Audit plugin discussion #1903
nandhu-kumar
started this conversation in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
We are adding a subscriber in ThunderID (Go backend) that forwards observability events to the Mosip Audit Manager
/v1/auditmanager/auditsendpoint. The first implementation mirrors the existing eSignetIdaAuditPluginImpl(Java) exactly, but several field mappings need confirmation from the eSignet / Audit Manager teams before we lock the contract.Structures
ThunderID
event.Event(source) —backend/internal/system/observability/event/event.goTraceIDstringEventIDstringTypestringuser.created,token.issuedTimestamptime.TimeComponentstringStatusstringsuccess/failure/in_progress/ …Datamap[string]interface{}Example Thunder event (one real
TOKEN_ISSUEDevent from the publisher):{ "trace_id": "84920707-6148-46f6-b6ec-d82fe3bac755", "event_id": "019e44b3-4ef9-7493-8956-9616feec1088", "type": "TOKEN_ISSUED", "timestamp": "2026-05-20T14:54:22.3935474+05:30", "component": "AuthHandler", "status": "success", "data": { "client_id": "sample_app_client", "duration_ms": "8", "grant_type": "authorization_code", "scope": "" } }Note:
datahere hasclient_id, notuserId/userName/idType— illustrating the unenforced-keys problem in Q5/Q3.Mosip
AuditRequest(target) — fields used by the Java plugineventIdeventNameeventTypeactionTimeStampLocalDateTime(no timezone)hostName"localhost"hostIp"localhost"applicationId"eSignet"applicationName"eSignet"sessionUserId"no-user"sessionUserName"no-user"ididTypecreatedBy"IdaAuditPluginImpl"moduleNamemoduleIddescriptionDirect mappings (no ambiguity)
eventId,eventNameevent.TypeeventTypeevent.Status(upper-cased)actionTimeStampevent.TimestampmoduleName,moduleIdevent.ComponentFields with no clean Thunder equivalent — questions
applicationId/applicationName/createdBy— Java hardcodes"eSignet"and"IdaAuditPluginImpl". Should we keep those literal (so Thunder events look identical to eSignet's in the audit trail) or use"ThunderID"/"ThunderIdAuditSubscriber"so the Audit Manager can distinguish the source product?actionTimeStampformat — JavaLocalDateTimeserializes without a timezone. Does the Audit Manager strictly require the zoneless Java format, or does it accept ISO-8601 withZ? Go's defaulttime.TimeJSON encoding is RFC 3339 with offset (see+05:30in the example above).idType— ThunderID has no equivalent of Mosip IDA's UIN/VID. Options: always empty, hardcode (e.g."thunderid-user"), or source fromevent.Data["idType"]when present. Preference?id(transaction id) — Mosip expects a transaction identifier. Thunder'sTraceIDis the closest analogue but semantics differ (correlation id vs. transaction id). Acceptable, or should we look for atransactionIdkey inevent.Datafirst and fall back toTraceID?sessionUserId/sessionUserName—event.Datais a free-form map; keys are not enforced. Are"userId"/"userName"the right conventional keys to read, and is"no-user"the correct fallback (matching Java)? (The TOKEN_ISSUED example above has neither key — it would fall back for both.)description— Java packs a curated JSON object (clientId, relyingPartyId, state, code/access-token hashes, link-transaction id). For Thunder, should we:event.Datamap as a JSON string (simple, but may leak unexpected fields), orAny guidance from the Audit Manager / eSignet team on which of the literals must stay literal for downstream consumers (dashboards, reports, retention policy) would help us finalise the mapping.
Beta Was this translation helpful? Give feedback.
All reactions