Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 25 Next »

Introduction

Like all SOAJS microservices, OAuth microservice has different layers of configuration. Local configuration, tenant-level configuration if the microservice is a multitenant one, and registry configuration. Moreover, OAuth can have a custom separate database for tokens and users. 


Configuration Layers

1 - Tenant configuration

Provisioning is a configuration that all SOAJS micro-services can acquire once you turn on multi-tenant for them. Once a service becomes multi-tenant, you can provide custom tenant configuration to it at run time. If you have 2 tenants that can access the oAuth service, then the provisioned configuration for each tenant will be loaded once that tenant invokes an API in oAuth.

The below configuration is supported by the oAuth micro-service and can be configured & changed at the tenant level under the Manage Pillar.

Configuration Sample

Configuration Sample 
{
    _id: "%tenant_id%",
    ...
    oauth: {
        secret: "tenant_oauth_secret",
        pin: {
            "%product_name%": {
                enabled: true
            }
        },
        disabled: 0, //OAuth enabled or not
        type: 2,//OAuth type
        loginMode: "%login_mode%"
    },
    ....
}
    applications: [
        {
            product: "%product_name%",
            package: "%package_name%",
            appId: "%app_id%",
            description: "%application_description%",
            _TTL: 604800000,
            keys: [
                {
                    key: "%internal_key%",
                    extKeys: [
                        {
                            extKey: "%ext_key%",
                            device: null,
                            geo: null,
                            env: "%env_name%",
                            expDate: null,
                            dashboardAccess: true
                        }
                    ],
                    config: {
                        "%env_name%": {
                            commonFields: {...},
                            urac: {...},
                            oauth: {
                                loginMode: "urac",
	                            passportLogin: {
		                            "github": {...},
									"facebook": {...},
									"twitter": {...},
									"google": {...},
	                            }
                            }
                        }
                    }
                }
            ]
        }
    ]
}

Steps to add tenant-level configuration for OAuth


1 - Go to the tenant configuration under Multitenancy in the Manage pillar

   

2 - Go to the key which you want to use to configure OAuth


3 - Click on Edit Service Configuration to add OAuth Configuration.


2 - Environment configuration (registry)

This configuration is on the environment level. OAuth configuration can be added from SOAJS Console.


Steps to create a Custom Registry for OAuth


Go to Deploy → Registries → Add New Custom Registry


Click on Configure to add configuration to the created registry

Click on Plug to plug registry 

You can later unplug the registry by clicking on Unplug

3 - Separate Database for tokens and users

OAuth can have a separate database that can be added from Deploy tab in SOAJS Console → Databases


Steps to create a database for OAuth


The database should have the name "oauth" to be used.


Tenant Key Configuration (provision)


Location

In provision - key configuration

Passport Login: Define application keys for passport integration. Currently supporting Github, Twitter, Facebook, and Google. Go to the link for more information and an example of the configuration.

/wiki/spaces/OAUT/pages/1433927681: Azure Active Directory Authentication Libraries allow the integration with Azure AD.

OpenAM login: SSO (Single Sign-On).

LDAP (Lightweight Directory Access Protocol) login: Active directory login.


  • No labels