How to properly establish authenticated requests to other EdgeX services?

[ouroborosng]

Hi folks

I have run the eKuiper rule engine with EdgeX. I followed the documentation to create an EdgeX stream and a rule as follows.

# stream
curl -X DELETE $ekuiper_docker:59720/streams/dht11

# rule
curl -X POST \
  http://$ekuiper_docker:59720/rules \
  -H 'Content-Type: application/json' \
  -d '{
  "id": "FanPwmOver25DegreeCelsius",
  "sql": "SELECT temperature FROM dht11 WHERE temperature > 25",
  "actions": [
    {
      "rest": {
        "url": "http://edgex-core-command:59882/api/v3/device/name/raspberry-pi-device/control-fan",
        "method": "put",
        "dataTemplate": "{\"pwm\":\"80\"}",
        "headers": {
          "Authorization": "Bearer <hard coding token>"
        },
        "sendSingle": false
      }
    }
    }
  ]
}'

Currently, when calling the EdgeX Core Command service through the REST API, an effective token with a validity period must be included when creating the rule. However, once the token expires, the API call will fail due to an invalid token.

It would be appreciated if anyone could share best practices. Alternatively, does anyone know how the eKuiper rule engine can initiate authenticated requests based on the EdgeX service-to-service clients' scenarios?

[ngjaying]

It can set refresh token, I don't know if that works. Check https://ekuiper.org/docs/en/v1.14/guide/sources/builtin/http_pull.html#oauth-authentication

[ngjaying]

No. I just mean I have no answer now, but the spec REST sink supports should be able to authenticate. Do you have an example how you can authenticate through REST API? Does it use a link to get token?

[ouroborosng]

To provide more context, my scenario is to establish a rule that triggers the command microservice's REST API to activate a fan for cooling when the monitored temperature reaches a specific level.

I am also new to EdgeX, currently, I am obtaining the token using the method described in the EdgeX documentation under Authentication for Non-service Clients, and hardcoding it in the rest action block of the rule. This is precisely where my issue lies: once the token expires, the rule will no longer be authorized to invoke the command microservice's REST API.

[ngjaying]

Could you please help to summarize how to authroize and refresh token when using EdgeX API by postman or any http client tool manually? With that information, we can configure eKuiper rest sink to do that automatically.

[ouroborosng]

Sorry for the confusion.

I get the token by following the EdgeX documentation, which uses the make get-token command, and then writing it into the rule for usage. That's why I have a question regarding how to refresh the expired token.

[ngjaying]

Could you help to figure out how to refresh token manually? Call make get-token again? I assume they have some REST API to get or refresh token.