我的书签
添加书签
移除书签Authentication
eKuiper support JWT RSA256 authentication for the RESTful management APIs since 1.4.0 if enabled . Users need put their Public Key in etc/mgmt folder and use the corresponding Private key to sign the JWT Tokens.
When user request the RESTful apis, put the Token in http request headers in the following format:
Authorization: XXXXXXXXXXXXXXX
If the token is correct, eKuiper will respond the result; otherwise, it will return http 401code.
JWT Header
{"typ": "JWT","alg": "RS256"}
JWT payload
The JWT Payload should use the following format
| field | optional | meaning |
|---|---|---|
| iss | false | Issuer , must use the same name with the public key put in etc/mgmt |
| aud | false | Audience , must be eKuiper |
| exp | true | Expiration Time |
| jti | true | JWT ID |
| iat | true | Issued At |
| nbf | true | Not Before |
| sub | true | Subject |
There is an example in json format
{"iss": "sample_key.pub","adu": "eKuiper"}
When use this format, user must make sure the correct Public key file sample_key.pub are under etc/mgmt .
JWT Signature
need use the Private key to sign the Tokens and put the corresponding Public Key in etc/mgmt .
