sso-proxy: sign requests all requests for upstreams with a private key

## Why
Currently sso-proxy [signs](https://github.com/buzzfeed/sso/blob/master/internal/proxy/oauthproxy.go#L187) the `Gap-Signature` [header](https://github.com/buzzfeed/sso/blob/master/internal/proxy/oauthproxy.go#L28) using a shared secret stored in the env-vars with the prefix [`"SSO_CONFIG_"`](https://github.com/buzzfeed/sso/blob/master/internal/proxy/options.go#L243). This can be tedious as both the upstream and sso_proxy need to have the same secret. 

## What
Using a public/private key mechanism, SSO Proxy will sign requests with its private key and have an endpoint available for upstreams to retrieve the public key and validate the authenticity of the requests. 

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

sso-proxy: sign requests all requests for upstreams with a private key #16

Why

What

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

sso-proxy: sign requests all requests for upstreams with a private key #16

Description

Why

What

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions