Implement API Key Hashing And Verification #6

New Issue

Closed

opened 2026-04-26 15:22:28 -04:00 by dohertj2 · 2 comments

dohertj2 commented 2026-04-26 15:22:28 -04:00

Owner

Copy Link

Copy Source

Source: $file
Milestone: $currentMilestone

Labels: area:auth, type:feature, priority:p0

Deliverables:

• parse mxgw_<key-id>_<secret> format,
• HMAC-SHA256 with gateway-local pepper or accepted Argon2id dependency,
• constant-time hash comparison,
• key id/display name/scopes identity model.

Acceptance criteria:

• raw secrets are never stored,
• malformed keys fail unauthenticated,
• valid keys authenticate,
• revoked keys fail.

Tests:

• parse tests,
• hash verification,
• redaction,
• scope extraction.

Source: $file Milestone: $currentMilestone Labels: `area:auth`, `type:feature`, `priority:p0` Deliverables: - parse `mxgw_<key-id>_<secret>` format, - HMAC-SHA256 with gateway-local pepper or accepted Argon2id dependency, - constant-time hash comparison, - key id/display name/scopes identity model. Acceptance criteria: - raw secrets are never stored, - malformed keys fail unauthenticated, - valid keys authenticate, - revoked keys fail. Tests: - parse tests, - hash verification, - redaction, - scope extraction.

dohertj2 added this to the gateway-auth milestone 2026-04-26 15:22:28 -04:00

dohertj2 added the area:authtype:featurepriority:p0 labels 2026-04-26 15:22:28 -04:00

dohertj2 added a new dependency 2026-04-26 15:28:32 -04:00

#5 Implement SQLite Auth Store And Migrations

dohertj2 added a new dependency 2026-04-26 15:28:33 -04:00

#7 Implement Local API Key Admin CLI

dohertj2 added a new dependency 2026-04-26 15:28:33 -04:00

#8 Add gRPC Authentication And Scope Authorization

dohertj2 commented 2026-04-26 16:35:20 -04:00

Author

Owner

Copy Link

Copy Source

Worker 2 is taking this issue.

Branch: agent-2/issue-6-implement-api-key-hashing-and-verification
Worktree: C:\Users\dohertj2\Desktop\mxaccessgw-agent-2

Worker 2 is taking this issue. Branch: agent-2/issue-6-implement-api-key-hashing-and-verification Worktree: C:\Users\dohertj2\Desktop\mxaccessgw-agent-2

dohertj2 referenced this issue from a commit 2026-04-26 16:45:13 -04:00

Issue #6: implement api key hashing and verification

dohertj2 referenced a pull request that will close this issue 2026-04-26 16:45:25 -04:00

Issue #6: implement api key hashing and verification #59

dohertj2 closed this issue 2026-04-26 16:46:07 -04:00

dohertj2 referenced this issue from a commit 2026-04-26 16:46:08 -04:00

Merge PR #59: Issue #6 implement API key hashing and verification

dohertj2 commented 2026-04-26 16:46:36 -04:00

Author

Owner

Copy Link

Copy Source

Implemented and merged via PR #59: #59

Commit: 696be17
Merge commit on main: 3b3e41acf4
Branch: agent-2/issue-6-implement-api-key-hashing-and-verification

Verification:

• dotnet build src\MxGateway.sln passed with 0 warnings and 0 errors.
• dotnet test src\MxGateway.sln passed: 76 total tests.

Acceptance criteria verified: malformed keys fail, valid keys verify against stored hashes, revoked keys fail, redaction avoids leaking raw secrets, and scope extraction is covered by focused tests.

Implemented and merged via PR #59: https://gitea.dohertylan.com/dohertj2/mxaccessgw/pulls/59 Commit: 696be17 Merge commit on main: 3b3e41acf454eb5e81d353754409ce151a8e25a4 Branch: agent-2/issue-6-implement-api-key-hashing-and-verification Verification: - dotnet build src\\MxGateway.sln passed with 0 warnings and 0 errors. - dotnet test src\\MxGateway.sln passed: 76 total tests. Acceptance criteria verified: malformed keys fail, valid keys verify against stored hashes, revoked keys fail, redaction avoids leaking raw secrets, and scope extraction is covered by focused tests.

dohertj2 referenced this issue 2026-04-26 17:07:18 -04:00

Add gRPC Authentication And Scope Authorization #8

dohertj2 referenced this issue from a commit 2026-06-03 00:35:02 -04:00

feat(audit): MxGateway local producers (dashboard + constraint-denial) emit canonical AuditEvent with Target/CorrelationId (Task 2.3 #6)

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

docs/prose-audit

docs/xml-doc-comments

feat/adopt-zb-health

feat/adopt-zb-telemetry-serilog

feat/tls-cert-autogen

feat/lazy-browse-children

test/client-e2e-coverage

docs/alarm-client-wm-app-finding

codex/fix-runtime-review-findings

agent-2/issue-50-client-packaging-documentation

agent-1/issue-49-cross-language-smoke-test-matrix

agent-1/issue-48-implement-java-client-session-values-errors-and-cli

agent-2/issue-35-parity-fixture-matrix

agent-3/issue-46-implement-python-async-client-values-errors-and-cli

agent-1/issue-47-scaffold-java-gradle-build

agent-2/issue-44-implement-rust-client-session-values-errors-and-cli

agent-3/issue-45-scaffold-python-package

agent-1/issue-40-implement-dotnet-values-status-errors-and-cli

agent-3/issue-42-implement-go-client-session-values-errors-and-cli

agent-2/issue-34-worker-live-mxaccess-smoke-test

agent-3/issue-43-scaffold-rust-workspace

agent-1/issue-39-implement-dotnet-gatewayclient-and-session

agent-2/issue-33-implement-graceful-shutdown

agent-3/issue-41-scaffold-go-module

agent-1/issue-38-scaffold-dotnet-client-projects

agent-3/issue-32-implement-heartbeat-and-watchdog

agent-1/issue-37-create-cross-language-client-behavior-fixtures

agent-2/issue-29-implement-event-sink-and-event-queue

agent-1/issue-36-publish-stable-client-proto-generation-inputs

agent-2/issue-28-implement-advise-unadvise-advisesupervisory

agent-1/issue-16-implement-blazor-server-dashboard

agent-3/issue-19-gateway-e2e-smoke-with-fake-worker

agent-2/issue-27-implement-additem-additem2-removeitem

agent-3/issue-18-build-fake-worker-test-harness

agent-1/issue-17-implement-dashboard-authentication

agent-2/issue-26-implement-register-and-unregister

agent-3/issue-14-implement-event-streaming-and-backpressure

agent-1/issue-15-implement-dashboard-snapshot-service

agent-2/issue-25-implement-sta-command-dispatcher

agent-3/issue-13-implement-public-grpc-service

agent-2/issue-31-implement-mxstatus-proxy-and-hresult-conversion

agent-1/issue-24-create-mxaccess-com-object-on-sta

agent-3/issue-12-implement-session-manager-and-registry

agent-2/issue-30-implement-value-conversion

agent-1/issue-23-implement-sta-runtime-and-message-pump

agent-2/issue-22-implement-pipe-client-and-frame-protocol

agent-3/issue-11-implement-gateway-workerclient

agent-1/issue-8-add-grpc-authentication-and-scope-authorization

agent-2/issue-7-implement-local-api-key-admin-cli

agent-3/issue-21-implement-worker-bootstrap-and-options

agent-1/issue-10-implement-worker-process-launcher

agent-2/issue-6-implement-api-key-hashing-and-verification

agent-3/issue-20-scaffold-worker-project

agent-2/issue-5-implement-sqlite-auth-store-and-migrations

agent-1/issue-9-implement-worker-frame-protocol

agent-3/issue-4-add-structured-logging-and-metrics-foundation

agent-2/issue-3-add-gateway-configuration-and-validation

agent-1/issue-2-define-protobuf-contracts

agent-1/issue-1-scaffold-gateway-solution-and-projects

No results found.

Labels

Clear labels

area:auth

Authentication and authorization

area:client-dotnet

.NET client library

area:client-go

Go client library

area:client-java

Java client library

area:client-python

Python client library

area:client-rust

Rust client library

area:contracts

Protocol and generated contract work

area:dashboard

Blazor dashboard work

area:docs

Documentation

area:gateway

Gateway server work

area:tests

Automated and live tests

area:worker

MXAccess worker process work

blocked

Blocked by dependency

priority:p0

Must-have / blocking

priority:p1

High priority

priority:p2

Normal priority

type:docs

Documentation work

type:feature

Feature implementation

type:infra

Infrastructure and scaffolding

type:test

Test work

No Label area:auth priority:p0 type:feature

Milestone

No items

No Milestone gateway-auth

Projects

Clear projects

No project

Assignees

Clear assignees

dohertj2 (dohertj2)

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Blocks

#7 Implement Local API Key Admin CLI

dohertj2/mxaccessgw

#8 Add gRPC Authentication And Scope Authorization

dohertj2/mxaccessgw

Depends on

#5 Implement SQLite Auth Store And Migrations

dohertj2/mxaccessgw

Reference: dohertj2/mxaccessgw#6