cloud/ocis
1
0
Fork 0
mirror of https://github.com/owncloud/ocis.git synced 2025-04-18 23:44:07 +03:00
Code
ocis/services/auth-machine
History
Julian Koberg b979844791 feat(ocis): adjust reva imports 
Signed-off-by: Julian Koberg <jkoberg@MBP-Julian-Koberg.local>
2025-03-05 11:14:44 +01:00
..
cmd/auth-machine
only register signal handling once
2024-07-29 16:28:13 +02:00
pkg
feat(ocis): adjust reva imports
2025-03-05 11:14:44 +01:00
Makefile
rename folder extensions -> services
2022-06-27 14:05:36 +02:00
README.md
feat(auth-app): add changelog
2024-07-23 09:34:58 +02:00

README.md

Auth-Machine

The oCIS Auth Machine is used for interservice communication when using user impersonation.

ocis uses serveral authentication services for different use cases. All services that start with auth- are part of the authentication service family. Each member authenticates requests with different scopes. As of now, these services exist:

  • auth-app handles authentication of external 3rd party apps
  • auth-basic handles basic authentication
  • auth-bearer handles oidc authentication
  • auth-machine handles interservice authentication when a user is impersonated
  • auth-service handles interservice authentication when using service accounts

User Impersonation

When one ocis service is trying to talk to other ocis services, it needs to authenticate itself. To do so, it will impersonate a user using the auth-machine service. It will then act on behalf of this user. Any action will show up as action of this specific user, which gets visible when e.g. logged in the audit log.

Deprecation

With the upcoming auth-service service, the auth-machine service will be used less frequently and is probably a candidate for deprecation.