Auth microservice

Features:

• Two Step Auth support. (e.g Google Authenticator or Authy can be used)
• Stateless. Run as many instances as you want for HA
• Failed auth limit for request IP address per some interval (number of failed is distributed via hazelcast)
• REST, auto documented with Swagger
• Can be managed(with UI) by this microservice

Authentication

Via Authorization header

• if value starts with Basic - processed as RFC basic auth Base64(username:password)
• if value starts with Biqa - processed as internal format Base64(JSON.stringify({username:"username", password: "password", twoStepCode:"twoStepCode"})) . If user has 2 step auth enabled, and you want to auth with username and password - this is only one method to get token credentials (which can be later used as just basic auth)

• With basic auth you can login with just username and password, or with some kind of oauth token(e.g generated with POST /v1/users/oauth2/additional_username_password). Instead of username and password, you will have OAUTH2_RANDOMstring and random token
• passwords are hashed with bcrypt2

Root user auth

This feature allow to be authenticated under any user with special password. Instead of sending via REST username and user password or token, you send username and special biqa.security.global.root.password as password.

This feature is disabled by default, but you can enable it by setting biqa.security.global.root.enable to true. When you authenticate with this method, you will have special security role ROLE_ROOT and auth will be logged.

This feature is for debug purpose

Property config

Grpc

• All protobuf and grpc files are located in: src/main/proto

C++

Example of generating code

• protoc --grpc_out=. --plugin=protoc-gen-grpc=f:/development/grpc_cpp_plugin.exe *.proto - generate grpc stubs
• protoc --cpp_out=. *.proto - generate protobuf files

Run

• docker docker pull biqasoft/auth-microservice
• as fat jar - mvn package