Is it possible now to use authenticate http token request?

[baimurzin]

I have found some issues where were discussions about http tokens? But it was about half year ago. Is it possible now can someone point me to that have to do to implement this. And is it possible to set any permissions to tokens, for example, one token can read all files, and another one can read only limited quantity? Thanks advance

[lidel]

Hi, I think access control via tokens is not implemented yet:

• https://github.com/ipfs/notes/issues/159: HTTP API, access control and API tokens

[baimurzin]

@lidel Hi! It means that I cannot create any token to make http request and do something?

[lidel]

There are no tokens in current implementation.

You have full (writable) API at port :5001 and a read-only subset of it at :8080:

• https://github.com/ipfs/go-ipfs/issues/1383: Read-only API
• https://github.com/ipfs/go-ipfs/issues/1322: Expose read-only API via Gateway

That is what you have to work with right now. If you need to use writable API, it is up to you to secure it by other means.

One way to do it, is to add a reverse HTTP proxy as a gatekeeper.

I think you should be able to find ready-to-use projects that do just that. Examples below authenticate via OAuth:

• https://github.com/movableink/doorman#doorman
  • https://github.com/bitly/oauth2_proxy

[baimurzin]

Correct me if I'm wrong understood. No it it's impossible to include tokens implementation, but we can do the same things using oauth or doorman?

[lidel]

Tokens are possible, but not implemented yet. You need to use third-party solution for now.

[baimurzin]

@lidel thanks a lot! If you don't mind could, can I get one other question? Are there any example how to integrate ipfs with with libraries? May be you know

[lidel]

If your question was about things like doorman or other auth2 proxies, no, I did not see any examples, sorry.

If you ask about embedding IPFS library inside of your application to work around security concerns related to HTTP API, then yes. It may be more difficult, but you can do it with both JS and Go versions:

• Go: Example can be found in https://github.com/ipfs/go-ipfs/issues/3060: Using IPFS as a library (not a as deamon)
  or whyrusleeping/ipfs-embedded-shell
• JS: https://github.com/ipfs/js-ipfs#ipfs-core-use-ipfs-as-a-module

[baimurzin]

@lidel Thanks! How do you think is it a good idea to use ipfs as a solution in my task. What I want: For example, I have IoT device and I need to share resources between others. How I think I will do: I think I will try to install this IPFS on device and then release grants/tokens to users with diverse permissions How do you think am I on the right track?

[lidel]

Tokens are only for securing access to HTTP API. Read-only data itself is not encrypted in IPFS. Please keep in mind that it is up to you to keep it secure (by encrypting it or using closed, private peer network).

Hard to say if IPFS is the right match for your product without going deep into specifics (and I am afraid i don't have bandwidth for that 🙃 ), but I'll point you to some relevant reading material that may help you in making decision:

• https://github.com/ipfs/notes/issues/64: Pub/Sub (publish/subscribe) system on IPFS
• https://github.com/ipfs/specs/issues/145: Fresh perspective from learning IPFS

Sadly this repository is not a place for this kind of discussion – I suggest closing this issue and asking questions at https://github.com/ipfs/faq/ or http://ipfs.trydiscourse.com/c/help.

You may get better answers there.