Service request authentication

Authorization can be carried out in the following ways:

Services without authentication

To implement the operation of the service without authentication, it’s necessary to set it to none in the authMode setting in deploy.json

{
  "modules": {
    "rest": {
      "globals": {
        "authMode": {
          "echo": "none"

A request to the service will not require authentication, an example request is curl https://dnt.iondv.com/rest/echoo

An example of a service request without authentication in dnt: test/modules/rest/echo.spec.js

/Checking echo-pwd service/# Requesting echo-pwd GET/check if the request can be made using the headers auth

Services with a standard account authorization mechanism

All services use the standard authorization mechanism by default, which implies the transfer of credentials in the header:

  • by authorization via basicAuth, example

    curl -u demo@local:ion-demo https://dnt.iondv.com/rest/simple
    

Basic Auth authorization request example in develop-and-test (dnt): test/modules/rest/echopwd.spec.js

/Checking echo-pwd service/# Requesting echo-pwd GET/check if the request can be made using the basicAuth
  • by passing credentials in the request headers

    curl -H "auth-user: demo" -H "auth-pwd: ion-demo" -H "auth-user-type: local" https://dnt.iondv.com/rest/simple
    

    or

    curl -H "auth-user: demo@local" -H "auth-pwd: ion-demo" https://dnt.iondv.com/rest/simple
    

example request with credential authorization in the header in dnt: test/modules/rest/echopwd.spec.js

/Checking echo-pwd service/# Requesting echo-pwd GET/check if the request can be made using the headers auth

Services with token authentication

Token authentication is used to exclude the constant transfer of an account in requests. Tokens are limited in their lifetime.

To implement the service with authentication through a token, you have to set the token value for it in the authMode setting in the deploy.json

{
  "modules": {
    "rest": {
      "globals": {
        "authMode": {
          "echo-token": "token"

Authentication through a token is performed by sending the token value in the auth-token request header

curl -H "auth-token: c369a361db9742e9a9ae8e9fe55950a571493812" http://dnt.iondv.com/rest/echo-token

Example of a request with authorization via a token in dnt: test/modules/rest/token.spec.js

/Checking token service/# basicAuth authorization with admin rights/# check if the generated token is valid (basicAuth) (using echo-token)

Learn more about getting a token: Getting token

Services with OAuth 2 authentication

To implement the service with oauth2 authentication, you have to first enable it in deploy.json plugin of the form

"oauth": {
        "module": "lib/oAuthAdapter",
        "options": {
          "auth": "ion://auth",
          "dataSource": "ion://Db"
        }
      }

then you can set the service to oauth in the setting auth_mode:

{
  "modules": {
    "rest": {
      "globals": {
        "authMode": {
          "echo-oauth": "oauth"

oauth2 specification is available at: https://oauth2-server.readthedocs.io/en/latest/index.html

This type of authorization is used to provide a third party with limited access to user resources without having to provide a username and password. Requests for access are made in the following order:

  1. From the user’s side, we get a cookie with session id:

    curl -X POST --cookie-jar 1.txt -d username="demo@local" -d password="ion-demo" http://dnt.iondv.com/auth
    
  2. Using an authorized session we allow ext@system client requests on our behalf:

    curl -X POST --cookie ./1.txt "http://dnt.iondv.com/oauth2/grant?client_id=ext@system&response_type=code&state=123"
    

    The response will contain the code parameter.

  3. Now using code you can get a token:

    curl -X POST -d grant_type="authorization_code" -d code="<code>" -H "Authorization:Basic ZXh0QHN5c3RlbTppb24tZGVtbw==" http://dnt.iondv.com/oauth2/token
    

    in the Authorization header, enter Basic <client_secret> client code. The response will contain access_token.

  4. For requests on behalf of the user in services with oauth2 authorization, you can now log in using access_token:

    curl -X POST -H "Authorization:Bearer <access_token>" http://dnt.iondv.com/rest/echo-oauth
    

Service request example with oauth2 authorization in dnt: test/modules/rest/echooauth.spec.js

/Checking echo-oauth service