The Authentication Support Service is a generic service that provides support to offload a service from authentication and fetching/refreshing of an authorization token.
A POD running a Service can include this running in a sidecar container. This Authorization Support Service will then make sure that a valid token is available to the service by means of a local file (in the POD).
The Service can then just read the token from a file and insert it into the HTTP header of each REST call.
The Authorization Support Service currently supports authorization using a private shared key. The used authorization provider used for testing is Keycloak.
The component is configured by means of the following environment variables:
CERT_PATH the file path to an x.509 cert to be used for TLS.
CERT_KEY_PATH the file path to a file containing the private key of the cert.
LOG_LEVEL an optional level of the log (Info, Debug, Trace, Warn, Error). Defaults to Info.
CREDS_GRANT_TYPE used for authorization, Client Credentials grant type.
CREDS_CLIENT_SECRET used for authorization, Client Secret.
CREDS_CLIENT_ID used for authorization, Client ID.
OUTPUT_FILE the file path of the file in which the fetched authorization token shall be stored.
AUTH_SERVICE_URL used for authorization, the URL to the authorization service.
REFRESH_MARGIN_SECONDS defines how long time in advance the token is refreshed (before it expires). Default is 5 seconds.