Skip to content

Auth Service Overview

Auth Service provides authentication, authorization, identity-provider integration, RBAC context, API keys, service-account token flows, and DID key management for the Governance Platform.

It is deployed behind the platform ingress and is normally reached through the /authService path.

  • Validate user JWTs and API keys for platform services.
  • Normalize user and membership context across supported identity providers.
  • Manage organization and project role assignments.
  • Issue and validate service-account tokens for worker workflows.
  • Manage DID signing keys through the configured key-management provider.
  • Expose API key lifecycle endpoints for machine integrations.

The released platform charts document Auth0, Microsoft Entra ID, and Keycloak as full-platform identity-provider choices for Governance Studio and platform services.

Auth Service also supports a service-level generic OIDC provider. Use generic OIDC only with an EQTY-reviewed configuration because browser login, membership, user-management, and worker flows may require provider-specific mapping that is not covered by the standard chart examples.