From 2555e7b1ff48ae31c7d697c693094cb34e1c06f4 Mon Sep 17 00:00:00 2001 From: Andrea Di Cesare Date: Thu, 24 Oct 2024 12:36:31 +0200 Subject: [PATCH] Update authentication.adoc --- docs/security/authentication.adoc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/security/authentication.adoc b/docs/security/authentication.adoc index 92afec2b..be077d34 100644 --- a/docs/security/authentication.adoc +++ b/docs/security/authentication.adoc @@ -70,7 +70,7 @@ The cookie authentication mechanism can function using three different options: This option is recommended if you also want to allow clients to authenticate via JWTs sent in the `Authorization` header (not stored in a cookie). ``` -/tokenBasicAuthMechanism/enabled->true|false +/tokenBasicAuthMechanism/enabled->true /jwtAuthenticationMechanism/enabled->true /jwtTokenManager/enabled->true /rndTokenManager/enabled->false @@ -112,6 +112,7 @@ Activates when a URL includes the query parameter `?set-auth-cookie` and a user ```yaml authCookieSetter: enabled: false # Not enabled by default + secure: true # true if only allow setting the cookie on https name: rh_auth # The name of the cookie to be set domain: localhost # The domain within which the cookie is valid path: / # The cookie path, applicable to the entire domain @@ -377,4 +378,4 @@ WWW-Authenticate: Digest realm="RESTHeart Realm",domain="localhost",nonce="Toez7 In browsers this leads to the login popup windows. In our web applications we might want to redirect to a fancy login page when the 401 Unauthorized response code. -To avoid the popup window just add to the request the `noauthchallenge` query parameter or the header `No-Auth-Challenge`. This will skip the challenge response. \ No newline at end of file +To avoid the popup window just add to the request the `noauthchallenge` query parameter or the header `No-Auth-Challenge`. This will skip the challenge response.