Skip to content

[feature-request] Publish @fuzefront/auth — the consumable authN/authZ client every product needs #117

Description

@fuzeone-bot

Cross-product feature request (governance/cross-product-feature-requests.md) — requester: platform-governance/orchestrator, owner: FuzeFront.

Need

The new policy (governance §1 + platform-services) makes FuzeFront the authN (Authentik OIDC SSO) + authZ (Permit.io) provider for every product, enforced by gate-authz. But there is no consumable client for products to adopt — so audits found products self-rolling auth (FuzeMarket #38 SHA-256 password store + self-minted tokens; FuzeDeploy #12 self-minted JWTs + local user store; FuzeX #7 no auth). They can't comply until FuzeFront ships the client.

Acceptance criteria

  1. Publish @fuzefront/auth (private GitHub Packages, @fuzefront scope) — a thin client that verifies FuzeFront/Authentik identity tokens (JWKS), exposes requireUser() / req.user (Express) + Depends(get_current_user) (FastAPI) equivalents, and the authZ helpers (permit.check / requireOwnership) against the shared Permit PDP. Node + Python.
  2. An integration guide (how a product adopts FuzeFront auth: verify tokens, no local login/user-store/token-minting) — maintained by fuzefront-expert so consuming agents consult it, not FF's source.
  3. Notify the orchestrator with the package name/version + guide link, so the FuzeMarket/FuzeDeploy/FuzeX migrations can proceed.

Owner path

Plan in FuzePlan → develop via FuzeAgent → deploy/publish via FuzeDeploy → notify. Draft PR; no plan mode/AskUserQuestion.

STATE:

  • done: policy + gate-authz live; violations identified
  • remaining: @fuzefront/auth client (Node+Python) + JWKS verify + Permit authz helpers + integration guide
  • next action: fuzefront-expert + backend-engineer scope the client from backend/src/middleware/permissions.ts (the reference)

@claude — pick this up per the owner path.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestsecuritySecurity finding / hardening

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions