API & Worker Authentication #3052

azriel46d · 2022-06-16T07:46:26Z

azriel46d
Jun 16, 2022

Hi All,
What strategies are utilised in providing authentication to workers? I am seeing on Orkes, a key and a secret are provided to the worker to be able to authenticate, is this possible with Conductor without deviating from the fork?
The reason we are considering Conductor is with regards to Payment Orchestration within the banking industry, and, without an authentication layer, it would be very difficult to consider Conductor and its benefits for this.

I am aware that there is a fork which includes Oauth 2 , however, I'd rather stick to the original setup, since we do not have in-house Java expertise.

Also what are the possibilities that in production, workflows are set to read-only?

Answered by v1r3n

Jun 20, 2022

Hi @azriel46d at Orkes we use Key/Secret for the workers to generate a api token with a set expiry that is used to make all the calls.

All the workflows and tasks are protected using Rule Based Access Control and authorization layer which makes it possible to define groups/users with different level of authorization including read-only workflows. This is a layer on top of the OSS without changing the OSS layer or creating a fork of OSS. We do plan to push this to OSS as well in future.

View full answer

v1r3n · 2022-06-20T08:43:55Z

v1r3n
Jun 20, 2022

Hi @azriel46d at Orkes we use Key/Secret for the workers to generate a api token with a set expiry that is used to make all the calls.

All the workflows and tasks are protected using Rule Based Access Control and authorization layer which makes it possible to define groups/users with different level of authorization including read-only workflows. This is a layer on top of the OSS without changing the OSS layer or creating a fork of OSS. We do plan to push this to OSS as well in future.

5 replies

azriel46d Jun 20, 2022
Author

Thanks for this. Is there any particular timeline to this being pushed to the OSS?
Although Orkes Key/Secret would solve the problem, unfortunately Orkes is not a setup which we can particularly adopt as all the installation requires to be in our own private cloud/on premise.
What we are looking at is adding a layer on top of Conductor. Since we are using Kubernetes we are looking at managing authentication via Istio thus providing a similar setup to the mentioned security. I'd love to hear how others are handling security concerns.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

API & Worker Authentication #3052

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment 5 replies

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

API & Worker Authentication #3052

Uh oh!

azriel46d Jun 16, 2022

Replies: 1 comment · 5 replies

Uh oh!

v1r3n Jun 20, 2022

Uh oh!

azriel46d Jun 20, 2022 Author

Uh oh!

ghost Dec 16, 2022

Uh oh!

JCHacking May 30, 2023

Uh oh!

v1r3n Jun 1, 2023

Uh oh!

JCHacking Jun 1, 2023

azriel46d
Jun 16, 2022

Replies: 1 comment 5 replies

v1r3n
Jun 20, 2022

azriel46d Jun 20, 2022
Author