search

romana / core

Romana core components - Micro services written in Go.
Apache License 2.0
47 stars 11 forks source link

Auth changes - this is against feature/gg-auth branch... #43

Closed debedb closed 8 years ago

debedb commented 8 years ago

(Because that part has already been reviewed but not yet merged, so to avoid confusion...)

Auth stuff. Here is how it works (this should be part of some documentation but not sure where... Better to put it in the wiki, I think?)

  1. Root service, at /auth URL, provides authentication service. Currently it is username/password based but can be key-based in the future. Also, currently username/password is checked against a SQL database, but we can easily add other authentication backends.
  2. Each other service is provided username and password on the command line.
  3. As a first thing, as part of GetClientConfig(), each service sends its credential to the auth url from (1), and, if successful, gets a JWT (Jason Web Token) with roles (for now; they are unused) that this user has, signed with the private key (specified in the YAML config file). RestClient saves this information and uses it for subsequent requests (this is sent in Authorization header).
  4. Each service also provides authentication middleware that checks this token (with public key specified in YAML config file).
jbrendel commented 8 years ago

Submitted comments and questions. Otherwise, done for now.