-
Notifications
You must be signed in to change notification settings - Fork 15
Authentication
Authentication for RESTlos is configurable via config.json. Authentication is realized via so called authentication modules, which allow you to easily add your own Authentication to RESTlos. I will give a basic introduction in how to configure authentication and how to add your own authentication modules to RESTlos.
Currently there are two authentication modules available: AuthDict and AuthLdap. As the name already states: The one provides authentication based on a simple dictionary (passwords are provided as sha256 hashes) and the other is authenticating against an existing ldap server.
Every authentication module is configured in the config.json with the key auth. Valid subkeys are provider, which has the name of the class used for authentication as a value and params. params has a dictionary as value which is passed directory to the __init__() method of the authentication class as keyword arguments. Yes, it's really that simple :D
An example will tell you more than thousend words:
{
"auth": {
"provider": "AuthDict",
"params": {
"credentials": {
"admin": "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8",
"guest": "84983c60f7daadc1cb8698621f802c0d9f9a3c3c295c810748fb048115c186ec"
}
}
}
}As mentioned above, the provider holds the name of the authentication class, in this case AuthDict, in his value. The AuthDict class accepts only one parameter: credentials. This is a dictionary of username/password pairs, where the passwords are sha256 hashes. It think here is nothing more to say. It's the simplest way of authentication I can think of.
{
"auth": {
"provider": "AuthLDAP",
"params": {
"ldapserver": "ldap.example.com",
"domain": "EXAMPLE.COM",
"ssl": true,
"groups": [ "admins", "developers" ]
}
}
}