Evaluate Need for the IServiceAccountJwtClient
Notification Service makes a call to Register Service to query the subscription to get the push endpoint. In Notification Service, before calling the Register Service, headers with the data-partition-id from the original request and jwt of the service account are created. In the following snippet we can see that we are expected to retrieve an Idtoken, instead of an 'AccessToken'.
- Why does it need an IdToken v/s an Access token?
- Since RegisterService has its own entitlements, why can't we pass the AuthorizationToken from the original request to Register Service since the groups required for both the services need SERVICE.OPS role?
case POST:
case PUT:
case PATCH: {
Map<String, String> attributes = this.pubsubRequestBodyExtractor.extractAttributesFromRequestBody();
try {
//extract headers from pubsub message
String dataPartitionId = attributes.get(DpsHeaders.DATA_PARTITION_ID);
String authToken = this.serviceAccountJwtClient.getIdToken(dataPartitionId);
attributes.put(DpsHeaders.AUTHORIZATION, authToken);
return DpsHeaders.createFromMap(attributes);
} catch (AppException e) {
throw new Exception("Failed to generate headers for register service.");
}
}```