Machine-to-machine (m2m) communication automates data exchange between systems, secured by mechanisms like OAuth client credentials or API keys. Scope validation restricts each service to authorized resources and actions. Authentication ensures trusted requests, auditability, and protection against unauthorized access and data breaches.
Onecx-test-operator already has an api for security check of quarkus bffs.
Similar api can be implemented to check quarkus backends protected by access token only and can looks as follows
- skip nginx part
- get all apis via q/openapi internally
- check m2m scopes
- if scope defined - fire request and validate 401 (or 403 if operator's token provided) / check if whitelist is configured properly
- if not defined - report as
- input kubernetes service name
- open points: do we need to security:none for m2m?
Machine-to-machine (m2m) communication automates data exchange between systems, secured by mechanisms like OAuth client credentials or API keys. Scope validation restricts each service to authorized resources and actions. Authentication ensures trusted requests, auditability, and protection against unauthorized access and data breaches.
Onecx-test-operator already has an api for security check of quarkus bffs.
Similar api can be implemented to check quarkus backends protected by access token only and can looks as follows
- skip nginx part
- get all apis via q/openapi internally
- check m2m scopes
- if scope defined - fire request and validate 401 (or 403 if operator's token provided) / check if whitelist is configured properly
- if not defined - report as
- input kubernetes service name
- open points: do we need to security:none for m2m?