-
-
Notifications
You must be signed in to change notification settings - Fork 710
User Authentication
A Sandstorm app delegates authentication to the Sandstorm platform. This page documents the details.
Many apps on Sandstorm expect to receive HTTP requests. To support those apps, Sandstorm provides a tool called sandstorm-http-bridge.
Developers should know that when their app is running, they are receiving HTTP requests from sandstorm-http-bridge rather than directly from the user. This results in a few interesting properties:
-
Sandstorm knows which user is making the request, so it can add headers indicating the username ("authentication").
-
Sandstorm knows if the user owns this grain, so it can add headers indicating what permissions the user has ("authorization").
-
When your app receives HTTP requests,
sandstorm-http-bridgehas normalized them, so your app doesn't have to handle whatever dialect of non-compliant HTTP the user is speaking.
Per the current implementation of sandstorm-http-bridge, an app receives the following headers related to user identity and permissions:
-
X-Sandstorm-Username: This is set to the user's full name, if available. For example:John Smith -
X-Sandstorm-User-Id: This is set to the user's current user ID, which is the first 128 bits of a SHA-256. For example:be21e57e93ac5526 -
X-Sandstorm-Permissions: FIXME
It is possible to write a Sandstorm app that does not use sandstorm-http-bridge! We provide sample code for that in the sandstorm-rawapi-example repository on GitHub.
You might be interested in looking at: