Merge pull request #20 from souravs17031999/feature/update-readme

Update README.md

README.md

@@ -48,11 +48,11 @@ or
 - REQUIRE_DB_MIGRATIONS
 - REQUIRE_DB_INSERT
 - SENDGRID_API_KEY_PROD
-- FIREBASE_PROFILE_PIC_PATH
 - REDIS_URL
 - NOTIFICATION_INTERNAL_URL
 - HEROKU_API_KEY
 - SECRET_KEY
+- OIDC_CONFIG
 
 ### Microservices:
 
@@ -75,14 +75,18 @@ breaking existing functionality.
 - Every push to master branch triggers github Makefile CI actions workflow which builds, test and deploy container images.
 - Additional code quality checks via [SONAR quality checks](https://sonarcloud.io/project/overview?id=souravs17031999_opioner-backend) have been integrated.
 
+@deprecated
 ### New Relic Monitoring
 - We already have integrated new relic monitoring dashboards but configuration file `newrelic.ini` will have to be provided (inserted at each service root dir) 
   and set `APM_MONITORING_NEWRELIC` to "True" to start application service with monitoring enabled.
   (for security reasons, configuration file will not be commited to this repo)
 
-### Token based authentication
-- All authorized routes are protected with JWT based token authentication which is expected by client to send in `Authorization` headers containing claims such as `user-id` and `roles` which can be fetched by first authorized login response token.
- It requires `SECRET_KEY` (random hard password string) for authentication to work properly. 
+### [Keycloak](https://github.com/souravs17031999/keycloak-opioner) based authentication and authorization
+- All routes are protected with JWT based token authentication issued by Keycloak.
+- Authn and Authz are decoupled from the business logic of the microservices and terminated at the 
+  entrypoints of the microservices.
+- Various types of checks such as token signature, expiration, roles etc are checked before request is sent
+  forward to actual view mapped for the route.
 
 ### Pagination in API's
 - Some API's such as for fetching public feeds which contains long lists of feeds data generated by various users is paginated for better client side experience
@@ -92,7 +96,8 @@ breaking existing functionality.
 - Currently, I have explored and made available instances of [Heroku postgresDB](https://devcenter.heroku.com/articles/heroku-postgresql) and [Amazon RDS postgresDB](https://aws.amazon.com/rds/postgresql/) in production. 
 - For developmental debugging, volumes persistence (bind mounts/named volumes) is included in docker-compose.yml (using docker-compose)  
 
-### Firebase storage 
+@deprecated
+### Firebase storage
 - Firebase is used for storage of profile pictures.
 
 ## Useful: 
@@ -101,6 +106,7 @@ breaking existing functionality.
 - Final built image (for every service) contains the ENTRYPOINT which starts the flask api service and runs any scripts supplied before actually starting the service.
 - Every service waits for the postgres service to start first (controlled by script), as every service depends on this one.
 - Repo contains db migration scripts for local setup.
+- Migration scripts take care of creating initial schema on local setup (from postgres DB docker) and production setup (from auth service migrations phase).
 
 ## Docker container optimization
 - We have developed base-python-image which contains all the dependencies pre-installed specific to opioner application requirements that are common for consistency among all microservices and improves build time execution.