Guard plugin handle request authentification. The modules comes with a dedicated middleware and request authenticators. For now there is only 2 authenticators implemented:
JwtLoginGuardAuthenticator
: create a valid Json Web Token from the postedusername
andpassword
.JwtTokenGuardAuthenticator
: validate a Json Web Token.
```toml
[guard]
key = "ZeSecretKey0oo"
[guard.jwt]
[guard.jwt.login]
path = "/login"
[guard.jwt.token]
path = "^\\/nodes\\/(.*)$"
key
is private and it is used to sign the JWT with a symetric algorythm.guard.jwt.login.path
is used to configure the login entry point, ie where theJwtLoginGuardAuthenticator
will accept the request.guard.jwt.token.path
is used to configure paths requiring to have authentification handled by theJwtTokenGuardAuthenticator
service.
The service will use the core.user
node type to find the user by her/his username. The query looks like: type = 'core.user' AND data->>'username' = ?
The authentification request should be a POST
POST /login HTTP/1.1
Content-Type: application/x-www-form-urlencoded
username=admin&password=secret
If the response is valid, the response will be:
HTTP/1.1 200 OK
Content-Type: application/json
{
"status": "OK",
"message": "Request is authenticated",
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0NTA0Nzg1NzQsInJscyI6bnVsbCwidXNyIjoicmFuZGUifQ.E_BMRg2UWO7jVw1CGgn7WhhwbATCHjYYcausZZ7LSZA",
}
If the response is not valid, the response will be
HTTP/1.1 403 Forbidden
Content-Type: application/json
{
"status": "KO",
"message": "Unable to authenticate request"
}
The service will use the core.user
node type to find the user by her/his username. The query looks like: type = 'core.user' AND data->>'username' = ?
The authentification request should be on any http method, either using the Authorization
header or the access_token
parameter.
GET /nodes HTTP/1.1
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0NTA0Nzg1NzQsInJscyI6bnVsbCwidXNyIjoicmFuZGUifQ.E_BMRg2UWO7jVw1CGgn7WhhwbATCHjYYcausZZ7LSZA
or
GET /nodes?access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0NTA0Nzg1NzQsInJscyI6bnVsbCwidXNyIjoicmFuZGUifQ.E_BMRg2UWO7jVw1CGgn7WhhwbATCHjYYcausZZ7LSZA HTTP/1.1