From bd1cda46a87275792ebc7558ee1ed4ec1f1038b4 Mon Sep 17 00:00:00 2001 From: Jai Radhakrishnan <55522316+jairad26@users.noreply.github.com> Date: Wed, 16 Oct 2024 16:40:09 -0700 Subject: [PATCH 1/3] add auth docs --- modus/authentication.mdx | 70 +++++++++++++++++++ styles/config/vocabularies/general/accept.txt | 3 +- 2 files changed, 72 insertions(+), 1 deletion(-) diff --git a/modus/authentication.mdx b/modus/authentication.mdx index bd098b6f..6bd9edea 100644 --- a/modus/authentication.mdx +++ b/modus/authentication.mdx @@ -2,3 +2,73 @@ title: Authentication description: "" --- + +Modus supports authentication via the `Authorization` header in HTTP requests. You can use the +`Authorization` header to pass a JWT bearer token to your Modus app. The token can be used to +authenticate the user and authorize access to resources. + +## Setting verification keys + +To verify the token, you must pass the public keys via environment variables to modus, using the +`MODUS_PEMS` environment variable. The value of the `MODUS_PEMS` environment variable should be a +JSON object with the public keys as key-value pairs. This way, Modus can deserialize this into a map +of public keys, and use them to verify the token. + +This is an example of how to set the `MODUS_PEMS` environment variable: + +```bash +export MODUS_PEMS='{\"key1\":\"-----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJ9z1z1z1z1z1z\\n-----END PUBLIC KEY-----\"}' +``` + +## Verifying tokens + +To verify the token, Modus uses the public keys passed via the `MODUS_PEMS` environment variable. If +the token is verifiable with any of the verification keys provided, Modus decodes the JWT token and +pass the decoded claims as an environment variable, allowing access through host functions. + +## Accessing claims + +To access the decoded claims, you can use the `getJWTClaims()` function, available in both Golang +and AssemblyScript. The function allows the user to pass in a class to deserialize the claims into, +and returns an instance of the class with the claims. + +This is an example of how to use the `getJWTClaims()` function in AssemblyScript: + +```ts AssemblyScript +import { auth } from "@hypermode/modus-sdk-as" + +@json +export class ExampleClaims { + public sub!: string + public exp!: i64 + public iat!: i64 +} + +export function getClaims(): ExampleClaims { + return auth.getJWTClaims() +} +``` + +This is an example of how to use the `getJWTClaims()` function in Golang: + +```go +package main + +import ( + "github.com/hypermodeinc/modus/sdk/go/pkg/auth" +) + +type ExampleClaims struct { + Sub string `json:"sub"` + Exp int64 `json:"exp"` + Iat int64 `json:"iat"` +} + +func GetClaims() (*ExampleClaims, error) { + return auth.GetJWTClaims[*ExampleClaims]() +} + +``` + +This allows users to access the claims in the token and use them to authenticate and authorize users +in their Modus app. diff --git a/styles/config/vocabularies/general/accept.txt b/styles/config/vocabularies/general/accept.txt index 337ca1f4..d3f40995 100644 --- a/styles/config/vocabularies/general/accept.txt +++ b/styles/config/vocabularies/general/accept.txt @@ -53,4 +53,5 @@ triaging upsert URL|url urql -UUID \ No newline at end of file +UUID +[Dd]eserialize \ No newline at end of file From de6f1b248ee2d7ba10eda01f7be71063cd27819f Mon Sep 17 00:00:00 2001 From: Jai Radhakrishnan <55522316+jairad26@users.noreply.github.com> Date: Wed, 16 Oct 2024 16:42:48 -0700 Subject: [PATCH 2/3] .: --- modus/authentication.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modus/authentication.mdx b/modus/authentication.mdx index 6bd9edea..9fe1fb43 100644 --- a/modus/authentication.mdx +++ b/modus/authentication.mdx @@ -4,8 +4,8 @@ description: "" --- Modus supports authentication via the `Authorization` header in HTTP requests. You can use the -`Authorization` header to pass a JWT bearer token to your Modus app. The token can be used to -authenticate the user and authorize access to resources. +`Authorization` header to pass a bearer JSON Web Token (JWT) to your Modus app. The token +authenticates the user and authorize access to resources. ## Setting verification keys From 75a812992fbc607e872e9201113eb6bf0567b865 Mon Sep 17 00:00:00 2001 From: Jai Radhakrishnan <55522316+jairad26@users.noreply.github.com> Date: Wed, 16 Oct 2024 16:43:31 -0700 Subject: [PATCH 3/3] . --- modus/authentication.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modus/authentication.mdx b/modus/authentication.mdx index 9fe1fb43..87d6143c 100644 --- a/modus/authentication.mdx +++ b/modus/authentication.mdx @@ -55,7 +55,7 @@ This is an example of how to use the `getJWTClaims()` function in Golang: package main import ( - "github.com/hypermodeinc/modus/sdk/go/pkg/auth" + "github.com/hypermodeinc/modus/sdk/go/pkg/auth" ) type ExampleClaims struct { @@ -65,7 +65,7 @@ type ExampleClaims struct { } func GetClaims() (*ExampleClaims, error) { - return auth.GetJWTClaims[*ExampleClaims]() + return auth.GetJWTClaims[*ExampleClaims]() } ```