General Information
Abstract
The OpenCloud Auth Machine is used for interservice communication when using user impersonation.
OpenCloud uses serveral authentication services for different use cases. All services that start with auth- are part of the authentication service family. Each member authenticates requests with different scopes. As of now, these services exist:
auth-apphandles authentication of external 3rd party appsauth-basichandles basic authenticationauth-bearerhandles oidc authenticationauth-machinehandles interservice authentication when a user is impersonatedauth-servicehandles interservice authentication when using service accounts
Table of Contents
User Impersonation
When one OpenCloud service is trying to talk to other OpenCloud services, it needs to authenticate itself. To do so, it will impersonate a user using the auth-machine service. It will then act on behalf of this user. Any action will show up as action of this specific user, which gets visible when e.g. logged in the audit log.
Deprecation
With the upcoming auth-service service, the auth-machine service will be used less frequently and is probably a candidate for deprecation.