B.7.4 Authorization Properties
MicroTx supports authorization across participant services and coordinator by propagating the JWT token in every request. Use the authTokenPropagationEnabled
field to control this function. Configure your identity providers to auto-refresh the expired access tokens at the coordinator.
Property | Description |
---|---|
enabled |
Set this to true to enable MicroTx check the subject in the incoming JWT token. MicroTx then tags the subject or user against the transaction ID, and further changes to the transaction is allowed only by the tagged subject or user. If you set this field to false , you don't have to provide values for the other properties under tmmConfiguration.authorization .
Caution: You must set this field totrue in production environments.
|
authTokenPropagationEnabled |
Set this to true to enable token propagation to ensure secure communication between participant services and MicroTx. When you enable token propagation, you must provide the details for the encryption keys under the encryption property in the tcs-docker-swarm.yaml file.
|
IdentityProviderName |
Specify the identity provider that you are using. Permitted values are: IDCS for Oracle IDCS and Oracle IAM, KEYCLOAK for Keycloak, AZURE_AD for Azure Active Directory, and MICROSOFT_AD for Microsoft Active Directory.
|
IdentityProviderUrl |
Specify the URL of the identity provider. This information is required to create a new access token by using the refresh token. If you do not provide this information, expired access tokens are not auto-refreshed. |
IdentityProviderClientId |
Specify the client ID of the identity provider. This information is required to create a new access token by using the refresh token. If you do not provide this information, expired access tokens are not auto-refreshed. |
Parent topic: Configure the tcs-docker-swarm.yaml File