Skip to main content
Feedback

OAuth Authenticator Service Configuration

Authorization for the OAuth Authenticator Service depends on the configuration of "com.mashery.service.onprem.oauth.authenticator.oauth-service-authenticator" in Traffic Manager configmap.

OAuth API requests can be authenticated using Basic Authentication and Public Key Authentication:

  • If the OAuth API endpoint is exposed or used directly, Basic Authentication should be configured.
  • If a proxy OAuth API service endpoint is used, Public Key Authentication should be configured.

The following is an example of the configuration in kubernetes secret oauth-authenticator-secret for both Basic and Public Key Authentication:

"com.mashery.service.onprem.oauth.authenticator.oauth-service-authenticator" : { "publicKeyName": "<public_key>", "publicKeyValue": "<public_key_value>"},

  • A username and password pair is required to support Basic Authentication. The password can be generated by any SHA256 Hash generator.

  • The publicKeyName and publicKeyValue pair is for public key authentication when setting up an OAuth API service endpoint.

    The public key is extracted from the request parameters when the request is received by the OAuth API service endpoint created in either tethered or untethered mode (refer to sample OAuth API service endpoint setup below for more details).

    To use the endpoint, the publicKeyName and publicKeyValue properties must be configured in Values.yaml (refer to known issue: EIN-22802) and their values should match their corresponding parameter string in the endpoint.

  • Basic Authenticator is disabled if the username property of service "com.mashery.service.onprem.oauth.authenticator.oauth-service-authenticator" is not present in oauth-authenticator-secret.

    The request must pass public key authentication when Basic Authentication is disabled.

  • Public key authentication is disabled if the publicKeyName property of service "com.mashery.service.onprem.oauth.authenticator.oauth-service-authenticator" is not present in Values.yaml (refer to known issue: EIN-22802))

    If public key authentication is disabled, Basic Authentication should be enabled by configuring the username and password.