Securing custom routes for app and device services #143
-
Since v3.0 supports the use of a JWT for communicating with the EdgeX service REST APIs, is there a plan for integrating that feature with the custom endpoints functionality from the Application and Device Service SDKs? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 4 replies
-
Probably best answered by @lenny-intel, but I think it should be as simple as wrapping your handler with https://github.com/edgexfoundry/edgex-go/blob/main/internal/core/data/router.go#L36 |
Beta Was this translation helpful? Give feedback.
-
@bnevis-i , this was missed in the Microservice Auth implementation. None of that App SDK end points are secured. Still checking the Go Device SDK . |
Beta Was this translation helpful? Give feedback.
The internal Device SDK routes where handled, but not the ones via AddRoute here: https://github.com/edgexfoundry/device-sdk-go/blob/main/internal/controller/http/restrouter.go#L87
@jrtitus , we'll add issues to each SDK to ensure all routes are secured when running in secure mode.