summaryrefslogtreecommitdiffstats
path: root/docs/sections/services/dfc/http-notes.rst
diff options
context:
space:
mode:
Diffstat (limited to 'docs/sections/services/dfc/http-notes.rst')
-rw-r--r--docs/sections/services/dfc/http-notes.rst20
1 files changed, 20 insertions, 0 deletions
diff --git a/docs/sections/services/dfc/http-notes.rst b/docs/sections/services/dfc/http-notes.rst
index 7f65b6ca..c45c7bd8 100644
--- a/docs/sections/services/dfc/http-notes.rst
+++ b/docs/sections/services/dfc/http-notes.rst
@@ -112,3 +112,23 @@ Note, effective way of authentication depends of uri provided and http server co
If port number was not supplied , port 443 is used by default.
Every file is sent through separate https connection.
+
+JWT token in HTTP/HTTPS connection
+""""""""""""""""""""""""""""""""""
+
+JWT token is processed, if it is provided as a ``access_token`` in the query part of the **location** entry:
+
+.. code-block:: bash
+
+ scheme://host:port/path?access_token=<token>
+ i.e.
+ https://example.com:443/C20200502.1830+0200-20200502.1845+0200_195500.xml.gz?access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJkZW1vIiwiaWF0IjoxNTE2MjM5MDIyfQ.MWyG1QSymi-RtG6pkiYrXD93ZY9NJzaPI-wS4MEpUto
+
+JWT tokens are consumed both in HTTP and HTTPS connections. Using JWT token is optional. If it is provided, its
+**validity is not verified**. Token is extracted to the HTTP header as ``Authorization: Bearer <token>`` and is **NOT**
+used in URL in HTTP GET call. Only single JWT token entry in the query is acceptable. If more than one ''access_token''
+entry is found in the query, such situation is reported as error and DFC tries to download file without token. Another
+query parameters are not modified at all and are used in URL in HTTP GET call.
+
+If both JWT token and basic authentication are provided, JWT token has the priority. Such situation is considered
+as fault and is logged on warning level.