airyhq / airy

💬 Open Source App Framework to build streaming apps with real-time data - 💎 Build real-time data pipelines and make real-time data universally accessible - 🤖 Join historical and real-time data in the stream to create smarter ML and AI applications. - ⚡ Standardize complex data ingestion and stream data to apps with pre-built connectors
https://airy.co/docs/core
Apache License 2.0
369 stars 44 forks source link

RFC650 Compliance of API Bearer JWT Authentication #729

Closed steffh closed 3 years ago

steffh commented 3 years ago

Authentication for the HTTP API currently works as follows, but is undocumented (https://docs.airy.co/api/http#authentication):

     POST /resource HTTP/1.1
     Host: server.example.com
     Authorization: SOME_VALID_JWT

According to the RFC6750 standard (https://tools.ietf.org/html/rfc6750#section-2.1) the client should us the "Bearer" authentication scheme to transmit the access token as follows:

     POST /resource HTTP/1.1
     Host: server.example.com
     Authorization: Bearer SOME_VALID_JWT

The documentation should also be amended accordingly to tell users how to authenticate.

lucapette commented 3 years ago

I don't know how I missed this was part of the standard. We'll adhere to it

lucapette commented 3 years ago

We should also provide an example in authorization.md