NATS Docs
NATS Docs
NATS.io
Twitter
Slack
GitHub
Introduction
What's New!
NATS 2.0
Compare NATS
FAQ
NATS Concepts
What is NATS
Subject-Based Messaging
Publish-Subscribe
Request-Reply
Queue Groups
Acknowledgements
Sequence Numbers
Developing With NATS
Introduction
Connecting
Automatic Reconnections
Securing Connections
Authenticating with a User and Password
Authenticating with a Token
Authenticating with an NKey
Authenticating with a Credentials File
Encrypting Connections with TLS
Receiving Messages
Sending Messages
Monitoring the Connection
Tutorials
NATS Server
Installing
Running
Clients
Flags
Configuration
Managing A NATS Server
NATS and Docker
NATS Tools
Introduction
mkpasswd
nk
nsc
nats-account-server
nats-top
nats-bench
NATS Streaming Concepts
Introduction
Relation to NATS
Client Connections
Channels
Store Interface
Store Encryption
Clustering
Fault Tolerance
Partitioning
Monitoring
Developing With NATS Streaming
Introduction
Connecting to NATS Streaming
Publishing to a Channel
Receiving Messages from a Channel
Durable Subscriptions
Queue Subscriptions
Acknowledgements
The Streaming Protocol
NATS Streaming Server
Important Changes
Installing
Running
Configuring
Process Signaling
Windows Service
Embedding NATS Streaming Server
Docker Swarm
NATS Protocol
Protocol Demo
Client Protocol
NATS Cluster Protocol
NATS on Kubernetes
Introduction
Basic NATS and NATS Streaming Setup
Creating a Kubernetes Cluster
NATS Streaming Cluster with FT Mode
NATS and Prometheus Operator
NATS Cluster and Cert Manager
Securing a NATS Cluster with cfssl
Using a Load Balancer for External Access to NATS
Creating a NATS Super Cluster in Digital Ocean with Helm
From Zero to K8S to Leafnodes using Helm
Powered by GitBook

Authenticating with a User and Password

For this example, start the server using:

> nats-server --user myname --pass password

You can encrypt passwords to pass to nats-server using a simple tool provided by the server:

> go run mkpasswd.go -p
> password: password
> bcrypt hash: $2a$11$1oJy/wZYNTxr9jNwMNwS3eUGhBpHT3On8CL9o7ey89mpgo88VG6ba

and use the hashed password in the server config. The client still uses the plain text version.

The code uses localhost:4222 so that you can start the server on your machine to try them out.

Connecting with a User/Password

When logging in with a password nats-server will take either a plain text password or an encrypted password.

Go
Java
JavaScript
Python
Ruby
TypeScript
C
Go
// Set a user and plain text password
nc, err := nats.Connect("127.0.0.1", nats.UserInfo("myname", "password"))
if err != nil {
    log.Fatal(err)
}
defer nc.Close()
​
// Do something with the connection
Java
Options options = new Options.Builder().
                            server("nats://localhost:4222").
                            userInfo("myname","password"). // Set a user and plain text password
                            build();
Connection nc = Nats.connect(options);
​
// Do something with the connection
​
nc.close();
JavaScript
let nc = NATS.connect({url: server.nats, user: "myname", pass: "password"});
Python
nc = NATS()
​
await nc.connect(servers=["nats://myname:password@demo.nats.io:4222"])
​
# Do something with the connection.
Ruby
require 'nats/client'
​
NATS.start(servers:["nats://myname:password@127.0.0.1:4222"], name: "my-connection") do |nc|
   nc.on_error do |e|
    puts "Error: #{e}"
  end
​
   nc.on_reconnect do
    puts "Got reconnected to #{nc.connected_server}"
  end
​
  nc.on_disconnect do |reason|
    puts "Got disconnected! #{reason}"
  end
​
  nc.close
end
TypeScript
let nc = await connect({url: server.nats, user: "myname", pass: "password"});
C
natsConnection      *conn      = NULL;
natsOptions         *opts      = NULL;
natsStatus          s          = NATS_OK;
​
s = natsOptions_Create(&opts);
if (s == NATS_OK)
    s = natsOptions_SetUserInfo(opts, "myname", "password");
if (s == NATS_OK)
    s = natsConnection_Connect(&conn, opts);
​
(...)
​
// Destroy objects that were created
natsConnection_Destroy(conn);
natsOptions_Destroy(opts);

Connecting with a User/Password in the URL

Most clients make it easy to pass the user name and password by accepting them in the URL for the server. This standard format is:

nats://user:password@server:port

Using this format, you can connect to a server using authentication as easily as you connected with a URL:

Go
Java
JavaScript
Python
Ruby
TypeScript
C
Go
// Set a user and plain text password
nc, err := nats.Connect("myname:password@127.0.0.1")
if err != nil {
    log.Fatal(err)
}
defer nc.Close()
​
// Do something with the connection
Java
Connection nc = Nats.connect("nats://myname:password@localhost:4222");
​
// Do something with the connection
​
nc.close();
JavaScript
let url = `nats://myname:password@127.0.0.1:${port}`;
let nc = NATS.connect(url);
Python
nc = NATS()
​
await nc.connect(servers=["nats://myname:password@demo.nats.io:4222"])
​
# Do something with the connection.
Ruby
require 'nats/client'
​
NATS.start(servers:["nats://myname:password@127.0.0.1:4222"], name: "my-connection") do |nc|
   nc.on_error do |e|
    puts "Error: #{e}"
  end
​
   nc.on_reconnect do
    puts "Got reconnected to #{nc.connected_server}"
  end
​
  nc.on_disconnect do |reason|
    puts "Got disconnected! #{reason}"
  end
​
  nc.close
end
TypeScript
let url = `nats://myname:password@127.0.0.1:${port}`;
let nc = await connect({url: url});
C
natsConnection      *conn      = NULL;
natsOptions         *opts      = NULL;
natsStatus          s          = NATS_OK;
​
s = natsOptions_Create(&opts);
if (s == NATS_OK)
    s = natsOptions_SetURL(opts, "nats://myname:password@127.0.0.1:4222");
if (s == NATS_OK)
    s = natsConnection_Connect(&conn, opts);
​
(...)
​
// Destroy objects that were created
natsConnection_Destroy(conn);
natsOptions_Destroy(opts);
Developing With NATS - Previous
Securing Connections
Next
Authenticating with a Token
Last updated 2 months ago
Edit on GitHub
Contents
Connecting with a User/Password
Connecting with a User/Password in the URL