github.com/hellofresh/janus@v0.0.0-20230925145208-ce8de8183c67/docs/quick_start/authenticating.md

github.com/hellofresh/janus@v0.0.0-20230925145208-ce8de8183c67/docs/quick_start/authenticating.md (about)

     1  ## Authenticating
     2  
     3  To start using the Janus administration API you need to get a [JSON Web Token](https://jwt.io) and provide it in every single request using the `Authorization` header.
     4  
     5  You can choose to log in with either `github` or `basic` providers.
     6  
     7  ### Github
     8  
     9  To login with Github, you need to send a valid Github access token in the Authorization header. This token will be exchanged for a JWT that you can use to make requests to the admin gateway API.
    10  
    11  You can choose to either go through the [oAuth2](https://developer.github.com/v3/guides/basics-of-authentication/) flows to authorize an user on github, or generate a [Personal Access Token](https://github.com/settings/tokens) and provide that instead.
    12  
    13  Authentication is then performed with the following request:
    14  
    15  {% codetabs name="HTTPie", type="bash" -%}
    16  http -v --json POST localhost:8081/login?provider=github "Authorization:Bearer githubToken"
    17  {%- language name="CURL", type="bash" -%}
    18  curl -X "POST" localhost:8081/login?provider=github -H 'Authorization:Bearer githubToken'
    19  {%- endcodetabs %}
    20  
    21  You can also configure which organizations/teams will be allowed to log into the Admin API. This can be done with the following [configuration](../install/configuration.md):
    22  
    23  ```toml
    24  [web.credentials]
    25    # The algorithm that you want to use to create your JWT
    26    algorithm = "HS256"
    27    # This is the secret that you will use to encrypt your JWT
    28    secret = "secret key"
    29  
    30    [web.credentials.github]
    31    # The github owner/organizations that will be allowed to login on the private API
    32    organizations = ["hellofresh"]
    33    # A map of the owner/organization and the team name that will have access to the private API
    34    teams = {hellofresh = "devs"}
    35  ```
    36  
    37  ### Basic
    38  
    39  Alternatively, you can authenticate against the admin API using HTTP `Basic` Authentication.
    40  
    41  {% codetabs name="HTTPie", type="bash" -%}
    42  http -v --json POST localhost:8081/login username=admin password=admin
    43  {%- language name="CURL", type="bash" -%}
    44  curl -X "POST" localhost:8081/login -d '{"username": "admin", "password": "admin"}' -H "Content-Type: application/json"
    45  {%- endcodetabs %}
    46  
    47  The username and password default to *admin*/*admin*, and **should be changed** using the following [configuration](../install/configuration.md):
    48  
    49  ```toml
    50  [web.credentials]
    51    # The algorithm that you want to use to create your JWT
    52    algorithm = "HS256"
    53    # This is the secret that you will use to encrypt your JWT
    54    secret = "secret key"
    55  
    56    [web.credentials.basic]
    57    # A dictionary with the user and password
    58    users = [
    59      {admin = "admin"}
    60    ]
    61  ```