I'm wondering how to achieve using the Auth Token when also having multiple RESTheart instances. Currently we have multiple instances deployed to kubernetes and made them available using an ingress definition. We do not want to make use of a sticky session in order to be able to use all instances.
Regarding the documentation https://restheart.org/learn/clients-authentication/ we may also send Basic Auth using username:password. But nevertheless we're wondering how to implement the distributed auth token cache you mention there. Are there any examples for this? Or any hints?
Regards, Christian
As stated in the documentation:
Pay attention to the authentication token in case of multi-node deployments (horizontal scalability). In this case, you need to either disable it or use a load balancer with the sticky session option or use a distributed auth token cache implementation (not yet available in the current version but you can ask for support).
The task on the project jira is https://softinstigate.atlassian.net/browse/RH-51:
RESTHeart makes use of caches for different purposes (e.g. db and collection properties, db based IDM, session token authentication). These are usually implemented using guava cache.
These are local caches that might pose issues in clustered deployments. We need to allow specifying the actual cache implementation via configuration.
We can then have different implementations:
- local guava cache
- a distributed cache (for instance, implementing the JCache specs)
- a cache that sync data between different instances via a mongodb collection. note that from mongo v3.6 change stream allows notification of data changes