mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2026-01-06 05:01:10 -05:00
19 lines
1.2 KiB
Markdown
19 lines
1.2 KiB
Markdown
# Auth-Machine
|
|
|
|
The OpenCloud Auth Machine is used for interservice communication when using user impersonation.
|
|
|
|
OpenCloud uses serveral authentication services for different use cases. All services that start with `auth-` are part of the authentication service family. Each member authenticates requests with different scopes. As of now, these services exist:
|
|
- `auth-app` handles authentication of external 3rd party apps
|
|
- `auth-basic` handles basic authentication
|
|
- `auth-bearer` handles oidc authentication
|
|
- `auth-machine` handles interservice authentication when a user is impersonated
|
|
- `auth-service` handles interservice authentication when using service accounts
|
|
|
|
## User Impersonation
|
|
|
|
When one OpenCloud service is trying to talk to other OpenCloud services, it needs to authenticate itself. To do so, it will impersonate a user using the `auth-machine` service. It will then act on behalf of this user. Any action will show up as action of this specific user, which gets visible when e.g. logged in the audit log.
|
|
|
|
## Deprecation
|
|
|
|
With the upcoming `auth-service` service, the `auth-machine` service will be used less frequently and is probably a candidate for deprecation.
|