Overview
Basic Authentication
Basic Authentication
Add Basic Authentication to your APIs, with username and password protection. The plugin will check for valid credentials in the Proxy-Authorization and Authorization header (in this order).
Use the username and password for your apis
The span> interface set adds basic authentication. The plug-in verifies the user’s valid authentication information through the Authorization information in the header header.
Configuration
Configuring the plugin is straightforward, you can add it on top of an API by executing the following request on your Kong server:
$ curl -X POST http:// kong:8001/apis/{api}/plugins \
–data “name =basic-auth” \
–data “config.hide_credentials=true”
api: The id or name of the API that this plugin configuration will target
Configuring the plugin is easy, you can follow the below Operation, skillfully add a plug-in plug-in.
$ curl -X POST http://kong:8001/apis/{api}/plugins \
–data “name=basic-auth” \
–data ” config.hide_credentials=true”
–data indicates the parameters for configuring the plug-in.
{api} indicates the goal of the application plugin api.
You can also apply it for every API using the http://kong:8001/plugins/endpoint. Read the Plugin Reference for more information.
You can also apply to all apiOn the above, use http://kong:8001/plugins/ such an address, which means that it is applied to the global api. Read the plugin guide for more information.
Once applied, any user with a valid credential can access the service/API. To restrict usage to only some of the authenticated users, also add the ACL plugin (not covered here) and create whitelist or blacklist groups of users.
Once applied, any validly authenticated user has the right to call the service/api. In order to restrict the use of certain users, you can also Add the ACL plug-in for users. By configuring the blacklist, the whitelist achieves the limiting effect.
Introduction to form field parameters:
Form field name default value description span>
name(required) none Plugin name, here the plug-in name is:basic-auth
config.hide_credentials(optional)< span> false booleantype, tell the plug-in whether it is upstreamAPIThe service hides the authentication information. If you configure true, the plug-in will clear the authentication information, and then forward the request to the upstreamapi service.
config.anonymous(optional) Empty String type, used to As an anonymous user, if authentication fails. If it is empty, when the request fails, an error authentication message of 4xx will be returned.
1.Createapi
api-name: testBasicAuth
hosts:10.110 .2.3
Visiturl:/test
Sourceurl:http: //10.110.2.54:8040/health
Other defaults are fine, and it depends on the specific situation of the business.
After creation: Client access: http://10.110.2.3:8000/test Verify thatapican be successfully called.
2.Create user
username:consumerOfBasic ,Custom Id:cidBasic.
3.Create for usersbasic auth
Createbasic-authuser and secret key:username=csOfBasic< span class="s5">,password=testkongpwd. Note that username and consumer username are not the same here, they areusername Is the user’s only public username,basic-auth usernamethere can be more than one. The specific operation is as follows:
4.New Add onebasic-authplugin
The scope is all api.
5.Call example
Yesbasic-authUser and secret key:username=csOfBasic,password=testkongpwdin the following formatbase64< span class="s5">Code:
csOfBasic:testkongpwd Y3NPZkJhc2ljOnRlc3Rrb25ncHdk
Please copycsOfBasic:testkongpwdto yourbase64Test in the encoding code, the encoded ciphertext must be Y3NPZkJhc2ljOnRlc3Rrb25ncHdk, if not, then yourbase64 encoding The code must be wrong.
The following method is successfully verified!
Verification1:curl http: //10.110.2.3:8000/test -H ‘Authorization: Basic Y3NPZkJhc2ljOnRlc3Rrb25ncHdk’
Verification2:basic certification, inheaderkey=Authorization,value= Basic Y3NPZkJhc2ljOnRlc3Rrb25ncHdk
< p>