A Json Web Tokens (JWT) server
Download the latest release to run a binary or clone the repository to compile from source.
Quid expects PostreSQL listens to the port 5432.
You can check your PostreSQL status and the port:
$ sudo service postgresql status
$ ss -nlt | grep 5432
LISTEN 0 244 127.0.0.1:5432 0.0.0.0:*
If you do not have already created a priviledged user, create it:
$ sudo -u postgres psql
postgres=# create user pguser with password 'my_password';
CREATE ROLE
Create the Quid database:
$ sudo -u postgres psql
postgres=# create database quid;
CREATE DATABASE
postgres=# GRANT ALL PRIVILEGES ON DATABASE quid to pguser;
GRANT
You may replace the above last statement by:
postgres=# GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public to pguser;
-
Create the default config file:
./quid -conf
-
Edit the configuration file to set your database credentials:
vim config.json
-
Initialize the database and create an admin user:
./quid -init
./quid
Go to localhost:8082
to login into the admin interface
xdg-open http://localhost:8082
cd quidui
npm install
npm run build
cd ..
go build
Request a refresh token and use it to request access tokens
A public endpoint is available to request refresh tokens for namespaces. A time to live must be provided.
Ex: request a refresh token with a 24h lifetime /token/refresh/24h
:
curl -X POST http://localhost:8082/token/refresh/10m \
-H 'Content-Type: application/json' \
-d '{"namespace":"my_namespace","username":"my_username","password":"my_password"}'
Response:
{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IzpXVCJ9..."}
A public endpoint is available to request access tokens for namespaces. A time to live must be provided.
Ex: request an access token with a 10 minutes lifetime /token/access/10m
:
curl -X POST http://localhost:8082/token/access/10m \
-H 'Content-Type: application/json' \
-d '{"namespace":"my_namespace","refresh_token":"zpXVCJ9..."}'
Response:
{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IzpXVCJ9..."}
Note: if the requested duration exceeds the max authorized tokens time to live for the namespace the demand will be rejected
In python:
payload = jwt.decode(token, key, algorithms=['HS256'])
Example payload:
{
'namespace': 'my_namespace1',
'name': 'my_username',
'groups': ['my_group1', 'my_group2'],
'exp': 1595950745
}
exp
is the expiration timestamp in Unix time format (seconds since 1970).
See also the python example
Javascript client library: example usage