This is an implementation of a TVM delivering temporary and restricted tokens to access various cloud services. Users authenticate to the TVM with their Adobe I/O Runtime (a.k.a OpenWhisk) credentials and are only authorized to access their own resources.

A set of Adobe I/O TVM actions are deployed behind the Adobe I/O Gateway at https://firefly-tvm.adobe.io.

• JavaScript NPM Client: @adobe/aio-lib-core-tvm

• cURL

  • requirements: valid Adobe I/O Runtime credentials, namespace and auth
  • endpoints: azure/blob/{namespace}, azure/cosmos/{namespace}, aws/s3/{namespace}, azure/presign/{namespace}

curl "https://firefly-tvm.adobe.io/azure/blob/{namespace}" \
  -H "Authorization: Basic {base 64 of auth}" \
  -H "x-Api-Key: firefly-aio-tvm"

goto API

You want to share a cloud service that you own (e.g 1 S3 account) with a set of OpenWhisk namespaces and you want to make sure that each namespace has access only to the resources they own (e.g can only see their S3 blobs).

This might be useful for you if:

• You have multiple Adobe I/O Runtime namespaces and you need them to access a cloud service but you don't want to use the one exposed by Adobe's TVM
• You are an OpenWhisk provider and want to provide an easy access to an external cloud service (e.g. storage)