I’m releasing version 0.1.0 of APISex libraries. These are libraries for API access control.
6 plugs are ready to use:
- APISexAuthBasic: implementatoin of the Basic HTTP authentication scheme (RFC7617)
- APISexAuthBearer: implementation of the Bearer HTTP authentication scheme (RFC6750) and the OAuth 2.0 Token Introspection (RFC7662) token verification method
- APISexAuthMTLS: implementation of the OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens draft-ietf-oauth-mtls-12 RFC
When dealing with API access control I think you have 2 cases:
- In this case using cookies for API access control does the job
- Your APIs are consumed by websites on other domains (cookies aren’t shared between different domains), third-parties (OpenAPI or information exchange with partners (machine-to-machine)) or mobile applications
Any comment, review, question is welcome.
Have a great weekend !