Tractus-X Knowledge Agents (Not Only) JWT-Based Authentication Stack EDC Extension (KA-EDC-JWT-AUTH)
This folder hosts an authentication extension to the Eclipse Dataspace Connector (EDC).
It allows to configure and build Authentication Services, such as the validation of
It allows to install authentication filters that are backed by those authentication services into various web service contexts (in addition to or in place of other authentication mechanisms).
Add the following dependency to your EDC artifact pom:
<dependency>
<groupId>org.eclipse.tractusx.agents.edc</groupId>
<artifactId>auth-jwt</artifactId>
<version>1.13.22-SNAPSHOT</version>
</dependency>and the following repo to your repositories section
<repository>
<id>github</id>
<name>Tractus-X KA-EDC Maven Repository on Github</name>
<url>https://maven.pkg.github.com/eclipse-tractusx/knowledge-agents-edc</url>
</repository> The following is a list of configuration properties (or environment variables) that you might set. The environment variables key is obtained by upper-casing the property name and replacing dots with underscores, e.g. 'cx.agent.asset.file' becomes 'CX_AGENT_ASSET_FILE'. When the property is marked as 'X' in the 'Required' column, the extension would not work when it is not set. When the property is marked as '(X)' it means that the extension would work, but with restrictions. When the property is marked as 'L' in the 'List' column, it accepts a comma-separated list of values. When the property is marked as '*' in the 'List' column, then this indicates that you may have multiple instances of the property (by replacing the in the property name by a unique id).
| SETTING | Required | Default/Example | Description |
|---|---|---|---|
| tractusx.auth..type | no | jwt | Introduces a new authentication filter ('jwt', 'api-key' or 'composite') |
| tractusx.auth..register | no | true | Whether the filter should be registered in the EDC list |
| tractusx.auth..paths | no | default | A list of web service paths which should be secured using that service |
| tractusx.auth..exclude | no | .(/check/). | A regular expression excluding particular paths from authentication |
| tractusx.auth..publickey | yes, if type = 'jwt' | https://keycloak.instance/auth/realms/REALM/protocol/openid-connect/certs | download url for public cert of REALM |
| tractusx.auth..checkexpiry | no, if type = 'jwt' | true | Whether tokens should be checked for expiry |
| tractusx.auth..apicode | no, if type = 'api-key' | 69609650 | Hashcode for the api key (here :'Hello') - alternatively use vault-key |
| tractusx.auth..vaultkey | no, if type = 'api-key' | edc-api-key | Key for the api-key in the configured vault - alternatively use api-code |
| tractusx.auth..mode | no, if type = 'composite' | ALL | Determines the mode of composition, 'ALL' means that all subservices need to be successful, 'ONE' means that one of the subservices needs to be successful |
| tractusx.auth..service..type | no, if type = 'composite' | api-key | Adds a sub-service to a composite authentication service |