Username and Password Authentication

Found an error? Have a suggestion?Edit this page on GitHub

Getting started with username and password authentication

User and password authentication is one of the most basic forms of authentication. This guide will walk through how to implement username and password authentication in Glee.

A sample asyncapi.yaml for a server with security requirements and user password security scheme is shown below:

1##server asyncAPI schema
2asyncapi: 3.0.0
3info:
4  title: AsyncAPI IMDB server
5  version: 1.0.0
6  description: This app is a dummy server that would stream the trending/upcoming anime.
7servers:
8  trendingAnimeServer:
9    host: 'localhost:8081'
10    protocol: http
11    security:
12      - $ref: '#/components/securitySchemes/userPass
13
14  ...
15
16components:
17  securitySchemes:
18    userPass:
19      type: userPassword
20

A sample asyncapi.yaml for a client that implements some of the requirements of the server above is as follows:

1##client asyncAPI schema
2servers:
3  trendingAnime:
4    host: localhost:8081
5    protocol: http
6    security:
7      - $ref: '#/components/securitySchemes/userPass
8  testwebhook:
9    host: localhost:9000
10    protocol: ws
11x-remoteServers:
12  - trendingAnime
13
14  ...
15
16components:
17  securitySchemes:
18    userPass:
19      type: userPassword
20

The Client asyncapi.yaml file does not need to implement all the security requirements in the server, it only needs to implement the ones that it uses like userPassword here.

Client Side

Following the client asyncapi.yaml file above, create a file named trendingAnime.ts in the auth directory, since that is the server that has the security Property.

touch auth/trendingAnime.ts

When using the userPassword security scheme, it is important that you pass the parameters as follows:

1export async clientAuth({ parsedAsyncAPI, serverName }) {
2  return {
3    userPass: {
4      user: process.env.user,
5      password: process.env.password,
6    },
7  }
8}

userPass should be the name of the security requirement as specified in your asyncapi.yaml file, then pass user and password as it's properties

Server side

From the server asyncapi.yaml file above, create a file named trendingAnimeServer.ts in the auth directory, since that is the server that has the security Property.

touch auth/trendingAnimeServer.ts

On the server side, you can retrieve the values as follows

1
2export async serverAuth({ authProps, done }) {
3  authProps.getUserPass()
4  
5  done(true)
6}
7

So, getUserPass() returns an object containing the username and password that is sent from the client.

Was this helpful?
Help us improve the docs by adding your contribution.
OR
Github:AsyncAPICreate Issue on GitHub