19 lines
845 B
Markdown
19 lines
845 B
Markdown
# backend-auth
|
|
|
|
Beep backend auth proxy.
|
|
|
|
Is basically tailored just for traefik's Forward Authentication system. It takes a `GET`, `POST`, `PUT`, `PATCH` or `DELETE` request, reads a Bearer Auth JWT token if available. Alternatively, the token can be supplied in the querystring as `token`. Tokens in the Authorization header override tokens in the querystring. If it is not available or invalid, request fails with 4XX and traefik rejects the request. Otherwise, a success response is returned with a `X-User-Claim` header containing serialised user information. `OPTIONS` requests are allowed to pass through wholesale.
|
|
|
|
## Contents of `X-User-Claim`
|
|
|
|
```json
|
|
{
|
|
"userid": "<userid>",
|
|
"clientid": "<clientid>"
|
|
}
|
|
```
|
|
|
|
## Errors
|
|
|
|
`auth` responses with `400` if there is no token supplied, or `401` if there is an error processing the token.
|