-
Notifications
You must be signed in to change notification settings - Fork 20
Authentication
There are three types of Authentication currently supported in Trellis: Anonymous Auth, Basic Auth and Token-based Auth. Any combination of these authentication types is possible, including enabling all or none of them.
This is a mechanism for allowing anonymous users to interact with Trellis. Assuming that no Authorization header is sent in a request, the effective user will be http://www.trellisldp.org/ns/trellis#AnonymousUser. If WebAC authorization is enabled, then one's ability to read from or write to the server will be dependent on the resource's WebAC configuration.
This is a mechanism by which users login with a username and password. This means that the Trellis system will need to manage these usernames and passwords (Note: it is recommended that this mechanism be reserved for a small number of (possibly) administrative users). This relies on an Authorization header that includes a base64-encoded username:password string. When used over simple HTTP, this is an inherently insecure protocol.
The users file that is consulted when a client logs in takes the following form:
username : password : webid
where each field is separated by a colon (:). The webid should be a URL, uniquely identifying the user.
JWT Authentication is a token-based authentication mechanism that consists of a set of claims about the user on whose behalf the request is being made. The request is digitally signed with a shared key, known by the trellis server and the server that generates the tokens. This is the recommended way to authenticate users.