d7da1b6044
The Pinning Services API standard mandates Bearer token authentication. This adds JWT bearer token authentication to the IPFS Cluster REST and PINSVC APIs. The basic_auth_credentials configuration option needs to be not null and have at least one username/passwords entry. A user authenticated via Basic Auth can then "POST /token" and obtain a json object: ```json { "token" : "<JWTtoken>" } ``` The JWT token has the "iss" (issuer) field set to the Basic auth user that authorized its creation and is HMAC-signed with its password. When basic-auth-credentials are set, the APIs will verify that requests come with either Basic Auth authorization header or with a Bearer token authorization header. Bearer tokens will be decoded and the signature will be verified against the password of the issuer. At the moment we provide no support to revoke tokens, set "expiration date", "not before" etc, but this may come in the future. |
||
---|---|---|
.. | ||
client | ||
config.go | ||
restapi_test.go | ||
restapi.go |