search

massenz / jwt-opa

Spring Boot (reactive) Integration with Open Policy Agent (OPA)
Apache License 2.0
29 stars 11 forks source link

Add audit logs #10

Open mmassenzio opened 2 years ago

mmassenzio commented 2 years ago

There should be a boolean configuration option (something like logging.audits.enabled). When enabled, each request should be logged with sufficient detail so that requests, users, and outcomes can be logged and stored for future audits.

At a minimum, we should log (in JSON format) the request body sent to OPA, the policy endpoint being queried, and the outcome (result) from the OPA server.

The JWT API token should be "unwrapped" to report (at a minimum) the user making the request, their roles and the token expiration date.

massenz commented 2 years ago

Will need to figure out whether Spring Security already supports this natively, and/or there are already available open source components who facilitate it. At some point, this should also have an integration with AWS CloudWatch and S3 Cold Storage.