.. include:: /includes.rst.txt .. comments - headings # with overline, for parts * with overline, for chapters = for sections - for subsections ^ for subsubsections " for paragraphs * for H5 + for H6 .. _cookie_authentication: Cookie Authentication (not secure) ---------------------------------- .. warning:: This authentication method **provides no security** and is intended for work on a personal computer with EDG Studio only. Do not use this on a server. With this authentication method, a user can be freely picked from a dropdown of known user accounts. Considerations ^^^^^^^^^^^^^^ Cookie authentication is intended for local development and testing with EDG Studio. Do not use this on a server. Configuring ^^^^^^^^^^^ To enable cookie authentication, add or uncomment in the :ref:`setup file ` (``edg-setup.properties``):: endUserAuthMethod = cookie This is also the default if the field is not present. User management ^^^^^^^^^^^^^^^ There is a built-in user ``Administrator`` with full rights. Additional user accounts can be created on the fly, by logging out the current user and selecting the new user option from the dropdown on the login form. These users will be created without any roles or permissions. Optionally, additional user accounts can also be defined in the ``users.yaml`` file as described here: :ref:`users_yaml`. Passwords do not have to be specified and will be ignored. User roles defined in ``users.yaml`` will be respected. Authenticating API requests ^^^^^^^^^^^^^^^^^^^^^^^^^^^ With this authentication method, API clients do not need to authenticate and can freely access all API endpoints. By default, requests are executed with the permissions of the built in ``Administrator`` user. API clients can make requests for a different user account by sending a ``username`` cookie with the desired login name. For example, to run a query against the SPARQL endpoint (assuming EDG running at http://localhost:8083/):: curl --cookie "username=MyUser" -d "query=SELECT (smf:currentUserName()) {}" http://localhost:8083/tbl/sparql