Module : auth

Version : 1.0.0

Module Overview

This module provides the default authentication provider configurations, which can be extended to create new authentication providers and functions to interact with the auth:InvocationContext.

Invocation Context

The Invocation Context is a data holder, which is created per request and preserved for a single request-response flow. It comprises of auth-related information such as authentication scheme, auth token, and authenticated user's ID, claims, and scopes.

The following code snippet shows how to access the auth:InvocationContext and how to set the data and retrieve them.

Set data to the invocation context.

auth:InvocationContext invocationContext = auth:getInvocationContext();
invocationContext.token = "eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ";

Retrieve data from the invocation context.

string? authToken = auth:getInvocationContext()?.token;

For information on the operations, which you can perform with this module, see the below Objects. For examples on the usage of the operations, see the Secured Service with Basic Auth Example and Secured Client with Basic Auth Example.

Records

BasicAuthConfig

Represents the inbound Basic Authentication configurations.

Credential

Represents the Basic Authentication configurations, which are used by the HTTP endpoint.

InvocationContext

Represents the auth:InvocationContext.

Objects

InboundAuthProvider

Represents the inbound Auth provider, which could be used to authenticate endpoints.

InboundBasicAuthProvider

Represents the configuration file based inbound Basic Auth provider, which is an implementation of the auth:InboundAuthProvider interface.

A user is denoted by a section in the Ballerina configuration file.

OutboundAuthProvider

Represents the outbound Auth provider, which could be used to authenticate external endpoints.

OutboundBasicAuthProvider

Represents the outbound Basic Auth authenticator, which is an implementation of the auth:OutboundAuthProvider interface. This uses the usernames and passwords provided by the Ballerina configurations to authenticate external endpoints.

Functions

checkForScopeMatch

Checks whether the scopes of the user match the scopes of the resource.

extractUsernameAndPassword

Extracts the username and the password from the base64-encoded username:password value.

getInvocationContext

Returns the auth:InvocationContext instance.

setInvocationContext

Sets the authentication-related values to the invocation context.

Constants

DEFAULT_CHARSET

Default charset to be used with password hashing.

CONFIG_PREFIX

Prefix used to denote special configuration values.

CONFIG_PREFIX_SHA256

Prefix used to denote that the config value is a SHA-256 hash.

CONFIG_PREFIX_SHA384

Prefix used to denote that the config value is a SHA-384 hash.

CONFIG_PREFIX_SHA512

Prefix used to denote that the config value is a SHA-512 hash.

AUTH_SCHEME_BASIC

Prefix used to denote Basic Authentication scheme.

AUTH_SCHEME_BEARER

The prefix used to denote the Bearer Authentication scheme.

Types

Error

Represents the Auth module related error.

Errors

AuthError

Represents the Auth error.