diff options
Diffstat (limited to 'yarns/200-client-creds.yarn')
-rw-r--r-- | yarns/200-client-creds.yarn | 35 |
1 files changed, 20 insertions, 15 deletions
diff --git a/yarns/200-client-creds.yarn b/yarns/200-client-creds.yarn index f251c71..9eff22a 100644 --- a/yarns/200-client-creds.yarn +++ b/yarns/200-client-creds.yarn @@ -21,8 +21,8 @@ The `USERPASS` has the client id and secret encoded as is usual for [HTTP Basic authentication]: https://en.wikipedia.org/wiki/Basic_access_authentication Qvisqve checks the `grant_type` parameter, and extracts `USERPASS` to -get the client id and secret. It compares them against a static list -of clients, which it reads at startup from its configuration file: +get the client id and secret. It compares them against statically +created clients, which it reads from the filesystem. EXAMPLE Qvisqve configuration file in YAML config: @@ -34,19 +34,24 @@ of clients, which it reads at startup from its configuration file: ... deleted from example LkLFQC7Y66OYjna457hU545hfF99j7nxdseXQEhV96E4RUIub+6vS8TYDEk= -----END RSA PRIVATE KEY----- - clients: - test_api: - client_secret: - N: 16384 - hash: 5cf3b9cab1eacc818b73d229db...a023e938ee598f6c49749ef0429a889f7 - key_len: 128 - p: 1 - r: 8 - salt: 18112c4c50993ca5db908a15519c51e1 - version: 1 - allowed_scopes: - - foo - - bar + store: /var/lib/qvisqve + +Each client will be stored as a separate YAML file under the directory +configured in the "store" configuration variable. For example, the +client `test_api` is stored in `/var/lib/qvisqve/clients/test_api`: + + EXAMPLE + client_secret: + N: 16384 + hash: 5cf3b9cab1eacc818b73d229db...a023e938ee598f6c49749ef0429a889f7 + key_len: 128 + p: 1 + r: 8 + salt: 18112c4c50993ca5db908a15519c51e1 + version: 1 + allowed_scopes: + - foo + - bar Qvisqve checks that the client id given by the client is found, and that the offered client secret matches what's in the configuration |