diff options
Diffstat (limited to 'docs/sections/services/dfc/http-notes.rst')
-rw-r--r-- | docs/sections/services/dfc/http-notes.rst | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/docs/sections/services/dfc/http-notes.rst b/docs/sections/services/dfc/http-notes.rst index 7f65b6ca..c45c7bd8 100644 --- a/docs/sections/services/dfc/http-notes.rst +++ b/docs/sections/services/dfc/http-notes.rst @@ -112,3 +112,23 @@ Note, effective way of authentication depends of uri provided and http server co If port number was not supplied , port 443 is used by default. Every file is sent through separate https connection. + +JWT token in HTTP/HTTPS connection +"""""""""""""""""""""""""""""""""" + +JWT token is processed, if it is provided as a ``access_token`` in the query part of the **location** entry: + +.. code-block:: bash + + scheme://host:port/path?access_token=<token> + i.e. + https://example.com:443/C20200502.1830+0200-20200502.1845+0200_195500.xml.gz?access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJkZW1vIiwiaWF0IjoxNTE2MjM5MDIyfQ.MWyG1QSymi-RtG6pkiYrXD93ZY9NJzaPI-wS4MEpUto + +JWT tokens are consumed both in HTTP and HTTPS connections. Using JWT token is optional. If it is provided, its +**validity is not verified**. Token is extracted to the HTTP header as ``Authorization: Bearer <token>`` and is **NOT** +used in URL in HTTP GET call. Only single JWT token entry in the query is acceptable. If more than one ''access_token'' +entry is found in the query, such situation is reported as error and DFC tries to download file without token. Another +query parameters are not modified at all and are used in URL in HTTP GET call. + +If both JWT token and basic authentication are provided, JWT token has the priority. Such situation is considered +as fault and is logged on warning level. |