apache / incubator-kie-kogito-images

Images for Kogito
http://kogito.kie.org
Apache License 2.0
23 stars 80 forks source link

Add smallrye-jwt and smallrye-jwt-build to existing services #1761

Open jletberg opened 7 months ago

jletberg commented 7 months ago

[Feature request] It is possible to make smallrye-jwt and smallrye-jwt-build extensions available out of the box for existing Kogito Services (such as data-index, jobs-service, etc.)?

ricardozanini commented 6 months ago

Hi! Can you give some context? What's the use case?

jletberg commented 6 months ago

Hi! The context is that I run Kogito in AWS cloud (using EKS) and looking for a way to get rid of the Keycloak completely. As a Keycloak alternative, I have an existing authentication solution with Azure AD, which enables getting a cookie with JWT in the web browser. But I need the Kogito to decode that JWT, so I can implement the authorization properly to ensure the user can see only what he is meant to see (according to the groups). It is easy with the custom Kogito service as the source code is in my hands. However, access to the Kogito platform services won't work unless they can read the same JWT and treat a user as authenticated (which is not the case, as JWT support is not there by default).

ricardozanini commented 6 months ago

Have you considered using the images as base for your custom one? But I believe we can add an ARG in these images to accept adding external dependencies with ease. So that you can build your own Containerfile using these services as bases. WDYT?

jletberg commented 6 months ago

Extending the Kogito images was one of the options I identified as a workaround - I'll continue investigating this approach. But adding an ARG will be a great improvement! Please do that.

BR, Juri

ricardozanini commented 6 months ago

@jletberg feel free to send a PR!