Versions Compared

Version Old Version 2 New Version 3
Changes made by

Miguel Rosas

Miguel Rosas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

ModelOp follows the next security architecture:Image Removed

...

Technical implementation details:

  • There are 2 Two main points of entry:

    • OAuth2Login

    • ResourceServer

  • The image from above represents the Gateway architecture specifically for JWT.

  • The Resource server will be using JWT and local validations through JOSE to validate the tokenFor the ResourceServer implementation, the architecture supports JWT and Opaque independently.

    • Jwt:

      • Token local validations performed by JWKs.

    • Opaque:

      • Token validations performed by introspection; through an token introspection resolver ( in case more than one token introspection defined ).

...

How to define a MicroService as Resource Server (RS):

  1. Identify the type of tokens to be supported

  2. Define profiles accordingly

  3. Add required YAML configurations.

...

Opaque Query Param RS uses an introspection endpoint to validate the token.

breakoutMode
Code Block
wide
oauth2:
  # Values for Resource Servers.
  resource-server:
    ##Base RS conf
    base-conf:
      user-info-uri: https://authorization.server/idp/userinfo.openid

    # Traditional approaches will require only introspection-uri, this approach uses NimbusOpaqueTokenIntrospector
    opaque:
      client-id: model-manage-client
      client-secret: client-secret
      introspection-uri: https://internal.pf.modelop.center/as/introspect.oauth2

    # Specifically opaque-queryparam is for a specific client needs that supports 2 OAuth2 providers at the same time...
    opaque-queryparam:
      queryparam: otoken
      introspection-uri: https://authorization.server/rs/validate/AppIdClaim

...

JWT detailed architecture overview

Image Added

Opaque detailed architecture overview

...