Closed ericxin1982 closed 2 years ago
I put two images for Question 3, I set Bearer as gloablmiddleware, but I have need to set up specific route to accept individual authentication, and how to do?
Since almost 99% of the routes I would use the global authentication middleware, and 1% of the route would be different authentication middleware, and I would not want to add authentication for each route, that is painful.
Just like logon, I may use form or AzureAD through username, password, and after login auth passed, I would use the basic or JWT afterwards, that is my case.
Thanks Eric Xin
Hi @ericxin1982,
This actually highlights 2 things that I've been considering putting into Pode.
As a quick response for now, while I finish v2.6.0: you'll have to create the two different auths and then bind them individually onto the required routes. In the form/bearer auth, this will have to manually generate some API key that can be returned to the user for the other auth.
Once I've got 2.6.0 out, I'll respond more fully what the 2 ideas are :)
Thanks.
Right now I would spit different auths into two project, and shared the JWT generated value in backend storage like redis or db for cross validation, hopefully the newer version released, my two projects can be merged back together, right now I am still learning how to use pode better.
Once project can have two Start-PodeServer concurrently? And shared state only exists in one podeserver instance, right? Is it possible to have shared state across different podeserver instances? I thought each podeserver only can have one global authentication, not sure whether it works.
Hi @ericxin1982,
For the main questions above, you can set a -Route
pattern that the global authentication will be used on. In the case of the 1 or 2 routes that will use basic/form you can just set the -Authentication
directly, and then for the other 99% of functions you can do something like:
Add-PodeAuthMiddleware -Name 'GlobalBearerAuth' -Authentication 'Auth-Bearer' -Route '/api/*'
^ this way, if you start all of you API key based routes with /api/
, the global auth middleware will only run for these routes. Using the -Route
pattern you could even do the same for the basic/form routes as well.
Without the -Route
pattern supplied, any routes with -Authentication
will actually have 2 authentication methods applied.
For the questions just above:
Start-PodeServer
per project; but you can run 2+ Start-PodeServers
in different sessions.For the ideas I've had, one of them is already ticketed to allow "merging" multiple authentications: #588. My other is about having some form of inbuilt JWT for Pode - so it can automatically build "API Key" like tokens for you; kind of like Pode being an SSO.
Hope that helps 😃
Thanks so much!
Hi @Badgerati
I read authentication this chapter a couple of times, what I am looking for is not there.
I expect I use basic, form, AzureAD or aouth2 (any of this) to authenticate username/password generally, details can be ignored, but once the user is valid, I prefer to use API key, Bearer or JWT (sessionless) afterwards for each routes, but I do not want to bind API key ... these authentication logic for each route.
So question 1: Once user is valid by basic (username, password) etc and how I can set generated API, Bearer or JWT value and set into header, as example I just saw it returns a user pscustomobject into webevent. (I know how to generate API Key or Bearer)
Question 2: I can create two authentication logic for one project, right? One is for, let's say login for username, password, another is json rendering routes afterwards
Question 3: Like this: Add-PodeAuthMiddleware -Name 'GlobalAuthValidation' -Authentication 'Login', I should just set up one authentication middleware right, or it would mess up, right? To my case, json rendering route would be 99%, and username/password route would be just 1%, and once I set middleware logic apikey, Bearer or JWT globally, and how to make sure which does not affect the username/password login that route, I do not know how to figure out.
Since before I used postgrest, which is username/password login, and once login validated, it would return a JWT to me, and I can use JWT to access same site, but postgrest is postgresql database only, so it has some limitation.
I want to follow the habit to use Pode, not sure whether it is possible.
Thanks so much! Eric Xin