jamescun
commented
4 years ago Hi, @itviewer, thanks for the feedback!
Unfortunetly using the id field for authentication would be a violation of the JSON-RPC 2.0 specification, and I'm not sure how you would configure this with some JSON-RPC clients.
However I am planning on implementing other authentication mechanisms, such as tokens (provided by a HTTP header) and UNIX sockets with permissions. The MVP only ended up having mTLS as this met my initial use case. It shoudln't be long before this is implemented.
I hope this was helpful. 🙂
itviewer
placing an authenticating reverse proxy or using mTLS is annoying the json-rpc request object has an id member, can we use this parameter to pass the authentication token? the server:
wg-api --device=<my device> --listen=localhost:1234 --token=abcdefthen the request:curl http://localhost:8080 -H "Content-Type: application/json" -d '{"jsonrpc": "2.0", "method": "GetDeviceInfo", "params": {}, "id":"abcdef"}'The server performs Token authentication on each request from the client. If it does not match, it just returns an error and without performing any operation.the argument --token is optional