via Entra ID SP) allowing us to lay bunch common groundwork for 1P and 3P (GitHub Actions) scenarios.

Additional Context and Details

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@joelverhagen joelverhagen

Labels
feature-request Customer feature request
Projects
None yet
Milestone
Sprint 2024-10
Development

No branches or pull requests
1 participant
@joelverhagen