Skip to content

Latest commit

 

History

History
 
 

riptide-auth

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 

Riptide: Auth

Droplets on fence

Javadoc Maven Central

Riptide: Auth adds authentication and authorization support to Riptide.

Example

Http http = Http.builder()
    .executor(..)
    .requestFactory(..)
    .plugin(new AuthorizationPlugin(
        new BasicAuthorizationProvider("username", "password")
    ))
    .build();
HTTP/1.1 GET /example
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=

Features

Dependencies

  • Java 8
  • Riptide: Core

Installation

Add the following dependency to your project:

<dependency>
    <groupId>org.zalando</groupId>
    <artifactId>riptide-auth</artifactId>
    <version>${riptide.version}</version>
</dependency>

Usage

The AuthorizationPlugin requires an AuthorizationProvider.

Basic Access Authentication (Basic Auth)

The most primitive authorization provider is the BasicAuthorizationProvider which supports Basic Access Authentication (RFC 7617):

new BasicAuthorizationProvider("username", "password")

See the example above.

Internally at Zalando we use a K8s secrets (called platform credentials) that are mounted as files and rotated on regular basis. The mounted directory structure looks like this:

meta
└── credentials
    ├── example-token-secret
    └── example-token-type

The built-in PlatformCredentialsAuthorizationProvider reads those:

new PlatformCredentialsAuthorizationProvider("example")

Given a type Bearer and a token eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.e30. it will produce the following Authorization header:

HTTP/1.1 GET /example
Authorization: Bearer eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.e30.

Custom Authorization

The AuthorizationProvider is a pretty simple interface:

public interface AuthorizationProvider {
    String get() throws IOException;
}

It and can be implemented directly if needed:

new AuthorizationPlugin(() -> "token " + readTokenFromSomeWhere());

Override

If an Authorization header is specified directly it will take precedence and the configured authorization provider will step back:

http.get("/example")
    .header("Authorization", "Bearer " + token)
    .dispatch(..);

Getting Help

If you have questions, concerns, bug reports, etc., please file an issue in this repository's Issue Tracker.

Getting Involved/Contributing

To contribute, simply make a pull request and add a brief description (1-2 sentences) of your addition or change. For more details, check the contribution guidelines.