Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add API Key Authentication #269

Merged
merged 7 commits into from
Sep 28, 2024

Conversation

dutchie032
Copy link
Collaborator

Added API Key authentication.

Due to a recurring question about authentication of clients I've implemented a Interceptor layer to the tonic server to check all calls for valid api keys.

example config:

auth.enabled = false --defaults to false
auth.tokens = {
    { client = "test", token = "Sometest" },
    { client = "another client", token = "Some other test" }
}

auth.tokens is a table of auth keys with their client name.
There can be a "default" client or a single key for all clients, but this is up to configuration.
There can be as many client keys as needed.

In the debug log the client that authenticates is logged.

Performance

Performance wise there is no notable difference.

Possible future features

Possibly in the future "expiration_date" can be added to automatically revoke issues, but I didn't think that was needed for a first implementation.

@rurounijones rurounijones changed the title Feature/authentication Add API Key Authentication Sep 11, 2024
Copy link
Contributor

@rurounijones rurounijones left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you update the README with a section specifically on Authentication with information on what clients should do (In general terms) to add authentication to their requests. (e.g. add the X-API-Key field to the header etc.)

README.md Show resolved Hide resolved
@dutchie032
Copy link
Collaborator Author

Updated PR with example c# code.
It's collapsible so won't take too much space, but a dev can have a look at the code.
(I know there's Go clients and maybe even others, but I didn't want to add code that I didn't know to work)
Would be nice to have it added by someone if they implement it in Go or other languages.

@rurounijones rurounijones self-requested a review September 28, 2024 06:29
@rurounijones rurounijones merged commit 36a187d into DCS-gRPC:main Sep 28, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants