Authorization

Luden has two types of authorization: API Keys (client/server secrets) and admin tokens.

YAML Configuration

Authorization can be configured via YAML array of objects.

server:
  ...

api_keys:
  - id: unique_tokenId
    client_secret: bd33c5fa-d69f-11ea-87d0-0242ac130003
    server_secret: 5f15eba2-db58-11ea-87d0-0242ac130003
    origins:
      - '*abc.com'
      - 'efg.com'
  - id: unique_tokenId2
    client_secret: 123jsy213c5fa-c20765a0-d69f003
  - id: unique_tokenId3
    server_secret: 231dasds-3211kb3rdf-412dkjnabf

destinations: ...

Also, API Keys can be configured via plain string. In this case, the plain string will be parsed as a client secret.

server:
  ...

api_keys: 193b6281-f211-47a9-b384-102cf4cd2d55 #client secret

destinations: ...

HTTP URL

server:
  api_keys_reload_sec: 30
  ...

api_keys: 'https://token-source.com/path'

destinations: ...

Authorization will be reloaded every api_keys_reload_sec seconds. Default value is 3 seconds.

HTTP requests are sent with If-Modified-Since header. If HTTP response returns 304 code authorization isn't reconfigured. If authorization content was changed (or logic isn't supported) - HTTP response must return 200 code, Last-Modified header, and body with the following structure:

{
  "tokens": [ #array of json objects
    {
      "id": "uniq_id_1",
      "client_secret": "123dasbc",
      "server_secret": "abcc22",
      "origins": ["abc.com", "*.yourdomain.com"]
    }
  ]
}