edgexfoundry / security-api-gateway

Owner: Security WG
Apache License 2.0
11 stars 10 forks source link

Setting the resource for creating OAuth tokens is cumbersome #38

Closed anonymouse64 closed 5 years ago

anonymouse64 commented 5 years ago

Currently if you wish to use edgexproxy to create an OAuth token for a given service, the configuration.toml file has to be modified each time when for example the user to create the token for is configurable from the command line. This means that the flow for creating tokens for all the services would consist of:

  1. Process configuration.toml to specify the resource name for the given service
  2. Run edgexproxy, save token somewhere
  3. Repeat steps 1 & 2 for next service
  4. Repeat steps 1 & 2 for next service ... and so on

I think the easiest way to handle this is to allow specifying the resource from the command line instead of in the configuration.toml file.

tingyuz commented 5 years ago

One alternative is to pass configuration.toml file as the parameter in the dockercompose file as the edgexporxy accept comfigration file as one of start up parameters. I agree eventually a more flexible way is to have a field to hold all the resources the bearer token can be used for. This may need extra time for investigation.

anonymouse64 commented 5 years ago

I think there's two potential improvements here:

  1. Allow multiple resources to be specified for a token in the configuration file
  2. Allow the resource(s) to be specified from the command line when running edgexproxy
tingyuz commented 5 years ago

we have #55 to that covers this issue. currently we are using global OAuth applying all the microservices resources so no longer need to put multiple resources names anywhere in the configuration.