Powered By GitBook
Authenticating with a Credentials File
The 2.0 version of NATS server introduced the idea of decentralized authentication based on JSON Web Tokens (JWT). Clients interact with this new scheme using a user JWT and corresponding NKey private key. To help make connecting with a JWT easier, the client libraries support the concept of a credentials file. This file contains both the private key and the JWT and can be generated with the nsc tool. The contents will look like the following and should be protected because it contains a private key. This credentials file is unused and only for example purposes.
1
-----BEGIN NATS USER JWT-----
2
eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJUVlNNTEtTWkJBN01VWDNYQUxNUVQzTjRISUw1UkZGQU9YNUtaUFhEU0oyWlAzNkVMNVJBIiwiaWF0IjoxNTU4MDQ1NTYyLCJpc3MiOiJBQlZTQk0zVTQ1REdZRVVFQ0tYUVM3QkVOSFdHN0tGUVVEUlRFSEFKQVNPUlBWV0JaNEhPSUtDSCIsIm5hbWUiOiJvbWVnYSIsInN1YiI6IlVEWEIyVk1MWFBBU0FKN1pEVEtZTlE3UU9DRldTR0I0Rk9NWVFRMjVIUVdTQUY3WlFKRUJTUVNXIiwidHlwZSI6InVzZXIiLCJuYXRzIjp7InB1YiI6e30sInN1YiI6e319fQ.6TQ2ilCDb6m2ZDiJuj_D_OePGXFyN3Ap2DEm3ipcU5AhrWrNvneJryWrpgi_yuVWKo1UoD5s8bxlmwypWVGFAA
3
------END NATS USER JWT------
4
5
************************* IMPORTANT *************************
6
NKEY Seed printed below can be used to sign and prove identity.
7
NKEYs are sensitive and should be treated as secrets.
8
9
-----BEGIN USER NKEY SEED-----
10
SUAOY5JZ2WJKVR4UO2KJ2P3SW6FZFNWEOIMAXF4WZEUNVQXXUOKGM55CYE
11
------END USER NKEY SEED------
12
13
*************************************************************
Copied!
Given a creds file, a client can authenticate as a specific user belonging to a specific account:
Go
Java
JavaScript
Python
TypeScript
C
1
nc, err := nats.Connect("127.0.0.1", nats.UserCredentials("path_to_creds_file"))
2
if err != nil {
3
log.Fatal(err)
4
}
5
defer nc.Close()
6
7
// Do something with the connection
Copied!
1
Options options = new Options.Builder().
2
server("nats://localhost:4222").
3
authHandler(Nats.credentials("path_to_creds_file")).
4
build();
5
Connection nc = Nats.connect(options);
6
7
// Do something with the connection
8
9
nc.close();
Copied!
1
// credentials file contains the JWT and the secret signing key
2
let credsFile = path.join(confDir, 'credsfile.creds');
3
4
let nc = NATS.connect({
5
url: server.nats,
6
userCreds: credsFile
7
});
Copied!
1
nc = NATS()
2
3
async def error_cb(e):
4
print("Error:", e)
5
6
await nc.connect("nats://localhost:4222",
7
user_credentials="path_to_creds_file",
8
error_cb=error_cb,
9
)
10
11
# Do something with the connection
12
13
await nc.close()
Copied!
1
// credentials file contains the JWT and the secret signing key
2
let credsFile = path.join(confDir, 'credsfile.creds');
3
4
let nc = await connect({
5
url: server.nats,
6
userCreds: credsFile
7
});
Copied!
1
natsConnection *conn = NULL;
2
natsOptions *opts = NULL;
3
natsStatus s = NATS_OK;
4
5
s = natsOptions_Create(&opts);
6
if (s == NATS_OK)
7
// Pass the credential file this way if the file contains both user JWT and seed.
8
// Otherwise, if the content is split, the first file is the user JWT, the second
9
// contains the seed.
10
s = natsOptions_SetUserCredentialsFromFiles(opts, "path_to_creds_file", NULL);
11
if (s == NATS_OK)
12
s = natsConnection_Connect(&conn, opts);
13
14
(...)
15
16
// Destroy objects that were created
17
natsConnection_Destroy(conn);
18
natsOptions_Destroy(opts);
Copied!
Last modified 1yr ago
Export as PDF
Copy link