Skip to content

feat(authproxy): use CLIENT_ID for per-agent inbound audience validation#282

Open
huang195 wants to merge 1 commit intokagenti:mainfrom
huang195:use-client-id-for-audience-validation
Open

feat(authproxy): use CLIENT_ID for per-agent inbound audience validation#282
huang195 wants to merge 1 commit intokagenti:mainfrom
huang195:use-client-id-for-audience-validation

Conversation

@huang195
Copy link
Copy Markdown
Contributor

@huang195 huang195 commented Apr 8, 2026

Summary

Replace the EXPECTED_AUDIENCE env var with the agent's CLIENT_ID (from /shared/client-id.txt) for inbound JWT audience validation. This makes audience validation per-agent by construction.

Problem

EXPECTED_AUDIENCE was either:

  • Not set (most demos) — no audience check, tokens interchangeable across agents
  • Set at namespace level — same value for all agents, tokens still interchangeable

A token intended for one agent could be used on any other agent in the same namespace.

Solution

Use CLIENT_ID from /shared/client-id.txt as the expected audience. This file is written by the operator (PR #247) or client-registration sidecar and contains the agent's unique Keycloak client ID:

  • SPIRE: spiffe://trust-domain/ns/namespace/sa/service-account
  • Non-SPIRE: namespace/workload-name

The audience scope created during client registration ensures platform tokens (kagenti UI) include this value in their aud claim.

Changes

  • go-processor/main.go: Use config.ClientID instead of EXPECTED_AUDIENCE env var
  • Demo configmaps: Remove EXPECTED_AUDIENCE references
  • Demo docs: Update to reflect automatic audience validation

Impact on existing demos

All demos verified — no breakage:

  • Weather Agent: tokens use agent's own client → correct aud
  • GitHub Issue: tokens use agent's own client → correct aud
  • Webhook: tokens use agent's own client → correct aud
  • Single-Target: tokens use agent's own client → correct aud
  • Multi-Target: inbound not tested in script; outbound unaffected

Test plan

  • Webhook demo: inbound validation rejects tokens without agent's client ID in aud
  • Weather agent demo: UI chat works (platform token has audience scope)
  • GitHub issue demo: Alice/Bob flows work with per-agent audience check
  • Tokens from admin-cli (without audience scope) are correctly rejected

Generated with Claude Code

@huang195 huang195 force-pushed the use-client-id-for-audience-validation branch 2 times, most recently from 9a080c3 to c6d7443 Compare April 8, 2026 14:31
@huang195
feat(authproxy): use CLIENT_ID for inbound audience validation, remov…
61ca04c 
…e EXPECTED_AUDIENCE

Replace the EXPECTED_AUDIENCE env var with the agent's CLIENT_ID
(from /shared/client-id.txt) for inbound JWT audience validation.
This makes audience validation per-agent by construction — the
operator or client-registration writes the agent's Keycloak client
ID to this file, so each agent validates against its own identity.

Previously, EXPECTED_AUDIENCE was:
- Not set (most demos) → no audience check, tokens interchangeable
- Set at namespace level → same value for all agents in namespace

Now, audience validation is automatic and per-agent. A token intended
for one agent cannot be used on another agent in the same namespace.

Works for both SPIRE and non-SPIRE paths:
- SPIRE: CLIENT_ID = spiffe://trust-domain/ns/namespace/sa/sa-name
- Non-SPIRE: CLIENT_ID = namespace/workload-name

Updated demo configmaps and docs to remove EXPECTED_AUDIENCE references.

Signed-off-by: Hai Huang <huang195@gmail.com>
@huang195 huang195 force-pushed the use-client-id-for-audience-validation branch from c6d7443 to 61ca04c Compare April 8, 2026 15:29
@huang195 huang195 mentioned this pull request Apr 8, 2026
Open
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@huang195