Improve support for service bearer token refresh #2241
Assignees
Comments
ashutosh-narkar
added a commit
to ashutosh-narkar/opa
that referenced
this issue
Apr 10, 2020
This change updates the bearer token config to allow clients to specify a path to the token. With this refreshing tokens becomes easier as OPA will now reload the token from file. Fixes open-policy-agent#2241 Signed-off-by: Ashutosh Narkar <anarkar4387@gmail.com>
ashutosh-narkar
added a commit
that referenced
this issue
Apr 11, 2020
This change updates the bearer token config to allow clients to specify a path to the token. With this refreshing tokens becomes easier as OPA will now reload the token from file. Fixes #2241 Signed-off-by: Ashutosh Narkar <anarkar4387@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Service clients using bearer tokens should be able to refresh those tokens without requiring a process restart. We support this today for mutual TLS so we should be able to do something similar for bearer token usage.
The easiest solution (IMO) would be to add a new
services[_].credentials.bearer.pathconfiguration field (name TBD) that specifies the path of a file containing the bearer token to read. OPA would re-read the file like it does with TLS certs/keys.@patrick-east what do you think?
The text was updated successfully, but these errors were encountered: