-
Notifications
You must be signed in to change notification settings - Fork 15
Authentication
Authentication for RESTlos is configurable via config.json
. Authentication is realized via so called authentication modules, which allow you to easily add your own Authentication to RESTlos. I will give a basic introduction in how to configure authentication and how to add your own authentication modules to RESTlos.
Currently there are two authentication modules available: AuthDict and AuthLdap. As the name already states: The one provides authentication based on a simple dictionary (passwords are provided as sha256 hashes) and the other is authenticating against an existing ldap server.
Every authentication module is configured in the config.json
with the key auth
. Valid subkeys are provider
, which has the name of the class used for authentication as a value and params
. params
has a dictionary as value which is passed directory to the __init__()
method of the authentication class as keyword arguments. Yes, it's really that simple :D
An example will tell you more than thousend words:
{
"auth": {
"provider": "AuthDict",
"params": {
"credentials": {
"admin": "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8",
"guest": "84983c60f7daadc1cb8698621f802c0d9f9a3c3c295c810748fb048115c186ec"
}
}
}
}
As mentioned above, the provider
holds the name of the authentication class, in this case AuthDict
, in his value. The AuthDict
class accepts only one parameter: credentials
. This is a dictionary of username/password pairs, where the passwords are sha256 hashes. It think here is nothing more to say. It's the simplest way of authentication I can think of.
{
"auth": {
"provider": "AuthLDAP",
"params": {
"ldapserver": "ldap.example.com",
"domain": "EXAMPLE.COM",
"ssl": true,
"groups": [ "admins", "developers" ]
}
}
}