Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possiblity to secure the callbackendpoint used for jobRegistration in IRS #740

Open
ds-mwesener opened this issue Jun 28, 2024 · 0 comments
Open

Possiblity to secure the callbackendpoint used for jobRegistration in IRS #740

ds-mwesener opened this issue Jun 28, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@ds-mwesener
Copy link
Contributor

As a developer,
I want to secure the /irs/job/callback endpoint,
so that the IRS system can validate that the requests to this endpoint are authenticated and acceptable.

Hints / Details

  • Currently, in IRS, there is no mechanism for authentication for the /irs/job/callback endpoint.
  • It would be beneficial to work with a key within the jobRegistration.
  • This key could be transferred to the /irs/job/callback address and validated to ensure that the request is acceptable.

Acceptance Criteria

  • A key mechanism is implemented within the jobRegistration.
  • The key is transferred securely to the /irs/job/callback endpoint.
  • The /irs/job/callback endpoint validates the key to ensure that the request is acceptable.
  • Only authenticated requests are processed by the /irs/job/callback endpoint.

Out of Scope

  • Changes to other endpoints not related to /irs/job/callback.
  • Implementation of additional authentication mechanisms outside the key-based validation.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
IRS
Status: inbox
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mkanal @ds-mwesener