ballerina/auth

Overview

This module provides a framework for authentication/authorization with the Basic Authentication scheme as specified in RFC 7617.

The "Basic" Hypertext Transfer Protocol (HTTP) authentication scheme transmits credentials as user-id/password pairs encoded using Base64. This scheme is not considered to be a secure method of user authentication unless used in conjunction with some external secure system such as TLS as the user ID and password are passed over the network as cleartext.

The Ballerina auth module facilitates auth providers that are to be used by the clients and listeners of different protocol connectors.

Listener File User Store Basic Auth Provider

Represents the file user store based listener Basic Auth provider, which is used to authenticate the provided credentials against the provided file user store configurations. The users are denoted by a section in the Config.toml file. The username, password, and the scopes of a particular user are denoted as keys under the users section as shown below. For multiple users, the complete section has to be duplicated.

1[[ballerina.auth.users]]
2username="alice"
3password="xxx"
4scopes=["read", "write"]

Listener LDAP User Store Basic Auth Provider

Represents the LDAP-based listener Basic Auth provider, which is used to authenticate the provided credentials against the provided LDAP user store configurations. This connects to an active directory or an LDAP, which retrieves the necessary user information and performs authentication and authorization.

Client Basic Auth Provider

Represents the client Basic Auth provider, which is used to authenticate with an external endpoint by generating a Basic Auth token against the provided credential configurations.

Functions

[1]

extractUsernameAndPassword

Extracts the username and the password from the Base64-encoded username:password value.

Classes

[3]

ClientBasicAuthProvider

Represents the client Basic Auth provider, which is used to authenticate with an external endpoint by generating a Basic Auth token against the provided credential configurations.

ListenerFileUserStoreBasicAuthProvider

Represents the file user store based listener Basic Auth provider, which is used to authenticate the provided credentials against the provided file user store configurations.

ListenerLdapUserStoreBasicAuthProvider

Represents the LDAP-based listener Basic Auth provider, which is used to authenticate the provided credentials against the provided LDAP user store configurations.

Object Types

[1]

ListenerBasicAuthProvider

Represents the listener Basic Auth provider, which could be used to authenticate credentials.

Records

[5]

CredentialsConfig

Represents credentials for Basic Auth authentication.

FileUserStoreConfig

Represents the file user store configurations.

LdapUserStoreConfig

Represents the LDAP user store configurations.

SecureSocket

Represents the SSL/TLS configurations.

UserDetails

Represents the details of the authenticated user.

Errors

[1]

Error

Represents the error type of the module.