Nothing
Authentication
In RestRserve: A Framework for Building HTTP API
knitr::opts_chunk$set(
collapse = TRUE,
comment = "#>",
results= 'markup'
)
Out of the box RestRserve provides two authentication schemas: Basic and Bearer.
Basic
Note that Basic authentication, should only be used over HTTPS (SSL) or within secure network. In HTTP protocol Authorization header (as well as other parts of the HTTP request) are plain text and are not encrypted!
According to AuthBackendBasic documentation first of all we need to provide an authentication function. It should take 2 arguments - user and password and return logical value - whether access is allowed for a given user or not.
library(RestRserve)
allowed_access = list(
"user-1" = "password-1",
"user-2" = "password-2"
)
auth_fun = function(user, password) {
res = FALSE
try({
res = identical(allowed_access[[user]], password)
}, silent = TRUE)
return(res)
}
Now we can create authentication backend.
basic_auth_backend = AuthBackendBasic$new(FUN = auth_fun)
Now let's create application which requires authorization in order to use /secure/factorial endpoint:
auth_mw = AuthMiddleware$new(
auth_backend = basic_auth_backend,
routes = "/secure/factorial",
id = "auth_middleware"
)
app = Application$new(middleware = list(auth_mw))
Let's add two endpoints - first public (/factorial) and second with restricted access (/secure/factorial):
factorial_handler = function(.req, .res) {
x = .req$get_param_query("x")
x = as.integer(x)
.res$set_body(factorial(x))
}
app$add_get("/factorial", factorial_handler)
app$add_get("/secure/factorial", factorial_handler)
As we can see first endpoint doesn't require any authentication:
req = Request$new(path = "/factorial", parameters_query = list(x = "5"))
res = app$process_request(req)
res$body
Let's try to send a request without credentials to the second endpoint:
req = Request$new(path = "/secure/factorial", parameters_query = list(x = "5"))
res = app$process_request(req)
res$body
As expected this gives 405 error.
Now let's add correct credentials:
credentials = jsonlite::base64_enc("user-1:password-1")
headers = list("Authorization" = sprintf("Basic %s", credentials))
req = Request$new(
path = "/secure/factorial",
parameters_query = list(x = "5"),
headers = headers
)
res = app$process_request(req)
res$body
Success!
Let's see what happens if password is wrong:
credentials = jsonlite::base64_enc("user-1:password-2")
headers = list("Authorization" = sprintf("Basic %s", credentials))
req = Request$new(
path = "/secure/factorial",
parameters_query = list(x = "5"),
headers = headers
)
res = app$process_request(req)
res$body
Bearer
Bearer authentication (also called "token" authentication) is an HTTP authentication scheme that involves security tokens called bearer tokens. The name "Bearer authentication" can be understood as "give access to the bearer of this token." The bearer token is a cryptic string, usually generated by the server in response to a login request. The client must send this token in the Authorization header when making requests to protected resources.
The Bearer authentication scheme was originally created as part of OAuth 2.0 in RFC 6750, but is sometimes also used on its own. Similarly to Basic authentication, Bearer authentication should only be used over HTTPS (SSL).
allowed_tokens = c(
"super_secure_token_1",
"super_secure_token_2"
)
auth_fun = function(token) {
res = FALSE
try({
res = token %in% allowed_tokens
}, silent = TRUE)
return(res)
}
basic_auth_backend = AuthBackendBearer$new(FUN = auth_fun)
As an alternative to requiring authentication for a single endpoint we can make it mandatory for all endpoints which start with certain pattern:
auth_mw = AuthMiddleware$new(
auth_backend = basic_auth_backend,
routes = "/secure/",
match = "partial",
id = "auth_middleware"
)
app = Application$new(middleware = list(auth_mw))
For example:
app$add_get("/hello0", function(req, res) {res$body = "OK"})
app$add_get("/secure/hello1", function(req, res) {res$body = "OK"})
app$add_get("/secure/hello2", function(req, res) {res$body = "OK"})
Request with valid token to /secure/hello1:
headers = list("Authorization" = "Bearer super_secure_token_1")
req = Request$new(
path = "/secure/hello1",
headers = headers
)
res = app$process_request(req)
res$body
Request with invalid token to /secure/hello2:
headers = list("Authorization" = "Bearer abcd")
req = Request$new(
path = "/secure/hello2",
headers = headers
)
res = app$process_request(req)
res$body
Request to endpoint which doesn't require authorization: /hello0:
req = Request$new(path = "/hello0")
res = app$process_request(req)
res$body
Try the RestRserve package in your browser
Any scripts or data that you put into this service are public.
RestRserve documentation built on Sept. 12, 2022, 9:06 a.m.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
knitr::opts_chunk$set( collapse = TRUE, comment = "#>", results= 'markup' )
Out of the box RestRserve provides two authentication schemas: Basic and Bearer.
Basic
Note that Basic authentication, should only be used over HTTPS (SSL) or within secure network. In HTTP protocol Authorization header (as well as other parts of the HTTP request) are plain text and are not encrypted!
According to AuthBackendBasic documentation first of all we need to provide an authentication function. It should take 2 arguments - user and password and return logical value - whether access is allowed for a given user or not.
library(RestRserve) allowed_access = list( "user-1" = "password-1", "user-2" = "password-2" ) auth_fun = function(user, password) { res = FALSE try({ res = identical(allowed_access[[user]], password) }, silent = TRUE) return(res) }
Now we can create authentication backend.
basic_auth_backend = AuthBackendBasic$new(FUN = auth_fun)
Now let's create application which requires authorization in order to use /secure/factorial endpoint:
auth_mw = AuthMiddleware$new( auth_backend = basic_auth_backend, routes = "/secure/factorial", id = "auth_middleware" ) app = Application$new(middleware = list(auth_mw))
Let's add two endpoints - first public (/factorial) and second with restricted access (/secure/factorial):
factorial_handler = function(.req, .res) { x = .req$get_param_query("x") x = as.integer(x) .res$set_body(factorial(x)) } app$add_get("/factorial", factorial_handler) app$add_get("/secure/factorial", factorial_handler)
As we can see first endpoint doesn't require any authentication:
req = Request$new(path = "/factorial", parameters_query = list(x = "5")) res = app$process_request(req) res$body
Let's try to send a request without credentials to the second endpoint:
req = Request$new(path = "/secure/factorial", parameters_query = list(x = "5")) res = app$process_request(req) res$body
As expected this gives 405 error.
Now let's add correct credentials:
credentials = jsonlite::base64_enc("user-1:password-1") headers = list("Authorization" = sprintf("Basic %s", credentials)) req = Request$new( path = "/secure/factorial", parameters_query = list(x = "5"), headers = headers ) res = app$process_request(req) res$body
Success!
Let's see what happens if password is wrong:
credentials = jsonlite::base64_enc("user-1:password-2") headers = list("Authorization" = sprintf("Basic %s", credentials)) req = Request$new( path = "/secure/factorial", parameters_query = list(x = "5"), headers = headers ) res = app$process_request(req) res$body
Bearer
Bearer authentication (also called "token" authentication) is an HTTP authentication scheme that involves security tokens called bearer tokens. The name "Bearer authentication" can be understood as "give access to the bearer of this token." The bearer token is a cryptic string, usually generated by the server in response to a login request. The client must send this token in the Authorization header when making requests to protected resources.
The Bearer authentication scheme was originally created as part of OAuth 2.0 in RFC 6750, but is sometimes also used on its own. Similarly to Basic authentication, Bearer authentication should only be used over HTTPS (SSL).
allowed_tokens = c( "super_secure_token_1", "super_secure_token_2" ) auth_fun = function(token) { res = FALSE try({ res = token %in% allowed_tokens }, silent = TRUE) return(res) } basic_auth_backend = AuthBackendBearer$new(FUN = auth_fun)
As an alternative to requiring authentication for a single endpoint we can make it mandatory for all endpoints which start with certain pattern:
auth_mw = AuthMiddleware$new( auth_backend = basic_auth_backend, routes = "/secure/", match = "partial", id = "auth_middleware" ) app = Application$new(middleware = list(auth_mw))
For example:
app$add_get("/hello0", function(req, res) {res$body = "OK"}) app$add_get("/secure/hello1", function(req, res) {res$body = "OK"}) app$add_get("/secure/hello2", function(req, res) {res$body = "OK"})
Request with valid token to /secure/hello1:
headers = list("Authorization" = "Bearer super_secure_token_1") req = Request$new( path = "/secure/hello1", headers = headers ) res = app$process_request(req) res$body
Request with invalid token to /secure/hello2:
headers = list("Authorization" = "Bearer abcd") req = Request$new( path = "/secure/hello2", headers = headers ) res = app$process_request(req) res$body
Request to endpoint which doesn't require authorization: /hello0:
req = Request$new(path = "/hello0") res = app$process_request(req) res$body
Try the RestRserve package in your browser
Any scripts or data that you put into this service are public.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
Embedding an R snippet on your website
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.