The Authentication Support Service is a generic service that can offload a service from authentication, fetching and refreshing of an authorization token to be used for any service.
A POD running a Service can include this as a sidecar container. The container will make sure that a valid token is available to the service via a local file in the POD.
The service will then just read the token from a file and insert it into the HTTP header of each REST call.
The component currently supports authorization using a private shared key and the used authorization provider used for testing is Keycloak.
The component is configured by means of the following environment variables:
CERT_PATH the file path to an x.509 cert to be used for TLS
CERT_KEY_PATH the file path to file containing the private key of the cert
LOG_LEVEL an optional level of the log (Info, Debug, Trace, Warn, Error). Defaults to Info.
CREDS_GRANT_TYPE used for authorization, Client Credentials grant type
CREDS_CLIENT_SECRET used for authorization, Client Secret
CREDS_CLIENT_ID used for authorization, Client ID
OUTPUT_FILE the file path of the file to put the fetched authorization token
AUTH_SERVICE_URL used for authorization, the URL to the authorization service
REFRESH_MARGIN_SECONDS defines how long time in advance the token is refreshed (before it expires). Default is 5 seconds.
