m2m-oauth-server: Managing M2M OAuth Server Tokens

jkralik commented 1 month ago

Overview

This pull request introduces comprehensive functionalities for managing tokens in the M2M OAuth server, enhancing the server's ability to handle token creation, retrieval, blacklisting, and deletion.

Key Features

Token Creation:

Support for generating access tokens with specific claims (subject, audience, scopes, expiration time).
Crucial for secure authentication in machine-to-machine (M2M) interactions.

Token Retrieval:

Tokens can be retrieved based on various criteria: owner, token ID, and blacklisted status.
Facilitates efficient management and monitoring of issued tokens.

Token Blacklisting:

Ability to blacklist tokens, preventing further use.
Enhances security by identifying and managing compromised or obsolete tokens.

Token Deletion:

Automatic deletion of expired tokens from the store.
Maintains a clean and up-to-date token database, ensuring optimal performance and security.

Configuration Enhancements:

Updates to configuration structures for more flexible and secure management of OAuth clients and their configurations.

Protocol Buffers and gRPC:

Introduction of Protocol Buffers definitions and gRPC services for token management operations.
Facilitates efficient communication and integration with other services.
Definitions include messages for creating, retrieving, and blacklisting tokens, along with HTTP and OpenAPI annotations for RESTful API generation.

Documentation:

Detailed documentation in Markdown and HTML formats.
Describes the protocol, message types, and service methods.
Ensures developers can easily understand and integrate the new functionalities.

Web interface:

Users are able to manage their tokens.

Benefits

These enhancements make the M2M OAuth server more robust and secure, providing essential features for managing API access tokens in a machine-to-machine context.

coderabbitai[bot] commented 1 month ago

[!IMPORTANT]

Review skipped

More than 25% of the files skipped due to max files limit. The review is being skipped to prevent a low-quality review.

85 files out of 192 files are above the max files limit of 100. Please upgrade to Pro plan to get higher limits.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

The recent updates to the M2M OAuth server significantly enhance token management functionalities, including token creation, retrieval, blacklisting, and deletion. New features such as OpenID configuration support, additional constants for token management, and comprehensive gRPC service integration have been introduced. These improvements bolster security, streamline operations, and provide thorough documentation for easier implementation and scaling.

Changes

Files	Change Summary
`m2m-oauth-server/store/mongodb/tokens_test.go`	Added tests for token retrieval, blacklisting, and deletion in the MongoDB store.
`m2m-oauth-server/test/test.go`	Updated imports and configurations for OAuth clients from `service` to `oauthsigner`.
`m2m-oauth-server/uri/uri.go`	Introduced new constants for token management and API endpoints.
`pkg/security/jwt/validator/validator.go`	Added OpenID configuration handling with new types and functions.
`m2m-oauth-server/pb/token.go`	Included methods for token validation, conversion to/from maps, and handling blacklisted tokens.
`m2m-oauth-server/pb/service.proto`	Introduced Protocol Buffers definitions for token management operations in the M2M OAuth service.
`m2m-oauth-server/service/grpc/server.go`	Implemented gRPC service for managing M2M OAuth operations, enhancing token management capabilities.
`m2m-oauth-server/service/http/requestHandler.go`	Created a handler for managing incoming HTTP requests and integrating with gRPC services.
`pkg/mongodb/marshal.go`	Enhanced error handling in JSON data processing functions.
`pkg/mongodb/marshal_test.go`	Added tests for the new JSON conversion methods to validate their functionality.
`snippet-service/pb/appliedConfiguration.go`	Improved error handling in conversion methods for applied configurations.
`snippet-service/store/appliedConfiguration.go`	Enhanced error handling in the UnmarshalBSON function for better control flow.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant gRPC Server
    participant MongoDB
    participant OAuthSigner

    Client->>gRPC Server: CreateToken Request
    gRPC Server->>OAuthSigner: Validate Token Request
    OAuthSigner-->>gRPC Server: Validation Response
    gRPC Server->>MongoDB: Store Token
    MongoDB-->>gRPC Server: Storage Response
    gRPC Server-->>Client: CreateToken Response

    Client->>gRPC Server: GetTokens Request
    gRPC Server->>MongoDB: Retrieve Tokens
    MongoDB-->>gRPC Server: Tokens Data
    gRPC Server-->>Client: GetTokens Response

    Client->>gRPC Server: BlacklistTokens Request
    gRPC Server->>MongoDB: Update Token Status
    MongoDB-->>gRPC Server: Update Response
    gRPC Server-->>Client: BlacklistTokens Response

Poem

In the code's vast expanse, tokens now bloom,
Creation, retrieval, all in their room.
Blacklists keep the garden neat,
With gRPC, they swiftly meet.
🐇 In bytes and bits, the server's dance,
OAuth's secure, in each glance. 🌼

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

- [X](https://twitter.com/intent/tweet?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A&url=https%3A//coderabbit.ai) - [Mastodon](https://mastodon.social/share?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A%20https%3A%2F%2Fcoderabbit.ai) - [Reddit](https://www.reddit.com/submit?title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&text=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code.%20Check%20it%20out%3A%20https%3A//coderabbit.ai) - [LinkedIn](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fcoderabbit.ai&mini=true&title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&summary=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code)

Tips

### Chat There are 3 ways to chat with [CodeRabbit](https://coderabbit.ai): - Review comments: Directly reply to a review comment made by CodeRabbit. Example: - `I pushed a fix in commit .` - `Generate unit testing code for this file.` - `Open a follow-up GitHub issue for this discussion.` - Files and specific lines of code (under the "Files changed" tab): Tag `@coderabbitai` in a new review comment at the desired location with your query. Examples: - `@coderabbitai generate unit testing code for this file.` - `@coderabbitai modularize this function.` - PR comments: Tag `@coderabbitai` in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples: - `@coderabbitai generate interesting stats about this repository and render them as a table.` - `@coderabbitai show all the console.log statements in this repository.` - `@coderabbitai read src/utils.ts and generate unit testing code.` - `@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.` - `@coderabbitai help me debug CodeRabbit configuration file.` Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. ### CodeRabbit Commands (invoked as PR comments) - `@coderabbitai pause` to pause the reviews on a PR. - `@coderabbitai resume` to resume the paused reviews. - `@coderabbitai review` to trigger an incremental review. This is useful when automatic reviews are disabled for the repository. - `@coderabbitai full review` to do a full review from scratch and review all the files again. - `@coderabbitai summary` to regenerate the summary of the PR. - `@coderabbitai resolve` resolve all the CodeRabbit review comments. - `@coderabbitai configuration` to show the current CodeRabbit configuration for the repository. - `@coderabbitai help` to get help. Additionally, you can add `@coderabbitai ignore` anywhere in the PR description to prevent this PR from being reviewed. ### CodeRabbit Configuration File (`.coderabbit.yaml`) - You can programmatically configure CodeRabbit by adding a `.coderabbit.yaml` file to the root of your repository. - Please see the [configuration documentation](https://docs.coderabbit.ai/guides/configure-coderabbit) for more information. - If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: `# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json` ### Documentation and Community - Visit our [Documentation](https://coderabbit.ai/docs) for detailed information on how to use CodeRabbit. - Join our [Discord Community](https://discord.com/invite/GsXnASn26c) to get help, request features, and share feedback. - Follow us on [X/Twitter](https://twitter.com/coderabbitai) for updates and announcements.

jkralik commented 1 month ago

@coderabbitai generate a description for this pullrequest about the managing m2m-oauth-server tokens feature targeting to not plgd developers.

coderabbitai[bot] commented 1 month ago

@jkralik: Here is a description for the pull request about managing M2M OAuth server tokens, targeting non-plgd developers:

Managing M2M OAuth Server Tokens

This pull request introduces comprehensive functionalities for managing tokens in the M2M OAuth server, enhancing the server's ability to handle token creation, retrieval, blacklisting, and deletion. The key features are:

Token Creation:
- The server now supports generating access tokens with specific claims, such as subject, audience, scopes, and expiration time. This is crucial for secure authentication in machine-to-machine (M2M) interactions.
Token Retrieval:
- Tokens can be retrieved based on various criteria, including the owner, token ID, and blacklisted status. This functionality allows for efficient management and monitoring of issued tokens.
Token Blacklisting:
- Tokens can be blacklisted, preventing their further use. The server ensures that blacklisted tokens are correctly identified and managed, enhancing security by invalidating compromised or obsolete tokens.
Token Deletion:
- Expired tokens can be automatically deleted from the store, ensuring that the token database remains clean and up-to-date. This helps in maintaining optimal performance and security.
Configuration Enhancements:
- The pull request includes updates to the configuration structures, allowing for more flexible and secure management of OAuth clients and their configurations.
Protocol Buffers and gRPC:
- The introduction of Protocol Buffers definitions and gRPC services for token management operations facilitates efficient communication and integration with other services. These definitions include messages for creating, retrieving, and blacklisting tokens, along with HTTP and OpenAPI annotations for RESTful API generation.
Documentation:
- Detailed documentation in both Markdown and HTML formats is provided, describing the protocol, message types, and service methods. This documentation ensures that developers can easily understand and integrate the new functionalities.

These enhancements make the M2M OAuth server more robust and secure, providing essential features for managing API access tokens in a machine-to-machine context.

Actions performed

Comments resolved.