Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Setup environment variables for auth work non-locally #3133

Closed
1 task
chouinar opened this issue Dec 6, 2024 · 0 comments · Fixed by #3406
Closed
1 task

Setup environment variables for auth work non-locally #3133

chouinar opened this issue Dec 6, 2024 · 0 comments · Fixed by #3406
Assignees
@chouinar

Comments

@chouinar
Copy link
Collaborator

chouinar commented Dec 6, 2024
edited
Loading

Summary

There are a lot of env vars we need to set, some secret, some not, for the auth code to work non-locally.

Overall:

  • ENABLE_AUTH_ENDPOINT - false for now, will enable later

For interacting with login.gov

  • LOGIN_GOV_CLIENT_ID - urn:gov:gsa:openidconnect.profiles:sp:sso:hhs-{ENVIRONMENT}-simpler-grants-gov
  • LOGIN_GOV_ENDPOINT - will be https://idp.int.identitysandbox.gov/ in lower envs, and https://secure.login.gov/ in prod - The trailing slash is important
  • LOGIN_GOV_JWK_ENDPOINT - will be https://idp.int.identitysandbox.gov/api/openid_connect/certs in lower envs, and https://secure.login.gov/api/openid_connect/certs in prod
  • LOGIN_GOV_AUTH_ENDPOINT - will be https://idp.int.identitysandbox.gov/openid_connect/authorize in lower envs, and https://secure.login.gov/openid_connect/authorize in prod (unlike the other paths, /api is not in this one, not sure why).
  • LOGIN_GOV_TOKEN_ENDPOINT - will be https://idp.int.identitysandbox.gov/api/openid_connect/token in lower envs, and https://secure.login.gov/api/openid_connect/token in prod
  • LOGIN_FINAL_DESTINATION - TODO - will depend on frontend work, but differ by env
  • LOGIN_GOV_CLIENT_ASSERTION_PRIVATE_KEY - a private key we setup per environment

For the key/tokens that the API manages:

  • API_JWT_PRIVATE_KEY - an RSA256 private key (secret)
  • API_JWT_PUBLIC_KEY - an RSA256 public key (secret as well - we are currently the only user)
  • API_JWT_ISSUER - should be something like simpler-grants-api-{env}
  • API_JWT_AUDIENCE - should be something like simpler-grants-api-{env}

Acceptance criteria

  • All env vars and secrets set up for all 3 environments
@chouinar chouinar moved this from Icebox to Todo in Simpler.Grants.gov Product Backlog Dec 6, 2024
@mdragon mdragon mentioned this issue Dec 17, 2024
Closed
3 tasks
@chouinar chouinar self-assigned this Dec 20, 2024
chouinar added a commit that referenced this issue Jan 6, 2025
@chouinar
[Issue #3133] Add auth env vars for login.gov OAuth
82e5c88
@chouinar chouinar mentioned this issue Jan 6, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chouinar chouinar

Labels
None yet
Projects
Simpler.Grants.gov Product Backlog
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Issue #3133] Add auth env vars for login.gov OAuth HHS/simpler-grants-gov
1 participant
@chouinar