Webhook public keys - Githubissues

reapit / foundations

Foundations platform mono repo

56 stars 22 forks source link

Webhook public keys #8682

Open jmsfwk opened 1 year ago

jmsfwk commented 1 year ago

Summary

How should I authenticate to get webhooks public keys?

Detail and or supporting links and screenshots

Calls to this endpoint must include the Authorization header containing a valid Bearer token. It is only possible to retrieve keys associated to the calling app when accessing the key programmatically.

For an application with user authentication when I receive a webhook I don't have any user context. What token should I use to get a public key?

Specification

Service: Reapit.Services.WebhooksProxy
Add endpoint to allow fetching of webhook public keys from internal webhook API (GET /signingKeys and GET /signingKeys/{id}) that proxies the request straight through to the internal service
Update documentation to define examples for fetching the public key data

AshDeeming commented 1 year ago

Hi @jmsfwk Please see details relating to tokens in the documentation below; https://foundations-documentation.reapit.cloud/api/reapit-connect#making-authenticated-requests

jmsfwk commented 1 year ago

Hi @AshDeeming

I know how to get tokens and make requests with them, but in a webhook handler I don't have any user available.

AshDeeming commented 1 year ago

Hi @jmsfwk Could you confirm the app name please?

jmsfwk commented 1 year ago

Hi @AshDeeming

The app ID is aa1dfc0b-2c9f-49c3-b5fd-d87dc4c97fb4 and the name is "iamproperty movebutler".

AshDeeming commented 1 year ago

Hi @jmsfwk The above mentioned app is a client side app & believe you may need a server side app; https://foundations-documentation.reapit.cloud/api/api-documentation#client-credentials-flow

jmsfwk commented 1 year ago

Hi @AshDeeming

So there's no way for a client side app to automatically fetch webhook signing keys?

plittlewood-rpt commented 1 year ago

Hi @jmsfwk not currently no. We can look at adding an endpoint to the resthooks API to allow you to access these keys. We've got a refinement session today so we'll discuss this then

github-actions[bot] commented 1 year ago

This issue has been updated and moved to our ‘Near Term’ column (typically completed within 0 - 4 months). We have assessed the effort required and outlined a technical specification - please take the time to review this detail. When we're ready to schedule the issue, it will be assigned to the relevant board where you can continue to track its progress to completion. For more information on our processes, please click here

HollyJoyPhillips commented 4 months ago

Internal ref: PBI-5694