Closed cyberb closed 5 months ago
jpmens
commented
5 months ago The Recorder doesn't do authentication. I assume you mean when its API is behind a reverse proxy (in which case: yes but look there) or for an MQTT broker (in which case: possibly, but you'll have to consult their documentation).
cyberb
commented
5 months ago Sorry I am new to this project, I mean when mobile apps publish their events using the url https://user:pass@host what process validates the credentials? Is there any doc? I am interested only in http mode, not MQQT.
jpmens
commented
5 months ago From the point of view Recorder there is no such thing as user:pass.
What you might have seen is that HTTP posts occur to
curl --data "${payload}" 'http://127.0.0.1:8085/pub?u=jane&d=3s'
curl -H 'X-Limit-U: jane' -H 'X-Limit-D: 3s' --data "${payload}" 'http://127.0.0.1:8085/pub'The user and device here are the username and devicename respectively; there is no authorization which takes place unless a Recorder installation has a reverse HTTP proxy before it which actually performs authentication before passing data on to the Recorder.
Is it possible to add a simple ldap authentication mode instead of hardcoded login passwords?
Useful when you have multiple apps running on a single box.