The Authentication Support Service is a generic service that provides support to offload a service from authentication and fetching/refreshing of an authorization token.
A POD running a Service can include this running in a sidecar container. This Authorization Support Service will then make sure that a valid token is available to the service by means of a local file (in the POD).
The Service can then just read the token from a file and insert it into the HTTP header of each REST call.
The Authorization Support Service currently supports authorization using a private shared key. The used authorization provider used for testing is Keycloak.
The component is configured by means of the following environment variables:
CERT_PATH the file path to an x.509 cert to be used for TLS
CERT_KEY_PATH the file path to file containing the private key of the cert
LOG_LEVEL an optional level of the log (Info, Debug, Trace, Warn, Error). Defaults to Info.
CREDS_GRANT_TYPE used for authorization, Client Credentials grant type
CREDS_CLIENT_SECRET used for authorization, Client Secret
CREDS_CLIENT_ID used for authorization, Client ID
OUTPUT_FILE the file path of the file to put the fetched authorization token
AUTH_SERVICE_URL used for authorization, the URL to the authorization service
REFRESH_MARGIN_SECONDS defines how long time in advance the token is refreshed (before it expires). Default is 5 seconds.
| View file | ||||
|---|---|---|---|---|
|