You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: mongoose-os/userguide/rpc.md
+45Lines changed: 45 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -139,3 +139,48 @@ at IP address 192.168.1.4 using `mos` tool in a command line mode:
139
139
31
140
140
]</code></pre>
141
141
142
+
### RPC Authentication via mos cli
143
+
144
+
If you have enabled RPC authentication (ie auth_domain / auth_file / acl_file), then the easiest way to authenticate is via the rpc-creds argument to the mos tool:
Where myusercreds.txt is your file containing simple auth formatted user:pass, ie ```johncitizen:plaintextpassword```
148
+
149
+
### RPC Authentication via code
150
+
151
+
Mongoose OS RPC authentication is quite basic, and is vulnerable to replay attacks as the TC field is not incremented. However it enforces basic authentication that is not plaintext, and the intention is you're communicating via a secure TLS channel like MQTT or HTTPS.
152
+
153
+
There are theoretically two ways to provide htdigest authentication, you can send a RPC command without auth and the system will reply with an error that contains a system generated nonce for you to use as input to your authentication reply. OR you can simply provide authentication with your original request, and since that works and is less traffic let's focus on that.
154
+
155
+
This is what a correctly formatted authenticated request looks like:
0 commit comments