Auth Service Overview
Auth Service provides authentication, authorization, identity-provider integration, RBAC context, API keys, service-account token flows, and DID key management for the Governance Platform.
It is deployed behind the platform ingress and is normally reached through the
/authService path.
Responsibilities
Section titled “Responsibilities”- Validate user JWTs and API keys for platform services.
- Normalize user and membership context across supported identity providers.
- Manage organization and project role assignments.
- Issue and validate service-account tokens for worker workflows.
- Manage DID signing keys through the configured key-management provider.
- Expose API key lifecycle endpoints for machine integrations.
Supported Identity Providers
Section titled “Supported Identity Providers”The released platform charts document Auth0, Microsoft Entra ID, and Keycloak as full-platform identity-provider choices for Governance Studio and platform services.
Auth Service also supports a service-level generic OIDC provider. Use generic OIDC only with an EQTY-reviewed configuration because browser login, membership, user-management, and worker flows may require provider-specific mapping that is not covered by the standard chart examples.