Type: New Feature Request
Affects Version/s: None
Fix Version/s: None
Component/s: Server (S)
Add bearer token support with keycloak / openid for HTTP Agent checks.
There are cases when data is received from the API and bearer authentication is mandatory. Therefore, we need to automatically receive a bearer token in zabbix server from the iam server before the API is called.
the solution can be represented as follows
a) add client_id, client_secret, (username/password are optional) to zabbix
b) add auth server url, realm name (example for keycloak https://iam.server/auth, which containts https://iam.server/auth/realms/RealmNameHere/.well-known/openid-configuration)
c) when http agent is running, zabbix sends a request to the iam server to receive a token and then connects to the destination point with this token
d) token has a lifetime and can be reused many times during its lifetime.
e) when the token expires - a request is sent to iam server to receive/renew a new token (for these purposes there is a refresh token, but it is also limited by the SSO session lifetime, at the expiration of which a new token must be obtained using credentials above)