wazo-auth is the authentication server used by the Wazo platform.
wazo-auth is used to:
The REST API for wazo-auth is available here.
The bus events are defined here.
The database tables are defined here.
A policy is a list of access that is used to access Wazo resources. Policies can be created, deleted or modified using the REST API.
A token is used to identify and authorize all HTTP queries done on the wazo-platform. Each token has an expiration and can be revoked by the user.
The token should be added to each subsequent HTTP request using the 'X-Auth-Token' HTTP header.
Wazo services expose more and more resources through REST API, but they also ensure that the access is restricted to the authorized programs.
Here is the call flow to access a REST resource of a Wazo service:
Serviceand validates the required ACL with the token.
Wazo services directly use this system to communicate with each other, as you can see in their Web Services Access.