Skip to main content
logoTetrate Service BridgeVersion: next

IAM

IAM APIs for authentication and token management.

Authentication

The IAM authentication service is a service used internally in TSB to authenticate the different components of the platform and to provide JWT token lifecycle management.

Authenticate

Refresh

RevokeToken

Credentials

Credentials used in the authentication API, to be exchanged by a bearer access token and a refresh token.

FieldDescriptionValidation Rule

basic

tetrateio.api.iam.v1.Credentials.BasicAuth oneof _auth
Basic username/password authentication.

token

tetrateio.api.iam.v1.Credentials.TokenAuth oneof _auth
Token based authentication.

nonce

tetrateio.api.iam.v1.Credentials.OIDCNonce oneof _auth
OIDC nonce based authentication.

BasicAuth

Credentials used to authenticate using HTTP Basic.

FieldDescriptionValidation Rule

username

string
REQUIRED
The login username.

string = {
  min_len: 1
}

password

string
REQUIRED
The password.

string = {
  min_len: 1
}

OIDCNonce

OIDC nonce based credentials

FieldDescriptionValidation Rule

nonce

string
REQUIRED

string = {
  min_len: 1
}

TokenAuth

Token based credentials

FieldDescriptionValidation Rule

token

string
REQUIRED
Bearer access token.

string = {
  min_len: 1
}

RefreshTokenRequest

Request to refresh a bearer access token. The body of the message is empty as the refresh token will be provided in the request authentication.

RevokeTokenRequest

Request to revoke a set of tokens.

FieldDescriptionValidation Rule

tokens

List of string
REQUIRED
List of tokens to revoke.

repeated = {
  min_items: 1
  items: {string:{min_len:1}}
}

SuccessfulAuthentication

Contains a Bearer Access Token and a Refresh Token as the result of a successful authentication.

The Bearer Token is used to authorize requests from users. This token is a proof that a user is authenticated and can be used to issue authenticated requests to the target services. These tokens are usually short-lived.

The Refresh Token can be used to renew the bearer token if it's expired or lost. These tokens are usually long-lived.

FieldDescriptionValidation Rule

bearerToken

string
The bearer access token that can be used to access protected resources on behalf of the authenticated principal.

refreshToken

string
The refresh token that can be used to obtain new bearer access tokens.