Service request authentication¶
Authorization can be carried out in the following ways:
Services without authentication¶
To implement the operation of the service without authentication, it’s necessary to set it to none
in the authMode
setting in deploy.json
{
"modules": {
"rest": {
"globals": {
"authMode": {
"echo": "none"
A request to the service will not require authentication, an example request is curl https://dnt.iondv.com/rest/echoo
An example of a service request without authentication in dnt: test/modules/rest/echo.spec.js
/Checking echo-pwd service/# Requesting echo-pwd GET/check if the request can be made using the headers auth
Services with a standard account authorization mechanism¶
All services use the standard authorization mechanism by default, which implies the transfer of credentials in the header:
by authorization via basicAuth, example
curl -u demo@local:ion-demo https://dnt.iondv.com/rest/simple
Basic Auth authorization request example in develop-and-test (dnt): test/modules/rest/echopwd.spec.js
/Checking echo-pwd service/# Requesting echo-pwd GET/check if the request can be made using the basicAuth
by passing credentials in the request headers
curl -H "auth-user: demo" -H "auth-pwd: ion-demo" -H "auth-user-type: local" https://dnt.iondv.com/rest/simple
or
curl -H "auth-user: demo@local" -H "auth-pwd: ion-demo" https://dnt.iondv.com/rest/simple
example request with credential authorization in the header in dnt: test/modules/rest/echopwd.spec.js
/Checking echo-pwd service/# Requesting echo-pwd GET/check if the request can be made using the headers auth
Services with token authentication¶
Token authentication is used to exclude the constant transfer of an account in requests. Tokens are limited in their lifetime.
To implement the service with authentication through a token, you have to set the token
value for it in the authMode
setting in the deploy.json
{
"modules": {
"rest": {
"globals": {
"authMode": {
"echo-token": "token"
Authentication through a token is performed by sending the token value in the auth-token
request header
curl -H "auth-token: c369a361db9742e9a9ae8e9fe55950a571493812" http://dnt.iondv.com/rest/echo-token
Example of a request with authorization via a token in dnt: test/modules/rest/token.spec.js
/Checking token service/# basicAuth authorization with admin rights/# check if the generated token is valid (basicAuth) (using echo-token)
Learn more about getting a token: Getting token
Services with OAuth 2 authentication¶
To implement the service with oauth2 authentication, you have to first enable it in deploy.json plugin of the form
"oauth": {
"module": "lib/oAuthAdapter",
"options": {
"auth": "ion://auth",
"dataSource": "ion://Db"
}
}
then you can set the service to oauth
in the setting auth_mode
:
{
"modules": {
"rest": {
"globals": {
"authMode": {
"echo-oauth": "oauth"
oauth2 specification is available at: https://oauth2-server.readthedocs.io/en/latest/index.html
This type of authorization is used to provide a third party with limited access to user resources without having to provide a username and password. Requests for access are made in the following order:
From the user’s side, we get a cookie with session id:
curl -X POST --cookie-jar 1.txt -d username="demo@local" -d password="ion-demo" http://dnt.iondv.com/auth
Using an authorized session we allow ext@system client requests on our behalf:
curl -X POST --cookie ./1.txt "http://dnt.iondv.com/oauth2/grant?client_id=ext@system&response_type=code&state=123"
The response will contain the
code
parameter.Now using
code
you can get a token:curl -X POST -d grant_type="authorization_code" -d code="<code>" -H "Authorization:Basic ZXh0QHN5c3RlbTppb24tZGVtbw==" http://dnt.iondv.com/oauth2/token
in the Authorization header, enter
Basic <client_secret>
client code. The response will containaccess_token
.For requests on behalf of the user in services with oauth2 authorization, you can now log in using access_token:
curl -X POST -H "Authorization:Bearer <access_token>" http://dnt.iondv.com/rest/echo-oauth
Service request example with oauth2 authorization in dnt: test/modules/rest/echooauth.spec.js
/Checking echo-oauth service