Open ID Connect (OIDC) token based authentication in JSON web token (JWT) format. OpenID Connect (OIDC) serves as an identity layer integrated with the OAuth 2.0 framework & OIDC utilizes JSON web tokens (JWTs), obtainable through flows that adhere to OAuth 2.0 specifications.
To ensure data integrity, each JWT is cryptographically signed, preventing unauthorized modification by clients or malicious parties. The payload data within the JWT consists of key-value pairs, commonly referred to as JWT "claims".
These claims encompass essential information such as details about the authenticated user, issue time, expiration time, and various other attributes.
From Tigergraph DB version 4.1.x token infromation is not stored in catalog, so token's partial names, expiration information is not visible on GSQL shell. And all tokens generated are at global level.
Enable RestPP authentication.
$ gadmin config set RESTPP.Factory.EnableAuth true
$ gadmin config apply -y
$ gadmin restart restpp
Then create a secret from GSQL shell
gsql> use global
gsql> create secret <random_name>
Then generate a JWT token (The unit of lifetime is seconds)
curl -X POST -H 'Content-Type: application/json' http://localhost:14240/gsql/v1/tokens -d '{"secret":"p8odjjhjlmjjbpbud4v82tcbo7g5vau8", "lifetime":"1000000"}' | jq
Now, using the generated token to query RESTPP endpoint or so
curl -X POST -H "Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0aWdlcmdyYXBoIiwiaWF0IjoxNzI0OTE2NTU5LCJleHAiOjE3MjU5MTY1NjQsImlzcyI6IlRpZ2VyR3JhcGgifQ.zK5giNrMMAPJUygwr82zS5JMcwRQmH997TcEFeKq9Ug" "http://localhost:9000/query/ldbc_snb/test" | jq
Response codes:
Failed status: 400 (miss query param), 401 (authentication failed), 403 (permission deny), 404 (query not found), 500 (internal server error)
Reference:
https://auth0.com/docs/secure/tokens/json-web-tokens/json-web-token-claims
***
No comments:
Post a Comment