sh-ura
commented
3 years ago Won't do. Setting access type to confidential causes CORS issues that are not worth resolving at this point in time, for demo 1.
Closed sh-ura closed 3 years ago
sh-ura
commented
3 years ago Won't do. Setting access type to confidential causes CORS issues that are not worth resolving at this point in time, for demo 1.
As a developer responsible for a system of interacting microservices, I want to ensure that my microservices know and trust each other, so that service A only shares sensitive data with service B when it is reasonably confident in service B's identity. For example, I don't want my Keycloak IdP sharing user authentication information in response to requests from random, unknown clients. I want to avoid these
publictypes of access.The Researcher IdP should be configured to only allow
confidentialaccess to the Researcher Portal client. With theconfidentialaccess type andClient Id and Secretauthenticator, the Researcher IdP will expect the Researcher Portal to know a sharedsecret. The Researcher Portal can use this sharedsecretto authenticate itself.Acceptance Criteria
confidentialaccess type andClient Id and Secretclient authenticatorcomposeREADME includes steps for populating the Researcher Portal client secret (when trying to spin up the Researcher Portal and Researcher IdP together.)Tips and Tricks
Generating the secret: The client
secretcan be generated in Keycloak by navigating to Clients > researcher-portal-client, settingAccess Typetoconfidential, navigating to theCredentialstab, and clickingRegenerate Secret.Environment variables with Docker: You can pass environment variables to a Docker container using the
environmentfield in yourdocker-compose.yaml.Authenticating clients via HTTP: Simple key-value pairs containing authentication information can be passed in an HTTP Header (ex. the
Authorizationheader.) You will not need to touch JWTs at all for this task. Check out the Mozilla HTTP Authentication docs here.