-
Notifications
You must be signed in to change notification settings - Fork 169
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Michael Barz <mbarz@owncloud.com>
- Loading branch information
Showing
6 changed files
with
676 additions
and
21 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -24,6 +24,7 @@ ocis/cmd/ocis/config/ | |
|
||
# docs | ||
/hugo | ||
/docs/services/*/_index.md | ||
|
||
# IDEs | ||
.idea | ||
|
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,16 +1,42 @@ | ||
--- | ||
title: Auth-Machine | ||
date: 2022-03-02T00:00:00+00:00 | ||
date: 2023-09-21T09:08:15.21901+02:00 | ||
weight: 20 | ||
geekdocRepo: https://github.com/owncloud/ocis | ||
geekdocEditPath: edit/master/docs/services/auth-machine | ||
geekdocFilePath: _index.md | ||
geekdocEditPath: edit/master/services/auth-machine | ||
geekdocFilePath: README.md | ||
geekdocCollapseSection: true | ||
--- | ||
|
||
<!-- Do not edit this file, it is autogenerated. Edit the service README.md instead --> | ||
|
||
## Abstract | ||
|
||
|
||
The oCIS Auth Machine is used for interservice communication when using user impersonation. | ||
|
||
ocis uses serveral authentication services for different use cases. All services that start with `auth-` are part of the authentication service family. Each member authenticates requests with different scopes. As of now, these services exist: | ||
- `auth-basic` handles basic authentication | ||
- `auth-bearer` handles oidc authentication | ||
- `auth-machine` handles interservice authentication when a user is impersonated | ||
- `auth-service` handles interservice authentication when using service accounts | ||
|
||
|
||
## Table of Contents | ||
|
||
{{< toc-tree >}} | ||
* [User Impersonation](#user-impersonation) | ||
* [Deprecation](#deprecation) | ||
* [Example Yaml Config](#example-yaml-config) | ||
|
||
## User Impersonation | ||
|
||
When one ocis service is trying to talk to other ocis services, it needs to authenticate itself. To do so, it will impersonate a user using the `auth-machine` service. It will then act on behalf of this user. Any action will show up as action of this specific user, which gets visible when e.g. logged in the audit log. | ||
|
||
## Deprecation | ||
|
||
With the upcoming `auth-service` service, the `auth-machine` service will be used less frequently and is probably a candidate for deprecation. | ||
## Example Yaml Config | ||
{{< include file="services/_includes/auth-machine-config-example.yaml" language="yaml" >}} | ||
|
||
{{< include file="services/_includes/auth-machine_configvars.md" >}} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,16 +1,39 @@ | ||
--- | ||
title: SSE | ||
date: 2022-08-08T00:00:00+00:00 | ||
date: 2023-09-21T09:08:15.226196+02:00 | ||
weight: 20 | ||
geekdocRepo: https://github.com/owncloud/ocis | ||
geekdocEditPath: edit/master/docs/services/sse | ||
geekdocFilePath: _index.md | ||
geekdocEditPath: edit/master/services/sse | ||
geekdocFilePath: README.md | ||
geekdocCollapseSection: true | ||
--- | ||
|
||
<!-- Do not edit this file, it is autogenerated. Edit the service README.md instead --> | ||
|
||
## Abstract | ||
|
||
|
||
The `sse` service is responsible for sending sse (Server-Sent Events) to a user. See [What is Server-Sent Events](https://medium.com/yemeksepeti-teknoloji/what-is-server-sent-events-sse-and-how-to-implement-it-904938bffd73) for a simple introduction and examples of server sent events. | ||
|
||
|
||
## Table of Contents | ||
|
||
{{< toc-tree >}} | ||
* [The Log Service Ecosystem](#the-log-service-ecosystem) | ||
* [Subscribing](#subscribing) | ||
* [Example Yaml Config](#example-yaml-config) | ||
|
||
## The Log Service Ecosystem | ||
|
||
Log services like the `userlog`, `clientlog` and `sse` are responsible for composing notifications for a certain audience. | ||
- The `userlog` service translates and adjusts messages to be human readable. | ||
- The `clientlog` service composes machine readable messages, so clients can act without the need to query the server. | ||
- The `sse` service is only responsible for sending these messages. It does not care about their form or language. | ||
|
||
## Subscribing | ||
|
||
Clients can subscribe to the `/sse` endpoint to be informed by the server when an event happens. The `sse` endpoint will respect language changes of the user without needing to reconnect. Note that SSE has a limitation of six open connections per browser which can be reached if one has opened various tabs of the Web UI pointing to the same Infinite Scale instance. | ||
## Example Yaml Config | ||
{{< include file="services/_includes/sse-config-example.yaml" language="yaml" >}} | ||
|
||
{{< include file="services/_includes/sse_configvars.md" >}} | ||
|