Feature Request: Support in Access keys as a second authentication method

[yanivbh1]

Description

Currently (v1.2.0), the only supported authentication method is using JWT.
While it is a standard for most use cases, not all systems support refreshing tokens nor concat a JWT token as a header.
Therefore, a second authentication method should be available to support the rest of the use cases in the shape of Access keys.

This feature contains:

• Adding support in access keys creation.
• Adding key management ability to the Web Console in the Users section.
• Add interpretation of access keys when interacting with the REST Gateway.

[mrchocha]

hey @yanivbh1, can you give some more context on following point?

Adding support in access keys creation for both the Cloud and OS.

didn't get what you mean by "Cloud and OS"? any doc/code which can be referred?

[yanivbh1]

Hey @mrchocha, please ignore. It was added by mistake.
Would you like to go for it?

[mrchocha]

yes @yanivbh1, I would love to work on this. Any suggestion where i should start form?

[yanivbh1]

That’s a very big and important feature.
Adding @idanasulinmemphis for backend guidance and @avrhamNeeman for front end mocks

[mrchocha]

@yanivbh1 one suggestion, can we break this issue in to 2 i.e (1. for frontend side and 2nd for backend side)? because i have very little experience in frontend part.

[yanivbh1]

@mrchocha sure!
To start, it would be great to implement a simple access / secret key mechanism.
Meaning the ability to create an access key, generate a secret key, and authenticate REST requests using it.

[mrchocha]

Hey @yanivbh1 / @idanasulinmemphis, I have couple of doubts.

1. There are generally 2 patterns for generating api token
   1. AWS like plateform create access key and secret key (i believe this pattern @yanivbh1 have suggested in comments).
   2. Github like plateform generates single API token.
      Any advantage we get on 1 over 2 (tried to find answer online but didn't got any satisfying answer)?
2. I was going throw the code and found that ConnectionToken is one of the input parameter, Can you tell me what is the use of it?

[idanasulin2706]

Hi @mrchocha, memphis can work with 2 types of auth methods:

1. user password based - different password for each user
2. connection token - same password for all users

Since the Rest GW is a separate component it gets as environment variable the type of authentication of the Memphis component it is working with.

Access keys is a more holistic ways of managing creds in order to access Memphis. Think of it like creating them and managing them from the Memphis broker but being able to use them when working with other components such as th Rest GW or more components to come in future