Skip to content

Latest commit

 

History

History
46 lines (33 loc) · 1.67 KB

oauth.md

File metadata and controls

46 lines (33 loc) · 1.67 KB

<- Back to Index

OAuth Support

LRSPipe supports the use of OAuth 2.0 with LRS endpoints that support it via the Client Credentials Grant

Client Credentials Grant

To use OAuth, specify a source/target auth-uri, client-id and client-secret:

bin/run.sh --source-url http://0.0.0.0:8080/xapi \
           --source-auth-uri http://0.0.0.0:8083/auth/realms/test/protocol/openid-connect \
           --source-client-id a_client_id \
           --source-client-secret 1234 \
           --target-url http://0.0.0.0:8081/xapi \
           --target-auth-uri http://0.0.0.0:8083/auth/realms/test/protocol/openid-connect \
           --target-client-id b_client_id \
           --target-client-secret 1234

LRSPipe will connect to the specified auth provider(s) and provide up-to-date tokens for LRS requests as needed.

Scope

According to OAuth 2.0 an optional scope parameter can be provided on Client Credentials Grant requests. To set this value for the source/target LRS:

bin/run.sh ... \
           --source-scope "lrs:read" \
           --target-scope "lrs:write"

Note that the configuration of claims like scope should be done on the OAuth client itself. This option is provided for backwards compatibility only.

Manual Bearer Token Usage

If you have a bearer token that will be valid for the duration of your job, you can pass it directly:

bin/run.sh --source-url http://0.0.0.0:8080/xapi \
           --source-token eyJhbGciOi...
           --target-url http://0.0.0.0:8081/xapi \
           --target-token eyJhbGciOi...

<- Back to Index