The app that I am developing has an entry in the "Settings" section. I am binding to a Unix socket as recommended in the "How-to: Integrate into the ctrlX CORE system" document. As far as I can tell the proxy is sending HTTP (not HTTPS) requests through the Unix socket. I am correct in assuming that the proxy will only let properly authenticated requests be forwarded to my app, and handle user log-in if they are not?
Authentication and authorization
Hi Pablo,
let me try to answer a few of your questions.
a) Your assumption is correct, you can access the API via https://localhost/api/... (please note that https, not http is important). This should work when you include the bearer token in your request header or query parameter. This most likely the [network-bind] interface in your snapcraft.yaml
b) The token validity in terms of signature and expiration is checked for you via the reverse proxy, there is nothing you have to do manually.
c) The scopes are part of the bearer token. You have to parse the bearer token in your application and check whether the scope that your application expects is present. You can use https://jwt.io/ to decode a sample bearer token. For example your bearer token might look like this (encoded):
{
"exp": 1619214790,
"iat": 1619185990,
"id": "1000",
"name": "boschrexroth",
"nonce": "5844eb6f-46b1-48ff-9508-850bf65bd209",
"plchandle": 0,
"remoteauth": "",
"scope": [
"rexroth-device.all.rwx"
]
}
We are currently working on an example which will be part in the future SDK, but it is not finished yet.
Regards
Johannes