Authentication

Authentication is done to provide restricted access only to the organizers. Authentication is done using asymmetric encryption. After authentication, JWT tokens are used to provide access for further usage of API's.

Usage

Configuration

For signing JWT tokens using HMAC algorithm jwt_secret is required which can be configured in the beast global config (config.toml) as:

jwt_secret = "beast_jwt_secret_SUPER_STRONG_0x100010000100"

The SSH keys are used for assymetric authentication which can be registered directly from the terminal using:

beast create-author --name <username> --email <email> --publickey <pub-key-location>

Or it can be given in the challenge description(beast.toml) :

[author]
ssh_key = "<public key>"

This key gets added in the database when beast.toml is validated.

Flow

Once the public key is registered in the database, the user can get a JWT token through the following steps : * First make a GET request on URL : /auth/<username> * The response will be of the format :

{
    "challenge" :   "Challenge String",
    "message"   :   "<solve message>"
}
{
    "token"    :    "YOUR_AUTHENTICATION_TOKEN",
    "role"     :    "<User Role>",
    "message"  :    "<Usage message>"
}
Authorization: Bearer YOUR_AUTHENTICATION_TOKEN

Alternative

If you have the beast binary with you, you can also use command :

beast getauth --identity <path to ssh-private-key> --username <username> --host <host-string>

This command will give you the JWT token for usage in other APIs by adding in the HTTP header.