KES AUTH PATH STATUS

Current scope: Gest

Category: 10_normative | Version: v1.0.0

Owner: DOCUMENT_CUSTODIAN | Review cycle: 90 days

Approval Authority: GOVERNANCE_ADMIN

Read-only Documentation Portal. Editing and mutation endpoints are disabled.

METADATA INCOMPLETE: Document ID, Version, Status, Owner Role, Last Review Date, Next Review Date, Change Log

KES Auth Path Status

Token Acquisition Method

The canonical repo auth fixture remains the existing dev impersonation flow:

POST /auth/dev/impersonate
or gateway equivalent POST /api/v1/auth/dev/impersonate

This sprint confirmed that this is still the intended token-acquisition method for dev happy-path checks.

In this Docker rehearsal environment, full svc-auth could not be used because it still fails to boot cleanly with the pre-existing native sharp linux runtime mismatch. Because of that, the working parity check used a contract-compatible access token fixture:

HS256 token
signed with the shared JWT_SECRET
carrying the exact claims shape expected by gateway and KES auth ingress

Gateway Auth Behavior

Gateway behavior is unchanged.

requireGatewayAuth(...) in :

Loading workspace

Loading module

Loading workspace

KES AUTH PATH STATUS

KES Auth Path Status

Token Acquisition Method

Gateway Auth Behavior

Principal-Resolution Behavior

Route Path Status

Current KES Mutation Auth Status

Remaining Blocker