Add documentation on authentication

adamkewley / jobson

A platform for transforming command-line applications into a job service.

Apache License 2.0

256 stars 20 forks source link

Add documentation on authentication #46

Closed mtazzari closed 5 years ago

mtazzari commented 6 years ago

Related to #25, at the moment there is basically no documentation on how to setup authentication. For each authentication, I think it would be sufficient a a simple working example showing:

how to set up the users file
how to pass the user credentials via an http request.

In the Stateless JSON Web Token (JWT)", the link to

“HS512” (from here),

is broken.

I have tried to set up the Basic authentication, but I couldn't come up with a working users file. I have created a users file containing:

myname mypwd basic

but it doesn't work. I get this log entry in the console:

java.lang.RuntimeException: Error reading a line in the users file. 1 columns are present in 'marco pwds'. Three columns (username, auth method, and auth field) are expected.

but I couldn't understand how to create these three columns properly.

mtazzari commented 6 years ago

At this page https://adamkewley.github.io/jobson/workspaces.html I found that the users file has to be created with `jobson users add [-p ]:

users: Authorized System Users A plaintext file that contains users authorized to use the Jobson API when basic authorization (see configuration documentation) is enabled. This file should not be edited directly. Instead, the users command should be used to add or modify entries in the file.

But still I don't know how to submit a POST request with basic authentication.

adamkewley commented 6 years ago

I will update the documentation with more details.

"Basic Authentication" in this case is directly referring to "HTTP basic access authentication (RFC 7617)", which most HTTP clients support (e.g. curl does with --basic --user). The algorithm for adding basic auth data to a HTTP request is very straightforward (see wiki or RFC): it involves adding one header containing the client's username and password (b64-encoded) to the request.

Note: as with all auth methods, auth should be done under an encryption layer if you're using it across an open network.

mtazzari commented 6 years ago

Great, thanks! For reference, I found that the requests Python package allows implementing the basic authentication easily with:

import requests
requests.get(url="http://url/to/jobson",  auth=(<user>, <password>))
requests.post(url="http://url/to/jobson",  auth=(<user>, <password>))

adamkewley commented 5 years ago

The authentication docs will be updated as part of the 1.0.0 release

adamkewley commented 5 years ago

Attached this issue to the mega 1.0.0 issue, will close this