Powered By GitBook
Tokens
Token authentication is a string that if provided by a client, allows it to connect. It is the most straightforward authentication provided by the NATS server.
To use token authentication, you can specify an authorization section with the token property set:
1
authorization {
2
token: "s3cr3t"
3
}
Copied!
Token authentication can be used in the authorization section for clients and clusters.
Or start the server with the --auth flag:
1
> nats-server --auth s3cr3t
Copied!
A client can easily connect by specifying the server URL:
1
> nats-sub -s nats://[email protected]:4222 ">"
2
Listening on [>]
Copied!

Bcrypted Tokens

Tokens can be bcrypted enabling an additional layer of security, as the clear-text version of the token would not be persisted on the server configuration file.
You can generate bcrypted tokens and passwords using the nats tool:
1
> nats server passwd
2
? Enter password [? for help] **********************
3
? Reenter password [? for help] **********************
4
5
$2a$11$PWIFAL8RsWyGI3jVZtO9Nu8.6jOxzxfZo7c/W0eLk017hjgUKWrhy
Copied!
Here's a simple configuration file:
1
authorization {
2
token: "$2a$11$PWIFAL8RsWyGI3jVZtO9Nu8.6jOxzxfZo7c/W0eLk017hjgUKWrhy"
3
}
Copied!
The client will still require the clear-text token to connect:
1
nats-sub -s nats://[email protected]:4222 ">"
2
Listening on [>]
Copied!
Last modified 8mo ago
Export as PDF
Copy link