Skip to content

Authentication Service

Jump to bottom
Julien Dufresne edited this page Apr 13, 2019 · 1 revision

You can take a look at the repository here.

Note: The authetication service is also known as SecureTokenService (sts). We use sts in our configurations.

Certificates

The Authentication service need a certificate to sign tokens (access_token). You can generate the certificates with the generate_certificate.sh

bash generate_certificate.sh

The script will create a keys folder with all the needed certificates in it.

Environment variables

You will need to provide all these variables when running the service.

AUDIENCE=
CERT_PASSWORD=
CERT_PATH=
DB_CONNECTION_STRING=
DB_NAME=
ISSUERS=
ISSUER_URI=
MAIL_API_URL
PORT=
STS_API_URL=
STS_CLIENT_ID=
STS_CLIENT_SCOPE=
STS_CLIENT_SECRET=
  • AUDIENCE: Accepted audience by the service (put default sts_api)
  • CERT_PASSWORD: Password that you use for the certificate
  • CERT_PATH: Path to the .pfx certificate
  • DB_CONNECTION_STRING: Mongo connection string
  • DB_NAME: Mongo database name
  • ISSUERS: Issuers of the token (ex: https://api.csgames.org)
  • ISSUER_URI: Uri of the issuer (ex: https://api.csgames.org)
  • MAIL_API_URL: URL of the mail service (ex: https://mail.csgames.org)
  • PORT: Port of the application (default 5555)
  • STS_API_URL: URL of the authetication service (ex: http://localhost:5555)
  • STS_CLIENT_ID: Client id of the application (ex: sts)
  • STS_CLIENT_SCOPE: Client scope of the application (ex: sts_api mail_api)
  • STS_CLIENT_SECRET: Client secret of the application

Deploy on Kubernetes

The k8s configuration are in the folder k8s/sts. We have configuration for the environment: staging and production

Setup environment variables

Go in the folder of the environment you want to deploy. In this folder, copy the .env-sample file and name it .env

You need to put all the environment variables list in the section Environment variables

When your .env is completed, you can run

./01_configmap.sh

This script will create a config-map on your k8s cluster

Run k8s configuration

Now that the config-map is created, you can run

kubectl apply -f .

This will create the configuration for the deployment and the service on the Authentication Service on your kubernetes cluster

Clone this wiki locally