WebConnector: Request Authentication

Currently, two forms of access are supported:

• HTTP Basic Authentication
• Anonymous

Basic Authentication

HTTP Basic Authentication uses a user agent's numeric identifier or the agent's login name and passphrase as credentials:

Authorization: Basic BASE64([id or login name]:[passphrase])

To use this method, the agent has to already be stored in the network.

Anonymous

For anonymous access to work, maintainers of nodes offering a Web Connector to the las2peer network must provide a valid las2peer user agent's credentials in the WebConnector's configuration fields defaultLoginUser and defaultLoginPassword (cf. sample Web Connector configuration file)

OpenID Connect

When authenticating using OpenID Connect, the Implicit flow is supported. The obtained token can be passed as follows:

• in the Authorization header using the value Bearer <access_token> (strongly recommended)
• in the access_token header
• as access_token query parameter (not encouraged)

The OIDC provider defaults to https://api.learning-layers.eu/o/oauth2. The default can also be set in the WebConnector properties file. Furthermore, a WebConnector can specify a whitelist of OIDC endpoints which can be chosen for every request as follows:

• as value of the oidc_provider header
• as oidc_provider query parameter (not encouraged)

See https://github.com/learning-layers/openid-connect-button how to configure a new OIDC client.

This method will automatically create an agent for the OIDC login if it does not yet exist.