0

I'm trying to connect to a WAMP bus from a different application that has certain roles configured. The roles are authenticated with a static ticket, so I believe that I need to declare what role I want to connect as and what the associated ticket is. I'm writing this in Python and have most of the component set up, but I can't find any documentation about how to do this sort of authentication.

from autobahn.twisted.component import Component, run

COMP = Component(
    realm=u"the-realm-to-connect",
    transports=u"wss://this.is.my.url/topic",
    authentication={
        # This is where I need help
        # u"ticket"?
        # u"authid"?
    }
)

Without the authentication, I'm able to connect to and publish to the WAMP bus when it is running locally on my computer, but that one is configured to allow anonymous users to publish. My production WAMP bus does not allow anonymous users to publish, so I need to authenticate what role this is connecting as. The Autobahn|Python documentation implies that it can be done in Python, but I've only been able to find examples of how to do it in JavaScript/JSON in Crossbar.io's documentation.

RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
Emily
  • 119
  • 1
  • 3
  • 13

2 Answers2

0

the documentation is not very up to date. With the Component it is necessary to do like that for tickets:

from autobahn.twisted.component import Component, run

component = Component(
    realm=u"the-realm-to-connect",
    transports=u"wss://this.is.my.url/topic",
    authentication={
        "ticket": {
            "authid": "username", 
            "ticket": "secrettoken"
        }
    },
)
lieo
  • 16
  • 1
-2

Here is some example that can be helpful for you:

https://github.com/crossbario/crossbar-examples/tree/master/authentication

I think you need to use WAMP-Ticket Dynamic Authentication method.

WAMP-Ticket dynamic authentication is a simple cleartext challenge scheme. A client connects to a realm under some authid and requests authmethod = ticket. Crossbar.io will "challenge" the client, asking for a ticket. The client sends the ticket, and Crossbar.io will in turn call a user implemented WAMP procedure for the actual verification of the ticket.

So you need to create an additional component to Authenticate users:

from autobahn.twisted.wamp import ApplicationSession
from autobahn.wamp.exception import ApplicationError

class AuthenticatorSession(ApplicationSession):

   @inlineCallbacks
   def onJoin(self, details):

      def authenticate(realm, authid, details):
         ticket = details['ticket']
         print("WAMP-Ticket dynamic authenticator invoked: realm='{}', authid='{}', ticket='{}'".format(realm, authid, ticket))
         pprint(details)

         if authid in PRINCIPALS_DB:
            if ticket == PRINCIPALS_DB[authid]['ticket']:
               return PRINCIPALS_DB[authid]['role']
            else:
               raise ApplicationError("com.example.invalid_ticket", "could not authenticate session - invalid ticket '{}' for principal {}".format(ticket, authid))
         else:
            raise ApplicationError("com.example.no_such_user", "could not authenticate session - no such principal {}".format(authid))

      try:
         yield self.register(authenticate, 'com.example.authenticate')
         print("WAMP-Ticket dynamic authenticator registered!")
      except Exception as e:
         print("Failed to register dynamic authenticator: {0}".format(e))

and add Authentication method in the configuration:

"transports": [
                {
                    "type": "web",
                    "endpoint": {
                        "type": "tcp",
                        "port": 8080
                    },
                    "paths": {
                        "ws": {
                            "type": "websocket",
                            "serializers": [
                                "json"
                            ],
                            "auth": {
                                "ticket": {
                                    "type": "dynamic",
                                    "authenticator": "com.example.authenticate"
                                }
                            }
                        }
                    }
                }
            ]
Oleksandr Yarushevskyi
  • 2,789
  • 2
  • 17
  • 24
  • A link to a solution is welcome, but please ensure your answer is useful without it: [add context around the link](//meta.stackexchange.com/a/8259) so your fellow users will have some idea what it is and why it’s there, then quote the most relevant part of the page you're linking to in case the target page is unavailable. [Answers that are little more than a link may be deleted.](//stackoverflow.com/help/deleted-answers) – Papershine Jul 10 '18 at 12:29