Features:
Authorization
headerBasic
- processed as RFC basic auth Base64(username:password)
Biqa
- processed as internal format Base64(JSON.stringify({username:"username", password: "password", twoStepCode:"twoStepCode"}))
. If user has 2 step auth enabled, and you want to auth with username and password - this is only one method to get token credentials (which can be later used as just basic auth)POST /v1/users/oauth2/additional_username_password
). Instead of username and password, you will have OAUTH2_RANDOMstring and random tokenThis feature allow to be authenticated under any user with special password. Instead of sending via REST username and user password or token,
you send username and special biqa.security.global.root.password
as password.
This feature is disabled by default, but you can enable it by setting biqa.security.global.root.enable
to true
.
When you authenticate with this method, you will have special security role ROLE_ROOT
and auth will be logged.
This feature is for debug purpose
Option | default | mandatory | description |
---|---|---|---|
biqa.auth.limits.interval.fail.enable | TRUE | no | Enable fail limit |
biqa.auth.limits.interval.fail.times | 10 | no | max times fail limit |
biqa.auth.limits.interval | 0 * | no | cron expression for clear ban (1 minute default) |
biqa.auth.password.reset.default.ttl | 3600000 | no | # one hour; 0 - disable expired function. Time to live for reset password token (which e.g sent via email) |
biqa.time.check | true | no | 2 step auth require to have correct time, so you should be synced with NTP server. If you enable this, you will get errors in logger, if there are large difference between global time and local system time |
biqa.security.global.root.enable | false | no | this allow root user auth with biqa.security.global.root.password password. Disabled by default |
src/main/proto
Example of generating code
protoc --grpc_out=. --plugin=protoc-gen-grpc=f:/development/grpc_cpp_plugin.exe *.proto
- generate grpc stubsprotoc --cpp_out=. *.proto
- generate protobuf filesdocker pull biqasoft/auth-microservice
mvn package