Skip to content

Commit 1a55eba

Browse files
thisthatthisthat
committed
feat(docs): add documentation for HTTP OAuth
Signed-off-by: Giovanni Liva <[email protected]>
1 parent 5ff38b4 commit 1a55eba

File tree

1 file changed

+41
-1
lines changed

1 file changed

+41
-1
lines changed

docs/reference/sync-configuration.md

Lines changed: 41 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -78,7 +78,7 @@ Sync providers:
7878
- `file` - config/samples/example_flags.json
7979
- `fsnotify` - config/samples/example_flags.json
8080
- `fileinfo` - config/samples/example_flags.json
81-
- `http` - <http://my-flag-source.com/flags.json>
81+
- [`http`](#http-configuration) - <http://my-flag-source.com/flags.json>
8282
- `https` - <https://my-secure-flag-source.com/flags.json>
8383
- `kubernetes` - default/my-flag-config
8484
- `grpc`(insecure) - grpc-source:8080
@@ -139,3 +139,43 @@ sources:
139139
- uri: azblob://my-container/my-flags.json
140140
provider: azblob
141141
```
142+
143+
### HTTP Configuration
144+
145+
The HTTP Configuration also supports OAuth that allows to securely fetch feature flag configurations from an HTTP endpoint
146+
that requires OAuth-based authentication.
147+
To enable OAuth, you need to update your Flagd configuration setting the `oauth` object which contains parameters to configure
148+
the `clien_id`, `client_secret`, and the endpoint of the OAuth Server.
149+
150+
```sh
151+
./bin/flagd start
152+
--sources='[{
153+
"uri": "http://localhost:8180/flags",
154+
"provider": "http",
155+
"interval": 1,
156+
"timeoutS": 10,
157+
"oauth": {
158+
"clientID": "test",
159+
"clientSecret": "test",
160+
"tokenURL": "http://localhost:8180/sso/oauth2/token"
161+
}}]'
162+
```
163+
164+
When deploying Flagd in Kubernetes, you can securely manage the secrets from the file system. In this case, the client id and secret
165+
will be read from the files `client-id` and `client-secret`, respectively.
166+
To support rotating the secrets without restarting flagd, the additional parameter `ReloadDelayS` can be used to force
167+
the reload of the secrets from the filesystem every `ReloadDelayS` seconds.
168+
169+
```sh
170+
./bin/flagd start
171+
--sources='[{
172+
"uri": "http://localhost:8180/flags",
173+
"provider": "http",
174+
"interval": 1,
175+
"timeoutS": 10,
176+
"oauth": {
177+
"folder": "/etc/secrets",
178+
"ReloadDelayS": "60",
179+
"tokenURL": "http://localhost:8180/sso/oauth2/token"
180+
}}]'
181+
```

0 commit comments

Comments
 (0)