Authentication
eKuiper support JWT RSA256 authentication for the RESTful management APIs since 1.4.0 if enabled . Users need put their Public Key in etc/mgmt folder and use the corresponding Private key to sign the JWT Tokens. When user request the RESTful apis, put the Token in http request headers in the following format:
go
Authorization: XXXXXXXXXXXXXXXIf the token is correct, eKuiper will respond the result; otherwise, it will return http 401code.
JWT Header
json
{
"typ": "JWT",
"alg": "RS256"
}JWT payload
The JWT Payload should use the following format
| field | optional | meaning |
|---|---|---|
| iss | false | Issuer , must use the same name with the public key put in etc/mgmt |
| aud | false | Audience , must be eKuiper |
| exp | true | Expiration Time |
| jti | true | JWT ID |
| iat | true | Issued At |
| nbf | true | Not Before |
| sub | true | Subject |
There is an example in json format
json
{
"iss": "sample_key.pub",
"adu": "eKuiper"
}When use this format, user must make sure the correct Public key file sample_key.pub are under etc/mgmt .
JWT Signature
need use the Private key to sign the Tokens and put the corresponding Public Key in etc/mgmt .