Authorization for requests to services¶
Authorization to access services can be done in the following ways:
- Without authorization
- With account
- With token
- Oauth2
Services without authentication¶
To implement the operation of the service without authentication, it’s necessary to set its vaue to none
in the authMode
setting in deploy.json
{
"modules": {
"rest": {
"globals": {
"authMode": {
"echo": "none"
The request to the service will not require authentication, example of request curl https://dnt.iondv.com/rest/echo
An example of a request to a service without authentication in dnt: test/modules/rest/echo.spec.js
/Checking echo-pwd service/# Requesting echo-pwd GET/check if the request can be made using the headers auth
Services with a standard account authorization mechanism¶
All services use the standard authorization mechanism by default, which implies the transfer of credentials in the header:
by authorization via basicAuth, example
curl -u demo@local:ion-demo https://dnt.iondv.com/rest/simple
an example of a request with Basic Auth authorization in develop-and-test (dnt): test/modules/rest/echopwd.spec.js
/Checking echo-pwd service/# Requesting echo-pwd GET/check if the request can be made using the basicAuth
by passing credentials in the request headers
curl -H "auth-user: demo" -H "auth-pwd: ion-demo" -H "auth-user-type: local" https://dnt.iondv.com/rest/simple
or
curl -H "auth-user: demo@local" -H "auth-pwd: ion-demo" https://dnt.iondv.com/rest/simple
an example of a request with authorization credentials in the header in dnt: test/modules/rest/echopwd.spec.js
/Checking echo-pwd service/# Requesting echo-pwd GET/check if the request can be made using the headers auth
Services with token authentication¶
Token authentication is used to exclude the constant transfer of an account in requests. Tokens are limited in their lifetime.
To implement the service operation with authentication with a token, you have to set the token
value in the authMode
setting in the deploy.json
{
"modules": {
"rest": {
"globals": {
"authMode": {
"echo-token": "token"
Authentication through a token is performed by sending the token value in the auth-token
request header
curl -H "auth-token: c369a361db9742e9a9ae8e9fe55950a571493812" http://dnt.iondv.com/rest/echo-token
an example of a request with authorization via a token in dnt: test/modules/rest/token.spec.js
/Checking token service/# basicAuth authorization with admin rights/# check if the generated token is valid (basicAuth) (using echo-token)
Learn more about getting a token: Getting token
Proxy client to access the module functions without getting a new token.
Services with OAuth 2 authentication¶
To implement the service with oauth2 authentication, you have to first enable it in deploy.json plugin of the form
"oauth": {
"module": "lib/oAuthAdapter",
"options": {
"auth": "ion://auth",
"dataSource": "ion://Db"
}
}
then you can set the service to oauth
in the setting auth_mode
:
{
"modules": {
"rest": {
"globals": {
"authMode": {
"echo-oauth": "oauth"
oauth2 specification is available at: https://oauth2-server.readthedocs.io/en/latest/index.html
This type of authorization is used to provide a third party with limited access to user resources without having to provide a username and password. Requests for access are made in the following order:
From the user’s side, we get a cookie with session id:
curl -X POST --cookie-jar 1.txt -d username="demo@local" -d password="ion-demo" http://dnt.iondv.com/auth
Using an authorized session we allow ext@system client the requests on our behalf:
curl -X POST --cookie ./1.txt "http://dnt.iondv.com/oauth2/grant?client_id=ext@system&response_type=code&state=123"
The response will contain the
code
parameter.Now using
code
you can get a token:curl -X POST -d grant_type="authorization_code" -d code="<code>" -H "Authorization:Basic ZXh0QHN5c3RlbTppb24tZGVtbw==" http://dnt.iondv.com/oauth2/token
in the Authorization header, enter
Basic <client_secret>
client code. The response will containaccess_token
.For requests on behalf of the user in services with oauth2 authorization, you can now log in using access_token:
curl -X POST -H "Authorization:Bearer <access_token>" http://dnt.iondv.com/rest/echo-oauth
an example of a request to a service with oauth2 authorization in dnt: test/modules/rest/echooauth.spec.js
/Checking echo-oauth service