falk-werner_webfuse/doc/authentication.md

# Authentication

Webfuse supports two authentications mechanisms:

- token-based authentication using HTTP headers
- in-protocol authentication

To activate authentication, two command line option can be specified:

- `--wf-authenticator PATH`  
  allows to specify an executable used for authentication
- `--wf-auth-header HEADER` _(optional)_
  allows to specify the HTTP header used for authentication

When `--wf-auth-header` is not specifiend or the header is not contained
in the HTTP request, the in-protocol solutions is used: Before any other
operation, the credentials are queried via `getcreds`request.

## Authenticator

An authenticator is an executable or script used for token-based
authentication. During HTTP handshake, webfuse will scan for the
configured HTTP header and invoke the authenticator.

    authenticator TOKEN

The provided `token` contains the contents of the HTTP header.

## Header restrictions

Note that not any HTTP header can be specified using `--wf-auth-header`
option. The following headers are supported:

- `X-Auth-Token`
- `Authorization`

In addition to that, any non-standard header can be specified.

Due to implementation limitation, most standard headers can not be used by now. Please let us know, when you intend to use a header that is not supported yet. Please create an issue in that case.
enhance documentation 2023-01-15 20:00:10 +00:00			`# Authentication`

add in-protocol authentication mechanism 2023-01-22 19:53:50 +00:00			`Webfuse supports two authentications mechanisms:`

			`- token-based authentication using HTTP headers`
			`- in-protocol authentication`

Apply suggestions from code review 2023-02-01 17:38:40 +00:00			`To activate authentication, two command line option can be specified:`
enhance documentation 2023-01-15 20:00:10 +00:00
			- `--wf-authenticator PATH`
			`allows to specify an executable used for authentication`
add in-protocol authentication mechanism 2023-01-22 19:53:50 +00:00			- `--wf-auth-header HEADER` _(optional)_
enhance documentation 2023-01-15 20:00:10 +00:00			`allows to specify the HTTP header used for authentication`

add in-protocol authentication mechanism 2023-01-22 19:53:50 +00:00			When `--wf-auth-header` is not specifiend or the header is not contained
			`in the HTTP request, the in-protocol solutions is used: Before any other`
			operation, the credentials are queried via `getcreds`request.

enhance documentation 2023-01-15 20:00:10 +00:00			`## Authenticator`

			`An authenticator is an executable or script used for token-based`
			`authentication. During HTTP handshake, webfuse will scan for the`
			`configured HTTP header and invoke the authenticator.`

			`authenticator TOKEN`

			The provided `token` contains the contents of the HTTP header.

			`## Header restrictions`

			Note that not any HTTP header can be specified using `--wf-auth-header`
			`option. The following headers are supported:`

			- `X-Auth-Token`
			- `Authorization`

			`In addition to that, any non-standard header can be specified.`

			`Due to implementation limitation, most standard headers can not be used by now. Please let us know, when you intend to use a header that is not supported yet. Please create an issue in that case.`