The Authentication Support Service is a generic service that provides support to offload a service from authentication and fetching/refreshing of an authorization token.
A POD running a Service can include this running in a sidecar container. This Authentication Support Service will then make sure that a valid token is available to the service by means of a local file (in the POD).
The Service can then just read the token from a file and insert it into the HTTP header of each REST call.
The Authentication Support Service currently supports authentication using a private shared key. The used authentication provider used for testing is Keycloak.
The component is configured by means of the following environment variables:
CERT_PATH the file path to an x.509 cert to be used for TLS.
CERT_KEY_PATH the file path to a file containing the private key of the cert.
LOG_LEVEL an optional level of the log (Info, Debug, Trace, Warn, Error). Defaults to Info.
CREDS_GRANT_TYPE used for authentication, Client Credentials grant type.
CREDS_CLIENT_SECRET used for authentication, Client Secret.
CREDS_CLIENT_ID used for authentication, Client ID.
OUTPUT_FILE the file path of the file in which the fetched authorization token shall be stored.
AUTH_SERVICE_URL used for authentication, the URL to the authentication service.
REFRESH_MARGIN_SECONDS defines how long time in advance the token is refreshed (before it expires). Default is 5 seconds.
