Uploaded image for project: 'OpenLMIS General'
  1. OLMIS-5571

Spike: determine who generate and use service-level token


    • Type: Task
    • Status: RoadMap
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Sprint:


      While I was working on OLMIS‌-5415 I had a big problem to get information about who exactly generated and used the given service-level token. This was important information because between reference data and hapifhir services there is bidirectional communication and I had to avoid the endless loop of requests between those services.

      A task is to find a way to determine who generate and use the given service-level token. There are a few ways to do this:

      • create custom header - this will require an extra check that the header can be used only with service-level tokens
      • ask consul about service name based on client IP address
      • add this information into access_token details (similar how we do with user id)
      • modify request body

      Acceptance criteria

      • find a good way to determine who generate and use the given service-level token
      • present results on dev group/tech committee meeting
      • create a ticket to implement the chosen solution
        • create a ticket to use the solution in reference data and FHIR services to enable service-level tokens for 1st and 2nd use cases.


          Issue links



              • Assignee:
                llewczynski Łukasz Lewczyński
              • Votes:
                0 Vote for this issue
                1 Start watching this issue


                • Created: