feat #4448: add support for JWT tokens #6609
Conversation
|
By analyzing the blame information on this pull request, we identified @gunnaraasen, @joelegasse and @e-dard to be potential reviewers |
| if u, p := q.Get("u"), q.Get("p"); u != "" && p != "" { | ||
| return u, p, nil | ||
| // Check for the HTTP Authorization header. | ||
| if s := r.Header.Get("Authorization"); s != "" { |
There was a problem hiding this comment.
This should probably be X-Authorization
There was a problem hiding this comment.
What about Authorization: Bearer ?
There was a problem hiding this comment.
As I understand it, the Authorization header allows for custom schemes.
OAuth2 bearer tokens: https://tools.ietf.org/html/rfc6750#page-5
AWS scheme: http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html#ConstructingTheAuthenticationHeader
There was a problem hiding this comment.
Never mind, I didn't realize Authorization was a standard header these days. Typically when using custom headers, you always prepend them with X- first.
There was a problem hiding this comment.
|
Couple of nits but LGTM 👍 |
|
Is there documentation on how to use this in InfluxDB? |
JWT token authentication
This PR adds JWT token authentication. This allows users to authenticate requests using only their user name and a JWT token signed with a shared key.
configuration
In the config file:
requests
HTTP requests wishing to use JWT token authentication should:
username- user that is making the requestexp- token's expiration in Unix epocAuthorizeheader:Bearer <signed token string blob>security considerations / suggestions
usernameclaim of the token has permission to execute.Required for all non-trivial PRs