Authenticates a service account and issues a JWT. More...
#include <login_protocol.hpp>
Collaboration diagram for service_login_request:
Public Types | |
| using | response_type = service_login_response |
Public Attributes | |
| std::string | username |
| std::string | password |
Static Public Attributes | |
| static constexpr std::string_view | nats_subject = "iam.v1.auth.service-login" |
Detailed Description
Authenticates a service account and issues a JWT.
Service accounts cannot log in with the regular password-based login path. They authenticate by presenting their database user password (which is stored as a SHA-256 hash in the service account row). On success the IAM service creates a session and returns a short-lived RS256 JWT identical in structure to a human login token.
The username must match the username column of an existing service account (i.e. the database user name such as "ores_local1_reporting_service"). The password is the plaintext database password for that user.
