|
2 | 2 | title: Authentication |
3 | 3 | description: "" |
4 | 4 | --- |
| 5 | + |
| 6 | +Modus supports authentication via the `Authorization` header in HTTP requests. You can use the |
| 7 | +`Authorization` header to pass a JWT bearer token to your Modus app. The token can be used to |
| 8 | +authenticate the user and authorize access to resources. |
| 9 | + |
| 10 | +## Setting verification keys |
| 11 | + |
| 12 | +To verify the token, you must pass the public keys via environment variables to modus, using the |
| 13 | +`MODUS_PEMS` environment variable. The value of the `MODUS_PEMS` environment variable should be a |
| 14 | +JSON object with the public keys as key-value pairs. This way, Modus can deserialize this into a map |
| 15 | +of public keys, and use them to verify the token. |
| 16 | + |
| 17 | +This is an example of how to set the `MODUS_PEMS` environment variable: |
| 18 | + |
| 19 | +```bash |
| 20 | +export MODUS_PEMS='{\"key1\":\"-----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJ9z1z1z1z1z1z\\n-----END PUBLIC KEY-----\"}' |
| 21 | +``` |
| 22 | + |
| 23 | +## Verifying tokens |
| 24 | + |
| 25 | +To verify the token, Modus uses the public keys passed via the `MODUS_PEMS` environment variable. If |
| 26 | +the token is verifiable with any of the verification keys provided, Modus decodes the JWT token and |
| 27 | +pass the decoded claims as an environment variable, allowing access through host functions. |
| 28 | + |
| 29 | +## Accessing claims |
| 30 | + |
| 31 | +To access the decoded claims, you can use the `getJWTClaims()` function, available in both Golang |
| 32 | +and AssemblyScript. The function allows the user to pass in a class to deserialize the claims into, |
| 33 | +and returns an instance of the class with the claims. |
| 34 | + |
| 35 | +This is an example of how to use the `getJWTClaims()` function in AssemblyScript: |
| 36 | + |
| 37 | +```ts AssemblyScript |
| 38 | +import { auth } from "@hypermode/modus-sdk-as" |
| 39 | + |
| 40 | +@json |
| 41 | +export class ExampleClaims { |
| 42 | + public sub!: string |
| 43 | + public exp!: i64 |
| 44 | + public iat!: i64 |
| 45 | +} |
| 46 | + |
| 47 | +export function getClaims(): ExampleClaims { |
| 48 | + return auth.getJWTClaims<ExampleClaims>() |
| 49 | +} |
| 50 | +``` |
| 51 | + |
| 52 | +This is an example of how to use the `getJWTClaims()` function in Golang: |
| 53 | + |
| 54 | +```go |
| 55 | +package main |
| 56 | + |
| 57 | +import ( |
| 58 | + "github.com/hypermodeinc/modus/sdk/go/pkg/auth" |
| 59 | +) |
| 60 | + |
| 61 | +type ExampleClaims struct { |
| 62 | + Sub string `json:"sub"` |
| 63 | + Exp int64 `json:"exp"` |
| 64 | + Iat int64 `json:"iat"` |
| 65 | +} |
| 66 | + |
| 67 | +func GetClaims() (*ExampleClaims, error) { |
| 68 | + return auth.GetJWTClaims[*ExampleClaims]() |
| 69 | +} |
| 70 | + |
| 71 | +``` |
| 72 | + |
| 73 | +This allows users to access the claims in the token and use them to authenticate and authorize users |
| 74 | +in their Modus app. |
0 commit comments