Challenge Overview
Previously, in Topcoder - Support JWT Token Verification Using RS256 Algorithm In Core API, we have implemented the way to handle new RS256 auth0 token.
But since the access token is short-lived, we need to have a way to update the auth0 token, so we can still compatiable with existing usage, like https://github.com/appirio-tech/direct-app/blob/dev/src/java/main/com/topcoder/direct/services/view/util/JwtTokenUpdater.java
The general approach for refreshing token can be referenced by https://auth0.com/docs/tokens/refresh-token/current
For this challenge, we'd like to update the Identity Service to support refershing the new JWT Token using RS256 algorithm, but still compatible with all previous approaches.
Following are the general expectation.
GET /authorizations
1. The will be the callback for auth0
2. It will execute the Authorization Code Grant Flow (https://auth0.com/docs/api-auth/tutorials/authorization-code-grant) to retreive the access token, refresh token etc.
3. Use the Redis to cache these data, so later we can use to find the refresh token.
POST /authorizations
1. This needs to be updated
2. When the token is passed in externalToken field, it will first try to get the refresh token from cache, if not found, return properly error.
3. If the refresh token is found, commnicate with auth0 for the new tokens, update the cache, and response to caller.
4. Update / Add unit tests to work with the changes.
5. Update swagger.yaml to reflect the changes if needed, ideally, the endpoint should not be changed, if it is needed, please raise it in forum.
6. Please build and install tech.core.api package first, then update the pom.xml to use the new 4.1.0 version of CORE API.
7. For manual testing, you can login our dev environment (https://connect-auth0.topcoder-dev.com/) to get the new JWT Token in the v3jwt cookie. the auth0 issuer is https://topcoder-newauth.auth0.com/, we will use this for local development, the client_id and client_secret info will be provided in forum
Local Setup
The code that you need to update is in the folder tech.core/tech.core.service.identity, you should check the README in the tech.core/tech.core.service.identity/docker to see how to deploy and test the service code locally.
Test
Unit tests are required for the new changes. Existing unit tests must also be updated to make sure they still work.
Code
Your code must be well documented.
But since the access token is short-lived, we need to have a way to update the auth0 token, so we can still compatiable with existing usage, like https://github.com/appirio-tech/direct-app/blob/dev/src/java/main/com/topcoder/direct/services/view/util/JwtTokenUpdater.java
The general approach for refreshing token can be referenced by https://auth0.com/docs/tokens/refresh-token/current
For this challenge, we'd like to update the Identity Service to support refershing the new JWT Token using RS256 algorithm, but still compatible with all previous approaches.
Following are the general expectation.
GET /authorizations
1. The will be the callback for auth0
2. It will execute the Authorization Code Grant Flow (https://auth0.com/docs/api-auth/tutorials/authorization-code-grant) to retreive the access token, refresh token etc.
3. Use the Redis to cache these data, so later we can use to find the refresh token.
POST /authorizations
1. This needs to be updated
2. When the token is passed in externalToken field, it will first try to get the refresh token from cache, if not found, return properly error.
3. If the refresh token is found, commnicate with auth0 for the new tokens, update the cache, and response to caller.
4. Update / Add unit tests to work with the changes.
5. Update swagger.yaml to reflect the changes if needed, ideally, the endpoint should not be changed, if it is needed, please raise it in forum.
6. Please build and install tech.core.api package first, then update the pom.xml to use the new 4.1.0 version of CORE API.
7. For manual testing, you can login our dev environment (https://connect-auth0.topcoder-dev.com/) to get the new JWT Token in the v3jwt cookie. the auth0 issuer is https://topcoder-newauth.auth0.com/, we will use this for local development, the client_id and client_secret info will be provided in forum
Local Setup
The code that you need to update is in the folder tech.core/tech.core.service.identity, you should check the README in the tech.core/tech.core.service.identity/docker to see how to deploy and test the service code locally.
Test
Unit tests are required for the new changes. Existing unit tests must also be updated to make sure they still work.
Code
Your code must be well documented.
Final Submission Guidelines
Submission
- Updated code that covers all the requirements.
- A detailed deployment / verification guide explaining how to run and test your submission with some meaningful data.
- The winner will be asked to send a pull request to our repo.