Affects Version/s: None
Fix Version/s: None
While I was working on OLMIS-5415 I had a big problem to get information about who exactly generated and used the given service-level token. This was important information because between reference data and hapifhir services there is bidirectional communication and I had to avoid the endless loop of requests between those services.
A task is to find a way to determine who generate and use the given service-level token. There are a few ways to do this:
- create custom header - this will require an extra check that the header can be used only with service-level tokens
- ask consul about service name based on client IP address
- add this information into access_token details (similar how we do with user id)
- modify request body
- find a good way to determine who generate and use the given service-level token
- present results on dev group/tech committee meeting
- create a ticket to implement the chosen solution
- create a ticket to use the solution in reference data and FHIR services to enable service-level tokens for 1st and 2nd use cases.