opensource/supermq
1
0
Fork 0
mirror of https://github.com/absmach/supermq.git synced 2026-06-23 06:50:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

MF-1565 - Document Bearer, Thing and Basic Authorization header (#1566)

Browse Source 
* MF-1565 - Document Bearer Authorization header

Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>

* Fix auth, bootstrap, http and readers openapi

Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>

* Fix openapi

Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>

* Add enc key for bootstrap

Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>

* Fix typo

Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>

* Use global security

Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>

* Fix bearer formats

Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>

* Polish descriptions

Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>

* Fix boostrap and typo

Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>

Co-authored-by: Drasko DRASKOVIC <drasko.draskovic@gmail.com>
This commit is contained in:
Manuel Imperiale
2022-03-06 01:58:47 +01:00
committed by GitHub
parent 0a6b2f135a
commit f3ed852b36
13 changed files with 169 additions and 224 deletions
Download Patch File Download Diff File Expand all files Collapse all files
api/openapi/auth.yml
+11 -35
View File
@@ -12,8 +12,6 @@ paths:
be uniquely identified by its ID.
tags:
- auth
parameters:
- $ref: "#/components/parameters/Authorization"
requestBody:
$ref: "#/components/requestBodies/KeyRequest"
responses:
@@ -35,7 +33,6 @@ paths:
tags:
- auth
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/ApiKeyId"
responses:
'200':
@@ -53,7 +50,6 @@ paths:
tags:
- auth
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/ApiKeyId"
responses:
'204':
@@ -70,7 +66,6 @@ paths:
tags:
- auth
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/requestBodies/GroupCreateReq"
responses:
'201':
@@ -92,7 +87,6 @@ paths:
tags:
- auth
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/Level"
- $ref: "#/components/parameters/Metadata"
- $ref: "#/components/parameters/Tree"
@@ -115,7 +109,6 @@ paths:
tags:
- auth
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/GroupId"
responses:
'200':
@@ -135,7 +128,6 @@ paths:
tags:
- auth
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/GroupId"
requestBody:
$ref: "#/components/requestBodies/GroupUpdateReq"
@@ -159,7 +151,6 @@ paths:
tags:
- auth
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/GroupId"
- $ref: "#/components/parameters/Level"
- $ref: "#/components/parameters/Metadata"
@@ -185,7 +176,6 @@ paths:
tags:
- auth
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/GroupId"
- $ref: "#/components/parameters/Level"
- $ref: "#/components/parameters/Metadata"
@@ -211,7 +201,6 @@ paths:
tags:
- auth
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/GroupId"
- $ref: "#/components/parameters/Level"
- $ref: "#/components/parameters/Metadata"
@@ -235,7 +224,6 @@ paths:
tags:
- auth
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/GroupId"
requestBody:
$ref: "#/components/requestBodies/MembersReq"
@@ -257,7 +245,6 @@ paths:
description: |
Array of member ids that are in the group specified with groupID.
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/GroupId"
- $ref: "#/components/parameters/Offset"
- $ref: "#/components/parameters/Limit"
@@ -276,7 +263,6 @@ paths:
tags:
- auth
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/UserGroupID"
requestBody:
$ref: "#/components/requestBodies/ShareGroupAccessReq"
@@ -297,7 +283,6 @@ paths:
description: |
Array of groups that member belongs to.
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/MemberId"
- $ref: "#/components/parameters/Offset"
- $ref: "#/components/parameters/Limit"
@@ -317,8 +302,6 @@ paths:
Also, only policies defined on the system are allowed to add. For more details, please see the docs for Authorization.
tags:
- auth
parameters:
- $ref: "#/components/parameters/AdminAuthorization"
requestBody:
$ref: "#/components/requestBodies/PoliciesReq"
responses:
@@ -343,8 +326,6 @@ paths:
Also, only policies defined on the system are allowed to delete. For more details, please see the docs for Authorization.
tags:
- auth
parameters:
- $ref: "#/components/parameters/AdminAuthorization"
requestBody:
$ref: "#/components/requestBodies/PoliciesReq"
responses:
@@ -559,14 +540,6 @@ components:
type: string
parameters:
Authorization:
name: Authorization
description: User's access token.
in: header
schema:
type: string
format: jwt
required: true
ApiKeyId:
name: id
description: API Key ID.
@@ -643,14 +616,6 @@ components:
schema:
type: boolean
default: false
AdminAuthorization:
name: Authorization
description: Admin's access token.
in: header
schema:
type: string
format: jwt
required: true
requestBodies:
KeyRequest:
@@ -757,3 +722,14 @@ components:
application/json:
schema:
$ref: "./schemas/HealthInfo.yml"
securitySchemes:
bearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
description: |
* Users access: "Authorization: Bearer <user_token>"
security:
- bearerAuth: []
api/openapi/bootstrap.yml
+32 -36
View File
@@ -13,8 +13,6 @@ paths:
the provided access token.
tags:
- configs
parameters:
- $ref: "#/components/parameters/Authorization"
requestBody:
$ref: "#/components/requestBodies/ConfigCreateReq"
responses:
@@ -38,7 +36,6 @@ paths:
tags:
- configs
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/Limit"
- $ref: "#/components/parameters/Offset"
- $ref: "#/components/parameters/State"
@@ -58,7 +55,6 @@ paths:
tags:
- configs
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/ConfigId"
responses:
'200':
@@ -78,7 +74,6 @@ paths:
tags:
- configs
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/ConfigId"
requestBody:
$ref: "#/components/requestBodies/ConfigUpdateReq"
@@ -103,7 +98,6 @@ paths:
tags:
- configs
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/ConfigId"
responses:
'204':
@@ -123,7 +117,6 @@ paths:
tags:
- configs
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/ConfigId"
requestBody:
$ref: "#/components/requestBodies/ConfigCertUpdateReq"
@@ -149,7 +142,6 @@ paths:
tags:
- configs
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/ConfigId"
requestBody:
$ref: "#/components/requestBodies/ConfigConnUpdateReq"
@@ -173,8 +165,9 @@ paths:
Retrieves a configuration with given external ID and external key.
tags:
- configs
security:
- bootstrapAuth: []
parameters:
- $ref: "#/components/parameters/ConfigAuth"
- $ref: "#/components/parameters/ExternalId"
responses:
'200':
@@ -194,8 +187,9 @@ paths:
Retrieves a configuration with given external ID and encrypted external key.
tags:
- configs
security:
- bootstrapEncAuth: []
parameters:
- $ref: "#/components/parameters/EncConfigAuth"
- $ref: "#/components/parameters/ExternalId"
responses:
'200':
@@ -214,7 +208,6 @@ paths:
tags:
- configs
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/ConfigId"
requestBody:
$ref: '#/components/requestBodies/ConfigStateUpdateReq'
@@ -344,31 +337,6 @@ components:
- content
parameters:
Authorization:
name: Authorization
description: User's access token.
in: header
schema:
type: string
format: jwt
required: true
ConfigAuth:
name: configAuthorization
description: Configuration external key.
in: header
schema:
type: string
required: true
EncConfigAuth:
name: configAuthorization
description: |
Hex-encoded configuration external key encrypted using
the AES algorithm and SHA256 sum of the external key
itself as an encryption key.
in: header
schema:
type: string
required: true
ConfigId:
name: configId
description: Unique Config identifier. It's the ID of the corresponding Thing.
@@ -533,3 +501,31 @@ components:
application/json:
schema:
$ref: "./schemas/HealthInfo.yml"
securitySchemes:
bearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
description: |
* Users access: "Authorization: Bearer <user_token>"
bootstrapAuth:
type: http
scheme: bearer
bearerFormat: string
description: |
* Things access: "Authorization: Thing <external_key>"
bootstrapEncAuth:
type: http
scheme: bearer
bearerFormat: aes-sha256-uuid
description: |
* Things access: "Authorization: Thing <external_enc_key>"
Hex-encoded configuration external key encrypted using
the AES algorithm and SHA256 sum of the external key
itself as an encryption key.
security:
- bearerAuth: []
api/openapi/certs.yml
+11 -12
View File
@@ -11,8 +11,6 @@ paths:
description: Creates a certificate for thing
tags:
- certs
parameters:
- $ref: "#/components/parameters/Authorization"
requestBody:
$ref: "#/components/requestBodies/CertReq"
responses:
@@ -32,7 +30,6 @@ paths:
tags:
- certs
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/CertID"
responses:
'200':
@@ -53,7 +50,6 @@ paths:
tags:
- certs
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/CertID"
responses:
'200':
@@ -73,7 +69,6 @@ paths:
tags:
- certs
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/ThingID"
responses:
'200':
@@ -100,13 +95,6 @@ paths:
components:
parameters:
Authorization:
name: Authorization
description: User's access token. Used instead of credentials in env or config.toml.
in: header
schema:
type: string
required: false
ThingID:
name: thingID
description: Thing ID
@@ -256,3 +244,14 @@ components:
application/json:
schema:
$ref: "./schemas/HealthInfo.yml"
securitySchemes:
bearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
description: |
* Users access: "Authorization: Bearer <user_token>"
security:
- bearerAuth: []
api/openapi/consumers-notifiers.yml
+11 -13
View File
@@ -10,8 +10,6 @@ paths:
description: Creates a new subscription give a topic and contact.
tags:
- notifiers
security:
- Authorization: []
requestBody:
$ref: "#/components/requestBodies/Create"
responses:
@@ -30,8 +28,6 @@ paths:
description: List subscriptions given list parameters.
tags:
- notifiers
security:
- Authorization: []
parameters:
- $ref: "#/components/parameters/Topic"
- $ref: "#/components/parameters/Contact"
@@ -52,8 +48,6 @@ paths:
description: Retrieves a subscription with the provided id.
tags:
- notifiers
security:
- Authorization: []
parameters:
- $ref: "#/components/parameters/Id"
responses:
@@ -68,8 +62,6 @@ paths:
description: Removes a subscription with the provided id.
tags:
- notifiers
security:
- Authorization: []
parameters:
- $ref: "#/components/parameters/Id"
responses:
@@ -91,11 +83,6 @@ paths:
$ref: "#/components/responses/ServiceError"
components:
securitySchemes:
Authorization:
type: http
scheme: bearer
bearerFormat: JWT
schemas:
Subscription:
type: object
@@ -220,3 +207,14 @@ components:
application/json:
schema:
$ref: "./schemas/HealthInfo.yml"
securitySchemes:
bearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
description: |
* Users access: "Authorization: Bearer <user_token>"
security:
- bearerAuth: []
api/openapi/http.yml
+32 -20
View File
@@ -6,9 +6,6 @@ info:
paths:
/channels/{id}/messages:
post:
security:
- jwtAuth: []
- basicAuth: []
summary: Sends message to the communication channel
description: |
Sends message to the communication channel. Messages can be sent as
@@ -106,14 +103,6 @@ components:
type: array
items:
$ref: "#/components/schemas/SenMLRecord"
securitySchemes:
basicAuth:
type: http
scheme: basic
jwtAuth:
type: apiKey
in: header
name: Authorization
parameters:
ID:
@@ -139,12 +128,35 @@ components:
schema:
$ref: "#/components/schemas/SenMLArray"
responses:
ServiceError:
description: Unexpected server-side error occurred.
HealthRes:
description: Service Health Check.
content:
application/json:
schema:
$ref: "./schemas/HealthInfo.yml"
responses:
ServiceError:
description: Unexpected server-side error occurred.
content:
application/json:
schema:
type: string
format: byte
HealthRes:
description: Service Health Check.
content:
application/json:
schema:
$ref: "./schemas/HealthInfo.yml"
securitySchemes:
bearerAuth:
type: http
scheme: bearer
bearerFormat: uuid
description: |
* Thing access: "Authorization: Thing <thing_key>"
basicAuth:
type: http
scheme: basic
description: |
* Things access: "Authorization: Basic <base64-encoded_credentials>"
security:
- bearerAuth: []
- basicAuth: []
api/openapi/provision.yml
+11 -14
View File
@@ -11,8 +11,6 @@ paths:
description: Adds new device to proxy
tags:
- provision
parameters:
- $ref: "#/components/parameters/Authorization"
requestBody:
$ref: "#/components/requestBodies/ProvisionReq"
responses:
@@ -31,8 +29,6 @@ paths:
configuration created with provision service.
tags:
- provision
parameters:
- $ref: "#/components/parameters/Authorization"
responses:
'200':
$ref: "#/components/responses/ProvisionRes"
@@ -52,16 +48,6 @@ paths:
$ref: "#/components/responses/ServiceError"
components:
parameters:
Authorization:
name: Authorization
description: User's access token. Used instead of credentials in env or config.toml.
in: header
schema:
type: string
format: jwt
required: false
requestBodies:
ProvisionReq:
description: MAC address of device or other identifier
@@ -95,3 +81,14 @@ components:
application/json:
schema:
$ref: "./schemas/HealthInfo.yml"
securitySchemes:
bearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
description: |
* Users access: "Authorization: Bearer <user_token>"
security:
- bearerAuth: []
api/openapi/readers.yml
+19 -11
View File
@@ -16,7 +16,6 @@ paths:
tags:
- messages
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/ChanId"
- $ref: "#/components/parameters/Limit"
- $ref: "#/components/parameters/Offset"
@@ -107,16 +106,6 @@ components:
description: Time of updating measurement.
parameters:
Authorization:
name: Authorization
description: |
Thing or User access token:
* For thing access use "Authorization: Thing <thing_key>"
* For user access use "Authorization: Bearer <user_token>"
in: header
schema:
type: string
required: true
ChanId:
name: chanId
description: Unique channel identifier.
@@ -231,3 +220,22 @@ components:
application/json:
schema:
$ref: "./schemas/HealthInfo.yml"
securitySchemes:
bearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
description: |
* Users access: "Authorization: Bearer <user_token>"
thingAuth:
type: http
scheme: bearer
bearerFormat: uuid
description: |
* Things access: "Authorization: Thing <thing_key>"
security:
- bearerAuth: []
- thingAuth: []
api/openapi/things.yml
+11 -37
View File
@@ -13,8 +13,6 @@ paths:
the provided access token.
tags:
- things
parameters:
- $ref: "#/components/parameters/Authorization"
requestBody:
$ref: "#/components/requestBodies/ThingCreateReq"
responses:
@@ -42,7 +40,6 @@ paths:
tags:
- things
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/Limit"
- $ref: "#/components/parameters/Offset"
- $ref: "#/components/parameters/Name"
@@ -73,8 +70,6 @@ paths:
increasing the subset size of the initial request.
tags:
- things
parameters:
- $ref: "#/components/parameters/Authorization"
requestBody:
$ref: "#/components/requestBodies/ThingsSearchReq"
responses:
@@ -98,8 +93,6 @@ paths:
the provided access token.
tags:
- things
parameters:
- $ref: "#/components/parameters/Authorization"
requestBody:
$ref: "#/components/requestBodies/ThingsCreateReq"
responses:
@@ -119,7 +112,6 @@ paths:
tags:
- things
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/ThingId"
responses:
'200':
@@ -141,7 +133,6 @@ paths:
tags:
- things
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/ThingId"
requestBody:
$ref: "#/components/requestBodies/ThingUpdateReq"
@@ -166,7 +157,6 @@ paths:
tags:
- things
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/ThingId"
responses:
'204':
@@ -186,7 +176,6 @@ paths:
tags:
- things
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/ThingId"
requestBody:
$ref: "#/components/requestBodies/ShareThingReq"
@@ -211,7 +200,6 @@ paths:
tags:
- things
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/ThingId"
requestBody:
$ref: "#/components/requestBodies/KeyUpdateReq"
@@ -238,8 +226,6 @@ paths:
be the channel's owner.
tags:
- channels
parameters:
- $ref: "#/components/parameters/Authorization"
requestBody:
$ref: "#/components/requestBodies/ChannelCreateReq"
responses:
@@ -265,7 +251,6 @@ paths:
tags:
- channels
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/Limit"
- $ref: "#/components/parameters/Offset"
- $ref: "#/components/parameters/Name"
@@ -291,8 +276,6 @@ paths:
the provided access token.
tags:
- channels
parameters:
- $ref: "#/components/parameters/Authorization"
requestBody:
$ref: "#/components/requestBodies/ChannelsCreateReq"
responses:
@@ -314,7 +297,6 @@ paths:
tags:
- channels
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/ChanId"
responses:
'200':
@@ -338,7 +320,6 @@ paths:
tags:
- channels
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/ChanId"
requestBody:
$ref: "#/components/requestBodies/ChannelCreateReq"
@@ -363,7 +344,6 @@ paths:
tags:
- channels
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/ChanId"
responses:
'204':
@@ -382,8 +362,6 @@ paths:
Channel and thing are owned by user identified using the provided access token.
tags:
- things
parameters:
- $ref: "#/components/parameters/Authorization"
requestBody:
$ref: "#/components/requestBodies/ConnCreateReq"
responses:
@@ -409,8 +387,6 @@ paths:
Channels and things are owned by user identified using the provided access token.
tags:
- things
parameters:
- $ref: "#/components/parameters/Authorization"
requestBody:
$ref: "#/components/requestBodies/DisconnReq"
responses:
@@ -435,7 +411,6 @@ paths:
tags:
- channels
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/ThingId"
- $ref: "#/components/parameters/Offset"
- $ref: "#/components/parameters/Limit"
@@ -462,7 +437,6 @@ paths:
tags:
- things
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/ChanId"
- $ref: "#/components/parameters/Offset"
- $ref: "#/components/parameters/Limit"
@@ -489,7 +463,6 @@ paths:
tags:
- channels
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/ChanId"
- $ref: "#/components/parameters/ThingId"
responses:
@@ -511,7 +484,6 @@ paths:
tags:
- channels
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/ChanId"
- $ref: "#/components/parameters/ThingId"
responses:
@@ -601,7 +573,6 @@ paths:
tags:
- things
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/GroupId"
- $ref: "#/components/parameters/Limit"
- $ref: "#/components/parameters/Offset"
@@ -811,14 +782,6 @@ components:
type: string
parameters:
Authorization:
name: Authorization
description: User's access token.
in: header
schema:
type: string
format: jwt
required: true
ChanId:
name: chanId
description: Unique channel identifier.
@@ -1113,3 +1076,14 @@ components:
application/json:
schema:
$ref: "./schemas/HealthInfo.yml"
securitySchemes:
bearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
description: |
* Users access: "Authorization: Bearer <user_token>"
security:
- bearerAuth: []
api/openapi/twins.yml
+11 -15
View File
@@ -13,8 +13,6 @@ paths:
the provided access token.
tags:
- twins
parameters:
- $ref: '#/components/parameters/Authorization'
requestBody:
$ref: "#/components/requestBodies/TwinReq"
responses:
@@ -37,7 +35,6 @@ paths:
tags:
- twins
parameters:
- $ref: '#/components/parameters/Authorization'
- $ref: '#/components/parameters/Limit'
- $ref: '#/components/parameters/Offset'
- $ref: '#/components/parameters/Name'
@@ -58,7 +55,6 @@ paths:
tags:
- twins
parameters:
- $ref: '#/components/parameters/Authorization'
- $ref: '#/components/parameters/TwinID'
responses:
'200':
@@ -79,7 +75,6 @@ paths:
tags:
- twins
parameters:
- $ref: '#/components/parameters/Authorization'
- $ref: '#/components/parameters/TwinID'
requestBody:
$ref: '#/components/requestBodies/TwinReq'
@@ -102,7 +97,6 @@ paths:
tags:
- twins
parameters:
- $ref: '#/components/parameters/Authorization'
- $ref: '#/components/parameters/TwinID'
responses:
'204':
@@ -126,7 +120,6 @@ paths:
- states
parameters:
- $ref: '#/components/parameters/TwinID'
- $ref: '#/components/parameters/Authorization'
- $ref: '#/components/parameters/Limit'
- $ref: '#/components/parameters/Offset'
responses:
@@ -153,14 +146,6 @@ paths:
components:
parameters:
Authorization:
name: Authorization
description: User's access token.
in: header
schema:
type: string
format: uuid
required: true
Limit:
name: limit
description: Size of the subset to retrieve.
@@ -381,3 +366,14 @@ components:
application/json:
schema:
$ref: "./schemas/HealthInfo.yml"
securitySchemes:
bearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
description: |
* Users access: "Authorization: Bearer <user_token>"
security:
- bearerAuth: []
api/openapi/users.yml
+11 -22
View File
@@ -38,7 +38,6 @@ paths:
tags:
- users
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/Limit"
- $ref: "#/components/parameters/Offset"
- $ref: "#/components/parameters/Metadata"
@@ -64,8 +63,6 @@ paths:
authorization token and the new received info.
tags:
- users
parameters:
- $ref: "#/components/parameters/Authorization"
requestBody:
$ref: "#/components/requestBodies/UserUpdateReq"
responses:
@@ -87,8 +84,6 @@ paths:
authorization token
tags:
- users
security:
- Authorization: []
responses:
'200':
$ref: "#/components/responses/UserRes"
@@ -109,7 +104,6 @@ paths:
tags:
- users
parameters:
- $ref: "#/components/parameters/Authorization"
- $ref: "#/components/parameters/GroupId"
- $ref: "#/components/parameters/Limit"
- $ref: "#/components/parameters/Offset"
@@ -210,8 +204,6 @@ paths:
When authenticated user wants to change password.
tags:
- users
security:
- Authorization: []
requestBody:
$ref: '#/components/requestBodies/PasswordChange'
responses:
@@ -235,12 +227,6 @@ paths:
$ref: "#/components/responses/ServiceError"
components:
securitySchemes:
Authorization:
type: http
scheme: bearer
bearerFormat: jwt
schemas:
Token:
type: object
@@ -317,14 +303,6 @@ components:
description: Error message
parameters:
Authorization:
name: Authorization
description: User's access token.
in: header
schema:
type: string
format: jwt
required: true
Referer:
name: Referer
description: Host being sent by browser.
@@ -473,3 +451,14 @@ components:
application/json:
schema:
$ref: "./schemas/HealthInfo.yml"
securitySchemes:
bearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
description: |
* Users access: "Authorization: Bearer <user_token>"
security:
- bearerAuth: []
certs/README.md
+2 -2
View File
@@ -12,7 +12,7 @@ To issue a certificate:
TOK=`curl -s --insecure -S -X POST http://localhost/tokens -H 'Content-Type: application/json' -d '{"email":"edge@email.com","password":"12345678"}' | jq -r '.token'`
curl -s -S -X POST http://localhost:8204/certs -H "Authorization: $TOK" -H 'Content-Type: application/json' -d '{"thing_id":<thing_id>, "key_bits":2048, "key_type":"rsa"}'
curl -s -S -X POST http://localhost:8204/certs -H "Authorization: Bearer $TOK" -H 'Content-Type: application/json' -d '{"thing_id":<thing_id>, "key_bits":2048, "key_type":"rsa"}'
```
```json
@@ -49,5 +49,5 @@ Issuing certificate is same as in **Development** mode.
In this mode certificates can also be revoked:
```bash
curl -s -S -X DELETE http://localhost:8204/certs/revoke -H "Authorization: $TOK" -H 'Content-Type: application/json' -d '{"thing_id":"c30b8842-507c-4bcd-973c-74008cef3be5"}'
curl -s -S -X DELETE http://localhost:8204/certs/revoke -H "Authorization: Bearer $TOK" -H 'Content-Type: application/json' -d '{"thing_id":"c30b8842-507c-4bcd-973c-74008cef3be5"}'
```
provision/README.md
+3 -3
View File
@@ -87,7 +87,7 @@ Additionally users or API token can be passed in Authorization header, this auth
* `username`, `password` - (`MF_PROVISION_USER`, `MF_PROVISION_PASSWORD` in [.env](../.env), `mf_user`, `mf_pass` in [config.toml](../docker/addons/provision/configs/config.toml))
* API Key - (`MF_PROVISION_API_KEY` in [.env](../.env) or [config.toml](../docker/addons/provision/configs/config.toml))
* `Authorization: Token|ApiKey` - request authorization header containing either users token or API key. Check [auth](../auth/README.md).
* `Authorization: Bearer Token|ApiKey` - request authorization header containing either users token or API key. Check [auth](../auth/README.md).
## Running
Provision service can be run as a standalone or in docker composition as addon to the core docker composition.
@@ -113,7 +113,7 @@ curl -s -S -X POST http://localhost:<MF_PROVISION_HTTP_PORT>/mapping -H 'Cont
In the case that provision service is not deployed with credentials or API key or you want to use user other than one being set in environment (or config file):
```bash
curl -s -S -X POST http://localhost:<MF_PROVISION_HTTP_PORT>/mapping -H "Authorization: <token|api_key>" -H 'Content-Type: application/json' -d '{"external_id": "<external_id>", "external_key": "<external_key>"}'
curl -s -S -X POST http://localhost:<MF_PROVISION_HTTP_PORT>/mapping -H "Authorization: Bearer <token|api_key>" -H 'Content-Type: application/json' -d '{"external_id": "<external_id>", "external_key": "<external_key>"}'
```
Or if you want to specify a name for thing different than in `config.toml` you can specify post data as:
@@ -162,7 +162,7 @@ Provision service has `/certs` endpoint that can be used to generate certificate
- `users_token` - users authentication token or API token
- `thing_id` - id of the thing for which certificate is going to be generated
```bash
curl -s -X POST http://localhost:8190/certs -H "Authorization: <users_token>" -H 'Content-Type: application/json' -d '{"thing_id": "<thing_id>", "key_bits":4096, "ttl":"2400h" }'
curl -s -X POST http://localhost:8190/certs -H "Authorization: Bearer <users_token>" -H 'Content-Type: application/json' -d '{"thing_id": "<thing_id>", "key_bits":4096, "ttl":"2400h" }'
```
```json
{
scripts/provision-dev.sh
+4 -4
View File
@@ -33,16 +33,16 @@ printf "JWT TOKEN for user is $JWTTOKEN \n"
#provision thing
printf "Provisioning thing with name $DEVICE \n"
curl -s -S --cacert docker/ssl/certs/mainflux-server.crt --insecure -X POST -H "Content-Type: application/json" -H "Authorization: $JWTTOKEN" https://localhost/things -d '{"name":"'"$DEVICE"'"}'
curl -s -S --cacert docker/ssl/certs/mainflux-server.crt --insecure -X POST -H "Content-Type: application/json" -H "Authorization: Bearer $JWTTOKEN" https://localhost/things -d '{"name":"'"$DEVICE"'"}'
#get thing token
DEVICETOKEN=$(curl -s -S --cacert docker/ssl/certs/mainflux-server.crt --insecure -H "Authorization: $JWTTOKEN" https://localhost/things/1 | grep -Po "key\":\"\K(.*)(?=\")")
DEVICETOKEN=$(curl -s -S --cacert docker/ssl/certs/mainflux-server.crt --insecure -H "Authorization: Bearer $JWTTOKEN" https://localhost/things/1 | grep -Po "key\":\"\K(.*)(?=\")")
printf "Device token is $DEVICETOKEN \n"
#provision channel
printf "Provisioning channel with name $CHANNEL \n"
curl -s -S --cacert docker/ssl/certs/mainflux-server.crt --insecure -X POST -H "Content-Type: application/json" -H "Authorization: $JWTTOKEN" https://localhost/channels -d '{"name":"'"$CHANNEL"'"}'
curl -s -S --cacert docker/ssl/certs/mainflux-server.crt --insecure -X POST -H "Content-Type: application/json" -H "Authorization: Bearer $JWTTOKEN" https://localhost/channels -d '{"name":"'"$CHANNEL"'"}'
#connect thing to channel
printf "Connecting thing to channel \n"
curl -s -S --cacert docker/ssl/certs/mainflux-server.crt --insecure -X PUT -H "Authorization: $JWTTOKEN" https://localhost/channels/1/things/1
curl -s -S --cacert docker/ssl/certs/mainflux-server.crt --insecure -X PUT -H "Authorization: Bearer $JWTTOKEN" https://localhost/channels/1/things/1