Implement M2M Authentication for Internal Services
Add machine-to-machine authentication for internal service-to-service communication.
- Configure FusionAuth for M2M client credentials flow
- Services authenticate using client ID and secret
- Issue JWT tokens with appropriate scopes for service access
- Services needing M2M auth:
- Portal API
- Event Manager
- Other internal services as needed
- Implement token validation in receiving services
- Secure storage of client secrets (environment variables or secrets manager)
Open questions:
- What scopes/permissions should each service have?
- How will client secrets be rotated?
- Should services use short-lived tokens with refresh, or longer-lived tokens?