Generic Auth Scheme
aah provides generic auth scheme as an extensible feature. It means authentication responsibility lies with the user; JWT auth scheme implementation, for example. aah does not validate the credentials. It is quiet flexible too.
There are two steps to make use of generic auth scheme -
- Implement interface
authc.Authenticator
to authenticate. After successful authentication, provide subject’s authentication info to aah- aah treats any non-nil error as
401 Unauthorized
- For example, returning
authc.ErrAuthenticationFailed
andauthc.ErrSubjectNotExists
appropriately
- aah treats any non-nil error as
- Implement
authz.Authorizer
to provide subject’s roles and permissions
Refer aah RESTFul API JWT auth example.
Table of Contents
Configuration
aah supports one or more generic
auth schemes.
Section: generic_scheme_key { … }
generic_scheme_key { ... }
configuration goes under section security.auth_schemes { ... }
.
# -----------------------------------------------------------------------------
# Generic auth scheme
# Choose a unique key name. It gets used as route auth.
#
# Doc: https://docs.aahframework.org/auth-schemes/generic.html
# -----------------------------------------------------------------------------
generic_auth_key {
# Auth scheme name.
# Supported values are `form`, `oauth2`, `basic` and `generic`.
#
# It is required value, no default.
scheme = "generic"
# Implement interface `authc.Authenticator` to provide subject's authentication
# info during login flow and configure here.
#
# It is required value, no default.
authenticator = "security/AuthenticationProvider"
# To provide subject's Roles and Permissions, implement interface
# `authz.Authorizer` and configure here.
#
# It is required value, no default.
authorizer = "security/AuthorizationProvider"
# Header names are used to extract `AuthenticationToken` from the HTTP request.
header {
# Default value is 'Authorization'.
identity = "Authorization"
# Optional credential header
#
# Default value is empty string.
credential = "X-AuthPass"
}
}
Example Config: jwt_auth
JWT auth scheme implemented using generic auth scheme. Configuration from aah RESTFul API JWT auth example.
# -----------------------------------------------------------------------------
# Generic auth scheme
# Choose a unique key name. It gets used as route auth.
#
# Doc: https://docs.aahframework.org/auth-schemes/generic.html
# -----------------------------------------------------------------------------
jwt_auth {
scheme = "generic"
authenticator = "security/AuthenticationProvider"
authorizer = "security/AuthorizationProvider"
# JWT configuration
# Signing key and method.
sign {
key = "5440b995f33446bb8b17a06e65eaa7597f2c4b181aac46929dcf8025d608b1a1"
method = "HS256"
}
}