Tetrate Istio Subscription PlusVersion: Latest

IAM

The differences between TSB and Tetrate Istio Subscription Plus (TIS+)

Tetrate Istio Subscription Plus (TIS+) utilizes many of the same components as the Tetrate Service Bridge(TSB) product but has the several distinctions.

IAM APIs for authentication and token management.

Authentication

The IAM authentication service is a service used internally in TIS+ to authenticate the different components of the platform and to provide JWT token lifecycle management.

Authenticate

Refresh

RevokeToken

Credentials

Credentials used in the authentication API, to be exchanged by a bearer access token and a refresh token.

Field	Description	Validation Rule
basic	tetrateio.api.iam.v1.Credentials.BasicAuth ^{oneof _auth} Basic username/password authentication.	–
token	tetrateio.api.iam.v1.Credentials.TokenAuth ^{oneof _auth} Token based authentication.	–
nonce	tetrateio.api.iam.v1.Credentials.OIDCNonce ^{oneof _auth} OIDC nonce based authentication.	–

BasicAuth

Credentials used to authenticate using HTTP Basic.

Field	Description	Validation Rule
username	string REQUIRED The login username.	string = { min_len: `1` }
password	string REQUIRED The password.	string = { min_len: `1` }

OIDCNonce

OIDC nonce based credentials

Field	Description	Validation Rule
nonce	string REQUIRED	string = { min_len: `1` }

TokenAuth

Token based credentials

Field	Description	Validation Rule
token	string REQUIRED Bearer access token.	string = { min_len: `1` }

RefreshTokenRequest

Request to refresh a bearer access token. The body of the message is empty as the refresh token will be provided in the request authentication.

RevokeTokenRequest

Request to revoke a set of tokens.

Field	Description	Validation Rule
tokens	List of string REQUIRED List of tokens to revoke.	repeated = { min_items: `1` items: `{string:{min_len:1}}` }

SuccessfulAuthentication

Contains a Bearer Access Token and a Refresh Token as the result of a successful authentication.

The Bearer Token is used to authorize requests from users. This token is a proof that a user is authenticated and can be used to issue authenticated requests to the target services. These tokens are usually short-lived.

The Refresh Token can be used to renew the bearer token if it's expired or lost. These tokens are usually long-lived.

Field	Description	Validation Rule
bearerToken	string The bearer access token that can be used to access protected resources on behalf of the authenticated principal.	–
refreshToken	string The refresh token that can be used to obtain new bearer access tokens.	–

Authentication​

Authenticate​

Refresh​

RevokeToken​

Credentials​

BasicAuth​

OIDCNonce​

TokenAuth​

RefreshTokenRequest​

RevokeTokenRequest​

SuccessfulAuthentication​