Skip to content

Conductor 0.3.alpha
Compare
Choose a tag to compare
@danielgerlag danielgerlag released this 27 Dec 15:55
· 21 commits to master since this release
0.3.alpha
0460548
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Conductor 0.3.alpha

Authentication

Conductor supports integrated authentication using the OpenID Connect protocol.

By default, authentication is disabled. To enable it,

  • Set the auth environment variable to 'true'
  • Set the alg environment variable to the signing algorithm (RS256 or ES256)
  • Set the publickey variable to a Base64 encoded public key.

If authentication is enabled then you need to include a signed JWT bearer token along with every request. The is done by adding the Authorization: Bearer <<token>> header to each request.
The token should be a valid JWT token that was signed with the corresponding private key to the public one in the environment variable.

The token must also include a scope claim that indicate the level of access. The following scopes are used within Conductor.

  • conductor:admin - Adminstrative tasks.
  • conductor:author - Authoring of workflow definitions and steps.
  • conductor:controller - Starting, stopping, suspending and resuming workflows.
  • conductor:viewer - Querying the status of a workflow.

A minimal JWT payload the include all the scopes would look as follows

{
  "scope": "conductor:admin conductor:author conductor:controller conductor:viewer"
}

Some authentication servers that support OpenID Connect include

Assets 2
Loading