Skip to content

Authentication in Knora

Scope

Authentication is the process of making sure that if someone is accessing something then this someone is actually also the someone he pretends to be. The process of making sure that someone is authorized, i.e. has the permission to access something, is handled as described in Authorisation).

Implementation

The authentication in Knora is based on Basic Auth HTTP basic authentication, URL parameters, JSON Web Token, and cookies. This means that on every request (to any of the routes), credentials need to be sent either via authorization header, URL parameters or cookie header.

All routes are always accessible and if there are no credentials provided, a default user is assumed. If credentials are sent and they are not correct (e.g., wrong username, password incorrect, token expired), then the request will end in an error message.

There are some differences in V1 and V2 of the API regarding authentication. They differ mainly in the format of the response and that creation of session cookies are only supported in V1 and tokens in V2. After login via either version, all routes (V1 and V2) are accessible.

Skipping Authentication

There is the possibility to turn skipping authentication on and use a hardcoded user (Test User). In application.conf set the skip-authentication = true and Test User will be always assumed.


Last update: January 19, 2023