Authentication
Overview
When using None authentication, the io.Manager Server will trust the username provided by the client in the request header and won't make any extra verifications. Based on the username, the server will determine the list of apps and Layouts to which the user has access.
io.Connect Desktop will always use the machine username to connect to the io.Manager Server.
⚠️ Note that this authentication method isn't secure and should be used only for development purposes or in situations where security isn't a concern.
Configuration
To enable None authentication, you must configure properly the io.Manager Server and Admin UI, as well as the io.Connect platform that will connect to io.Manager - io.Connect Desktop or io.Connect Browser.
Depending on the deployment approach you have chosen, you have the following options for configuring the io.Manager Server and Admin UI:
If you are using the basic deployment scenario from the template repository approach, you must set properly the necessary environment variables.
If you are using the NPM packages for deployment, or the advanced deployment scenario from the template repository approach, you must provide the necessary configuration settings at runtime when initializing the io.Manager Server and Admin UI.
The following sections provide examples of both options.
Server
To enable None authentication for the io.Manager Server, choose one of the following options depending on your deployment approach.
Environment Variables
To configure the io.Manager Server to use None authentication, register the following environment variables with the proper values. The API_AUTH_METHOD
environment variable must be set to none
:
Environment Variable | Description |
---|---|
API_AUTH_EXCLUSIVE_USERS |
List of users that will be granted the GLUE42_SERVER_ADMIN role. This role is required to access the io.Manager Admin UI. The users must already exist in the database. |
API_AUTH_METHOD |
Type of the authentication mechanism. Must be set to none . |
Example configuration:
API_AUTH_METHOD=none
API_AUTH_EXCLUSIVE_USERS="[\"admin\"]"
Runtime Configuration
To enable None authentication for the io.Manager Server, set the auth_method
property of the optional Config
object for initializing the io.Manager Server to "none"
. Use the auth_exclusive_users
and auth_none
properties to provide additional settings for the None authentication:
Property | Type | Description |
---|---|---|
auth_exclusive_users |
string[] |
List of users that will be granted the GLUE42_SERVER_ADMIN role. This role is required to access the io.Manager Admin UI. The users must already exist in the database. |
auth_method |
string |
Type of the authentication mechanism. Must be set to "none" . |
auth_none |
object |
Settings for the None authentication mechanism. |
The auth_none
object has the following properties:
Property | Type | Description |
---|---|---|
allowOnlyKnownUsers |
boolean |
If true , only the users that are already in the io.Manager database will be allowed to connect. If false , all users will be allowed to connect and new users will be automatically added to the database. Defaults to false . |
Example configuration:
import { start } from "@interopio/manager";
const config = {
// Enabling None authentication.
auth_method: "none",
// List of users that will be granted the `GLUE42_SERVER_ADMIN` role.
auth_exclusive_users: ["admin"],
// Additional settings for None authentication.
auth_none: {
allowOnlyKnownUsers: true
}
};
const server = await start(config);
Admin UI
To access the io.Manager Admin UI, a user must be granted the GLUE42_SERVER_ADMIN
role. The list of exclusive users with access to the Admin UI is defined in the io.Manager Server configuration. You can also grant this role to other users from the Admin UI.
⚠️ Note that when using None authentication, the Admin UI can only be opened as part of the io.Connect platforms (either defined as an io.Connect app, or opened as a URL in an io.Connect Window). If you open it directly in a standard browser, it won't be able to connect to the io.Manager Server and will display an error message.
To enable None authentication for the io.Manager Admin UI, choose one of the following options depending on your deployment approach.
Environment Variables
To configure the Admin UI to use None authentication, set the REACT_APP_AUTH
environment variable to none
:
REACT_APP_AUTH=none
Runtime Configuration
To enable None authentication for the Admin UI, set the auth
property of the <Admin UI />
component to "none"
:
<AdminUI
apiURL="http://localhost:4356/api"
auth="none"
/>
io.Connect Desktop
To enable None authentication for io.Connect Desktop, you must configure the connection to io.Manager and the automatic login screen that's part of the Admin UI.
Connecting to io.Manager
To configure io.Connect Desktop to connect to io.Manager, use the "server"
top-level key of the system.json
system configuration file of io.Connect Desktop located in the %LocalAppData%/interop.io/io.Connect Desktop/Desktop/config
folder. Add the following basic configuration to enable connection to io.Manager:
{
"server": {
"enabled": true,
"url": "http://localhost:4356/api"
}
}
This will add io.Manager as an additional app store and instruct it to store Layouts and app preferences. If you want io.Manager to be the only app store, set the "appStores"
top-level key in the system.json
file to an empty array.
To send client crashes to the io.Manager Server, edit the "output"
property of the "crashReporter"
top-level key in the system.json
file:
{
"crashReporter": {
"output": {
"type": "server",
"serverUrl": "http://localhost:4356/api/crashes"
}
}
}
For more configuration options for connecting to io.Manager, see the Configuration > Platform section.
Automatic Login Screen
For None authentication to work properly in io.Connect Desktop, you must configure the automatic login screen that's part of the Admin UI.
To enable the login screen, use the "ssoAuth"
top-level key of the system.json
file. Set the "authController"
property of the "ssoAuth"
object to "sso"
. Use the "options"
object to provide the location of the login screen and settings for the io.Connect Window in which it will be loaded. The "url"
property of the "options"
object must point to the location of the Admin UI and must end with the gd
query parameter, which will indicate that the login attempt is coming from io.Connect Desktop.
Example configuration:
{
"ssoAuth": {
"authController": "sso",
"options": {
"url": "http://localhost:3000/gd",
"window": {
"width": 500,
"height": 650,
"mode": "flat"
}
}
}
}
io.Connect Browser
The None authentication mechanism isn't currently supported for io.Connect Browser.