mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2025-12-31 01:10:20 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
d1fd65466ff4cda526fcb3ab45d8f199a1d73a8d
opencloud/services/auth-machine
History
Jörn Friedrich Dreyer d1fd65466f reuse default node id when registering services 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
2024-07-24 13:07:54 +02:00
..
cmd/auth-machine
refactor extensions -> services
2022-06-27 14:05:36 +02:00
pkg
reuse default node id when registering services
2024-07-24 13:07:54 +02:00
Makefile
rename folder extensions -> services
2022-06-27 14:05:36 +02:00
README.md
feat(auth-app): add changelog
2024-07-23 09:34:58 +02:00

README.md

Auth-Machine

The oCIS Auth Machine is used for interservice communication when using user impersonation.

ocis uses serveral authentication services for different use cases. All services that start with auth- are part of the authentication service family. Each member authenticates requests with different scopes. As of now, these services exist:

  • auth-app handles authentication of external 3rd party apps
  • auth-basic handles basic authentication
  • auth-bearer handles oidc authentication
  • auth-machine handles interservice authentication when a user is impersonated
  • auth-service handles interservice authentication when using service accounts

User Impersonation

When one ocis service is trying to talk to other ocis services, it needs to authenticate itself. To do so, it will impersonate a user using the auth-machine service. It will then act on behalf of this user. Any action will show up as action of this specific user, which gets visible when e.g. logged in the audit log.

Deprecation

With the upcoming auth-service service, the auth-machine service will be used less frequently and is probably a candidate for deprecation.

Reference in New Issue View Git Blame Copy Permalink