github.com/hellofresh/janus@v0.0.0-20230925145208-ce8de8183c67/docs/plugins/organization_auth.md

github.com/hellofresh/janus@v0.0.0-20230925145208-ce8de8183c67/docs/plugins/organization_auth.md (about)

     1  # Organization Auth
     2  
     3  Create users with organizations and add an organization header to upstream requests.
     4  The plugin works similarly to basic auth with the exception that it also tracks an organization for users.
     5  It will also add the organization of the users to the header of upstream requests.
     6  
     7  **Limitations**
     8  1. This plugin only works as a Basic Authentication not Oauth.
     9  2. This plugin only works with Cassandra DB repo.
    10  
    11  ## Configuration
    12  
    13  The plain organization header config:
    14  
    15  ```json
    16  {
    17    "name": "organization_header",
    18    "enabled":  true
    19  }
    20  ```
    21  
    22  Here is a simple definition of the available configurations.
    23  
    24  | Configuration                 | Description                                                         |
    25  |-------------------------------|---------------------------------------------------------------------|
    26  | name                          | Name of the plugin to use, in this case: organization_header        |
    27  | enabled                       | Is the plugin enabled?  |
    28  
    29  ## Usage
    30  
    31  You need to create an user that will be used to authenticate. To create an user you can execute the following request:
    32  
    33  {% codetabs name="HTTPie", type="bash" -%}
    34  http -v POST http://localhost:8081/credentials/basic_auth "Authorization:Bearer yourToken" username=lanister password=pay-your-debt organization=motiv
    35  {%- language name="CURL", type="bash" -%}
    36  curl -X POST http://localhost:8081/credentials/basic_auth -H 'authorization: Bearer yourToken' -H 'content-type: application/json' -d '{"username": "lanister", "password": "pay-your-debt", "organization": "motiv"}'
    37  {%- endcodetabs %}
    38  
    39  | FORM PARAMETER | Description                                     |
    40  |----------------|-------------------------------------------------|
    41  | username       | The username to use in the Basic Authentication |
    42  | password       | The password to use in the Basic Authentication |
    43  | organization   | The organization of the user                    |
    44  
    45  ## Using the Credential
    46  
    47  The authorization header must be base64 encoded. For example, if the credential uses `lanister` as the username and `pay-your-debt` as the password, then the field's value is the base64-encoding of lanister:pay-your-debt, or bGFuaXN0ZXI6cGF5LXlvdXItZGVidA==.
    48  
    49  Then the `Authorization` header must appear as:
    50  
    51  Authorization: Basic bGFuaXN0ZXI6cGF5LXlvdXItZGVidA==
    52  Simply make a request with the header:
    53  
    54  {% codetabs name="HTTPie", type="bash" -%}
    55  http -v http://localhost:8080/example "Authorization:Basic bGFuaXN0ZXI6cGF5LXlvdXItZGVidA=="
    56  {%- language name="CURL", type="bash" -%}
    57  curl -v http://localhost:8080/example -H 'Authorization:Basic bGFuaXN0ZXI6cGF5LXlvdXItZGVidA=='
    58  {%- endcodetabs %}
    59  
    60  ## Using the Header
    61  
    62  Once the organization has been paired with a user any request that proxies through Janus will contain the `X-Organization` header with a value equal to the organization paired with the user.