Issue #6: implement api key hashing and verification #59

Merged

dohertj2 merged 1 commits from agent-2/issue-6-implement-api-key-hashing-and-verification into main 2026-04-26 16:46:07 -04:00

Conversation 0 Commits 1 Files Changed 17

+524

dohertj2 commented 2026-04-26 16:45:25 -04:00

Owner

Copy Link

Copy Source

Implements API key parsing, HMAC-SHA256 hashing with the configured gateway pepper, constant-time hash verification, and identity/scope projection for issue #6.

Covered behavior:

• parses authorization: Bearer mxgw_<key-id>_<secret>
• rejects malformed headers before lookup
• hashes presented secrets with Authentication:PepperSecretName
• compares hashes using CryptographicOperations.FixedTimeEquals
• rejects missing, revoked, mismatched, and missing-pepper keys
• returns key id, prefix, display name, and scopes without raw secrets
• extends API-key redaction coverage for underscore-containing secrets

Tests run:

• dotnet format src\MxGateway.sln --verify-no-changes
• dotnet build src\MxGateway.sln
• dotnet test src\MxGateway.Tests\MxGateway.Tests.csproj
• dotnet test src\MxGateway.sln

Closes #6

Implements API key parsing, HMAC-SHA256 hashing with the configured gateway pepper, constant-time hash verification, and identity/scope projection for issue #6. Covered behavior: - parses `authorization: Bearer mxgw_<key-id>_<secret>` - rejects malformed headers before lookup - hashes presented secrets with `Authentication:PepperSecretName` - compares hashes using `CryptographicOperations.FixedTimeEquals` - rejects missing, revoked, mismatched, and missing-pepper keys - returns key id, prefix, display name, and scopes without raw secrets - extends API-key redaction coverage for underscore-containing secrets Tests run: - dotnet format src\MxGateway.sln --verify-no-changes - dotnet build src\MxGateway.sln - dotnet test src\MxGateway.Tests\MxGateway.Tests.csproj - dotnet test src\MxGateway.sln Closes #6

dohertj2 added 1 commit 2026-04-26 16:45:26 -04:00

Issue #6: implement api key hashing and verification 696be17139

dohertj2 merged commit 3b3e41acf4 into main 2026-04-26 16:46:07 -04:00

dohertj2 referenced this issue from a commit 2026-04-26 16:46:08 -04:00

Merge PR #59: Issue #6 implement API key hashing and verification

dohertj2 referenced this pull request 2026-04-26 16:46:36 -04:00

Implement API Key Hashing And Verification #6

dohertj2 referenced this pull request 2026-04-26 17:07:18 -04:00

Add gRPC Authentication And Scope Authorization #8

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

area:auth

Authentication and authorization

area:client-dotnet

.NET client library

area:client-go

Go client library

area:client-java

Java client library

area:client-python

Python client library

area:client-rust

Rust client library

area:contracts

Protocol and generated contract work

area:dashboard

Blazor dashboard work

area:docs

Documentation

area:gateway

Gateway server work

area:tests

Automated and live tests

area:worker

MXAccess worker process work

blocked

Blocked by dependency

priority:p0

Must-have / blocking

priority:p1

High priority

priority:p2

Normal priority

type:docs

Documentation work

type:feature

Feature implementation

type:infra

Infrastructure and scaffolding

type:test

Test work

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

dohertj2 (dohertj2)

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: dohertj2/mxaccessgw#59