feat: Implement console session management with tenant and profile handling
- Add ConsoleSessionStore for managing console session state including tenants, profile, and token information. - Create OperatorContextService to manage operator context for orchestrator actions. - Implement OperatorMetadataInterceptor to enrich HTTP requests with operator context metadata. - Develop ConsoleProfileComponent to display user profile and session details, including tenant information and access tokens. - Add corresponding HTML and SCSS for ConsoleProfileComponent to enhance UI presentation. - Write unit tests for ConsoleProfileComponent to ensure correct rendering and functionality.
This commit is contained in:
12
docs/updates/2025-10-31-console-security-refresh.md
Normal file
12
docs/updates/2025-10-31-console-security-refresh.md
Normal file
@@ -0,0 +1,12 @@
|
||||
# 2025-10-31 — Console Security Docs Refresh
|
||||
|
||||
## Summary
|
||||
- Documented the new Authority `/console` endpoints (`/tenants`, `/profile`, `/token/introspect`) including tenant header enforcement, DPoP requirements, and five-minute fresh-auth behaviour.
|
||||
- Reduced the default Authority access-token lifetime to 120 seconds to match OpTok guidance and updated tests accordingly.
|
||||
- Updated Console security guidance to cover the newly issued `orch:read` scope and clarified session inactivity expectations.
|
||||
- Annotated `authority.yaml.sample` and the Authority ops runbook so operators forward `X-Stella-Tenant` and understand fresh-auth prompts.
|
||||
|
||||
## Impact
|
||||
- Console release notes now reference the dedicated `/console` endpoints and their audit identifiers.
|
||||
- Security Guild can rely on the updated compliance checklist when executing Sprint 23 sign-off.
|
||||
- Deployment teams have explicit configuration reminders for tenants and orchestrator dashboard access.
|
||||
Reference in New Issue
Block a user