69 lines
2.1 KiB
Markdown
69 lines
2.1 KiB
Markdown
# Scene 0 — Setup: Authenticate & Start Gateway
|
|
|
|
**Goal:** Ensure the gateway is running and obtain a JWT token.
|
|
|
|
**What to show:** The AI agent authenticates against the gateway — credentials are never hardcoded in the AI, and the token has explicit scopes.
|
|
|
|
---
|
|
|
|
## Presentation Rule
|
|
|
|
> **Language:** All AI narration and communication during scenes must be in **English**.
|
|
>
|
|
> The AI must narrate every interaction with the gateway in detail. **Before** calling the gateway, explain what it is about to do, which endpoint it will call, and what it expects to happen. **After** receiving the response, explain what the gateway returned, what the decision means, and why it matters. The goal is to make the audience understand exactly what is happening between the AI and the gateway at every step.
|
|
|
|
---
|
|
|
|
## Communication Flow
|
|
|
|
```mermaid
|
|
sequenceDiagram
|
|
participant AI as AI Agent
|
|
participant GW as Gateway
|
|
|
|
AI->>GW: POST /api/auth/token<br/>{clientId, clientSecret, scopes}
|
|
GW->>GW: Validate credentials
|
|
GW->>GW: Generate RSA-signed JWT
|
|
GW-->>AI: 200 OK {access_token, scopes, expires_in}
|
|
Note over AI: Stores token in /tmp/gateway-token.json<br/>Token used in all subsequent requests
|
|
```
|
|
|
|
## Pre-requisite
|
|
|
|
Make sure the gateway is running:
|
|
|
|
```bash
|
|
docker compose up -d
|
|
```
|
|
|
|
Wait for it to be healthy, then proceed.
|
|
|
|
---
|
|
|
|
## Demo Script
|
|
|
|
> **Presenter says:** "First, the AI needs to authenticate. It requests a token with specific scopes — just like any OAuth client."
|
|
|
|
### Step 1 — Authenticate
|
|
|
|
Call `POST /api/auth/token` to obtain a JWT and save the response to `/tmp/gateway-token.json`.
|
|
|
|
### Step 2 — Verify
|
|
|
|
Show the token contents:
|
|
|
|
```bash
|
|
cat /tmp/gateway-token.json | jq .
|
|
```
|
|
|
|
**Expected output:** A JSON with `access_token`, `token_type: bearer`, `expires_in`, and the granted `scopes` array.
|
|
|
|
---
|
|
|
|
## Talking Points
|
|
|
|
- The AI never holds raw credentials to Jira, Jenkins, or DB
|
|
- The token has **scoped permissions** — it can only do what the scopes allow
|
|
- This is standard OAuth client credentials flow
|
|
- If the token expires, the AI must re-authenticate
|