stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Add identity envelope middleware to Platform service (fixes 403s)

Browse Source 
Platform was the ONLY service missing UseIdentityEnvelopeAuthentication().
Sprint 008 added it to Scanner, JobEngine, Timeline, Integrations, Concelier
but missed Platform. This caused ALL context API calls to return 403:
- /api/v2/context/regions
- /api/v2/context/environments
- /api/v2/context/preferences

The gateway strips JWT and sends signed identity envelope headers instead.
Without the middleware, Platform couldn't read the scopes from the envelope,
so every authorization check failed.

This also fixes the "Events: DEGRADED" SSE status indicator since the
context store's error was caused by these 403 responses.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
master
2026-03-17 07:45:00 +02:00
parent e157563d05
commit 6d91cf36b7
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/Platform/StellaOps.Platform.WebService/Program.cs
View File

@@ -311,6 +311,7 @@ if (!string.Equals(bootstrapOptions.Storage.Driver, "memory", StringComparison.O
app.UseStellaOpsCors(); app.UseStellaOpsCors();
app.UseStellaOpsLocalization(); app.UseStellaOpsLocalization();
app.UseStellaOpsTelemetryContext(); app.UseStellaOpsTelemetryContext();
app.UseIdentityEnvelopeAuthentication();
app.UseAuthentication(); app.UseAuthentication();
app.UseAuthorization(); app.UseAuthorization();
app.UseStellaOpsTenantMiddleware(); app.UseStellaOpsTenantMiddleware();