Skip to content

04 Explanation

github-actions[bot] edited this page Oct 29, 2024 · 1 revision

Tokens, Users and Roles

Tokens used in DX

  • Tokens for a user could be created using DX AAA Server API : link to the API docs. The token used in DX are :
Token Purpose Users
DX Identity token Serves as an identifier of the user to the server to access the DX server capabilities Provider, provider delegate, consumer, consumer delegate, cos admin, admin
Keycloak token Access token as bearer credential is generated by Keycloak by providing the client's email ID and password and then adding bearer to the access token : bearer <access-token> DX AAA Server, Users
Access token To get access to resource, resource group Provider, provider delegate, consumer, consumer delegate

Tokens accepted in DX Resource Server

Access Policy
  • secure - secure access policy represents that the resource on which request is made is secure, so it will have some associated constraints.
  • open - open access policy represents that the resource on which request is made is open, its don't have associated constraints.

Tokens accepted by the DX Resource Server are the DX Identity token and access token(open/secure). Identity token is used for user specific APIs whereas the bearer token is used for the Verify API. Providers, Consumers and delegates of providers and consumers are allowed to access the following APIs using the mentioned token:

API Users
Search APIs (open resource) admin, provider, provider delegate, consumer, consumer delegate
Search APIs (secure resource) consumer, consumer delegate, provider delegate, provider
Async APIs (secure resource) consumer, consumer delegate, provider delegate, provider
Async APIs (open resource) admin, provider, provider delegate, consumer, consumer delegate
Metering Apis admin, provider, provider delegate, consumer, consumer delegate
Subscription API consumer, consumer delegate
Adaptor Api provider, provider delegate
Management API Consumer, consumer delegate

Users and Roles

All registered users of DX can access the DX Resource Server. The DX Resource Server identifies the user based on the token information which is provided by DX AAA Server.

How is the user considered as a consumer, provider or delegate?

  • While decoding the token at the DX Resource Server, the role in token fetched from DX AAA Server and then the following rules is applied to identify the user
    • A user is considered as a provider if role is provider
    • A user is considered as a consumer if role is consumer
    • A user is considered as a delegate of the consumer if role is delegate and drl is consumer
    • A user is considered as a delegate of the provider if role is delegate and drl is provider

Terminologies and Definitions

  • Access Token : Access Token in resource server is Open and Secure tokens.
  • Delegate : Consumer or provider appointed user who could act on behalf of the delegator