feat(auth): replace internal auth with JWT token service
- Replace InternalAuthService with TokenService using JWT tokens - Add support for token issuance, refresh, verification and revocation - Implement automatic signing key rotation with Redis storage - Add database migration checks for indexes and foreign key constraints - Update gRPC endpoints to use token-based authentication - Remove deprecated API key based authentication system - Add JSON Web Token support with HMAC-SHA256 signing - Implement refresh token handling with automatic rotation - Add token revocation by JTI and user ID - Update build configuration to include core proto files - Migrate database schema to handle token-based authentication - Add comprehensive token validation and verification logic
This commit is contained in:
zhenyi
@@ -1,26 +0,0 @@
|
||||
syntax = "proto3";
|
||||
|
||||
package appks.im.v1;
|
||||
|
||||
// Internal service-to-service authentication.
|
||||
// appks issues API keys (stored in Redis), remote services
|
||||
// carry the key in gRPC metadata "x-api-key", and call
|
||||
// Authenticate to verify identity.
|
||||
|
||||
message AuthenticateRequest {
|
||||
string api_key = 1;
|
||||
}
|
||||
|
||||
message AuthenticateResponse {
|
||||
bool authenticated = 1;
|
||||
string service_name = 2;
|
||||
string service_id = 3;
|
||||
repeated string scopes = 4;
|
||||
int64 expires_at = 5;
|
||||
}
|
||||
|
||||
service InternalAuthService {
|
||||
// Verify an API key and return the associated service identity.
|
||||
// Called by remote services to authenticate themselves.
|
||||
rpc Authenticate(AuthenticateRequest) returns (AuthenticateResponse);
|
||||
}
|
||||
Reference in New Issue
Block a user