Appearance
Multi-Site Communiction
Vasat sites communicate with each other using the https protocal with a signed header.
This is a light weight method without the overhead of providing OAuth tokens.
A host server can enable an endpoint for server to server communication using a vasat.Authenticator
scala
class MyController @Inject() (authService:PlayAuthenticator) extends InjectedController{
def myServerToServerEndpoint = authService.isOkSigned(parse.anyContent){(r,ctx) =>
Future.successful(
Ok("If you can read this, your an approved Site")
)
}
}A client Site can make the request using a vasat.auth.RemoteSignedWebservice
A built in implementation vasat.play.auth.RemoteVasatAuthenticator can be called using DI.
scala
class MyClass @Inject()(remote:RemoteVasatAuthenticator){
remote.signedCall("/my_endpoint")
.andThenMap{ resp =>
println("Server said " + resp.body)
}
}OAuth Endpoints
Endpoints defined using the Vasat Authentication module are designed for OAuth token authenitcation. These can also be used by Server to Server signed requests. The OAuth scope and permissions can be added to the Site object and emulate a session that uses OAuth.
This can allow for endpoints to be written once and accessable by both clients and other microservices.
Site to Site http Headers
Site to site requests are authenticated using RSA keys The sending site must sign their request. And the receving site must
- Check The site is registered and active in their local DB
- Check the signature of (body + timestamp + ip) of the request is signed by the requesting Site's public key
Http Headers for Site-Site
| Header | value |
|---|---|
| X-vasat-site | site guid |
| X-vasat-ip | eg: "0.0.0.0" |
| X-vasat-time | epoch time in milliseconds |
| X-vasat-sig | RSA.sign(body + " " + timeStamp + " " + ip) |