mirror of
https://github.com/taigrr/nats.docs
synced 2025-01-18 04:03:23 -08:00
3f01c728c1
With mkpasswd now gone from nats-server, this change replaces instances of mkpasswd with the new official natscli tool.
57 lines
1.4 KiB
Markdown
57 lines
1.4 KiB
Markdown
# Tokens
|
|
|
|
Token authentication is a string that if provided by a client, allows it to connect. It is the most straightforward authentication provided by the NATS server.
|
|
|
|
To use token authentication, you can specify an `authorization` section with the `token` property set:
|
|
|
|
```text
|
|
authorization {
|
|
token: "s3cr3t"
|
|
}
|
|
```
|
|
|
|
Token authentication can be used in the authorization section for clients and clusters.
|
|
|
|
Or start the server with the `--auth` flag:
|
|
|
|
```text
|
|
> nats-server --auth s3cr3t
|
|
```
|
|
|
|
A client can easily connect by specifying the server URL:
|
|
|
|
```text
|
|
> nats-sub -s nats://s3cr3t@localhost:4222 ">"
|
|
Listening on [>]
|
|
```
|
|
|
|
## Bcrypted Tokens
|
|
|
|
Tokens can be bcrypted enabling an additional layer of security, as the clear-text version of the token would not be persisted on the server configuration file.
|
|
|
|
You can generate bcrypted tokens and passwords using the [`nats`](../../../../nats-tools/natscli.md) tool:
|
|
|
|
```text
|
|
> nats server passwd
|
|
? Enter password [? for help] **********************
|
|
? Reenter password [? for help] **********************
|
|
|
|
$2a$11$PWIFAL8RsWyGI3jVZtO9Nu8.6jOxzxfZo7c/W0eLk017hjgUKWrhy
|
|
```
|
|
|
|
Here's a simple configuration file:
|
|
|
|
```text
|
|
authorization {
|
|
token: "$2a$11$PWIFAL8RsWyGI3jVZtO9Nu8.6jOxzxfZo7c/W0eLk017hjgUKWrhy"
|
|
}
|
|
```
|
|
|
|
The client will still require the clear-text token to connect:
|
|
|
|
```text
|
|
nats-sub -s nats://dag0HTXl4RGg7dXdaJwbC8@localhost:4222 ">"
|
|
Listening on [>]
|
|
```
|
|
|