Closed landonpierce closed 2 years ago
This PR replaces mTLS Certificate authentication with API key authentication in the permissions API and updates all of it's consumers to allow for that. Resolves issue #196 .
Changes made:
Added middleware in permissions API to check for and validate the presence of an API key on the
x-api-key
headerReconfigured the HTTP Client in the Admin API to add the Permissions API key to the header of every request sent to it and remove the configuration of the client certificate
Updated the B2C XML policies to load in the API key from the policy keys and send it on the
x-api-key
header when making requests to the Permissions APIUpdated the B2C-Create powershell script to:
Generate a new API key
Generate a new API Key policy key container
No longer generate a self signed certificate and upload it to a policy key container
Output the new API key values into the parameters.json
Updated and regenerated the Bicep IaC scripts to:
Turn off requiring a certificate on the Permissions API app service
Add a new key vault secret for the Permissions API Key in both the identity and main application key vaults
No longer create secrets for the certificate thumbprint and value'
Updated all documentation to remove the reference of a self signed certificate and added in documentation explaining the use of an API key.
Also (not related to issue #196):
- Updated build scripts to tag the latest container upon a new version tag being pushed
This PR replaces mTLS Certificate authentication with API key authentication in the permissions API and updates all of it's consumers to allow for that. Resolves issue #196 . Changes made:
x-api-key
headerx-api-key
header when making requests to the Permissions APIAlso (not related to issue #196):