Authentication includes: client authentication and site authentication
Authentication configuration: $FATE_BASE/conf/service_conf.yaml
.
## Site authentication requires configuration of the party site id
party_id:
# Hook module, need to configure different hooks according to different scenarios
hook_module:
client_authentication: fate_flow.hook.flow.client_authentication
site_authentication: fate_flow.hook.flow.site_authentication
# Third-party authentication service name
hook_server_name:
authentication:
client:
# Client authentication switch
switch: false
http_app_key:
http_secret_key:
site:
# Site authentication switch
switch: false
hook_module:
client_authentication: fate_flow.hook.flow.client_authentication
authentication:
client:
switch: true
http_app_key: "xxx"
http_secret_key: "xxx"
All client requests sent to Flow need to add the following header
`TIMESTAMP`: Unix timestamp in milliseconds, e.g. `1634890066095` means `2021-10-22 16:07:46 GMT+0800`, note that the difference between this time and the current time of the server cannot exceed 60 seconds
`NONCE`: random string, can use UUID, such as `782d733e-330f-11ec-8be9-a0369fa972af`
`APP_KEY`: must be consistent with `http_app_key` in the Flow configuration file
`SIGNATURE`: signature generated based on `http_secret_key` and request parameters in the Flow configuration file
TIMESTAMP
NONCE
APP_KEY
request path + query parameters, if there are no query parameters then the final ?
, such as /v1/job/submit
or /v1/data/upload?table_name=dvisits_hetero_guest&namespace=experiment
If Content-Type
is application/json
, then it is the original JSON, i.e. the request body; if not, this item is filled with the empty string
If Content-Type
is application/x-www-form-urlencoded
or multipart/form-data
, all parameters need to be sorted alphabetically and urlencode
, refer to RFC 3986 (i.e. except a-zA-Z0-9- . _~
), note that the file does not participate in the signature; if not, this item is filled with the empty string
Concatenate all parameters with the newline character \n
and encode them in ASCII
.
Use the HMAC-SHA1
algorithm to calculate the binary digest using the http_secret_key
key in the Flow configuration file
Encode the binary digest using base64
You can refer to Fate SDK
hook_module:
client_authentication: fate_flow.hook.api.client_authentication
authentication:
client:
switch: true
hook_server_name: "xxx"
party_id: 9999
hook_module:
site_authentication: fate_flow.hook.flow.site_authentication
authentication:
client:
switch: true
http_app_key: "xxx"
http_secret_key: "xxx"
{{snippet('cli/key.md', '### save')}}
{{snippet('cli/key.md', '### delete')}}
{{snippet('cli/key.md', '### query')}}
hook_module:
site_authentication: fate_flow.hook.api.site_authentication
authentication:
site:
switch: true
hook_server_name: "xxx"