You need to know your JWT Cookie Name and Hash Secret. Whatever tool you are using to authenticate users will probably have instructions on how to find this.
Setup your config file so it has something like this;
# It's often useful to turn logging to DEBUG when trying to work out authentication problems logLevel: "INFO" authJwtCookieName: "Organizr_token_1234..." authJwtSecret: "3l4jh23v_123!" authJwtClaimUsername: "username" authJwtClaimUsergroup: "usergroup"
Note that your
authJwtSecret will need to be set exactly as they appear in your Authentication software.
OliveTin currently can match Access Control Lists based on a username or primary user group. These must be called
group respectively. You can see if these are being used properly turning on
DEBUG logging and looking at the jwt claims.
OliveTin will assume that guests are able to View and Execute every action by default. When you are setting up authorization you probably want to limit this. You can do that by setting
defaultPermissions like this;
logLevel: "INFO" defaultPermissions: view: false exec: false
Access Control Lists are a way to override the default permissions.
logLevel: "INFO" defaultPermissions: view: false exec: false accessControlLists: - name: Admins addToEveryAction: true matchUsergroups: - Admins permissions: view: true exec: true - name: "Web Admins" matchUsergroups: - "webadmin" permissions: view: true exec: false actions: - name: Only visible to admins shell: echo "I am a secret command only visible to admins" - name: Restart database shell: reboot acls: - "webadmin"
In the example above, the
admins ACL is automatically added to every action, because
addToEveryAction is true.
You may need to customize the field names for your JWT authentication.
authJwtClaimUsername: "username" authJwtClaimUsergroup: "usergroup"