Authentication Examples

This page provides examples of different authentication configurations.

Sources: examples/authentication/.

Basic authentication

Single user

version: v1
port: 8080

rules:
  - host: basic-auth.example.com
    backend:
      service:
        name: api-service
        port: 8080
        auth:
          # enabled: true  # optional, defaults to true when type is set; set to false to temporarily disable auth
          type: basic
          basic:
            users:
              - username: admin
                password: admin123

Multiple users

version: v1
port: 8080

rules:
  - host: basic-auth-multi.example.com
    backend:
      service:
        mode: external
        protocol: https
        name: httpbin.zcorky.com
        port: 443
        auth:
          # enabled: true  # optional, defaults to true when type is set; set to false to temporarily disable auth
          type: basic
          basic:
            users:
              - username: admin
                password: admin123
              - username: user1
                password: user123
              - username: user2
                password: user456

Bearer token authentication

Single token

version: v1
port: 8080

rules:
  - host: bearer-auth.example.com
    backend:
      service:
        name: api-service
        port: 8080
        auth:
          # enabled: true  # optional, defaults to true when type is set; set to false to temporarily disable auth
          type: bearer
          bearer:
            tokens:
              - my-secret-token-123

Multiple tokens

version: v1
port: 8080

rules:
  - host: bearer-auth-multi.example.com
    backend:
      service:
        mode: external
        protocol: https
        name: httpbin.zcorky.com
        port: 443
        auth:
          # enabled: true  # optional, defaults to true when type is set; set to false to temporarily disable auth
          type: bearer
          bearer:
            tokens:
              - token1-abc123xyz
              - token2-def456uvw
              - token3-ghi789rst

Path-level authentication

Different authentication for different paths:

version: v1
port: 8080

rules:
  - host: mixed-auth.example.com
    backend:
      service:
        name: api-service
        port: 8080
        auth:
          # enabled: true  # optional, defaults to true when type is set
          type: basic
          basic:
            users:
              - username: default
                password: default123
    paths:
      - path: /admin
        backend:
          service:
            name: admin-service
            port: 8080
            auth:
              # enabled: true  # optional, defaults to true when type is set
              type: basic
              basic:
                users:
                  - username: admin
                    password: admin123
                  - username: superadmin
                    password: super123
      - path: /api
        backend:
          service:
            name: api-service
            port: 8080
            auth:
              # enabled: true  # optional, defaults to true when type is set
              type: bearer
              bearer:
                tokens:
                  - api-token-1
                  - api-token-2
                  - api-token-3

Testing

Basic authentication

curl -u admin:admin123 -H "Host: basic-auth.example.com" http://localhost:8080/
curl -u admin:admin123 -H "Host: basic-auth-multi.example.com" http://localhost:8080/

Bearer token

curl -H "Host: bearer-auth.example.com" -H "Authorization: Bearer my-secret-token-123" http://localhost:8080/
curl -H "Host: bearer-auth-multi.example.com" -H "Authorization: Bearer token1-abc123xyz" http://localhost:8080/

Path-level authentication

curl -u default:default123 -H "Host: mixed-auth.example.com" http://localhost:8080/
curl -u admin:admin123 -H "Host: mixed-auth.example.com" http://localhost:8080/admin
curl -H "Host: mixed-auth.example.com" -H "Authorization: Bearer api-token-1" http://localhost:8080/api