Cumulocity IoT Feedback Portal
Add new feedback Subscribe
Status Future consideration
Workspace Cumulocity IoT Platform Services
Categories Authentication & Authorisation
Created by Peter Gaspar
Created on Mar 30, 2020

RELATED FEEDBACK

Allow for custom authentication for microservices end-points and frontend applications (disable Cumulocity authentication)

We would like to deploy new frontend application and microservices using their own authentication. Therefore we would need to have an option to disable Cumulocity authentication on the microservice endpoints and frontend application artifacts.

  • Attach files
  • Admin
    Nikolaus Neuerburg
    Reply
    |     Apr 2, 2020

    Hi Peter,

    thanks for the feedback. That indeed does answer the question on the use-cases.

    Indeed we have been thinking of this before as we have seen use-cases similar to the one you describe as number 3 and have the feature to expose an unauthenticaed microservice endpoint on the backlog already.

    One solution idea was to add the option to the microservice manifest that allows to configure a path for exposing unauthenticated content (e.g. "/public/"). Would this help you?

    To be fully transparent, this is currently not a priority topic for us and we currently do not plan to implement this any time soon.

    Regards,

    Nikolaus

  • Peter Gaspar
    Reply
    |     Apr 1, 2020

    Hi Nikolaus,

    we have 3 use cases in mind:

    1. We would like to use backend microservice for our application that will have its own user database for the frontend users. These users would not use the Cumulocity authentication, because they would not be present in the Cumulocity user database.
    2. Microservice that serves information for unauthenticated users. For example, position of a certain delivery based on the shipping number. The microservcie would use system user to get the data from cumulocity, but there would be no authentication for frontend and API endpoint of the microservice.
    3. Microservice as ���PUSH��� endpoint to integrate data from another platform. The other platform would push the data to this endpoint (with application-key instead of authentication) and the microservice would translate the data to cumulocity API and data structures.

    Does this answer the question?

    Thanks,
    Peter

    Von: Software AG <73b636ecec9711721709ed6f-trendminer@iad-prod1.mailer.aha.io>
    Gesendet: Dienstag, 31. M��rz 2020 12:08
    An: Aha!
    Betreff: Nikolaus Neuerburg responded to idea C8YCORE-I-159 Allow for custom authentication for microservices end-points and frontend applications (disable Cumulocity authentication)

  • Admin
    Nikolaus Neuerburg
    Reply
    |     Mar 31, 2020

    Hi Peter, thanks for the feedback. Could you provide a few more details on the use-case in question?