Skip to content

Duo Workflow Service API endpoint for minting JWT

Background

  • Duo Workflow authentication plan: Diagram
  • AI Gateway UJWT minting process: Diagram

Objective

Implement an API endpoint in the Duo Workflow Service for issuing User JWT (UJWT), following the pattern established by the AI Gateway.

Requirements

  1. Create an API endpoint that returns a JWT.
  2. Authenticate the endpoint using an Instance JWT (IJWT).
    • GitLab.com will sign its own IJWT.
    • Self-Managed/Dedicated instances will load IJWT from the database.

Reference Implementation

The AI Gateway's similar endpoint is defined here.

Tasks

  1. Design the API endpoint structure.
  2. Implement IJWT authentication mechanism.
  3. Develop JWT minting logic (this should be handled by the Cloud Connector module, which is being developed)
  4. Ensure proper integration with GitLab.com and Self-Managed/Dedicated instances.
  5. Write unit and integration tests.
  6. Update documentation to reflect the new endpoint.

Related Issues

Edited by Jessie Young