IAM
IAM APIs for authentication and token management.
Authentication
The IAM authentication service is a service used internally in TSB to authenticate the different components of the platform and to provide JWT token lifecycle management.
Authenticate
Refresh
RevokeToken
Credentials
Credentials used in the authentication API, to be exchanged by a bearer access token and a refresh token.
Field | Description | Validation Rule |
---|---|---|
basic | tetrateio.api.iam.v1.Credentials.BasicAuth oneof _auth | – |
token | tetrateio.api.iam.v1.Credentials.TokenAuth oneof _auth | – |
nonce | tetrateio.api.iam.v1.Credentials.OIDCNonce oneof _auth | – |
BasicAuth
Credentials used to authenticate using HTTP Basic.
Field | Description | Validation Rule |
---|---|---|
username | string | string = { |
password | string | string = { |
OIDCNonce
OIDC nonce based credentials
Field | Description | Validation Rule |
---|---|---|
nonce | string | string = { |
TokenAuth
Token based credentials
Field | Description | Validation Rule |
---|---|---|
token | string | string = { |
RefreshTokenRequest
Request to refresh a bearer access token. The body of the message is empty as the refresh token will be provided in the request authentication.
RevokeTokenRequest
Request to revoke a set of tokens.
Field | Description | Validation Rule |
---|---|---|
tokens | List of string | repeated = { |
SuccessfulAuthentication
Contains a Bearer Access Token and a Refresh Token as the result of a successful authentication.
The Bearer Token is used to authorize requests from users. This token is a proof that a user is authenticated and can be used to issue authenticated requests to the target services. These tokens are usually short-lived.
The Refresh Token can be used to renew the bearer token if it's expired or lost. These tokens are usually long-lived.
Field | Description | Validation Rule |
---|---|---|
bearerToken | string | – |
refreshToken | string | – |