Skip to main content
Version: Next

Authentication

Configuring users#

Currently, you can only have one user and that user is called admin. You configure it's password in your nzyme.conf file, in the admin_password_hash variable. Set it to the SHA256 hash of a password of your choice.

If you want to change your password, simply replace the admin_password_hash value and restart nzyme.

Where authentication happens#

The nzyme web interface simply calls the nzyme REST API to fetch data or store settings. All REST API resources (except some static assets and the /ping call) require a valid JSON Web Token passed as Bearer token in the Authorization header or will return a 401 Unauthorized.

The web interface receives a JWT token after a successful login and keeps it in local storage. It will pass the JWT from local storage with every request to the nzyme REST APIs automatically.

Because all authentication and authorization happens on the REST API layer, you can keep the REST API accessible to a larger audience without having to worry about access to it.

The default token validity is 8 hours and cannot be changed currently. (The corresponding issue to make this configurable in the future is here. Leave a comment or reaction if you think this is an important feature.)

Future Development / Roadmap#

This is an area that currently comes with minimal functionality. The issue tracker has a label to catch all authentication-related issues and plans. Leave comments or reactions to the features you consider the most important.