Skip to content

craig-shony/sso_endpoint

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
.ssh
.ssh
 
 
__pycache__
__pycache__
 
 
parsleyapp
parsleyapp
 
 
README.md
README.md
 
 
app.py
app.py
 
 
client.py
client.py
 
 
jwt_generator.py
jwt_generator.py
 
 

Repository files navigation

sso_endpoint

Assignment for Security Engineer position at Parsley Health

Problem Statement

For requests from one web application in particular, named senior-parsley, we need to be able to apply certain rules. When the following conditions are met: claim auth-provider == SSO AND claim email contains @parsleyhealth.com as an email suffix. The GraphQL endpoint will return a valid JSON response (you can use any sample schema you choose). If the conditions are NOT met, return a 401 and take any appropriate action.

Included

  1. A flask app to handle one endpoint "/sso"
  2. JWT generator to handle test cases
  3. Simulated client for testing

Security Controls

  1. Signed JWTs
  2. Rate limiting
  3. Expiry
  4. Not Included: Vault protection for signing keys

Testing Document

Matches parameters for tokenGen() function for test cases

  1. valid sso request
  2. user-pass request
  3. non-parsleyhealth request
  4. email fuzzing
  5. expired JWT

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages