Closed itviewer closed 4 years ago
Hi, @itviewer, thanks for the feedback!
Unfortunetly using the id
field for authentication would be a violation of the JSON-RPC 2.0 specification, and I'm not sure how you would configure this with some JSON-RPC clients.
However I am planning on implementing other authentication mechanisms, such as tokens (provided by a HTTP header) and UNIX sockets with permissions. The MVP only ended up having mTLS as this met my initial use case. It shoudln't be long before this is implemented.
I hope this was helpful. 🙂
Thanks, it sounds exciting.
Discussing this issue in #2
Fixed by #5
placing an authenticating reverse proxy or using mTLS is annoying the json-rpc request object has an id member, can we use this parameter to pass the authentication token? the server:
wg-api --device=<my device> --listen=localhost:1234 --token=abcdef
then the request:curl http://localhost:8080 -H "Content-Type: application/json" -d '{"jsonrpc": "2.0", "method": "GetDeviceInfo", "params": {}, "id":"abcdef"}'
The server performs Token authentication on each request from the client. If it does not match, it just returns an error and without performing any operation.the argument --token is optional