Skip to content

Commit

Permalink
New authentication
Browse files Browse the repository at this point in the history 
Signed-off-by: Derek Collison <[email protected]>
  • Loading branch information
@derekcollison
derekcollison committed Dec 11, 2018
1 parent 7886c8f commit 13c7fc7
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 3 deletions.
28 changes: 26 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,8 +115,30 @@ c.Subscribe("help", func(subj, reply string, msg string) {
c.Close();
```

## Nkey Authentication (server versions >= 2.0.0)
To authenticate with nkeys, the nkey seed should be in a read only file, e.g. seed.txt
## New Authentication (Nkeys and User Credentials)
This requires server with version >= 2.0.0

NATS servers have a new security and authentication mechanism to authenticate with user credentials and Nkeys.
The simplest form is to use the helper method UserCredentials(credsFilepath).
```go
nc, err := nats.Connect(url, UserCredentials("user.creds"))
```

The helper methos creates two callback handlers to present the user JWT and sign the nonce challenge from the server.
The core client library never has direct access to your private key and simply performs the callback for signing the server challenge.
The helper will load and wipe and erase memory it uses for each connect or reconnect.

The helper also can take two entries, one for the JWT and one for the NKey seed file.
```go
nc, err := nats.Connect(url, UserCredentials("user.jwt", "user.nk"))
```

You can also set the callback handlers directly and manage challenge signing directly.
```go
nc, err := nats.Connect(url, UserJWT(jwtCB, sigCB))
```

Bare Nkeys are also supported. The nkey seed should be in a read only file, e.g. seed.txt
```bash
> cat seed.txt
# This is my seed nkey!
Expand All @@ -131,6 +153,8 @@ You can choose to use the low level option and provide the public key and a sign
opt, err := nats.NkeyOptionFromSeed("seed.txt")
nc, err := nats.Connect(serverUrl, opt)

// Direct
nc, err := nats.Connect(serverUrl, Nkey(pubNkey, sigCB))
```

## TLS
Expand Down
2 changes: 1 addition & 1 deletion nats.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ const (
DefaultPort = 4222
DefaultMaxReconnect = 60
DefaultReconnectWait = 2 * time.Second
DefaultTimeout = 1 * time.Second
DefaultTimeout = 2 * time.Second
DefaultPingInterval = 2 * time.Minute
DefaultMaxPingOut = 2
DefaultMaxChanLen = 8192 // 8k
Expand Down

0 comments on commit 13c7fc7

Please sign in to comment.