mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2025-12-31 01:10:20 -06:00
Code Issues Packages Projects Releases Wiki Activity

[docs-only] add auth bearer readme (#4982)

Browse Source 
* add auth bearer readme

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>

* Apply suggestions from code review

Co-authored-by: Christian Richter <1058116+dragonchaser@users.noreply.github.com>

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
Co-authored-by: Christian Richter <1058116+dragonchaser@users.noreply.github.com>
This commit is contained in:
Jörn Friedrich Dreyer
2022-11-04 15:05:32 +01:00
committed by GitHub
parent 7429c06b4d
commit a542aad999
2 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
services/auth-basic/README.md
View File

@@ -1,6 +1,6 @@
# Auth-Basic Service
The oCIS Auth Basic service provides basic authentication for those clients who cannot handle OIDC. This is a rare case, is usually not necessary and mainly used for tests or development.
The oCIS Auth Basic service provides basic authentication for those clients who cannot handle OpenID Connect. This should only be enabled for tests and development.
The `auth-basic` service is responsible for validating authentication of incoming requests. To do so, it will use the configured `auth manager`, see the `Auth Managers` section. Only HTTP basic auth requests to ocis will involve the `auth-basic` service.

13
services/auth-bearer/README.md Normal file
View File

@@ -0,0 +1,13 @@
# Auth-Bearer Service
The oCIS Auth Bearer service communicates with the configured OpenID Connect identity provider to authenticate requests. OpenID Connect is the default authentication mechanism for all clients: web, desktop and mobile. Basic auth is only used for testing and has to be explicity enabled.
## Built in OpenID Connect identity provider
A default oCIS deployment will start a [built in OpenID Connect identity provider](https://github.com/owncloud/ocis/tree/master/services/idp) but can be configured to use an external one as well.
## Scalability
There is no persistance or caching. The proxy caches verified auth bearer tokens. Requests will be forwarded to the identity provider. Therefore, multiple instances of the `auth-bearer` service can be started without further configuration. Currently, the auth registry used by the gateway can only use a single instance of the service. To use more than one auth provider per deployment you need to scale the gateway.
This will change when we use the service registry in more places and use micro clients to select an instance of a service.