Authentication on Jikkouhttps://www.jikkou.io/docs/reference/api-server/configuration/authentication/Recent content in Authentication on JikkouHugoenBasic Authhttps://www.jikkou.io/docs/reference/api-server/configuration/authentication/basic_auth/Mon, 01 Jan 0001 00:00:00 +0000https://www.jikkou.io/docs/reference/api-server/configuration/authentication/basic_auth/<p>Jikkou API Server can be secured using a <strong>Basic HTTP Authentication Scheme</strong>.</p> <p><a href="https://datatracker.ietf.org/doc/html/rfc7617">RFC7617</a> defines the &ldquo;Basic&rdquo; Hypertext Transfer Protocol (HTTP) authentication scheme, which transmits credentials as user-id/password pairs, encoded using Base64.</p> <p>Basic Authentication should be used over a secured connection using HTTPS.</p> <h2 id="configure-basic-http-authentication">Configure Basic HTTP Authentication</h2> <h3 id="step1-enable-security">Step1: Enable security</h3> <p>Add the following configuration to your server configuration.</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># ./etc/application.yaml</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">micronaut</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">security</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span></span></span></code></pre></div><h3 id="step2-configure-the-list-of-users">Step2: Configure the list of users</h3> <p>The list of <code>username/password</code> authorized to connect to the API server can be configured as follows:</p>JWThttps://www.jikkou.io/docs/reference/api-server/configuration/authentication/jwt/Mon, 01 Jan 0001 00:00:00 +0000https://www.jikkou.io/docs/reference/api-server/configuration/authentication/jwt/<p>Jikkou API Server can be secured using <strong>JWT (JSON Web Token) Authentication</strong>.</p> <h2 id="configure-jwt">Configure JWT</h2> <h3 id="step1-set-jwt-signature-secret">Step1: Set JWT signature secret</h3> <p>Add the following configuration to your server configuration.</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># ./etc/application.yaml</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">micronaut</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">security</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">authentication</span><span class="p">:</span><span class="w"> </span><span class="l">bearer &lt;1&gt;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">token</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">jwt</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">signatures</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">secret</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">generator</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">secret</span><span class="p">:</span><span class="w"> </span><span class="l">${JWT_GENERATOR_SIGNATURE_SECRET:pleaseChangeThisSecretForANewOne} &lt;2&gt;</span><span class="w"> </span></span></span></code></pre></div><ul> <li><strong>&lt;1&gt;</strong> Set authentication to bearer to receive a JSON response from the login endpoint.</li> <li><strong>&lt;2&gt;</strong> Change this to your own secret and keep it safe (do not store this in your VCS).</li> </ul> <h3 id="step2-generate-a-token">Step2: Generate a Token</h3> <p>Generate a valid JSON Web Token on <code>https://jwt.io/</code> using your secret.</p>