lehnerchristian
commented
5 years ago an alternative could be some kind of Single Sign On like OpenID Connect (OIDC)
Open lehnerchristian opened 5 years ago
lehnerchristian
commented
5 years ago an alternative could be some kind of Single Sign On like OpenID Connect (OIDC)
as far as I can see using the api_key authorization requires setting the api_key as a combination of a username + password, e.g.
admin:admin.the problem is that hard-coding username and password for a specific user somewhere in a config.json file is not an option. a better alternative would be to generate an API key (a long string). this API key needs to be stored in the services making the authenticated requests and in the services expecting requests from another service with the API key