title Fetching variables from an external variable provider
box https://test.ezoidc.dev
participant ezoidc-server
Note over workload,ezoidc: EZOIDC_TOKEN is set
workload->>ezoidc: ezoidc variables json
ezoidc->>ezoidc-server: POST /ezoidc/1.0/variables
ezoidc-server->>auth: Validate token
auth->>ezoidc-server: Validated claims
note over ezoidc-server,OPA: OPA is given only the variable names at this point
ezoidc-server->>OPA: data.queries.allowed_variables
OPA->>ezoidc-server: Allowed variable names
ezoidc-server->>providers: Fetch value of allowed variables
providers<<->>AWS SSM: GetParameters
providers->>ezoidc-server: Variables values
note over ezoidc-server,OPA: OPA is given allowed variable values
ezoidc-server->>OPA: data.queries.variables_response
OPA->>ezoidc-server: Variables & definitions
ezoidc-server->>ezoidc: Variables response