phase 1 core platform

Milestone 1.1.4: Token Creation and Management API — complete.

Milestone 1.1.4: Token Creation and Management API

Status: Complete
Goal: 1.1 Persistence and auth data plane
Phase: 1 — Core Platform

Summary

Expose gRPC CreateToken, RevokeToken, and ListTokens on the auth service with ADR-0007 PAT wire format, Argon2id storage, caller bearer authz via metadata, and integration tests over the real creation path.

Branch

feature/m1-1-4-token-creation

PR title

feat(auth): token creation and management (m1.1.4)

Estimated effort

5–6 days

Prerequisites

Tasks

  • Extend ibex.auth.v1 proto with CreateToken, RevokeToken, ListTokens + messages
  • GeneratePAT() in services/auth/internal/token (ADR-0007: ibex_pat_<uuid>_<secret>, 32-byte crypto/rand secret)
  • Reuse HashBearer / VerifyBearer; repository never accepts plaintext
  • TokenService + repository create/revoke/list
  • gRPC handlers with authorization: Bearer metadata interceptor (TokenCreate / TokenRevoke)
  • Audit logs token_created / token_revoked (prefix only; never plaintext/hash)
  • Metrics: ibex_auth_token_created_total, ibex_auth_token_revoked_total, ibex_auth_list_tokens_total
  • Integration: bootstrap admin → create → validate → revoke → unauthenticated
  • Cross-tenant revoke returns NotFound
  • testutil.SeedBootstrapAdminToken for bootstrap; management tests use real gRPC
  • Amend ADR-0006; update SECURITY, API docs, auth README
  • Bloom filter invalidation deferred to Phase 2 optional 2.2.1-auth-cache-bloom
  • REST deferred (gRPC-only v1)

Files affected

PathAction
packages/proto/proto/ibex/auth/v1/auth.protoExtend
packages/proto/auth_contract_test.goUpdate
services/auth/internal/token/generator.goAdd
services/auth/internal/repository/tokens.goExtend
services/auth/internal/service/token_service.goAdd
services/auth/internal/grpc/authz.go, server.goAdd / extend
services/auth/cmd/auth/main.goWire interceptor + service
infra/testing/testutil/bootstrap.goAdd
services/auth/token_management_integration_test.goAdd
docs/adr/ADR-0006-auth-proto-contract.mdAmend

Testing requirements

  • Unit: PAT generation, parse round-trip, proto contract
  • Integration: create → validate → revoke; cross-tenant revoke
  • CI: existing auth-validate-smoke runs all //go:build integration auth tests

Definition of done

  • CreateToken returns plaintext once; not retrievable afterward
  • RevokeToken causes ValidateToken to fail closed
  • No plaintext in structured audit logs
  • Caller without TokenCreate cannot create/list for another org
  • go test ./services/auth/... and integration tag pass in CI

Risks

RiskMitigation
Bootstrap token in testsSQL-only SeedBootstrapAdminToken; documented
Proto breaking changeContract tests + buf breaking in CI
← Back to roadmap overview
Edit on GitHub

Last updated on

Previous1.1.3 Auth TokenNext1.1.5 Permission Bitmap

On this page

0%