Examples of authentication in OpenFaaS Serverless functions.
See here for: SSO and OAuth for the OpenFaaS REST API
Username password protects governs access for your function. You can also use this with a web-browser, and will receive a prompt to log in.
Note: you must enable HTTPS / TLS if you access a function with basic auth.
- Use secrets or environmental variables for credentials
$ faas-cli template store pull golang-http
$ faas-cli secret create fn-basic-auth-username --from-literal="admin"
$ export PASSWORD=$(head -c 16 /dev/urandom | shasum | cut -d" " -f1)
$ echo $PASSWORD
$ echo -n $PASSWORD | faas-cli secret create fn-basic-auth-password
# Edit `stack.yml` and replace the image with your own account.
$ faas-cli upTest it out
curl $OPENFAAS_URL/function/basic-auth --basic --user=admin:passwordCode: basic-auth
The secret and caller share a symmetric key. The caller transmits a hash of the payload, the receiver also computes a hash of the received payload and uses it to verify the result.
See: https://github.com/openfaas/workshop/blob/master/lab11.md
As per #1 without basic auth headers, but using an "Authorization" header.
See the auth microservice in OpenFaaS Cloud which uses OAuth 2.0 with GitHub and GitLab.
Add Nginx or similar and implement auth however you like.
See also ingress-nginx authentication options
Author: Alex Ellis